Coverity reported shift 16 bits could cause sign extension and might get
an unexpected value. Since the input values are predefined and no this
kind of case, original code is safe so far. But, still changing them to
use FIELD_PREP() will be more clear and prevent mistakes in the future.
The original message of Coverity is:
Suspicious implicit sign extension: "max_cfg->cma0_dma" with type "u16"
(16 bits, unsigned) is promoted in "max_cfg->cma0_dma << 16" to type
"int" (32 bits, signed), then sign-extended to type "unsigned long"
(64 bits, unsigned). If "max_cfg->cma0_dma << 16" is greater than
0x7FFFFFFF, the upper bits of the result will all be 1."
Reported-by: coverity-bot <[email protected]>
Addresses-Coverity-ID: 1527095 ("Integer handling issues")
Fixes: e3ec7017f6a2 ("rtw89: add Realtek 802.11ax driver")
Signed-off-by: Ping-Ke Shih <[email protected]>
---
drivers/net/wireless/realtek/rtw89/mac.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw89/mac.c b/drivers/net/wireless/realtek/rtw89/mac.c
index bb49033b587d2..11081dfdfb172 100644
--- a/drivers/net/wireless/realtek/rtw89/mac.c
+++ b/drivers/net/wireless/realtek/rtw89/mac.c
@@ -1487,10 +1487,8 @@ static int dle_mix_cfg(struct rtw89_dev *rtwdev, const struct rtw89_dle_mem *cfg
#define INVALID_QT_WCPU U16_MAX
#define SET_QUOTA_VAL(_min_x, _max_x, _module, _idx) \
do { \
- val = ((_min_x) & \
- B_AX_ ## _module ## _MIN_SIZE_MASK) | \
- (((_max_x) << 16) & \
- B_AX_ ## _module ## _MAX_SIZE_MASK); \
+ val = FIELD_PREP(B_AX_ ## _module ## _MIN_SIZE_MASK, _min_x) | \
+ FIELD_PREP(B_AX_ ## _module ## _MAX_SIZE_MASK, _max_x); \
rtw89_write32(rtwdev, \
R_AX_ ## _module ## _QTA ## _idx ## _CFG, \
val); \
--
2.25.1
Ping-Ke Shih <[email protected]> writes:
> Coverity reported shift 16 bits could cause sign extension and might get
> an unexpected value. Since the input values are predefined and no this
> kind of case, original code is safe so far. But, still changing them to
> use FIELD_PREP() will be more clear and prevent mistakes in the future.
>
> The original message of Coverity is:
> Suspicious implicit sign extension: "max_cfg->cma0_dma" with type "u16"
> (16 bits, unsigned) is promoted in "max_cfg->cma0_dma << 16" to type
> "int" (32 bits, signed), then sign-extended to type "unsigned long"
> (64 bits, unsigned). If "max_cfg->cma0_dma << 16" is greater than
> 0x7FFFFFFF, the upper bits of the result will all be 1."
>
> Reported-by: coverity-bot <[email protected]>
> Addresses-Coverity-ID: 1527095 ("Integer handling issues")
> Fixes: e3ec7017f6a2 ("rtw89: add Realtek 802.11ax driver")
> Signed-off-by: Ping-Ke Shih <[email protected]>
> ---
> drivers/net/wireless/realtek/rtw89/mac.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/wireless/realtek/rtw89/mac.c b/drivers/net/wireless/realtek/rtw89/mac.c
> index bb49033b587d2..11081dfdfb172 100644
> --- a/drivers/net/wireless/realtek/rtw89/mac.c
> +++ b/drivers/net/wireless/realtek/rtw89/mac.c
> @@ -1487,10 +1487,8 @@ static int dle_mix_cfg(struct rtw89_dev *rtwdev, const struct rtw89_dle_mem *cfg
> #define INVALID_QT_WCPU U16_MAX
> #define SET_QUOTA_VAL(_min_x, _max_x, _module, _idx) \
> do { \
> - val = ((_min_x) & \
> - B_AX_ ## _module ## _MIN_SIZE_MASK) | \
> - (((_max_x) << 16) & \
> - B_AX_ ## _module ## _MAX_SIZE_MASK); \
> + val = FIELD_PREP(B_AX_ ## _module ## _MIN_SIZE_MASK, _min_x) | \
> + FIELD_PREP(B_AX_ ## _module ## _MAX_SIZE_MASK, _max_x); \
BTW in wireless nowadays the preference is to use u32_encode_bits() & co
instead of FIELD_PREP(). Not an issue for this patch, just wanted to
mention anyway.
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
> -----Original Message-----
> From: Kalle Valo <[email protected]>
> Sent: Monday, November 7, 2022 8:29 PM
> To: Ping-Ke Shih <[email protected]>
> Cc: [email protected]
> Subject: Re: [PATCH] wifi: rtw89: use FIELD_PREP to fill MAC quota value
>
> Ping-Ke Shih <[email protected]> writes:
>
> > Coverity reported shift 16 bits could cause sign extension and might get
> > an unexpected value. Since the input values are predefined and no this
> > kind of case, original code is safe so far. But, still changing them to
> > use FIELD_PREP() will be more clear and prevent mistakes in the future.
> >
> > The original message of Coverity is:
> > Suspicious implicit sign extension: "max_cfg->cma0_dma" with type "u16"
> > (16 bits, unsigned) is promoted in "max_cfg->cma0_dma << 16" to type
> > "int" (32 bits, signed), then sign-extended to type "unsigned long"
> > (64 bits, unsigned). If "max_cfg->cma0_dma << 16" is greater than
> > 0x7FFFFFFF, the upper bits of the result will all be 1."
> >
> > Reported-by: coverity-bot <[email protected]>
> > Addresses-Coverity-ID: 1527095 ("Integer handling issues")
> > Fixes: e3ec7017f6a2 ("rtw89: add Realtek 802.11ax driver")
> > Signed-off-by: Ping-Ke Shih <[email protected]>
> > ---
> > drivers/net/wireless/realtek/rtw89/mac.c | 6 ++----
> > 1 file changed, 2 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/net/wireless/realtek/rtw89/mac.c b/drivers/net/wireless/realtek/rtw89/mac.c
> > index bb49033b587d2..11081dfdfb172 100644
> > --- a/drivers/net/wireless/realtek/rtw89/mac.c
> > +++ b/drivers/net/wireless/realtek/rtw89/mac.c
> > @@ -1487,10 +1487,8 @@ static int dle_mix_cfg(struct rtw89_dev *rtwdev, const struct rtw89_dle_mem *cfg
> > #define INVALID_QT_WCPU U16_MAX
> > #define SET_QUOTA_VAL(_min_x, _max_x, _module, _idx) \
> > do { \
> > - val = ((_min_x) & \
> > - B_AX_ ## _module ## _MIN_SIZE_MASK) | \
> > - (((_max_x) << 16) & \
> > - B_AX_ ## _module ## _MAX_SIZE_MASK); \
> > + val = FIELD_PREP(B_AX_ ## _module ## _MIN_SIZE_MASK, _min_x) | \
> > + FIELD_PREP(B_AX_ ## _module ## _MAX_SIZE_MASK, _max_x); \
>
> BTW in wireless nowadays the preference is to use u32_encode_bits() & co
> instead of FIELD_PREP(). Not an issue for this patch, just wanted to
> mention anyway.
>
I can practice to use u32_encode_bits() from this patch. Will send v2.
Ping-Ke