On Wed, Aug 05, 2020 at 12:09:34PM +0000, Vabhav Sharma (OSS) wrote:

quoted

-----Original Message-----
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sent: Wednesday, July 29, 2020 9:34 PM
To: B K Karthik <redacted>
Cc: Jiri Slaby <jirislaby@kernel.org>; linux-serial@vger.kernel.org; linux-
kernel@vger.kernel.org; Vabhav Sharma (OSS)
[off-list ref]; bhuvanchandra.dv@toradex.com
Subject: Re: [PATCH v2] tty: serial: fsl_lpuart.c: prevent a bad shift operation

On Tue, Jul 21, 2020 at 11:12:29PM +0530, B K Karthik wrote:

quoted

prevent a bad shift operation by verifying that the argument to fls is
non zero.

Reported-by: "Vabhav Sharma (OSS)" <redacted>
Signed-off-by: B K Karthik <redacted>
---
v1 -> v2:
	added Reported-by tag

 drivers/tty/serial/fsl_lpuart.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/tty/serial/fsl_lpuart.c

b/drivers/tty/serial/fsl_lpuart.c index 7ca642249224..0cc64279cd2d
100644

--- a/drivers/tty/serial/fsl_lpuart.c
+++ b/drivers/tty/serial/fsl_lpuart.c

@@ -1168,7 +1168,8 @@ static inline int lpuart_start_rx_dma(struct

lpuart_port *sport)

quoted

 	 * 10ms at any baud rate.
 	 */
 	sport->rx_dma_rng_buf_len = (DMA_RX_TIMEOUT * baud /  bits /

1000) * 2;

quoted

-	sport->rx_dma_rng_buf_len = (1 << (fls(sport->rx_dma_rng_buf_len)

- 1));

quoted

+	if (sport->rx_dma_rng_buf_len != 0)

How can this variable become 0?

Condition x, taking false branch
Explicitly returning zero 

static __always_inline int fls(unsigned int x)
{
	return x ? sizeof(x) * 8 - __builtin_clz(x) : 0;
}

What false branch?

I don't see how this can ever be an issue in "the real world", can you
explain how it could ever be a problem?

thanks,

greg k-h