lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 12 Apr 2014 07:29:29 -0600
From:	Bjorn Helgaas <bhelgaas@...gle.com>
To:	Ville Syrjälä <ville.syrjala@...ux.intel.com>
Cc:	Ingo Molnar <mingo@...nel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Fwd: New Defects reported by Coverity Scan for Linux

FYI, looks like these were added by a4dff76924fe ("x86/gpu: Add Intel
graphics stolen memory quirk for gen2 platforms").


---------- Forwarded message ----------
From:  <scan-admin@...erity.com>
Date: Sat, Apr 12, 2014 at 1:24 AM
Subject: New Defects reported by Coverity Scan for Linux
To:

...

** CID 1201423:  Unintended sign extension  (SIGN_EXTENSION)
/arch/x86/kernel/early-quirks.c: 290 in i830_mem_size()

** CID 1201424:  Unintended sign extension  (SIGN_EXTENSION)
/arch/x86/kernel/early-quirks.c: 295 in i85x_mem_size()

...
________________________________________________________________________________________________________
*** CID 1201423:  Unintended sign extension  (SIGN_EXTENSION)
/arch/x86/kernel/early-quirks.c: 290 in i830_mem_size()
284
285             return MB(1);
286     }
287
288     static size_t __init i830_mem_size(void)
289     {
>>>     CID 1201423:  Unintended sign extension  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "read_pci_config_byte(0, 0, 0, 99)" with type "unsigned char" (8 bits, unsigned) is promoted in "read_pci_config_byte(0, 0, 0, 99) * 33554432" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "read_pci_config_byte(0, 0, 0, 99) * 33554432" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
290             return read_pci_config_byte(0, 0, 0, I830_DRB3) * MB(32);
291     }
292
293     static size_t __init i85x_mem_size(void)
294     {
295             return read_pci_config_byte(0, 0, 1, I85X_DRB3) * MB(32);

________________________________________________________________________________________________________
*** CID 1201424:  Unintended sign extension  (SIGN_EXTENSION)
/arch/x86/kernel/early-quirks.c: 295 in i85x_mem_size()
289     {
290             return read_pci_config_byte(0, 0, 0, I830_DRB3) * MB(32);
291     }
292
293     static size_t __init i85x_mem_size(void)
294     {
>>>     CID 1201424:  Unintended sign extension  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "read_pci_config_byte(0, 0, 1, 67)" with type "unsigned char" (8 bits, unsigned) is promoted in "read_pci_config_byte(0, 0, 1, 67) * 33554432" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "read_pci_config_byte(0, 0, 1, 67) * 33554432" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
295             return read_pci_config_byte(0, 0, 1, I85X_DRB3) * MB(32);
296     }
297
298     /*
299      * On 830/845/85x the stolen memory base isn't available in any
300      * register. We need to calculate it as TOM-TSEG_SIZE-stolen_size.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists