| Message ID | 20140404154023.GA5367@google.com |
|---|---|
| State | Accepted |
| Headers | show |
On Fri, Apr 04, 2014 at 09:40:23AM -0600, Bjorn Helgaas wrote: > On Thu, Apr 03, 2014 at 02:56:26PM -0600, Bjorn Helgaas wrote: > > Coverity complains about unintended sign extension in cnb20le_res() in > > arch/x86/pci/broadcom_bus.c here: > > > > 60 word1 = read_pci_config_16(bus, slot, func, 0xc4); > > 61 word2 = read_pci_config_16(bus, slot, func, 0xc6); > > 62 if (word1 != word2) { > > > > CID 138749 (#1 of 2): Unintended sign extension (SIGN_EXTENSION) > > sign_extension: Suspicious implicit sign extension: word1 with type > > unsigned short (16 bits, unsigned) is promoted in (word1 << 16) | 0 to > > type int (32 bits, signed), then sign-extended to type unsigned long > > long (64 bits, unsigned). If (word1 << 16) | 0 is greater than > > 0x7FFFFFFF, the upper bits of the result will all be 1. > > 63 res.start = (word1 << 16) | 0x0000; > > CID 138750: Unintended sign extension (SIGN_EXTENSION) [select issue] > > I propose the following patch for this. Unless there's objection, I'll > queue this for v3.16. > > > x86/PCI: Fix Broadcom CNB20LE unintended sign extension > > From: Bjorn Helgaas <bhelgaas@google.com> > > In the expression "word1 << 16", word1 starts as u16, but is promoted to > a signed int, then sign-extended to resource_size_t, which is probably > not what was intended. Cast to resource_size_t to avoid the sign > extension. > > Found by Coverity (CID 138749, 138750). > > Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> I applied this to pci/resource for v3.16. > --- > arch/x86/pci/broadcom_bus.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/pci/broadcom_bus.c b/arch/x86/pci/broadcom_bus.c > index 614392ced7d6..bb461cfd01ab 100644 > --- a/arch/x86/pci/broadcom_bus.c > +++ b/arch/x86/pci/broadcom_bus.c > @@ -60,8 +60,8 @@ static void __init cnb20le_res(u8 bus, u8 slot, u8 func) > word1 = read_pci_config_16(bus, slot, func, 0xc4); > word2 = read_pci_config_16(bus, slot, func, 0xc6); > if (word1 != word2) { > - res.start = (word1 << 16) | 0x0000; > - res.end = (word2 << 16) | 0xffff; > + res.start = ((resource_size_t) word1 << 16) | 0x0000; > + res.end = ((resource_size_t) word2 << 16) | 0xffff; > res.flags = IORESOURCE_MEM | IORESOURCE_PREFETCH; > update_res(info, res.start, res.end, res.flags, 0); > } -- To unsubscribe from this list: send the line "unsubscribe linux-pci" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/arch/x86/pci/broadcom_bus.c b/arch/x86/pci/broadcom_bus.c index 614392ced7d6..bb461cfd01ab 100644 --- a/arch/x86/pci/broadcom_bus.c +++ b/arch/x86/pci/broadcom_bus.c @@ -60,8 +60,8 @@ static void __init cnb20le_res(u8 bus, u8 slot, u8 func) word1 = read_pci_config_16(bus, slot, func, 0xc4); word2 = read_pci_config_16(bus, slot, func, 0xc6); if (word1 != word2) { - res.start = (word1 << 16) | 0x0000; - res.end = (word2 << 16) | 0xffff; + res.start = ((resource_size_t) word1 << 16) | 0x0000; + res.end = ((resource_size_t) word2 << 16) | 0xffff; res.flags = IORESOURCE_MEM | IORESOURCE_PREFETCH; update_res(info, res.start, res.end, res.flags, 0); }