From: Bjorn Helgaas <bhelgaas@google.com>
To: "Ira W. Snyder" <iws@ovro.caltech.edu>
Cc: Yinghai Lu <yinghai@kernel.org>,
"linux-pci@vger.kernel.org" <linux-pci@vger.kernel.org>
Subject: Re: Coverity CIDs 138749, 138750: cnb20le_res() unintended sign extension
Date: Fri, 4 Apr 2014 09:40:23 -0600 [thread overview]
Message-ID: <20140404154023.GA5367@google.com> (raw)
In-Reply-To: <CAErSpo7uQtRXcxC-9oAS8PJ6Vi3H8Z1fVB2wQR-uxGjyoLDkCQ@mail.gmail.com>
On Thu, Apr 03, 2014 at 02:56:26PM -0600, Bjorn Helgaas wrote:
> Coverity complains about unintended sign extension in cnb20le_res() in
> arch/x86/pci/broadcom_bus.c here:
>
> 60 word1 = read_pci_config_16(bus, slot, func, 0xc4);
> 61 word2 = read_pci_config_16(bus, slot, func, 0xc6);
> 62 if (word1 != word2) {
>
> CID 138749 (#1 of 2): Unintended sign extension (SIGN_EXTENSION)
> sign_extension: Suspicious implicit sign extension: word1 with type
> unsigned short (16 bits, unsigned) is promoted in (word1 << 16) | 0 to
> type int (32 bits, signed), then sign-extended to type unsigned long
> long (64 bits, unsigned). If (word1 << 16) | 0 is greater than
> 0x7FFFFFFF, the upper bits of the result will all be 1.
> 63 res.start = (word1 << 16) | 0x0000;
> CID 138750: Unintended sign extension (SIGN_EXTENSION) [select issue]
I propose the following patch for this. Unless there's objection, I'll
queue this for v3.16.
x86/PCI: Fix Broadcom CNB20LE unintended sign extension
From: Bjorn Helgaas <bhelgaas@google.com>
In the expression "word1 << 16", word1 starts as u16, but is promoted to
a signed int, then sign-extended to resource_size_t, which is probably
not what was intended. Cast to resource_size_t to avoid the sign
extension.
Found by Coverity (CID 138749, 138750).
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
---
arch/x86/pci/broadcom_bus.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/pci/broadcom_bus.c b/arch/x86/pci/broadcom_bus.c
index 614392ced7d6..bb461cfd01ab 100644
--- a/arch/x86/pci/broadcom_bus.c
+++ b/arch/x86/pci/broadcom_bus.c
@@ -60,8 +60,8 @@ static void __init cnb20le_res(u8 bus, u8 slot, u8 func)
word1 = read_pci_config_16(bus, slot, func, 0xc4);
word2 = read_pci_config_16(bus, slot, func, 0xc6);
if (word1 != word2) {
- res.start = (word1 << 16) | 0x0000;
- res.end = (word2 << 16) | 0xffff;
+ res.start = ((resource_size_t) word1 << 16) | 0x0000;
+ res.end = ((resource_size_t) word2 << 16) | 0xffff;
res.flags = IORESOURCE_MEM | IORESOURCE_PREFETCH;
update_res(info, res.start, res.end, res.flags, 0);
}
next prev parent reply other threads:[~2014-04-04 15:40 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-03 20:56 Coverity CIDs 138749, 138750: cnb20le_res() unintended sign extension Bjorn Helgaas
2014-04-04 0:02 ` Yinghai Lu
2014-04-04 15:40 ` Bjorn Helgaas [this message]
2014-04-25 17:02 ` Bjorn Helgaas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140404154023.GA5367@google.com \
--to=bhelgaas@google.com \
--cc=iws@ovro.caltech.edu \
--cc=linux-pci@vger.kernel.org \
--cc=yinghai@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).