LinuxLists.cc - [PATCH] PM / Domains: Fix integer overflows on u32 bit multiplies

2021-02-07 22:51:45

Subject: [PATCH] PM / Domains: Fix integer overflows on u32 bit multiplies

From: Colin Ian King <[email protected]>

There are three occurrances of u32 variables being multiplied by
1000 using 32 bit multiplies and the result being assigned to a
64 bit signed integer. These can potentially lead to a 32 bit
overflows, so fix this by casting 1000 to a UL first to force
a 64 bit multiply hence avoiding the overflow.

Addresses-Coverity: ("Unintentional integer overflow")
Fixes: 30f604283e05 ("PM / Domains: Allow domain power states to be read from DT")
Signed-off-by: Colin Ian King <[email protected]>
---
drivers/base/power/domain.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
index aaf6c83b5cf6..ddeff69126ff 100644
--- a/drivers/base/power/domain.c
+++ b/drivers/base/power/domain.c
@@ -2831,10 +2831,10 @@ static int genpd_parse_state(struct genpd_power_state *genpd_state,

err = of_property_read_u32(state_node, "min-residency-us", &residency);
if (!err)
- genpd_state->residency_ns = 1000 * residency;
+ genpd_state->residency_ns = 1000UL * residency;

- genpd_state->power_on_latency_ns = 1000 * exit_latency;
- genpd_state->power_off_latency_ns = 1000 * entry_latency;
+ genpd_state->power_on_latency_ns = 1000UL * exit_latency;
+ genpd_state->power_off_latency_ns = 1000UL * entry_latency;
genpd_state->fwnode = &state_node->fwnode;

return 0;
--
2.29.2

2021-02-08 07:58:14

by Pavel Machek

[permalink] [raw]

Subject: Re: [PATCH] PM / Domains: Fix integer overflows on u32 bit multiplies

On Sun 2021-02-07 22:46:48, Colin King wrote:
> From: Colin Ian King <[email protected]>
>
> There are three occurrances of u32 variables being multiplied by
> 1000 using 32 bit multiplies and the result being assigned to a
> 64 bit signed integer. These can potentially lead to a 32 bit
> overflows, so fix this by casting 1000 to a UL first to force
> a 64 bit multiply hence avoiding the overflow.

Ummm. No?

a) Can you imagine any situation where they result in overflow?

b) How does casting to UL help on 32 bit system?

Best regards,

Pavel

> Addresses-Coverity: ("Unintentional integer overflow")
> Fixes: 30f604283e05 ("PM / Domains: Allow domain power states to be read from DT")
> Signed-off-by: Colin Ian King <[email protected]>
> ---
> drivers/base/power/domain.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
> index aaf6c83b5cf6..ddeff69126ff 100644
> --- a/drivers/base/power/domain.c
> +++ b/drivers/base/power/domain.c
> @@ -2831,10 +2831,10 @@ static int genpd_parse_state(struct genpd_power_state *genpd_state,
>
> err = of_property_read_u32(state_node, "min-residency-us", &residency);
> if (!err)
> - genpd_state->residency_ns = 1000 * residency;
> + genpd_state->residency_ns = 1000UL * residency;
>
> - genpd_state->power_on_latency_ns = 1000 * exit_latency;
> - genpd_state->power_off_latency_ns = 1000 * entry_latency;
> + genpd_state->power_on_latency_ns = 1000UL * exit_latency;
> + genpd_state->power_off_latency_ns = 1000UL * entry_latency;
> genpd_state->fwnode = &state_node->fwnode;
>
> return 0;

--
http://www.livejournal.com/~pavelmachek

Attachments:

(No filename) (1.72 kB)
signature.asc (188.00 B)
Digital signature Download all attachments

2021-03-18 19:02:52

by Rafael J. Wysocki

[permalink] [raw]

Subject: Re: [PATCH] PM / Domains: Fix integer overflows on u32 bit multiplies

On Sun, Feb 7, 2021 at 11:47 PM Colin King <[email protected]> wrote:
>
> From: Colin Ian King <[email protected]>
>
> There are three occurrances of u32 variables being multiplied by
> 1000 using 32 bit multiplies and the result being assigned to a
> 64 bit signed integer. These can potentially lead to a 32 bit
> overflows, so fix this by casting 1000 to a UL first to force
> a 64 bit multiply hence avoiding the overflow.
>
> Addresses-Coverity: ("Unintentional integer overflow")
> Fixes: 30f604283e05 ("PM / Domains: Allow domain power states to be read from DT")
> Signed-off-by: Colin Ian King <[email protected]>
> ---
> drivers/base/power/domain.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
> index aaf6c83b5cf6..ddeff69126ff 100644
> --- a/drivers/base/power/domain.c
> +++ b/drivers/base/power/domain.c
> @@ -2831,10 +2831,10 @@ static int genpd_parse_state(struct genpd_power_state *genpd_state,
>
> err = of_property_read_u32(state_node, "min-residency-us", &residency);
> if (!err)
> - genpd_state->residency_ns = 1000 * residency;
> + genpd_state->residency_ns = 1000UL * residency;

Wouldn't it be better to use NSEC_PER_USEC here and below?

>
> - genpd_state->power_on_latency_ns = 1000 * exit_latency;
> - genpd_state->power_off_latency_ns = 1000 * entry_latency;
> + genpd_state->power_on_latency_ns = 1000UL * exit_latency;
> + genpd_state->power_off_latency_ns = 1000UL * entry_latency;
> genpd_state->fwnode = &state_node->fwnode;
>
> return 0;
> --
> 2.29.2
>