staging: kpc2000: fix integer overflow with left shifts [Linux 5.3]

This Linux kernel change "staging: kpc2000: fix integer overflow with left shifts" is included in the Linux 5.3 release. This change is authored by Colin Ian King <colin.king [at] canonical.com> on Tue Jun 18 11:15:54 2019 +0100. The commit for this change in Linux stable tree is d326d99 (patch).

staging: kpc2000: fix integer overflow with left shifts

Currently there are several left shifts that are assigned to 64 bit
unsigned longs where a signed int 1 is being shifted, resulting in
an integer overflow.  Fix this bit using the BIT_ULL macro to perform
a 64 bit shift.  Also clean up an overly long statement.

Addresses-Coverity: ("Unintentional integer overflow")
Fixes: 7dc7967fc39a ("staging: kpc2000: add initial set of Daktronics drivers")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

There are 10 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 drivers/staging/kpc2000/kpc2000/cell_probe.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/drivers/staging/kpc2000/kpc2000/cell_probe.c b/drivers/staging/kpc2000/kpc2000/cell_probe.c
index 138d16b..c124a83 100644
--- a/drivers/staging/kpc2000/kpc2000/cell_probe.c
+++ b/drivers/staging/kpc2000/kpc2000/cell_probe.c
@@ -238,7 +238,7 @@ int  kp2000_check_uio_irq(struct kp2000_device *pcard, u32 irq_num)
 {
    u64 interrupt_active   =  readq(pcard->sysinfo_regs_base + REG_INTERRUPT_ACTIVE);
    u64 interrupt_mask_inv = ~readq(pcard->sysinfo_regs_base + REG_INTERRUPT_MASK);
-   u64 irq_check_mask = (1 << irq_num);
+   u64 irq_check_mask = BIT_ULL(irq_num);

    if (interrupt_active & irq_check_mask) { // if it's active (interrupt pending)
        if (interrupt_mask_inv & irq_check_mask) {    // and if it's not masked off
@@ -257,7 +257,9 @@ irqreturn_t  kuio_handler(int irq, struct uio_info *uioinfo)
        return IRQ_NONE;

    if (kp2000_check_uio_irq(kudev->pcard, kudev->cte.irq_base_num)) {
-       writeq((1 << kudev->cte.irq_base_num), kudev->pcard->sysinfo_regs_base + REG_INTERRUPT_ACTIVE); // Clear the active flag
+       /* Clear the active flag */
+       writeq(BIT_ULL(kudev->cte.irq_base_num),
+              kudev->pcard->sysinfo_regs_base + REG_INTERRUPT_ACTIVE);
        return IRQ_HANDLED;
    }
    return IRQ_NONE;
@@ -273,9 +275,9 @@ int kuio_irqcontrol(struct uio_info *uioinfo, s32 irq_on)
    mutex_lock(&pcard->sem);
    mask = readq(pcard->sysinfo_regs_base + REG_INTERRUPT_MASK);
    if (irq_on)
-       mask &= ~(1 << (kudev->cte.irq_base_num));
+       mask &= ~(BIT_ULL(kudev->cte.irq_base_num));
    else
-       mask |= (1 << (kudev->cte.irq_base_num));
+       mask |= BIT_ULL(kudev->cte.irq_base_num);
    writeq(mask, pcard->sysinfo_regs_base + REG_INTERRUPT_MASK);
    mutex_unlock(&pcard->sem);

Leave a Reply

Your email address will not be published. Required fields are marked *