misc: amd-sbi: Address potential integer overflow issue reported in smatch

Smatch warnings are reported for below commit,

Commit bb13a84ed6b7 ("misc: amd-sbi: Add support for CPUID protocol")
from Apr 28, 2025 (linux-next), leads to the following Smatch static
checker warning:

drivers/misc/amd-sbi/rmi-core.c:132 rmi_cpuid_read() warn: bitwise OR is zero '0xffffffff00000000 & 0xffff'
drivers/misc/amd-sbi/rmi-core.c:132 rmi_cpuid_read() warn: potential integer overflow from user 'msg->cpu_in_out << 32'
drivers/misc/amd-sbi/rmi-core.c:213 rmi_mca_msr_read() warn: bitwise OR is zero '0xffffffff00000000 & 0xffff'
drivers/misc/amd-sbi/rmi-core.c:213 rmi_mca_msr_read() warn: potential integer overflow from user 'msg->mcamsr_in_out << 32'

CPUID & MCAMSR thread data from input is available at byte 4 & 5, this
patch fixes to copy the user data correctly in the argument.
Previously, CPUID and MCAMSR data is return only for thread 0.

Fixes: bb13a84ed6b7 ("misc: amd-sbi: Add support for CPUID protocol")
Fixes: 69b1ba83d21c ("misc: amd-sbi: Add support for read MCA register protocol")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/all/aDVyO8ByVsceybk9@stanley.mountain/
Reviewed-by: Naveen Krishna Chatradhi <naveenkrishna.chatradhi@amd.com>
Signed-off-by: Akshay Gupta <akshay.gupta@amd.com>
Link: https://lore.kernel.org/r/20250716110729.2193725-1-akshay.gupta@amd.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/misc/amd-sbi/rmi-core.c b/drivers/misc/amd-sbi/rmi-core.c
index b653a21a909ef672e6177335b82b36432c5ec3d6..3570f3b269a952f6fe919d71b7f25af7b9703ce1 100644 (file)
--- a/drivers/misc/amd-sbi/rmi-core.c
+++ b/drivers/misc/amd-sbi/rmi-core.c
@@ -42,7 +42,6 @@
 #define RD_MCA_CMD     0x86
 
 /* CPUID MCAMSR mask & index */
-#define CPUID_MCA_THRD_MASK    GENMASK(15, 0)
 #define CPUID_MCA_THRD_INDEX   32
 #define CPUID_MCA_FUNC_MASK    GENMASK(31, 0)
 #define CPUID_EXT_FUNC_INDEX   56
@@ -129,7 +128,7 @@ static int rmi_cpuid_read(struct sbrmi_data *data,
                goto exit_unlock;
        }
 
-       thread = msg->cpu_in_out << CPUID_MCA_THRD_INDEX & CPUID_MCA_THRD_MASK;
+       thread = msg->cpu_in_out >> CPUID_MCA_THRD_INDEX;
 
        /* Thread > 127, Thread128 CS register, 1'b1 needs to be set to 1 */
        if (thread > 127) {
@@ -210,7 +209,7 @@ static int rmi_mca_msr_read(struct sbrmi_data *data,
                goto exit_unlock;
        }
 
-       thread = msg->mcamsr_in_out << CPUID_MCA_THRD_INDEX & CPUID_MCA_THRD_MASK;
+       thread = msg->mcamsr_in_out >> CPUID_MCA_THRD_INDEX;
 
        /* Thread > 127, Thread128 CS register, 1'b1 needs to be set to 1 */
        if (thread > 127) {