Commit 5c2fbcf
media: solo6x10: Check for out of bounds chip_id
[ Upstream commit 0fdf6323c35a134f206dcad5babb4ff488552076 ]
Clang with CONFIG_UBSAN_SHIFT=y noticed a condition where a signed type
(literal "1" is an "int") could end up being shifted beyond 32 bits,
so instrumentation was added (and due to the double is_tw286x() call
seen via inlining), Clang decides the second one must now be undefined
behavior and elides the rest of the function[1]. This is a known problem
with Clang (that is still being worked on), but we can avoid the entire
problem by actually checking the existing max chip ID, and now there is
no runtime instrumentation added at all since everything is known to be
within bounds.
Additionally use an unsigned value for the shift to remove the
instrumentation even without the explicit bounds checking.
Link: ClangBuiltLinux/linux#2144 [1]
Suggested-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Kees Cook <kees@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
[hverkuil: fix checkpatch warning for is_tw286x]
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 33af366211ee78e3b074ff44a16121e537e86826)
Signed-off-by: Wentao Guan <guanwentao@uniontech.com>1 parent 27242e4 commit 5c2fbcf
1 file changed
+7
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
166 | 166 | | |
167 | 167 | | |
168 | 168 | | |
169 | | - | |
| 169 | + | |
170 | 170 | | |
171 | 171 | | |
172 | 172 | | |
| |||
686 | 686 | | |
687 | 687 | | |
688 | 688 | | |
| 689 | + | |
| 690 | + | |
| 691 | + | |
689 | 692 | | |
690 | 693 | | |
691 | 694 | | |
| |||
758 | 761 | | |
759 | 762 | | |
760 | 763 | | |
| 764 | + | |
| 765 | + | |
| 766 | + | |
761 | 767 | | |
762 | 768 | | |
763 | 769 | | |
| |||
0 commit comments