Fix casting bug in gicv2_main.c

In the function gicv2_set_spi_routing, the signed value proc_num is cast to unsigned int before being compared to other unsigned values in two assert calls. The value proc_num can be a negative value, and once the negative value is cast to unsigned it becomes a very large number which will trigger the assert. This patch changes the assert cast so that the unsigned values are cast to signed instead, keeping the same functionality but allowing proc_num to be negative. This bug can be seen when running the SDEI RM_ANY routing mode test in TFTF on the Juno platform. This patch also makes the usage of the proc_num variable in other gicv2 functions more clear. Signed-off-by: John Powell <john.powell@arm.com> Change-Id: If1b98eebb00bd9b73862e5e995e5e68c168170a6

Fix casting bug in gicv2_main.c
In the function gicv2_set_spi_routing, the signed value proc_num is cast to unsigned int before being compared to other unsigned values in two assert calls. The value proc_num can be a negative value, and once the negative value is cast to unsigned it becomes a very large number which will trigger the assert. This patch changes the assert cast so that the unsigned values are cast to signed instead, keeping the same functionality but allowing proc_num to be negative. This bug can be seen when running the SDEI RM_ANY routing mode test in TFTF on the Juno platform. This patch also makes the usage of the proc_num variable in other gicv2 functions more clear. Signed-off-by: John Powell <john.powell@arm.com> Change-Id: If1b98eebb00bd9b73862e5e995e5e68c168170a6
20d38497 · johpow01 · John Powell · 7d3a7ec7 · 20d38497
Commit 20d38497 authored Sep 28, 2020 by johpow01 Committed by John Powell Oct 10, 2020
--- a/drivers/arm/gic/v2/gicv2_main.c
+++ b/drivers/arm/gic/v2/gicv2_main.c
 /*
- * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@@ -296,8 +296,8 @@ void gicv2_set_pe_target_mask(unsigned int proc_num)
 	assert(driver_data != NULL);
 	assert(driver_data->gicd_base != 0U);
 	assert(driver_data->target_masks != NULL);
-	assert((unsigned int)proc_num < GICV2_MAX_TARGET_PE);
+	assert(proc_num < GICV2_MAX_TARGET_PE);
-	assert((unsigned int)proc_num < driver_data->target_masks_num);
+	assert(proc_num < driver_data->target_masks_num);
 	/* Return if the target mask is already populated */
 	if (driver_data->target_masks[proc_num] != 0U)
@@ -422,7 +422,8 @@ void gicv2_raise_sgi(int sgi_num, int proc_num)
 	unsigned int sgir_val, target;
 	assert(driver_data != NULL);
-	assert((unsigned int)proc_num < GICV2_MAX_TARGET_PE);
+	assert(proc_num >= 0);
+	assert(proc_num < (int)GICV2_MAX_TARGET_PE);
 	assert(driver_data->gicd_base != 0U);
 	/*
@@ -430,7 +431,7 @@ void gicv2_raise_sgi(int sgi_num, int proc_num)
 	 * should be valid.
 	 */
 	assert(driver_data->target_masks != NULL);
-	assert((unsigned int)proc_num < driver_data->target_masks_num);
+	assert(proc_num < (int)driver_data->target_masks_num);
 	/* Don't raise SGI if the mask hasn't been populated */
 	target = driver_data->target_masks[proc_num];
@@ -466,8 +467,9 @@ void gicv2_set_spi_routing(unsigned int id, int proc_num)
 	 * should be valid.
 	 */
 	assert(driver_data->target_masks != NULL);
-	assert((unsigned int)proc_num < GICV2_MAX_TARGET_PE);
+	assert(proc_num < (int)GICV2_MAX_TARGET_PE);
-	assert((unsigned int)proc_num < driver_data->target_masks_num);
+	assert(driver_data->target_masks_num < INT_MAX);
+	assert(proc_num < (int)driver_data->target_masks_num);
 	if (proc_num < 0) {
 		/* Target all PEs */