Smatch reports for drivers/scsi/scsi.c

Tom Rini trini at konsulko.com
Fri Jul 4 22:51:16 CEST 2025 

On Wed, Jul 02, 2025 at 02:45:48PM +0100, Andrew Goodbody wrote:
> Hi,
> 
> Smatch reports the following for drivers/scsi/scsi.c
> 
> drivers/scsi/scsi.c:165 scsi_setup_erase_ext() warn: right shifting more
> than type allows 16 vs 24
> drivers/scsi/scsi.c:166 scsi_setup_erase_ext() warn: right shifting more
> than type allows 16 vs 16
> 
> I just wanted some ideas on the best way to resolve this. There are
> differing patterns even within this file about how the number of blocks
> parameter should be handled in calls to static functions. In all cases the
> value starts as a lbaint_t which can be a long or a 64 bit type.
> 
> 1) in scsi_read there are calls to scsi_setup_read_ext whose third parameter
> is an unsigned short. The lbaint_t variable is assigned to an unsigned short
> (smallblks), which will simply truncate the value, before smallblks is
> passed as the 3rd parameter to scsi_setup_read_ext.
> In scsi_setup_read_ext the third parameter (blocks) is split into 2 bytes. A
> third byte is set to 0 and I am guessing that if appropriate this could have
> taken a higher order byte if that had made sense.
> 
> 2) scsi_write is similar to scsi_read
> 
> 3) scsi_erase calls scsi_setup_erase_ext with lbaint_t as the third
> parameter. scsi_setup_erase_ext takes unsigned short so there is an implicit
> truncation here. Here is where Smatch complains as this unsigned short is
> shifted 16 or 24 bits to the right, both of which exceed the size of this
> type.
> 
> So possible fixes are to make all three functions consistent and take an
> lbaint_t as the third parameter. Or to make scsi_setup_erase_ext like the
> other two and just hard code those bytes with excessive shifts to be 0. Can
> probably remove the use of the smallblks variable at the same time.

I suspect the best functional answer would be to use lbaint_t all around
and cleanup/make sure we're good when SYS_64BIT_LBA is enabled.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250704/33915468/attachment.sig>

More information about the U-Boot mailing list