* Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues
@ 2022-11-02 19:53 coverity-bot
2022-11-03 1:26 ` Ping-Ke Shih
0 siblings, 1 reply; 4+ messages in thread
From: coverity-bot @ 2022-11-02 19:53 UTC (permalink / raw)
To: Chih-Kang Chang
Cc: Chin-Yen Lee, Kalle Valo, Ping-Ke Shih, Gustavo A. R. Silva,
linux-next, linux-hardening
Hello!
This is an experimental semi-automated report about issues detected by
Coverity from a scan of next-20221102 as part of the linux-next scan project:
https://scan.coverity.com/projects/linux-next-weekly-scan
You're getting this email because you were associated with the identified
lines of code (noted below) that were touched by commits:
Tue Nov 1 11:26:13 2022 +0200
7a68ec3da79e ("wifi: rtw89: add function to adjust and restore PLE quota")
Coverity reported the following:
*** CID 1527095: Integer handling issues (SIGN_EXTENSION)
/drivers/net/wireless/realtek/rtw89/mac.c: 1562 in rtw89_mac_resize_ple_rx_quota()
1556 rtw89_err(rtwdev, "[ERR]get_dle_mem_cfg\n");
1557 return -EINVAL;
1558 }
1559
1560 min_cfg = cfg->ple_min_qt;
1561 max_cfg = cfg->ple_max_qt;
vvv CID 1527095: Integer handling issues (SIGN_EXTENSION)
vvv Suspicious implicit sign extension: "max_cfg->cma0_dma" with type "u16" (16 bits, unsigned) is promoted in "max_cfg->cma0_dma << 16" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "max_cfg->cma0_dma << 16" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1562 SET_QUOTA(cma0_dma, PLE, 6);
1563 SET_QUOTA(cma1_dma, PLE, 7);
1564
1565 return 0;
1566 }
1567 #undef SET_QUOTA
If this is a false positive, please let us know so we can mark it as
such, or teach the Coverity rules to be smarter. If not, please make
sure fixes get into linux-next. :) For patches fixing this, please
include these lines (but double-check the "Fixes" first):
Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1527095 ("Integer handling issues")
Fixes: 7a68ec3da79e ("wifi: rtw89: add function to adjust and restore PLE quota")
Thanks for your attention!
--
Coverity-bot
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues
2022-11-02 19:53 Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues coverity-bot
@ 2022-11-03 1:26 ` Ping-Ke Shih
2022-11-03 6:03 ` Kalle Valo
0 siblings, 1 reply; 4+ messages in thread
From: Ping-Ke Shih @ 2022-11-03 1:26 UTC (permalink / raw)
To: coverity-bot, Gary Chang
Cc: Timlee, Kalle Valo, Gustavo A. R. Silva, linux-next, linux-hardening
> -----Original Message-----
> From: coverity-bot <keescook@chromium.org>
> Sent: Thursday, November 3, 2022 3:53 AM
> To: Gary Chang <gary.chang@realtek.com>
> Cc: Timlee <timlee@realtek.com>; Kalle Valo <kvalo@kernel.org>; Ping-Ke Shih <pkshih@realtek.com>; Gustavo
> A. R. Silva <gustavo@embeddedor.com>; linux-next@vger.kernel.org; linux-hardening@vger.kernel.org
> Subject: Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues
>
> Hello!
>
> This is an experimental semi-automated report about issues detected by
> Coverity from a scan of next-20221102 as part of the linux-next scan project:
> https://scan.coverity.com/projects/linux-next-weekly-scan
>
> You're getting this email because you were associated with the identified
> lines of code (noted below) that were touched by commits:
>
> Tue Nov 1 11:26:13 2022 +0200
> 7a68ec3da79e ("wifi: rtw89: add function to adjust and restore PLE quota")
>
> Coverity reported the following:
>
> *** CID 1527095: Integer handling issues (SIGN_EXTENSION)
> /drivers/net/wireless/realtek/rtw89/mac.c: 1562 in rtw89_mac_resize_ple_rx_quota()
> 1556 rtw89_err(rtwdev, "[ERR]get_dle_mem_cfg\n");
> 1557 return -EINVAL;
> 1558 }
> 1559
> 1560 min_cfg = cfg->ple_min_qt;
> 1561 max_cfg = cfg->ple_max_qt;
> vvv CID 1527095: Integer handling issues (SIGN_EXTENSION)
> vvv Suspicious implicit sign extension: "max_cfg->cma0_dma" with type "u16" (16 bits, unsigned) is
> promoted in "max_cfg->cma0_dma << 16" to type "int" (32 bits, signed), then sign-extended to type "unsigned
> long" (64 bits, unsigned). If "max_cfg->cma0_dma << 16" is greater than 0x7FFFFFFF, the upper bits of the
> result will all be 1.
Thanks for pointing this. I'll fix it.
Ping-Ke
> 1562 SET_QUOTA(cma0_dma, PLE, 6);
> 1563 SET_QUOTA(cma1_dma, PLE, 7);
> 1564
> 1565 return 0;
> 1566 }
> 1567 #undef SET_QUOTA
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues
2022-11-03 1:26 ` Ping-Ke Shih
@ 2022-11-03 6:03 ` Kalle Valo
2022-11-04 19:15 ` Kees Cook
0 siblings, 1 reply; 4+ messages in thread
From: Kalle Valo @ 2022-11-03 6:03 UTC (permalink / raw)
To: Ping-Ke Shih
Cc: coverity-bot, Gary Chang, Timlee, Gustavo A. R. Silva,
linux-next, linux-hardening, linux-wireless
Ping-Ke Shih <pkshih@realtek.com> writes:
>> -----Original Message-----
>> From: coverity-bot <keescook@chromium.org>
>> Sent: Thursday, November 3, 2022 3:53 AM
>> To: Gary Chang <gary.chang@realtek.com>
>> Cc: Timlee <timlee@realtek.com>; Kalle Valo <kvalo@kernel.org>; Ping-Ke Shih <pkshih@realtek.com>; Gustavo
>> A. R. Silva <gustavo@embeddedor.com>; linux-next@vger.kernel.org; linux-hardening@vger.kernel.org
>> Subject: Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues
>>
>> Hello!
>>
>> This is an experimental semi-automated report about issues detected by
>> Coverity from a scan of next-20221102 as part of the linux-next scan project:
>> https://scan.coverity.com/projects/linux-next-weekly-scan
>>
>> You're getting this email because you were associated with the identified
>> lines of code (noted below) that were touched by commits:
>>
>> Tue Nov 1 11:26:13 2022 +0200
>> 7a68ec3da79e ("wifi: rtw89: add function to adjust and restore PLE quota")
>>
>> Coverity reported the following:
>>
>> *** CID 1527095: Integer handling issues (SIGN_EXTENSION)
>> /drivers/net/wireless/realtek/rtw89/mac.c: 1562 in rtw89_mac_resize_ple_rx_quota()
>> 1556 rtw89_err(rtwdev, "[ERR]get_dle_mem_cfg\n");
>> 1557 return -EINVAL;
>> 1558 }
>> 1559
>> 1560 min_cfg = cfg->ple_min_qt;
>> 1561 max_cfg = cfg->ple_max_qt;
>> vvv CID 1527095: Integer handling issues (SIGN_EXTENSION)
>> vvv Suspicious implicit sign extension: "max_cfg->cma0_dma" with type "u16" (16 bits, unsigned) is
>> promoted in "max_cfg->cma0_dma << 16" to type "int" (32 bits, signed), then sign-extended to type "unsigned
>> long" (64 bits, unsigned). If "max_cfg->cma0_dma << 16" is greater than 0x7FFFFFFF, the upper bits of the
>> result will all be 1.
>
> Thanks for pointing this. I'll fix it.
Thanks Ping.
I noticed that linux-wireless list was missing in CC, would it possible
for the bot to automatically add that to all wireless related reports?
Adding it manually now.
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues
2022-11-03 6:03 ` Kalle Valo
@ 2022-11-04 19:15 ` Kees Cook
0 siblings, 0 replies; 4+ messages in thread
From: Kees Cook @ 2022-11-04 19:15 UTC (permalink / raw)
To: Kalle Valo
Cc: Ping-Ke Shih, Gary Chang, Timlee, Gustavo A. R. Silva,
linux-next, linux-hardening, linux-wireless
On Thu, Nov 03, 2022 at 08:03:59AM +0200, Kalle Valo wrote:
> I noticed that linux-wireless list was missing in CC, would it possible
> for the bot to automatically add that to all wireless related reports?
> Adding it manually now.
Yes, good point. The tooling was looking at the commit's tags, rather
than getting a get_maintainers.pl list. I'll add this logic.
--
Kees Cook
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-11-04 19:15 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-02 19:53 Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues coverity-bot
2022-11-03 1:26 ` Ping-Ke Shih
2022-11-03 6:03 ` Kalle Valo
2022-11-04 19:15 ` Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).