[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ae35799d-5560-4761-848f-578051a9fca3@gmail.com>
Date: Tue, 12 Mar 2024 15:53:30 -0700
From: Doug Berger <opendmb@...il.com>
To: "Russell King (Oracle)" <linux@...linux.org.uk>
Cc: Florian Fainelli <f.fainelli@...il.com>, Daniil Dulov
<d.dulov@...ddin.ru>, Jakub Kicinski <kuba@...nel.org>,
Florian Fainelli <florian.fainelli@...adcom.com>,
Broadcom internal kernel review list
<bcm-kernel-feedback-list@...adcom.com>, Andrew Lunn <andrew@...n.ch>,
Heiner Kallweit <hkallweit1@...il.com>, "David S. Miller"
<davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org
Subject: Re: [PATCH net-next] net: phy: mdio-bcm-unimac: Cast denominator to
unsigned long to avoid overflow
On 3/12/2024 12:42 PM, Russell King (Oracle) wrote:
> On Tue, Mar 12, 2024 at 12:23:20PM -0700, Doug Berger wrote:
>> On 3/12/2024 10:23 AM, Florian Fainelli wrote:
>>> On 3/12/24 10:18, Russell King (Oracle) wrote:
>>>> On Tue, Mar 12, 2024 at 07:53:58PM +0300, Daniil Dulov wrote:
>>>>> The expression priv->clk_freq * 2 can lead to overflow that will cause
>>>>> a division by zero. So, let's cast it to unsigned long to avoid it.
>>>>
>>>> How does casting this help? "unsigned long" can still be 32-bit.
>>>> Maybe unimac_mdio_probe() should be validating the value it read from
>>>> DT won't overflow? I suspect that a value of 2.1GHz is way too large
>>>> for this property in any case.
>>>>
>>>> https://en.wikipedia.org/wiki/Management_Data_Input/Output#Electrical_specification
>>>>
>>>> (note, this driver is clause-22 only.)
>>>>
>>>
>>> Had commented on the previous version (not sure why this was not
>>> prefixed with v2) that the maximum clock frequency for this clock is
>>> 250MHz, the driver could check that to prevent for an overflow, most
>>> certainly.
>>
>> Could also use:
>> - div = (rate / (2 * priv->clk_freq)) - 1;
>> + div = ((rate / priv->clk_freq) >> 1) - 1;
>> which is mathematically equivalent without the risk of overflow.
>
> What's the point when the maximum clock frequency that the driver should
> allow fits within u32, nay u28?
I'm assuming this question is rhetorical since I agree there is little
point to this change.
However, in case it's not, the point is to make the SVACE tool happy.
The tool has correctly identified that it is possible for the devicetree
to specify values that would produce an intermediate overflow. The fact
that there is no existing hardware for which those values are legitimate
may be very relevant, but the binding documentation does not specify any
such limitations and the future has a tendency to make numbers that seem
ludicrous today less ludicrous ;). The brcm,unimac-mdio IP could find
itself in some future piece of silicon where it would be capable of
dividing such unlikely clocks since software has a knack for outliving
the hardware for which it may have been originally written.
My suggestion was merely an attempt to remove the possibility of
overflow (the unrealized bug) without altering existing functionality
and without needlessly promoting to a larger data type.
Best regards,
Doug
Powered by blists - more mailing lists