Fwd: New Defects reported by Coverity Scan for Linux

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* Fwd: New Defects reported by Coverity Scan for Linux
       [not found] <5348ea4572e7_5d4d7ac86c27677@209.249.196.67.mail>
@ 2014-04-12 13:29 ` Bjorn Helgaas
  2014-04-12 21:41   ` Ville Syrjälä
  0 siblings, 1 reply; 5+ messages in thread
From: Bjorn Helgaas @ 2014-04-12 13:29 UTC (permalink / raw)
  To: Ville Syrjälä; +Cc: Ingo Molnar, linux-kernel@vger.kernel.org

FYI, looks like these were added by a4dff76924fe ("x86/gpu: Add Intel
graphics stolen memory quirk for gen2 platforms").


---------- Forwarded message ----------
From:  <scan-admin@coverity.com>
Date: Sat, Apr 12, 2014 at 1:24 AM
Subject: New Defects reported by Coverity Scan for Linux
To:

...

** CID 1201423:  Unintended sign extension  (SIGN_EXTENSION)
/arch/x86/kernel/early-quirks.c: 290 in i830_mem_size()

** CID 1201424:  Unintended sign extension  (SIGN_EXTENSION)
/arch/x86/kernel/early-quirks.c: 295 in i85x_mem_size()

...
________________________________________________________________________________________________________
*** CID 1201423:  Unintended sign extension  (SIGN_EXTENSION)
/arch/x86/kernel/early-quirks.c: 290 in i830_mem_size()
284
285             return MB(1);
286     }
287
288     static size_t __init i830_mem_size(void)
289     {
>>>     CID 1201423:  Unintended sign extension  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "read_pci_config_byte(0, 0, 0, 99)" with type "unsigned char" (8 bits, unsigned) is promoted in "read_pci_config_byte(0, 0, 0, 99) * 33554432" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "read_pci_config_byte(0, 0, 0, 99) * 33554432" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
290             return read_pci_config_byte(0, 0, 0, I830_DRB3) * MB(32);
291     }
292
293     static size_t __init i85x_mem_size(void)
294     {
295             return read_pci_config_byte(0, 0, 1, I85X_DRB3) * MB(32);

________________________________________________________________________________________________________
*** CID 1201424:  Unintended sign extension  (SIGN_EXTENSION)
/arch/x86/kernel/early-quirks.c: 295 in i85x_mem_size()
289     {
290             return read_pci_config_byte(0, 0, 0, I830_DRB3) * MB(32);
291     }
292
293     static size_t __init i85x_mem_size(void)
294     {
>>>     CID 1201424:  Unintended sign extension  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "read_pci_config_byte(0, 0, 1, 67)" with type "unsigned char" (8 bits, unsigned) is promoted in "read_pci_config_byte(0, 0, 1, 67) * 33554432" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "read_pci_config_byte(0, 0, 1, 67) * 33554432" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
295             return read_pci_config_byte(0, 0, 1, I85X_DRB3) * MB(32);
296     }
297
298     /*
299      * On 830/845/85x the stolen memory base isn't available in any
300      * register. We need to calculate it as TOM-TSEG_SIZE-stolen_size.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Fwd: New Defects reported by Coverity Scan for Linux
  2014-04-12 13:29 ` Fwd: New Defects reported by Coverity Scan for Linux Bjorn Helgaas
@ 2014-04-12 21:41   ` Ville Syrjälä
  2014-04-12 22:41     ` H. Peter Anvin
  0 siblings, 1 reply; 5+ messages in thread
From: Ville Syrjälä @ 2014-04-12 21:41 UTC (permalink / raw)
  To: Bjorn Helgaas; +Cc: Ingo Molnar, linux-kernel@vger.kernel.org

On Sat, Apr 12, 2014 at 07:29:29AM -0600, Bjorn Helgaas wrote:
> FYI, looks like these were added by a4dff76924fe ("x86/gpu: Add Intel
> graphics stolen memory quirk for gen2 platforms").

Some of the affected gen2 platforms do support up to 2GB of RAM which
means that if the sign extension were to happen they could hit this.
However I believe all gen2 platforms are 32bit which AFAIK makes size_t 
32 bits. So looks like we can't hit this in practice..

But if someone were to change the return type to 64bits we'd
be in real danger, so I guess it would be better to fix the bug
anyway.

-#define KB(x)  ((x) * 1024)
+#define KB(x)  ((x) * 1024U)
should be sufficient to eliminate the problem. If someone wants me to
put that into a real patch and send it out let me know.

> 
> 
> ---------- Forwarded message ----------
> From:  <scan-admin@coverity.com>
> Date: Sat, Apr 12, 2014 at 1:24 AM
> Subject: New Defects reported by Coverity Scan for Linux
> To:
> 
> ...
> 
> ** CID 1201423:  Unintended sign extension  (SIGN_EXTENSION)
> /arch/x86/kernel/early-quirks.c: 290 in i830_mem_size()
> 
> ** CID 1201424:  Unintended sign extension  (SIGN_EXTENSION)
> /arch/x86/kernel/early-quirks.c: 295 in i85x_mem_size()
> 
> ...
> ________________________________________________________________________________________________________
> *** CID 1201423:  Unintended sign extension  (SIGN_EXTENSION)
> /arch/x86/kernel/early-quirks.c: 290 in i830_mem_size()
> 284
> 285             return MB(1);
> 286     }
> 287
> 288     static size_t __init i830_mem_size(void)
> 289     {
> >>>     CID 1201423:  Unintended sign extension  (SIGN_EXTENSION)
> >>>     Suspicious implicit sign extension: "read_pci_config_byte(0, 0, 0, 99)" with type "unsigned char" (8 bits, unsigned) is promoted in "read_pci_config_byte(0, 0, 0, 99) * 33554432" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "read_pci_config_byte(0, 0, 0, 99) * 33554432" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
> 290             return read_pci_config_byte(0, 0, 0, I830_DRB3) * MB(32);
> 291     }
> 292
> 293     static size_t __init i85x_mem_size(void)
> 294     {
> 295             return read_pci_config_byte(0, 0, 1, I85X_DRB3) * MB(32);
> 
> ________________________________________________________________________________________________________
> *** CID 1201424:  Unintended sign extension  (SIGN_EXTENSION)
> /arch/x86/kernel/early-quirks.c: 295 in i85x_mem_size()
> 289     {
> 290             return read_pci_config_byte(0, 0, 0, I830_DRB3) * MB(32);
> 291     }
> 292
> 293     static size_t __init i85x_mem_size(void)
> 294     {
> >>>     CID 1201424:  Unintended sign extension  (SIGN_EXTENSION)
> >>>     Suspicious implicit sign extension: "read_pci_config_byte(0, 0, 1, 67)" with type "unsigned char" (8 bits, unsigned) is promoted in "read_pci_config_byte(0, 0, 1, 67) * 33554432" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "read_pci_config_byte(0, 0, 1, 67) * 33554432" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
> 295             return read_pci_config_byte(0, 0, 1, I85X_DRB3) * MB(32);
> 296     }
> 297
> 298     /*
> 299      * On 830/845/85x the stolen memory base isn't available in any
> 300      * register. We need to calculate it as TOM-TSEG_SIZE-stolen_size.

-- 
Ville Syrjälä
Intel OTC

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Fwd: New Defects reported by Coverity Scan for Linux
  2014-04-12 21:41   ` Ville Syrjälä
@ 2014-04-12 22:41     ` H. Peter Anvin
  2014-04-13  9:45       ` [PATCH] x86/gpu: Fix sign extension issue in Intel graphics stolen memory quirks ville.syrjala
  0 siblings, 1 reply; 5+ messages in thread
From: H. Peter Anvin @ 2014-04-12 22:41 UTC (permalink / raw)
  To: Ville Syrjälä, Bjorn Helgaas
  Cc: Ingo Molnar, linux-kernel@vger.kernel.org

On 04/12/2014 02:41 PM, Ville Syrjälä wrote:
> On Sat, Apr 12, 2014 at 07:29:29AM -0600, Bjorn Helgaas wrote:
>> FYI, looks like these were added by a4dff76924fe ("x86/gpu: Add Intel
>> graphics stolen memory quirk for gen2 platforms").
> 
> Some of the affected gen2 platforms do support up to 2GB of RAM which
> means that if the sign extension were to happen they could hit this.
> However I believe all gen2 platforms are 32bit which AFAIK makes size_t 
> 32 bits. So looks like we can't hit this in practice..
> 
> But if someone were to change the return type to 64bits we'd
> be in real danger, so I guess it would be better to fix the bug
> anyway.
> 
> -#define KB(x)  ((x) * 1024)
> +#define KB(x)  ((x) * 1024U)
> should be sufficient to eliminate the problem. If someone wants me to
> put that into a real patch and send it out let me know.
> 

Please do, but make it UL (in the Linux kernel context, unsigned long is
always equivalent to size_t/pointer size.)

	-hpa



^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH] x86/gpu: Fix sign extension issue in Intel graphics stolen memory quirks
  2014-04-12 22:41     ` H. Peter Anvin
@ 2014-04-13  9:45       ` ville.syrjala
  2014-04-14  7:22         ` [tip:x86/urgent] " tip-bot for Ville Syrjälä
  0 siblings, 1 reply; 5+ messages in thread
From: ville.syrjala @ 2014-04-13  9:45 UTC (permalink / raw)
  To: linux-kernel; +Cc: H. Peter Anvin, Bjorn Helgaas, Ingo Molnar

From: Ville Syrjälä <ville.syrjala@linux.intel.com>

Have the KB(),MB(),GB() macros produce unsigned longs to avoid
uninteded sign extension issues with the gen2 memory size detection.

What happens is first the uint8_t returned by read_pci_config_byte()
gets promoted to an int which gets multiplied by another int from the
MB() macro, and finally the result gets sign extended to size_t.

Although this shouldn't be a problem in practice as all affected gen2
platforms are 32bit AFAIK, so size_t will be 32 bits.

Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
---
 arch/x86/kernel/early-quirks.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kernel/early-quirks.c b/arch/x86/kernel/early-quirks.c
index b0cc380..6e2537c 100644
--- a/arch/x86/kernel/early-quirks.c
+++ b/arch/x86/kernel/early-quirks.c
@@ -240,7 +240,7 @@ static u32 __init intel_stolen_base(int num, int slot, int func, size_t stolen_s
 	return base;
 }
 
-#define KB(x)	((x) * 1024)
+#define KB(x)	((x) * 1024UL)
 #define MB(x)	(KB (KB (x)))
 #define GB(x)	(MB (KB (x)))
 
-- 
1.8.3.2


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [tip:x86/urgent] x86/gpu: Fix sign extension issue in Intel graphics stolen memory quirks
  2014-04-13  9:45       ` [PATCH] x86/gpu: Fix sign extension issue in Intel graphics stolen memory quirks ville.syrjala
@ 2014-04-14  7:22         ` tip-bot for Ville Syrjälä
  0 siblings, 0 replies; 5+ messages in thread
From: tip-bot for Ville Syrjälä @ 2014-04-14  7:22 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: linux-kernel, hpa, mingo, bhelgaas, ville.syrjala, tglx

Commit-ID:  86e587623a0ca8426267dad8d3eaebd6fc2d00f1
Gitweb:     http://git.kernel.org/tip/86e587623a0ca8426267dad8d3eaebd6fc2d00f1
Author:     Ville Syrjälä <ville.syrjala@linux.intel.com>
AuthorDate: Sun, 13 Apr 2014 12:45:03 +0300
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Mon, 14 Apr 2014 08:50:56 +0200

x86/gpu: Fix sign extension issue in Intel graphics stolen memory quirks

Have the KB(),MB(),GB() macros produce unsigned longs to avoid
unintended sign extension issues with the gen2 memory size
detection.

What happens is first the uint8_t returned by
read_pci_config_byte() gets promoted to an int which gets
multiplied by another int from the MB() macro, and finally the
result gets sign extended to size_t.

Although this shouldn't be a problem in practice as all affected
gen2 platforms are 32bit AFAIK, so size_t will be 32 bits.

Reported-by: Bjorn Helgaas <bhelgaas@google.com>
Suggested-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: linux-kernel@vger.kernel.org
Link: http://lkml.kernel.org/r/1397382303-17525-1-git-send-email-ville.syrjala@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 arch/x86/kernel/early-quirks.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kernel/early-quirks.c b/arch/x86/kernel/early-quirks.c
index b0cc380..6e2537c 100644
--- a/arch/x86/kernel/early-quirks.c
+++ b/arch/x86/kernel/early-quirks.c
@@ -240,7 +240,7 @@ static u32 __init intel_stolen_base(int num, int slot, int func, size_t stolen_s
 	return base;
 }
 
-#define KB(x)	((x) * 1024)
+#define KB(x)	((x) * 1024UL)
 #define MB(x)	(KB (KB (x)))
 #define GB(x)	(MB (KB (x)))
 

^ permalink raw reply related	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2014-04-14  7:23 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <5348ea4572e7_5d4d7ac86c27677@209.249.196.67.mail>
2014-04-12 13:29 ` Fwd: New Defects reported by Coverity Scan for Linux Bjorn Helgaas
2014-04-12 21:41   ` Ville Syrjälä
2014-04-12 22:41     ` H. Peter Anvin
2014-04-13  9:45       ` [PATCH] x86/gpu: Fix sign extension issue in Intel graphics stolen memory quirks ville.syrjala
2014-04-14  7:22         ` [tip:x86/urgent] " tip-bot for Ville Syrjälä

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox