| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241115220202.31086-1-antonio@mandelbit.com> Date: Fri, 15 Nov 2024 23:02:02 +0100 From: Antonio Quartulli <antonio@...delbit.com> To: linux-spi@...r.kernel.org Cc: Antonio Quartulli <antonio@...delbit.com>, Mark Brown <broonie@...nel.org>, Shawn Guo <shawnguo@...nel.org>, Sascha Hauer <s.hauer@...gutronix.de>, Pengutronix Kernel Team <kernel@...gutronix.de>, Fabio Estevam <festevam@...il.com>, imx@...ts.linux.dev, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org Subject: [PATCH] spi-imx: prevent overflow when estimating transfer time The words delay is computed by multiplying two unsigned ints and by adding up the result to a u64 variable. The multiplication, however, is performed with 32bit math thus losing data when the actual result is larger than UINT32_MAX. Fix the operation by casting the first operand to u64, thus forcing the multiplication to be performed with 64bit math. This fixes 1 OVERFLOW_BEFORE_WIDEN issue reported by Coverity Report: CID 1601859: Integer handling issues (OVERFLOW_BEFORE_WIDEN) Cc: Mark Brown <broonie@...nel.org> Cc: Shawn Guo <shawnguo@...nel.org> Cc: Sascha Hauer <s.hauer@...gutronix.de> Cc: Pengutronix Kernel Team <kernel@...gutronix.de> Cc: Fabio Estevam <festevam@...il.com> Cc: imx@...ts.linux.dev Cc: linux-arm-kernel@...ts.infradead.org Cc: linux-kernel@...r.kernel.org Signed-off-by: Antonio Quartulli <antonio@...delbit.com> --- drivers/spi/spi-imx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c index 0b6b0151b3a3..eeb7d082c247 100644 --- a/drivers/spi/spi-imx.c +++ b/drivers/spi/spi-imx.c @@ -1685,7 +1685,7 @@ static unsigned int spi_imx_transfer_estimate_time_us(struct spi_transfer *trans words = DIV_ROUND_UP(transfer->len * BITS_PER_BYTE, transfer->bits_per_word); word_delay_us = DIV_ROUND_CLOSEST(spi_delay_to_ns(&transfer->word_delay, transfer), NSEC_PER_USEC); - result += words * word_delay_us; + result += (u64)words * word_delay_us; } return min(result, U32_MAX); -- 2.45.2
Powered by blists - more mailing lists