| Message ID | e07c3dc5-d885-4b04-a742-71f42243f4fd@stanley.mountain (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 82a0a3e6f8c02b3236b55e784a083fa4ee07c321 |
| Headers | show |
| Series | ASoC: renesas: rz-ssi: Add a check for negative sample_space | expand |
Hi Dan, On Wed, Jan 8, 2025 at 10:29 AM Dan Carpenter <dan.carpenter@linaro.org> wrote: > My static checker rule complains about this code. The concern is that > if "sample_space" is negative then the "sample_space >= runtime->channels" > condition will not work as intended because it will be type promoted to a > high unsigned int value. > > strm->fifo_sample_size is SSI_FIFO_DEPTH (32). The SSIFSR_TDC_MASK is > 0x3f. Without any further context it does seem like a reasonable warning > and it can't hurt to add a check for negatives. > > Cc: stable@vger.kernel.org > Fixes: 03e786bd4341 ("ASoC: sh: Add RZ/G2L SSIF-2 driver") > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Thanks for your patch! > --- a/sound/soc/renesas/rz-ssi.c > +++ b/sound/soc/renesas/rz-ssi.c > @@ -521,6 +521,8 @@ static int rz_ssi_pio_send(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm) > sample_space = strm->fifo_sample_size; > ssifsr = rz_ssi_reg_readl(ssi, SSIFSR); > sample_space -= (ssifsr >> SSIFSR_TDC_SHIFT) & SSIFSR_TDC_MASK; > + if (sample_space < 0) > + return -EINVAL; > > /* Only add full frames at a time */ > while (frames_left && (sample_space >= runtime->channels)) { In practice this cannot happen, as the maximum value of the field is 0x20 (= SSI_FIFO_DEPTH), but better safe than sorry, so Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be> Biju/Prabhakar: The documentation for the TDC bits in the FIFO Status Register seems to be incorrect (in all of the RZ/G2L, RZ/G2UL, RZ/G3S, and RZ/A2M documentation): TDC[5:0] Bits These bits indicate the number of valid data that are stored in the transmit FIFO data register (SSIFTDR). With this flag as H’0, there is no data to be transmitted. With H’10, there is no space to write data. As the FIFO size is 4 bytes x 32 stages for both the transmit and receive FIFOs, the above should be H'20 instead of H'10. The documentation for the RDC bits has it right: RDC[5:0] Bits These bits indicate the number of valid data that are stored in the receive FIFO data register (SSIFRDR). With this flag as H’0, there is no received data. With H’20, the register is filled with received data and there is no free space. The documentation for RZ/A1H (not yet supported by the driver) is also correct (8 stages and H'8). Gr{oetje,eeting}s, Geert
Hi Geert, > -----Original Message----- > From: Geert Uytterhoeven <geert@linux-m68k.org> > Sent: 08 January 2025 10:58 > Subject: Re: [PATCH] ASoC: renesas: rz-ssi: Add a check for negative sample_space > > Hi Dan, > > On Wed, Jan 8, 2025 at 10:29 AM Dan Carpenter <dan.carpenter@linaro.org> wrote: > > My static checker rule complains about this code. The concern is that > > if "sample_space" is negative then the "sample_space >= runtime->channels" > > condition will not work as intended because it will be type promoted > > to a high unsigned int value. > > > > strm->fifo_sample_size is SSI_FIFO_DEPTH (32). The SSIFSR_TDC_MASK is > > 0x3f. Without any further context it does seem like a reasonable > > warning and it can't hurt to add a check for negatives. > > > > Cc: stable@vger.kernel.org > > Fixes: 03e786bd4341 ("ASoC: sh: Add RZ/G2L SSIF-2 driver") > > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> > > Thanks for your patch! > > > --- a/sound/soc/renesas/rz-ssi.c > > +++ b/sound/soc/renesas/rz-ssi.c > > @@ -521,6 +521,8 @@ static int rz_ssi_pio_send(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm) > > sample_space = strm->fifo_sample_size; > > ssifsr = rz_ssi_reg_readl(ssi, SSIFSR); > > sample_space -= (ssifsr >> SSIFSR_TDC_SHIFT) & > > SSIFSR_TDC_MASK; > > + if (sample_space < 0) > > + return -EINVAL; > > > > /* Only add full frames at a time */ > > while (frames_left && (sample_space >= runtime->channels)) { > > In practice this cannot happen, as the maximum value of the field is 0x20 (= SSI_FIFO_DEPTH), but > better safe than sorry, so > Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be> > > Biju/Prabhakar: The documentation for the TDC bits in the FIFO Status Register seems to be incorrect > (in all of the RZ/G2L, RZ/G2UL, RZ/G3S, and RZ/A2M documentation): > > TDC[5:0] Bits > These bits indicate the number of valid data that are stored in > the transmit FIFO data register (SSIFTDR). With this flag as H’0, > there is no data to be transmitted. With H’10, there is no space to > write data. > > As the FIFO size is 4 bytes x 32 stages for both the transmit and receive FIFOs, the above should be > H'20 instead of H'10. Thanks for pointing it out. Will check this with HW documentation team about this issue. Cheers, Biju
On Wed, 08 Jan 2025 12:28:46 +0300, Dan Carpenter wrote: > My static checker rule complains about this code. The concern is that > if "sample_space" is negative then the "sample_space >= runtime->channels" > condition will not work as intended because it will be type promoted to a > high unsigned int value. > > strm->fifo_sample_size is SSI_FIFO_DEPTH (32). The SSIFSR_TDC_MASK is > 0x3f. Without any further context it does seem like a reasonable warning > and it can't hurt to add a check for negatives. > > [...] Applied to https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-next Thanks! [1/1] ASoC: renesas: rz-ssi: Add a check for negative sample_space commit: 82a0a3e6f8c02b3236b55e784a083fa4ee07c321 All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark
diff --git a/sound/soc/renesas/rz-ssi.c b/sound/soc/renesas/rz-ssi.c index d48e2e7356b6..3a0af4ca7ab6 100644 --- a/sound/soc/renesas/rz-ssi.c +++ b/sound/soc/renesas/rz-ssi.c @@ -521,6 +521,8 @@ static int rz_ssi_pio_send(struct rz_ssi_priv *ssi, struct rz_ssi_stream *strm) sample_space = strm->fifo_sample_size; ssifsr = rz_ssi_reg_readl(ssi, SSIFSR); sample_space -= (ssifsr >> SSIFSR_TDC_SHIFT) & SSIFSR_TDC_MASK; + if (sample_space < 0) + return -EINVAL; /* Only add full frames at a time */ while (frames_left && (sample_space >= runtime->channels)) {
My static checker rule complains about this code. The concern is that if "sample_space" is negative then the "sample_space >= runtime->channels" condition will not work as intended because it will be type promoted to a high unsigned int value. strm->fifo_sample_size is SSI_FIFO_DEPTH (32). The SSIFSR_TDC_MASK is 0x3f. Without any further context it does seem like a reasonable warning and it can't hurt to add a check for negatives. Cc: stable@vger.kernel.org Fixes: 03e786bd4341 ("ASoC: sh: Add RZ/G2L SSIF-2 driver") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> --- sound/soc/renesas/rz-ssi.c | 2 ++ 1 file changed, 2 insertions(+)