Hi, Peter Chen <peter.chen@xxxxxxx> writes: > For code: > trb->length = cpu_to_le32(TRB_BURST_LEN(priv_ep->trb_burst_size) > | TRB_LEN(length)); > > TRB_BURST_LEN(priv_ep->trb_burst_size) may be overflow for int 32 if > priv_ep->trb_burst_size is equal or larger than 0x80; > > Below is the Coverity warning: > sign_extension: Suspicious implicit sign extension: priv_ep->trb_burst_size > with type u8 (8 bits, unsigned) is promoted in priv_ep->trb_burst_size << 24 > to type int (32 bits, signed), then sign-extended to type unsigned long > (64 bits, unsigned). If priv_ep->trb_burst_size << 24 is greater than 0x7FFFFFFF, > the upper bits of the result will all be 1. looks like a false positive... > Cc: <stable@xxxxxxxxxxxxxxx> #v5.8+ > Fixes: 7733f6c32e36 ("usb: cdns3: Add Cadence USB3 DRD Driver") > Signed-off-by: Peter Chen <peter.chen@xxxxxxx> > --- > drivers/usb/cdns3/gadget.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/usb/cdns3/gadget.h b/drivers/usb/cdns3/gadget.h > index 1ccecd237530..020936cb9897 100644 > --- a/drivers/usb/cdns3/gadget.h > +++ b/drivers/usb/cdns3/gadget.h > @@ -1072,7 +1072,7 @@ struct cdns3_trb { > #define TRB_TDL_SS_SIZE_GET(p) (((p) & GENMASK(23, 17)) >> 17) > > /* transfer_len bitmasks - bits 31:24 */ > -#define TRB_BURST_LEN(p) (((p) << 24) & GENMASK(31, 24)) > +#define TRB_BURST_LEN(p) (unsigned int)(((p) << 24) & GENMASK(31, 24)) ... because TRB_BURST_LEN() is used to intialize a __le32 type. Even if it ends up being sign extended, the top 32-bits will be ignored. I'll apply, but it looks like a pointless fix. We shouldn't need it for stable -- balbi
Attachment:
signature.asc
Description: PGP signature