Message ID | 20241022201244.8992-1-zichenxie0106@gmail.com (mailing list archive) |
---|---|
State | Changes Requested, archived |
Headers | show |
Series | [v3] clk: sophgo: Cast an operand to u64 to prevent potential unsigned long overflow on 32-bit machine in sg2042_pll_recalc_rate() | expand |
On 2024/10/23 4:12, Gax-c wrote: > From: Zichen Xie <zichenxie0106@gmail.com> > > This was found by a static analyzer. > There may be a potential integer overflow issue in > sg2042_pll_recalc_rate(). numerator is defined as u64 while > parent_rate is defined as unsigned long and ctrl_table.fbdiv > is defined as unsigned int. On 32-bit machine, the result of > the calculation will be limited to "u32" without correct casting. > Integer overflow may occur on high-performance systems. > We recommended that we cast the denominator as well but > Dan Carpenter said that it was a max of 3087 and was not even > vaguely close to the 4 billion mark needed to overflow a u32. > So, we only cast the numerator here. > > Fixes: 48cf7e01386e ("clk: sophgo: Add SG2042 clock driver") > Signed-off-by: Zichen Xie <zichenxie0106@gmail.com> Reviewed-by: Chen Wang <unicorn_wang@outlook.com> Thanks. > --- > v2: modified patch to numerator casting only. > v3: modified wrapping to make it clear. > --- > drivers/clk/sophgo/clk-sg2042-pll.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/clk/sophgo/clk-sg2042-pll.c b/drivers/clk/sophgo/clk-sg2042-pll.c > index ff9deeef509b..1537f4f05860 100644 > --- a/drivers/clk/sophgo/clk-sg2042-pll.c > +++ b/drivers/clk/sophgo/clk-sg2042-pll.c > @@ -153,7 +153,7 @@ static unsigned long sg2042_pll_recalc_rate(unsigned int reg_value, > > sg2042_pll_ctrl_decode(reg_value, &ctrl_table); > > - numerator = parent_rate * ctrl_table.fbdiv; > + numerator = (u64)parent_rate * ctrl_table.fbdiv; > denominator = ctrl_table.refdiv * ctrl_table.postdiv1 * ctrl_table.postdiv2; > do_div(numerator, denominator); > return numerator;
I'm sorry, I have let you down in some ways. This subject line is too long. It's 126 characters long. Please change it so something like: clk: sophgo: avoid integer overflow in sg2042_pll_recalc_rate() On Tue, Oct 22, 2024 at 03:12:45PM -0500, Gax-c wrote: > From: Zichen Xie <zichenxie0106@gmail.com> > > This was found by a static analyzer. > There may be a potential integer overflow issue in > sg2042_pll_recalc_rate(). numerator is defined as u64 while > parent_rate is defined as unsigned long and ctrl_table.fbdiv > is defined as unsigned int. On 32-bit machine, the result of > the calculation will be limited to "u32" without correct casting. > Integer overflow may occur on high-performance systems. > We recommended that we cast the denominator as well but > Dan Carpenter said that it was a max of 3087 and was not even > vaguely close to the 4 billion mark needed to overflow a u32. > So, we only cast the numerator here. On second though, could we just leave this out. Let's only mention the numerator. regards, dan carpenter
On 2024/10/23 2:41, Dan Carpenter wrote: > I'm sorry, I have let you down in some ways. This subject line is too long. > It's 126 characters long. Please change it so something like: > > clk: sophgo: avoid integer overflow in sg2042_pll_recalc_rate() > > On Tue, Oct 22, 2024 at 03:12:45PM -0500, Gax-c wrote: >> From: Zichen Xie <zichenxie0106@gmail.com> >> >> This was found by a static analyzer. >> There may be a potential integer overflow issue in >> sg2042_pll_recalc_rate(). numerator is defined as u64 while >> parent_rate is defined as unsigned long and ctrl_table.fbdiv >> is defined as unsigned int. On 32-bit machine, the result of >> the calculation will be limited to "u32" without correct casting. >> Integer overflow may occur on high-performance systems. >> We recommended that we cast the denominator as well but >> Dan Carpenter said that it was a max of 3087 and was not even >> vaguely close to the 4 billion mark needed to overflow a u32. >> So, we only cast the numerator here. > On second though, could we just leave this out. Let's only mention the > numerator. Fine. I'll do it later. > > regards, > dan carpenter >
diff --git a/drivers/clk/sophgo/clk-sg2042-pll.c b/drivers/clk/sophgo/clk-sg2042-pll.c index ff9deeef509b..1537f4f05860 100644 --- a/drivers/clk/sophgo/clk-sg2042-pll.c +++ b/drivers/clk/sophgo/clk-sg2042-pll.c @@ -153,7 +153,7 @@ static unsigned long sg2042_pll_recalc_rate(unsigned int reg_value, sg2042_pll_ctrl_decode(reg_value, &ctrl_table); - numerator = parent_rate * ctrl_table.fbdiv; + numerator = (u64)parent_rate * ctrl_table.fbdiv; denominator = ctrl_table.refdiv * ctrl_table.postdiv1 * ctrl_table.postdiv2; do_div(numerator, denominator); return numerator;