re: staging: virthba driver to access shared SCSI hba

Dan Carpenter Thu, 06 Mar 2014 13:11:35 -0800

Hello Ken Cox,

The patch dc95086172db: "staging: virthba driver to access shared
SCSI hba" from Mar 4, 2014, leads to the following Sparse warning:


        drivers/staging/unisys/virthba/virthba.c:1442:24: warning:
        Variable length array is used.

drivers/staging/unisys/virthba/virthba.c
  1438  static ssize_t
  1439  enable_ints_write(struct file *file, const char __user *buffer,
  1440                    size_t count, loff_t *ppos)
  1441  {
  1442          char buf[count + 1];
                         ^^^^^^^^^
The kernel has an 8k stack for the whole call tree starting from the
syscall.  Bugs like this could have pretty serious security
implications.  There are a lot of Sparse bugs in the unisys code.

You will probably get some emails from zero day build bot as well.

https://lwn.net/Articles/205624/

  1443          int i, new_value;
  1444          struct virthba_info *virthbainfo;
  1445          U64 *Features_addr;
  1446          U64 mask;
  1447  
  1448          buf[count] = '\0';
  1449          if (copy_from_user(buf, buffer, count)) {
  1450                  LOGERR("copy_from_user failed. buf<<%.*s>> 
count<<%lu>>\n",
  1451                         (int) count, buf, count);
  1452                  return -EFAULT;
  1453          }

regards,
dan carpenter
_______________________________________________
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

re: staging: virthba driver to access shared SCSI hba

Reply via email to