From mboxrd@z Thu Jan 1 00:00:00 1970 From: joe@perches.com (Joe Perches) Date: Tue, 04 Oct 2016 09:01:33 -0700 Subject: [PATCH] dmaengine: coh901318: fix integer overflow when shifting more than 32 places In-Reply-To: <20161004153645.GG2467@localhost> References: <20160929175725.14157-1-colin.king@canonical.com> <1475172392.2027.12.camel@perches.com> <20161004153645.GG2467@localhost> Message-ID: <1475596893.2340.3.camel@perches.com> To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org On Tue, 2016-10-04 at 21:06 +0530, Vinod Koul wrote: > On Tue, Oct 04, 2016 at 02:23:51PM +0200, Linus Walleij wrote: > > On Thu, Sep 29, 2016 at 8:06 PM, Joe Perches wrote: > > > On Thu, 2016-09-29 at 18:57 +0100, Colin King wrote: > > > > Currently U300_DMA_CHANNELS is set to 40, meaning that the shift of 1 can > > > > be more than 32 places, which leads to a 32 bit integer overflow. Fix this > > > > by casting 1 to a u64 (the same type as started_channels) before shifting > > > > it. > > > trivia: > > > > diff --git a/drivers/dma/coh901318.c b/drivers/dma/coh901318.c > > > [] > > > > @@ -1353,7 +1353,7 @@ static ssize_t coh901318_debugfs_read(struct file *file, char __user *buf, > > > > ? tmp += sprintf(tmp, "DMA -- enabled dma channels\n"); > > > > > > > > ? for (i = 0; i < U300_DMA_CHANNELS; i++) > > > > - if (started_channels & (1 << i)) > > > > + if (started_channels & ((u64)1 << i)) > > > Using > > > ? if (started_channels & (1ULL << i)) > > > would be more common. > > Even better (IMO): > > #include > > if (started_channels & BIT(i)) > > Apparently code is there to avoid the bit 31 problem, mea culpa. > I have already applied this one, so feel free to send this as an update :) BIT_ULL as it still needs to be u64 not unsigned long. But if a change is really desired, please use it consistently in the entire file and not just this instance. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754084AbcJDQBk (ORCPT ); Tue, 4 Oct 2016 12:01:40 -0400 Received: from smtprelay0106.hostedemail.com ([216.40.44.106]:47890 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752005AbcJDQBi (ORCPT ); Tue, 4 Oct 2016 12:01:38 -0400 X-Session-Marker: 6A6F6540706572636865732E636F6D X-Spam-Summary: 2,0,0,,d41d8cd98f00b204,joe@perches.com,:::::::::::::,RULES_HIT:41:355:379:541:599:800:960:966:973:988:989:1260:1277:1311:1313:1314:1345:1359:1373:1437:1515:1516:1518:1534:1541:1593:1594:1711:1730:1747:1777:1792:2196:2199:2393:2553:2559:2562:2828:2895:3138:3139:3140:3141:3142:3353:3622:3865:3866:3867:3868:3870:3871:3872:3874:4321:4385:4605:5007:6119:7875:7903:8531:10004:10400:10848:11232:11473:11658:11914:12438:12555:12740:13069:13255:13311:13357:13439:13894:14181:14659:14721:21080:21451:30012:30051:30054:30064:30070:30083:30090:30091,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fn,MSBL:0,DNSBL:none,Custom_rules:0:0:0,LFtime:5,LUA_SUMMARY:none X-HE-Tag: slope26_8232777f52c4f X-Filterd-Recvd-Size: 2645 Message-ID: <1475596893.2340.3.camel@perches.com> Subject: Re: [PATCH] dmaengine: coh901318: fix integer overflow when shifting more than 32 places From: Joe Perches To: Vinod Koul , Linus Walleij Cc: Colin King , Dan Williams , "linux-arm-kernel@lists.infradead.org" , dmaengine@vger.kernel.org, "linux-kernel@vger.kernel.org" Date: Tue, 04 Oct 2016 09:01:33 -0700 In-Reply-To: <20161004153645.GG2467@localhost> References: <20160929175725.14157-1-colin.king@canonical.com> <1475172392.2027.12.camel@perches.com> <20161004153645.GG2467@localhost> Content-Type: text/plain; charset="ISO-8859-1" X-Mailer: Evolution 3.22.0-2ubuntu1 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2016-10-04 at 21:06 +0530, Vinod Koul wrote: > On Tue, Oct 04, 2016 at 02:23:51PM +0200, Linus Walleij wrote: > > On Thu, Sep 29, 2016 at 8:06 PM, Joe Perches wrote: > > > On Thu, 2016-09-29 at 18:57 +0100, Colin King wrote: > > > > Currently U300_DMA_CHANNELS is set to 40, meaning that the shift of 1 can > > > > be more than 32 places, which leads to a 32 bit integer overflow. Fix this > > > > by casting 1 to a u64 (the same type as started_channels) before shifting > > > > it. > > > trivia: > > > > diff --git a/drivers/dma/coh901318.c b/drivers/dma/coh901318.c > > > [] > > > > @@ -1353,7 +1353,7 @@ static ssize_t coh901318_debugfs_read(struct file *file, char __user *buf, > > > >   tmp += sprintf(tmp, "DMA -- enabled dma channels\n"); > > > > > > > >   for (i = 0; i < U300_DMA_CHANNELS; i++) > > > > - if (started_channels & (1 << i)) > > > > + if (started_channels & ((u64)1 << i)) > > > Using > > >   if (started_channels & (1ULL << i)) > > > would be more common. > > Even better (IMO): > > #include > > if (started_channels & BIT(i)) > > Apparently code is there to avoid the bit 31 problem, mea culpa. > I have already applied this one, so feel free to send this as an update :) BIT_ULL as it still needs to be u64 not unsigned long. But if a change is really desired, please use it consistently in the entire file and not just this instance.