> -----Original Message----- > From: coverity-bot <keescook@xxxxxxxxxxxx> > Sent: Thursday, November 3, 2022 3:53 AM > To: Gary Chang <gary.chang@xxxxxxxxxxx> > Cc: Timlee <timlee@xxxxxxxxxxx>; Kalle Valo <kvalo@xxxxxxxxxx>; Ping-Ke Shih <pkshih@xxxxxxxxxxx>; Gustavo > A. R. Silva <gustavo@xxxxxxxxxxxxxx>; linux-next@xxxxxxxxxxxxxxx; linux-hardening@xxxxxxxxxxxxxxx > Subject: Coverity: rtw89_mac_resize_ple_rx_quota(): Integer handling issues > > Hello! > > This is an experimental semi-automated report about issues detected by > Coverity from a scan of next-20221102 as part of the linux-next scan project: > https://scan.coverity.com/projects/linux-next-weekly-scan > > You're getting this email because you were associated with the identified > lines of code (noted below) that were touched by commits: > > Tue Nov 1 11:26:13 2022 +0200 > 7a68ec3da79e ("wifi: rtw89: add function to adjust and restore PLE quota") > > Coverity reported the following: > > *** CID 1527095: Integer handling issues (SIGN_EXTENSION) > /drivers/net/wireless/realtek/rtw89/mac.c: 1562 in rtw89_mac_resize_ple_rx_quota() > 1556 rtw89_err(rtwdev, "[ERR]get_dle_mem_cfg\n"); > 1557 return -EINVAL; > 1558 } > 1559 > 1560 min_cfg = cfg->ple_min_qt; > 1561 max_cfg = cfg->ple_max_qt; > vvv CID 1527095: Integer handling issues (SIGN_EXTENSION) > vvv Suspicious implicit sign extension: "max_cfg->cma0_dma" with type "u16" (16 bits, unsigned) is > promoted in "max_cfg->cma0_dma << 16" to type "int" (32 bits, signed), then sign-extended to type "unsigned > long" (64 bits, unsigned). If "max_cfg->cma0_dma << 16" is greater than 0x7FFFFFFF, the upper bits of the > result will all be 1. Thanks for pointing this. I'll fix it. Ping-Ke > 1562 SET_QUOTA(cma0_dma, PLE, 6); > 1563 SET_QUOTA(cma1_dma, PLE, 7); > 1564 > 1565 return 0; > 1566 } > 1567 #undef SET_QUOTA >
