* [PATCH] PCI: fix a potential uninitentional integer overflow issue
@ 2020-10-07 11:46 ` Colin King
0 siblings, 0 replies; 12+ messages in thread
From: Colin King @ 2020-10-07 11:46 UTC (permalink / raw)
To: Bjorn Helgaas, Christian König, Stephen Bates,
Logan Gunthorpe, Alex Williamson, linux-pci, linux-kernel
Cc: kernel-janitors
From: Colin Ian King <colin.king@canonical.com>
The shift of 1 by align_order is evaluated using 32 bit arithmetic
and the result is assigned to a resource_size_t type variable that
is a 64 bit unsigned integer on 64 bit platforms. Fix an overflow
before widening issue by using the BIT_ULL macro to perform the
shift.
Addresses-Coverity: ("Uninitentional integer overflow")
Fixes: 07d8d7e57c28 ("PCI: Make specifying PCI devices in kernel parameters reusable")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
drivers/pci/pci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index 6d4d5a2f923d..1a5844d7af35 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -6209,7 +6209,7 @@ static resource_size_t pci_specified_resource_alignment(struct pci_dev *dev,
if (align_order == -1)
align = PAGE_SIZE;
else
- align = 1 << align_order;
+ align = BIT_ULL(align_order);
break;
} else if (ret < 0) {
pr_err("PCI: Can't parse resource_alignment parameter: %s\n",
--
2.27.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH] PCI: fix a potential uninitentional integer overflow issue
@ 2020-10-07 11:46 ` Colin King
0 siblings, 0 replies; 12+ messages in thread
From: Colin King @ 2020-10-07 11:46 UTC (permalink / raw)
To: Bjorn Helgaas, Christian König, Stephen Bates,
Logan Gunthorpe, Alex Williamson, linux-pci, linux-kernel
Cc: kernel-janitors
From: Colin Ian King <colin.king@canonical.com>
The shift of 1 by align_order is evaluated using 32 bit arithmetic
and the result is assigned to a resource_size_t type variable that
is a 64 bit unsigned integer on 64 bit platforms. Fix an overflow
before widening issue by using the BIT_ULL macro to perform the
shift.
Addresses-Coverity: ("Uninitentional integer overflow")
Fixes: 07d8d7e57c28 ("PCI: Make specifying PCI devices in kernel parameters reusable")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
drivers/pci/pci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index 6d4d5a2f923d..1a5844d7af35 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -6209,7 +6209,7 @@ static resource_size_t pci_specified_resource_alignment(struct pci_dev *dev,
if (align_order = -1)
align = PAGE_SIZE;
else
- align = 1 << align_order;
+ align = BIT_ULL(align_order);
break;
} else if (ret < 0) {
pr_err("PCI: Can't parse resource_alignment parameter: %s\n",
--
2.27.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH] PCI: fix a potential uninitentional integer overflow issue
2020-10-07 11:46 ` Colin King
@ 2020-10-07 12:33 ` Dan Carpenter
-1 siblings, 0 replies; 12+ messages in thread
From: Dan Carpenter @ 2020-10-07 12:33 UTC (permalink / raw)
To: Colin King
Cc: Bjorn Helgaas, Christian König, Stephen Bates,
Logan Gunthorpe, Alex Williamson, linux-pci, linux-kernel,
kernel-janitors
On Wed, Oct 07, 2020 at 12:46:15PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> The shift of 1 by align_order is evaluated using 32 bit arithmetic
> and the result is assigned to a resource_size_t type variable that
> is a 64 bit unsigned integer on 64 bit platforms. Fix an overflow
> before widening issue by using the BIT_ULL macro to perform the
> shift.
>
> Addresses-Coverity: ("Uninitentional integer overflow")
> Fixes: 07d8d7e57c28 ("PCI: Make specifying PCI devices in kernel parameters reusable")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
> drivers/pci/pci.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
> index 6d4d5a2f923d..1a5844d7af35 100644
> --- a/drivers/pci/pci.c
> +++ b/drivers/pci/pci.c
> @@ -6209,7 +6209,7 @@ static resource_size_t pci_specified_resource_alignment(struct pci_dev *dev,
> if (align_order == -1)
> align = PAGE_SIZE;
> else
> - align = 1 << align_order;
> + align = BIT_ULL(align_order);
"align_order" comes from sscanf() so Smatch thinks it's not trusted.
Anything above 63 is undefined behavior. There should be a bounds check
on this but I don't know what the valid values of "align" are.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] PCI: fix a potential uninitentional integer overflow issue
@ 2020-10-07 12:33 ` Dan Carpenter
0 siblings, 0 replies; 12+ messages in thread
From: Dan Carpenter @ 2020-10-07 12:33 UTC (permalink / raw)
To: Colin King
Cc: Bjorn Helgaas, Christian König, Stephen Bates,
Logan Gunthorpe, Alex Williamson, linux-pci, linux-kernel,
kernel-janitors
On Wed, Oct 07, 2020 at 12:46:15PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> The shift of 1 by align_order is evaluated using 32 bit arithmetic
> and the result is assigned to a resource_size_t type variable that
> is a 64 bit unsigned integer on 64 bit platforms. Fix an overflow
> before widening issue by using the BIT_ULL macro to perform the
> shift.
>
> Addresses-Coverity: ("Uninitentional integer overflow")
> Fixes: 07d8d7e57c28 ("PCI: Make specifying PCI devices in kernel parameters reusable")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
> drivers/pci/pci.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
> index 6d4d5a2f923d..1a5844d7af35 100644
> --- a/drivers/pci/pci.c
> +++ b/drivers/pci/pci.c
> @@ -6209,7 +6209,7 @@ static resource_size_t pci_specified_resource_alignment(struct pci_dev *dev,
> if (align_order = -1)
> align = PAGE_SIZE;
> else
> - align = 1 << align_order;
> + align = BIT_ULL(align_order);
"align_order" comes from sscanf() so Smatch thinks it's not trusted.
Anything above 63 is undefined behavior. There should be a bounds check
on this but I don't know what the valid values of "align" are.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] PCI: fix a potential uninitentional integer overflow issue
2020-10-07 12:33 ` Dan Carpenter
@ 2020-11-05 22:24 ` Bjorn Helgaas
-1 siblings, 0 replies; 12+ messages in thread
From: Bjorn Helgaas @ 2020-11-05 22:24 UTC (permalink / raw)
To: Colin King
Cc: Bjorn Helgaas, Dan Carpenter, Christian König,
Stephen Bates, Logan Gunthorpe, Alex Williamson, linux-pci,
linux-kernel, kernel-janitors
On Wed, Oct 07, 2020 at 03:33:45PM +0300, Dan Carpenter wrote:
> On Wed, Oct 07, 2020 at 12:46:15PM +0100, Colin King wrote:
> > From: Colin Ian King <colin.king@canonical.com>
> >
> > The shift of 1 by align_order is evaluated using 32 bit arithmetic
> > and the result is assigned to a resource_size_t type variable that
> > is a 64 bit unsigned integer on 64 bit platforms. Fix an overflow
> > before widening issue by using the BIT_ULL macro to perform the
> > shift.
> >
> > Addresses-Coverity: ("Uninitentional integer overflow")
s/Uninitentional/Unintentional/
Also in subject (please also capitalize subject)
Doesn't Coverity also assign an ID number for this specific issue?
Can you include that as well, e.g.,
Addresses-Coverity-ID: 1226899 ("Unintentional integer overflow")
> > Fixes: 07d8d7e57c28 ("PCI: Make specifying PCI devices in kernel parameters reusable")
> > Signed-off-by: Colin Ian King <colin.king@canonical.com>
> > ---
> > drivers/pci/pci.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
> > index 6d4d5a2f923d..1a5844d7af35 100644
> > --- a/drivers/pci/pci.c
> > +++ b/drivers/pci/pci.c
> > @@ -6209,7 +6209,7 @@ static resource_size_t pci_specified_resource_alignment(struct pci_dev *dev,
> > if (align_order == -1)
> > align = PAGE_SIZE;
> > else
> > - align = 1 << align_order;
> > + align = BIT_ULL(align_order);
>
> "align_order" comes from sscanf() so Smatch thinks it's not trusted.
> Anything above 63 is undefined behavior. There should be a bounds check
> on this but I don't know what the valid values of "align" are.
The spec doesn't explicitly say what the size limit for 64-bit BARs
is, but it does say 32-bit BARs can support up to 2GB (2^31). So I
infer that 2^63 would be the limit for 64-bit BARs.
What about something like the following? To me, BIT_ULL doesn't seem
like an advantage over "1ULL << ", but maybe there's a reason to use
it.
diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index 8b9bea8ba751..6e17d0a6828a 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -6197,19 +6197,21 @@ static resource_size_t pci_specified_resource_alignment(struct pci_dev *dev,
while (*p) {
count = 0;
if (sscanf(p, "%d%n", &align_order, &count) == 1 &&
- p[count] == '@') {
+ p[count] == '@') {
p += count + 1;
+ if (align_order > 63) {
+ pr_err("PCI: Invalid requested alignment (order %d)\n",
+ align_order);
+ align_order = PAGE_SHIFT;
+ }
} else {
- align_order = -1;
+ align_order = PAGE_SHIFT;
}
ret = pci_dev_str_match(dev, p, &p);
if (ret == 1) {
*resize = true;
- if (align_order == -1)
- align = PAGE_SIZE;
- else
- align = 1 << align_order;
+ align = 1ULL << align_order;
break;
} else if (ret < 0) {
pr_err("PCI: Can't parse resource_alignment parameter: %s\n",
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH] PCI: fix a potential uninitentional integer overflow issue
@ 2020-11-05 22:24 ` Bjorn Helgaas
0 siblings, 0 replies; 12+ messages in thread
From: Bjorn Helgaas @ 2020-11-05 22:24 UTC (permalink / raw)
To: Colin King
Cc: Bjorn Helgaas, Dan Carpenter, Christian König,
Stephen Bates, Logan Gunthorpe, Alex Williamson, linux-pci,
linux-kernel, kernel-janitors
On Wed, Oct 07, 2020 at 03:33:45PM +0300, Dan Carpenter wrote:
> On Wed, Oct 07, 2020 at 12:46:15PM +0100, Colin King wrote:
> > From: Colin Ian King <colin.king@canonical.com>
> >
> > The shift of 1 by align_order is evaluated using 32 bit arithmetic
> > and the result is assigned to a resource_size_t type variable that
> > is a 64 bit unsigned integer on 64 bit platforms. Fix an overflow
> > before widening issue by using the BIT_ULL macro to perform the
> > shift.
> >
> > Addresses-Coverity: ("Uninitentional integer overflow")
s/Uninitentional/Unintentional/
Also in subject (please also capitalize subject)
Doesn't Coverity also assign an ID number for this specific issue?
Can you include that as well, e.g.,
Addresses-Coverity-ID: 1226899 ("Unintentional integer overflow")
> > Fixes: 07d8d7e57c28 ("PCI: Make specifying PCI devices in kernel parameters reusable")
> > Signed-off-by: Colin Ian King <colin.king@canonical.com>
> > ---
> > drivers/pci/pci.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
> > index 6d4d5a2f923d..1a5844d7af35 100644
> > --- a/drivers/pci/pci.c
> > +++ b/drivers/pci/pci.c
> > @@ -6209,7 +6209,7 @@ static resource_size_t pci_specified_resource_alignment(struct pci_dev *dev,
> > if (align_order = -1)
> > align = PAGE_SIZE;
> > else
> > - align = 1 << align_order;
> > + align = BIT_ULL(align_order);
>
> "align_order" comes from sscanf() so Smatch thinks it's not trusted.
> Anything above 63 is undefined behavior. There should be a bounds check
> on this but I don't know what the valid values of "align" are.
The spec doesn't explicitly say what the size limit for 64-bit BARs
is, but it does say 32-bit BARs can support up to 2GB (2^31). So I
infer that 2^63 would be the limit for 64-bit BARs.
What about something like the following? To me, BIT_ULL doesn't seem
like an advantage over "1ULL << ", but maybe there's a reason to use
it.
diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index 8b9bea8ba751..6e17d0a6828a 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -6197,19 +6197,21 @@ static resource_size_t pci_specified_resource_alignment(struct pci_dev *dev,
while (*p) {
count = 0;
if (sscanf(p, "%d%n", &align_order, &count) = 1 &&
- p[count] = '@') {
+ p[count] = '@') {
p += count + 1;
+ if (align_order > 63) {
+ pr_err("PCI: Invalid requested alignment (order %d)\n",
+ align_order);
+ align_order = PAGE_SHIFT;
+ }
} else {
- align_order = -1;
+ align_order = PAGE_SHIFT;
}
ret = pci_dev_str_match(dev, p, &p);
if (ret = 1) {
*resize = true;
- if (align_order = -1)
- align = PAGE_SIZE;
- else
- align = 1 << align_order;
+ align = 1ULL << align_order;
break;
} else if (ret < 0) {
pr_err("PCI: Can't parse resource_alignment parameter: %s\n",
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH] PCI: fix a potential uninitentional integer overflow issue
2020-11-05 22:24 ` Bjorn Helgaas
@ 2020-11-06 8:04 ` Dan Carpenter
-1 siblings, 0 replies; 12+ messages in thread
From: Dan Carpenter @ 2020-11-06 8:04 UTC (permalink / raw)
To: Bjorn Helgaas
Cc: Colin King, Bjorn Helgaas, Christian König, Stephen Bates,
Logan Gunthorpe, Alex Williamson, linux-pci, linux-kernel,
kernel-janitors
On Thu, Nov 05, 2020 at 04:24:30PM -0600, Bjorn Helgaas wrote:
> On Wed, Oct 07, 2020 at 03:33:45PM +0300, Dan Carpenter wrote:
> > On Wed, Oct 07, 2020 at 12:46:15PM +0100, Colin King wrote:
> > > From: Colin Ian King <colin.king@canonical.com>
> > >
> > > The shift of 1 by align_order is evaluated using 32 bit arithmetic
> > > and the result is assigned to a resource_size_t type variable that
> > > is a 64 bit unsigned integer on 64 bit platforms. Fix an overflow
> > > before widening issue by using the BIT_ULL macro to perform the
> > > shift.
> > >
> > > Addresses-Coverity: ("Uninitentional integer overflow")
>
> s/Uninitentional/Unintentional/
> Also in subject (please also capitalize subject)
>
> Doesn't Coverity also assign an ID number for this specific issue?
> Can you include that as well, e.g.,
>
> Addresses-Coverity-ID: 1226899 ("Unintentional integer overflow")
>
> > > Fixes: 07d8d7e57c28 ("PCI: Make specifying PCI devices in kernel parameters reusable")
> > > Signed-off-by: Colin Ian King <colin.king@canonical.com>
> > > ---
> > > drivers/pci/pci.c | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
> > > index 6d4d5a2f923d..1a5844d7af35 100644
> > > --- a/drivers/pci/pci.c
> > > +++ b/drivers/pci/pci.c
> > > @@ -6209,7 +6209,7 @@ static resource_size_t pci_specified_resource_alignment(struct pci_dev *dev,
> > > if (align_order == -1)
> > > align = PAGE_SIZE;
> > > else
> > > - align = 1 << align_order;
> > > + align = BIT_ULL(align_order);
> >
> > "align_order" comes from sscanf() so Smatch thinks it's not trusted.
> > Anything above 63 is undefined behavior. There should be a bounds check
> > on this but I don't know what the valid values of "align" are.
>
> The spec doesn't explicitly say what the size limit for 64-bit BARs
> is, but it does say 32-bit BARs can support up to 2GB (2^31). So I
> infer that 2^63 would be the limit for 64-bit BARs.
>
> What about something like the following? To me, BIT_ULL doesn't seem
> like an advantage over "1ULL << ", but maybe there's a reason to use
> it.
The advantage of BIT_ULL() is that checkpatch and I think Coccinelle
will suggest using it. It's only recently where a few people have
complained (actually you're probably the second person) that BIT() is
sort of a weird thing to use for size variables.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] PCI: fix a potential uninitentional integer overflow issue
@ 2020-11-06 8:04 ` Dan Carpenter
0 siblings, 0 replies; 12+ messages in thread
From: Dan Carpenter @ 2020-11-06 8:04 UTC (permalink / raw)
To: Bjorn Helgaas
Cc: Colin King, Bjorn Helgaas, Christian König, Stephen Bates,
Logan Gunthorpe, Alex Williamson, linux-pci, linux-kernel,
kernel-janitors
On Thu, Nov 05, 2020 at 04:24:30PM -0600, Bjorn Helgaas wrote:
> On Wed, Oct 07, 2020 at 03:33:45PM +0300, Dan Carpenter wrote:
> > On Wed, Oct 07, 2020 at 12:46:15PM +0100, Colin King wrote:
> > > From: Colin Ian King <colin.king@canonical.com>
> > >
> > > The shift of 1 by align_order is evaluated using 32 bit arithmetic
> > > and the result is assigned to a resource_size_t type variable that
> > > is a 64 bit unsigned integer on 64 bit platforms. Fix an overflow
> > > before widening issue by using the BIT_ULL macro to perform the
> > > shift.
> > >
> > > Addresses-Coverity: ("Uninitentional integer overflow")
>
> s/Uninitentional/Unintentional/
> Also in subject (please also capitalize subject)
>
> Doesn't Coverity also assign an ID number for this specific issue?
> Can you include that as well, e.g.,
>
> Addresses-Coverity-ID: 1226899 ("Unintentional integer overflow")
>
> > > Fixes: 07d8d7e57c28 ("PCI: Make specifying PCI devices in kernel parameters reusable")
> > > Signed-off-by: Colin Ian King <colin.king@canonical.com>
> > > ---
> > > drivers/pci/pci.c | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
> > > index 6d4d5a2f923d..1a5844d7af35 100644
> > > --- a/drivers/pci/pci.c
> > > +++ b/drivers/pci/pci.c
> > > @@ -6209,7 +6209,7 @@ static resource_size_t pci_specified_resource_alignment(struct pci_dev *dev,
> > > if (align_order = -1)
> > > align = PAGE_SIZE;
> > > else
> > > - align = 1 << align_order;
> > > + align = BIT_ULL(align_order);
> >
> > "align_order" comes from sscanf() so Smatch thinks it's not trusted.
> > Anything above 63 is undefined behavior. There should be a bounds check
> > on this but I don't know what the valid values of "align" are.
>
> The spec doesn't explicitly say what the size limit for 64-bit BARs
> is, but it does say 32-bit BARs can support up to 2GB (2^31). So I
> infer that 2^63 would be the limit for 64-bit BARs.
>
> What about something like the following? To me, BIT_ULL doesn't seem
> like an advantage over "1ULL << ", but maybe there's a reason to use
> it.
The advantage of BIT_ULL() is that checkpatch and I think Coccinelle
will suggest using it. It's only recently where a few people have
complained (actually you're probably the second person) that BIT() is
sort of a weird thing to use for size variables.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] PCI: fix a potential uninitentional integer overflow issue
2020-11-06 8:04 ` Dan Carpenter
@ 2020-11-10 20:54 ` Bjorn Helgaas
-1 siblings, 0 replies; 12+ messages in thread
From: Bjorn Helgaas @ 2020-11-10 20:54 UTC (permalink / raw)
To: Dan Carpenter
Cc: Colin King, Bjorn Helgaas, Christian König, Stephen Bates,
Logan Gunthorpe, Alex Williamson, linux-pci, linux-kernel,
kernel-janitors
On Fri, Nov 06, 2020 at 11:04:19AM +0300, Dan Carpenter wrote:
> On Thu, Nov 05, 2020 at 04:24:30PM -0600, Bjorn Helgaas wrote:
> > On Wed, Oct 07, 2020 at 03:33:45PM +0300, Dan Carpenter wrote:
> > > On Wed, Oct 07, 2020 at 12:46:15PM +0100, Colin King wrote:
> > > > From: Colin Ian King <colin.king@canonical.com>
> > > >
> > > > The shift of 1 by align_order is evaluated using 32 bit arithmetic
> > > > and the result is assigned to a resource_size_t type variable that
> > > > is a 64 bit unsigned integer on 64 bit platforms. Fix an overflow
> > > > before widening issue by using the BIT_ULL macro to perform the
> > > > shift.
> > > >
> > > > Addresses-Coverity: ("Uninitentional integer overflow")
> >
> > s/Uninitentional/Unintentional/
> > Also in subject (please also capitalize subject)
> >
> > Doesn't Coverity also assign an ID number for this specific issue?
> > Can you include that as well, e.g.,
> >
> > Addresses-Coverity-ID: 1226899 ("Unintentional integer overflow")
> >
> > > > Fixes: 07d8d7e57c28 ("PCI: Make specifying PCI devices in kernel parameters reusable")
> > > > Signed-off-by: Colin Ian King <colin.king@canonical.com>
> > > > ---
> > > > drivers/pci/pci.c | 2 +-
> > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
> > > > index 6d4d5a2f923d..1a5844d7af35 100644
> > > > --- a/drivers/pci/pci.c
> > > > +++ b/drivers/pci/pci.c
> > > > @@ -6209,7 +6209,7 @@ static resource_size_t pci_specified_resource_alignment(struct pci_dev *dev,
> > > > if (align_order == -1)
> > > > align = PAGE_SIZE;
> > > > else
> > > > - align = 1 << align_order;
> > > > + align = BIT_ULL(align_order);
> > >
> > > "align_order" comes from sscanf() so Smatch thinks it's not trusted.
> > > Anything above 63 is undefined behavior. There should be a bounds check
> > > on this but I don't know what the valid values of "align" are.
> >
> > The spec doesn't explicitly say what the size limit for 64-bit BARs
> > is, but it does say 32-bit BARs can support up to 2GB (2^31). So I
> > infer that 2^63 would be the limit for 64-bit BARs.
> >
> > What about something like the following? To me, BIT_ULL doesn't seem
> > like an advantage over "1ULL << ", but maybe there's a reason to use
> > it.
>
> The advantage of BIT_ULL() is that checkpatch and I think Coccinelle
> will suggest using it. It's only recently where a few people have
> complained (actually you're probably the second person) that BIT() is
> sort of a weird thing to use for size variables.
If that's the only reason, I definitely prefer "1ULL << align_order".
BIT_ULL is just a pointless abstraction in this case.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] PCI: fix a potential uninitentional integer overflow issue
@ 2020-11-10 20:54 ` Bjorn Helgaas
0 siblings, 0 replies; 12+ messages in thread
From: Bjorn Helgaas @ 2020-11-10 20:54 UTC (permalink / raw)
To: Dan Carpenter
Cc: Colin King, Bjorn Helgaas, Christian König, Stephen Bates,
Logan Gunthorpe, Alex Williamson, linux-pci, linux-kernel,
kernel-janitors
On Fri, Nov 06, 2020 at 11:04:19AM +0300, Dan Carpenter wrote:
> On Thu, Nov 05, 2020 at 04:24:30PM -0600, Bjorn Helgaas wrote:
> > On Wed, Oct 07, 2020 at 03:33:45PM +0300, Dan Carpenter wrote:
> > > On Wed, Oct 07, 2020 at 12:46:15PM +0100, Colin King wrote:
> > > > From: Colin Ian King <colin.king@canonical.com>
> > > >
> > > > The shift of 1 by align_order is evaluated using 32 bit arithmetic
> > > > and the result is assigned to a resource_size_t type variable that
> > > > is a 64 bit unsigned integer on 64 bit platforms. Fix an overflow
> > > > before widening issue by using the BIT_ULL macro to perform the
> > > > shift.
> > > >
> > > > Addresses-Coverity: ("Uninitentional integer overflow")
> >
> > s/Uninitentional/Unintentional/
> > Also in subject (please also capitalize subject)
> >
> > Doesn't Coverity also assign an ID number for this specific issue?
> > Can you include that as well, e.g.,
> >
> > Addresses-Coverity-ID: 1226899 ("Unintentional integer overflow")
> >
> > > > Fixes: 07d8d7e57c28 ("PCI: Make specifying PCI devices in kernel parameters reusable")
> > > > Signed-off-by: Colin Ian King <colin.king@canonical.com>
> > > > ---
> > > > drivers/pci/pci.c | 2 +-
> > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
> > > > index 6d4d5a2f923d..1a5844d7af35 100644
> > > > --- a/drivers/pci/pci.c
> > > > +++ b/drivers/pci/pci.c
> > > > @@ -6209,7 +6209,7 @@ static resource_size_t pci_specified_resource_alignment(struct pci_dev *dev,
> > > > if (align_order = -1)
> > > > align = PAGE_SIZE;
> > > > else
> > > > - align = 1 << align_order;
> > > > + align = BIT_ULL(align_order);
> > >
> > > "align_order" comes from sscanf() so Smatch thinks it's not trusted.
> > > Anything above 63 is undefined behavior. There should be a bounds check
> > > on this but I don't know what the valid values of "align" are.
> >
> > The spec doesn't explicitly say what the size limit for 64-bit BARs
> > is, but it does say 32-bit BARs can support up to 2GB (2^31). So I
> > infer that 2^63 would be the limit for 64-bit BARs.
> >
> > What about something like the following? To me, BIT_ULL doesn't seem
> > like an advantage over "1ULL << ", but maybe there's a reason to use
> > it.
>
> The advantage of BIT_ULL() is that checkpatch and I think Coccinelle
> will suggest using it. It's only recently where a few people have
> complained (actually you're probably the second person) that BIT() is
> sort of a weird thing to use for size variables.
If that's the only reason, I definitely prefer "1ULL << align_order".
BIT_ULL is just a pointless abstraction in this case.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] PCI: fix a potential uninitentional integer overflow issue
2020-11-10 20:54 ` Bjorn Helgaas
@ 2020-11-10 22:00 ` Colin Ian King
-1 siblings, 0 replies; 12+ messages in thread
From: Colin Ian King @ 2020-11-10 22:00 UTC (permalink / raw)
To: Bjorn Helgaas, Dan Carpenter
Cc: Bjorn Helgaas, Christian König, Stephen Bates,
Logan Gunthorpe, Alex Williamson, linux-pci, linux-kernel,
kernel-janitors
On 10/11/2020 20:54, Bjorn Helgaas wrote:
> On Fri, Nov 06, 2020 at 11:04:19AM +0300, Dan Carpenter wrote:
>> On Thu, Nov 05, 2020 at 04:24:30PM -0600, Bjorn Helgaas wrote:
>>> On Wed, Oct 07, 2020 at 03:33:45PM +0300, Dan Carpenter wrote:
>>>> On Wed, Oct 07, 2020 at 12:46:15PM +0100, Colin King wrote:
>>>>> From: Colin Ian King <colin.king@canonical.com>
>>>>>
>>>>> The shift of 1 by align_order is evaluated using 32 bit arithmetic
>>>>> and the result is assigned to a resource_size_t type variable that
>>>>> is a 64 bit unsigned integer on 64 bit platforms. Fix an overflow
>>>>> before widening issue by using the BIT_ULL macro to perform the
>>>>> shift.
>>>>>
>>>>> Addresses-Coverity: ("Uninitentional integer overflow")
>>>
>>> s/Uninitentional/Unintentional/
>>> Also in subject (please also capitalize subject)
OK
>>>
>>> Doesn't Coverity also assign an ID number for this specific issue?
>>> Can you include that as well, e.g.,
I'm running this from an internal coverity scan, so the ID is not public.
>>>
>>> Addresses-Coverity-ID: 1226899 ("Unintentional integer overflow")
>>>
>>>>> Fixes: 07d8d7e57c28 ("PCI: Make specifying PCI devices in kernel parameters reusable")
>>>>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>>>>> ---
>>>>> drivers/pci/pci.c | 2 +-
>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
>>>>> index 6d4d5a2f923d..1a5844d7af35 100644
>>>>> --- a/drivers/pci/pci.c
>>>>> +++ b/drivers/pci/pci.c
>>>>> @@ -6209,7 +6209,7 @@ static resource_size_t pci_specified_resource_alignment(struct pci_dev *dev,
>>>>> if (align_order == -1)
>>>>> align = PAGE_SIZE;
>>>>> else
>>>>> - align = 1 << align_order;
>>>>> + align = BIT_ULL(align_order);
>>>>
>>>> "align_order" comes from sscanf() so Smatch thinks it's not trusted.
>>>> Anything above 63 is undefined behavior. There should be a bounds check
>>>> on this but I don't know what the valid values of "align" are.
>>>
>>> The spec doesn't explicitly say what the size limit for 64-bit BARs
>>> is, but it does say 32-bit BARs can support up to 2GB (2^31). So I
>>> infer that 2^63 would be the limit for 64-bit BARs.
>>>
>>> What about something like the following? To me, BIT_ULL doesn't seem
>>> like an advantage over "1ULL << ", but maybe there's a reason to use
>>> it.
>>
>> The advantage of BIT_ULL() is that checkpatch and I think Coccinelle
>> will suggest using it. It's only recently where a few people have
>> complained (actually you're probably the second person) that BIT() is
>> sort of a weird thing to use for size variables.
>
> If that's the only reason, I definitely prefer "1ULL << align_order".
>
> BIT_ULL is just a pointless abstraction in this case.
>
OK. V2 Arriving later today
Colin
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] PCI: fix a potential uninitentional integer overflow issue
@ 2020-11-10 22:00 ` Colin Ian King
0 siblings, 0 replies; 12+ messages in thread
From: Colin Ian King @ 2020-11-10 22:00 UTC (permalink / raw)
To: Bjorn Helgaas, Dan Carpenter
Cc: Bjorn Helgaas, Christian König, Stephen Bates,
Logan Gunthorpe, Alex Williamson, linux-pci, linux-kernel,
kernel-janitors
On 10/11/2020 20:54, Bjorn Helgaas wrote:
> On Fri, Nov 06, 2020 at 11:04:19AM +0300, Dan Carpenter wrote:
>> On Thu, Nov 05, 2020 at 04:24:30PM -0600, Bjorn Helgaas wrote:
>>> On Wed, Oct 07, 2020 at 03:33:45PM +0300, Dan Carpenter wrote:
>>>> On Wed, Oct 07, 2020 at 12:46:15PM +0100, Colin King wrote:
>>>>> From: Colin Ian King <colin.king@canonical.com>
>>>>>
>>>>> The shift of 1 by align_order is evaluated using 32 bit arithmetic
>>>>> and the result is assigned to a resource_size_t type variable that
>>>>> is a 64 bit unsigned integer on 64 bit platforms. Fix an overflow
>>>>> before widening issue by using the BIT_ULL macro to perform the
>>>>> shift.
>>>>>
>>>>> Addresses-Coverity: ("Uninitentional integer overflow")
>>>
>>> s/Uninitentional/Unintentional/
>>> Also in subject (please also capitalize subject)
OK
>>>
>>> Doesn't Coverity also assign an ID number for this specific issue?
>>> Can you include that as well, e.g.,
I'm running this from an internal coverity scan, so the ID is not public.
>>>
>>> Addresses-Coverity-ID: 1226899 ("Unintentional integer overflow")
>>>
>>>>> Fixes: 07d8d7e57c28 ("PCI: Make specifying PCI devices in kernel parameters reusable")
>>>>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>>>>> ---
>>>>> drivers/pci/pci.c | 2 +-
>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
>>>>> index 6d4d5a2f923d..1a5844d7af35 100644
>>>>> --- a/drivers/pci/pci.c
>>>>> +++ b/drivers/pci/pci.c
>>>>> @@ -6209,7 +6209,7 @@ static resource_size_t pci_specified_resource_alignment(struct pci_dev *dev,
>>>>> if (align_order = -1)
>>>>> align = PAGE_SIZE;
>>>>> else
>>>>> - align = 1 << align_order;
>>>>> + align = BIT_ULL(align_order);
>>>>
>>>> "align_order" comes from sscanf() so Smatch thinks it's not trusted.
>>>> Anything above 63 is undefined behavior. There should be a bounds check
>>>> on this but I don't know what the valid values of "align" are.
>>>
>>> The spec doesn't explicitly say what the size limit for 64-bit BARs
>>> is, but it does say 32-bit BARs can support up to 2GB (2^31). So I
>>> infer that 2^63 would be the limit for 64-bit BARs.
>>>
>>> What about something like the following? To me, BIT_ULL doesn't seem
>>> like an advantage over "1ULL << ", but maybe there's a reason to use
>>> it.
>>
>> The advantage of BIT_ULL() is that checkpatch and I think Coccinelle
>> will suggest using it. It's only recently where a few people have
>> complained (actually you're probably the second person) that BIT() is
>> sort of a weird thing to use for size variables.
>
> If that's the only reason, I definitely prefer "1ULL << align_order".
>
> BIT_ULL is just a pointless abstraction in this case.
>
OK. V2 Arriving later today
Colin
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2020-11-10 22:00 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-07 11:46 [PATCH] PCI: fix a potential uninitentional integer overflow issue Colin King
2020-10-07 11:46 ` Colin King
2020-10-07 12:33 ` Dan Carpenter
2020-10-07 12:33 ` Dan Carpenter
2020-11-05 22:24 ` Bjorn Helgaas
2020-11-05 22:24 ` Bjorn Helgaas
2020-11-06 8:04 ` Dan Carpenter
2020-11-06 8:04 ` Dan Carpenter
2020-11-10 20:54 ` Bjorn Helgaas
2020-11-10 20:54 ` Bjorn Helgaas
2020-11-10 22:00 ` Colin Ian King
2020-11-10 22:00 ` Colin Ian King
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.