On Fri, Nov 4, 2016 at 5:52 AM, Ferruh Yigit <ferruh.yigit at intel.com> wrote:
> On 11/3/2016 6:58 PM, Ajit Khaparde wrote:
> > Prevent the arithmetic in bnxt_alloc_vnic_attributes from causing
> > any unintentional havoc because of the usage of a signed variable.
> >
> > Coverity: 137874
> >
> > Signed-off-by: Ajit Khaparde <ajit.khaparde at broadcom.com>
> >
> > --
> > v2: Previous attempt did not seem complete.
> > ---
> > drivers/net/bnxt/bnxt_vnic.c | 9 +++++----
> > 1 file changed, 5 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/net/bnxt/bnxt_vnic.c b/drivers/net/bnxt/bnxt_vnic.c
> > index 205a940..23c85af 100644
> > --- a/drivers/net/bnxt/bnxt_vnic.c
> > +++ b/drivers/net/bnxt/bnxt_vnic.c
> > @@ -179,7 +179,7 @@ int bnxt_alloc_vnic_attributes(struct bnxt *bp)
> > HW_HASH_INDEX_SIZE *
> sizeof(*vnic->rss_table) +
> > HW_HASH_KEY_SIZE);
> > uint16_t max_vnics;
> > - int i;
> > + uint16_t i;
> >
> > if (BNXT_PF(bp)) {
> > struct bnxt_pf_info *pf = &bp->pf;
> > @@ -197,7 +197,7 @@ int bnxt_alloc_vnic_attributes(struct bnxt *bp)
> > mz = rte_memzone_lookup(mz_name);
> > if (!mz) {
> > mz = rte_memzone_reserve(mz_name,
> > - entry_length * max_vnics,
> > + (uint32_t) entry_length *
> max_vnics,
> > SOCKET_ID_ANY,
> > RTE_MEMZONE_2MB |
> > RTE_MEMZONE_SIZE_HINT_ONLY);
> > @@ -210,10 +210,11 @@ int bnxt_alloc_vnic_attributes(struct bnxt *bp)
> >
> > /* Allocate rss table and hash key */
> > vnic->rss_table =
> > - (void *)((char *)mz->addr + (entry_length * i));
> > + (void *)((char *)mz->addr + ((uint32_t) entry_length * i));
> > memset(vnic->rss_table, -1, entry_length);
> >
> > - vnic->rss_table_dma_addr = mz->phys_addr + (entry_length *
> i);
> > + vnic->rss_table_dma_addr =
> > + mz->phys_addr + ((uint32_t) entry_length * i);
>
> ((uint32_t) entry_length * i)
> casting entry_length to uint32_t will prevent the integer promotion and
> fix the coverity issue, but if this is the case, why not make
> entry_length uint32_t at first place?
>
> It seems "entry_length" converted from "int" to "uint16_t" to prevent
> integer promotion (e8a197d2aa9a), but
> "entry_length * max_vnics" => "uint16_t * uint16_t" or
> "entry_length * i" => "uint16_t * int"
> still causing the promotion.
>
> I guess converting "entry_length" to uint32_t (instead of uint16_t) will
> fix both triaged 127557 and new introduced 137874 coverity issues, and
> it is simpler modification, - if I don't miss anything J
>
?Sounds reasonable to me. I will send a patch in a little while.
Thanks?
>
> Thanks,
> ferruh
>
>
> > vnic->rss_hash_key = (void *)((char *)vnic->rss_table +
> > HW_HASH_INDEX_SIZE *
> sizeof(*vnic->rss_table));
> >
> >
>
>
