Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1322813yba; Tue, 2 Apr 2019 06:52:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqwjY6EEJ0v5VkFaChL0sVTqH5rFWnspIMjLlrO+oBiVk4MUxE8iVXY4IZlRERvzbdnvyouR X-Received: by 2002:a17:902:1002:: with SMTP id b2mr68832923pla.248.1554213133610; Tue, 02 Apr 2019 06:52:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554213133; cv=none; d=google.com; s=arc-20160816; b=mAZ4p0impxAgkIWI46pEyZROfmMaXNqbv5s1SkOQDUpzzWwG9usrd8j1iIXLc6ERrw DQAiGJn4Z73ZXLOk7+VzwFWER55UrFwCren+4sLFq8UoVSG/yzxBGFMGh0AwzHBR6H2u PX9XL2DXr47wYbRlOyo7+gxppoTrxQjw4B78/GLjJIQhs92HsTv4kkKFJ5dfBuSBrurj yPVYhnmASy9BMku+h+p04eVcmLUvxQu8rbTHgmGCbk2Y79FyrRcIAW37u4fp7/DVG4hq fya/bTk6Rk6n4mWAU847N95PNISfN1pBp0+Q4OsxUnVc+zA0BS76ABUdkgIoTzgjEIPY 2GAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition; bh=lsfTfv32dHZd0Gxk9pGJsP1aEAzpnmi+OCyQDDEPsW0=; b=B132pagCvHx8IDX/XV8Yz4t9GwSERqtyIEO/OOODoVCgALa8K7uxi0HemIxnR4jiIm Da6Uv1MTkRx2NUxGSttazmMHGxrBdgMVg6vdoImwqBEO/+e2Qj/mrFC3MVLIg8PM3i+k HVn5EK799nwo2iTGKcbRdzIcGc7+BC1GYAmjYcbMMHrsfe7VizHOMGbOdwasFnzq+KnF y39YheGxNzF4LjJlEUr5Yif+sBgYcS3DiNabTMTtjidxxlKtlkpV+eZSa8TAcMr6m1+T CzrI/i3+5MY+ajQ2fy78RnIs1jfa1ngCHvBRQXdUyA9bkIAl91PkkgLju2giW07pVhKC 1x5w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r17si10803074pgv.328.2019.04.02.06.51.58; Tue, 02 Apr 2019 06:52:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732352AbfDBNtc (ORCPT + 99 others); Tue, 2 Apr 2019 09:49:32 -0400 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:42828 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726903AbfDBNkC (ORCPT ); Tue, 2 Apr 2019 09:40:02 -0400 Received: from [167.98.27.226] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1hBJdt-0002mS-Vf; Tue, 02 Apr 2019 14:39:58 +0100 Received: from ben by deadeye with local (Exim 4.92) (envelope-from ) id 1hBJdt-0004qX-6V; Tue, 02 Apr 2019 14:39:57 +0100 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, Denis Kirjanov , "Bjorn Helgaas" , "Colin Ian King" Date: Tue, 02 Apr 2019 14:38:27 +0100 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) X-Patchwork-Hint: ignore Subject: [PATCH 3.16 03/99] x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) In-Reply-To: X-SA-Exim-Connect-IP: 167.98.27.226 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.65-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Colin Ian King commit 53bb565fc5439f2c8c57a786feea5946804aa3e9 upstream. In the expression "word1 << 16", word1 starts as u16, but is promoted to a signed int, then sign-extended to resource_size_t, which is probably not what was intended. Cast to resource_size_t to avoid the sign extension. This fixes an identical issue as fixed by commit 0b2d70764bb3 ("x86/PCI: Fix Broadcom CNB20LE unintended sign extension") back in 2014. Detected by CoverityScan, CID#138749, 138750 ("Unintended sign extension") Fixes: 3f6ea84a3035 ("PCI: read memory ranges out of Broadcom CNB20LE host bridge") Signed-off-by: Colin Ian King Signed-off-by: Bjorn Helgaas Signed-off-by: Ben Hutchings --- arch/x86/pci/broadcom_bus.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/arch/x86/pci/broadcom_bus.c +++ b/arch/x86/pci/broadcom_bus.c @@ -50,8 +50,8 @@ static void __init cnb20le_res(u8 bus, u word1 = read_pci_config_16(bus, slot, func, 0xc0); word2 = read_pci_config_16(bus, slot, func, 0xc2); if (word1 != word2) { - res.start = (word1 << 16) | 0x0000; - res.end = (word2 << 16) | 0xffff; + res.start = ((resource_size_t) word1 << 16) | 0x0000; + res.end = ((resource_size_t) word2 << 16) | 0xffff; res.flags = IORESOURCE_MEM; update_res(info, res.start, res.end, res.flags, 0); }