From ecc3ad902f1f1b61deb129d1dce59c663fea2aca Mon Sep 17 00:00:00 2001
From: Nitin Kumbhar <nkumbhar@nvidia.com>
Date: Wed, 11 Sep 2019 14:39:13 +0530
Subject: [PATCH] gpu: nvgpu: add checks for precision of integers

Add safety checks to validate precision of unsigned types.
These validations are used to justify that no security issues
exist in NvGPU driver due to CERT-C INT34-C and INT35-C
violations.

These are done early in the driver probe to ensure that
code violating CERT-C INT34-C and INT35-C rules is not run
before these checks.

JIRA NVGPU-3908
JIRA NVGPU-3561

Change-Id: Iffb8e21935d16f31c52af909689c334bc120cf7c
Signed-off-by: Nitin Kumbhar <nkumbhar@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/2195033
Reviewed-by: Philip Elcan <pelcan@nvidia.com>
GVS: Gerrit_Virtual_Submit
Reviewed-by: Alex Waterman <alexw@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
---
 .../gpu/nvgpu/include/nvgpu/static_analysis.h | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/drivers/gpu/nvgpu/include/nvgpu/static_analysis.h b/drivers/gpu/nvgpu/include/nvgpu/static_analysis.h
index cdb96a4c9..49682f2ed 100644
--- a/drivers/gpu/nvgpu/include/nvgpu/static_analysis.h
+++ b/drivers/gpu/nvgpu/include/nvgpu/static_analysis.h
@@ -380,4 +380,36 @@ static inline s32 nvgpu_safe_cast_s64_to_s32(s64 sl_a)
 		return (s32)sl_a;
 	}
 }
+
+#define NVGPU_PRECISION(v) _Generic(v, \
+		unsigned int : __builtin_popcount, \
+		unsigned long : __builtin_popcountl, \
+		unsigned long long : __builtin_popcountll, \
+		default : __builtin_popcount)(v)
+
+static inline void nvgpu_safety_checks(void)
+{
+	/*
+	 * For CERT-C INT35-C rule
+	 * Check compatibility between size (in bytes) and precision
+	 * (in bits) of unsigned int. BUG() if two are not same.
+	 */
+	if (sizeof(unsigned int) * 8U != NVGPU_PRECISION(UINT_MAX)) {
+		BUG();
+	}
+
+	/*
+	 * For CERT-C INT34-C rule
+	 * Check precision of unsigned types. Shift operands have been
+	 * checked to be less than these values.
+	 */
+	if (NVGPU_PRECISION(UCHAR_MAX) != 8 ||
+		NVGPU_PRECISION(USHRT_MAX) != 16 ||
+		NVGPU_PRECISION(UINT_MAX) != 32 ||
+		NVGPU_PRECISION(ULONG_MAX) != 64 ||
+		NVGPU_PRECISION(ULLONG_MAX) != 64) {
+		BUG();
+	}
+}
+
 #endif /* NVGPU_STATIC_ANALYSIS_H */