spi-imx: prevent overflow when estimating transfer time

The words delay is computed by multiplying two unsigned ints and by adding up the result to a u64 variable. The multiplication, however, is performed with 32bit math thus losing data when the actual result is larger than UINT32_MAX. Fix the operation by casting the first operand to u64, thus forcing the multiplication to be performed with 64bit math. This fixes 1 OVERFLOW_BEFORE_WIDEN issue reported by Coverity Report: CID 1601859: Integer handling issues (OVERFLOW_BEFORE_WIDEN) Cc: Mark Brown <broonie@kernel.org> Cc: Shawn Guo <shawnguo@kernel.org> Cc: Sascha Hauer <s.hauer@pengutronix.de> Cc: Pengutronix Kernel Team <kernel@pengutronix.de> Cc: Fabio Estevam <festevam@gmail.com> Cc: imx@lists.linux.dev Cc: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Antonio Quartulli <antonio@mandelbit.com> Link: https://patch.msgid.link/20241115220202.31086-1-antonio@mandelbit.com Signed-off-by: Mark Brown <broonie@kernel.org>
2024-12-28 16:56:26 +00:00 · 2024-11-15 23:02:02 +01:00 · 2024-11-15 23:02:02 +01:00 · 9e141955ed
commit 9e141955ed
parent c752e87b9c
1 changed files with 1 additions and 1 deletions
--- a/drivers/spi/spi-imx.c
+++ b/drivers/spi/spi-imx.c
@ -1685,7 +1685,7 @@ static unsigned int spi_imx_transfer_estimate_time_us(struct spi_transfer *trans
 		words = DIV_ROUND_UP(transfer->len * BITS_PER_BYTE, transfer->bits_per_word);
 		word_delay_us = DIV_ROUND_CLOSEST(spi_delay_to_ns(&transfer->word_delay, transfer),
 						  NSEC_PER_USEC);
-		result += words * word_delay_us;
+		result += (u64)words * word_delay_us;
 	}

 	return min(result, U32_MAX);