From: Felipe Balbi <balbi@kernel.org>
To: Peter Chen <peter.chen@nxp.com>, pawell@cadence.com, rogerq@ti.com
Cc: linux-usb@vger.kernel.org, linux-imx@nxp.com,
gregkh@linuxfoundation.org, jun.li@nxp.com,
Peter Chen <peter.chen@nxp.com>,
stable@vger.kernel.org
Subject: Re: [PATCH 1/3] usb: cdns3: gadget: suspicious implicit sign extension
Date: Tue, 27 Oct 2020 11:03:29 +0200 [thread overview]
Message-ID: <871rhkdori.fsf@kernel.org> (raw)
In-Reply-To: <20201016101659.29482-2-peter.chen@nxp.com>
[-- Attachment #1: Type: text/plain, Size: 1709 bytes --]
Hi,
Peter Chen <peter.chen@nxp.com> writes:
> For code:
> trb->length = cpu_to_le32(TRB_BURST_LEN(priv_ep->trb_burst_size)
> | TRB_LEN(length));
>
> TRB_BURST_LEN(priv_ep->trb_burst_size) may be overflow for int 32 if
> priv_ep->trb_burst_size is equal or larger than 0x80;
>
> Below is the Coverity warning:
> sign_extension: Suspicious implicit sign extension: priv_ep->trb_burst_size
> with type u8 (8 bits, unsigned) is promoted in priv_ep->trb_burst_size << 24
> to type int (32 bits, signed), then sign-extended to type unsigned long
> (64 bits, unsigned). If priv_ep->trb_burst_size << 24 is greater than 0x7FFFFFFF,
> the upper bits of the result will all be 1.
looks like a false positive...
> Cc: <stable@vger.kernel.org> #v5.8+
> Fixes: 7733f6c32e36 ("usb: cdns3: Add Cadence USB3 DRD Driver")
> Signed-off-by: Peter Chen <peter.chen@nxp.com>
> ---
> drivers/usb/cdns3/gadget.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/usb/cdns3/gadget.h b/drivers/usb/cdns3/gadget.h
> index 1ccecd237530..020936cb9897 100644
> --- a/drivers/usb/cdns3/gadget.h
> +++ b/drivers/usb/cdns3/gadget.h
> @@ -1072,7 +1072,7 @@ struct cdns3_trb {
> #define TRB_TDL_SS_SIZE_GET(p) (((p) & GENMASK(23, 17)) >> 17)
>
> /* transfer_len bitmasks - bits 31:24 */
> -#define TRB_BURST_LEN(p) (((p) << 24) & GENMASK(31, 24))
> +#define TRB_BURST_LEN(p) (unsigned int)(((p) << 24) & GENMASK(31, 24))
... because TRB_BURST_LEN() is used to intialize a __le32 type. Even if
it ends up being sign extended, the top 32-bits will be ignored.
I'll apply, but it looks like a pointless fix. We shouldn't need it for stable
--
balbi
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 857 bytes --]
next prev parent reply other threads:[~2020-10-27 9:03 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20201016101659.29482-1-peter.chen@nxp.com>
2020-10-16 10:16 ` [PATCH 1/3] usb: cdns3: gadget: suspicious implicit sign extension Peter Chen
2020-10-27 9:03 ` Felipe Balbi [this message]
2020-10-27 9:48 ` Peter Chen
2020-10-27 10:08 ` David Laight
2020-10-27 14:21 ` Alan Stern
2020-10-28 6:41 ` Peter Chen
2020-10-27 9:03 ` Felipe Balbi
2020-10-16 10:16 ` [PATCH 3/3] usb: cdns3: Fix on-chip memory overflow issue Peter Chen
2020-10-27 9:11 ` Felipe Balbi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871rhkdori.fsf@kernel.org \
--to=balbi@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=jun.li@nxp.com \
--cc=linux-imx@nxp.com \
--cc=linux-usb@vger.kernel.org \
--cc=pawell@cadence.com \
--cc=peter.chen@nxp.com \
--cc=rogerq@ti.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).