From: Ping-Ke Shih <pkshih@realtek.com>
To: coverity-bot <keescook@chromium.org>,
Gary Chang <gary.chang@realtek.com>
Cc: Timlee <timlee@realtek.com>, Kalle Valo <kvalo@kernel.org>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
"linux-next@vger.kernel.org" <linux-next@vger.kernel.org>,
"linux-hardening@vger.kernel.org"
<linux-hardening@vger.kernel.org>
Subject: RE: Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues
Date: Thu, 3 Nov 2022 01:26:45 +0000 [thread overview]
Message-ID: <884ff1b628e44d32960f438f75a6524c@realtek.com> (raw)
In-Reply-To: <202211021253.44E254479@keescook>
> -----Original Message-----
> From: coverity-bot <keescook@chromium.org>
> Sent: Thursday, November 3, 2022 3:53 AM
> To: Gary Chang <gary.chang@realtek.com>
> Cc: Timlee <timlee@realtek.com>; Kalle Valo <kvalo@kernel.org>; Ping-Ke Shih <pkshih@realtek.com>; Gustavo
> A. R. Silva <gustavo@embeddedor.com>; linux-next@vger.kernel.org; linux-hardening@vger.kernel.org
> Subject: Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues
>
> Hello!
>
> This is an experimental semi-automated report about issues detected by
> Coverity from a scan of next-20221102 as part of the linux-next scan project:
> https://scan.coverity.com/projects/linux-next-weekly-scan
>
> You're getting this email because you were associated with the identified
> lines of code (noted below) that were touched by commits:
>
> Tue Nov 1 11:26:13 2022 +0200
> 7a68ec3da79e ("wifi: rtw89: add function to adjust and restore PLE quota")
>
> Coverity reported the following:
>
> *** CID 1527095: Integer handling issues (SIGN_EXTENSION)
> /drivers/net/wireless/realtek/rtw89/mac.c: 1562 in rtw89_mac_resize_ple_rx_quota()
> 1556 rtw89_err(rtwdev, "[ERR]get_dle_mem_cfg\n");
> 1557 return -EINVAL;
> 1558 }
> 1559
> 1560 min_cfg = cfg->ple_min_qt;
> 1561 max_cfg = cfg->ple_max_qt;
> vvv CID 1527095: Integer handling issues (SIGN_EXTENSION)
> vvv Suspicious implicit sign extension: "max_cfg->cma0_dma" with type "u16" (16 bits, unsigned) is
> promoted in "max_cfg->cma0_dma << 16" to type "int" (32 bits, signed), then sign-extended to type "unsigned
> long" (64 bits, unsigned). If "max_cfg->cma0_dma << 16" is greater than 0x7FFFFFFF, the upper bits of the
> result will all be 1.
Thanks for pointing this. I'll fix it.
Ping-Ke
> 1562 SET_QUOTA(cma0_dma, PLE, 6);
> 1563 SET_QUOTA(cma1_dma, PLE, 7);
> 1564
> 1565 return 0;
> 1566 }
> 1567 #undef SET_QUOTA
>
next prev parent reply other threads:[~2022-11-03 1:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-02 19:53 Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues coverity-bot
2022-11-03 1:26 ` Ping-Ke Shih [this message]
2022-11-03 6:03 ` Kalle Valo
2022-11-04 19:15 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=884ff1b628e44d32960f438f75a6524c@realtek.com \
--to=pkshih@realtek.com \
--cc=gary.chang@realtek.com \
--cc=gustavo@embeddedor.com \
--cc=keescook@chromium.org \
--cc=kvalo@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
--cc=timlee@realtek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).