From: "Ard Biesheuvel" <ardb@kernel.org>
To: Ranbir Singh <rsingh@ventanamicro.com>
Cc: devel@edk2.groups.io, Hao A Wu <hao.a.wu@intel.com>,
Ray Ni <ray.ni@intel.com>
Subject: Re: [edk2-devel] [PATCH 1/2] MdeModulePkg/Bus/Ata/AtaAtapiPassThru: Fix SIGN_EXTENSION Coverity issue
Date: Mon, 5 Jun 2023 10:44:25 +0200 [thread overview]
Message-ID: <CAMj1kXEdNVLwqDFcyZb0y5e6yp6=OvtabB0YLLVtV5wzAHjS2g@mail.gmail.com> (raw)
In-Reply-To: <CAA9DWXBQF58R82PyYe2yfcowoyBU+d=Z6c84uVXhK6bDs38uxA@mail.gmail.com>
On Mon, 5 Jun 2023 at 09:54, Ranbir Singh <rsingh@ventanamicro.com> wrote:
>
> Please read the Coverity report attached in BZ 4204 for more details on sign-extension issue.
>
I did read it - explanation below.
> The data types of logic_sector_size_hi and logic_sector_size_lo are UINT16 and Isn't the return type of sizeof already unsigned ?
>
Yes, it is unsigned long, so 64 bits wide on LP64 architectures
> Now I have no means to run Coverity and test further changes.
> Anyway, my understanding back then was that the sign-extension was primarily happening because of the 16 bits left shift operation. I did test the patch for coverity warning resolution back in Jan'23 which went off.
>
The warning actually describes exactly what is happening:
- The type of a UINT16 shifted left by 16 is promoted to signed integer.
- The multiplication by sizeof() converts the former result to
unsigned integer before widening to unsigned long integer.
This means that the widening does not perform any sign extension,
which is what Coverity warns about.
None of this actually matters, given that those upper bits get
truncated again anyway when we assign to BlockSize, which is only 32
bits wide.
Removing the outer (UINT32) cast is not the correct solution, as it
may result in spurious truncation warnings on some toolchains.
If you want to silence this warning (I wouldn't call it a fix), you
need to either prevent the widening, or cast the intermediate result
to (UINT32), and the latter is what your patch does. So it silences
the warning, but now, the type of the right hand side of the
assignment is UINTN not UINT32.
So either leave the outer (UINT32) cast in place, or move it to before
the sizeof() as I suggested before: in both cases, there is no longer
any promotion to unsigned long, which should make the warning go away.
>
> On Mon, Jun 5, 2023 at 4:28 AM Ard Biesheuvel <ardb@kernel.org> wrote:
>>
>> On Fri, 2 Jun 2023 at 21:42, Ranbir Singh <rsingh@ventanamicro.com> wrote:
>> >
>> > From: Ranbir Singh <Ranbir.Singh3@Dell.com>
>> >
>> > Line number 1348 does contain a typecast with UINT32, but it is after
>> > all the operations (16-bit left shift followed by OR'ing) are over.
>> > To avoid any SIGN_EXTENSION, typecast the intermediate result after
>> > 16-bit left shift operation immediately with UINT32.
>> >
>>
>> What is wrong with sign extension?
>>
>> > Cc: Hao A Wu <hao.a.wu@intel.com>
>> > Cc: Ray Ni <ray.ni@intel.com>
>> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4204
>> > Signed-off-by: Ranbir Singh <Ranbir.Singh3@Dell.com>
>> > ---
>> > MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.c | 2 +-
>> > 1 file changed, 1 insertion(+), 1 deletion(-)
>> >
>> > diff --git a/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.c b/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.c
>> > index 50406fe0270d..70c4ca27dc68 100644
>> > --- a/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.c
>> > +++ b/MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.c
>> > @@ -1345,7 +1345,7 @@ AtaPassThruPassThru (
>> > // Check logical block size
>> > //
>> > if ((IdentifyData->AtaData.phy_logic_sector_support & BIT12) != 0) {
>> > - BlockSize = (UINT32)(((IdentifyData->AtaData.logic_sector_size_hi << 16) | IdentifyData->AtaData.logic_sector_size_lo) * sizeof (UINT16));
>> > + BlockSize = (((UINT32)(IdentifyData->AtaData.logic_sector_size_hi << 16) | IdentifyData->AtaData.logic_sector_size_lo) * sizeof (UINT16));
>>
>>
>> The outer parens are now redundant, which means you're assigning
>> something to BlockSize whose type is based on the type of <something>
>> * sizeof(UINT16), which is unsigned long not unsigned int, so this
>> will produce a truncation warning on some compilers.
>>
>> If you want to suppress the coverity warning without introducing new
>> ones, better to cast the sizeof() to (UINT32).
next prev parent reply other threads:[~2023-06-05 8:44 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-02 7:09 [PATCH 1/2] MdeModulePkg/Bus/Ata/AtaAtapiPassThru: Fix SIGN_EXTENSION Coverity issue Ranbir Singh
2023-06-02 7:09 ` [PATCH 2/2] MdeModulePkg/Bus/Ata/AtaAtapiPassThru: Fix UNUSED_VALUE " Ranbir Singh
2023-06-03 16:04 ` [edk2-devel] " Pedro Falcato
2023-06-04 23:03 ` Ard Biesheuvel
2023-06-05 8:10 ` Ranbir Singh
2023-06-05 8:31 ` Ard Biesheuvel
2023-06-08 6:55 ` Wu, Hao A
2023-06-08 10:17 ` Ranbir Singh
2023-06-09 1:22 ` Wu, Hao A
2023-06-04 22:58 ` [edk2-devel] [PATCH 1/2] MdeModulePkg/Bus/Ata/AtaAtapiPassThru: Fix SIGN_EXTENSION " Ard Biesheuvel
2023-06-05 7:53 ` Ranbir Singh
2023-06-05 8:44 ` Ard Biesheuvel [this message]
2023-06-05 9:15 ` Ranbir Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMj1kXEdNVLwqDFcyZb0y5e6yp6=OvtabB0YLLVtV5wzAHjS2g@mail.gmail.com' \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox