lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMuHMdUMeHCCiAkNyJMHTGUSTqewt=AWPUy+beA_kR26vcS8_Q@mail.gmail.com>
Date: Tue, 30 Jan 2024 11:14:05 +0100
From: Geert Uytterhoeven <geert@...ux-m68k.org>
To: Wolfram Sang <wsa+renesas@...g-engineering.com>
Cc: linux-renesas-soc@...r.kernel.org, Mark Brown <broonie@...nel.org>, 
	linux-spi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] spi: sh-msiof: avoid integer overflow in constants

Hi Wolfram,

On Tue, Jan 30, 2024 at 10:42 AM Wolfram Sang
<wsa+renesas@...g-engineering.com> wrote:
> cppcheck rightfully warned:
>
>  drivers/spi/spi-sh-msiof.c:792:28: warning: Signed integer overflow for expression '7<<29'. [integerOverflow]
>  sh_msiof_write(p, SIFCTR, SIFCTR_TFWM_1 | SIFCTR_RFWM_1);
>
> Signed-off-by: Wolfram Sang <wsa+renesas@...g-engineering.com>

> --- a/drivers/spi/spi-sh-msiof.c
> +++ b/drivers/spi/spi-sh-msiof.c
> @@ -136,14 +136,14 @@ struct sh_msiof_spi_priv {
>
>  /* SIFCTR */
>  #define SIFCTR_TFWM_MASK       GENMASK(31, 29) /* Transmit FIFO Watermark */
> -#define SIFCTR_TFWM_64         (0 << 29)       /*  Transfer Request when 64 empty stages */
> -#define SIFCTR_TFWM_32         (1 << 29)       /*  Transfer Request when 32 empty stages */
> -#define SIFCTR_TFWM_24         (2 << 29)       /*  Transfer Request when 24 empty stages */
> -#define SIFCTR_TFWM_16         (3 << 29)       /*  Transfer Request when 16 empty stages */
> -#define SIFCTR_TFWM_12         (4 << 29)       /*  Transfer Request when 12 empty stages */
> -#define SIFCTR_TFWM_8          (5 << 29)       /*  Transfer Request when 8 empty stages */
> -#define SIFCTR_TFWM_4          (6 << 29)       /*  Transfer Request when 4 empty stages */
> -#define SIFCTR_TFWM_1          (7 << 29)       /*  Transfer Request when 1 empty stage */
> +#define SIFCTR_TFWM_64         (0UL << 29)     /*  Transfer Request when 64 empty stages */
> +#define SIFCTR_TFWM_32         (1UL << 29)     /*  Transfer Request when 32 empty stages */
> +#define SIFCTR_TFWM_24         (2UL << 29)     /*  Transfer Request when 24 empty stages */
> +#define SIFCTR_TFWM_16         (3UL << 29)     /*  Transfer Request when 16 empty stages */
> +#define SIFCTR_TFWM_12         (4UL << 29)     /*  Transfer Request when 12 empty stages */
> +#define SIFCTR_TFWM_8          (5UL << 29)     /*  Transfer Request when 8 empty stages */
> +#define SIFCTR_TFWM_4          (6UL << 29)     /*  Transfer Request when 4 empty stages */
> +#define SIFCTR_TFWM_1          (7UL << 29)     /*  Transfer Request when 1 empty stage */
>  #define SIFCTR_TFUA_MASK       GENMASK(26, 20) /* Transmit FIFO Usable Area */
>  #define SIFCTR_TFUA_SHIFT      20
>  #define SIFCTR_TFUA(i)         ((i) << SIFCTR_TFUA_SHIFT)

There is a similar issue with the SIFCTR_RFWM_* definitions below,
but these don't trigger, as no data is shifted into the sign bit.

What about unifying the individual SIFCTR_?FWM_[0-9]* definitions
into SIFCTR_xFWM_[0-9]* instead, and using the bitfield helpers in its
sole user?

-        sh_msiof_write(p, SIFCTR, SIFCTR_TFWM_1 | SIFCTR_RFWM_1);
+        sh_msiof_write(p, SIFCTR,
+                       FIELD_PREP(SIFCTR_TFWM_MASK, SIFCTR_xFWM_1) |
+                       FIELD_PREP(SIFCTR_RFWM_MASK, SIFCTR_xFWM_1);

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68korg

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ