[coreboot] New Defects reported by Coverity Scan for coreboot
scan-admin at coverity.com
scan-admin at coverity.com
Fri May 18 16:15:48 CEST 2018
Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
7 new defect(s) introduced to coreboot found with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)
** CID 1391085: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 1868 in do_raminit()
________________________________________________________________________________________________________
*** CID 1391085: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 1868 in do_raminit()
1862 if (s->boot_path != BOOT_PATH_WARM_RESET) {
1863 // Clear self refresh
1864 MCHBAR32(PMSTS_MCHBAR) = MCHBAR32(PMSTS_MCHBAR)
1865 | PMSTS_BOTH_SELFREFRESH;
1866
1867 // Clear host clk gate reg
>>> CID 1391085: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "*((u32 volatile *)0xfed1401c) | 0xffffffffU" is always 0xffffffff regardless of the values of its operands. This occurs as the operand of assignment.
1868 MCHBAR32(0x1c) = MCHBAR32(0x1c) | 0xffffffff;
1869
1870 // Select type
1871 if (s->spd_type == DDR2)
1872 MCHBAR8(0x1a8) = MCHBAR8(0x1a8) & ~0x4;
1873 else
** CID 1391091: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 671 in program_timings()
________________________________________________________________________________________________________
*** CID 1391091: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 671 in program_timings()
665
666 reg16 &= 0x7;
667 reg16 += twl + 9;
668 reg16 <<= 10;
669 MCHBAR16(0x400*i + 0x24d) = (MCHBAR16(0x400*i + 0x24d) & ~0x7c00) | reg16;
670 MCHBAR8(0x400*i + 0x267) = (MCHBAR8(0x400*i + 0x267) & ~0x3f) | 0x13;
>>> CID 1391091: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "*((u8 volatile *)(4275126272U + (1024 * i + 616))) & -256 /* ~0xff */" is always 0 regardless of the values of its operands. This occurs as the bitwise first operand of "|".
671 MCHBAR8(0x400*i + 0x268) = (MCHBAR8(0x400*i + 0x268) & ~0xff) | 0x4a;
672
673 reg16 = (MCHBAR16(0x400*i + 0x269) & 0xc000) >> 2;
674 reg16 += 2 << 12;
675 reg16 |= (0x15 << 6) | 0x1f;
676 MCHBAR16(0x400*i + 0x26d) = (MCHBAR16(0x400*i + 0x26d) & ~0x7fff) | reg16;
** CID 1391090: (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 1148 in prog_rcomp()
/src/northbridge/intel/x4x/raminit_ddr23.c: 1193 in prog_rcomp()
________________________________________________________________________________________________________
*** CID 1391090: (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 1148 in prog_rcomp()
1142 FOR_EACH_POPULATED_CHANNEL(s->dimms, i) {
1143 for (j = 0; j < 6; j++) {
1144 if (j == 0) {
1145 MCHBAR32(0x400*i + addr[j]) =
1146 (MCHBAR32(0x400*i + addr[j]) & ~0xff000)
1147 | 0xaa000;
>>> CID 1391090: (CONSTANT_EXPRESSION_RESULT)
>>> "*((u16 volatile *)(4275126272U + (1024 * i + 800))) & -65536 /* ~0xffff */" is always 0 regardless of the values of its operands. This occurs as the bitwise first operand of "|".
1148 MCHBAR16(0x400*i + 0x320) = (MCHBAR16(0x400*i + 0x320)
1149 & ~0xffff) | 0x6666;
1150 for (k = 0; k < 8; k++) {
1151 MCHBAR32(0x400*i + addr[j] + 0xe + (k << 2)) =
1152 (MCHBAR32(0x400*i + addr[j] + 0xe + (k << 2))
1153 & ~0x3f3f3f3f) | x32a[k];
/src/northbridge/intel/x4x/raminit_ddr23.c: 1193 in prog_rcomp()
1187 (MCHBAR32(0x400*i + addr[j] + 0x2a)
1188 & ~0x3f3f3f3f) | x39e[j];
1189 }
1190 if (s->spd_type == DDR3
1191 && BOTH_DIMMS_ARE_POPULATED(s->dimms, i)) {
1192 MCHBAR16(0x378 + 0x400 * i) =
>>> CID 1391090: (CONSTANT_EXPRESSION_RESULT)
>>> "*((u16 volatile *)(4275126272U + (888 + 1024 * i))) & -65536 /* ~0xffff */" is always 0 regardless of the values of its operands. This occurs as the bitwise first operand of "|".
1193 (MCHBAR16(0x378 + 0x400 * i)
1194 & ~0xffff) | 0xcccc;
1195 }
1196 MCHBAR8(0x400*i + addr[j]) = (MCHBAR8(0x400*i + addr[j]) & ~1) | bit[j];
1197 }
1198 reg8 = (s->spd_type == DDR2) ? 0x12 : 0x36;
** CID 1391089: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 848 in program_dll()
________________________________________________________________________________________________________
*** CID 1391089: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 848 in program_dll()
842
843 FOR_EACH_POPULATED_CHANNEL(s->dimms, i) {
844 MCHBAR16(0x400*i + 0x5f0) = (MCHBAR16(0x400*i + 0x5f0) & ~0x3fc) | 0x3fc;
845 MCHBAR32(0x400*i + 0x5fc) = MCHBAR32(0x400*i + 0x5fc) & ~0xcccccccc;
846 MCHBAR8(0x400*i + 0x5d9) = (MCHBAR8(0x400*i + 0x5d9) & ~0xf0)
847 | (s->spd_type == DDR2 ? 0x70 : 0x60);
>>> CID 1391089: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "*((u16 volatile *)(4275126272U + (1024 * i + 1424))) & -65536 /* ~0xffff */" is always 0 regardless of the values of its operands. This occurs as the bitwise first operand of "|".
848 MCHBAR16(0x400*i + 0x590) = (MCHBAR16(0x400*i + 0x590) & ~0xffff)
849 | (s->spd_type == DDR2 ? 0x5555 : 0xa955);
850 }
851
852 FOR_EACH_POPULATED_CHANNEL(s->dimms, i) {
853 const struct dll_setting *setting;
** CID 1391088: Integer handling issues (DIVIDE_BY_ZERO)
/src/northbridge/intel/x4x/raminit_ddr23.c: 610 in program_timings()
________________________________________________________________________________________________________
*** CID 1391088: Integer handling issues (DIVIDE_BY_ZERO)
/src/northbridge/intel/x4x/raminit_ddr23.c: 610 in program_timings()
604
605 fsb = fsb2ps[s->selected_timings.fsb_clk];
606 ddr = ddr2ps[s->selected_timings.mem_clk];
607 reg32 = (u32)((s->selected_timings.CAS + 7 + reg8) * ddr);
608 reg32 = (u32)((reg32 / fsb) << 8);
609 reg32 |= 0x0e000000;
>>> CID 1391088: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "fsb2mhz(s->selected_timings.fsb_clk) / ddr2mhz(s->selected_timings.mem_clk)", division by expression "ddr2mhz(s->selected_timings.mem_clk)" which may be zero has undefined behavior.
610 if ((fsb2mhz(s->selected_timings.fsb_clk) /
611 ddr2mhz(s->selected_timings.mem_clk)) > 2) {
612 reg32 |= 1 << 24;
613 }
614 MCHBAR32(0x400*i + 0x248) = (MCHBAR32(0x400*i + 0x248) & ~0x0f001f00) |
615 reg32;
** CID 1391087: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 1163 in prog_rcomp()
________________________________________________________________________________________________________
*** CID 1391087: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 1163 in prog_rcomp()
1157 }
1158 } else {
1159 MCHBAR16(0x400*i + addr[j]) =
1160 (MCHBAR16(0x400*i + addr[j])
1161 & ~0xf000) | 0xa000;
1162 MCHBAR16(0x400*i + addr[j] + 4) =
>>> CID 1391087: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "*((u16 volatile *)(4275126272U + (1024 * i + addr[j] + 4))) & -65536 /* ~0xffff */" is always 0 regardless of the values of its operands. This occurs as the bitwise first operand of "|".
1163 (MCHBAR16(0x400*i + addr[j] + 4)
1164 & ~0xffff) | x378[j];
1165 MCHBAR32(0x400*i + addr[j] + 0xe) =
1166 (MCHBAR32(0x400*i + addr[j] + 0xe)
1167 & ~0x3f3f3f3f) | x382[j];
1168 MCHBAR32(0x400*i + addr[j] + 0x12) =
** CID 1391086: Integer handling issues (BAD_SHIFT)
/src/northbridge/via/vx900/memmap.c: 84 in vx900_set_chrome9hd_fb_size()
________________________________________________________________________________________________________
*** CID 1391086: Integer handling issues (BAD_SHIFT)
/src/northbridge/via/vx900/memmap.c: 84 in vx900_set_chrome9hd_fb_size()
78
79 /* Now round the framebuffer size to the closest power of 2 */
80 u8 fb_pow = 0;
81 while (size_mb >> fb_pow)
82 fb_pow++;
83 fb_pow--;
>>> CID 1391086: Integer handling issues (BAD_SHIFT)
>>> In expression "1 << fb_pow", left shifting by more than 31 bits has undefined behavior. The shift amount, "fb_pow", is 255.
84 size_mb = (1 << fb_pow);
85
86 pci_mod_config8(MCU, 0xa1, 7 << 4, (fb_pow - 2) << 4);
87 }
88
89 /* Gets the configured framebuffer size as a power of 2 */
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvQ-3D-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5ac6JHx-2BaRpzujURnykPguwO1-2BtP-2FQtQNtg2DuHDyydWhXTu7AFjcNHKg9G71X-2FKYT4xSoXEOHocLlFgZT9wigfbSHG-2Bcz9-2FbiQZmoiVnuToSbtiBVFWdEtdB6opdy75Kok3jqLnMQJtQcMvBNoLQnz-2BrGn7WL8YhnV-2F3ELbgtl3-2Fvc6pd8JtdoUmUxUI3di-2BY-3D
More information about the coreboot
mailing list