| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6f2c9946a9fe4b40ac7dd5a66003c8c4@AcuMS.aculab.com>
Date: Sat, 30 Nov 2024 20:59:22 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Jonathan Cameron' <jic23@...nel.org>
CC: 'Jakob Hauser' <jahau@...ketmail.com>, Lars-Peter Clausen
<lars@...afoo.de>, Andrew Morton <akpm@...ux-foundation.org>, Linus Walleij
<linus.walleij@...aro.org>, "linux-iio@...r.kernel.org"
<linux-iio@...r.kernel.org>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>, kernel test robot <lkp@...el.com>
Subject: RE: [PATCH v2] iio: magnetometer: yas530: Use signed integer type for
clamp limits
From: Jonathan Cameron
> Sent: 30 November 2024 14:35
>
> On Sat, 30 Nov 2024 11:40:45 +0000
> David Laight <David.Laight@...LAB.COM> wrote:
>
> > From: Jakob Hauser
> >
> > Copying Andrew M - he might want to take this through his mm tree.
>
> I'm confused. Why?
>
> Looks like a local bug in an IIO driver. What am I missing?
The build test bot picked it up because a change to minmax.h that Andrew
committed to the mm tree showed up the bug.
To avoid W=1 builds failing Andrew had applied a temporary 'fix'.
So he needs to be in the loop at least.
I don't know the actual procedure :-)
David
>
> >
> > > Sent: 29 November 2024 21:25
> > >
> > > In the function yas537_measure() there is a clamp_val() with limits of
> > > -BIT(13) and BIT(13) - 1. The input clamp value h[] is of type s32. The BIT()
> > > is of type unsigned long integer due to its define in include/vdso/bits.h.
> > > The lower limit -BIT(13) is recognized as -8192 but expressed as an unsigned
> > > long integer. The size of an unsigned long integer differs between 32-bit and
> > > 64-bit architectures. Converting this to type s32 may lead to undesired
> > > behavior.
> > >
> > > Additionally, in the calculation lines h[0], h[1] and h[2] the unsigned long
> > > integer divisor BIT(13) causes an unsigned division, shifting the left-hand
> > > side of the equation back and forth, possibly ending up in large positive
> > > values instead of negative values on 32-bit architectures.
> > >
> > > To solve those two issues, declare a signed integer with a value of BIT(13).
> > >
> > > There is another omission in the clamp line: clamp_val() returns a value and
> > > it's going nowhere here. Self-assign it to h[i] to make use of the clamp
> > > macro.
> > >
> > > Finally, replace clamp_val() macro by clamp() because after changing the limits
> > > from type unsigned long integer to signed integer it's fine that way.
> > >
> > > Reported-by: kernel test robot <lkp@...el.com>
> > > Closes: https://lore.kernel.org/oe-kbuild-all/202411230458.dhZwh3TT-lkp@intel.com/
> > > Closes: https://lore.kernel.org/oe-kbuild-all/202411282222.oF0B4110-lkp@intel.com/
> > > Fixes: 65f79b501030 ("iio: magnetometer: yas530: Add YAS537 variant")
> > > Cc: David Laight <david.laight@...lab.com>
> > > Signed-off-by: Jakob Hauser <jahau@...ketmail.com>
> >
> > Reviewed-by: David Laight <david.laight@...lab.com>
> >
> > I THINK all the other BIT() and GENMASK() are ok.
> > The code also rather heavily relies on u16 being promoted to 'signed int'.
> >
> > David
> >
> >
> > > ---
> > > The patch is based on torvalds/linux v6.12.
> > >
> > > The calculation lines h[0], h[1] and h[2] exceed the limit of 80 characters per
> > > line. In terms of readability I would prefer to keep it that way.
> > >
> > > Changes in v2:
> > > - Self-assigned the clamp macro to h[i].
> > > - Changed from clamp_val() macro to clamp().
> > > - In commit message added issues on divisor BIT(13) and missing clamp
> > > assignment.
> > > - In tags added another (duplicate) report by the kernel test robot.
> > >
> > > Link to v1: https://lore.kernel.org/linux-iio/20241126234021.19749-1-jahau@rocketmail.com/T/#t
> > > ---
> > > drivers/iio/magnetometer/yamaha-yas530.c | 13 +++++++------
> > > 1 file changed, 7 insertions(+), 6 deletions(-)
> > >
> > > diff --git a/drivers/iio/magnetometer/yamaha-yas530.c b/drivers/iio/magnetometer/yamaha-yas530.c
> > > index 65011a8598d3..c55a38650c0d 100644
> > > --- a/drivers/iio/magnetometer/yamaha-yas530.c
> > > +++ b/drivers/iio/magnetometer/yamaha-yas530.c
> > > @@ -372,6 +372,7 @@ static int yas537_measure(struct yas5xx *yas5xx, u16 *t, u16 *x, u16 *y1, u16
> *y
> > > u8 data[8];
> > > u16 xy1y2[3];
> > > s32 h[3], s[3];
> > > + int half_range = BIT(13);
> > > int i, ret;
> > >
> > > mutex_lock(&yas5xx->lock);
> > > @@ -406,13 +407,13 @@ static int yas537_measure(struct yas5xx *yas5xx, u16 *t, u16 *x, u16 *y1,
> u16 *y
> > > /* The second version of YAS537 needs to include calibration coefficients */
> > > if (yas5xx->version == YAS537_VERSION_1) {
> > > for (i = 0; i < 3; i++)
> > > - s[i] = xy1y2[i] - BIT(13);
> > > - h[0] = (c->k * (128 * s[0] + c->a2 * s[1] + c->a3 * s[2])) / BIT(13);
> > > - h[1] = (c->k * (c->a4 * s[0] + c->a5 * s[1] + c->a6 * s[2])) / BIT(13);
> > > - h[2] = (c->k * (c->a7 * s[0] + c->a8 * s[1] + c->a9 * s[2])) / BIT(13);
> > > + s[i] = xy1y2[i] - half_range;
> > > + h[0] = (c->k * (128 * s[0] + c->a2 * s[1] + c->a3 * s[2])) / half_range;
> > > + h[1] = (c->k * (c->a4 * s[0] + c->a5 * s[1] + c->a6 * s[2])) / half_range;
> > > + h[2] = (c->k * (c->a7 * s[0] + c->a8 * s[1] + c->a9 * s[2])) / half_range;
> > > for (i = 0; i < 3; i++) {
> > > - clamp_val(h[i], -BIT(13), BIT(13) - 1);
> > > - xy1y2[i] = h[i] + BIT(13);
> > > + h[i] = clamp(h[i], -half_range, half_range - 1);
> > > + xy1y2[i] = h[i] + half_range;
> > > }
> > > }
> > >
> > > --
> > > 2.43.0
> >
> > -
> > Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
> > Registration No: 1397386 (Wales)
> >
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists