* [PATCH net-next] net: phy: mdio-bcm-unimac: Cast denominator to unsigned long to avoid overflow @ 2024-03-12 16:53 Daniil Dulov 2024-03-12 17:16 ` Jakub Kicinski 2024-03-12 17:18 ` Russell King (Oracle) 0 siblings, 2 replies; 7+ messages in thread From: Daniil Dulov @ 2024-03-12 16:53 UTC (permalink / raw) To: Jakub Kicinski, Florian Fainelli Cc: Daniil Dulov, Broadcom internal kernel review list, Andrew Lunn, Heiner Kallweit, Russell King, David S. Miller, Eric Dumazet, Doug Berger, Paolo Abeni, netdev, linux-kernel, lvc-project The expression priv->clk_freq * 2 can lead to overflow that will cause a division by zero. So, let's cast it to unsigned long to avoid it. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Daniil Dulov <d.dulov@aladdin.ru> --- drivers/net/mdio/mdio-bcm-unimac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/mdio/mdio-bcm-unimac.c b/drivers/net/mdio/mdio-bcm-unimac.c index f40eb50bb978..0425b622c09f 100644 --- a/drivers/net/mdio/mdio-bcm-unimac.c +++ b/drivers/net/mdio/mdio-bcm-unimac.c @@ -214,7 +214,7 @@ static int unimac_mdio_clk_set(struct unimac_mdio_priv *priv) else rate = clk_get_rate(priv->clk); - div = (rate / (2 * priv->clk_freq)) - 1; + div = (rate / (2 * (unsigned long)priv->clk_freq)) - 1; if (div & ~MDIO_CLK_DIV_MASK) { pr_warn("Incorrect MDIO clock frequency, ignoring\n"); ret = 0; -- 2.25.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH net-next] net: phy: mdio-bcm-unimac: Cast denominator to unsigned long to avoid overflow 2024-03-12 16:53 [PATCH net-next] net: phy: mdio-bcm-unimac: Cast denominator to unsigned long to avoid overflow Daniil Dulov @ 2024-03-12 17:16 ` Jakub Kicinski 2024-03-12 17:18 ` Russell King (Oracle) 1 sibling, 0 replies; 7+ messages in thread From: Jakub Kicinski @ 2024-03-12 17:16 UTC (permalink / raw) To: Daniil Dulov Cc: Florian Fainelli, Broadcom internal kernel review list, Andrew Lunn, Heiner Kallweit, Russell King, David S. Miller, Eric Dumazet, Doug Berger, Paolo Abeni, netdev, linux-kernel, lvc-project On Tue, 12 Mar 2024 19:53:58 +0300 Daniil Dulov wrote: > The expression priv->clk_freq * 2 can lead to overflow that will cause > a division by zero. So, let's cast it to unsigned long to avoid it. ## Form letter - net-next-closed The merge window for v6.9 has begun and we have already posted our pull request. Therefore net-next is closed for new drivers, features, code refactoring and optimizations. We are currently accepting bug fixes only. Please repost when net-next reopens after March 25th. RFC patches sent for review only are obviously welcome at any time. See: https://www.kernel.org/doc/html/next/process/maintainer-netdev.html#development-cycle -- pw-bot: defer ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH net-next] net: phy: mdio-bcm-unimac: Cast denominator to unsigned long to avoid overflow 2024-03-12 16:53 [PATCH net-next] net: phy: mdio-bcm-unimac: Cast denominator to unsigned long to avoid overflow Daniil Dulov 2024-03-12 17:16 ` Jakub Kicinski @ 2024-03-12 17:18 ` Russell King (Oracle) 2024-03-12 17:23 ` Florian Fainelli 1 sibling, 1 reply; 7+ messages in thread From: Russell King (Oracle) @ 2024-03-12 17:18 UTC (permalink / raw) To: Daniil Dulov Cc: Jakub Kicinski, Florian Fainelli, Broadcom internal kernel review list, Andrew Lunn, Heiner Kallweit, David S. Miller, Eric Dumazet, Doug Berger, Paolo Abeni, netdev, linux-kernel, lvc-project On Tue, Mar 12, 2024 at 07:53:58PM +0300, Daniil Dulov wrote: > The expression priv->clk_freq * 2 can lead to overflow that will cause > a division by zero. So, let's cast it to unsigned long to avoid it. How does casting this help? "unsigned long" can still be 32-bit. Maybe unimac_mdio_probe() should be validating the value it read from DT won't overflow? I suspect that a value of 2.1GHz is way too large for this property in any case. https://en.wikipedia.org/wiki/Management_Data_Input/Output#Electrical_specification (note, this driver is clause-22 only.) -- RMK's Patch system: https://www.armlinux.org.uk/developer/patches/ FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last! ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH net-next] net: phy: mdio-bcm-unimac: Cast denominator to unsigned long to avoid overflow 2024-03-12 17:18 ` Russell King (Oracle) @ 2024-03-12 17:23 ` Florian Fainelli 2024-03-12 19:23 ` Doug Berger 0 siblings, 1 reply; 7+ messages in thread From: Florian Fainelli @ 2024-03-12 17:23 UTC (permalink / raw) To: Russell King (Oracle), Daniil Dulov Cc: Jakub Kicinski, Florian Fainelli, Broadcom internal kernel review list, Andrew Lunn, Heiner Kallweit, David S. Miller, Eric Dumazet, Doug Berger, Paolo Abeni, netdev, linux-kernel, lvc-project On 3/12/24 10:18, Russell King (Oracle) wrote: > On Tue, Mar 12, 2024 at 07:53:58PM +0300, Daniil Dulov wrote: >> The expression priv->clk_freq * 2 can lead to overflow that will cause >> a division by zero. So, let's cast it to unsigned long to avoid it. > > How does casting this help? "unsigned long" can still be 32-bit. > Maybe unimac_mdio_probe() should be validating the value it read from > DT won't overflow? I suspect that a value of 2.1GHz is way too large > for this property in any case. > > https://en.wikipedia.org/wiki/Management_Data_Input/Output#Electrical_specification > > (note, this driver is clause-22 only.) > Had commented on the previous version (not sure why this was not prefixed with v2) that the maximum clock frequency for this clock is 250MHz, the driver could check that to prevent for an overflow, most certainly. -- Florian ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH net-next] net: phy: mdio-bcm-unimac: Cast denominator to unsigned long to avoid overflow 2024-03-12 17:23 ` Florian Fainelli @ 2024-03-12 19:23 ` Doug Berger 2024-03-12 19:42 ` Russell King (Oracle) 0 siblings, 1 reply; 7+ messages in thread From: Doug Berger @ 2024-03-12 19:23 UTC (permalink / raw) To: Florian Fainelli, Russell King (Oracle), Daniil Dulov Cc: Jakub Kicinski, Florian Fainelli, Broadcom internal kernel review list, Andrew Lunn, Heiner Kallweit, David S. Miller, Eric Dumazet, Paolo Abeni, netdev, linux-kernel, lvc-project On 3/12/2024 10:23 AM, Florian Fainelli wrote: > On 3/12/24 10:18, Russell King (Oracle) wrote: >> On Tue, Mar 12, 2024 at 07:53:58PM +0300, Daniil Dulov wrote: >>> The expression priv->clk_freq * 2 can lead to overflow that will cause >>> a division by zero. So, let's cast it to unsigned long to avoid it. >> >> How does casting this help? "unsigned long" can still be 32-bit. >> Maybe unimac_mdio_probe() should be validating the value it read from >> DT won't overflow? I suspect that a value of 2.1GHz is way too large >> for this property in any case. >> >> https://en.wikipedia.org/wiki/Management_Data_Input/Output#Electrical_specification >> >> (note, this driver is clause-22 only.) >> > > Had commented on the previous version (not sure why this was not > prefixed with v2) that the maximum clock frequency for this clock is > 250MHz, the driver could check that to prevent for an overflow, most > certainly. Could also use: - div = (rate / (2 * priv->clk_freq)) - 1; + div = ((rate / priv->clk_freq) >> 1) - 1; which is mathematically equivalent without the risk of overflow. -Doug ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH net-next] net: phy: mdio-bcm-unimac: Cast denominator to unsigned long to avoid overflow 2024-03-12 19:23 ` Doug Berger @ 2024-03-12 19:42 ` Russell King (Oracle) 2024-03-12 22:53 ` Doug Berger 0 siblings, 1 reply; 7+ messages in thread From: Russell King (Oracle) @ 2024-03-12 19:42 UTC (permalink / raw) To: Doug Berger Cc: Florian Fainelli, Daniil Dulov, Jakub Kicinski, Florian Fainelli, Broadcom internal kernel review list, Andrew Lunn, Heiner Kallweit, David S. Miller, Eric Dumazet, Paolo Abeni, netdev, linux-kernel, lvc-project On Tue, Mar 12, 2024 at 12:23:20PM -0700, Doug Berger wrote: > On 3/12/2024 10:23 AM, Florian Fainelli wrote: > > On 3/12/24 10:18, Russell King (Oracle) wrote: > > > On Tue, Mar 12, 2024 at 07:53:58PM +0300, Daniil Dulov wrote: > > > > The expression priv->clk_freq * 2 can lead to overflow that will cause > > > > a division by zero. So, let's cast it to unsigned long to avoid it. > > > > > > How does casting this help? "unsigned long" can still be 32-bit. > > > Maybe unimac_mdio_probe() should be validating the value it read from > > > DT won't overflow? I suspect that a value of 2.1GHz is way too large > > > for this property in any case. > > > > > > https://en.wikipedia.org/wiki/Management_Data_Input/Output#Electrical_specification > > > > > > (note, this driver is clause-22 only.) > > > > > > > Had commented on the previous version (not sure why this was not > > prefixed with v2) that the maximum clock frequency for this clock is > > 250MHz, the driver could check that to prevent for an overflow, most > > certainly. > > Could also use: > - div = (rate / (2 * priv->clk_freq)) - 1; > + div = ((rate / priv->clk_freq) >> 1) - 1; > which is mathematically equivalent without the risk of overflow. What's the point when the maximum clock frequency that the driver should allow fits within u32, nay u28? -- RMK's Patch system: https://www.armlinux.org.uk/developer/patches/ FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last! ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH net-next] net: phy: mdio-bcm-unimac: Cast denominator to unsigned long to avoid overflow 2024-03-12 19:42 ` Russell King (Oracle) @ 2024-03-12 22:53 ` Doug Berger 0 siblings, 0 replies; 7+ messages in thread From: Doug Berger @ 2024-03-12 22:53 UTC (permalink / raw) To: Russell King (Oracle) Cc: Florian Fainelli, Daniil Dulov, Jakub Kicinski, Florian Fainelli, Broadcom internal kernel review list, Andrew Lunn, Heiner Kallweit, David S. Miller, Eric Dumazet, Paolo Abeni, netdev, linux-kernel, lvc-project On 3/12/2024 12:42 PM, Russell King (Oracle) wrote: > On Tue, Mar 12, 2024 at 12:23:20PM -0700, Doug Berger wrote: >> On 3/12/2024 10:23 AM, Florian Fainelli wrote: >>> On 3/12/24 10:18, Russell King (Oracle) wrote: >>>> On Tue, Mar 12, 2024 at 07:53:58PM +0300, Daniil Dulov wrote: >>>>> The expression priv->clk_freq * 2 can lead to overflow that will cause >>>>> a division by zero. So, let's cast it to unsigned long to avoid it. >>>> >>>> How does casting this help? "unsigned long" can still be 32-bit. >>>> Maybe unimac_mdio_probe() should be validating the value it read from >>>> DT won't overflow? I suspect that a value of 2.1GHz is way too large >>>> for this property in any case. >>>> >>>> https://en.wikipedia.org/wiki/Management_Data_Input/Output#Electrical_specification >>>> >>>> (note, this driver is clause-22 only.) >>>> >>> >>> Had commented on the previous version (not sure why this was not >>> prefixed with v2) that the maximum clock frequency for this clock is >>> 250MHz, the driver could check that to prevent for an overflow, most >>> certainly. >> >> Could also use: >> - div = (rate / (2 * priv->clk_freq)) - 1; >> + div = ((rate / priv->clk_freq) >> 1) - 1; >> which is mathematically equivalent without the risk of overflow. > > What's the point when the maximum clock frequency that the driver should > allow fits within u32, nay u28? I'm assuming this question is rhetorical since I agree there is little point to this change. However, in case it's not, the point is to make the SVACE tool happy. The tool has correctly identified that it is possible for the devicetree to specify values that would produce an intermediate overflow. The fact that there is no existing hardware for which those values are legitimate may be very relevant, but the binding documentation does not specify any such limitations and the future has a tendency to make numbers that seem ludicrous today less ludicrous ;). The brcm,unimac-mdio IP could find itself in some future piece of silicon where it would be capable of dividing such unlikely clocks since software has a knack for outliving the hardware for which it may have been originally written. My suggestion was merely an attempt to remove the possibility of overflow (the unrealized bug) without altering existing functionality and without needlessly promoting to a larger data type. Best regards, Doug ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-03-12 22:53 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-03-12 16:53 [PATCH net-next] net: phy: mdio-bcm-unimac: Cast denominator to unsigned long to avoid overflow Daniil Dulov 2024-03-12 17:16 ` Jakub Kicinski 2024-03-12 17:18 ` Russell King (Oracle) 2024-03-12 17:23 ` Florian Fainelli 2024-03-12 19:23 ` Doug Berger 2024-03-12 19:42 ` Russell King (Oracle) 2024-03-12 22:53 ` Doug Berger
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).