From: Bjorn Helgaas <bhelgaas@google.com>
To: "Ira W. Snyder" <iws@ovro.caltech.edu>
Cc: Yinghai Lu <yinghai@kernel.org>,
"linux-pci@vger.kernel.org" <linux-pci@vger.kernel.org>
Subject: Re: Coverity CIDs 138749, 138750: cnb20le_res() unintended sign extension
Date: Fri, 4 Apr 2014 09:40:23 -0600 [thread overview]
Message-ID: <20140404154023.GA5367@google.com> (raw)
In-Reply-To: <CAErSpo7uQtRXcxC-9oAS8PJ6Vi3H8Z1fVB2wQR-uxGjyoLDkCQ@mail.gmail.com>
On Thu, Apr 03, 2014 at 02:56:26PM -0600, Bjorn Helgaas wrote:
> Coverity complains about unintended sign extension in cnb20le_res() in
> arch/x86/pci/broadcom_bus.c here:
>
> 60 word1 = read_pci_config_16(bus, slot, func, 0xc4);
> 61 word2 = read_pci_config_16(bus, slot, func, 0xc6);
> 62 if (word1 != word2) {
>
> CID 138749 (#1 of 2): Unintended sign extension (SIGN_EXTENSION)
> sign_extension: Suspicious implicit sign extension: word1 with type
> unsigned short (16 bits, unsigned) is promoted in (word1 << 16) | 0 to
> type int (32 bits, signed), then sign-extended to type unsigned long
> long (64 bits, unsigned). If (word1 << 16) | 0 is greater than
> 0x7FFFFFFF, the upper bits of the result will all be 1.
> 63 res.start = (word1 << 16) | 0x0000;
> CID 138750: Unintended sign extension (SIGN_EXTENSION) [select issue]
I propose the following patch for this. Unless there's objection, I'll
queue this for v3.16.
x86/PCI: Fix Broadcom CNB20LE unintended sign extension
From: Bjorn Helgaas <bhelgaas@google.com>
In the expression "word1 << 16", word1 starts as u16, but is promoted to
a signed int, then sign-extended to resource_size_t, which is probably
not what was intended. Cast to resource_size_t to avoid the sign
extension.
Found by Coverity (CID 138749, 138750).
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
---
arch/x86/pci/broadcom_bus.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/pci/broadcom_bus.c b/arch/x86/pci/broadcom_bus.c
index 614392ced7d6..bb461cfd01ab 100644
--- a/arch/x86/pci/broadcom_bus.c
+++ b/arch/x86/pci/broadcom_bus.c
@@ -60,8 +60,8 @@ static void __init cnb20le_res(u8 bus, u8 slot, u8 func)
word1 = read_pci_config_16(bus, slot, func, 0xc4);
word2 = read_pci_config_16(bus, slot, func, 0xc6);
if (word1 != word2) {
- res.start = (word1 << 16) | 0x0000;
- res.end = (word2 << 16) | 0xffff;
+ res.start = ((resource_size_t) word1 << 16) | 0x0000;
+ res.end = ((resource_size_t) word2 << 16) | 0xffff;
res.flags = IORESOURCE_MEM | IORESOURCE_PREFETCH;
update_res(info, res.start, res.end, res.flags, 0);
}
next prev parent reply other threads:[~2014-04-04 15:40 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-03 20:56 Coverity CIDs 138749, 138750: cnb20le_res() unintended sign extension Bjorn Helgaas
2014-04-04 0:02 ` Yinghai Lu
2014-04-04 15:40 ` Bjorn Helgaas [this message]
2014-04-25 17:02 ` Bjorn Helgaas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140404154023.GA5367@google.com \
--to=bhelgaas@google.com \
--cc=iws@ovro.caltech.edu \
--cc=linux-pci@vger.kernel.org \
--cc=yinghai@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.