prevent a bad shift operation by verifying that
the argument to fls is non zero.
Reported-by: "Vabhav Sharma (OSS)" <[email protected]>
Signed-off-by: B K Karthik <[email protected]>
---
v1 -> v2:
added Reported-by tag
drivers/tty/serial/fsl_lpuart.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c
index 7ca642249224..0cc64279cd2d 100644
--- a/drivers/tty/serial/fsl_lpuart.c
+++ b/drivers/tty/serial/fsl_lpuart.c
@@ -1168,7 +1168,8 @@ static inline int lpuart_start_rx_dma(struct lpuart_port *sport)
* 10ms at any baud rate.
*/
sport->rx_dma_rng_buf_len = (DMA_RX_TIMEOUT * baud / bits / 1000) * 2;
- sport->rx_dma_rng_buf_len = (1 << (fls(sport->rx_dma_rng_buf_len) - 1));
+ if (sport->rx_dma_rng_buf_len != 0)
+ sport->rx_dma_rng_buf_len = (1 << (fls(sport->rx_dma_rng_buf_len) - 1));
if (sport->rx_dma_rng_buf_len < 16)
sport->rx_dma_rng_buf_len = 16;
--
2.20.1
On Tue, Jul 21, 2020 at 11:12:29PM +0530, B K Karthik wrote:
> prevent a bad shift operation by verifying that
> the argument to fls is non zero.
>
> Reported-by: "Vabhav Sharma (OSS)" <[email protected]>
> Signed-off-by: B K Karthik <[email protected]>
> ---
> v1 -> v2:
> added Reported-by tag
>
> drivers/tty/serial/fsl_lpuart.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c
> index 7ca642249224..0cc64279cd2d 100644
> --- a/drivers/tty/serial/fsl_lpuart.c
> +++ b/drivers/tty/serial/fsl_lpuart.c
> @@ -1168,7 +1168,8 @@ static inline int lpuart_start_rx_dma(struct lpuart_port *sport)
> * 10ms at any baud rate.
> */
> sport->rx_dma_rng_buf_len = (DMA_RX_TIMEOUT * baud / bits / 1000) * 2;
> - sport->rx_dma_rng_buf_len = (1 << (fls(sport->rx_dma_rng_buf_len) - 1));
> + if (sport->rx_dma_rng_buf_len != 0)
How can this variable become 0?
thanks,
greg k-h
On Wed, Aug 5, 2020 at 6:26 PM Greg Kroah-Hartman
<[email protected]> wrote:
>
> On Wed, Aug 05, 2020 at 12:09:34PM +0000, Vabhav Sharma (OSS) wrote:
> >
> >
> > > -----Original Message-----
> > > From: Greg Kroah-Hartman <[email protected]>
> > > Sent: Wednesday, July 29, 2020 9:34 PM
> > > To: B K Karthik <[email protected]>
> > > Cc: Jiri Slaby <[email protected]>; [email protected]; linux-
> > > [email protected]; Vabhav Sharma (OSS)
> > > <[email protected]>; [email protected]
> > > Subject: Re: [PATCH v2] tty: serial: fsl_lpuart.c: prevent a bad shift operation
> > >
> > > On Tue, Jul 21, 2020 at 11:12:29PM +0530, B K Karthik wrote:
> > > > prevent a bad shift operation by verifying that the argument to fls is
> > > > non zero.
> > > >
> > > > Reported-by: "Vabhav Sharma (OSS)" <[email protected]>
> > > > Signed-off-by: B K Karthik <[email protected]>
> > > > ---
> > > > v1 -> v2:
> > > > added Reported-by tag
> > > >
> > > > drivers/tty/serial/fsl_lpuart.c | 3 ++-
> > > > 1 file changed, 2 insertions(+), 1 deletion(-)
> > > >
> > > > diff --git a/drivers/tty/serial/fsl_lpuart.c
> > > > b/drivers/tty/serial/fsl_lpuart.c index 7ca642249224..0cc64279cd2d
> > > > 100644
> > > > --- a/drivers/tty/serial/fsl_lpuart.c
> > > > +++ b/drivers/tty/serial/fsl_lpuart.c
> > > > @@ -1168,7 +1168,8 @@ static inline int lpuart_start_rx_dma(struct
> > > lpuart_port *sport)
> > > > * 10ms at any baud rate.
> > > > */
> > > > sport->rx_dma_rng_buf_len = (DMA_RX_TIMEOUT * baud / bits /
> > > 1000) * 2;
> > > > - sport->rx_dma_rng_buf_len = (1 << (fls(sport->rx_dma_rng_buf_len)
> > > - 1));
> > > > + if (sport->rx_dma_rng_buf_len != 0)
> > >
> > > How can this variable become 0?
> > Condition x, taking false branch
> > Explicitly returning zero
> >
> > static __always_inline int fls(unsigned int x)
> > {
> > return x ? sizeof(x) * 8 - __builtin_clz(x) : 0;
> > }
>
> What false branch?
I'm assuming he's talking about the value after : in the ? operator.
I am checking for the wrong thing in the if statement. We will have to
check for the return value of fls() before performing the shift.
I can change it and send a v3 if you agree.
Please let me know.
thanks,
karthik
On Wed, Aug 05, 2020 at 12:09:34PM +0000, Vabhav Sharma (OSS) wrote:
>
>
> > -----Original Message-----
> > From: Greg Kroah-Hartman <[email protected]>
> > Sent: Wednesday, July 29, 2020 9:34 PM
> > To: B K Karthik <[email protected]>
> > Cc: Jiri Slaby <[email protected]>; [email protected]; linux-
> > [email protected]; Vabhav Sharma (OSS)
> > <[email protected]>; [email protected]
> > Subject: Re: [PATCH v2] tty: serial: fsl_lpuart.c: prevent a bad shift operation
> >
> > On Tue, Jul 21, 2020 at 11:12:29PM +0530, B K Karthik wrote:
> > > prevent a bad shift operation by verifying that the argument to fls is
> > > non zero.
> > >
> > > Reported-by: "Vabhav Sharma (OSS)" <[email protected]>
> > > Signed-off-by: B K Karthik <[email protected]>
> > > ---
> > > v1 -> v2:
> > > added Reported-by tag
> > >
> > > drivers/tty/serial/fsl_lpuart.c | 3 ++-
> > > 1 file changed, 2 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/tty/serial/fsl_lpuart.c
> > > b/drivers/tty/serial/fsl_lpuart.c index 7ca642249224..0cc64279cd2d
> > > 100644
> > > --- a/drivers/tty/serial/fsl_lpuart.c
> > > +++ b/drivers/tty/serial/fsl_lpuart.c
> > > @@ -1168,7 +1168,8 @@ static inline int lpuart_start_rx_dma(struct
> > lpuart_port *sport)
> > > * 10ms at any baud rate.
> > > */
> > > sport->rx_dma_rng_buf_len = (DMA_RX_TIMEOUT * baud / bits /
> > 1000) * 2;
> > > - sport->rx_dma_rng_buf_len = (1 << (fls(sport->rx_dma_rng_buf_len)
> > - 1));
> > > + if (sport->rx_dma_rng_buf_len != 0)
> >
> > How can this variable become 0?
> Condition x, taking false branch
> Explicitly returning zero
>
> static __always_inline int fls(unsigned int x)
> {
> return x ? sizeof(x) * 8 - __builtin_clz(x) : 0;
> }
What false branch?
I don't see how this can ever be an issue in "the real world", can you
explain how it could ever be a problem?
thanks,
greg k-h
> -----Original Message-----
> From: Greg Kroah-Hartman <[email protected]>
> Sent: Wednesday, July 29, 2020 9:34 PM
> To: B K Karthik <[email protected]>
> Cc: Jiri Slaby <[email protected]>; [email protected]; linux-
> [email protected]; Vabhav Sharma (OSS)
> <[email protected]>; [email protected]
> Subject: Re: [PATCH v2] tty: serial: fsl_lpuart.c: prevent a bad shift operation
>
> On Tue, Jul 21, 2020 at 11:12:29PM +0530, B K Karthik wrote:
> > prevent a bad shift operation by verifying that the argument to fls is
> > non zero.
> >
> > Reported-by: "Vabhav Sharma (OSS)" <[email protected]>
> > Signed-off-by: B K Karthik <[email protected]>
> > ---
> > v1 -> v2:
> > added Reported-by tag
> >
> > drivers/tty/serial/fsl_lpuart.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/tty/serial/fsl_lpuart.c
> > b/drivers/tty/serial/fsl_lpuart.c index 7ca642249224..0cc64279cd2d
> > 100644
> > --- a/drivers/tty/serial/fsl_lpuart.c
> > +++ b/drivers/tty/serial/fsl_lpuart.c
> > @@ -1168,7 +1168,8 @@ static inline int lpuart_start_rx_dma(struct
> lpuart_port *sport)
> > * 10ms at any baud rate.
> > */
> > sport->rx_dma_rng_buf_len = (DMA_RX_TIMEOUT * baud / bits /
> 1000) * 2;
> > - sport->rx_dma_rng_buf_len = (1 << (fls(sport->rx_dma_rng_buf_len)
> - 1));
> > + if (sport->rx_dma_rng_buf_len != 0)
>
> How can this variable become 0?
Condition x, taking false branch
Explicitly returning zero
static __always_inline int fls(unsigned int x)
{
return x ? sizeof(x) * 8 - __builtin_clz(x) : 0;
}
>
> thanks,
>
> greg k-h