From: Colin Ian King <[email protected]>
The shifting of the u8 integer returned fom ahc_inb(ahc, port+3) by
24 bits to the left will be promoted to a 32 bit signed int and then
sign-extended to a u64. In the event that the top bit of the u8
is set then all then all the upper 32 bits of the u64 end up as
also being set because of the sign-extension. Fix this by
casting the u8 values to a u64 before the 24 bit left shift.
[ This dates back to 2002, I found the offending commit from the git
history git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git,
commit f58eb66c0b0a ("Update aic7xxx driver to 6.2.10...") ]
Addresses-Coverity: ("Unintended sign extension")
Signed-off-by: Colin Ian King <[email protected]>
---
drivers/scsi/aic7xxx/aic7xxx_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/aic7xxx/aic7xxx_core.c b/drivers/scsi/aic7xxx/aic7xxx_core.c
index 4b04ab8908f8..a396f048a031 100644
--- a/drivers/scsi/aic7xxx/aic7xxx_core.c
+++ b/drivers/scsi/aic7xxx/aic7xxx_core.c
@@ -493,7 +493,7 @@ ahc_inq(struct ahc_softc *ahc, u_int port)
return ((ahc_inb(ahc, port))
| (ahc_inb(ahc, port+1) << 8)
| (ahc_inb(ahc, port+2) << 16)
- | (ahc_inb(ahc, port+3) << 24)
+ | (((uint64_t)ahc_inb(ahc, port+3)) << 24)
| (((uint64_t)ahc_inb(ahc, port+4)) << 32)
| (((uint64_t)ahc_inb(ahc, port+5)) << 40)
| (((uint64_t)ahc_inb(ahc, port+6)) << 48)
--
2.31.1
Colin,
> The shifting of the u8 integer returned fom ahc_inb(ahc, port+3) by 24
> bits to the left will be promoted to a 32 bit signed int and then
> sign-extended to a u64.
Applied to 5.14/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
On Mon, 21 Jun 2021 16:17:27 +0100, Colin King wrote:
> The shifting of the u8 integer returned fom ahc_inb(ahc, port+3) by
> 24 bits to the left will be promoted to a 32 bit signed int and then
> sign-extended to a u64. In the event that the top bit of the u8
> is set then all then all the upper 32 bits of the u64 end up as
> also being set because of the sign-extension. Fix this by
> casting the u8 values to a u64 before the 24 bit left shift.
>
> [...]
Applied to 5.14/scsi-queue, thanks!
[1/1] scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
https://git.kernel.org/mkp/scsi/c/332a9dd1d86f
--
Martin K. Petersen Oracle Linux Engineering