From: Colin Ian King <[email protected]>
Currently a multiply operation is being performed on two int values
and the result is being assigned to a u64, presumably because the
end result is expected to be probably larger than an int. However,
because the multiply is an int multiply one can get overflow. Avoid
the overflow by casting degc to a u64 to force a u64 multiply.
Addresses-Coverity: ("Unintentional integer overflow")
Fixes: fbfe1a042cfd ("drivers: thermal: tsens: Add interrupt support")
Signed-off-by: Colin Ian King <[email protected]>
---
drivers/thermal/qcom/tsens-common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/thermal/qcom/tsens-common.c b/drivers/thermal/qcom/tsens-common.c
index 03bf1b8133ea..3d7855106ecd 100644
--- a/drivers/thermal/qcom/tsens-common.c
+++ b/drivers/thermal/qcom/tsens-common.c
@@ -92,7 +92,7 @@ void compute_intercept_slope(struct tsens_priv *priv, u32 *p1,
static inline u32 degc_to_code(int degc, const struct tsens_sensor *s)
{
- u64 code = (degc * s->slope + s->offset) / SLOPE_FACTOR;
+ u64 code = ((u64)degc * s->slope + s->offset) / SLOPE_FACTOR;
pr_debug("%s: raw_code: 0x%llx, degc:%d\n", __func__, code, degc);
return clamp_val(code, THRESHOLD_MIN_ADC_CODE, THRESHOLD_MAX_ADC_CODE);
--
2.20.1
Am 22.10.2019 13:49, schrieb Colin King:
> From: Colin Ian King <[email protected]>
>
> Currently a multiply operation is being performed on two int values
> and the result is being assigned to a u64, presumably because the
> end result is expected to be probably larger than an int. However,
> because the multiply is an int multiply one can get overflow. Avoid
> the overflow by casting degc to a u64 to force a u64 multiply.
>
> Addresses-Coverity: ("Unintentional integer overflow")
> Fixes: fbfe1a042cfd ("drivers: thermal: tsens: Add interrupt support")
> Signed-off-by: Colin Ian King <[email protected]>
> ---
> drivers/thermal/qcom/tsens-common.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/thermal/qcom/tsens-common.c b/drivers/thermal/qcom/tsens-common.c
> index 03bf1b8133ea..3d7855106ecd 100644
> --- a/drivers/thermal/qcom/tsens-common.c
> +++ b/drivers/thermal/qcom/tsens-common.c
> @@ -92,7 +92,7 @@ void compute_intercept_slope(struct tsens_priv *priv, u32 *p1,
>
> static inline u32 degc_to_code(int degc, const struct tsens_sensor *s)
> {
> - u64 code = (degc * s->slope + s->offset) / SLOPE_FACTOR;
> + u64 code = ((u64)degc * s->slope + s->offset) / SLOPE_FACTOR;
>
looks ok
just to offer an alternative to avoid the cast;
u64 code = degc;
code = code * s->slope + s->offset;
code/=SLOPE_FACTOR;
ym2c
re,
wh
> pr_debug("%s: raw_code: 0x%llx, degc:%d\n", __func__, code, degc);
> return clamp_val(code, THRESHOLD_MIN_ADC_CODE, THRESHOLD_MAX_ADC_CODE);
On 22/10/2019 13:49, Colin King wrote:
> From: Colin Ian King <[email protected]>
>
> Currently a multiply operation is being performed on two int values
> and the result is being assigned to a u64, presumably because the
> end result is expected to be probably larger than an int. However,
> because the multiply is an int multiply one can get overflow. Avoid
> the overflow by casting degc to a u64 to force a u64 multiply.
>
> Addresses-Coverity: ("Unintentional integer overflow")
> Fixes: fbfe1a042cfd ("drivers: thermal: tsens: Add interrupt support")
> Signed-off-by: Colin Ian King <[email protected]>
> ---
> drivers/thermal/qcom/tsens-common.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/thermal/qcom/tsens-common.c b/drivers/thermal/qcom/tsens-common.c
> index 03bf1b8133ea..3d7855106ecd 100644
> --- a/drivers/thermal/qcom/tsens-common.c
> +++ b/drivers/thermal/qcom/tsens-common.c
> @@ -92,7 +92,7 @@ void compute_intercept_slope(struct tsens_priv *priv, u32 *p1,
>
> static inline u32 degc_to_code(int degc, const struct tsens_sensor *s)
> {
> - u64 code = (degc * s->slope + s->offset) / SLOPE_FACTOR;
> + u64 code = ((u64)degc * s->slope + s->offset) / SLOPE_FACTOR;
- u64 code = ((u64)degc * s->slope + s->offset) / SLOPE_FACTOR;
+ u64 code = div_u64(((u64)degc * s->slope + s->offset),
SLOPE_FACTOR);
>
> pr_debug("%s: raw_code: 0x%llx, degc:%d\n", __func__, code, degc);
> return clamp_val(code, THRESHOLD_MIN_ADC_CODE, THRESHOLD_MAX_ADC_CODE);
>
--
<http://www.linaro.org/> Linaro.org │ Open source software for ARM SoCs
Follow Linaro: <http://www.facebook.com/pages/Linaro> Facebook |
<http://twitter.com/#!/linaroorg> Twitter |
<http://www.linaro.org/linaro-blog/> Blog
On Wed, Oct 30, 2019 at 1:10 AM Daniel Lezcano
<[email protected]> wrote:
>
> On 22/10/2019 13:49, Colin King wrote:
> > From: Colin Ian King <[email protected]>
> >
> > Currently a multiply operation is being performed on two int values
> > and the result is being assigned to a u64, presumably because the
> > end result is expected to be probably larger than an int. However,
> > because the multiply is an int multiply one can get overflow. Avoid
> > the overflow by casting degc to a u64 to force a u64 multiply.
> >
> > Addresses-Coverity: ("Unintentional integer overflow")
> > Fixes: fbfe1a042cfd ("drivers: thermal: tsens: Add interrupt support")
> > Signed-off-by: Colin Ian King <[email protected]>
> > ---
> > drivers/thermal/qcom/tsens-common.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/thermal/qcom/tsens-common.c b/drivers/thermal/qcom/tsens-common.c
> > index 03bf1b8133ea..3d7855106ecd 100644
> > --- a/drivers/thermal/qcom/tsens-common.c
> > +++ b/drivers/thermal/qcom/tsens-common.c
> > @@ -92,7 +92,7 @@ void compute_intercept_slope(struct tsens_priv *priv, u32 *p1,
> >
> > static inline u32 degc_to_code(int degc, const struct tsens_sensor *s)
> > {
> > - u64 code = (degc * s->slope + s->offset) / SLOPE_FACTOR;
> > + u64 code = ((u64)degc * s->slope + s->offset) / SLOPE_FACTOR;
>
>
> - u64 code = ((u64)degc * s->slope + s->offset) / SLOPE_FACTOR;
> + u64 code = div_u64(((u64)degc * s->slope + s->offset),
> SLOPE_FACTOR);
This implementation should handle 32-bit architectures too. Colin,
could you respin?
Regards,
Amit