[patch v4] x86, UV: integer wrap bug in uv_hub_ipi_value()

[Dan Carpenter <dan.carpenter@xxxxxxxxxx>]

This is a static checker fix.  The problem is that we store the bits
from "uv_apicid_hibits" into "apicid" (the high 16 bits) but then we
shift it 16 bit to the left.  "apicid" is an int so it wraps and we lose
them.

I have also simplified uv_wakeup_secondary() a little based on a
suggestion from Walter Harms.

Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
v2: Style fix.  Don't use ulong.
v3: Another style fix to uv_wakeup_secondary() based on Walter Harms's
suggestion.
v4: Fix typo in commit message.

I don't have this hardware so I can't test it.  There may also be other
bugs which this patch does not addressed.  These files are only compiled
on x86_64 and "unsigned long" is used throughout to mean 64 bits.

diff --git a/arch/x86/include/asm/uv/uv_hub.h b/arch/x86/include/asm/uv/uv_hub.h
index 21f7385..e7a83d5 100644
--- a/arch/x86/include/asm/uv/uv_hub.h
+++ b/arch/x86/include/asm/uv/uv_hub.h
@@ -577,7 +577,7 @@ static unsigned long uv_hub_ipi_value(int apicid, int vector, int mode)
 {
 	apicid |= uv_apicid_hibits;
 	return (1UL << UVH_IPI_INT_SEND_SHFT) |
-			((apicid) << UVH_IPI_INT_APIC_ID_SHFT) |
+			((unsigned long)apicid << UVH_IPI_INT_APIC_ID_SHFT) |
 			(mode << UVH_IPI_INT_DELIVERY_MODE_SHFT) |
 			(vector << UVH_IPI_INT_VECTOR_SHFT);
 }
diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
index 8cfade9..251b36f 100644
--- a/arch/x86/kernel/apic/x2apic_uv_x.c
+++ b/arch/x86/kernel/apic/x2apic_uv_x.c
@@ -194,16 +194,10 @@ static int __cpuinit uv_wakeup_secondary(int phys_apicid, unsigned long start_ri
 	pnode = uv_apicid_to_pnode(phys_apicid);
 	phys_apicid |= uv_apicid_hibits;
 	val = (1UL << UVH_IPI_INT_SEND_SHFT) |
-	    (phys_apicid << UVH_IPI_INT_APIC_ID_SHFT) |
-	    ((start_rip << UVH_IPI_INT_VECTOR_SHFT) >> 12) |
-	    APIC_DM_INIT;
-	uv_write_global_mmr64(pnode, UVH_IPI_INT, val);
-
-	val = (1UL << UVH_IPI_INT_SEND_SHFT) |
-	    (phys_apicid << UVH_IPI_INT_APIC_ID_SHFT) |
-	    ((start_rip << UVH_IPI_INT_VECTOR_SHFT) >> 12) |
-	    APIC_DM_STARTUP;
-	uv_write_global_mmr64(pnode, UVH_IPI_INT, val);
+	    ((unsigned long)phys_apicid << UVH_IPI_INT_APIC_ID_SHFT) |
+	    ((start_rip << UVH_IPI_INT_VECTOR_SHFT) >> 12);
+	uv_write_global_mmr64(pnode, UVH_IPI_INT, val | APIC_DM_INIT);
+	uv_write_global_mmr64(pnode, UVH_IPI_INT, val | APIC_DM_STARTUP);
 
 	atomic_set(&init_deasserted, 1);
 #endif

--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html