| Message ID | 20230627151411.92749-1-dmantipov@yandex.ru (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Kalle Valo |
| Headers | show |
| Series | [v2] wifi: b43: fix cordic arithmetic | expand |
From: Dmitry Antipov > Sent: 27 June 2023 16:14 > > In 'lpphy_start_tx_tone()', 'CORDIC_FLOAT((sample.i * max) & 0xFF)' > is invalid because it is (<32-bit> & 0xff) shifted right by 15 bits > and so always evaluates to zero. Looking through brcmsmac's > 'wlc_lcnphy_start_tx_tone()', the result should be masked instead, > i. e. 'CORDIC_FLOAT(sample[i].max) & 0xFF'. > > Fixes: 6f98e62a9f1b ("b43: update cordic code to match current specs") > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Cc: stable@vger.kernel.org > Suggested-by: Jonas Gorski <jonas.gorski@gmail.com> > Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> > --- > v2: add Cc: stable and Fixes: (Larry Finger) > --- > drivers/net/wireless/broadcom/b43/phy_lp.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/wireless/broadcom/b43/phy_lp.c b/drivers/net/wireless/broadcom/b43/phy_lp.c > index 0e5c076e7544..e8ef04e509aa 100644 > --- a/drivers/net/wireless/broadcom/b43/phy_lp.c > +++ b/drivers/net/wireless/broadcom/b43/phy_lp.c > @@ -1788,8 +1788,8 @@ static void lpphy_start_tx_tone(struct b43_wldev *dev, s32 freq, u16 max) > for (i = 0; i < samples; i++) { > sample = cordic_calc_iq(CORDIC_FIXED(theta)); > theta += rotation; > - buf[i] = CORDIC_FLOAT((sample.i * max) & 0xFF) << 8; > - buf[i] |= CORDIC_FLOAT((sample.q * max) & 0xFF); > + buf[i] = (u16)((CORDIC_FLOAT(sample.i * max) & 0xFF) << 8); > + buf[i] |= (u16)(CORDIC_FLOAT(sample.q * max) & 0xFF); What are the (u16) casts for? This code is actually called exactly once with max == 100. The .i and .q are the sine and cosine << 16 (signed). The CORDIC_FLOAT() is basically >> 16 (not 15) so the result should be between -100 and +100. The & 0xFF is there to strip the sign. The sin+cos are then packed into a short[] then unpacked to be written to the hardware later. > } > > b43_lptab_write_bulk(dev, B43_LPTAB16(5, 0), samples, buf); Don't open the bag of worms that contains the above :-) David > -- > 2.41.0 - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
On 6/28/23 11:24, David Laight wrote:
> What are the (u16) casts for?
Well, this is a kind of a C language purism intended to silence
warning: conversion from ‘int’ to ‘u16’ {aka ‘short unsigned int’} may change value [-Wconversion]
observed with W=123.
Dmitry
From: Dmitry Antipov > Sent: 28 June 2023 11:45 > > On 6/28/23 11:24, David Laight wrote: > > > What are the (u16) casts for? > > Well, this is a kind of a C language purism intended to silence > warning: conversion from ‘int’ to ‘u16’ {aka ‘short unsigned int’} may change value [-Wconversion] > observed with W=123. The problem is that the casts can hide more than just a value being truncated. In this case the compiler even knows the values don't overflow. FWIW I've seen generated code for: *cp++ = (unsigned char)(value & 0xff); that masked the value with 0xff once for the & a second time for the cast and then stored the low byte. I don't think modern gcc will do that, but a dumb compiler will. If -Wconversion bleats about these sort of assignments it just needs permanently disabling (or deleting from the compiler!). David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
diff --git a/drivers/net/wireless/broadcom/b43/phy_lp.c b/drivers/net/wireless/broadcom/b43/phy_lp.c index 0e5c076e7544..e8ef04e509aa 100644 --- a/drivers/net/wireless/broadcom/b43/phy_lp.c +++ b/drivers/net/wireless/broadcom/b43/phy_lp.c @@ -1788,8 +1788,8 @@ static void lpphy_start_tx_tone(struct b43_wldev *dev, s32 freq, u16 max) for (i = 0; i < samples; i++) { sample = cordic_calc_iq(CORDIC_FIXED(theta)); theta += rotation; - buf[i] = CORDIC_FLOAT((sample.i * max) & 0xFF) << 8; - buf[i] |= CORDIC_FLOAT((sample.q * max) & 0xFF); + buf[i] = (u16)((CORDIC_FLOAT(sample.i * max) & 0xFF) << 8); + buf[i] |= (u16)(CORDIC_FLOAT(sample.q * max) & 0xFF); } b43_lptab_write_bulk(dev, B43_LPTAB16(5, 0), samples, buf);
In 'lpphy_start_tx_tone()', 'CORDIC_FLOAT((sample.i * max) & 0xFF)' is invalid because it is (<32-bit> & 0xff) shifted right by 15 bits and so always evaluates to zero. Looking through brcmsmac's 'wlc_lcnphy_start_tx_tone()', the result should be masked instead, i. e. 'CORDIC_FLOAT(sample[i].max) & 0xFF'. Fixes: 6f98e62a9f1b ("b43: update cordic code to match current specs") Found by Linux Verification Center (linuxtesting.org) with SVACE. Cc: stable@vger.kernel.org Suggested-by: Jonas Gorski <jonas.gorski@gmail.com> Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru> --- v2: add Cc: stable and Fixes: (Larry Finger) --- drivers/net/wireless/broadcom/b43/phy_lp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)