| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMuHMdWRm0UtJ+vZgmizjHW6y7gCfLoWapjC3Hh0w3ABWOG9YA@mail.gmail.com>
Date: Wed, 8 Jan 2025 11:57:56 +0100
From: Geert Uytterhoeven <geert@...ux-m68k.org>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: Biju Das <biju.das.jz@...renesas.com>,
Lad Prabhakar <prabhakar.mahadev-lad.rj@...renesas.com>,
Liam Girdwood <lgirdwood@...il.com>, Mark Brown <broonie@...nel.org>,
Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.com>, linux-sound@...r.kernel.org,
linux-renesas-soc@...r.kernel.org, linux-kernel@...r.kernel.org,
kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] ASoC: renesas: rz-ssi: Add a check for negative sample_space
Hi Dan,
On Wed, Jan 8, 2025 at 10:29 AM Dan Carpenter <dan.carpenter@...aro.org> wrote:
> My static checker rule complains about this code. The concern is that
> if "sample_space" is negative then the "sample_space >= runtime->channels"
> condition will not work as intended because it will be type promoted to a
> high unsigned int value.
>
> strm->fifo_sample_size is SSI_FIFO_DEPTH (32). The SSIFSR_TDC_MASK is
> 0x3f. Without any further context it does seem like a reasonable warning
> and it can't hurt to add a check for negatives.
>
> Cc: stable@...r.kernel.org
> Fixes: 03e786bd4341 ("ASoC: sh: Add RZ/G2L SSIF-2 driver")
> Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org>
Thanks for your patch!
> --- a/sound/soc/renesas/rz-ssi.c
> +++ b/sound/soc/renesas/rz-ssi.c
> @@ -521,6 +521,8 @@ static int rz_ssi_pio_send(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm)
> sample_space = strm->fifo_sample_size;
> ssifsr = rz_ssi_reg_readl(ssi, SSIFSR);
> sample_space -= (ssifsr >> SSIFSR_TDC_SHIFT) & SSIFSR_TDC_MASK;
> + if (sample_space < 0)
> + return -EINVAL;
>
> /* Only add full frames at a time */
> while (frames_left && (sample_space >= runtime->channels)) {
In practice this cannot happen, as the maximum value of the field
is 0x20 (= SSI_FIFO_DEPTH), but better safe than sorry, so
Reviewed-by: Geert Uytterhoeven <geert+renesas@...der.be>
Biju/Prabhakar: The documentation for the TDC bits in the FIFO Status
Register seems to be incorrect (in all of the RZ/G2L, RZ/G2UL, RZ/G3S,
and RZ/A2M documentation):
TDC[5:0] Bits
These bits indicate the number of valid data that are stored in
the transmit FIFO data register (SSIFTDR). With this flag as H’0,
there is no data to be transmitted. With H’10, there is no space to
write data.
As the FIFO size is 4 bytes x 32 stages for both the transmit and
receive FIFOs, the above should be H'20 instead of H'10.
The documentation for the RDC bits has it right:
RDC[5:0] Bits
These bits indicate the number of valid data that are stored
in the receive FIFO data register (SSIFRDR). With this flag as H’0,
there is no received data. With H’20, the register is filled with
received data and there is no free space.
The documentation for RZ/A1H (not yet supported by the driver)
is also correct (8 stages and H'8).
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
Powered by blists - more mailing lists