[coreboot] New Defects reported by Coverity Scan for coreboot

scan-admin at coverity.com scan-admin at coverity.com
Fri May 18 16:15:48 CEST 2018 

Hi,

Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.

7 new defect(s) introduced to coreboot found with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)


** CID 1391085:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 1868 in do_raminit()


________________________________________________________________________________________________________
*** CID 1391085:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 1868 in do_raminit()
1862     	if (s->boot_path != BOOT_PATH_WARM_RESET) {
1863     		// Clear self refresh
1864     		MCHBAR32(PMSTS_MCHBAR) = MCHBAR32(PMSTS_MCHBAR)
1865     			| PMSTS_BOTH_SELFREFRESH;
1866     
1867     		// Clear host clk gate reg
>>>     CID 1391085:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
>>>     "*((u32 volatile *)0xfed1401c) | 0xffffffffU" is always 0xffffffff regardless of the values of its operands. This occurs as the operand of assignment.
1868     		MCHBAR32(0x1c) = MCHBAR32(0x1c) | 0xffffffff;
1869     
1870     		// Select type
1871     		if (s->spd_type == DDR2)
1872     			MCHBAR8(0x1a8) = MCHBAR8(0x1a8) & ~0x4;
1873     		else

** CID 1391091:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 671 in program_timings()


________________________________________________________________________________________________________
*** CID 1391091:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 671 in program_timings()
665     
666     		reg16 &= 0x7;
667     		reg16 += twl + 9;
668     		reg16 <<= 10;
669     		MCHBAR16(0x400*i + 0x24d) = (MCHBAR16(0x400*i + 0x24d) & ~0x7c00) | reg16;
670     		MCHBAR8(0x400*i + 0x267) = (MCHBAR8(0x400*i + 0x267) & ~0x3f) | 0x13;
>>>     CID 1391091:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
>>>     "*((u8 volatile *)(4275126272U + (1024 * i + 616))) & -256 /* ~0xff */" is always 0 regardless of the values of its operands. This occurs as the bitwise first operand of "|".
671     		MCHBAR8(0x400*i + 0x268) = (MCHBAR8(0x400*i + 0x268) & ~0xff) | 0x4a;
672     
673     		reg16 = (MCHBAR16(0x400*i + 0x269) & 0xc000) >> 2;
674     		reg16 += 2 << 12;
675     		reg16 |= (0x15 << 6) | 0x1f;
676     		MCHBAR16(0x400*i + 0x26d) = (MCHBAR16(0x400*i + 0x26d) & ~0x7fff) | reg16;

** CID 1391090:    (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 1148 in prog_rcomp()
/src/northbridge/intel/x4x/raminit_ddr23.c: 1193 in prog_rcomp()


________________________________________________________________________________________________________
*** CID 1391090:    (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 1148 in prog_rcomp()
1142     	FOR_EACH_POPULATED_CHANNEL(s->dimms, i) {
1143     		for (j = 0; j < 6; j++) {
1144     			if (j == 0) {
1145     				MCHBAR32(0x400*i + addr[j]) =
1146     					(MCHBAR32(0x400*i + addr[j]) & ~0xff000)
1147     					| 0xaa000;
>>>     CID 1391090:    (CONSTANT_EXPRESSION_RESULT)
>>>     "*((u16 volatile *)(4275126272U + (1024 * i + 800))) & -65536 /* ~0xffff */" is always 0 regardless of the values of its operands. This occurs as the bitwise first operand of "|".
1148     				MCHBAR16(0x400*i + 0x320) = (MCHBAR16(0x400*i + 0x320)
1149     							& ~0xffff) | 0x6666;
1150     				for (k = 0; k < 8; k++) {
1151     					MCHBAR32(0x400*i + addr[j] + 0xe + (k << 2)) =
1152     						(MCHBAR32(0x400*i + addr[j] + 0xe + (k << 2))
1153     							& ~0x3f3f3f3f) | x32a[k];
/src/northbridge/intel/x4x/raminit_ddr23.c: 1193 in prog_rcomp()
1187     					(MCHBAR32(0x400*i + addr[j] + 0x2a)
1188     						& ~0x3f3f3f3f) | x39e[j];
1189     			}
1190     			if (s->spd_type == DDR3
1191     				&& BOTH_DIMMS_ARE_POPULATED(s->dimms, i)) {
1192     					MCHBAR16(0x378 + 0x400 * i) =
>>>     CID 1391090:    (CONSTANT_EXPRESSION_RESULT)
>>>     "*((u16 volatile *)(4275126272U + (888 + 1024 * i))) & -65536 /* ~0xffff */" is always 0 regardless of the values of its operands. This occurs as the bitwise first operand of "|".
1193     						(MCHBAR16(0x378 + 0x400 * i)
1194     							& ~0xffff) | 0xcccc;
1195     			}
1196     			MCHBAR8(0x400*i + addr[j]) = (MCHBAR8(0x400*i + addr[j]) & ~1) | bit[j];
1197     		}
1198     		reg8 = (s->spd_type == DDR2) ? 0x12 : 0x36;

** CID 1391089:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 848 in program_dll()


________________________________________________________________________________________________________
*** CID 1391089:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 848 in program_dll()
842     
843     	FOR_EACH_POPULATED_CHANNEL(s->dimms, i) {
844     		MCHBAR16(0x400*i + 0x5f0) = (MCHBAR16(0x400*i + 0x5f0) & ~0x3fc) | 0x3fc;
845     		MCHBAR32(0x400*i + 0x5fc) = MCHBAR32(0x400*i + 0x5fc) & ~0xcccccccc;
846     		MCHBAR8(0x400*i + 0x5d9) = (MCHBAR8(0x400*i + 0x5d9) & ~0xf0)
847     			| (s->spd_type == DDR2 ? 0x70 : 0x60);
>>>     CID 1391089:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
>>>     "*((u16 volatile *)(4275126272U + (1024 * i + 1424))) & -65536 /* ~0xffff */" is always 0 regardless of the values of its operands. This occurs as the bitwise first operand of "|".
848     		MCHBAR16(0x400*i + 0x590) = (MCHBAR16(0x400*i + 0x590) & ~0xffff)
849     			| (s->spd_type == DDR2 ? 0x5555 : 0xa955);
850     	}
851     
852     	FOR_EACH_POPULATED_CHANNEL(s->dimms, i) {
853     		const struct dll_setting *setting;

** CID 1391088:  Integer handling issues  (DIVIDE_BY_ZERO)
/src/northbridge/intel/x4x/raminit_ddr23.c: 610 in program_timings()


________________________________________________________________________________________________________
*** CID 1391088:  Integer handling issues  (DIVIDE_BY_ZERO)
/src/northbridge/intel/x4x/raminit_ddr23.c: 610 in program_timings()
604     
605     		fsb = fsb2ps[s->selected_timings.fsb_clk];
606     		ddr = ddr2ps[s->selected_timings.mem_clk];
607     		reg32 = (u32)((s->selected_timings.CAS + 7 + reg8) * ddr);
608     		reg32 = (u32)((reg32 / fsb) << 8);
609     		reg32 |= 0x0e000000;
>>>     CID 1391088:  Integer handling issues  (DIVIDE_BY_ZERO)
>>>     In expression "fsb2mhz(s->selected_timings.fsb_clk) / ddr2mhz(s->selected_timings.mem_clk)", division by expression "ddr2mhz(s->selected_timings.mem_clk)" which may be zero has undefined behavior.
610     		if ((fsb2mhz(s->selected_timings.fsb_clk) /
611     		     ddr2mhz(s->selected_timings.mem_clk)) > 2) {
612     			reg32 |= 1 << 24;
613     		}
614     		MCHBAR32(0x400*i + 0x248) = (MCHBAR32(0x400*i + 0x248) & ~0x0f001f00) |
615     			reg32;

** CID 1391087:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 1163 in prog_rcomp()


________________________________________________________________________________________________________
*** CID 1391087:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 1163 in prog_rcomp()
1157     				}
1158     			} else {
1159     				MCHBAR16(0x400*i + addr[j]) =
1160     					(MCHBAR16(0x400*i + addr[j])
1161     						& ~0xf000) | 0xa000;
1162     				MCHBAR16(0x400*i + addr[j] + 4) =
>>>     CID 1391087:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
>>>     "*((u16 volatile *)(4275126272U + (1024 * i + addr[j] + 4))) & -65536 /* ~0xffff */" is always 0 regardless of the values of its operands. This occurs as the bitwise first operand of "|".
1163     					(MCHBAR16(0x400*i + addr[j] + 4)
1164     						& ~0xffff) | x378[j];
1165     				MCHBAR32(0x400*i + addr[j] + 0xe) =
1166     					(MCHBAR32(0x400*i + addr[j] + 0xe)
1167     						& ~0x3f3f3f3f) | x382[j];
1168     				MCHBAR32(0x400*i + addr[j] + 0x12) =

** CID 1391086:  Integer handling issues  (BAD_SHIFT)
/src/northbridge/via/vx900/memmap.c: 84 in vx900_set_chrome9hd_fb_size()


________________________________________________________________________________________________________
*** CID 1391086:  Integer handling issues  (BAD_SHIFT)
/src/northbridge/via/vx900/memmap.c: 84 in vx900_set_chrome9hd_fb_size()
78     
79     	/* Now round the framebuffer size to the closest power of 2 */
80     	u8 fb_pow = 0;
81     	while (size_mb >> fb_pow)
82     		fb_pow++;
83     	fb_pow--;
>>>     CID 1391086:  Integer handling issues  (BAD_SHIFT)
>>>     In expression "1 << fb_pow", left shifting by more than 31 bits has undefined behavior.  The shift amount, "fb_pow", is 255.
84     	size_mb = (1 << fb_pow);
85     
86     	pci_mod_config8(MCU, 0xa1, 7 << 4, (fb_pow - 2) << 4);
87     }
88     
89     /* Gets the configured framebuffer size as a power of 2 */


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvQ-3D-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5ac6JHx-2BaRpzujURnykPguwO1-2BtP-2FQtQNtg2DuHDyydWhXTu7AFjcNHKg9G71X-2FKYT4xSoXEOHocLlFgZT9wigfbSHG-2Bcz9-2FbiQZmoiVnuToSbtiBVFWdEtdB6opdy75Kok3jqLnMQJtQcMvBNoLQnz-2BrGn7WL8YhnV-2F3ELbgtl3-2Fvc6pd8JtdoUmUxUI3di-2BY-3D

More information about the coreboot mailing list