On Sat, Feb 24, 2024 at 10:55 PM Daniel Lezcano
<daniel.lezcano@xxxxxxxxxx> wrote:
[...]
Hmm, I wanted to reply that it doesn't because internally FIELD_FIT()@@ -301,7 +298,7 @@ static int gt_clk_rate_change_cb(struct notifier_block *nb,
psv--;
/* prescaler within legal range? */
- if (psv < 0 || psv > GT_CONTROL_PRESCALER_MAX)
+ if (psv < 0 || !FIELD_FIT(GT_CONTROL_PRESCALER_MASK, psv))
return NOTIFY_BAD;
Won't FIELD_FIT cover psv < 0 also ?
uses a cast:
((typeof(_mask))(_val) << __bf_shf(_mask)) & (_mask)
My original thought was that the cast would clear the sign bit when in
fact (I think) it will not - it will result in the signed number and
BIT(31) set.
So I think you're right, FIELD_FIT() does cover it.
However, there's something else odd with this code:
We're dividing two frequencies (using DIV_ROUND_CLOSEST) which are two
unsigned values. So the result of the division can never be negative:
psv = DIV_ROUND_CLOSEST(ndata->new_rate, gt_target_rate);
However, we're additionally decrementing psv by one:
psv--;
So in reality it can only ever be negative if the result of the
division was zero (for example if new_rate is smaller than
gt_target_rate).
However, in that case we would have crashed - with a division by zero
- in the statement right in the middle of the two mentioned above:
if (abs(gt_target_rate - (ndata->new_rate / psv)) > MAX_F_ERR)
So I think we need another patch (it's best to order that before this
one): make psv an unsigned int and error out before trying to divide
by zero.
If you have any objections: let me know, otherwise I'll prepare a
patch tomorrow.