From: coverity-bot <keescook@chromium.org>
To: Chih-Kang Chang <gary.chang@realtek.com>
Cc: Chin-Yen Lee <timlee@realtek.com>, Kalle Valo <kvalo@kernel.org>,
Ping-Ke Shih <pkshih@realtek.com>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
linux-next@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues
Date: Wed, 2 Nov 2022 12:53:26 -0700 [thread overview]
Message-ID: <202211021253.44E254479@keescook> (raw)
Hello!
This is an experimental semi-automated report about issues detected by
Coverity from a scan of next-20221102 as part of the linux-next scan project:
https://scan.coverity.com/projects/linux-next-weekly-scan
You're getting this email because you were associated with the identified
lines of code (noted below) that were touched by commits:
Tue Nov 1 11:26:13 2022 +0200
7a68ec3da79e ("wifi: rtw89: add function to adjust and restore PLE quota")
Coverity reported the following:
*** CID 1527095: Integer handling issues (SIGN_EXTENSION)
/drivers/net/wireless/realtek/rtw89/mac.c: 1562 in rtw89_mac_resize_ple_rx_quota()
1556 rtw89_err(rtwdev, "[ERR]get_dle_mem_cfg\n");
1557 return -EINVAL;
1558 }
1559
1560 min_cfg = cfg->ple_min_qt;
1561 max_cfg = cfg->ple_max_qt;
vvv CID 1527095: Integer handling issues (SIGN_EXTENSION)
vvv Suspicious implicit sign extension: "max_cfg->cma0_dma" with type "u16" (16 bits, unsigned) is promoted in "max_cfg->cma0_dma << 16" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "max_cfg->cma0_dma << 16" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1562 SET_QUOTA(cma0_dma, PLE, 6);
1563 SET_QUOTA(cma1_dma, PLE, 7);
1564
1565 return 0;
1566 }
1567 #undef SET_QUOTA
If this is a false positive, please let us know so we can mark it as
such, or teach the Coverity rules to be smarter. If not, please make
sure fixes get into linux-next. :) For patches fixing this, please
include these lines (but double-check the "Fixes" first):
Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1527095 ("Integer handling issues")
Fixes: 7a68ec3da79e ("wifi: rtw89: add function to adjust and restore PLE quota")
Thanks for your attention!
--
Coverity-bot
next reply other threads:[~2022-11-02 19:53 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-02 19:53 coverity-bot [this message]
2022-11-03 1:26 ` Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues Ping-Ke Shih
2022-11-03 6:03 ` Kalle Valo
2022-11-04 19:15 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202211021253.44E254479@keescook \
--to=keescook@chromium.org \
--cc=gary.chang@realtek.com \
--cc=gustavo@embeddedor.com \
--cc=kvalo@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
--cc=pkshih@realtek.com \
--cc=timlee@realtek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.