* [U-Boot] [PATCH] mmc: cat u8 to u64 to avoid unexpected error
@ 2016-09-13 8:27 Haibo Chen
2016-09-18 17:53 ` Tom Rini
0 siblings, 1 reply; 6+ messages in thread
From: Haibo Chen @ 2016-09-13 8:27 UTC (permalink / raw)
To: u-boot
Suspicious implicit sign extension exist. ext_csd[] is defined
as "u8", capacity is defined as u64, so u8 is promoted to signed
int first int the "|" expersion, then the sign extended to u64.
if the tmp sign value is largeer than 0x7fffffff, after the sign
extension, the upper bits of the result will all be 1.
Thanks to coverity <http://www.coverity.com>
e.g.
u8 data_8;
u64 data_64;
data_8 = 0x80;
data_64 = data_8 << 24; //0xffffffff80000000
data_64 = ((u64)data_8) << 24; //0x80000000
Signed-off-by: Haibo Chen <haibo.chen@nxp.com>
---
drivers/mmc/mmc.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/mmc/mmc.c b/drivers/mmc/mmc.c
index 43ea0bb..c1d1dc6 100644
--- a/drivers/mmc/mmc.c
+++ b/drivers/mmc/mmc.c
@@ -1176,10 +1176,10 @@ static int mmc_startup(struct mmc *mmc)
* ext_csd's capacity is valid if the value is more
* than 2GB
*/
- capacity = ext_csd[EXT_CSD_SEC_CNT] << 0
- | ext_csd[EXT_CSD_SEC_CNT + 1] << 8
- | ext_csd[EXT_CSD_SEC_CNT + 2] << 16
- | ext_csd[EXT_CSD_SEC_CNT + 3] << 24;
+ capacity = ((u64)ext_csd[EXT_CSD_SEC_CNT]) << 0
+ | ((u64)ext_csd[EXT_CSD_SEC_CNT + 1]) << 8
+ | ((u64)ext_csd[EXT_CSD_SEC_CNT + 2]) << 16
+ | ((u64)ext_csd[EXT_CSD_SEC_CNT + 3]) << 24;
capacity *= MMC_MAX_BLOCK_LEN;
if ((capacity >> 20) > 2 * 1024)
mmc->capacity_user = capacity;
--
1.9.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [U-Boot] [PATCH] mmc: cat u8 to u64 to avoid unexpected error
2016-09-13 8:27 [U-Boot] [PATCH] mmc: cat u8 to u64 to avoid unexpected error Haibo Chen
@ 2016-09-18 17:53 ` Tom Rini
2016-09-19 6:31 ` Jaehoon Chung
0 siblings, 1 reply; 6+ messages in thread
From: Tom Rini @ 2016-09-18 17:53 UTC (permalink / raw)
To: u-boot
On Tue, Sep 13, 2016 at 04:27:57PM +0800, Haibo Chen wrote:
> Suspicious implicit sign extension exist. ext_csd[] is defined
> as "u8", capacity is defined as u64, so u8 is promoted to signed
> int first int the "|" expersion, then the sign extended to u64.
> if the tmp sign value is largeer than 0x7fffffff, after the sign
> extension, the upper bits of the result will all be 1.
> Thanks to coverity <http://www.coverity.com>
>
> e.g.
> u8 data_8;
> u64 data_64;
>
> data_8 = 0x80;
> data_64 = data_8 << 24; //0xffffffff80000000
> data_64 = ((u64)data_8) << 24; //0x80000000
>
> Signed-off-by: Haibo Chen <haibo.chen@nxp.com>
Please add a 'Reported-by: Coverity' and you can include the CID if you
like.
> ---
> drivers/mmc/mmc.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/mmc/mmc.c b/drivers/mmc/mmc.c
> index 43ea0bb..c1d1dc6 100644
> --- a/drivers/mmc/mmc.c
> +++ b/drivers/mmc/mmc.c
> @@ -1176,10 +1176,10 @@ static int mmc_startup(struct mmc *mmc)
> * ext_csd's capacity is valid if the value is more
> * than 2GB
> */
> - capacity = ext_csd[EXT_CSD_SEC_CNT] << 0
> - | ext_csd[EXT_CSD_SEC_CNT + 1] << 8
> - | ext_csd[EXT_CSD_SEC_CNT + 2] << 16
> - | ext_csd[EXT_CSD_SEC_CNT + 3] << 24;
> + capacity = ((u64)ext_csd[EXT_CSD_SEC_CNT]) << 0
> + | ((u64)ext_csd[EXT_CSD_SEC_CNT + 1]) << 8
> + | ((u64)ext_csd[EXT_CSD_SEC_CNT + 2]) << 16
> + | ((u64)ext_csd[EXT_CSD_SEC_CNT + 3]) << 24;
> capacity *= MMC_MAX_BLOCK_LEN;
> if ((capacity >> 20) > 2 * 1024)
> mmc->capacity_user = capacity;
Can't we just move capacity down to a u8 instead? Thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160918/e901dc0d/attachment.sig>
^ permalink raw reply [flat|nested] 6+ messages in thread
* [U-Boot] [PATCH] mmc: cat u8 to u64 to avoid unexpected error
2016-09-18 17:53 ` Tom Rini
@ 2016-09-19 6:31 ` Jaehoon Chung
2016-09-19 11:30 ` Tom Rini
0 siblings, 1 reply; 6+ messages in thread
From: Jaehoon Chung @ 2016-09-19 6:31 UTC (permalink / raw)
To: u-boot
On 09/19/2016 02:53 AM, Tom Rini wrote:
> On Tue, Sep 13, 2016 at 04:27:57PM +0800, Haibo Chen wrote:
>
>> Suspicious implicit sign extension exist. ext_csd[] is defined
>> as "u8", capacity is defined as u64, so u8 is promoted to signed
>> int first int the "|" expersion, then the sign extended to u64.
>> if the tmp sign value is largeer than 0x7fffffff, after the sign
>> extension, the upper bits of the result will all be 1.
>> Thanks to coverity <http://www.coverity.com>
>>
>> e.g.
>> u8 data_8;
>> u64 data_64;
>>
>> data_8 = 0x80;
>> data_64 = data_8 << 24; //0xffffffff80000000
>> data_64 = ((u64)data_8) << 24; //0x80000000
>>
>> Signed-off-by: Haibo Chen <haibo.chen@nxp.com>
>
> Please add a 'Reported-by: Coverity' and you can include the CID if you
> like.
I think cid doesn't need to change type.
>
>> ---
>> drivers/mmc/mmc.c | 8 ++++----
>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/mmc/mmc.c b/drivers/mmc/mmc.c
>> index 43ea0bb..c1d1dc6 100644
>> --- a/drivers/mmc/mmc.c
>> +++ b/drivers/mmc/mmc.c
>> @@ -1176,10 +1176,10 @@ static int mmc_startup(struct mmc *mmc)
>> * ext_csd's capacity is valid if the value is more
>> * than 2GB
>> */
>> - capacity = ext_csd[EXT_CSD_SEC_CNT] << 0
>> - | ext_csd[EXT_CSD_SEC_CNT + 1] << 8
>> - | ext_csd[EXT_CSD_SEC_CNT + 2] << 16
>> - | ext_csd[EXT_CSD_SEC_CNT + 3] << 24;
>> + capacity = ((u64)ext_csd[EXT_CSD_SEC_CNT]) << 0
>> + | ((u64)ext_csd[EXT_CSD_SEC_CNT + 1]) << 8
>> + | ((u64)ext_csd[EXT_CSD_SEC_CNT + 2]) << 16
>> + | ((u64)ext_csd[EXT_CSD_SEC_CNT + 3]) << 24;
>> capacity *= MMC_MAX_BLOCK_LEN;
>> if ((capacity >> 20) > 2 * 1024)
>> mmc->capacity_user = capacity;
>
> Can't we just move capacity down to a u8 instead? Thanks!
Maybe not to move down to a u8..because it's displayed the real capacity for storage.
And i wonder that coverity didn't report about the line 1294?
Best Regards,
Jaehoon Chung
>
>
>
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> http://lists.denx.de/mailman/listinfo/u-boot
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* [U-Boot] [PATCH] mmc: cat u8 to u64 to avoid unexpected error
2016-09-19 6:31 ` Jaehoon Chung
@ 2016-09-19 11:30 ` Tom Rini
2016-09-20 2:04 ` Jaehoon Chung
0 siblings, 1 reply; 6+ messages in thread
From: Tom Rini @ 2016-09-19 11:30 UTC (permalink / raw)
To: u-boot
On Mon, Sep 19, 2016 at 03:31:54PM +0900, Jaehoon Chung wrote:
> On 09/19/2016 02:53 AM, Tom Rini wrote:
> > On Tue, Sep 13, 2016 at 04:27:57PM +0800, Haibo Chen wrote:
> >
> >> Suspicious implicit sign extension exist. ext_csd[] is defined
> >> as "u8", capacity is defined as u64, so u8 is promoted to signed
> >> int first int the "|" expersion, then the sign extended to u64.
> >> if the tmp sign value is largeer than 0x7fffffff, after the sign
> >> extension, the upper bits of the result will all be 1.
> >> Thanks to coverity <http://www.coverity.com>
> >>
> >> e.g.
> >> u8 data_8;
> >> u64 data_64;
> >>
> >> data_8 = 0x80;
> >> data_64 = data_8 << 24; //0xffffffff80000000
> >> data_64 = ((u64)data_8) << 24; //0x80000000
> >>
> >> Signed-off-by: Haibo Chen <haibo.chen@nxp.com>
> >
> > Please add a 'Reported-by: Coverity' and you can include the CID if you
> > like.
>
> I think cid doesn't need to change type.
I mean the coverity CID :) In the public coverity project it's 149300
>
> >
> >> ---
> >> drivers/mmc/mmc.c | 8 ++++----
> >> 1 file changed, 4 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/drivers/mmc/mmc.c b/drivers/mmc/mmc.c
> >> index 43ea0bb..c1d1dc6 100644
> >> --- a/drivers/mmc/mmc.c
> >> +++ b/drivers/mmc/mmc.c
> >> @@ -1176,10 +1176,10 @@ static int mmc_startup(struct mmc *mmc)
> >> * ext_csd's capacity is valid if the value is more
> >> * than 2GB
> >> */
> >> - capacity = ext_csd[EXT_CSD_SEC_CNT] << 0
> >> - | ext_csd[EXT_CSD_SEC_CNT + 1] << 8
> >> - | ext_csd[EXT_CSD_SEC_CNT + 2] << 16
> >> - | ext_csd[EXT_CSD_SEC_CNT + 3] << 24;
> >> + capacity = ((u64)ext_csd[EXT_CSD_SEC_CNT]) << 0
> >> + | ((u64)ext_csd[EXT_CSD_SEC_CNT + 1]) << 8
> >> + | ((u64)ext_csd[EXT_CSD_SEC_CNT + 2]) << 16
> >> + | ((u64)ext_csd[EXT_CSD_SEC_CNT + 3]) << 24;
> >> capacity *= MMC_MAX_BLOCK_LEN;
> >> if ((capacity >> 20) > 2 * 1024)
> >> mmc->capacity_user = capacity;
> >
> > Can't we just move capacity down to a u8 instead? Thanks!
>
> Maybe not to move down to a u8..because it's displayed the real capacity for storage.
We could update those lines too? It's just that one case right there,
yes?
> And i wonder that coverity didn't report about the line 1294?
It does, along with 1256.
Thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160919/e7f07b1f/attachment.sig>
^ permalink raw reply [flat|nested] 6+ messages in thread
* [U-Boot] [PATCH] mmc: cat u8 to u64 to avoid unexpected error
2016-09-19 11:30 ` Tom Rini
@ 2016-09-20 2:04 ` Jaehoon Chung
2016-09-20 2:12 ` Tom Rini
0 siblings, 1 reply; 6+ messages in thread
From: Jaehoon Chung @ 2016-09-20 2:04 UTC (permalink / raw)
To: u-boot
On 09/19/2016 08:30 PM, Tom Rini wrote:
> On Mon, Sep 19, 2016 at 03:31:54PM +0900, Jaehoon Chung wrote:
>> On 09/19/2016 02:53 AM, Tom Rini wrote:
>>> On Tue, Sep 13, 2016 at 04:27:57PM +0800, Haibo Chen wrote:
>>>
>>>> Suspicious implicit sign extension exist. ext_csd[] is defined
>>>> as "u8", capacity is defined as u64, so u8 is promoted to signed
>>>> int first int the "|" expersion, then the sign extended to u64.
>>>> if the tmp sign value is largeer than 0x7fffffff, after the sign
>>>> extension, the upper bits of the result will all be 1.
>>>> Thanks to coverity <http://www.coverity.com>
>>>>
>>>> e.g.
>>>> u8 data_8;
>>>> u64 data_64;
>>>>
>>>> data_8 = 0x80;
>>>> data_64 = data_8 << 24; //0xffffffff80000000
>>>> data_64 = ((u64)data_8) << 24; //0x80000000
>>>>
>>>> Signed-off-by: Haibo Chen <haibo.chen@nxp.com>
>>>
>>> Please add a 'Reported-by: Coverity' and you can include the CID if you
>>> like.
>>
>> I think cid doesn't need to change type.
>
> I mean the coverity CID :) In the public coverity project it's 149300
Ah! I misunderstood CID as cid register. :)
>
>>
>>>
>>>> ---
>>>> drivers/mmc/mmc.c | 8 ++++----
>>>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>>>
>>>> diff --git a/drivers/mmc/mmc.c b/drivers/mmc/mmc.c
>>>> index 43ea0bb..c1d1dc6 100644
>>>> --- a/drivers/mmc/mmc.c
>>>> +++ b/drivers/mmc/mmc.c
>>>> @@ -1176,10 +1176,10 @@ static int mmc_startup(struct mmc *mmc)
>>>> * ext_csd's capacity is valid if the value is more
>>>> * than 2GB
>>>> */
>>>> - capacity = ext_csd[EXT_CSD_SEC_CNT] << 0
>>>> - | ext_csd[EXT_CSD_SEC_CNT + 1] << 8
>>>> - | ext_csd[EXT_CSD_SEC_CNT + 2] << 16
>>>> - | ext_csd[EXT_CSD_SEC_CNT + 3] << 24;
>>>> + capacity = ((u64)ext_csd[EXT_CSD_SEC_CNT]) << 0
>>>> + | ((u64)ext_csd[EXT_CSD_SEC_CNT + 1]) << 8
>>>> + | ((u64)ext_csd[EXT_CSD_SEC_CNT + 2]) << 16
>>>> + | ((u64)ext_csd[EXT_CSD_SEC_CNT + 3]) << 24;
>>>> capacity *= MMC_MAX_BLOCK_LEN;
>>>> if ((capacity >> 20) > 2 * 1024)
>>>> mmc->capacity_user = capacity;
>>>
>>> Can't we just move capacity down to a u8 instead? Thanks!
>>
>> Maybe not to move down to a u8..because it's displayed the real capacity for storage.
>
> We could update those lines too? It's just that one case right there,
> yes?
If it's possible to calculate the correct capacity?
Best Regards,
Jaehoon Chung
>
>> And i wonder that coverity didn't report about the line 1294?
>
> It does, along with 1256.
>
> Thanks!
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* [U-Boot] [PATCH] mmc: cat u8 to u64 to avoid unexpected error
2016-09-20 2:04 ` Jaehoon Chung
@ 2016-09-20 2:12 ` Tom Rini
0 siblings, 0 replies; 6+ messages in thread
From: Tom Rini @ 2016-09-20 2:12 UTC (permalink / raw)
To: u-boot
On Tue, Sep 20, 2016 at 11:04:40AM +0900, Jaehoon Chung wrote:
> On 09/19/2016 08:30 PM, Tom Rini wrote:
> > On Mon, Sep 19, 2016 at 03:31:54PM +0900, Jaehoon Chung wrote:
> >> On 09/19/2016 02:53 AM, Tom Rini wrote:
> >>> On Tue, Sep 13, 2016 at 04:27:57PM +0800, Haibo Chen wrote:
> >>>
> >>>> Suspicious implicit sign extension exist. ext_csd[] is defined
> >>>> as "u8", capacity is defined as u64, so u8 is promoted to signed
> >>>> int first int the "|" expersion, then the sign extended to u64.
> >>>> if the tmp sign value is largeer than 0x7fffffff, after the sign
> >>>> extension, the upper bits of the result will all be 1.
> >>>> Thanks to coverity <http://www.coverity.com>
> >>>>
> >>>> e.g.
> >>>> u8 data_8;
> >>>> u64 data_64;
> >>>>
> >>>> data_8 = 0x80;
> >>>> data_64 = data_8 << 24; //0xffffffff80000000
> >>>> data_64 = ((u64)data_8) << 24; //0x80000000
> >>>>
> >>>> Signed-off-by: Haibo Chen <haibo.chen@nxp.com>
> >>>
> >>> Please add a 'Reported-by: Coverity' and you can include the CID if you
> >>> like.
> >>
> >> I think cid doesn't need to change type.
> >
> > I mean the coverity CID :) In the public coverity project it's 149300
>
> Ah! I misunderstood CID as cid register. :)
>
> >
> >>
> >>>
> >>>> ---
> >>>> drivers/mmc/mmc.c | 8 ++++----
> >>>> 1 file changed, 4 insertions(+), 4 deletions(-)
> >>>>
> >>>> diff --git a/drivers/mmc/mmc.c b/drivers/mmc/mmc.c
> >>>> index 43ea0bb..c1d1dc6 100644
> >>>> --- a/drivers/mmc/mmc.c
> >>>> +++ b/drivers/mmc/mmc.c
> >>>> @@ -1176,10 +1176,10 @@ static int mmc_startup(struct mmc *mmc)
> >>>> * ext_csd's capacity is valid if the value is more
> >>>> * than 2GB
> >>>> */
> >>>> - capacity = ext_csd[EXT_CSD_SEC_CNT] << 0
> >>>> - | ext_csd[EXT_CSD_SEC_CNT + 1] << 8
> >>>> - | ext_csd[EXT_CSD_SEC_CNT + 2] << 16
> >>>> - | ext_csd[EXT_CSD_SEC_CNT + 3] << 24;
> >>>> + capacity = ((u64)ext_csd[EXT_CSD_SEC_CNT]) << 0
> >>>> + | ((u64)ext_csd[EXT_CSD_SEC_CNT + 1]) << 8
> >>>> + | ((u64)ext_csd[EXT_CSD_SEC_CNT + 2]) << 16
> >>>> + | ((u64)ext_csd[EXT_CSD_SEC_CNT + 3]) << 24;
> >>>> capacity *= MMC_MAX_BLOCK_LEN;
> >>>> if ((capacity >> 20) > 2 * 1024)
> >>>> mmc->capacity_user = capacity;
> >>>
> >>> Can't we just move capacity down to a u8 instead? Thanks!
> >>
> >> Maybe not to move down to a u8..because it's displayed the real capacity for storage.
> >
> > We could update those lines too? It's just that one case right there,
> > yes?
>
> If it's possible to calculate the correct capacity?
... I think? I hadn't had my coffee yet when I did a quick compile test
this morning but it looks like all of the uses of capacity would fit
into a u8. Someone should check and make a formal patch :)
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20160919/9bb20c79/attachment.sig>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-09-20 2:12 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-09-13 8:27 [U-Boot] [PATCH] mmc: cat u8 to u64 to avoid unexpected error Haibo Chen
2016-09-18 17:53 ` Tom Rini
2016-09-19 6:31 ` Jaehoon Chung
2016-09-19 11:30 ` Tom Rini
2016-09-20 2:04 ` Jaehoon Chung
2016-09-20 2:12 ` Tom Rini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox