linux-next.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues
@ 2022-11-02 19:53 coverity-bot
  2022-11-03  1:26 ` Ping-Ke Shih
  0 siblings, 1 reply; 4+ messages in thread
From: coverity-bot @ 2022-11-02 19:53 UTC (permalink / raw)
  To: Chih-Kang Chang
  Cc: Chin-Yen Lee, Kalle Valo, Ping-Ke Shih, Gustavo A. R. Silva,
	linux-next, linux-hardening

Hello!

This is an experimental semi-automated report about issues detected by
Coverity from a scan of next-20221102 as part of the linux-next scan project:
https://scan.coverity.com/projects/linux-next-weekly-scan

You're getting this email because you were associated with the identified
lines of code (noted below) that were touched by commits:

  Tue Nov 1 11:26:13 2022 +0200
    7a68ec3da79e ("wifi: rtw89: add function to adjust and restore PLE quota")

Coverity reported the following:

*** CID 1527095:  Integer handling issues  (SIGN_EXTENSION)
/drivers/net/wireless/realtek/rtw89/mac.c: 1562 in rtw89_mac_resize_ple_rx_quota()
1556     		rtw89_err(rtwdev, "[ERR]get_dle_mem_cfg\n");
1557     		return -EINVAL;
1558     	}
1559
1560     	min_cfg = cfg->ple_min_qt;
1561     	max_cfg = cfg->ple_max_qt;
vvv     CID 1527095:  Integer handling issues  (SIGN_EXTENSION)
vvv     Suspicious implicit sign extension: "max_cfg->cma0_dma" with type "u16" (16 bits, unsigned) is promoted in "max_cfg->cma0_dma << 16" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "max_cfg->cma0_dma << 16" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1562     	SET_QUOTA(cma0_dma, PLE, 6);
1563     	SET_QUOTA(cma1_dma, PLE, 7);
1564
1565     	return 0;
1566     }
1567     #undef SET_QUOTA

If this is a false positive, please let us know so we can mark it as
such, or teach the Coverity rules to be smarter. If not, please make
sure fixes get into linux-next. :) For patches fixing this, please
include these lines (but double-check the "Fixes" first):

Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1527095 ("Integer handling issues")
Fixes: 7a68ec3da79e ("wifi: rtw89: add function to adjust and restore PLE quota")

Thanks for your attention!

-- 
Coverity-bot

^ permalink raw reply	[flat|nested] 4+ messages in thread
* RE: Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues
  2022-11-02 19:53 Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues coverity-bot
@ 2022-11-03  1:26 ` Ping-Ke Shih
  2022-11-03  6:03   ` Kalle Valo
  0 siblings, 1 reply; 4+ messages in thread
From: Ping-Ke Shih @ 2022-11-03  1:26 UTC (permalink / raw)
  To: coverity-bot, Gary Chang
  Cc: Timlee, Kalle Valo, Gustavo A. R. Silva, linux-next, linux-hardening


> -----Original Message-----
> From: coverity-bot <keescook@chromium.org>
> Sent: Thursday, November 3, 2022 3:53 AM
> To: Gary Chang <gary.chang@realtek.com>
> Cc: Timlee <timlee@realtek.com>; Kalle Valo <kvalo@kernel.org>; Ping-Ke Shih <pkshih@realtek.com>; Gustavo
> A. R. Silva <gustavo@embeddedor.com>; linux-next@vger.kernel.org; linux-hardening@vger.kernel.org
> Subject: Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues
> 
> Hello!
> 
> This is an experimental semi-automated report about issues detected by
> Coverity from a scan of next-20221102 as part of the linux-next scan project:
> https://scan.coverity.com/projects/linux-next-weekly-scan
> 
> You're getting this email because you were associated with the identified
> lines of code (noted below) that were touched by commits:
> 
>   Tue Nov 1 11:26:13 2022 +0200
>     7a68ec3da79e ("wifi: rtw89: add function to adjust and restore PLE quota")
> 
> Coverity reported the following:
> 
> *** CID 1527095:  Integer handling issues  (SIGN_EXTENSION)
> /drivers/net/wireless/realtek/rtw89/mac.c: 1562 in rtw89_mac_resize_ple_rx_quota()
> 1556     		rtw89_err(rtwdev, "[ERR]get_dle_mem_cfg\n");
> 1557     		return -EINVAL;
> 1558     	}
> 1559
> 1560     	min_cfg = cfg->ple_min_qt;
> 1561     	max_cfg = cfg->ple_max_qt;
> vvv     CID 1527095:  Integer handling issues  (SIGN_EXTENSION)
> vvv     Suspicious implicit sign extension: "max_cfg->cma0_dma" with type "u16" (16 bits, unsigned) is
> promoted in "max_cfg->cma0_dma << 16" to type "int" (32 bits, signed), then sign-extended to type "unsigned
> long" (64 bits, unsigned).  If "max_cfg->cma0_dma << 16" is greater than 0x7FFFFFFF, the upper bits of the
> result will all be 1.

Thanks for pointing this. I'll fix it.

Ping-Ke

> 1562     	SET_QUOTA(cma0_dma, PLE, 6);
> 1563     	SET_QUOTA(cma1_dma, PLE, 7);
> 1564
> 1565     	return 0;
> 1566     }
> 1567     #undef SET_QUOTA
> 



^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues
  2022-11-03  1:26 ` Ping-Ke Shih
@ 2022-11-03  6:03   ` Kalle Valo
  2022-11-04 19:15     ` Kees Cook
  0 siblings, 1 reply; 4+ messages in thread
From: Kalle Valo @ 2022-11-03  6:03 UTC (permalink / raw)
  To: Ping-Ke Shih
  Cc: coverity-bot, Gary Chang, Timlee, Gustavo A. R. Silva,
	linux-next, linux-hardening, linux-wireless

Ping-Ke Shih <pkshih@realtek.com> writes:

>> -----Original Message-----
>> From: coverity-bot <keescook@chromium.org>
>> Sent: Thursday, November 3, 2022 3:53 AM
>> To: Gary Chang <gary.chang@realtek.com>
>> Cc: Timlee <timlee@realtek.com>; Kalle Valo <kvalo@kernel.org>; Ping-Ke Shih <pkshih@realtek.com>; Gustavo
>> A. R. Silva <gustavo@embeddedor.com>; linux-next@vger.kernel.org; linux-hardening@vger.kernel.org
>> Subject: Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues
>> 
>> Hello!
>> 
>> This is an experimental semi-automated report about issues detected by
>> Coverity from a scan of next-20221102 as part of the linux-next scan project:
>> https://scan.coverity.com/projects/linux-next-weekly-scan
>> 
>> You're getting this email because you were associated with the identified
>> lines of code (noted below) that were touched by commits:
>> 
>>   Tue Nov 1 11:26:13 2022 +0200
>>     7a68ec3da79e ("wifi: rtw89: add function to adjust and restore PLE quota")
>> 
>> Coverity reported the following:
>> 
>> *** CID 1527095:  Integer handling issues  (SIGN_EXTENSION)
>> /drivers/net/wireless/realtek/rtw89/mac.c: 1562 in rtw89_mac_resize_ple_rx_quota()
>> 1556     		rtw89_err(rtwdev, "[ERR]get_dle_mem_cfg\n");
>> 1557     		return -EINVAL;
>> 1558     	}
>> 1559
>> 1560     	min_cfg = cfg->ple_min_qt;
>> 1561     	max_cfg = cfg->ple_max_qt;
>> vvv     CID 1527095:  Integer handling issues  (SIGN_EXTENSION)
>> vvv     Suspicious implicit sign extension: "max_cfg->cma0_dma" with type "u16" (16 bits, unsigned) is
>> promoted in "max_cfg->cma0_dma << 16" to type "int" (32 bits, signed), then sign-extended to type "unsigned
>> long" (64 bits, unsigned).  If "max_cfg->cma0_dma << 16" is greater than 0x7FFFFFFF, the upper bits of the
>> result will all be 1.
>
> Thanks for pointing this. I'll fix it.

Thanks Ping.

I noticed that linux-wireless list was missing in CC, would it possible
for the bot to automatically add that to all wireless related reports?
Adding it manually now.

-- 
https://patchwork.kernel.org/project/linux-wireless/list/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues
  2022-11-03  6:03   ` Kalle Valo
@ 2022-11-04 19:15     ` Kees Cook
  0 siblings, 0 replies; 4+ messages in thread
From: Kees Cook @ 2022-11-04 19:15 UTC (permalink / raw)
  To: Kalle Valo
  Cc: Ping-Ke Shih, Gary Chang, Timlee, Gustavo A. R. Silva,
	linux-next, linux-hardening, linux-wireless

On Thu, Nov 03, 2022 at 08:03:59AM +0200, Kalle Valo wrote:
> I noticed that linux-wireless list was missing in CC, would it possible
> for the bot to automatically add that to all wireless related reports?
> Adding it manually now.

Yes, good point. The tooling was looking at the commit's tags, rather
than getting a get_maintainers.pl list. I'll add this logic.

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-11-04 19:15 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-02 19:53 Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues coverity-bot
2022-11-03  1:26 ` Ping-Ke Shih
2022-11-03  6:03   ` Kalle Valo
2022-11-04 19:15     ` Kees Cook

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).