* [PATCH] PNP: fix unintended sign extension on left shifts
@ 2019-10-14 13:16 ` Colin King
0 siblings, 0 replies; 8+ messages in thread
From: Colin King @ 2019-10-14 13:16 UTC (permalink / raw)
To: Jaroslav Kysela, Rafael J . Wysocki; +Cc: kernel-janitors, linux-kernel
From: Colin Ian King <colin.king@canonical.com>
Shifting a u8 left will cause the value to be promoted to an integer. If
the top bit of the u8 is set then the following conversion to a 64 bit
resource_size_t will sign extend the value causing the upper 32 bits
to be set in the result.
Fix this by casting the u8 value to a resource_size_t before the shift.
Original commit is pre-git history.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
drivers/pnp/isapnp/core.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/drivers/pnp/isapnp/core.c b/drivers/pnp/isapnp/core.c
index 179b737280e1..c947b1673041 100644
--- a/drivers/pnp/isapnp/core.c
+++ b/drivers/pnp/isapnp/core.c
@@ -511,10 +511,14 @@ static void __init isapnp_parse_mem32_resource(struct pnp_dev *dev,
unsigned char flags;
isapnp_peek(tmp, size);
- min = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
- max = (tmp[8] << 24) | (tmp[7] << 16) | (tmp[6] << 8) | tmp[5];
- align = (tmp[12] << 24) | (tmp[11] << 16) | (tmp[10] << 8) | tmp[9];
- len = (tmp[16] << 24) | (tmp[15] << 16) | (tmp[14] << 8) | tmp[13];
+ min = ((resource_size_t)tmp[4] << 24) | (tmp[3] << 16) |
+ (tmp[2] << 8) | tmp[1];
+ max = ((resource_size_t)tmp[8] << 24) | (tmp[7] << 16) |
+ (tmp[6] << 8) | tmp[5];
+ align = ((resource_size_t)tmp[12] << 24) | (tmp[11] << 16) |
+ (tmp[10] << 8) | tmp[9];
+ len = ((resource_size_t)tmp[16] << 24) | (tmp[15] << 16) |
+ (tmp[14] << 8) | tmp[13];
flags = tmp[0];
pnp_register_mem_resource(dev, option_flags,
min, max, align, len, flags);
@@ -532,8 +536,10 @@ static void __init isapnp_parse_fixed_mem32_resource(struct pnp_dev *dev,
unsigned char flags;
isapnp_peek(tmp, size);
- base = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
- len = (tmp[8] << 24) | (tmp[7] << 16) | (tmp[6] << 8) | tmp[5];
+ base = ((resource_size_t)tmp[4] << 24) | (tmp[3] << 16) |
+ (tmp[2] << 8) | tmp[1];
+ len = ((resource_size_t)tmp[8] << 24) | (tmp[7] << 16) |
+ (tmp[6] << 8) | tmp[5];
flags = tmp[0];
pnp_register_mem_resource(dev, option_flags, base, base, 0, len, flags);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH] PNP: fix unintended sign extension on left shifts
@ 2019-10-14 13:16 ` Colin King
0 siblings, 0 replies; 8+ messages in thread
From: Colin King @ 2019-10-14 13:16 UTC (permalink / raw)
To: Jaroslav Kysela, Rafael J . Wysocki; +Cc: kernel-janitors, linux-kernel
From: Colin Ian King <colin.king@canonical.com>
Shifting a u8 left will cause the value to be promoted to an integer. If
the top bit of the u8 is set then the following conversion to a 64 bit
resource_size_t will sign extend the value causing the upper 32 bits
to be set in the result.
Fix this by casting the u8 value to a resource_size_t before the shift.
Original commit is pre-git history.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
drivers/pnp/isapnp/core.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/drivers/pnp/isapnp/core.c b/drivers/pnp/isapnp/core.c
index 179b737280e1..c947b1673041 100644
--- a/drivers/pnp/isapnp/core.c
+++ b/drivers/pnp/isapnp/core.c
@@ -511,10 +511,14 @@ static void __init isapnp_parse_mem32_resource(struct pnp_dev *dev,
unsigned char flags;
isapnp_peek(tmp, size);
- min = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
- max = (tmp[8] << 24) | (tmp[7] << 16) | (tmp[6] << 8) | tmp[5];
- align = (tmp[12] << 24) | (tmp[11] << 16) | (tmp[10] << 8) | tmp[9];
- len = (tmp[16] << 24) | (tmp[15] << 16) | (tmp[14] << 8) | tmp[13];
+ min = ((resource_size_t)tmp[4] << 24) | (tmp[3] << 16) |
+ (tmp[2] << 8) | tmp[1];
+ max = ((resource_size_t)tmp[8] << 24) | (tmp[7] << 16) |
+ (tmp[6] << 8) | tmp[5];
+ align = ((resource_size_t)tmp[12] << 24) | (tmp[11] << 16) |
+ (tmp[10] << 8) | tmp[9];
+ len = ((resource_size_t)tmp[16] << 24) | (tmp[15] << 16) |
+ (tmp[14] << 8) | tmp[13];
flags = tmp[0];
pnp_register_mem_resource(dev, option_flags,
min, max, align, len, flags);
@@ -532,8 +536,10 @@ static void __init isapnp_parse_fixed_mem32_resource(struct pnp_dev *dev,
unsigned char flags;
isapnp_peek(tmp, size);
- base = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
- len = (tmp[8] << 24) | (tmp[7] << 16) | (tmp[6] << 8) | tmp[5];
+ base = ((resource_size_t)tmp[4] << 24) | (tmp[3] << 16) |
+ (tmp[2] << 8) | tmp[1];
+ len = ((resource_size_t)tmp[8] << 24) | (tmp[7] << 16) |
+ (tmp[6] << 8) | tmp[5];
flags = tmp[0];
pnp_register_mem_resource(dev, option_flags, base, base, 0, len, flags);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] PNP: fix unintended sign extension on left shifts
2019-10-14 13:16 ` Colin King
@ 2019-10-15 16:29 ` Rafael J. Wysocki
-1 siblings, 0 replies; 8+ messages in thread
From: Rafael J. Wysocki @ 2019-10-15 16:29 UTC (permalink / raw)
To: Colin King; +Cc: Jaroslav Kysela, kernel-janitors, linux-kernel
On 10/14/2019 3:16 PM, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> Shifting a u8 left will cause the value to be promoted to an integer. If
> the top bit of the u8 is set then the following conversion to a 64 bit
> resource_size_t will sign extend the value causing the upper 32 bits
> to be set in the result.
>
> Fix this by casting the u8 value to a resource_size_t before the shift.
> Original commit is pre-git history.
>
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
Please resend this with a Cc to linux-acpi@vger.kernel.org for easier
handling.
> ---
> drivers/pnp/isapnp/core.c | 18 ++++++++++++------
> 1 file changed, 12 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/pnp/isapnp/core.c b/drivers/pnp/isapnp/core.c
> index 179b737280e1..c947b1673041 100644
> --- a/drivers/pnp/isapnp/core.c
> +++ b/drivers/pnp/isapnp/core.c
> @@ -511,10 +511,14 @@ static void __init isapnp_parse_mem32_resource(struct pnp_dev *dev,
> unsigned char flags;
>
> isapnp_peek(tmp, size);
> - min = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
> - max = (tmp[8] << 24) | (tmp[7] << 16) | (tmp[6] << 8) | tmp[5];
> - align = (tmp[12] << 24) | (tmp[11] << 16) | (tmp[10] << 8) | tmp[9];
> - len = (tmp[16] << 24) | (tmp[15] << 16) | (tmp[14] << 8) | tmp[13];
> + min = ((resource_size_t)tmp[4] << 24) | (tmp[3] << 16) |
> + (tmp[2] << 8) | tmp[1];
> + max = ((resource_size_t)tmp[8] << 24) | (tmp[7] << 16) |
> + (tmp[6] << 8) | tmp[5];
> + align = ((resource_size_t)tmp[12] << 24) | (tmp[11] << 16) |
> + (tmp[10] << 8) | tmp[9];
> + len = ((resource_size_t)tmp[16] << 24) | (tmp[15] << 16) |
> + (tmp[14] << 8) | tmp[13];
> flags = tmp[0];
> pnp_register_mem_resource(dev, option_flags,
> min, max, align, len, flags);
> @@ -532,8 +536,10 @@ static void __init isapnp_parse_fixed_mem32_resource(struct pnp_dev *dev,
> unsigned char flags;
>
> isapnp_peek(tmp, size);
> - base = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
> - len = (tmp[8] << 24) | (tmp[7] << 16) | (tmp[6] << 8) | tmp[5];
> + base = ((resource_size_t)tmp[4] << 24) | (tmp[3] << 16) |
> + (tmp[2] << 8) | tmp[1];
> + len = ((resource_size_t)tmp[8] << 24) | (tmp[7] << 16) |
> + (tmp[6] << 8) | tmp[5];
> flags = tmp[0];
> pnp_register_mem_resource(dev, option_flags, base, base, 0, len, flags);
> }
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] PNP: fix unintended sign extension on left shifts
@ 2019-10-15 16:29 ` Rafael J. Wysocki
0 siblings, 0 replies; 8+ messages in thread
From: Rafael J. Wysocki @ 2019-10-15 16:29 UTC (permalink / raw)
To: Colin King; +Cc: Jaroslav Kysela, kernel-janitors, linux-kernel
On 10/14/2019 3:16 PM, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> Shifting a u8 left will cause the value to be promoted to an integer. If
> the top bit of the u8 is set then the following conversion to a 64 bit
> resource_size_t will sign extend the value causing the upper 32 bits
> to be set in the result.
>
> Fix this by casting the u8 value to a resource_size_t before the shift.
> Original commit is pre-git history.
>
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
Please resend this with a Cc to linux-acpi@vger.kernel.org for easier
handling.
> ---
> drivers/pnp/isapnp/core.c | 18 ++++++++++++------
> 1 file changed, 12 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/pnp/isapnp/core.c b/drivers/pnp/isapnp/core.c
> index 179b737280e1..c947b1673041 100644
> --- a/drivers/pnp/isapnp/core.c
> +++ b/drivers/pnp/isapnp/core.c
> @@ -511,10 +511,14 @@ static void __init isapnp_parse_mem32_resource(struct pnp_dev *dev,
> unsigned char flags;
>
> isapnp_peek(tmp, size);
> - min = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
> - max = (tmp[8] << 24) | (tmp[7] << 16) | (tmp[6] << 8) | tmp[5];
> - align = (tmp[12] << 24) | (tmp[11] << 16) | (tmp[10] << 8) | tmp[9];
> - len = (tmp[16] << 24) | (tmp[15] << 16) | (tmp[14] << 8) | tmp[13];
> + min = ((resource_size_t)tmp[4] << 24) | (tmp[3] << 16) |
> + (tmp[2] << 8) | tmp[1];
> + max = ((resource_size_t)tmp[8] << 24) | (tmp[7] << 16) |
> + (tmp[6] << 8) | tmp[5];
> + align = ((resource_size_t)tmp[12] << 24) | (tmp[11] << 16) |
> + (tmp[10] << 8) | tmp[9];
> + len = ((resource_size_t)tmp[16] << 24) | (tmp[15] << 16) |
> + (tmp[14] << 8) | tmp[13];
> flags = tmp[0];
> pnp_register_mem_resource(dev, option_flags,
> min, max, align, len, flags);
> @@ -532,8 +536,10 @@ static void __init isapnp_parse_fixed_mem32_resource(struct pnp_dev *dev,
> unsigned char flags;
>
> isapnp_peek(tmp, size);
> - base = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
> - len = (tmp[8] << 24) | (tmp[7] << 16) | (tmp[6] << 8) | tmp[5];
> + base = ((resource_size_t)tmp[4] << 24) | (tmp[3] << 16) |
> + (tmp[2] << 8) | tmp[1];
> + len = ((resource_size_t)tmp[8] << 24) | (tmp[7] << 16) |
> + (tmp[6] << 8) | tmp[5];
> flags = tmp[0];
> pnp_register_mem_resource(dev, option_flags, base, base, 0, len, flags);
> }
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] PNP: fix unintended sign extension on left shifts
2019-10-15 16:29 ` Rafael J. Wysocki
@ 2019-10-16 7:20 ` walter harms
-1 siblings, 0 replies; 8+ messages in thread
From: walter harms @ 2019-10-16 7:20 UTC (permalink / raw)
To: Rafael J. Wysocki
Cc: Colin King, Jaroslav Kysela, kernel-janitors, linux-kernel
Am 15.10.2019 18:29, schrieb Rafael J. Wysocki:
> On 10/14/2019 3:16 PM, Colin King wrote:
>> From: Colin Ian King <colin.king@canonical.com>
>>
>> Shifting a u8 left will cause the value to be promoted to an integer. If
>> the top bit of the u8 is set then the following conversion to a 64 bit
>> resource_size_t will sign extend the value causing the upper 32 bits
>> to be set in the result.
>>
>> Fix this by casting the u8 value to a resource_size_t before the shift.
>> Original commit is pre-git history.
>>
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>
> Please resend this with a Cc to linux-acpi@vger.kernel.org for easier
> handling.
>
>
>> ---
>> drivers/pnp/isapnp/core.c | 18 ++++++++++++------
>> 1 file changed, 12 insertions(+), 6 deletions(-)
>>
>> diff --git a/drivers/pnp/isapnp/core.c b/drivers/pnp/isapnp/core.c
>> index 179b737280e1..c947b1673041 100644
>> --- a/drivers/pnp/isapnp/core.c
>> +++ b/drivers/pnp/isapnp/core.c
>> @@ -511,10 +511,14 @@ static void __init
>> isapnp_parse_mem32_resource(struct pnp_dev *dev,
>> unsigned char flags;
>> isapnp_peek(tmp, size);
>> - min = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
>> - max = (tmp[8] << 24) | (tmp[7] << 16) | (tmp[6] << 8) | tmp[5];
>> - align = (tmp[12] << 24) | (tmp[11] << 16) | (tmp[10] << 8) | tmp[9];
>> - len = (tmp[16] << 24) | (tmp[15] << 16) | (tmp[14] << 8) | tmp[13];
>> + min = ((resource_size_t)tmp[4] << 24) | (tmp[3] << 16) |
>> + (tmp[2] << 8) | tmp[1];
>> + max = ((resource_size_t)tmp[8] << 24) | (tmp[7] << 16) |
>> + (tmp[6] << 8) | tmp[5];
>> + align = ((resource_size_t)tmp[12] << 24) | (tmp[11] << 16) |
>> + (tmp[10] << 8) | tmp[9];
>> + len = ((resource_size_t)tmp[16] << 24) | (tmp[15] << 16) |
>> + (tmp[14] << 8) | tmp[13];
>> flags = tmp[0];
>> pnp_register_mem_resource(dev, option_flags,
>> min, max, align, len, flags);
>> @@ -532,8 +536,10 @@ static void __init
>> isapnp_parse_fixed_mem32_resource(struct pnp_dev *dev,
>> unsigned char flags;
>> isapnp_peek(tmp, size);
>> - base = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
>> - len = (tmp[8] << 24) | (tmp[7] << 16) | (tmp[6] << 8) | tmp[5];
>> + base = ((resource_size_t)tmp[4] << 24) | (tmp[3] << 16) |
>> + (tmp[2] << 8) | tmp[1];
>> + len = ((resource_size_t)tmp[8] << 24) | (tmp[7] << 16) |
>> + (tmp[6] << 8) | tmp[5];
>> flags = tmp[0];
>> pnp_register_mem_resource(dev, option_flags, base, base, 0, len,
>> flags);
>> }
>
>
there was a hint to use get/put_unaligned_be*() maybe that is here also possible ?
re,
wh
(ps: see: [PATCH] scsi: fix unintended sign extension on left shifts)
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] PNP: fix unintended sign extension on left shifts
@ 2019-10-16 7:20 ` walter harms
0 siblings, 0 replies; 8+ messages in thread
From: walter harms @ 2019-10-16 7:20 UTC (permalink / raw)
To: Rafael J. Wysocki
Cc: Colin King, Jaroslav Kysela, kernel-janitors, linux-kernel
Am 15.10.2019 18:29, schrieb Rafael J. Wysocki:
> On 10/14/2019 3:16 PM, Colin King wrote:
>> From: Colin Ian King <colin.king@canonical.com>
>>
>> Shifting a u8 left will cause the value to be promoted to an integer. If
>> the top bit of the u8 is set then the following conversion to a 64 bit
>> resource_size_t will sign extend the value causing the upper 32 bits
>> to be set in the result.
>>
>> Fix this by casting the u8 value to a resource_size_t before the shift.
>> Original commit is pre-git history.
>>
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>
> Please resend this with a Cc to linux-acpi@vger.kernel.org for easier
> handling.
>
>
>> ---
>> drivers/pnp/isapnp/core.c | 18 ++++++++++++------
>> 1 file changed, 12 insertions(+), 6 deletions(-)
>>
>> diff --git a/drivers/pnp/isapnp/core.c b/drivers/pnp/isapnp/core.c
>> index 179b737280e1..c947b1673041 100644
>> --- a/drivers/pnp/isapnp/core.c
>> +++ b/drivers/pnp/isapnp/core.c
>> @@ -511,10 +511,14 @@ static void __init
>> isapnp_parse_mem32_resource(struct pnp_dev *dev,
>> unsigned char flags;
>> isapnp_peek(tmp, size);
>> - min = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
>> - max = (tmp[8] << 24) | (tmp[7] << 16) | (tmp[6] << 8) | tmp[5];
>> - align = (tmp[12] << 24) | (tmp[11] << 16) | (tmp[10] << 8) | tmp[9];
>> - len = (tmp[16] << 24) | (tmp[15] << 16) | (tmp[14] << 8) | tmp[13];
>> + min = ((resource_size_t)tmp[4] << 24) | (tmp[3] << 16) |
>> + (tmp[2] << 8) | tmp[1];
>> + max = ((resource_size_t)tmp[8] << 24) | (tmp[7] << 16) |
>> + (tmp[6] << 8) | tmp[5];
>> + align = ((resource_size_t)tmp[12] << 24) | (tmp[11] << 16) |
>> + (tmp[10] << 8) | tmp[9];
>> + len = ((resource_size_t)tmp[16] << 24) | (tmp[15] << 16) |
>> + (tmp[14] << 8) | tmp[13];
>> flags = tmp[0];
>> pnp_register_mem_resource(dev, option_flags,
>> min, max, align, len, flags);
>> @@ -532,8 +536,10 @@ static void __init
>> isapnp_parse_fixed_mem32_resource(struct pnp_dev *dev,
>> unsigned char flags;
>> isapnp_peek(tmp, size);
>> - base = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
>> - len = (tmp[8] << 24) | (tmp[7] << 16) | (tmp[6] << 8) | tmp[5];
>> + base = ((resource_size_t)tmp[4] << 24) | (tmp[3] << 16) |
>> + (tmp[2] << 8) | tmp[1];
>> + len = ((resource_size_t)tmp[8] << 24) | (tmp[7] << 16) |
>> + (tmp[6] << 8) | tmp[5];
>> flags = tmp[0];
>> pnp_register_mem_resource(dev, option_flags, base, base, 0, len,
>> flags);
>> }
>
>
there was a hint to use get/put_unaligned_be*() maybe that is here also possible ?
re,
wh
(ps: see: [PATCH] scsi: fix unintended sign extension on left shifts)
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] PNP: fix unintended sign extension on left shifts
2019-10-14 13:16 ` Colin King
@ 2019-10-18 10:15 ` Rafael J. Wysocki
-1 siblings, 0 replies; 8+ messages in thread
From: Rafael J. Wysocki @ 2019-10-18 10:15 UTC (permalink / raw)
To: Colin King; +Cc: Jaroslav Kysela, kernel-janitors, linux-kernel
On Monday, October 14, 2019 3:16:08 PM CEST Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> Shifting a u8 left will cause the value to be promoted to an integer. If
> the top bit of the u8 is set then the following conversion to a 64 bit
> resource_size_t will sign extend the value causing the upper 32 bits
> to be set in the result.
>
> Fix this by casting the u8 value to a resource_size_t before the shift.
> Original commit is pre-git history.
>
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
> drivers/pnp/isapnp/core.c | 18 ++++++++++++------
> 1 file changed, 12 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/pnp/isapnp/core.c b/drivers/pnp/isapnp/core.c
> index 179b737280e1..c947b1673041 100644
> --- a/drivers/pnp/isapnp/core.c
> +++ b/drivers/pnp/isapnp/core.c
> @@ -511,10 +511,14 @@ static void __init isapnp_parse_mem32_resource(struct pnp_dev *dev,
> unsigned char flags;
>
> isapnp_peek(tmp, size);
> - min = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
> - max = (tmp[8] << 24) | (tmp[7] << 16) | (tmp[6] << 8) | tmp[5];
> - align = (tmp[12] << 24) | (tmp[11] << 16) | (tmp[10] << 8) | tmp[9];
> - len = (tmp[16] << 24) | (tmp[15] << 16) | (tmp[14] << 8) | tmp[13];
> + min = ((resource_size_t)tmp[4] << 24) | (tmp[3] << 16) |
> + (tmp[2] << 8) | tmp[1];
> + max = ((resource_size_t)tmp[8] << 24) | (tmp[7] << 16) |
> + (tmp[6] << 8) | tmp[5];
> + align = ((resource_size_t)tmp[12] << 24) | (tmp[11] << 16) |
> + (tmp[10] << 8) | tmp[9];
> + len = ((resource_size_t)tmp[16] << 24) | (tmp[15] << 16) |
> + (tmp[14] << 8) | tmp[13];
> flags = tmp[0];
> pnp_register_mem_resource(dev, option_flags,
> min, max, align, len, flags);
> @@ -532,8 +536,10 @@ static void __init isapnp_parse_fixed_mem32_resource(struct pnp_dev *dev,
> unsigned char flags;
>
> isapnp_peek(tmp, size);
> - base = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
> - len = (tmp[8] << 24) | (tmp[7] << 16) | (tmp[6] << 8) | tmp[5];
> + base = ((resource_size_t)tmp[4] << 24) | (tmp[3] << 16) |
> + (tmp[2] << 8) | tmp[1];
> + len = ((resource_size_t)tmp[8] << 24) | (tmp[7] << 16) |
> + (tmp[6] << 8) | tmp[5];
> flags = tmp[0];
> pnp_register_mem_resource(dev, option_flags, base, base, 0, len, flags);
> }
>
Can you please respin this with a CC to linux-acpi?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] PNP: fix unintended sign extension on left shifts
@ 2019-10-18 10:15 ` Rafael J. Wysocki
0 siblings, 0 replies; 8+ messages in thread
From: Rafael J. Wysocki @ 2019-10-18 10:15 UTC (permalink / raw)
To: Colin King; +Cc: Jaroslav Kysela, kernel-janitors, linux-kernel
On Monday, October 14, 2019 3:16:08 PM CEST Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> Shifting a u8 left will cause the value to be promoted to an integer. If
> the top bit of the u8 is set then the following conversion to a 64 bit
> resource_size_t will sign extend the value causing the upper 32 bits
> to be set in the result.
>
> Fix this by casting the u8 value to a resource_size_t before the shift.
> Original commit is pre-git history.
>
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
> drivers/pnp/isapnp/core.c | 18 ++++++++++++------
> 1 file changed, 12 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/pnp/isapnp/core.c b/drivers/pnp/isapnp/core.c
> index 179b737280e1..c947b1673041 100644
> --- a/drivers/pnp/isapnp/core.c
> +++ b/drivers/pnp/isapnp/core.c
> @@ -511,10 +511,14 @@ static void __init isapnp_parse_mem32_resource(struct pnp_dev *dev,
> unsigned char flags;
>
> isapnp_peek(tmp, size);
> - min = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
> - max = (tmp[8] << 24) | (tmp[7] << 16) | (tmp[6] << 8) | tmp[5];
> - align = (tmp[12] << 24) | (tmp[11] << 16) | (tmp[10] << 8) | tmp[9];
> - len = (tmp[16] << 24) | (tmp[15] << 16) | (tmp[14] << 8) | tmp[13];
> + min = ((resource_size_t)tmp[4] << 24) | (tmp[3] << 16) |
> + (tmp[2] << 8) | tmp[1];
> + max = ((resource_size_t)tmp[8] << 24) | (tmp[7] << 16) |
> + (tmp[6] << 8) | tmp[5];
> + align = ((resource_size_t)tmp[12] << 24) | (tmp[11] << 16) |
> + (tmp[10] << 8) | tmp[9];
> + len = ((resource_size_t)tmp[16] << 24) | (tmp[15] << 16) |
> + (tmp[14] << 8) | tmp[13];
> flags = tmp[0];
> pnp_register_mem_resource(dev, option_flags,
> min, max, align, len, flags);
> @@ -532,8 +536,10 @@ static void __init isapnp_parse_fixed_mem32_resource(struct pnp_dev *dev,
> unsigned char flags;
>
> isapnp_peek(tmp, size);
> - base = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
> - len = (tmp[8] << 24) | (tmp[7] << 16) | (tmp[6] << 8) | tmp[5];
> + base = ((resource_size_t)tmp[4] << 24) | (tmp[3] << 16) |
> + (tmp[2] << 8) | tmp[1];
> + len = ((resource_size_t)tmp[8] << 24) | (tmp[7] << 16) |
> + (tmp[6] << 8) | tmp[5];
> flags = tmp[0];
> pnp_register_mem_resource(dev, option_flags, base, base, 0, len, flags);
> }
>
Can you please respin this with a CC to linux-acpi?
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2019-10-18 10:15 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-14 13:16 [PATCH] PNP: fix unintended sign extension on left shifts Colin King
2019-10-14 13:16 ` Colin King
2019-10-15 16:29 ` Rafael J. Wysocki
2019-10-15 16:29 ` Rafael J. Wysocki
2019-10-16 7:20 ` walter harms
2019-10-16 7:20 ` walter harms
2019-10-18 10:15 ` Rafael J. Wysocki
2019-10-18 10:15 ` Rafael J. Wysocki
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.