From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Peter Chen <peter.chen@nxp.com>, Jun Li <jun.li@nxp.com>,
Sasha Levin <sashal@kernel.org>,
linux-usb@vger.kernel.org
Subject: [PATCH AUTOSEL 5.9 32/35] usb: cdns3: gadget: suspicious implicit sign extension
Date: Mon, 2 Nov 2020 20:18:37 -0500 [thread overview]
Message-ID: <20201103011840.182814-32-sashal@kernel.org> (raw)
In-Reply-To: <20201103011840.182814-1-sashal@kernel.org>
From: Peter Chen <peter.chen@nxp.com>
[ Upstream commit 5fca3f062879f8e5214c56f3e3e2be6727900f5d ]
The code:
trb->length = cpu_to_le32(TRB_BURST_LEN(priv_ep->trb_burst_size)
| TRB_LEN(length));
TRB_BURST_LEN(priv_ep->trb_burst_size) may be overflow for int 32 if
priv_ep->trb_burst_size is equal or larger than 0x80;
Below is the Coverity warning:
sign_extension: Suspicious implicit sign extension: priv_ep->trb_burst_size
with type u8 (8 bits, unsigned) is promoted in priv_ep->trb_burst_size << 24
to type int (32 bits, signed), then sign-extended to type unsigned long
(64 bits, unsigned). If priv_ep->trb_burst_size << 24 is greater than 0x7FFFFFFF,
the upper bits of the result will all be 1.
To fix it, it needs to add an explicit cast to unsigned int type for ((p) << 24).
Reviewed-by: Jun Li <jun.li@nxp.com>
Signed-off-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/cdns3/gadget.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/cdns3/gadget.h b/drivers/usb/cdns3/gadget.h
index 52765b098b9e1..28c4f6aca6891 100644
--- a/drivers/usb/cdns3/gadget.h
+++ b/drivers/usb/cdns3/gadget.h
@@ -1067,7 +1067,7 @@ struct cdns3_trb {
#define TRB_TDL_SS_SIZE_GET(p) (((p) & GENMASK(23, 17)) >> 17)
/* transfer_len bitmasks - bits 31:24 */
-#define TRB_BURST_LEN(p) (((p) << 24) & GENMASK(31, 24))
+#define TRB_BURST_LEN(p) ((unsigned int)((p) << 24) & GENMASK(31, 24))
#define TRB_BURST_LEN_GET(p) (((p) & GENMASK(31, 24)) >> 24)
/* Data buffer pointer bitmasks*/
--
2.27.0
next prev parent reply other threads:[~2020-11-03 1:26 UTC|newest]
Thread overview: 88+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-03 1:18 [PATCH AUTOSEL 5.9 01/35] ARM: dts: sun4i-a10: fix cpu_alert temperature Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 02/35] arm64: dts: meson-axg: add USB nodes Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 8:55 ` Neil Armstrong
2020-11-03 8:55 ` Neil Armstrong
2020-11-03 8:55 ` Neil Armstrong
2020-11-08 13:14 ` Sasha Levin
2020-11-08 13:14 ` Sasha Levin
2020-11-08 13:14 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 03/35] arm64: dts: meson-axg-s400: enable USB OTG Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 8:55 ` Neil Armstrong
2020-11-03 8:55 ` Neil Armstrong
2020-11-03 8:55 ` Neil Armstrong
2020-11-08 13:14 ` Sasha Levin
2020-11-08 13:14 ` Sasha Levin
2020-11-08 13:14 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 04/35] arm64: dts: meson: add missing g12 rng clock Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 05/35] arm64: dts: amlogic: meson-g12: use the G12A specific dwmac compatible Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 06/35] x86/kexec: Use up-to-dated screen_info copy to fill boot params Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 07/35] hyperv_fb: Update screen_info after removing old framebuffer Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 08/35] arm64: dts: amlogic: add missing ethernet reset ID Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 09/35] io_uring: don't miss setting IO_WQ_WORK_CONCURRENT Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 10/35] of: Fix reserved-memory overlap detection Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 11/35] ARM: dts: mmp3: Add power domain for the camera Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 12/35] drm/sun4i: frontend: Rework a bit the phase data Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 13/35] drm/sun4i: frontend: Reuse the ch0 phase for RGB formats Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 14/35] drm/sun4i: frontend: Fix the scaler phase on A33 Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 15/35] drm/v3d: Fix double free in v3d_submit_cl_ioctl() Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 16/35] blk-cgroup: Fix memleak on error path Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 17/35] blk-cgroup: Pre-allocate tree node on blkg_conf_prep Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 18/35] btrfs: drop the path before adding qgroup items when enabling qgroups Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 19/35] btrfs: add a helper to read the tree_root commit root for backref lookup Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 20/35] scsi: core: Don't start concurrent async scan on same host Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 21/35] drm/amdgpu: disable DCN and VCN for navi10 blockchain SKU(v3) Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 22/35] drm/amdgpu: add DID for navi10 blockchain SKU Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 23/35] drm/amd/display: Fixed panic during seamless boot Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 24/35] scsi: ibmvscsi: Fix potential race after loss of transport Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 25/35] drm/amd/display: adding ddc_gpio_vga_reg_list to ddc reg def'ns Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 26/35] vsock: use ns_capable_noaudit() on socket create Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 27/35] nvme-rdma: handle unexpected nvme completion data length Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 28/35] nvmet: fix a NULL pointer dereference when tracing the flush command Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 29/35] staging: mmal-vchiq: Fix memory leak for vchiq_instance Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 30/35] drm/vc4: drv: Add error handding for bind Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 31/35] ACPI: NFIT: Fix comparison to '-ENXIO' Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` Sasha Levin [this message]
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 33/35] drm/nouveau/nouveau: fix the start/end range for migration Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 34/35] drm/nouveau/gem: fix "refcount_t: underflow; use-after-free" Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` Sasha Levin
2020-11-03 1:18 ` [PATCH AUTOSEL 5.9 35/35] arm64/smp: Move rcu_cpu_starting() earlier Sasha Levin
2020-11-03 1:18 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201103011840.182814-32-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=jun.li@nxp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=peter.chen@nxp.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.