Am Samstag, den 27.09.2014, 15:28 -0700 schrieb [email protected]: > Hi, > > > Please find the latest report on new defect(s) introduced to coreboot found > with Coverity Scan. > > Defect(s) Reported-by: Coverity Scan > Showing 20 of 253 defect(s) > > > ** CID 1229561: Bad bit shift operation (BAD_SHIFT) > /src/northbridge/intel/nehalem/raminit.c: 656 in calculate_timings() > > ** CID 1229556: Bad bit shift operation (BAD_SHIFT) > /src/mainboard/lenovo/x60/dock.c: 263 in dock_present() > > ** CID 1129133: Argument cannot be negative (NEGATIVE_RETURNS) > /src/console/vtxprintf.c: 204 in vtxprintf() > > ** CID 1129176: Operands don't affect result (CONSTANT_EXPRESSION_RESULT) > /src/device/device.c: 709 in avoid_fixed_resources() > /src/device/device.c: 731 in avoid_fixed_resources() > > ** CID 1129184: Out-of-bounds access (ARRAY_VS_SINGLETON) > /src/lib/selfboot.c: 233 in build_self_segment_list() > /src/lib/selfboot.c: 293 in build_self_segment_list() > > ** CID 1129164: Logically dead code (DEADCODE) > /src/device/device.c: 650 in constrain_resources() > > ** CID 1129163: Logically dead code (DEADCODE) > /src/device/device.c: 709 in avoid_fixed_resources() > /src/device/device.c: 732 in avoid_fixed_resources() > > ** CID 1129161: Logically dead code (DEADCODE) > /src/lib/ramtest.c: 130 in ram_bitset_nodie() > > ** CID 1129159: 'Constant' variable guards dead code (DEADCODE) > /src/drivers/pc80/mc146818rtc.c: 110 in rtc_init() > > ** CID 1129177: Operands don't affect result (CONSTANT_EXPRESSION_RESULT) > /src/device/device.c: 649 in constrain_resources() > > ** CID 1229568: Bad bit shift operation (BAD_SHIFT) > /src/northbridge/via/vx900/chrome9hd.c: 132 in chrome9hd_fb_size() > > ** CID 1229567: Bad bit shift operation (BAD_SHIFT) > /src/drivers/ati/ragexl/mach64_ct.c: 111 in aty_dsp_gt() > /src/drivers/ati/ragexl/mach64_ct.c: 110 in aty_dsp_gt() > /src/drivers/ati/ragexl/mach64_ct.c: 109 in aty_dsp_gt() > /src/drivers/ati/ragexl/mach64_ct.c: 111 in aty_dsp_gt() > /src/drivers/ati/ragexl/mach64_ct.c: 110 in aty_dsp_gt() > /src/drivers/ati/ragexl/mach64_ct.c: 109 in aty_dsp_gt() > > ** CID 1229566: Bad bit shift operation (BAD_SHIFT) > /src/northbridge/intel/i82830/raminit.c: 334 in set_dram_row_attributes() > > ** CID 1229565: Bad bit shift operation (BAD_SHIFT) > /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset() > /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset() > /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset() > /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset() > > ** CID 1229563: Bad bit shift operation (BAD_SHIFT) > /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map() > /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map() > /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map() > /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map() > > ** CID 1229564: Bad bit shift operation (BAD_SHIFT) > /src/northbridge/via/vx900/chrome9hd.c: 238 in chrome9hd_handle_uma() > /src/northbridge/via/vx900/chrome9hd.c: 237 in chrome9hd_handle_uma() > /src/northbridge/via/vx900/chrome9hd.c: 238 in chrome9hd_handle_uma() > /src/northbridge/via/vx900/chrome9hd.c: 237 in chrome9hd_handle_uma() > > ** CID 1229562: Bad bit shift operation (BAD_SHIFT) > /src/northbridge/intel/nehalem/raminit.c: 1507 in program_total_memory_map() > > ** CID 1229560: Bad bit shift operation (BAD_SHIFT) > /src/northbridge/intel/i3100/raminit.c: 772 in set_receive_enable() > > ** CID 1229559: Bad bit shift operation (BAD_SHIFT) > /src/mainboard/google/butterfly/chromeos.c: 120 in get_pch_gpio() > /src/mainboard/google/butterfly/chromeos.c: 123 in get_pch_gpio() > > ** CID 1229558: Bad bit shift operation (BAD_SHIFT) > /src/southbridge/sis/sis966/sis966.c: 79 in sis966_enable() > > > ________________________________________________________________________________________________________ > *** CID 1229561: Bad bit shift operation (BAD_SHIFT) > /src/northbridge/intel/nehalem/raminit.c: 656 in calculate_timings() > 650 min_cas_latency = CEIL_DIV(cas_latency_time, cycletime); > 651 cas_latency = 0; > 652 while (supported_cas_latencies) { > 653 cas_latency = > find_highest_bit_set(supported_cas_latencies) + 3; > 654 if (cas_latency <= min_cas_latency) > 655 break; > >>> CID 1229561: Bad bit shift operation (BAD_SHIFT) > >>> In expression "1 << find_highest_bit_set(supported_cas_latencies)", > >>> shifting by a negative amount has undefined behavior. The shift amount, > >>> "find_highest_bit_set(supported_cas_latencies)", is -1. > 656 supported_cas_latencies &= > 657 ~(1 << > find_highest_bit_set(supported_cas_latencies)); > 658 } > 659 > 660 if (cas_latency != min_cas_latency && clock_speed_index) > 661 clock_speed_index--; > > ________________________________________________________________________________________________________ > *** CID 1229556: Bad bit shift operation (BAD_SHIFT) > /src/mainboard/lenovo/x60/dock.c: 263 in dock_present() > 257 > 258 printk(BIOS_DEBUG, "%s finish\n", __func__); > 259 } > 260 > 261 int dock_present(void) > 262 { > >>> CID 1229556: Bad bit shift operation (BAD_SHIFT) > >>> In expression "inb(1164) >> 13", right shifting "inb(1164)" by more > >>> than 7 bits always yields zero. The shift amount is 13. > 263 return !((inb(DEFAULT_GPIOBASE + 0x0c) >> 13) & 1); > 264 } > 265 > 266 int dock_ultrabay_device_present(void) > 267 { > 268 return inb(0x1621) & 0x02 ? 0 : 1; > > ________________________________________________________________________________________________________ > *** CID 1129133: Argument cannot be negative (NEGATIVE_RETURNS) > /src/console/vtxprintf.c: 204 in vtxprintf() > 198 > 199 case 's': > 200 s = va_arg(args, char *); > 201 if (!s) > 202 s = "<NULL>"; > 203 > >>> CID 1129133: Argument cannot be negative (NEGATIVE_RETURNS) > >>> "precision" is passed to a parameter that cannot be negative. [Note: > >>> The source code implementation of the function has been overridden by a > >>> builtin model.] > 204 len = strnlen(s, precision); > 205 > 206 if (!(flags & LEFT)) > 207 while (len < field_width--) > 208 call_tx(' '), count++; > 209 for (i = 0; i < len; ++i) > > ________________________________________________________________________________________________________ > *** CID 1129176: Operands don't affect result (CONSTANT_EXPRESSION_RESULT) > /src/device/device.c: 709 in avoid_fixed_resources() > 703 /* Constrain the limits to dev's initial resources. */ > 704 for (res = dev->resource_list; res; res = res->next) { > 705 if ((res->flags & IORESOURCE_FIXED)) > 706 continue; > 707 printk(BIOS_SPEW, "%s:@%s %02lx limit %08llx\n", > __func__, > 708 dev_path(dev), res->index, res->limit); > >>> CID 1129176: Operands don't affect result > >>> (CONSTANT_EXPRESSION_RESULT) > >>> "(res->flags & 512) == (4608UL /* 0x1000 | 0x200 */)" is always false > >>> regardless of the values of its operands. This occurs as the logical > >>> first operand of '&&'. > 709 if ((res->flags & MEM_MASK) == PREF_TYPE && > 710 (res->limit < limits.pref.limit)) > 711 limits.pref.limit = res->limit; > 712 if ((res->flags & MEM_MASK) == MEM_TYPE && > 713 (res->limit < limits.mem.limit)) > 714 limits.mem.limit = res->limit; > /src/device/device.c: 731 in avoid_fixed_resources() > 725 struct resource *lim; > 726 > 727 if ((res->flags & IORESOURCE_FIXED)) > 728 continue; > 729 > 730 /* PREFETCH, MEM, or I/O - skip any others. */ > >>> CID 1129176: Operands don't affect result > >>> (CONSTANT_EXPRESSION_RESULT) > >>> "(res->flags & 512) == (4608UL /* 0x1000 | 0x200 */)" is always false > >>> regardless of the values of its operands. This occurs as the logical > >>> operand of if. > 731 if ((res->flags & MEM_MASK) == PREF_TYPE) > 732 lim = &limits.pref; > 733 else if ((res->flags & MEM_MASK) == MEM_TYPE) > 734 lim = &limits.mem; > 735 else if ((res->flags & IO_MASK) == IO_TYPE) > 736 lim = &limits.io; > > ________________________________________________________________________________________________________ > *** CID 1129184: Out-of-bounds access (ARRAY_VS_SINGLETON) > /src/lib/selfboot.c: 233 in build_self_segment_list() > 227 > 228 while(1) { > 229 printk(BIOS_DEBUG, "Loading segment from rom address > 0x%p\n", segment); > 230 switch(segment->type) { > 231 case PAYLOAD_SEGMENT_PARAMS: > 232 printk(BIOS_DEBUG, " parameter section > (skipped)\n"); > >>> CID 1129184: Out-of-bounds access (ARRAY_VS_SINGLETON) > >>> Using "segment" as an array. This might corrupt or misinterpret > >>> adjacent memory locations. > 233 segment++; > 234 continue; > 235 > 236 case PAYLOAD_SEGMENT_CODE: > 237 case PAYLOAD_SEGMENT_DATA: > 238 printk(BIOS_DEBUG, " %s (compression=%x)\n", > /src/lib/selfboot.c: 293 in build_self_segment_list() > 287 */ > 288 printk(BIOS_EMERG, "Bad segment type %x\n", > segment->type); > 289 return -1; > 290 } > 291 > 292 /* We have found another CODE, DATA or BSS segment */ > >>> CID 1129184: Out-of-bounds access (ARRAY_VS_SINGLETON) > >>> Using "segment" as an array. This might corrupt or misinterpret > >>> adjacent memory locations. > 293 segment++; > 294 > 295 /* Find place where to insert our segment */ > 296 for(ptr = head->next; ptr != head; ptr = ptr->next) { > 297 if (new->s_srcaddr < ntohll(segment->load_addr)) > 298 break; > > ________________________________________________________________________________________________________ > *** CID 1129164: Logically dead code (DEADCODE) > /src/device/device.c: 650 in constrain_resources() > 644 "size=0!\n", dev_path(dev), res->index); > 645 continue; > 646 } > 647 > 648 /* PREFETCH, MEM, or I/O - skip any others. */ > 649 if ((res->flags & MEM_MASK) == PREF_TYPE) > >>> CID 1129164: Logically dead code (DEADCODE) > >>> Execution cannot reach this statement: "lim = &limits->pref;". > 650 lim = &limits->pref; > 651 else if ((res->flags & MEM_MASK) == MEM_TYPE) > 652 lim = &limits->mem; > 653 else if ((res->flags & IO_MASK) == IO_TYPE) > 654 lim = &limits->io; > 655 else > > ________________________________________________________________________________________________________ > *** CID 1129163: Logically dead code (DEADCODE) > /src/device/device.c: 709 in avoid_fixed_resources() > 703 /* Constrain the limits to dev's initial resources. */ > 704 for (res = dev->resource_list; res; res = res->next) { > 705 if ((res->flags & IORESOURCE_FIXED)) > 706 continue; > 707 printk(BIOS_SPEW, "%s:@%s %02lx limit %08llx\n", > __func__, > 708 dev_path(dev), res->index, res->limit); > >>> CID 1129163: Logically dead code (DEADCODE) > >>> Execution cannot reach the expression "res->limit < > >>> limits.pref.limit" inside this statement: "if ((res->flags & 0x200UL) > >>> ...". > 709 if ((res->flags & MEM_MASK) == PREF_TYPE && > 710 (res->limit < limits.pref.limit)) > 711 limits.pref.limit = res->limit; > 712 if ((res->flags & MEM_MASK) == MEM_TYPE && > 713 (res->limit < limits.mem.limit)) > 714 limits.mem.limit = res->limit; > /src/device/device.c: 732 in avoid_fixed_resources() > 726 > 727 if ((res->flags & IORESOURCE_FIXED)) > 728 continue; > 729 > 730 /* PREFETCH, MEM, or I/O - skip any others. */ > 731 if ((res->flags & MEM_MASK) == PREF_TYPE) > >>> CID 1129163: Logically dead code (DEADCODE) > >>> Execution cannot reach this statement: "lim = &limits.pref;". > 732 lim = &limits.pref; > 733 else if ((res->flags & MEM_MASK) == MEM_TYPE) > 734 lim = &limits.mem; > 735 else if ((res->flags & IO_MASK) == IO_TYPE) > 736 lim = &limits.io; > 737 else > > ________________________________________________________________________________________________________ > *** CID 1129161: Logically dead code (DEADCODE) > /src/lib/ramtest.c: 130 in ram_bitset_nodie() > 124 print_err_hex32(value2); > 125 print_err(" FAIL\n"); > 126 #endif > 127 } > 128 if (verbose) { > 129 #if !defined(__ROMCC__) > >>> CID 1129161: Logically dead code (DEADCODE) > >>> Execution cannot reach this statement: "if ((addr & 0xfUL) == 0UL) > ...". > 130 if ((addr & 0x0f) == 0) > 131 printk(BIOS_DEBUG, "%08lx wr: %08lx > rd:", > 132 start + addr, value); > 133 if (failed) > 134 printk(BIOS_DEBUG, " %08lx!", value2); > 135 else > > ________________________________________________________________________________________________________ > *** CID 1129159: 'Constant' variable guards dead code (DEADCODE) > /src/drivers/pc80/mc146818rtc.c: 110 in rtc_init() > 104 cmos_write(0, 0x05); > 105 for(i = 10; i < 128; i++) { > 106 cmos_write(0, i); > 107 } > 108 #endif > 109 if (cmos_invalid) { > >>> CID 1129159: 'Constant' variable guards dead code (DEADCODE) > >>> Execution cannot reach this statement: "rtc_update_cmos_date(0);". > 110 rtc_update_cmos_date(RTC_HAS_NO_ALTCENTURY); > 111 } > 112 > 113 printk(BIOS_WARNING, "RTC:%s%s%s%s\n", > 114 invalid?" Clear requested":"", > 115 cmos_invalid?" Power Problem":"", > > ________________________________________________________________________________________________________ > *** CID 1129177: Operands don't affect result (CONSTANT_EXPRESSION_RESULT) > /src/device/device.c: 649 in constrain_resources() > 643 printk(BIOS_ERR, "skipping %s@%lx fixed > resource, " > 644 "size=0!\n", dev_path(dev), res->index); > 645 continue; > 646 } > 647 > 648 /* PREFETCH, MEM, or I/O - skip any others. */ > >>> CID 1129177: Operands don't affect result > >>> (CONSTANT_EXPRESSION_RESULT) > >>> "(res->flags & 512) == (4608UL /* 0x1000 | 0x200 */)" is always false > >>> regardless of the values of its operands. This occurs as the logical > >>> operand of if. > 649 if ((res->flags & MEM_MASK) == PREF_TYPE) > 650 lim = &limits->pref; > 651 else if ((res->flags & MEM_MASK) == MEM_TYPE) > 652 lim = &limits->mem; > 653 else if ((res->flags & IO_MASK) == IO_TYPE) > 654 lim = &limits->io; > > ________________________________________________________________________________________________________ > *** CID 1229568: Bad bit shift operation (BAD_SHIFT) > /src/northbridge/via/vx900/chrome9hd.c: 132 in chrome9hd_fb_size() > 126 > 127 /* Now round the framebuffer size to the closest power of 2 */ > 128 u8 fb_pow = 0; > 129 while (size_mb >> fb_pow) > 130 fb_pow++; > 131 fb_pow--; > >>> CID 1229568: Bad bit shift operation (BAD_SHIFT) > >>> In expression "1 << fb_pow", left shifting by more than 31 bits has > >>> undefined behavior. The shift amount, "fb_pow", is 255. > 132 size_mb = (1 << fb_pow); > 133 /* We store the framebuffer size in bytes, for simplicity */ > 134 fb_size = size_mb << 20; > 135 return fb_size; > 136 } > 137 > > ________________________________________________________________________________________________________ > *** CID 1229567: Bad bit shift operation (BAD_SHIFT) > /src/drivers/ati/ragexl/mach64_ct.c: 111 in aty_dsp_gt() > 105 > 106 /* fifo_on<<6 */ > 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6; > 108 > 109 dsp_xclks_per_row = xclks_per_row>>dsp_precision; > 110 dsp_on = fifo_on>>dsp_precision; > >>> CID 1229567: Bad bit shift operation (BAD_SHIFT) > >>> In expression "fifo_off >> dsp_precision", right shifting by more > >>> than 31 bits has undefined behavior. The shift amount, "dsp_precision", > >>> is 4294967291. > 111 dsp_off = fifo_off>>dsp_precision; > 112 > 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) | > 114 ((dsp_loop_latency & 0xf)<<16) | > 115 ((dsp_precision & 7)<<20); > 116 pll->dsp_on_off = (dsp_off & 0x7ff) | ((dsp_on & 0x7ff)<<16); > /src/drivers/ati/ragexl/mach64_ct.c: 110 in aty_dsp_gt() > 104 t_rcc = max(t_rp + t_ras, t_pfc + n); > 105 > 106 /* fifo_on<<6 */ > 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6; > 108 > 109 dsp_xclks_per_row = xclks_per_row>>dsp_precision; > >>> CID 1229567: Bad bit shift operation (BAD_SHIFT) > >>> In expression "fifo_on >> dsp_precision", right shifting by more than > >>> 31 bits has undefined behavior. The shift amount, "dsp_precision", is > >>> 4294967291. > 110 dsp_on = fifo_on>>dsp_precision; > 111 dsp_off = fifo_off>>dsp_precision; > 112 > 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) | > 114 ((dsp_loop_latency & 0xf)<<16) | > 115 ((dsp_precision & 7)<<20); > /src/drivers/ati/ragexl/mach64_ct.c: 109 in aty_dsp_gt() > 103 > 104 t_rcc = max(t_rp + t_ras, t_pfc + n); > 105 > 106 /* fifo_on<<6 */ > 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6; > 108 > >>> CID 1229567: Bad bit shift operation (BAD_SHIFT) > >>> In expression "xclks_per_row >> dsp_precision", right shifting by > >>> more than 31 bits has undefined behavior. The shift amount, > >>> "dsp_precision", is 4294967291. > 109 dsp_xclks_per_row = xclks_per_row>>dsp_precision; > 110 dsp_on = fifo_on>>dsp_precision; > 111 dsp_off = fifo_off>>dsp_precision; > 112 > 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) | > 114 ((dsp_loop_latency & 0xf)<<16) | > /src/drivers/ati/ragexl/mach64_ct.c: 111 in aty_dsp_gt() > 105 > 106 /* fifo_on<<6 */ > 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6; > 108 > 109 dsp_xclks_per_row = xclks_per_row>>dsp_precision; > 110 dsp_on = fifo_on>>dsp_precision; > >>> CID 1229567: Bad bit shift operation (BAD_SHIFT) > >>> In expression "fifo_off >> dsp_precision", right shifting by more > >>> than 31 bits has undefined behavior. The shift amount, "dsp_precision", > >>> is 4294967292. > 111 dsp_off = fifo_off>>dsp_precision; > 112 > 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) | > 114 ((dsp_loop_latency & 0xf)<<16) | > 115 ((dsp_precision & 7)<<20); > 116 pll->dsp_on_off = (dsp_off & 0x7ff) | ((dsp_on & 0x7ff)<<16); > /src/drivers/ati/ragexl/mach64_ct.c: 110 in aty_dsp_gt() > 104 t_rcc = max(t_rp + t_ras, t_pfc + n); > 105 > 106 /* fifo_on<<6 */ > 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6; > 108 > 109 dsp_xclks_per_row = xclks_per_row>>dsp_precision; > >>> CID 1229567: Bad bit shift operation (BAD_SHIFT) > >>> In expression "fifo_on >> dsp_precision", right shifting by more than > >>> 31 bits has undefined behavior. The shift amount, "dsp_precision", is > >>> 4294967292. > 110 dsp_on = fifo_on>>dsp_precision; > 111 dsp_off = fifo_off>>dsp_precision; > 112 > 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) | > 114 ((dsp_loop_latency & 0xf)<<16) | > 115 ((dsp_precision & 7)<<20); > /src/drivers/ati/ragexl/mach64_ct.c: 109 in aty_dsp_gt() > 103 > 104 t_rcc = max(t_rp + t_ras, t_pfc + n); > 105 > 106 /* fifo_on<<6 */ > 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6; > 108 > >>> CID 1229567: Bad bit shift operation (BAD_SHIFT) > >>> In expression "xclks_per_row >> dsp_precision", right shifting by > >>> more than 31 bits has undefined behavior. The shift amount, > >>> "dsp_precision", is 4294967292. > 109 dsp_xclks_per_row = xclks_per_row>>dsp_precision; > 110 dsp_on = fifo_on>>dsp_precision; > 111 dsp_off = fifo_off>>dsp_precision; > 112 > 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) | > 114 ((dsp_loop_latency & 0xf)<<16) | > > ________________________________________________________________________________________________________ > *** CID 1229566: Bad bit shift operation (BAD_SHIFT) > /src/northbridge/intel/i82830/raminit.c: 334 in set_dram_row_attributes() > 328 col = spd_read_byte(device, SPD_NUM_COLUMNS); > 329 > 330 /* data width */ > 331 width = spd_read_byte(device, > SPD_MODULE_DATA_WIDTH_LSB); > 332 > 333 /* calculate page size in bits */ > >>> CID 1229566: Bad bit shift operation (BAD_SHIFT) > >>> In expression "1 << col", shifting by a negative amount has undefined > >>> behavior. The shift amount, "col", is -1. > 334 value = ((1 << col) * width); > 335 > 336 /* convert to Kilobytes */ > 337 dra = ((value / 8) >> 10); > 338 > 339 /* # of banks of DIMM (single or double sided) > */ > > ________________________________________________________________________________________________________ > *** CID 1229565: Bad bit shift operation (BAD_SHIFT) > /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset() > 49 ~(ch ? 0 : CxDRC2_NOTPOP(0)); > 50 /*if (timings && (timings->mem_clock == > MEM_CLOCK_1067MT)) > 51 MCHBAR32(CxDRC2_MCHBAR(ch)) |= > CxDRC2_CLK1067MT;*/ > 52 > 53 /* Program rank boundaries (CxDRBy). */ > 54 for (r = 0; r < RANKS_PER_CHANNEL; r += 2) > >>> CID 1229565: Bad bit shift operation (BAD_SHIFT) > >>> In expression "0x1fc << (r + 1) * 16", left shifting by more than 31 > >>> bits has undefined behavior. The shift amount, "(r + 1) * 16", is 48. > 55 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = > 56 CxDRBy_BOUND_MB(r, 128) | > 57 CxDRBy_BOUND_MB(r+1, 128); > 58 } > 59 /* Set DCC mode to no operation and do magic 0xf0 thing. */ > 60 MCHBAR32(DCC_MCHBAR) = > /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset() > 49 ~(ch ? 0 : CxDRC2_NOTPOP(0)); > 50 /*if (timings && (timings->mem_clock == > MEM_CLOCK_1067MT)) > 51 MCHBAR32(CxDRC2_MCHBAR(ch)) |= > CxDRC2_CLK1067MT;*/ > 52 > 53 /* Program rank boundaries (CxDRBy). */ > 54 for (r = 0; r < RANKS_PER_CHANNEL; r += 2) > >>> CID 1229565: Bad bit shift operation (BAD_SHIFT) > >>> In expression "4 << (r + 1) * 16", left shifting by more than 31 bits > >>> has undefined behavior. The shift amount, "(r + 1) * 16", is 48. > 55 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = > 56 CxDRBy_BOUND_MB(r, 128) | > 57 CxDRBy_BOUND_MB(r+1, 128); > 58 } > 59 /* Set DCC mode to no operation and do magic 0xf0 thing. */ > 60 MCHBAR32(DCC_MCHBAR) = > /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset() > 49 ~(ch ? 0 : CxDRC2_NOTPOP(0)); > 50 /*if (timings && (timings->mem_clock == > MEM_CLOCK_1067MT)) > 51 MCHBAR32(CxDRC2_MCHBAR(ch)) |= > CxDRC2_CLK1067MT;*/ > 52 > 53 /* Program rank boundaries (CxDRBy). */ > 54 for (r = 0; r < RANKS_PER_CHANNEL; r += 2) > >>> CID 1229565: Bad bit shift operation (BAD_SHIFT) > >>> In expression "0x1fc << (r + 1) * 16", left shifting by more than 31 > >>> bits has undefined behavior. The shift amount, "(r + 1) * 16", is as > >>> much as 48. > 55 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = > 56 CxDRBy_BOUND_MB(r, 128) | > 57 CxDRBy_BOUND_MB(r+1, 128); > 58 } > 59 /* Set DCC mode to no operation and do magic 0xf0 thing. */ > 60 MCHBAR32(DCC_MCHBAR) = > /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset() > 49 ~(ch ? 0 : CxDRC2_NOTPOP(0)); > 50 /*if (timings && (timings->mem_clock == > MEM_CLOCK_1067MT)) > 51 MCHBAR32(CxDRC2_MCHBAR(ch)) |= > CxDRC2_CLK1067MT;*/ > 52 > 53 /* Program rank boundaries (CxDRBy). */ > 54 for (r = 0; r < RANKS_PER_CHANNEL; r += 2) > >>> CID 1229565: Bad bit shift operation (BAD_SHIFT) > >>> In expression "4 << (r + 1) * 16", left shifting by more than 31 bits > >>> has undefined behavior. The shift amount, "(r + 1) * 16", is as much as > >>> 48. > 55 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = > 56 CxDRBy_BOUND_MB(r, 128) | > 57 CxDRBy_BOUND_MB(r+1, 128); > 58 } > 59 /* Set DCC mode to no operation and do magic 0xf0 thing. */ > 60 MCHBAR32(DCC_MCHBAR) = > > ________________________________________________________________________________________________________ > *** CID 1229563: Bad bit shift operation (BAD_SHIFT) > /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map() > 1187 } > 1188 reg |= CxDRBy_BOUND_MB(r, base); > 1189 IF_RANK_POPULATED(dimms, ch, r+1) { > 1190 base += rank_capacity_mb; > 1191 total_mb[ch] += rank_capacity_mb; > 1192 } > >>> CID 1229563: Bad bit shift operation (BAD_SHIFT) > >>> In expression "(base >> 5) << (r + 1) * 16", left shifting by more > >>> than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", > >>> is 48. > 1193 reg |= CxDRBy_BOUND_MB(r+1, base); > 1194 > 1195 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = reg; > 1196 } > 1197 } > 1198 > /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map() > 1187 } > 1188 reg |= CxDRBy_BOUND_MB(r, base); > 1189 IF_RANK_POPULATED(dimms, ch, r+1) { > 1190 base += rank_capacity_mb; > 1191 total_mb[ch] += rank_capacity_mb; > 1192 } > >>> CID 1229563: Bad bit shift operation (BAD_SHIFT) > >>> In expression "0x1fc << (r + 1) * 16", left shifting by more than 31 > >>> bits has undefined behavior. The shift amount, "(r + 1) * 16", is 48. > 1193 reg |= CxDRBy_BOUND_MB(r+1, base); > 1194 > 1195 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = reg; > 1196 } > 1197 } > 1198 > /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map() > 1187 } > 1188 reg |= CxDRBy_BOUND_MB(r, base); > 1189 IF_RANK_POPULATED(dimms, ch, r+1) { > 1190 base += rank_capacity_mb; > 1191 total_mb[ch] += rank_capacity_mb; > 1192 } > >>> CID 1229563: Bad bit shift operation (BAD_SHIFT) > >>> In expression "(base >> 5) << (r + 1) * 16", left shifting by more > >>> than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", > >>> is as much as 48. > 1193 reg |= CxDRBy_BOUND_MB(r+1, base); > 1194 > 1195 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = reg; > 1196 } > 1197 } > 1198 > /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map() > 1187 } > 1188 reg |= CxDRBy_BOUND_MB(r, base); > 1189 IF_RANK_POPULATED(dimms, ch, r+1) { > 1190 base += rank_capacity_mb; > 1191 total_mb[ch] += rank_capacity_mb; > 1192 } > >>> CID 1229563: Bad bit shift operation (BAD_SHIFT) > >>> In expression "0x1fc << (r + 1) * 16", left shifting by more than 31 > >>> bits has undefined behavior. The shift amount, "(r + 1) * 16", is as > >>> much as 48. > 1193 reg |= CxDRBy_BOUND_MB(r+1, base); > 1194 > 1195 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = reg; > 1196 } > 1197 } > 1198 > > ________________________________________________________________________________________________________ > *** CID 1229564: Bad bit shift operation (BAD_SHIFT) > /src/northbridge/via/vx900/chrome9hd.c: 238 in chrome9hd_handle_uma() > 232 > 233 /* Step 7 - Let GFX know the framebuffer size (through PCI and > IOCTL) > 234 * The size we set here affects the behavior of BAR2, and the > amount of > 235 * MMIO space it requests. The default is 512MB, so if we don't > set this > 236 * before reading the resources, we could waste space below 4G > */ > 237 pci_write_config8(dev, 0xb2, ((0xff << (fb_pow - 2)) & ~(1 << > 7))); > >>> CID 1229564: Bad bit shift operation (BAD_SHIFT) > >>> In expression "0xff << fb_pow - 1", left shifting by more than 31 > >>> bits has undefined behavior. The shift amount, "fb_pow - 1", is 254. > 238 vga_sr_write(0x68, (0xff << (fb_pow - 1))); > 239 /* And also that the framebuffer is in the system, RAM */ > 240 pci_mod_config8(dev, 0xb0, 0, 1 << 0); > 241 } > 242 > 243 /** > /src/northbridge/via/vx900/chrome9hd.c: 237 in chrome9hd_handle_uma() > 231 pci_mod_config8(mcu, 0xa1, 7 << 4, (fb_pow - 2) << 4); > 232 > 233 /* Step 7 - Let GFX know the framebuffer size (through PCI and > IOCTL) > 234 * The size we set here affects the behavior of BAR2, and the > amount of > 235 * MMIO space it requests. The default is 512MB, so if we don't > set this > 236 * before reading the resources, we could waste space below 4G > */ > >>> CID 1229564: Bad bit shift operation (BAD_SHIFT) > >>> In expression "0xff << fb_pow - 2", left shifting by more than 31 > >>> bits has undefined behavior. The shift amount, "fb_pow - 2", is 253. > 237 pci_write_config8(dev, 0xb2, ((0xff << (fb_pow - 2)) & ~(1 << > 7))); > 238 vga_sr_write(0x68, (0xff << (fb_pow - 1))); > 239 /* And also that the framebuffer is in the system, RAM */ > 240 pci_mod_config8(dev, 0xb0, 0, 1 << 0); > 241 } > 242 > /src/northbridge/via/vx900/chrome9hd.c: 238 in chrome9hd_handle_uma() > 232 > 233 /* Step 7 - Let GFX know the framebuffer size (through PCI and > IOCTL) > 234 * The size we set here affects the behavior of BAR2, and the > amount of > 235 * MMIO space it requests. The default is 512MB, so if we don't > set this > 236 * before reading the resources, we could waste space below 4G > */ > 237 pci_write_config8(dev, 0xb2, ((0xff << (fb_pow - 2)) & ~(1 << > 7))); > >>> CID 1229564: Bad bit shift operation (BAD_SHIFT) > >>> In expression "0xff << fb_pow - 1", shifting by a negative amount has > >>> undefined behavior. The shift amount, "fb_pow - 1", is -1. > 238 vga_sr_write(0x68, (0xff << (fb_pow - 1))); > 239 /* And also that the framebuffer is in the system, RAM */ > 240 pci_mod_config8(dev, 0xb0, 0, 1 << 0); > 241 } > 242 > 243 /** > /src/northbridge/via/vx900/chrome9hd.c: 237 in chrome9hd_handle_uma() > 231 pci_mod_config8(mcu, 0xa1, 7 << 4, (fb_pow - 2) << 4); > 232 > 233 /* Step 7 - Let GFX know the framebuffer size (through PCI and > IOCTL) > 234 * The size we set here affects the behavior of BAR2, and the > amount of > 235 * MMIO space it requests. The default is 512MB, so if we don't > set this > 236 * before reading the resources, we could waste space below 4G > */ > >>> CID 1229564: Bad bit shift operation (BAD_SHIFT) > >>> In expression "0xff << fb_pow - 2", shifting by a negative amount has > >>> undefined behavior. The shift amount, "fb_pow - 2", is -2. > 237 pci_write_config8(dev, 0xb2, ((0xff << (fb_pow - 2)) & ~(1 << > 7))); > 238 vga_sr_write(0x68, (0xff << (fb_pow - 1))); > 239 /* And also that the framebuffer is in the system, RAM */ > 240 pci_mod_config8(dev, 0xb0, 0, 1 << 0); > 241 } > 242 > > ________________________________________________________________________________________________________ > *** CID 1229562: Bad bit shift operation (BAD_SHIFT) > /src/northbridge/intel/nehalem/raminit.c: 1507 in program_total_memory_map() > 1501 > 1502 { > 1503 u32 t; > 1504 > 1505 gav(t = pcie_read_config32(PCI_DEV(QUICKPATH_BUS, 0, > 1), 0x68)); > 1506 if (t & 0x800) > >>> CID 1229562: Bad bit shift operation (BAD_SHIFT) > >>> In expression "1 << find_lowest_bit_set32(t >> 20)", shifting by a > >>> negative amount has undefined behavior. The shift amount, > >>> "find_lowest_bit_set32(t >> 20)", is -1. > 1507 quickpath_reserved = > 1508 (1 << find_lowest_bit_set32(t >> 20)); > 1509 } > 1510 if (memory_remap) > 1511 TOUUD -= quickpath_reserved; > 1512 > > ________________________________________________________________________________________________________ > *** CID 1229560: Bad bit shift operation (BAD_SHIFT) > /src/northbridge/intel/i3100/raminit.c: 772 in set_receive_enable() > 766 work32h = dcal_data32_2; > 767 cnt = 32; > 768 } > 769 if(!bit) break; > 770 } > 771 for(;;bit--,cnt--) { > >>> CID 1229560: Bad bit shift operation (BAD_SHIFT) > >>> In expression "1 << cnt", left shifting by more than 31 bits has > >>> undefined behavior. The shift amount, "cnt", is 32. > 772 if(!(work32l & (1<<cnt))) > 773 break; > 774 if(!cnt) { > 775 work32l = dcal_data32_0; > 776 work32h = dcal_data32_2; > 777 cnt = 32; > > ________________________________________________________________________________________________________ > *** CID 1229559: Bad bit shift operation (BAD_SHIFT) > /src/mainboard/google/butterfly/chromeos.c: 120 in get_pch_gpio() > 114 > 115 if (gpio_num > 64){ > 116 u32 gp_lvl3 = inl(gpio_base + GP_LVL3); > 117 retval = ((gp_lvl3 >> (gpio_num - 64)) & 1); > 118 } else if (gpio_num > 32){ > 119 u32 gp_lvl2 = inl(gpio_base + GP_LVL2); > >>> CID 1229559: Bad bit shift operation (BAD_SHIFT) > >>> In expression "gp_lvl2 >> gpio_num - 32", right shifting by more than > >>> 31 bits has undefined behavior. The shift amount, "gpio_num - 32", is as > >>> much as 32. > 120 retval = ((gp_lvl2 >> (gpio_num - 32)) & 1); > 121 } else { > 122 u32 gp_lvl = inl(gpio_base + GP_LVL); > 123 retval = ((gp_lvl >> gpio_num) & 1); > 124 } > 125 > /src/mainboard/google/butterfly/chromeos.c: 123 in get_pch_gpio() > 117 retval = ((gp_lvl3 >> (gpio_num - 64)) & 1); > 118 } else if (gpio_num > 32){ > 119 u32 gp_lvl2 = inl(gpio_base + GP_LVL2); > 120 retval = ((gp_lvl2 >> (gpio_num - 32)) & 1); > 121 } else { > 122 u32 gp_lvl = inl(gpio_base + GP_LVL); > >>> CID 1229559: Bad bit shift operation (BAD_SHIFT) > >>> In expression "gp_lvl >> gpio_num", right shifting by more than 31 > >>> bits has undefined behavior. The shift amount, "gpio_num", is as much as > >>> 32. > 123 retval = ((gp_lvl >> gpio_num) & 1); > 124 } > 125 > 126 return retval; > 127 } > 128 > > ________________________________________________________________________________________________________ > *** CID 1229558: Bad bit shift operation (BAD_SHIFT) > /src/southbridge/sis/sis966/sis966.c: 79 in sis966_enable() > 73 struct southbridge_sis_sis966_config *conf; > 74 conf = dev->chip_info; > 75 int i; > 76 > 77 if(dev->device==0x0000) { > 78 vendorid = pci_read_config32(dev, PCI_VENDOR_ID); > >>> CID 1229558: Bad bit shift operation (BAD_SHIFT) > >>> In expression "vendorid >> 16", right shifting "vendorid" by more > >>> than 15 bits always yields zero. The shift amount is 16. > 79 deviceid = (vendorid>>16) & 0xffff; > 80 // vendorid &= 0xffff; > 81 } else { > 82 // vendorid = dev->vendor; > 83 deviceid = dev->device; > 84 } > > > ________________________________________________________________________________________________________ > To view the defects in Coverity Scan visit, > http://scan.coverity.com/projects/1016?tab=overview > > To unsubscribe from the email notification for new defects, > http://scan5.coverity.com/cgi-bin/unsubscribe.py
signature.asc
Description: This is a digitally signed message part
-- coreboot mailing list: [email protected] http://www.coreboot.org/mailman/listinfo/coreboot
