scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8

The shifting of the u8 integer returned fom ahc_inb(ahc, port+3) by 24 bits
to the left will be promoted to a 32 bit signed int and then sign-extended
to a u64. In the event that the top bit of the u8 is set then all then all
the upper 32 bits of the u64 end up as also being set because of the
sign-extension. Fix this by casting the u8 values to a u64 before the 24
bit left shift.

[ This dates back to 2002, I found the offending commit from the git
history git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git,
commit f58eb66c0b0a ("Update aic7xxx driver to 6.2.10...") ]

Link: https://lore.kernel.org/r/20210621151727.20667-1-colin.king@canonical.com
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Addresses-Coverity: ("Unintended sign extension")

diff --git a/drivers/scsi/aic7xxx/aic7xxx_core.c b/drivers/scsi/aic7xxx/aic7xxx_core.c
index 4b04ab8..a396f04 100644 (file)
--- a/drivers/scsi/aic7xxx/aic7xxx_core.c
+++ b/drivers/scsi/aic7xxx/aic7xxx_core.c
@@ -493,7 +493,7 @@ ahc_inq(struct ahc_softc *ahc, u_int port)
        return ((ahc_inb(ahc, port))
              | (ahc_inb(ahc, port+1) << 8)
              | (ahc_inb(ahc, port+2) << 16)
-             | (ahc_inb(ahc, port+3) << 24)
+             | (((uint64_t)ahc_inb(ahc, port+3)) << 24)
              | (((uint64_t)ahc_inb(ahc, port+4)) << 32)
              | (((uint64_t)ahc_inb(ahc, port+5)) << 40)
              | (((uint64_t)ahc_inb(ahc, port+6)) << 48)