LinuxLists.cc - re: net: stmmac: Add basic EST support for GMAC5+

2019-12-20 23:51:05

Subject: re: net: stmmac: Add basic EST support for GMAC5+

Hi,

Static analysis with Coverity has detected a potential issue with the
following commit:

commit 504723af0d85434be5fb6f2dde0b62644a7f1ead
Author: Jose Abreu <[email protected]>
Date: Wed Dec 18 11:33:05 2019 +0100

net: stmmac: Add basic EST support for GMAC5+

In function dwmac5_est_configure() we have a u64 total_ctr being
assigned as follows:

total_ctr = cfg->ctr[0] + cfg->ctr[1] * 1000000000;

The cfg->ctr[1] is a u32, the multiplication of cfg->ctr[1] is a u32
multiplication operation, so multiplying by 1000000000 can potentially
cause an overflow. Either cfg->ctr[1] needs to be cast to a u64 or
1000000000 should be at least a 1000000000UL to avoid this overflow. I
was going to fix this but on further inspection I was not sure if the
original code was intended as:

total_ctr = cfg->ctr[0] + cfg->ctr[1] * 1000000000UL;
or:
total_ctr = (cfg->ctr[0] + cfg->ctr[1]) * 1000000000UL;

..hence I'm flagging this up as potential error.

Colin

2019-12-26 17:15:30

by Jose Abreu

[permalink] [raw]

Subject: RE: net: stmmac: Add basic EST support for GMAC5+

From: Colin Ian King <[email protected]>
Date: Dec/20/2019, 23:49:02 (UTC+00:00)

> Hi,
>
> Static analysis with Coverity has detected a potential issue with the
> following commit:
>
> commit 504723af0d85434be5fb6f2dde0b62644a7f1ead
> Author: Jose Abreu <[email protected]>
> Date: Wed Dec 18 11:33:05 2019 +0100
>
> net: stmmac: Add basic EST support for GMAC5+
>
>
> In function dwmac5_est_configure() we have a u64 total_ctr being
> assigned as follows:
>
> total_ctr = cfg->ctr[0] + cfg->ctr[1] * 1000000000;
>
> The cfg->ctr[1] is a u32, the multiplication of cfg->ctr[1] is a u32
> multiplication operation, so multiplying by 1000000000 can potentially
> cause an overflow. Either cfg->ctr[1] needs to be cast to a u64 or
> 1000000000 should be at least a 1000000000UL to avoid this overflow. I
> was going to fix this but on further inspection I was not sure if the
> original code was intended as:
>
> total_ctr = cfg->ctr[0] + cfg->ctr[1] * 1000000000UL;
> or:
> total_ctr = (cfg->ctr[0] + cfg->ctr[1]) * 1000000000UL;
>
> ..hence I'm flagging this up as potential error.

Thanks for the report. The first option is the correct one as ctr[1] is
seconds and ctr[0] is nanoseconds. Can you send a fix-up patch ?

---
Thanks,
Jose Miguel Abreu