On Wed, Feb 16, 2022 at 10:33:15PM +0000, David Laight wrote: > From: Sergey Shtylyov > > Sent: 16 February 2022 20:19 > > > > At the end of qtd_fill(), we assign the 'int count' variable to the 'size_t > > length' field of 'struct ehci_qtd'. In order not to mix the *signed* and > > *unsigned* values let's make that variable and the function's result 'u16' > > as qTD's maximum length is a 15-bit quantity anyway... > > Except that you really don't want to be doing arithmetic on sub-register > sized values. > On everything except x86 the compiler will have to add instructions > to mask the value to 16 bits (unless its logic can detect that overflow > can never happen). > > There is a similar problem with parameters and return values. > They need masking one side of the call (or maybe both). > > > Found by Linux Verification Center (linuxtesting.org) with the SVACE static > > analysis tool. > > Which clearly doesn't understand the implications of its reports. > > David Agreed. It would be acceptable to change the types to "unsigned int", but there's no reason to make them "u16". In general, the only situation where a size should be smaller than the native register size is when you're defining fields in a structure or union, or doing memory-mapped I/O (which often involves the same thing). Alan Stern
