From: Sasha Levin <sashal@kernel.org>
Date: Sun, 23 Feb 2025 17:23:16 +0000 (-0500)
Subject: Fixes for 5.4
X-Git-Tag: v6.6.80~25^2~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=13af1e871a2747047e8c6d9780ee3274ca47c3b3;p=thirdparty%2Fkernel%2Fstable-queue.git

Fixes for 5.4

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-5.4/power-supply-da9150-fg-fix-potential-overflow.patch b/queue-5.4/power-supply-da9150-fg-fix-potential-overflow.patch
new file mode 100644
index 0000000000..f8bd83856b
--- /dev/null
+++ b/queue-5.4/power-supply-da9150-fg-fix-potential-overflow.patch
@@ -0,0 +1,56 @@
+From 6840ae2a9b5c6b8d4842ab58b6d7962f34538610 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 30 Jan 2025 09:00:34 +0000
+Subject: power: supply: da9150-fg: fix potential overflow
+
+From: Andrey Vatoropin <a.vatoropin@crpt.ru>
+
+[ Upstream commit 3fb3cb4350befc4f901c54e0cb4a2a47b1302e08 ]
+
+Size of variable sd_gain equals four bytes - DA9150_QIF_SD_GAIN_SIZE.
+Size of variable shunt_val equals two bytes - DA9150_QIF_SHUNT_VAL_SIZE.
+
+The expression sd_gain * shunt_val is currently being evaluated using
+32-bit arithmetic. So during the multiplication an overflow may occur.
+
+As the value of type 'u64' is used as storage for the eventual result, put
+ULL variable at the first position of each expression in order to give the
+compiler complete information about the proper arithmetic to use. According
+to C99 the guaranteed width for a variable of type 'unsigned long long' >=
+64 bits.
+
+Remove the explicit cast to u64 as it is meaningless.
+
+Just for the sake of consistency, perform the similar trick with another
+expression concerning 'iavg'.
+
+Found by Linux Verification Center (linuxtesting.org) with SVACE.
+
+Fixes: a419b4fd9138 ("power: Add support for DA9150 Fuel-Gauge")
+Signed-off-by: Andrey Vatoropin <a.vatoropin@crpt.ru>
+Link: https://lore.kernel.org/r/20250130090030.53422-1-a.vatoropin@crpt.ru
+Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/power/supply/da9150-fg.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/power/supply/da9150-fg.c b/drivers/power/supply/da9150-fg.c
+index 6e367826aae92..d5e1fbac87f22 100644
+--- a/drivers/power/supply/da9150-fg.c
++++ b/drivers/power/supply/da9150-fg.c
+@@ -247,9 +247,9 @@ static int da9150_fg_current_avg(struct da9150_fg *fg,
+ 				      DA9150_QIF_SD_GAIN_SIZE);
+ 	da9150_fg_read_sync_end(fg);
+ 
+-	div = (u64) (sd_gain * shunt_val * 65536ULL);
++	div = 65536ULL * sd_gain * shunt_val;
+ 	do_div(div, 1000000);
+-	res = (u64) (iavg * 1000000ULL);
++	res = 1000000ULL * iavg;
+ 	do_div(res, div);
+ 
+ 	val->intval = (int) res;
+-- 
+2.39.5
+
diff --git a/queue-5.4/series b/queue-5.4/series
index 22e175a52b..df2c12a799 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -240,3 +240,4 @@ geneve-suppress-list-corruption-splat-in-geneve_dest.patch
 net-extract-port-range-fields-from-fl_flow_key.patch
 flow_dissector-fix-handling-of-mixed-port-and-port-r.patch
 flow_dissector-fix-port-range-key-handling-in-bpf-co.patch
+power-supply-da9150-fg-fix-potential-overflow.patch