From: Seung-Woo Kim <sw0312.kim@samsung.com>
To: Jaehoon Chung <jh80.chung@samsung.com>
Cc: ulf.hansson@linaro.org, linux-mmc@vger.kernel.org,
linux-kernel@vger.kernel.org,
Seung-Woo Kim <sw0312.kim@samsung.com>
Subject: Re: [PATCH] mmc: dw_mmc: remove UBSAN warning in dw_mci_setup_bus()
Date: Fri, 10 Jun 2016 10:29:25 +0900 [thread overview]
Message-ID: <575A17F5.1050609@samsung.com> (raw)
In-Reply-To: <5759633E.7090706@samsung.com>
Hi Jaehoon,
On 2016년 06월 09일 21:38, Jaehoon Chung wrote:
> Hi Seung-Woo,
>
> On 06/08/2016 01:07 PM, Seung-Woo Kim wrote:
>> This patch removes following UBSAN warnings in dw_mci_setup_bus().
>> The warnings are caused because of shift with more than 31 on 32
>> bit variable, so this patch fixes to shift only for less than 32.
>>
>> UBSAN: Undefined behaviour in drivers/mmc/host/dw_mmc.c:1102:14
>> shift exponent 250 is too large for 32-bit type 'unsigned int'
>> Call trace:
>> [<ffffff90080908a8>] dump_backtrace+0x0/0x380
>> [<ffffff9008090c3c>] show_stack+0x14/0x20
>> [<ffffff90087457b8>] dump_stack+0xe0/0x120
>> [<ffffff90087b1360>] ubsan_epilogue+0x18/0x68
>> [<ffffff90087b1a94>] __ubsan_handle_shift_out_of_bounds+0x18c/0x1bc
>> [<ffffff9008d89cb8>] dw_mci_setup_bus+0x3a0/0x438
>> [...]
>>
>> UBSAN: Undefined behaviour in drivers/mmc/host/dw_mmc.c:1132:27
>> shift exponent 250 is too large for 32-bit type 'unsigned int'
>> Call trace:
>> [<ffffff90080908a8>] dump_backtrace+0x0/0x380
>> [<ffffff9008090c3c>] show_stack+0x14/0x20
>> [<ffffff90087457b8>] dump_stack+0xe0/0x120
>> [<ffffff90087b1360>] ubsan_epilogue+0x18/0x68
>> [<ffffff90087b1a94>] __ubsan_handle_shift_out_of_bounds+0x18c/0x1bc
>> [<ffffff9008d89c9c>] dw_mci_setup_bus+0x384/0x438
>
> The below message can be discarded.
You are right, like above message, below part can be replaced as [...].
>
>> [<ffffff9008d89ed4>] dw_mci_set_ios+0x184/0x798
>> [<ffffff9008d550ac>] mmc_power_up+0x11c/0x260
>> [<ffffff9008d56b78>] mmc_start_host+0x88/0x100
>> [<ffffff9008d583f4>] mmc_add_host+0x6c/0x128
>> [<ffffff9008d88f90>] dw_mci_probe+0x1088/0x1750
>> [<ffffff9008d8caa8>] dw_mci_pltfm_register+0x108/0x178
>> [<ffffff9008d8dae4>] dw_mci_exynos_probe+0x4c/0x88
>> [<ffffff9008a03838>] platform_drv_probe+0x78/0x180
>> [<ffffff90089fe9fc>] driver_probe_device+0x144/0x460
>> [<ffffff90089fee0c>] __driver_attach+0xf4/0x140
>> [<ffffff90089fad98>] bus_for_each_dev+0xf0/0x160
>> [<ffffff90089fdc9c>] driver_attach+0x34/0x58
>> [<ffffff90089fd3e0>] bus_add_driver+0x2c0/0x398
>> [<ffffff9008a00924>] driver_register+0xbc/0x1e0
>> [<ffffff9008a02a94>] __platform_driver_register+0x84/0xa8
>> [<ffffff9009dd5730>] dw_mci_exynos_pltfm_driver_init+0x18/0x20
>> [<ffffff9008082df8>] do_one_initcall+0xa0/0x2c8
>> [<ffffff9009d81780>] kernel_init_freeable+0x52c/0x5dc
>> [<ffffff9009519844>] kernel_init+0x1c/0xf8
>> [<ffffff9008086e10>] ret_from_fork+0x10/0x40
>>
>> Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
>> ---
>> drivers/mmc/host/dw_mmc.c | 5 +++--
>> 1 files changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c
>> index 2cc6123..dff045e 100644
>> --- a/drivers/mmc/host/dw_mmc.c
>> +++ b/drivers/mmc/host/dw_mmc.c
>> @@ -1099,7 +1099,8 @@ static void dw_mci_setup_bus(struct dw_mci_slot *slot, bool force_clkinit)
>>
>> div = (host->bus_hz != clock) ? DIV_ROUND_UP(div, 2) : 0;
>>
>> - if ((clock << div) != slot->__clk_old || force_clkinit)
>> + if (((div < 32) ? (clock << div) : 0) != slot->__clk_old ||
>
> Well, we don't expect that clock is 0.
> if clock is 0, it should be passed to " if (!clock)"..
>
> During initializing card, clock is 400KHz or less..I understood what you want to fix.
> But I taught this is not correct.
It seems slot->__clk_old is not really clock but a kind of value to
store both clock and div in one variable. And at least, my compiler
calculates right shift with more than 32 as 0. I am not sure there is
other proper value for the case.
By the way, in my test environment, clock is calculated as like
following steps:
mmc_host mmc0: Bus speed (slot 0) = 200000000Hz (slot req 400000Hz,
actual 400000HZ div = 250)
mmc_host mmc0: Bus speed (slot 0) = 200000000Hz (slot req 200000000Hz,
actual 200000000HZ div = 0)
mmc_host mmc0: Bus speed (slot 0) = 200000000Hz (slot req 52000000Hz,
actual 50000000HZ div = 2)
mmc_host mmc0: Bus speed (slot 0) = 400000000Hz (slot req 52000000Hz,
actual 50000000HZ div = 4)
mmc_host mmc0: Bus speed (slot 0) = 400000000Hz (slot req 200000000Hz,
actual 200000000HZ div = 1)
and only the first case is reported as the warning. If you let me know
any proper value, then I will fix with the value.
Thanks,
- Seung-Woo Kim
>
>
>> + force_clkinit)
>> dev_info(&slot->mmc->class_dev,
>> "Bus speed (slot %d) = %dHz (slot req %dHz, actual %dHZ div = %d)\n",
>> slot->id, host->bus_hz, clock,
>> @@ -1129,7 +1130,7 @@ static void dw_mci_setup_bus(struct dw_mci_slot *slot, bool force_clkinit)
>> mci_send_cmd(slot, sdmmc_cmd_bits, 0);
>>
>> /* keep the clock with reflecting clock dividor */
>> - slot->__clk_old = clock << div;
>> + slot->__clk_old = (div < 32) ? (clock << div) : 0;
>
> Also, clock is not 0..
>
>
> Best Regards,
> Jaehoon Chung
>
>> }
>>
>> host->current_speed = clock;
>>
>
>
>
--
Seung-Woo Kim
Samsung Software R&D Center
WARNING: multiple messages have this Message-ID (diff)
From: Seung-Woo Kim <sw0312.kim@samsung.com>
To: Jaehoon Chung <jh80.chung@samsung.com>
Cc: ulf.hansson@linaro.org, linux-mmc@vger.kernel.org,
linux-kernel@vger.kernel.org,
Seung-Woo Kim <sw0312.kim@samsung.com>
Subject: Re: [PATCH] mmc: dw_mmc: remove UBSAN warning in dw_mci_setup_bus()
Date: Fri, 10 Jun 2016 10:29:25 +0900 [thread overview]
Message-ID: <575A17F5.1050609@samsung.com> (raw)
In-Reply-To: <5759633E.7090706@samsung.com>
Hi Jaehoon,
On 2016년 06월 09일 21:38, Jaehoon Chung wrote:
> Hi Seung-Woo,
>
> On 06/08/2016 01:07 PM, Seung-Woo Kim wrote:
>> This patch removes following UBSAN warnings in dw_mci_setup_bus().
>> The warnings are caused because of shift with more than 31 on 32
>> bit variable, so this patch fixes to shift only for less than 32.
>>
>> UBSAN: Undefined behaviour in drivers/mmc/host/dw_mmc.c:1102:14
>> shift exponent 250 is too large for 32-bit type 'unsigned int'
>> Call trace:
>> [<ffffff90080908a8>] dump_backtrace+0x0/0x380
>> [<ffffff9008090c3c>] show_stack+0x14/0x20
>> [<ffffff90087457b8>] dump_stack+0xe0/0x120
>> [<ffffff90087b1360>] ubsan_epilogue+0x18/0x68
>> [<ffffff90087b1a94>] __ubsan_handle_shift_out_of_bounds+0x18c/0x1bc
>> [<ffffff9008d89cb8>] dw_mci_setup_bus+0x3a0/0x438
>> [...]
>>
>> UBSAN: Undefined behaviour in drivers/mmc/host/dw_mmc.c:1132:27
>> shift exponent 250 is too large for 32-bit type 'unsigned int'
>> Call trace:
>> [<ffffff90080908a8>] dump_backtrace+0x0/0x380
>> [<ffffff9008090c3c>] show_stack+0x14/0x20
>> [<ffffff90087457b8>] dump_stack+0xe0/0x120
>> [<ffffff90087b1360>] ubsan_epilogue+0x18/0x68
>> [<ffffff90087b1a94>] __ubsan_handle_shift_out_of_bounds+0x18c/0x1bc
>> [<ffffff9008d89c9c>] dw_mci_setup_bus+0x384/0x438
>
> The below message can be discarded.
You are right, like above message, below part can be replaced as [...].
>
>> [<ffffff9008d89ed4>] dw_mci_set_ios+0x184/0x798
>> [<ffffff9008d550ac>] mmc_power_up+0x11c/0x260
>> [<ffffff9008d56b78>] mmc_start_host+0x88/0x100
>> [<ffffff9008d583f4>] mmc_add_host+0x6c/0x128
>> [<ffffff9008d88f90>] dw_mci_probe+0x1088/0x1750
>> [<ffffff9008d8caa8>] dw_mci_pltfm_register+0x108/0x178
>> [<ffffff9008d8dae4>] dw_mci_exynos_probe+0x4c/0x88
>> [<ffffff9008a03838>] platform_drv_probe+0x78/0x180
>> [<ffffff90089fe9fc>] driver_probe_device+0x144/0x460
>> [<ffffff90089fee0c>] __driver_attach+0xf4/0x140
>> [<ffffff90089fad98>] bus_for_each_dev+0xf0/0x160
>> [<ffffff90089fdc9c>] driver_attach+0x34/0x58
>> [<ffffff90089fd3e0>] bus_add_driver+0x2c0/0x398
>> [<ffffff9008a00924>] driver_register+0xbc/0x1e0
>> [<ffffff9008a02a94>] __platform_driver_register+0x84/0xa8
>> [<ffffff9009dd5730>] dw_mci_exynos_pltfm_driver_init+0x18/0x20
>> [<ffffff9008082df8>] do_one_initcall+0xa0/0x2c8
>> [<ffffff9009d81780>] kernel_init_freeable+0x52c/0x5dc
>> [<ffffff9009519844>] kernel_init+0x1c/0xf8
>> [<ffffff9008086e10>] ret_from_fork+0x10/0x40
>>
>> Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
>> ---
>> drivers/mmc/host/dw_mmc.c | 5 +++--
>> 1 files changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c
>> index 2cc6123..dff045e 100644
>> --- a/drivers/mmc/host/dw_mmc.c
>> +++ b/drivers/mmc/host/dw_mmc.c
>> @@ -1099,7 +1099,8 @@ static void dw_mci_setup_bus(struct dw_mci_slot *slot, bool force_clkinit)
>>
>> div = (host->bus_hz != clock) ? DIV_ROUND_UP(div, 2) : 0;
>>
>> - if ((clock << div) != slot->__clk_old || force_clkinit)
>> + if (((div < 32) ? (clock << div) : 0) != slot->__clk_old ||
>
> Well, we don't expect that clock is 0.
> if clock is 0, it should be passed to " if (!clock)"..
>
> During initializing card, clock is 400KHz or less..I understood what you want to fix.
> But I taught this is not correct.
It seems slot->__clk_old is not really clock but a kind of value to
store both clock and div in one variable. And at least, my compiler
calculates right shift with more than 32 as 0. I am not sure there is
other proper value for the case.
By the way, in my test environment, clock is calculated as like
following steps:
mmc_host mmc0: Bus speed (slot 0) = 200000000Hz (slot req 400000Hz,
actual 400000HZ div = 250)
mmc_host mmc0: Bus speed (slot 0) = 200000000Hz (slot req 200000000Hz,
actual 200000000HZ div = 0)
mmc_host mmc0: Bus speed (slot 0) = 200000000Hz (slot req 52000000Hz,
actual 50000000HZ div = 2)
mmc_host mmc0: Bus speed (slot 0) = 400000000Hz (slot req 52000000Hz,
actual 50000000HZ div = 4)
mmc_host mmc0: Bus speed (slot 0) = 400000000Hz (slot req 200000000Hz,
actual 200000000HZ div = 1)
and only the first case is reported as the warning. If you let me know
any proper value, then I will fix with the value.
Thanks,
- Seung-Woo Kim
>
>
>> + force_clkinit)
>> dev_info(&slot->mmc->class_dev,
>> "Bus speed (slot %d) = %dHz (slot req %dHz, actual %dHZ div = %d)\n",
>> slot->id, host->bus_hz, clock,
>> @@ -1129,7 +1130,7 @@ static void dw_mci_setup_bus(struct dw_mci_slot *slot, bool force_clkinit)
>> mci_send_cmd(slot, sdmmc_cmd_bits, 0);
>>
>> /* keep the clock with reflecting clock dividor */
>> - slot->__clk_old = clock << div;
>> + slot->__clk_old = (div < 32) ? (clock << div) : 0;
>
> Also, clock is not 0..
>
>
> Best Regards,
> Jaehoon Chung
>
>> }
>>
>> host->current_speed = clock;
>>
>
>
>
--
Seung-Woo Kim
Samsung Software R&D Center
--
next prev parent reply other threads:[~2016-06-10 1:29 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20160608040654epcas1p2be228e3e02e35a640cb1e65228df79ad@epcas1p2.samsung.com>
2016-06-08 4:07 ` [PATCH] mmc: dw_mmc: remove UBSAN warning in dw_mci_setup_bus() Seung-Woo Kim
2016-06-09 12:38 ` Jaehoon Chung
2016-06-10 1:29 ` Seung-Woo Kim [this message]
2016-06-10 1:29 ` Seung-Woo Kim
2016-06-17 1:30 ` Jaehoon Chung
2016-06-17 4:07 ` Seung-Woo Kim
2016-06-17 4:07 ` Seung-Woo Kim
2016-06-17 5:16 ` [PATCH v2] " Seung-Woo Kim
2016-06-20 2:34 ` Jaehoon Chung
2016-06-20 3:30 ` Seung-Woo Kim
2016-06-20 3:45 ` Seung-Woo Kim
2016-06-20 4:09 ` [PATCH v3] " Seung-Woo Kim
2016-06-22 1:27 ` Jaehoon Chung
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=575A17F5.1050609@samsung.com \
--to=sw0312.kim@samsung.com \
--cc=jh80.chung@samsung.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mmc@vger.kernel.org \
--cc=ulf.hansson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.