Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2164161pxb; Fri, 5 Feb 2021 10:25:54 -0800 (PST) X-Google-Smtp-Source: ABdhPJy4QngOwreh8nq6xJgbE644BWmmD82xvBKXNMtKJ/6lnxAfyJ0Y4Mj6p1Ux45AVmovjHeSp X-Received: by 2002:a05:6402:95a:: with SMTP id h26mr4669824edz.288.1612549553800; Fri, 05 Feb 2021 10:25:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612549553; cv=none; d=google.com; s=arc-20160816; b=kwv88/uyH1qs4boEuy4qh8eLYJFycTIDA6yUtqob4riGniwGtI7yGAinkoqj6gl+Lq Hl0APELoXSVO9O7odb8578F0d3sAWbQfpKJGkPBsIVw8DwlzpeKuWanTB6kDIe/eK9Ix G8Vdeeamf57S7HM0xK/DpM0ju6waJAliN084y2AVOBgj2idDgi70+j6ST8yLBZlWk9zN zk4pF4DPvho4xU06Y+XenExSS9m9NHcujewevc1KJud91C23QKdNJquqf9pQ8ZJ9zDC2 yF6vLUfclopLS5I9zA4W+5CuYW3E2wimz1brdUJ9E7dQVwTkGHQcEo35vya2S19czPg7 jjzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:references:cc :to:from:subject; bh=N+9YiQmqZIH/6PpR4V3Z/5LkFKWQ6yWoSWjZl5JTg2I=; b=THoqW03t9JhZ0cHhHIt5H5US8KctWB/LCIAhzR2G39H/rIcRPIGbbyjbV2PZkXcBar 4cjDmktoLAhdR3PEvHNn2G7NErZE8Rb1wRyhpatWQS1qibVaUtZmmSJPpgh293IXsDVX ZDnhli3mn7aFQ/sGqYSakctMaRMmd2T674OnfpS5mOcfNcc9y8x4/zRTp5DqFdNGqQwL /qsrR8xl6QLGlpEPWtVd27f4+mbJR7lzZIovADt8HxJm29YJ2W8BE72lxSzXF6lQ3QBr f7gk5n+bHmboCtcFwjLxPfe3VQfjchzZKUO0qi0liS+FTdMKAWbDdgcmyhh6u9KFM9wQ 8M1Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m13si5605138edb.227.2021.02.05.10.25.28; Fri, 05 Feb 2021 10:25:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230374AbhBEQk3 (ORCPT + 99 others); Fri, 5 Feb 2021 11:40:29 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:40566 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233231AbhBEQic (ORCPT ); Fri, 5 Feb 2021 11:38:32 -0500 Received: from 1.general.cking.uk.vpn ([10.172.193.212]) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1l85iG-0006ge-1Y; Fri, 05 Feb 2021 18:20:12 +0000 Subject: Re: Potential invalid ~ operator in net/mac80211/cfg.c From: Colin Ian King To: Johannes Berg Cc: "David S. Miller" , Jakub Kicinski , "linux-wireless@vger.kernel.org" , "netdev@vger.kernel.org" References: <4bb65f2f-48f9-7d9c-ab2e-15596f15a4d8@canonical.com> <15f435a791b0c4b853c8c6b284042c7057d6efaf.camel@sipsolutions.net> <1383c6f1-1317-daed-ecc7-e5cc3f309c41@canonical.com> Message-ID: <86c1e5aa-459d-6d76-69e4-f7bc177214bf@canonical.com> Date: Fri, 5 Feb 2021 18:20:11 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 MIME-Version: 1.0 In-Reply-To: <1383c6f1-1317-daed-ecc7-e5cc3f309c41@canonical.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On 05/02/2021 18:19, Colin Ian King wrote: > On 05/02/2021 18:05, Johannes Berg wrote: >> Hi Colin, >> >>> while working through a backlog of older static analysis reports from >>> Coverity >> >> So ... yeah. Every time I look at Coverity (not frequently, I must >> admit) I see the same thing, and get confused. >> >>> I found an interesting use of the ~ operator that looks >>> incorrect to me in function ieee80211_set_bitrate_mask(): >>> >>> for (j = 0; j < IEEE80211_HT_MCS_MASK_LEN; j++) { >>> if (~sdata->rc_rateidx_mcs_mask[i][j]) { >>> sdata->rc_has_mcs_mask[i] = true; >>> break; >>> } >>> } >>> >>> for (j = 0; j < NL80211_VHT_NSS_MAX; j++) { >>> if (~sdata->rc_rateidx_vht_mcs_mask[i][j]) { >>> sdata->rc_has_vht_mcs_mask[i] = true; >>> break; >>> } >>> } >>> >>> For the ~ operator in both if stanzas, Coverity reports: >>> >>> Logical vs. bitwise operator (CONSTANT_EXPRESSION_RESULT) >>> logical_vs_bitwise: >>> >>> ~sdata->rc_rateidx_mcs_mask[i][j] is always 1/true regardless of the >>> values of its operand. This occurs as the logical operand of if. >>> Did you intend to use ! rather than ~? >>> >>> I've checked the results of this and it does seem that ~ is incorrect >>> and always returns true for the if expression. So it probably should be >>> !, but I'm not sure if I'm missing something deeper here and wondering >>> why this has always worked. >> >> But is it really always true? >> >> I _think_ it was intended to check that it's not 0xffffffff or >> something? >> >> https://lore.kernel.org/linux-wireless/516C0C7F.3000204@openwrt.org/ >> >> But maybe that isn't actually quite right due to integer promotion? >> OTOH, that's a u8, so it should do the ~ in u8 space, and then compare >> to 0 also? > > rc_rateidx_vht_mcs_mask is a u64, so I think the expression could be > expressed as: oops, fat fingered that, it is a u16 not a u64 > > if ((uint16_t)~sdata->rc_rateidx_mcs_mask[i][j]) .. > > this is only true if all the 16 bits in the mask are 0xffff > >> >> johannes >> >