[U-Boot] [PATCH 1/2] mtd: fix mtd_oobavail() incoherent returned value
mtd_oobavail() returns either mtd->oovabail or mtd->oobsize. Both values are unsigned 32-bit entities, so there is no reason to pretend returning a signed one.
Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com --- include/linux/mtd/mtd.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/mtd/mtd.h b/include/linux/mtd/mtd.h index 68e5915324..0525cfd27c 100644 --- a/include/linux/mtd/mtd.h +++ b/include/linux/mtd/mtd.h @@ -390,7 +390,7 @@ static inline void mtd_set_ooblayout(struct mtd_info *mtd, mtd->ooblayout = ooblayout; }
-static inline int mtd_oobavail(struct mtd_info *mtd, struct mtd_oob_ops *ops) +static inline u32 mtd_oobavail(struct mtd_info *mtd, struct mtd_oob_ops *ops) { return ops->mode == MTD_OPS_AUTO_OOB ? mtd->oobavail : mtd->oobsize; }
A Coverity robot reported an integer handling issue (OVERFLOW_BEFORE_WIDEN) in the potentially overflowing expression:
(mtd_div_by_ws(mtd->size, mtd) - mtd_div_by_ws(offs, mtd)) * mtd_oobavail(mtd, ops)
While such overflow will certainly never happen due to the numbers handled, it is cleaner to fix this operation anyway.
The problem is that all the maths include 32-bit quantities, while the result is stored in an explicit 64-bit value.
As maxooblen will just be compared with a size_t, let's change the type of the variable to a size_t. This will not fix anything but will clarify a bit the situation. Then, do an explicit cast to fix Coverity warning.
Addresses-Coverity-ID: 184180 ("Integer handling issues") Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com --- drivers/mtd/mtdcore.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index fb6c779abb..df12535d32 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -1030,13 +1030,13 @@ static int mtd_check_oob_ops(struct mtd_info *mtd, loff_t offs, return -EINVAL;
if (ops->ooblen) { - u64 maxooblen; + size_t maxooblen;
if (ops->ooboffs >= mtd_oobavail(mtd, ops)) return -EINVAL;
- maxooblen = ((mtd_div_by_ws(mtd->size, mtd) - - mtd_div_by_ws(offs, mtd)) * + maxooblen = ((size_t)(mtd_div_by_ws(mtd->size, mtd) - + mtd_div_by_ws(offs, mtd)) * mtd_oobavail(mtd, ops)) - ops->ooboffs; if (ops->ooblen > maxooblen) return -EINVAL;
Hello,
Miquel Raynal miquel.raynal@bootlin.com wrote on Sun, 18 Nov 2018 21:11:47 +0100:
A Coverity robot reported an integer handling issue (OVERFLOW_BEFORE_WIDEN) in the potentially overflowing expression:
(mtd_div_by_ws(mtd->size, mtd) - mtd_div_by_ws(offs, mtd)) * mtd_oobavail(mtd, ops)While such overflow will certainly never happen due to the numbers handled, it is cleaner to fix this operation anyway.
The problem is that all the maths include 32-bit quantities, while the result is stored in an explicit 64-bit value.
As maxooblen will just be compared with a size_t, let's change the type of the variable to a size_t. This will not fix anything but will clarify a bit the situation. Then, do an explicit cast to fix Coverity warning.
Addresses-Coverity-ID: 184180 ("Integer handling issues") Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com
I forgot to add the link to the corresponding Travis-CI job: https://travis-ci.org/miquelraynal/u-boot/builds/456679982
Thanks, Miquèl
Hello,
Miquel Raynal miquel.raynal@bootlin.com wrote on Sun, 18 Nov 2018 21:13:47 +0100:
Hello,
Miquel Raynal miquel.raynal@bootlin.com wrote on Sun, 18 Nov 2018 21:11:47 +0100:
A Coverity robot reported an integer handling issue (OVERFLOW_BEFORE_WIDEN) in the potentially overflowing expression:
(mtd_div_by_ws(mtd->size, mtd) - mtd_div_by_ws(offs, mtd)) * mtd_oobavail(mtd, ops)While such overflow will certainly never happen due to the numbers handled, it is cleaner to fix this operation anyway.
The problem is that all the maths include 32-bit quantities, while the result is stored in an explicit 64-bit value.
As maxooblen will just be compared with a size_t, let's change the type of the variable to a size_t. This will not fix anything but will clarify a bit the situation. Then, do an explicit cast to fix Coverity warning.
Addresses-Coverity-ID: 184180 ("Integer handling issues") Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com
I forgot to add the link to the corresponding Travis-CI job: https://travis-ci.org/miquelraynal/u-boot/builds/456679982
Gentle ping on this series (patch 1 & 2). They do apply cleanly on current master.
Tom, shall I expect you to take it or is it Jagan's mission?
Thanks, Miquèl
On Mon, Apr 08, 2019 at 11:43:59AM +0200, Miquel Raynal wrote:
Hello,
Miquel Raynal miquel.raynal@bootlin.com wrote on Sun, 18 Nov 2018 21:13:47 +0100:
Hello,
Miquel Raynal miquel.raynal@bootlin.com wrote on Sun, 18 Nov 2018 21:11:47 +0100:
A Coverity robot reported an integer handling issue (OVERFLOW_BEFORE_WIDEN) in the potentially overflowing expression:
(mtd_div_by_ws(mtd->size, mtd) - mtd_div_by_ws(offs, mtd)) * mtd_oobavail(mtd, ops)While such overflow will certainly never happen due to the numbers handled, it is cleaner to fix this operation anyway.
The problem is that all the maths include 32-bit quantities, while the result is stored in an explicit 64-bit value.
As maxooblen will just be compared with a size_t, let's change the type of the variable to a size_t. This will not fix anything but will clarify a bit the situation. Then, do an explicit cast to fix Coverity warning.
Addresses-Coverity-ID: 184180 ("Integer handling issues") Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com
I forgot to add the link to the corresponding Travis-CI job: https://travis-ci.org/miquelraynal/u-boot/builds/456679982
Gentle ping on this series (patch 1 & 2). They do apply cleanly on current master.
Tom, shall I expect you to take it or is it Jagan's mission?
My current feeling is this goes via Jagan's tree and I wasn't expecting them in for this release. Thanks!
Hi Tom,
Tom Rini trini@konsulko.com wrote on Mon, 8 Apr 2019 07:52:16 -0400:
On Mon, Apr 08, 2019 at 11:43:59AM +0200, Miquel Raynal wrote:
Hello,
Miquel Raynal miquel.raynal@bootlin.com wrote on Sun, 18 Nov 2018 21:13:47 +0100:
Hello,
Miquel Raynal miquel.raynal@bootlin.com wrote on Sun, 18 Nov 2018 21:11:47 +0100:
A Coverity robot reported an integer handling issue (OVERFLOW_BEFORE_WIDEN) in the potentially overflowing expression:
(mtd_div_by_ws(mtd->size, mtd) - mtd_div_by_ws(offs, mtd)) * mtd_oobavail(mtd, ops)While such overflow will certainly never happen due to the numbers handled, it is cleaner to fix this operation anyway.
The problem is that all the maths include 32-bit quantities, while the result is stored in an explicit 64-bit value.
As maxooblen will just be compared with a size_t, let's change the type of the variable to a size_t. This will not fix anything but will clarify a bit the situation. Then, do an explicit cast to fix Coverity warning.
Addresses-Coverity-ID: 184180 ("Integer handling issues") Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com
I forgot to add the link to the corresponding Travis-CI job: https://travis-ci.org/miquelraynal/u-boot/builds/456679982
Gentle ping on this series (patch 1 & 2). They do apply cleanly on current master.
Tom, shall I expect you to take it or is it Jagan's mission?
My current feeling is this goes via Jagan's tree and I wasn't expecting them in for this release. Thanks!
No problem, I know we are late in the merge process, these are just Coverity fixes, they are not urgent, I just am cleaning my branches and I discover many patches which I thought were merged but actually only exist in my local tree, which is sad :)
Thanks, Miquèl
On Mon, Nov 19, 2018 at 1:42 AM Miquel Raynal miquel.raynal@bootlin.com wrote:
A Coverity robot reported an integer handling issue (OVERFLOW_BEFORE_WIDEN) in the potentially overflowing expression:
(mtd_div_by_ws(mtd->size, mtd) - mtd_div_by_ws(offs, mtd)) * mtd_oobavail(mtd, ops)While such overflow will certainly never happen due to the numbers handled, it is cleaner to fix this operation anyway.
The problem is that all the maths include 32-bit quantities, while the result is stored in an explicit 64-bit value.
As maxooblen will just be compared with a size_t, let's change the type of the variable to a size_t. This will not fix anything but will clarify a bit the situation. Then, do an explicit cast to fix Coverity warning.
Addresses-Coverity-ID: 184180 ("Integer handling issues") Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com
Applied to u-boot-spi/master
participants (3)
-
Jagan Teki -
Miquel Raynal -
Tom Rini