[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New Defects reported by Coverity Scan for XenProject

  • To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>
  • Date: Mon, 8 Sep 2025 13:04:18 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YAJKJjn3gN+PFICaW0C0tCKi0gSp+GCZeCXOdStbLo8=; b=owCtyE1hbLLWFoWj5rgUE/FQxxKKydHNHYWiIfmgxD6NavS8OxQwCPuFBR3qRMdPq8FMBTLgdeweVc0tmYgRPXXG8Xzx7+Yme9/OYV1qH2AafnWnvcKYCxIC750TZ1GJGMjk3HbdjxENT0HrjWwOnt7WZv7nm1GEGQviqsIZ7tRZ7941iChLAbIxBzsT1StnQwEb4lpSz5xz67mQUSBZ6Vwwl4Ws3KmUoo/+mJC2ZZy8xECESDS66QYLE6Sbj7N+Nux1ogDCKPDuOU09IQX4OIpuuvMQYkNAVZrKCVcsqBIaKBv206HtRqyRhR0rvsDg7L4dus9qpEyGm6kiSfVSZg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=vQosuGEdP0xUXIxvexabIEIj9j5xT6guWNl2dZjdV4CsXpRmnAi6YRcFnldeTWBoBAkD74LnReS+bKIFVMjNOM0YYZ1iIOnpkyxjB0UDbMWJfyEmjQmn1j1qbrNX3IOSbxRYFli7xqdlPwJ28CJLVtqn2PuZdfZJb971U59G+FI489nqymt+A9mAn9QYcFkwKY/w8D3Ezn28UiirBOSWnG65usRqAzx/JNcqjN9/jJLx1CTiyqzsvQpeo0VIxW3QKiYRa1LKsA9L+ATGZKFZDH9w6bzDhVFVfR/4SxP8kWZ2O11P3XNPxssXCNeuFiJFW9Msk87YbWVbtZJap0Qquw==
  • Cc: Xen-devel <xen-devel-bounces@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 08 Sep 2025 11:04:48 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Mon Sep 8, 2025 at 12:19 PM CEST, Jan Beulich wrote:
> On 07.09.2025 16:37, scan-admin@xxxxxxxxxxxx wrote:
>> ** CID 1665362:       Integer handling issues  (INTEGER_OVERFLOW)
>> /xen/lib/find-next-bit.c: 104           in find_next_zero_bit()
>> 
>> 
>> _____________________________________________________________________________________________
>> *** CID 1665362:         Integer handling issues  (INTEGER_OVERFLOW)
>> /xen/lib/find-next-bit.c: 104             in find_next_zero_bit()
>> 98           }
>> 99           if (!size)
>> 100                  return result;
>> 101          tmp = *p;
>> 102     
>> 103     found_first:
>>>>>     CID 1665362:         Integer handling issues  (INTEGER_OVERFLOW)
>>>>>     Expression "0xffffffffffffffffUL << size", where "size" is known to 
>>>>> be equal to 63, overflows the type of "0xffffffffffffffffUL << size", 
>>>>> which is type "unsigned long".
>> 104          tmp |= ~0UL << size;
>> 105          if (tmp == ~0UL)        /* Are any bits zero? */
>> 106                  return result + size;   /* Nope. */
>> 107     found_middle:
>> 108          return result + ffz(tmp);
>> 109     }
>
> I cannot make sense of their claim. 0xffffffffffffffffUL << 63 is simply
> 0x8000000000000000UL, isn't it? Where's the overflow there? There also
> cannot be talk of a 32-bit build, or else ~0UL would have been transformed
> to 0xffffffffUL.
>
> Jan

The offending line LGTM too.

The only credible explanation I can think of is Coverity flagging discarded 1s
on left shifts as loss of precision.

If so, "~((1 << size) - 1)", or "(~0UL >> size) << size" should make it happy,
but surely that error would flare up with all uses of GENMASK() too?

Cheers,
Alejandro

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.