Re: [bug report] PCI: Add pci_rebar_size_supported() helper

["Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>]

[-- Attachment #1: Type: text/plain, Size: 1660 bytes --]

On Fri, 21 Nov 2025, Dan Carpenter wrote:

> Hello Ilpo Järvinen,
> 
> Commit bb1fabd0d94e ("PCI: Add pci_rebar_size_supported() helper")
> from Nov 13, 2025 (linux-next), leads to the following Smatch static
> checker warning:
> 
> 	drivers/pci/rebar.c:142 pci_rebar_size_supported()
> 	error: undefined (user controlled) shift '(((1))) << size'
> 
> The problem is this call tree:
> __resource_resize_store() <- takes an unsigned long from the user
>   -> pci_resize_resource() <- truncates it to int
>      -> pci_rebar_size_supported()
> 
> drivers/pci/rebar.c
>     138 bool pci_rebar_size_supported(struct pci_dev *pdev, int bar, int size)
>     139 {
>     140         u64 sizes = pci_rebar_get_possible_sizes(pdev, bar);
>     141 
> --> 142         return BIT(size) & sizes;
>     143 }
> 
> So here size could be negative or >= BITS_PER_LONG which leads to
> shift wrapping.  But also truncating the ulong to int in
> __resource_resize_store() is not beautiful.

Thanks Dan!

I've not liked using int for those size parameters as the field on PCIe 
side is obviously unsigned (less than u8 actually, PCIe r7.0, sec 7.8.6.3) 
but haven't yet spent time on converting them either.

The issue seems older though than introduction of 
pci_rebar_size_supported() in the commit bb1fabd0d94e ("PCI: Add 
pci_rebar_size_supported() helper") that just moved that BIT() inside the 
newly introduced function.

I'll send the fix next week (I wrote it already but they seem to be doing 
some electric work over this weekend so I can't easily do testing for it 
with systems I normally play with BAR resizing).

-- 
 i.