LinuxLists.cc - [PATCH net-next v1 1/1] net: stmmac: Fix potential integer overflow

2021-06-11 09:00:32

Subject: [PATCH net-next v1 1/1] net: stmmac: Fix potential integer overflow

The commit d96febedfde2 ("net: stmmac: arrange Tx tail pointer update
to stmmac_flush_tx_descriptors") introduced the following coverity
warning:-

1. Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
overflow_before_widen: Potentially overflowing expression
'tx_q->cur_tx * desc_size' with type 'unsigned int' (32 bits,
unsigned) is evaluated using 32-bit arithmetic, and then used in a
context that expects an expression of type dma_addr_t (64 bits,
unsigned).

Fixed this by assigning tx_tail_addr to dma_addr_t type, as dma_addr_t
datatype is decided by CONFIG_ARCH_DMA_ADDR_T_64_BIT.

Fixes: d96febedfde2 ("net: stmmac: arrange Tx tail pointer update to stmmac_flush_tx_descriptors")
Signed-off-by: Wong Vee Khee <[email protected]>
---
drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac.h b/drivers/net/ethernet/stmicro/stmmac/stmmac.h
index fd7212afc543..6655cb8e24cf 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac.h
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac.h
@@ -75,7 +75,7 @@ struct stmmac_tx_queue {
unsigned int cur_tx;
unsigned int dirty_tx;
dma_addr_t dma_tx_phy;
- u32 tx_tail_addr;
+ dma_addr_t tx_tail_addr;
u32 mss;
};

--
2.25.1

2021-06-11 20:22:12

by patchwork-bot+netdevbpf

[permalink] [raw]

Subject: Re: [PATCH net-next v1 1/1] net: stmmac: Fix potential integer overflow

Hello:

This patch was applied to netdev/net-next.git (refs/heads/master):

On Fri, 11 Jun 2021 17:02:38 +0800 you wrote:
> The commit d96febedfde2 ("net: stmmac: arrange Tx tail pointer update
> to stmmac_flush_tx_descriptors") introduced the following coverity
> warning:-
>
> 1. Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
> overflow_before_widen: Potentially overflowing expression
> 'tx_q->cur_tx * desc_size' with type 'unsigned int' (32 bits,
> unsigned) is evaluated using 32-bit arithmetic, and then used in a
> context that expects an expression of type dma_addr_t (64 bits,
> unsigned).
>
> [...]

Here is the summary with links:
- [net-next,v1,1/1] net: stmmac: Fix potential integer overflow
https://git.kernel.org/netdev/net-next/c/52e597d3e2e6

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html