FYI. Looks like we rely directy on the result of a read from the device to index an array, probably not a great idea. On Mon, Jun 21, 2021 at 07:45:30AM +0000, scan-admin@xxxxxxxxxxxx wrote: > Hi, > > Please find the latest report on new defect(s) introduced to Linux found with Coverity Scan. > > 7 new defect(s) introduced to Linux found with Coverity Scan. > 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. > ** CID 1475616: Memory - illegal accesses (OVERRUN) > /drivers/pci/controller/dwc/pcie-tegra194.c: 994 in tegra_pcie_dw_start_link() > > > ________________________________________________________________________________________________________ > *** CID 1475616: Memory - illegal accesses (OVERRUN) > /drivers/pci/controller/dwc/pcie-tegra194.c: 994 in tegra_pcie_dw_start_link() > 988 retry = false; > 989 goto retry_link; > 990 } > 991 > 992 speed = dw_pcie_readw_dbi(pci, pcie->pcie_cap_base + PCI_EXP_LNKSTA) & > 993 PCI_EXP_LNKSTA_CLS; > >>> CID 1475616: Memory - illegal accesses (OVERRUN) > >>> Overrunning array "pcie_gen_freq" of 4 4-byte elements at element index 4294967295 (byte offset 17179869183) using index "speed - 1U" (which evaluates to 4294967295). > 994 clk_set_rate(pcie->core_clk, pcie_gen_freq[speed - 1]); > 995 > 996 tegra_pcie_enable_interrupts(pp); > 997 > 998 return 0; > 999 } > > ** CID 1475402: Memory - illegal accesses (OVERRUN) > /drivers/pci/controller/dwc/pcie-tegra194.c: 457 in tegra_pcie_ep_irq_thread() > > > ________________________________________________________________________________________________________ > *** CID 1475402: Memory - illegal accesses (OVERRUN) > /drivers/pci/controller/dwc/pcie-tegra194.c: 457 in tegra_pcie_ep_irq_thread() > 451 struct tegra_pcie_dw *pcie = arg; > 452 struct dw_pcie *pci = &pcie->pci; > 453 u32 val, speed; > 454 > 455 speed = dw_pcie_readw_dbi(pci, pcie->pcie_cap_base + PCI_EXP_LNKSTA) & > 456 PCI_EXP_LNKSTA_CLS; > >>> CID 1475402: Memory - illegal accesses (OVERRUN) > >>> Overrunning array "pcie_gen_freq" of 4 4-byte elements at element index 4294967295 (byte offset 17179869183) using index "speed - 1U" (which evaluates to 4294967295). > 457 clk_set_rate(pcie->core_clk, pcie_gen_freq[speed - 1]); > 458 > 459 /* If EP doesn't advertise L1SS, just return */ > 460 val = dw_pcie_readl_dbi(pci, pcie->cfg_link_cap_l1sub); > 461 if (!(val & (PCI_L1SS_CAP_ASPM_L1_1 | PCI_L1SS_CAP_ASPM_L1_2))) > 462 return IRQ_HANDLED;
