- TF-A - lists.trustedfirmware.org

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 2 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 458349: Integer handling issues (INCOMPATIBLE_CAST) ________________________________________________________________________________________________________ *** CID 458349: Integer handling issues (INCOMPATIBLE_CAST) /plat/intel/soc/common/socfpga_sip_svc.c: 2190 in sip_smc_handler_v1() 2184 SMC_RET1(handle, status); 2185 } else { 2186 SMC_RET3(handle, seu_respbuf[0], seu_respbuf[1], seu_respbuf[2]); 2187 } 2188 2189 case INTEL_SIP_SMC_SAFE_INJECT_SEU_ERR: >>> CID 458349: Integer handling issues (INCOMPATIBLE_CAST) >>> Pointer "&x1" points to an object whose effective type is "unsigned long" (64 bits, unsigned) but is dereferenced as a narrower "unsigned int" (32 bits, unsigned). This may lead to unexpected results depending on machine endianness. 2190 status = intel_sdm_safe_inject_seu_err((uint32_t *)&x1, (uint32_t)x2); 2191 SMC_RET1(handle, status); 2192 2193 case INTEL_SIP_SMC_ATF_BUILD_VER: 2194 SMC_RET4(handle, INTEL_SIP_SMC_STATUS_OK, VERSION_MAJOR, 2195 VERSION_MINOR, VERSION_PATCH); ** CID 458348: Integer handling issues (INCOMPATIBLE_CAST) ________________________________________________________________________________________________________ *** CID 458348: Integer handling issues (INCOMPATIBLE_CAST) /plat/intel/soc/common/socfpga_sip_svc.c: 1250 in sip_smc_handler_v3() 1244 0); 1245 SMC_RET1(handle, status); 1246 } 1247 1248 case ALTERA_SIP_SMC_ASYNC_FCS_GET_ATTESTATION_CERT: 1249 { >>> CID 458348: Integer handling issues (INCOMPATIBLE_CAST) >>> Pointer "&x4" points to an object whose effective type is "unsigned long" (64 bits, unsigned) but is dereferenced as a narrower "unsigned int" (32 bits, unsigned). This may lead to unexpected results depending on machine endianness. 1250 status = intel_fcs_get_attestation_cert(smc_fid, x1, x2, x3, 1251 (uint32_t *) &x4, &mbox_error); 1252 SMC_RET1(handle, status); 1253 } 1254 1255 case ALTERA_SIP_SMC_ASYNC_FCS_CREATE_CERT_ON_RELOAD: ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/arm-software-arm-trusted-firmware?tab=ov…

1 day, 3 hours

1
0
0 0

Removal of erratum titled “Disabling of data prefetcher with outstanding prefetch TLB miss might cause a deadlock”.

by Govindraj Raja

Hi All, If you're downstream platform maintainer or maintainer for mtk or qti platforms for TF-A, I want to bring to your attention about this patch in review - https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/36700 This patch removes erratum titled “Disabling of data prefetcher with outstanding prefetch TLB miss might cause a deadlock” this should not be handled within TF-A. The static setting of PF_MODE in TF-A does not correctly address the erratum and may introduce unnecessary performance degradation on platforms that adopt it without fully understanding its implications. -- Thanks, Govindraj R

4 days, 16 hours

1
0
0 0

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 49 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 13 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 49 defect(s) ** CID 457912: Concurrent data access violations (MISSING_LOCK) /services/std_svc/sdei/sdei_event.c: 117 in sdei_get_registered_event_count() ________________________________________________________________________________________________________ *** CID 457912: Concurrent data access violations (MISSING_LOCK) /services/std_svc/sdei/sdei_event.c: 117 in sdei_get_registered_event_count() 111 unsigned int j; 112 int count = 0; 113 114 /* Add up reg counts for each mapping. */ 115 for_each_mapping_type(i, mapping) { 116 iterate_mapping(mapping, j, map) { >>> CID 457912: Concurrent data access violations (MISSING_LOCK) >>> Accessing "map->reg_count" without holding lock "sdei_ev_map.lock". Elsewhere, "sdei_ev_map.reg_count" is written to with "sdei_ev_map.lock" held 2 out of 3 times. 117 count += map->reg_count; 118 } 119 } 120 121 return count; ** CID 457911: Null pointer dereferences (REVERSE_INULL) /plat/mediatek/drivers/cpu_pm/cpcv5_4/mt_cpu_pm.c: 801 in cpupm_invoke() ________________________________________________________________________________________________________ *** CID 457911: Null pointer dereferences (REVERSE_INULL) /plat/mediatek/drivers/cpu_pm/cpcv5_4/mt_cpu_pm.c: 801 in cpupm_invoke() 795 ret = MTK_CPUPM_E_ERR; 796 break; 797 #endif /* CPU_PM_SUSPEND_NOTIFY */ 798 799 #ifdef CPU_PM_PWR_REQ 800 case CPUPM_INVOKE_PWR_REQ_ACTIVE: >>> CID 457911: Null pointer dereferences (REVERSE_INULL) >>> Null-checking "priv" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. 801 if (priv) { 802 if (req->stat.uid == CPUPM_PWR_REQ_UID_MAGIC) 803 req->stat.uid = CPUPM_PWR_STAT_REQ_UID_MAGIC; 804 else 805 ret = MTK_CPUPM_E_ERR; 806 } else ** CID 457910: Integer handling issues (INTEGER_OVERFLOW) /lib/libc/strtoll.c: 128 in strtoll() ________________________________________________________________________________________________________ *** CID 457910: Integer handling issues (INTEGER_OVERFLOW) /lib/libc/strtoll.c: 128 in strtoll() 122 any = 1; 123 acc *= base; 124 acc += c; 125 } 126 } 127 if (any < 0) { >>> CID 457910: Integer handling issues (INTEGER_OVERFLOW) >>> Expression "acc", where "neg ? -9223372036854775808LL : 9223372036854775807LL" is known to be equal to -9223372036854775808, underflows the type of "acc", which is type "unsigned long long". 128 acc = neg ? LLONG_MIN : LLONG_MAX; 129 } else if (neg) 130 acc = -acc; 131 if (endptr != NULL) 132 *endptr = (char *)(any ? s - 1 : nptr); 133 return (acc); ** CID 457909: (INTEGER_OVERFLOW) /drivers/nxp/ddr/nxp-ddr/regs.c: 159 in cal_timing_cfg() /drivers/nxp/ddr/nxp-ddr/regs.c: 128 in cal_timing_cfg() ________________________________________________________________________________________________________ *** CID 457909: (INTEGER_OVERFLOW) /drivers/nxp/ddr/nxp-ddr/regs.c: 159 in cal_timing_cfg() 153 const unsigned int ext_acttopre = picos_to_mclk(clk, 154 pdimm->tras_ps) >> 4U; 155 const unsigned int ext_acttorw = picos_to_mclk(clk, 156 pdimm->trcd_ps) >> 4U; 157 const unsigned int ext_caslat = (2U * cas_latency - 1U) >> 4U; 158 const unsigned int ext_add_lat = additive_latency >> 4U; >>> CID 457909: (INTEGER_OVERFLOW) >>> Expression "picos_to_mclk(clk, pdimm->trfc1_ps) - 8U", where "picos_to_mclk(clk, pdimm->trfc1_ps)" is known to be equal to 0, underflows the type of "picos_to_mclk(clk, pdimm->trfc1_ps) - 8U", which is type "unsigned int". 159 const unsigned int ext_refrec = (picos_to_mclk(clk, 160 pdimm->trfc1_ps) - 8U) >> 4U; 161 const unsigned int ext_wrrec = (picos_to_mclk(clk, pdimm->twr_ps) + 162 (popts->otf_burst_chop_en ? 2U : 0U)) >> 4U; 163 const unsigned int rwt_same_cs = 0U; 164 const unsigned int wrt_same_cs = 0U; /drivers/nxp/ddr/nxp-ddr/regs.c: 128 in cal_timing_cfg() 122 const int acttorw_mclk = picos_to_mclk(clk, pdimm->trcd_ps); 123 const int caslat_ctrl = (cas_latency - 1) << 1; 124 const int trfc1_min = pdimm->die_density >= 0x3 ? 16000 : 125 (pdimm->die_density == 0x4 ? 26000 : 126 (pdimm->die_density == 0x5 ? 35000 : 127 55000)); >>> CID 457909: (INTEGER_OVERFLOW) >>> Expression "refrec_ctrl", where "picos_to_mclk(clk, pdimm->trfc1_ps) - 8U" is known to be equal to 4294967288, overflows the type of "refrec_ctrl", which is type "int const". 128 const int refrec_ctrl = picos_to_mclk(clk, 129 pdimm->trfc1_ps) - 8; 130 int wrrec_mclk = picos_to_mclk(clk, pdimm->twr_ps); 131 const int acttoact_mclk = max(picos_to_mclk(clk, 132 pdimm->trrds_ps), 133 4U); ** CID 457908: (INTEGER_OVERFLOW) /drivers/marvell/amb_adec.c: 70 in amb_check_win() /drivers/marvell/amb_adec.c: 60 in amb_check_win() ________________________________________________________________________________________________________ *** CID 457908: (INTEGER_OVERFLOW) /drivers/marvell/amb_adec.c: 70 in amb_check_win() 64 } 65 66 /* size parameter validity check */ 67 if (!IS_POWER_OF_2(win->win_size)) { 68 WARN("Window %d: window size is not power of 2 (0x%" PRIx64 ")\n", 69 win_num, win->win_size); >>> CID 457908: (INTEGER_OVERFLOW) >>> Expression "win->win_size - 1UL", where "win->win_size" is known to be equal to 0, underflows the type of "win->win_size - 1UL", which is type "unsigned long". 70 win->win_size = ROUND_UP_TO_POW_OF_2(win->win_size); 71 WARN("Rounding size to 0x%" PRIx64 "\n", win->win_size); 72 } 73 } 74 75 static void amb_enable_win(struct addr_map_win *win, uint32_t win_num) /drivers/marvell/amb_adec.c: 60 in amb_check_win() 54 } 55 56 base_addr = win->base_addr << AMB_BASE_OFFSET; 57 /* for AMB The base is always 1M aligned */ 58 /* check if address is aligned to 1M */ 59 if (IS_NOT_ALIGN(base_addr, AMB_WIN_ALIGNMENT_1M)) { >>> CID 457908: (INTEGER_OVERFLOW) >>> Expression "base_addr + 1048576U", where "base_addr" is known to be equal to 4294901760, overflows the type of "base_addr + 1048576U", which is type "unsigned int". 60 win->base_addr = ALIGN_UP(base_addr, AMB_WIN_ALIGNMENT_1M); 61 WARN("Window %d: base address unaligned to 0x%x\n", 62 win_num, AMB_WIN_ALIGNMENT_1M); 63 WARN("Align up the base address to 0x%" PRIx64 "\n", win->base_addr); 64 } 65 ** CID 457907: Control flow issues (DEADCODE) /plat/mediatek/drivers/spm/mt8196/mt_spm_internal.c: 774 in __spm_set_pcm_wdt() ________________________________________________________________________________________________________ *** CID 457907: Control flow issues (DEADCODE) /plat/mediatek/drivers/spm/mt8196/mt_spm_internal.c: 774 in __spm_set_pcm_wdt() 768 /* Enable PCM WDT (normal mode) to start count if needed */ 769 if (en) { 770 mmio_clrsetbits_32(PCM_CON1, REG_PCM_WDT_WAKE_LSB, 771 SPM_REGWR_CFG_KEY); 772 773 if (mmio_read_32(PCM_TIMER_VAL) > PCM_TIMER_MAX) >>> CID 457907: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "mmio_write_32(469779860UL, ...". 774 mmio_write_32(PCM_TIMER_VAL, PCM_TIMER_MAX); 775 mmio_write_32(PCM_WDT_VAL, mmio_read_32(PCM_TIMER_VAL) + 776 PCM_WDT_TIMEOUT); 777 mmio_setbits_32(PCM_CON1, SPM_REGWR_CFG_KEY | 778 REG_PCM_WDT_EN_LSB); 779 } else { ** CID 457906: Integer handling issues (INTEGER_OVERFLOW) /plat/intel/soc/common/soc/socfpga_reset_manager.c: 1274 in socfpga_cpurstrelease() ________________________________________________________________________________________________________ *** CID 457906: Integer handling issues (INTEGER_OVERFLOW) /plat/intel/soc/common/soc/socfpga_reset_manager.c: 1274 in socfpga_cpurstrelease() 1268 cpurstrelease_status = mmio_read_32(SOCFPGA_RSTMGR(CPURSTRELEASE)); 1269 1270 if ((cpurstrelease_status & RSTMGR_CPUSTRELEASE_CPUx) == cpu_id) { 1271 return RSTMGR_RET_OK; 1272 } 1273 udelay(1000); >>> CID 457906: Integer handling issues (INTEGER_OVERFLOW) >>> Expression "timeout--", where "timeout" is known to be equal to 0, underflows the type of "timeout--", which is type "unsigned int". 1274 } while (timeout-- > 0); 1275 1276 return RSTMGR_RET_ERROR; ** CID 457905: Parse warnings (PARSE_ERROR) /mbedtls/library/common.h: 23 in () ________________________________________________________________________________________________________ *** CID 457905: Parse warnings (PARSE_ERROR) /mbedtls/library/common.h: 23 in () 17 #include <assert.h> 18 #include <stddef.h> 19 #include <stdint.h> 20 #include <stddef.h> 21 22 #if defined(__ARM_NEON) >>> CID 457905: Parse warnings (PARSE_ERROR) >>> cannot open source file "arm_neon.h" 23 #include <arm_neon.h> 24 #define MBEDTLS_HAVE_NEON_INTRINSICS 25 #elif defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) 26 #include <arm64_neon.h> 27 #define MBEDTLS_HAVE_NEON_INTRINSICS 28 #endif ** CID 457904: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /plat/rockchip/rk3576/scmi/rk3576_clk.c: 517 in rk3576_lpll_get_rate() ________________________________________________________________________________________________________ *** CID 457904: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /plat/rockchip/rk3576/scmi/rk3576_clk.c: 517 in rk3576_lpll_get_rate() 511 512 rate64 *= m; 513 rate64 = rate64 / p; 514 515 if (k != 0) { 516 /* fractional mode */ >>> CID 457904: Integer handling issues (OVERFLOW_BEFORE_WIDEN) >>> Potentially overflowing expression "24000000U * k" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned). 517 uint64_t frac_rate64 = 24000000 * k; 518 519 postdiv = p * 65536; 520 frac_rate64 = frac_rate64 / postdiv; 521 rate64 += frac_rate64; 522 } ** CID 457903: Integer handling issues (INTEGER_OVERFLOW) /drivers/marvell/mv_ddr/ddr3_training_ip_engine.c: 1905 in mv_ddr_load_dm_pattern_to_odpg() ________________________________________________________________________________________________________ *** CID 457903: Integer handling issues (INTEGER_OVERFLOW) /drivers/marvell/mv_ddr/ddr3_training_ip_engine.c: 1905 in mv_ddr_load_dm_pattern_to_odpg() 1899 data_low = pattern_table_get_word(0, pattern, (u8)(pattern_len * 2)); 1900 data_high = pattern_table_get_word(0, pattern, (u8)(pattern_len * 2 + 1)); 1901 } 1902 1903 /* odpg mbus dm definition is opposite to ddr4 protocol */ 1904 if (dm_dir == DM_DIR_INVERSE) >>> CID 457903: Integer handling issues (INTEGER_OVERFLOW) >>> Expression "dm_data", where "~((data_low & 0xfU) | (data_high & 0xf0U))" is known to be equal to 255, overflows the type of "dm_data", which is type "u8". 1905 dm_data = ~((data_low & LOW_NIBBLE_BYTE_MASK) | (data_high & HIGH_NIBBLE_BYTE_MASK)); 1906 else 1907 dm_data = (data_low & LOW_NIBBLE_BYTE_MASK) | (data_high & HIGH_NIBBLE_BYTE_MASK); 1908 1909 ddr3_tip_if_write(0, access_type, 0, ODPG_DATA_WR_DATA_LOW_REG, data_low, MASK_ALL_BITS); 1910 ddr3_tip_if_write(0, access_type, 0, ODPG_DATA_WR_DATA_HIGH_REG, data_high, MASK_ALL_BITS); ** CID 457902: Insecure data handling (INTEGER_OVERFLOW) ________________________________________________________________________________________________________ *** CID 457902: Insecure data handling (INTEGER_OVERFLOW) /lib/libfdt/fdt_rw.c: 495 in fdt_pack() 489 int mem_rsv_size; 490 491 FDT_RW_PROBE(fdt); 492 493 mem_rsv_size = (fdt_num_mem_rsv(fdt)+1) 494 * sizeof(struct fdt_reserve_entry); >>> CID 457902: Insecure data handling (INTEGER_OVERFLOW) >>> "mem_rsv_size", which might have overflowed, is passed to "fdt_packblocks_(fdt, fdt, mem_rsv_size, fdt32_ld(&((struct fdt_header const *)fdt)->size_dt_struct), fdt32_ld(&((struct fdt_header const *)fdt)->size_dt_strings))". 495 fdt_packblocks_(fdt, fdt, mem_rsv_size, fdt_size_dt_struct(fdt), 496 fdt_size_dt_strings(fdt)); 497 fdt_set_totalsize(fdt, fdt_data_size_(fdt)); 498 499 return 0; ** CID 457901: Integer handling issues (INTEGER_OVERFLOW) /plat/mediatek/drivers/spmi/pmif_common.c: 111 in pmif_spmi_read_cmd() ________________________________________________________________________________________________________ *** CID 457901: Integer handling issues (INTEGER_OVERFLOW) /plat/mediatek/drivers/spmi/pmif_common.c: 111 in pmif_spmi_read_cmd() 105 ret = pmif_check_idle(arb->mstid); 106 if (ret) 107 goto done; 108 109 /* Send the command. */ 110 offset = arb->regs[PMIF_SWINF_3_ACC]; >>> CID 457901: Integer handling issues (INTEGER_OVERFLOW) >>> Expression "opc << 30", where "opc" is known to be equal to 2, overflows the type of "opc << 30", which is type "int". 111 mmio_write_32((uintptr_t)(arb->base + offset), PMIF_RW_CMD_SET(opc, 0, sid, bc, addr)); 112 /* 113 * Wait for Software Interface FSM state to be WFVLDCLR, 114 * read the data and clear the valid flag. 115 */ 116 ret = pmif_check_vldclr(arb->mstid); ** CID 457900: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /lib/extensions/amu/aarch32/amu.c: 51 in amu_enable() ________________________________________________________________________________________________________ *** CID 457900: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /lib/extensions/amu/aarch32/amu.c: 51 in amu_enable() 45 /* Enable all architected counters by default */ 46 write_amcntenset0(AMCNTENSET0_Pn_MASK); 47 if (is_feat_amu_aux_supported()) { 48 unsigned int core_pos = plat_my_core_pos(); 49 50 /* Something went wrong if we're trying to write higher bits */ >>> CID 457900: Integer handling issues (CONSTANT_EXPRESSION_RESULT) >>> "get_amu_aux_enables(core_pos) & 4294901760U /* ~0xffffU */" is always 0 regardless of the values of its operands. This occurs as a value. 51 assert((get_amu_aux_enables(core_pos) & ~AMCNTENSET1_Pn_MASK) == 0); 52 write_amcntenset1(get_amu_aux_enables(core_pos)); 53 } 54 55 /* Bail out if FEAT_AMUv1p1 features are not present. */ 56 if (!is_feat_amuv1p1_supported()) { ** CID 457899: (INTEGER_OVERFLOW) /lib/libfdt/fdt_rw.c: 476 in fdt_open_into() ________________________________________________________________________________________________________ *** CID 457899: (INTEGER_OVERFLOW) /lib/libfdt/fdt_rw.c: 474 in fdt_open_into() 468 /* Try right after the old tree instead */ 469 tmp = (char *)(uintptr_t)fdtend; 470 if ((tmp + newsize) > ((char *)buf + bufsize)) 471 return -FDT_ERR_NOSPACE; 472 } 473 >>> CID 457899: (INTEGER_OVERFLOW) >>> "mem_rsv_size", which might have overflowed, is passed to "fdt_packblocks_(fdt, tmp, mem_rsv_size, struct_size, fdt32_ld(&((struct fdt_header const *)fdt)->size_dt_strings))". 474 fdt_packblocks_(fdt, tmp, mem_rsv_size, struct_size, 475 fdt_size_dt_strings(fdt)); 476 memmove(buf, tmp, newsize); 477 478 fdt_set_magic(buf, FDT_MAGIC); 479 fdt_set_totalsize(buf, bufsize); /lib/libfdt/fdt_rw.c: 476 in fdt_open_into() 470 if ((tmp + newsize) > ((char *)buf + bufsize)) 471 return -FDT_ERR_NOSPACE; 472 } 473 474 fdt_packblocks_(fdt, tmp, mem_rsv_size, struct_size, 475 fdt_size_dt_strings(fdt)); >>> CID 457899: (INTEGER_OVERFLOW) >>> "newsize", which might have underflowed, is passed to "memmove(buf, tmp, newsize)". [Note: The source code implementation of the function has been overridden by a builtin model.] 476 memmove(buf, tmp, newsize); 477 478 fdt_set_magic(buf, FDT_MAGIC); 479 fdt_set_totalsize(buf, bufsize); 480 fdt_set_version(buf, 17); 481 fdt_set_last_comp_version(buf, 16); ** CID 457898: Control flow issues (UNREACHABLE) /plat/socionext/synquacer/sq_psci.c: 142 in sq_system_off() ________________________________________________________________________________________________________ *** CID 457898: Control flow issues (UNREACHABLE) /plat/socionext/synquacer/sq_psci.c: 142 in sq_system_off() 136 gpio[1] |= 0x2; /* set high */ 137 dmbst(); 138 139 mdelay(100); 140 } 141 >>> CID 457898: Control flow issues (UNREACHABLE) >>> This code cannot be reached: "wfi();". 142 wfi(); 143 ERROR("SQ System Off: operation not handled.\n"); 144 panic(); 145 #endif 146 } 147 ** CID 457897: Integer handling issues (INTEGER_OVERFLOW) /drivers/marvell/mv_ddr/ddr3_training_ip_engine.c: 640 in ddr3_tip_ip_training() ________________________________________________________________________________________________________ *** CID 457897: Integer handling issues (INTEGER_OVERFLOW) /drivers/marvell/mv_ddr/ddr3_training_ip_engine.c: 640 in ddr3_tip_ip_training() 634 CHECK_STATUS(ddr3_tip_configure_odpg 635 (dev_num, access_type, interface_num, direction, 636 pattern_table[pattern].num_of_phases_tx, tx_burst_size, 637 pattern_table[pattern].num_of_phases_rx, 638 delay_between_burst, rd_mode, effective_cs, STRESS_NONE, 639 DURATION_SINGLE)); >>> CID 457897: Integer handling issues (INTEGER_OVERFLOW) >>> Expression "reg_data", where "(direction == OPER_READ) ? 0 : -1073741824" is known to be equal to -1073741824, overflows the type of "reg_data", which is type "u32". 640 reg_data = (direction == OPER_READ) ? 0 : (0x3 << 30); 641 reg_data |= (direction == OPER_READ) ? 0x60 : 0xfa; 642 CHECK_STATUS(ddr3_tip_if_write 643 (dev_num, access_type, interface_num, 644 ODPG_WR_RD_MODE_ENA_REG, reg_data, 645 MASK_ALL_BITS)); ** CID 457896: Integer handling issues (INTEGER_OVERFLOW) /plat/mediatek/mt8183/drivers/devapc/devapc.c: 69 in set_master_domain_remap_infra() ________________________________________________________________________________________________________ *** CID 457896: Integer handling issues (INTEGER_OVERFLOW) /plat/mediatek/mt8183/drivers/devapc/devapc.c: 69 in set_master_domain_remap_infra() 63 domain_emi_view = domain_emi_view - DOMAIN_11; 64 clr_bit = 0x7 << (domain_emi_view * 3 + 1); 65 set_bit = domain_infra_view << (domain_emi_view * 3 + 1); 66 mmio_clrsetbits_32(base, clr_bit, set_bit); 67 } else { 68 base = DEVAPC_INFRA_DOM_RMP_0; >>> CID 457896: Integer handling issues (INTEGER_OVERFLOW) >>> Expression "clr_bit", where "3 << domain_emi_view * 3U" is known to be equal to -1073741824, overflows the type of "clr_bit", which is type "uint32_t". 69 clr_bit = 0x3 << (domain_emi_view * 3); 70 set_bit = domain_infra_view << (domain_emi_view * 3); 71 mmio_clrsetbits_32(base, clr_bit, set_bit); 72 73 base = DEVAPC_INFRA_DOM_RMP_1; 74 set_bit = (domain_infra_view & 0x4) >> 2; ** CID 457895: (DEADCODE) /drivers/nxp/ddr/phy-gen2/phy.c: 296 in get_cdd_val() /drivers/nxp/ddr/phy-gen2/phy.c: 241 in get_cdd_val() /drivers/nxp/ddr/phy-gen2/phy.c: 270 in get_cdd_val() ________________________________________________________________________________________________________ *** CID 457895: (DEADCODE) /drivers/nxp/ddr/phy-gen2/phy.c: 296 in get_cdd_val() 290 } 291 292 tmp = rwmax; 293 c = &cdd[25]; 294 rwmax = findmax(c, 16U); 295 if (tmp > rwmax) { >>> CID 457895: (DEADCODE) >>> Execution cannot reach this statement: "rwmax = tmp;". 296 rwmax = tmp; 297 } 298 299 wrmax = wwmax; 300 301 break; /drivers/nxp/ddr/phy-gen2/phy.c: 241 in get_cdd_val() 235 236 switch (rank) { 237 case 1U: 238 tmp = rwmax; 239 rwmax = cdd[40]; 240 if (tmp > rwmax) { >>> CID 457895: (DEADCODE) >>> Execution cannot reach this statement: "rwmax = tmp;". 241 rwmax = tmp; 242 } 243 244 break; 245 246 case 2U: /drivers/nxp/ddr/phy-gen2/phy.c: 270 in get_cdd_val() 264 buf[1] = cdd[39]; 265 buf[2] = cdd[36]; 266 buf[3] = cdd[35]; 267 tmp = rwmax; 268 rwmax = findmax(buf, 4U); 269 if (tmp > rwmax) { >>> CID 457895: (DEADCODE) >>> Execution cannot reach this statement: "rwmax = tmp;". 270 rwmax = tmp; 271 } 272 273 wrmax = wwmax; 274 275 break; ** CID 457894: Integer handling issues (INTEGER_OVERFLOW) /lib/libc/strtol.c: 127 in strtol() ________________________________________________________________________________________________________ *** CID 457894: Integer handling issues (INTEGER_OVERFLOW) /lib/libc/strtol.c: 127 in strtol() 121 any = 1; 122 acc *= base; 123 acc += c; 124 } 125 } 126 if (any < 0) { >>> CID 457894: Integer handling issues (INTEGER_OVERFLOW) >>> Expression "acc", where "neg ? -9223372036854775808L : 9223372036854775807L" is known to be equal to -9223372036854775808, underflows the type of "acc", which is type "unsigned long". 127 acc = neg ? LONG_MIN : LONG_MAX; 128 } else if (neg) 129 acc = -acc; 130 if (endptr != NULL) 131 *endptr = (char *)(any ? s - 1 : nptr); 132 return (acc); ** CID 457893: (INTEGER_OVERFLOW) /plat/rockchip/rk3399/drivers/dram/dfs.c: 973 in gen_rk3399_ctl_params_f1() /plat/rockchip/rk3399/drivers/dram/dfs.c: 976 in gen_rk3399_ctl_params_f1() ________________________________________________________________________________________________________ *** CID 457893: (INTEGER_OVERFLOW) /plat/rockchip/rk3399/drivers/dram/dfs.c: 973 in gen_rk3399_ctl_params_f1() 967 tmp = 0; 968 else if (tmp1 < 5) 969 tmp = tmp1 - 1; 970 else 971 tmp = tmp1 - 5; 972 } else { >>> CID 457893: (INTEGER_OVERFLOW) >>> Expression "tmp1 - 2U", where "tmp1" is known to be equal to 0, underflows the type of "tmp1 - 2U", which is type "unsigned int". 973 tmp = tmp1 - 2; 974 } 975 976 mmio_clrsetbits_32(CTL_REG(i, 314), 0xffu << 24, tmp << 24); 977 978 /* CTL_314 TDFI_RDCSLAT_F1:RW:16:8 */ /plat/rockchip/rk3399/drivers/dram/dfs.c: 976 in gen_rk3399_ctl_params_f1() 970 else 971 tmp = tmp1 - 5; 972 } else { 973 tmp = tmp1 - 2; 974 } 975 >>> CID 457893: (INTEGER_OVERFLOW) >>> Expression "tmp << 24", where "tmp" is known to be equal to 4294967294, overflows the type of "tmp << 24", which is type "uint32_t". 976 mmio_clrsetbits_32(CTL_REG(i, 314), 0xffu << 24, tmp << 24); 977 978 /* CTL_314 TDFI_RDCSLAT_F1:RW:16:8 */ 979 if ((timing_config->freq <= TDFI_LAT_THRESHOLD_FREQ) && 980 (pdram_timing->cl >= 5)) 981 tmp = pdram_timing->cl - 5; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/arm-software-arm-trusted-firmware?tab=ov…

1 week, 5 days

2
1
0 0

Canceled event with note: TF-A Tech Forum @ Thu Mar 20, 2025 5pm - 6pm (GMT+1) (tf-a@lists.trustedfirmware.org)

by Olivier Deprez

This event has been canceled with a note: "Hi, Cancelling as no topic proposed. Regards, Olivier. " TF-A Tech Forum Thursday Mar 20, 2025 ⋅ 5pm – 6pm Central European Time - Paris We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Trusted Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://linaro-org.zoom.us/my/trustedfirmware?pwd=VktXcm5MNUUyVVM4R0k3ZUtvdU84QT09 One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h Guests tf-a(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

1 week, 6 days

1
0
0 0

Coverity scan infra

by Bollapalli, Maheedhar Sai

[AMD Official Use Only - AMD Internal Distribution Only] Hi TF-A Team, With our internal Coverity infrastructure we are seeing multiple MISRA C issues reported (enforced) for transfer-list, while TF-A upstream CI pipeline reports only subset of those violation issues. Could you please share Coverity configuration used in TF-A upstream CI pipeline ? Regards, Maheedhar.

2 weeks

3
3
0 0

Canceled event with note: TF-A Tech Forum @ Thu Mar 6, 2025 5pm - 6pm (GMT+1) (tf-a@lists.trustedfirmware.org)

by Olivier Deprez

This event has been canceled with a note: "Hi, Cancelling as no topic proposed. Regards, Olivier. " TF-A Tech Forum Thursday Mar 6, 2025 ⋅ 5pm – 6pm Central European Time - Paris We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Trusted Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://linaro-org.zoom.us/my/trustedfirmware?pwd=VktXcm5MNUUyVVM4R0k3ZUtvdU84QT09 One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h Guests tf-a(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

3 weeks, 6 days

1
0
0 0

Trusted Firmware-A LTS v2.10.14 Release Announcement

by ci_notify＠trustedfirmware.org

Hello, Trusted Firmware-A LTS version 2.10.14 is now available. This release contains the following patches: 926f86bac refactor(build): allow mandatory feats disabling [1] 48b41b441 refactor(build): refactor mandatory options [2] eb26e7855 fix(build): march handling with arch-features [3] 9e469a880 refactor(build): remove enabling feat [4] f0d197618 refactor(build): minor updates [5] c7d9465b9 feat(trbe): introduce trbe_disable() function [6] b9e252aee feat(cpus): add ENABLE_ERRATA_ALL flag [7] [1] https://review.trustedfirmware.org/q/I6fdca1a3d0b405a88cd7a20309e0c1eecd57a… [2] https://review.trustedfirmware.org/q/I8b0dd076c168a647de43b8618fbbe607412f7… [3] https://review.trustedfirmware.org/q/Ifaf99af5f371fd28db376a12657ccf4f36329… [4] https://review.trustedfirmware.org/q/I8565ac4ebb3ced29835be65ea5b043a088108… [5] https://review.trustedfirmware.org/q/I12a4940e82ca5df72af5421ddab43bc6a1628… [6] https://review.trustedfirmware.org/q/If3e3bd621684b3c28f44c3ed2fe3df30b143f… [7] https://review.trustedfirmware.org/q/I2b456d304d7bf3215c7c4f4fd70b56ecbcb09… Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.10.14/change-log.html Thanks, TF-A LTS team

1 month

1
0
0 0

Trusted Firmware-A LTS v2.12.1 Release Announcement

by ci_notify＠trustedfirmware.org

1 month

1
0
0 0

Trusted Firmware-A LTS v2.12.0 Release Announcement

by ci_notify＠trustedfirmware.org

Hello, Trusted Firmware-A LTS version 2.12.0 is now available. This release contains the following patches: Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.12.0/change-log.html Thanks, TF-A LTS team

1 month

1
0
0 0

Trusted Firmware-A LTS v2.12.1 Release Announcement

by ci_notify＠trustedfirmware.org

Hello, Trusted Firmware-A LTS version 2.12.1 is now available. This release contains the following patches: Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.12.1/change-log.html Thanks, TF-A LTS team

1 month, 1 week

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-A