Am Samstag, den 27.09.2014, 15:28 -0700 schrieb scan-admin@coverity.com:
Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
Defect(s) Reported-by: Coverity Scan Showing 20 of 253 defect(s)
** CID 1229561: Bad bit shift operation (BAD_SHIFT) /src/northbridge/intel/nehalem/raminit.c: 656 in calculate_timings()
** CID 1229556: Bad bit shift operation (BAD_SHIFT) /src/mainboard/lenovo/x60/dock.c: 263 in dock_present()
** CID 1129133: Argument cannot be negative (NEGATIVE_RETURNS) /src/console/vtxprintf.c: 204 in vtxprintf()
** CID 1129176: Operands don't affect result (CONSTANT_EXPRESSION_RESULT) /src/device/device.c: 709 in avoid_fixed_resources() /src/device/device.c: 731 in avoid_fixed_resources()
** CID 1129184: Out-of-bounds access (ARRAY_VS_SINGLETON) /src/lib/selfboot.c: 233 in build_self_segment_list() /src/lib/selfboot.c: 293 in build_self_segment_list()
** CID 1129164: Logically dead code (DEADCODE) /src/device/device.c: 650 in constrain_resources()
** CID 1129163: Logically dead code (DEADCODE) /src/device/device.c: 709 in avoid_fixed_resources() /src/device/device.c: 732 in avoid_fixed_resources()
** CID 1129161: Logically dead code (DEADCODE) /src/lib/ramtest.c: 130 in ram_bitset_nodie()
** CID 1129159: 'Constant' variable guards dead code (DEADCODE) /src/drivers/pc80/mc146818rtc.c: 110 in rtc_init()
** CID 1129177: Operands don't affect result (CONSTANT_EXPRESSION_RESULT) /src/device/device.c: 649 in constrain_resources()
** CID 1229568: Bad bit shift operation (BAD_SHIFT) /src/northbridge/via/vx900/chrome9hd.c: 132 in chrome9hd_fb_size()
** CID 1229567: Bad bit shift operation (BAD_SHIFT) /src/drivers/ati/ragexl/mach64_ct.c: 111 in aty_dsp_gt() /src/drivers/ati/ragexl/mach64_ct.c: 110 in aty_dsp_gt() /src/drivers/ati/ragexl/mach64_ct.c: 109 in aty_dsp_gt() /src/drivers/ati/ragexl/mach64_ct.c: 111 in aty_dsp_gt() /src/drivers/ati/ragexl/mach64_ct.c: 110 in aty_dsp_gt() /src/drivers/ati/ragexl/mach64_ct.c: 109 in aty_dsp_gt()
** CID 1229566: Bad bit shift operation (BAD_SHIFT) /src/northbridge/intel/i82830/raminit.c: 334 in set_dram_row_attributes()
** CID 1229565: Bad bit shift operation (BAD_SHIFT) /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset() /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset() /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset() /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset()
** CID 1229563: Bad bit shift operation (BAD_SHIFT) /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map() /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map() /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map() /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map()
** CID 1229564: Bad bit shift operation (BAD_SHIFT) /src/northbridge/via/vx900/chrome9hd.c: 238 in chrome9hd_handle_uma() /src/northbridge/via/vx900/chrome9hd.c: 237 in chrome9hd_handle_uma() /src/northbridge/via/vx900/chrome9hd.c: 238 in chrome9hd_handle_uma() /src/northbridge/via/vx900/chrome9hd.c: 237 in chrome9hd_handle_uma()
** CID 1229562: Bad bit shift operation (BAD_SHIFT) /src/northbridge/intel/nehalem/raminit.c: 1507 in program_total_memory_map()
** CID 1229560: Bad bit shift operation (BAD_SHIFT) /src/northbridge/intel/i3100/raminit.c: 772 in set_receive_enable()
** CID 1229559: Bad bit shift operation (BAD_SHIFT) /src/mainboard/google/butterfly/chromeos.c: 120 in get_pch_gpio() /src/mainboard/google/butterfly/chromeos.c: 123 in get_pch_gpio()
** CID 1229558: Bad bit shift operation (BAD_SHIFT) /src/southbridge/sis/sis966/sis966.c: 79 in sis966_enable()
*** CID 1229561: Bad bit shift operation (BAD_SHIFT) /src/northbridge/intel/nehalem/raminit.c: 656 in calculate_timings() 650 min_cas_latency = CEIL_DIV(cas_latency_time, cycletime); 651 cas_latency = 0; 652 while (supported_cas_latencies) { 653 cas_latency = find_highest_bit_set(supported_cas_latencies) + 3; 654 if (cas_latency <= min_cas_latency) 655 break;
CID 1229561: Bad bit shift operation (BAD_SHIFT) In expression "1 << find_highest_bit_set(supported_cas_latencies)", shifting by a negative amount has undefined behavior. The shift amount, "find_highest_bit_set(supported_cas_latencies)", is -1.656 supported_cas_latencies &= 657 ~(1 << find_highest_bit_set(supported_cas_latencies)); 658 } 659 660 if (cas_latency != min_cas_latency && clock_speed_index) 661 clock_speed_index--;
*** CID 1229556: Bad bit shift operation (BAD_SHIFT) /src/mainboard/lenovo/x60/dock.c: 263 in dock_present() 257 258 printk(BIOS_DEBUG, "%s finish\n", __func__); 259 } 260 261 int dock_present(void) 262 {
CID 1229556: Bad bit shift operation (BAD_SHIFT) In expression "inb(1164) >> 13", right shifting "inb(1164)" by more than 7 bits always yields zero. The shift amount is 13.263 return !((inb(DEFAULT_GPIOBASE + 0x0c) >> 13) & 1); 264 } 265 266 int dock_ultrabay_device_present(void) 267 { 268 return inb(0x1621) & 0x02 ? 0 : 1;
*** CID 1129133: Argument cannot be negative (NEGATIVE_RETURNS) /src/console/vtxprintf.c: 204 in vtxprintf() 198 199 case 's': 200 s = va_arg(args, char *); 201 if (!s) 202 s = "<NULL>"; 203
CID 1129133: Argument cannot be negative (NEGATIVE_RETURNS) "precision" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]204 len = strnlen(s, precision); 205 206 if (!(flags & LEFT)) 207 while (len < field_width--) 208 call_tx(' '), count++; 209 for (i = 0; i < len; ++i)
*** CID 1129176: Operands don't affect result (CONSTANT_EXPRESSION_RESULT) /src/device/device.c: 709 in avoid_fixed_resources() 703 /* Constrain the limits to dev's initial resources. */ 704 for (res = dev->resource_list; res; res = res->next) { 705 if ((res->flags & IORESOURCE_FIXED)) 706 continue; 707 printk(BIOS_SPEW, "%s:@%s %02lx limit %08llx\n", __func__, 708 dev_path(dev), res->index, res->limit);
CID 1129176: Operands don't affect result (CONSTANT_EXPRESSION_RESULT) "(res->flags & 512) == (4608UL /* 0x1000 | 0x200 */)" is always false regardless of the values of its operands. This occurs as the logical first operand of '&&'.709 if ((res->flags & MEM_MASK) == PREF_TYPE && 710 (res->limit < limits.pref.limit)) 711 limits.pref.limit = res->limit; 712 if ((res->flags & MEM_MASK) == MEM_TYPE && 713 (res->limit < limits.mem.limit)) 714 limits.mem.limit = res->limit; /src/device/device.c: 731 in avoid_fixed_resources() 725 struct resource *lim; 726 727 if ((res->flags & IORESOURCE_FIXED)) 728 continue; 729 730 /* PREFETCH, MEM, or I/O - skip any others. */
CID 1129176: Operands don't affect result (CONSTANT_EXPRESSION_RESULT) "(res->flags & 512) == (4608UL /* 0x1000 | 0x200 */)" is always false regardless of the values of its operands. This occurs as the logical operand of if.731 if ((res->flags & MEM_MASK) == PREF_TYPE) 732 lim = &limits.pref; 733 else if ((res->flags & MEM_MASK) == MEM_TYPE) 734 lim = &limits.mem; 735 else if ((res->flags & IO_MASK) == IO_TYPE) 736 lim = &limits.io;
*** CID 1129184: Out-of-bounds access (ARRAY_VS_SINGLETON) /src/lib/selfboot.c: 233 in build_self_segment_list() 227 228 while(1) { 229 printk(BIOS_DEBUG, "Loading segment from rom address 0x%p\n", segment); 230 switch(segment->type) { 231 case PAYLOAD_SEGMENT_PARAMS: 232 printk(BIOS_DEBUG, " parameter section (skipped)\n");
CID 1129184: Out-of-bounds access (ARRAY_VS_SINGLETON) Using "segment" as an array. This might corrupt or misinterpret adjacent memory locations.233 segment++; 234 continue; 235 236 case PAYLOAD_SEGMENT_CODE: 237 case PAYLOAD_SEGMENT_DATA: 238 printk(BIOS_DEBUG, " %s (compression=%x)\n", /src/lib/selfboot.c: 293 in build_self_segment_list() 287 */ 288 printk(BIOS_EMERG, "Bad segment type %x\n", segment->type); 289 return -1; 290 } 291 292 /* We have found another CODE, DATA or BSS segment */
CID 1129184: Out-of-bounds access (ARRAY_VS_SINGLETON) Using "segment" as an array. This might corrupt or misinterpret adjacent memory locations.293 segment++; 294 295 /* Find place where to insert our segment */ 296 for(ptr = head->next; ptr != head; ptr = ptr->next) { 297 if (new->s_srcaddr < ntohll(segment->load_addr)) 298 break;
*** CID 1129164: Logically dead code (DEADCODE) /src/device/device.c: 650 in constrain_resources() 644 "size=0!\n", dev_path(dev), res->index); 645 continue; 646 } 647 648 /* PREFETCH, MEM, or I/O - skip any others. */ 649 if ((res->flags & MEM_MASK) == PREF_TYPE)
CID 1129164: Logically dead code (DEADCODE) Execution cannot reach this statement: "lim = &limits->pref;".650 lim = &limits->pref; 651 else if ((res->flags & MEM_MASK) == MEM_TYPE) 652 lim = &limits->mem; 653 else if ((res->flags & IO_MASK) == IO_TYPE) 654 lim = &limits->io; 655 else
*** CID 1129163: Logically dead code (DEADCODE) /src/device/device.c: 709 in avoid_fixed_resources() 703 /* Constrain the limits to dev's initial resources. */ 704 for (res = dev->resource_list; res; res = res->next) { 705 if ((res->flags & IORESOURCE_FIXED)) 706 continue; 707 printk(BIOS_SPEW, "%s:@%s %02lx limit %08llx\n", __func__, 708 dev_path(dev), res->index, res->limit);
CID 1129163: Logically dead code (DEADCODE) Execution cannot reach the expression "res->limit < limits.pref.limit" inside this statement: "if ((res->flags & 0x200UL) ...".709 if ((res->flags & MEM_MASK) == PREF_TYPE && 710 (res->limit < limits.pref.limit)) 711 limits.pref.limit = res->limit; 712 if ((res->flags & MEM_MASK) == MEM_TYPE && 713 (res->limit < limits.mem.limit)) 714 limits.mem.limit = res->limit; /src/device/device.c: 732 in avoid_fixed_resources() 726 727 if ((res->flags & IORESOURCE_FIXED)) 728 continue; 729 730 /* PREFETCH, MEM, or I/O - skip any others. */ 731 if ((res->flags & MEM_MASK) == PREF_TYPE)
CID 1129163: Logically dead code (DEADCODE) Execution cannot reach this statement: "lim = &limits.pref;".732 lim = &limits.pref; 733 else if ((res->flags & MEM_MASK) == MEM_TYPE) 734 lim = &limits.mem; 735 else if ((res->flags & IO_MASK) == IO_TYPE) 736 lim = &limits.io; 737 else
*** CID 1129161: Logically dead code (DEADCODE) /src/lib/ramtest.c: 130 in ram_bitset_nodie() 124 print_err_hex32(value2); 125 print_err(" FAIL\n"); 126 #endif 127 } 128 if (verbose) { 129 #if !defined(__ROMCC__)
CID 1129161: Logically dead code (DEADCODE) Execution cannot reach this statement: "if ((addr & 0xfUL) == 0UL)...". 130 if ((addr & 0x0f) == 0) 131 printk(BIOS_DEBUG, "%08lx wr: %08lx rd:", 132 start + addr, value); 133 if (failed) 134 printk(BIOS_DEBUG, " %08lx!", value2); 135 else
*** CID 1129159: 'Constant' variable guards dead code (DEADCODE) /src/drivers/pc80/mc146818rtc.c: 110 in rtc_init() 104 cmos_write(0, 0x05); 105 for(i = 10; i < 128; i++) { 106 cmos_write(0, i); 107 } 108 #endif 109 if (cmos_invalid) {
CID 1129159: 'Constant' variable guards dead code (DEADCODE) Execution cannot reach this statement: "rtc_update_cmos_date(0);".110 rtc_update_cmos_date(RTC_HAS_NO_ALTCENTURY); 111 } 112 113 printk(BIOS_WARNING, "RTC:%s%s%s%s\n", 114 invalid?" Clear requested":"", 115 cmos_invalid?" Power Problem":"",
*** CID 1129177: Operands don't affect result (CONSTANT_EXPRESSION_RESULT) /src/device/device.c: 649 in constrain_resources() 643 printk(BIOS_ERR, "skipping %s@%lx fixed resource, " 644 "size=0!\n", dev_path(dev), res->index); 645 continue; 646 } 647 648 /* PREFETCH, MEM, or I/O - skip any others. */
CID 1129177: Operands don't affect result (CONSTANT_EXPRESSION_RESULT) "(res->flags & 512) == (4608UL /* 0x1000 | 0x200 */)" is always false regardless of the values of its operands. This occurs as the logical operand of if.649 if ((res->flags & MEM_MASK) == PREF_TYPE) 650 lim = &limits->pref; 651 else if ((res->flags & MEM_MASK) == MEM_TYPE) 652 lim = &limits->mem; 653 else if ((res->flags & IO_MASK) == IO_TYPE) 654 lim = &limits->io;
*** CID 1229568: Bad bit shift operation (BAD_SHIFT) /src/northbridge/via/vx900/chrome9hd.c: 132 in chrome9hd_fb_size() 126 127 /* Now round the framebuffer size to the closest power of 2 */ 128 u8 fb_pow = 0; 129 while (size_mb >> fb_pow) 130 fb_pow++; 131 fb_pow--;
CID 1229568: Bad bit shift operation (BAD_SHIFT) In expression "1 << fb_pow", left shifting by more than 31 bits has undefined behavior. The shift amount, "fb_pow", is 255.132 size_mb = (1 << fb_pow); 133 /* We store the framebuffer size in bytes, for simplicity */ 134 fb_size = size_mb << 20; 135 return fb_size; 136 } 137
*** CID 1229567: Bad bit shift operation (BAD_SHIFT) /src/drivers/ati/ragexl/mach64_ct.c: 111 in aty_dsp_gt() 105 106 /* fifo_on<<6 */ 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6; 108 109 dsp_xclks_per_row = xclks_per_row>>dsp_precision; 110 dsp_on = fifo_on>>dsp_precision;
CID 1229567: Bad bit shift operation (BAD_SHIFT) In expression "fifo_off >> dsp_precision", right shifting by more than 31 bits has undefined behavior. The shift amount, "dsp_precision", is 4294967291.111 dsp_off = fifo_off>>dsp_precision; 112 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) | 114 ((dsp_loop_latency & 0xf)<<16) | 115 ((dsp_precision & 7)<<20); 116 pll->dsp_on_off = (dsp_off & 0x7ff) | ((dsp_on & 0x7ff)<<16); /src/drivers/ati/ragexl/mach64_ct.c: 110 in aty_dsp_gt() 104 t_rcc = max(t_rp + t_ras, t_pfc + n); 105 106 /* fifo_on<<6 */ 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6; 108 109 dsp_xclks_per_row = xclks_per_row>>dsp_precision;
CID 1229567: Bad bit shift operation (BAD_SHIFT) In expression "fifo_on >> dsp_precision", right shifting by more than 31 bits has undefined behavior. The shift amount, "dsp_precision", is 4294967291.110 dsp_on = fifo_on>>dsp_precision; 111 dsp_off = fifo_off>>dsp_precision; 112 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) | 114 ((dsp_loop_latency & 0xf)<<16) | 115 ((dsp_precision & 7)<<20); /src/drivers/ati/ragexl/mach64_ct.c: 109 in aty_dsp_gt() 103 104 t_rcc = max(t_rp + t_ras, t_pfc + n); 105 106 /* fifo_on<<6 */ 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6; 108
CID 1229567: Bad bit shift operation (BAD_SHIFT) In expression "xclks_per_row >> dsp_precision", right shifting by more than 31 bits has undefined behavior. The shift amount, "dsp_precision", is 4294967291.109 dsp_xclks_per_row = xclks_per_row>>dsp_precision; 110 dsp_on = fifo_on>>dsp_precision; 111 dsp_off = fifo_off>>dsp_precision; 112 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) | 114 ((dsp_loop_latency & 0xf)<<16) | /src/drivers/ati/ragexl/mach64_ct.c: 111 in aty_dsp_gt() 105 106 /* fifo_on<<6 */ 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6; 108 109 dsp_xclks_per_row = xclks_per_row>>dsp_precision; 110 dsp_on = fifo_on>>dsp_precision;
CID 1229567: Bad bit shift operation (BAD_SHIFT) In expression "fifo_off >> dsp_precision", right shifting by more than 31 bits has undefined behavior. The shift amount, "dsp_precision", is 4294967292.111 dsp_off = fifo_off>>dsp_precision; 112 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) | 114 ((dsp_loop_latency & 0xf)<<16) | 115 ((dsp_precision & 7)<<20); 116 pll->dsp_on_off = (dsp_off & 0x7ff) | ((dsp_on & 0x7ff)<<16); /src/drivers/ati/ragexl/mach64_ct.c: 110 in aty_dsp_gt() 104 t_rcc = max(t_rp + t_ras, t_pfc + n); 105 106 /* fifo_on<<6 */ 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6; 108 109 dsp_xclks_per_row = xclks_per_row>>dsp_precision;
CID 1229567: Bad bit shift operation (BAD_SHIFT) In expression "fifo_on >> dsp_precision", right shifting by more than 31 bits has undefined behavior. The shift amount, "dsp_precision", is 4294967292.110 dsp_on = fifo_on>>dsp_precision; 111 dsp_off = fifo_off>>dsp_precision; 112 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) | 114 ((dsp_loop_latency & 0xf)<<16) | 115 ((dsp_precision & 7)<<20); /src/drivers/ati/ragexl/mach64_ct.c: 109 in aty_dsp_gt() 103 104 t_rcc = max(t_rp + t_ras, t_pfc + n); 105 106 /* fifo_on<<6 */ 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6; 108
CID 1229567: Bad bit shift operation (BAD_SHIFT) In expression "xclks_per_row >> dsp_precision", right shifting by more than 31 bits has undefined behavior. The shift amount, "dsp_precision", is 4294967292.109 dsp_xclks_per_row = xclks_per_row>>dsp_precision; 110 dsp_on = fifo_on>>dsp_precision; 111 dsp_off = fifo_off>>dsp_precision; 112 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) | 114 ((dsp_loop_latency & 0xf)<<16) |
*** CID 1229566: Bad bit shift operation (BAD_SHIFT) /src/northbridge/intel/i82830/raminit.c: 334 in set_dram_row_attributes() 328 col = spd_read_byte(device, SPD_NUM_COLUMNS); 329 330 /* data width */ 331 width = spd_read_byte(device, SPD_MODULE_DATA_WIDTH_LSB); 332 333 /* calculate page size in bits */
CID 1229566: Bad bit shift operation (BAD_SHIFT) In expression "1 << col", shifting by a negative amount has undefined behavior. The shift amount, "col", is -1.334 value = ((1 << col) * width); 335 336 /* convert to Kilobytes */ 337 dra = ((value / 8) >> 10); 338 339 /* # of banks of DIMM (single or double sided) */
*** CID 1229565: Bad bit shift operation (BAD_SHIFT) /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset() 49 ~(ch ? 0 : CxDRC2_NOTPOP(0)); 50 /*if (timings && (timings->mem_clock == MEM_CLOCK_1067MT)) 51 MCHBAR32(CxDRC2_MCHBAR(ch)) |= CxDRC2_CLK1067MT;*/ 52 53 /* Program rank boundaries (CxDRBy). */ 54 for (r = 0; r < RANKS_PER_CHANNEL; r += 2)
CID 1229565: Bad bit shift operation (BAD_SHIFT) In expression "0x1fc << (r + 1) * 16", left shifting by more than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", is 48.55 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = 56 CxDRBy_BOUND_MB(r, 128) | 57 CxDRBy_BOUND_MB(r+1, 128); 58 } 59 /* Set DCC mode to no operation and do magic 0xf0 thing. */ 60 MCHBAR32(DCC_MCHBAR) = /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset() 49 ~(ch ? 0 : CxDRC2_NOTPOP(0)); 50 /*if (timings && (timings->mem_clock == MEM_CLOCK_1067MT)) 51 MCHBAR32(CxDRC2_MCHBAR(ch)) |= CxDRC2_CLK1067MT;*/ 52 53 /* Program rank boundaries (CxDRBy). */ 54 for (r = 0; r < RANKS_PER_CHANNEL; r += 2)
CID 1229565: Bad bit shift operation (BAD_SHIFT) In expression "4 << (r + 1) * 16", left shifting by more than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", is 48.55 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = 56 CxDRBy_BOUND_MB(r, 128) | 57 CxDRBy_BOUND_MB(r+1, 128); 58 } 59 /* Set DCC mode to no operation and do magic 0xf0 thing. */ 60 MCHBAR32(DCC_MCHBAR) = /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset() 49 ~(ch ? 0 : CxDRC2_NOTPOP(0)); 50 /*if (timings && (timings->mem_clock == MEM_CLOCK_1067MT)) 51 MCHBAR32(CxDRC2_MCHBAR(ch)) |= CxDRC2_CLK1067MT;*/ 52 53 /* Program rank boundaries (CxDRBy). */ 54 for (r = 0; r < RANKS_PER_CHANNEL; r += 2)
CID 1229565: Bad bit shift operation (BAD_SHIFT) In expression "0x1fc << (r + 1) * 16", left shifting by more than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", is as much as 48.55 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = 56 CxDRBy_BOUND_MB(r, 128) | 57 CxDRBy_BOUND_MB(r+1, 128); 58 } 59 /* Set DCC mode to no operation and do magic 0xf0 thing. */ 60 MCHBAR32(DCC_MCHBAR) = /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset() 49 ~(ch ? 0 : CxDRC2_NOTPOP(0)); 50 /*if (timings && (timings->mem_clock == MEM_CLOCK_1067MT)) 51 MCHBAR32(CxDRC2_MCHBAR(ch)) |= CxDRC2_CLK1067MT;*/ 52 53 /* Program rank boundaries (CxDRBy). */ 54 for (r = 0; r < RANKS_PER_CHANNEL; r += 2)
CID 1229565: Bad bit shift operation (BAD_SHIFT) In expression "4 << (r + 1) * 16", left shifting by more than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", is as much as 48.55 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = 56 CxDRBy_BOUND_MB(r, 128) | 57 CxDRBy_BOUND_MB(r+1, 128); 58 } 59 /* Set DCC mode to no operation and do magic 0xf0 thing. */ 60 MCHBAR32(DCC_MCHBAR) =
*** CID 1229563: Bad bit shift operation (BAD_SHIFT) /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map() 1187 } 1188 reg |= CxDRBy_BOUND_MB(r, base); 1189 IF_RANK_POPULATED(dimms, ch, r+1) { 1190 base += rank_capacity_mb; 1191 total_mb[ch] += rank_capacity_mb; 1192 }
CID 1229563: Bad bit shift operation (BAD_SHIFT) In expression "(base >> 5) << (r + 1) * 16", left shifting by more than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", is 48.1193 reg |= CxDRBy_BOUND_MB(r+1, base); 1194 1195 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = reg; 1196 } 1197 } 1198 /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map() 1187 } 1188 reg |= CxDRBy_BOUND_MB(r, base); 1189 IF_RANK_POPULATED(dimms, ch, r+1) { 1190 base += rank_capacity_mb; 1191 total_mb[ch] += rank_capacity_mb; 1192 }
CID 1229563: Bad bit shift operation (BAD_SHIFT) In expression "0x1fc << (r + 1) * 16", left shifting by more than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", is 48.1193 reg |= CxDRBy_BOUND_MB(r+1, base); 1194 1195 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = reg; 1196 } 1197 } 1198 /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map() 1187 } 1188 reg |= CxDRBy_BOUND_MB(r, base); 1189 IF_RANK_POPULATED(dimms, ch, r+1) { 1190 base += rank_capacity_mb; 1191 total_mb[ch] += rank_capacity_mb; 1192 }
CID 1229563: Bad bit shift operation (BAD_SHIFT) In expression "(base >> 5) << (r + 1) * 16", left shifting by more than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", is as much as 48.1193 reg |= CxDRBy_BOUND_MB(r+1, base); 1194 1195 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = reg; 1196 } 1197 } 1198 /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map() 1187 } 1188 reg |= CxDRBy_BOUND_MB(r, base); 1189 IF_RANK_POPULATED(dimms, ch, r+1) { 1190 base += rank_capacity_mb; 1191 total_mb[ch] += rank_capacity_mb; 1192 }
CID 1229563: Bad bit shift operation (BAD_SHIFT) In expression "0x1fc << (r + 1) * 16", left shifting by more than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", is as much as 48.1193 reg |= CxDRBy_BOUND_MB(r+1, base); 1194 1195 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = reg; 1196 } 1197 } 1198
*** CID 1229564: Bad bit shift operation (BAD_SHIFT) /src/northbridge/via/vx900/chrome9hd.c: 238 in chrome9hd_handle_uma() 232 233 /* Step 7 - Let GFX know the framebuffer size (through PCI and IOCTL) 234 * The size we set here affects the behavior of BAR2, and the amount of 235 * MMIO space it requests. The default is 512MB, so if we don't set this 236 * before reading the resources, we could waste space below 4G */ 237 pci_write_config8(dev, 0xb2, ((0xff << (fb_pow - 2)) & ~(1 << 7)));
CID 1229564: Bad bit shift operation (BAD_SHIFT) In expression "0xff << fb_pow - 1", left shifting by more than 31 bits has undefined behavior. The shift amount, "fb_pow - 1", is 254.238 vga_sr_write(0x68, (0xff << (fb_pow - 1))); 239 /* And also that the framebuffer is in the system, RAM */ 240 pci_mod_config8(dev, 0xb0, 0, 1 << 0); 241 } 242 243 /** /src/northbridge/via/vx900/chrome9hd.c: 237 in chrome9hd_handle_uma() 231 pci_mod_config8(mcu, 0xa1, 7 << 4, (fb_pow - 2) << 4); 232 233 /* Step 7 - Let GFX know the framebuffer size (through PCI and IOCTL) 234 * The size we set here affects the behavior of BAR2, and the amount of 235 * MMIO space it requests. The default is 512MB, so if we don't set this 236 * before reading the resources, we could waste space below 4G */
CID 1229564: Bad bit shift operation (BAD_SHIFT) In expression "0xff << fb_pow - 2", left shifting by more than 31 bits has undefined behavior. The shift amount, "fb_pow - 2", is 253.237 pci_write_config8(dev, 0xb2, ((0xff << (fb_pow - 2)) & ~(1 << 7))); 238 vga_sr_write(0x68, (0xff << (fb_pow - 1))); 239 /* And also that the framebuffer is in the system, RAM */ 240 pci_mod_config8(dev, 0xb0, 0, 1 << 0); 241 } 242 /src/northbridge/via/vx900/chrome9hd.c: 238 in chrome9hd_handle_uma() 232 233 /* Step 7 - Let GFX know the framebuffer size (through PCI and IOCTL) 234 * The size we set here affects the behavior of BAR2, and the amount of 235 * MMIO space it requests. The default is 512MB, so if we don't set this 236 * before reading the resources, we could waste space below 4G */ 237 pci_write_config8(dev, 0xb2, ((0xff << (fb_pow - 2)) & ~(1 << 7)));
CID 1229564: Bad bit shift operation (BAD_SHIFT) In expression "0xff << fb_pow - 1", shifting by a negative amount has undefined behavior. The shift amount, "fb_pow - 1", is -1.238 vga_sr_write(0x68, (0xff << (fb_pow - 1))); 239 /* And also that the framebuffer is in the system, RAM */ 240 pci_mod_config8(dev, 0xb0, 0, 1 << 0); 241 } 242 243 /** /src/northbridge/via/vx900/chrome9hd.c: 237 in chrome9hd_handle_uma() 231 pci_mod_config8(mcu, 0xa1, 7 << 4, (fb_pow - 2) << 4); 232 233 /* Step 7 - Let GFX know the framebuffer size (through PCI and IOCTL) 234 * The size we set here affects the behavior of BAR2, and the amount of 235 * MMIO space it requests. The default is 512MB, so if we don't set this 236 * before reading the resources, we could waste space below 4G */
CID 1229564: Bad bit shift operation (BAD_SHIFT) In expression "0xff << fb_pow - 2", shifting by a negative amount has undefined behavior. The shift amount, "fb_pow - 2", is -2.237 pci_write_config8(dev, 0xb2, ((0xff << (fb_pow - 2)) & ~(1 << 7))); 238 vga_sr_write(0x68, (0xff << (fb_pow - 1))); 239 /* And also that the framebuffer is in the system, RAM */ 240 pci_mod_config8(dev, 0xb0, 0, 1 << 0); 241 } 242
*** CID 1229562: Bad bit shift operation (BAD_SHIFT) /src/northbridge/intel/nehalem/raminit.c: 1507 in program_total_memory_map() 1501 1502 { 1503 u32 t; 1504 1505 gav(t = pcie_read_config32(PCI_DEV(QUICKPATH_BUS, 0, 1), 0x68)); 1506 if (t & 0x800)
CID 1229562: Bad bit shift operation (BAD_SHIFT) In expression "1 << find_lowest_bit_set32(t >> 20)", shifting by a negative amount has undefined behavior. The shift amount, "find_lowest_bit_set32(t >> 20)", is -1.1507 quickpath_reserved = 1508 (1 << find_lowest_bit_set32(t >> 20)); 1509 } 1510 if (memory_remap) 1511 TOUUD -= quickpath_reserved; 1512
*** CID 1229560: Bad bit shift operation (BAD_SHIFT) /src/northbridge/intel/i3100/raminit.c: 772 in set_receive_enable() 766 work32h = dcal_data32_2; 767 cnt = 32; 768 } 769 if(!bit) break; 770 } 771 for(;;bit--,cnt--) {
CID 1229560: Bad bit shift operation (BAD_SHIFT) In expression "1 << cnt", left shifting by more than 31 bits has undefined behavior. The shift amount, "cnt", is 32.772 if(!(work32l & (1<<cnt))) 773 break; 774 if(!cnt) { 775 work32l = dcal_data32_0; 776 work32h = dcal_data32_2; 777 cnt = 32;
*** CID 1229559: Bad bit shift operation (BAD_SHIFT) /src/mainboard/google/butterfly/chromeos.c: 120 in get_pch_gpio() 114 115 if (gpio_num > 64){ 116 u32 gp_lvl3 = inl(gpio_base + GP_LVL3); 117 retval = ((gp_lvl3 >> (gpio_num - 64)) & 1); 118 } else if (gpio_num > 32){ 119 u32 gp_lvl2 = inl(gpio_base + GP_LVL2);
CID 1229559: Bad bit shift operation (BAD_SHIFT) In expression "gp_lvl2 >> gpio_num - 32", right shifting by more than 31 bits has undefined behavior. The shift amount, "gpio_num - 32", is as much as 32.120 retval = ((gp_lvl2 >> (gpio_num - 32)) & 1); 121 } else { 122 u32 gp_lvl = inl(gpio_base + GP_LVL); 123 retval = ((gp_lvl >> gpio_num) & 1); 124 } 125 /src/mainboard/google/butterfly/chromeos.c: 123 in get_pch_gpio() 117 retval = ((gp_lvl3 >> (gpio_num - 64)) & 1); 118 } else if (gpio_num > 32){ 119 u32 gp_lvl2 = inl(gpio_base + GP_LVL2); 120 retval = ((gp_lvl2 >> (gpio_num - 32)) & 1); 121 } else { 122 u32 gp_lvl = inl(gpio_base + GP_LVL);
CID 1229559: Bad bit shift operation (BAD_SHIFT) In expression "gp_lvl >> gpio_num", right shifting by more than 31 bits has undefined behavior. The shift amount, "gpio_num", is as much as 32.123 retval = ((gp_lvl >> gpio_num) & 1); 124 } 125 126 return retval; 127 } 128
*** CID 1229558: Bad bit shift operation (BAD_SHIFT) /src/southbridge/sis/sis966/sis966.c: 79 in sis966_enable() 73 struct southbridge_sis_sis966_config *conf; 74 conf = dev->chip_info; 75 int i; 76 77 if(dev->device==0x0000) { 78 vendorid = pci_read_config32(dev, PCI_VENDOR_ID);
CID 1229558: Bad bit shift operation (BAD_SHIFT) In expression "vendorid >> 16", right shifting "vendorid" by more than 15 bits always yields zero. The shift amount is 16.79 deviceid = (vendorid>>16) & 0xffff; 80 // vendorid &= 0xffff; 81 } else { 82 // vendorid = dev->vendor; 83 deviceid = dev->device; 84 }
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/1016?tab=overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
Am 28.09.2014 um 09:12 schrieb Paul Menzel:
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
Defect(s) Reported-by: Coverity Scan Showing 20 of 253 defect(s)
Those many new reports are because the prior two builds didn't track our cross compilers, so only covered util/* This one is complete again.
See https://scan.coverity.com/projects/1016?tab=overview and fix some bugs! :-)
Patrick
-
Patrick Georgi -
Paul Menzel