TO: Alan Cox <a...@linux.intel.com>
CC: "Greg Kroah-Hartman" <gre...@linuxfoundation.org>
tree: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head: b8acf73194186a5cba86812eb4ba17b897f0e13e
commit: 2cbf7fe2d5d32a4747c1f8ad163e886dccad930c [7695/9788] i2o: move to
staging
:::::: branch date: 3 days ago
:::::: commit date: 12 days ago
drivers/staging/i2o/i2o_config.c:255 i2o_cfg_swdl() warn: check for integer
overflow 'swlen'
drivers/staging/i2o/i2o_config.c:334 i2o_cfg_swul() warn: check for integer
overflow 'swlen'
drivers/staging/i2o/i2o_config.c:508 i2o_cfg_evt_get() error: we previously
assumed 'p' could be null (see line 504)
drivers/staging/i2o/i2o_config.c:807 i2o_cfg_passthru() warn: check for integer
over/underflow 'user_msg'
git remote add next
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
git remote update next
git checkout 2cbf7fe2d5d32a4747c1f8ad163e886dccad930c
vim +/swlen +255 drivers/staging/i2o/i2o_config.c
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 249
return -EFAULT;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 250
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 251
if (get_user(curfrag, kxfer.curfrag) < 0)
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 252
return -EFAULT;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 253
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 254
if (curfrag == maxfrag)
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 @255
fragsize = swlen - (maxfrag - 1) * 8192;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 256
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 257
if (!kxfer.buf || !access_ok(VERIFY_READ, kxfer.buf, fragsize))
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 258
return -EFAULT;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 259
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 260
c = i2o_find_iop(kxfer.iop);
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 261
if (!c)
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 262
return -ENXIO;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 263
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 264
msg = i2o_msg_get_wait(c, I2O_TIMEOUT_MESSAGE_GET);
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 265
if (IS_ERR(msg))
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 266
return PTR_ERR(msg);
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 267
9d793b0b drivers/message/i2o/i2o_config.c Alan Cox 2008-10-15 268
if (i2o_dma_alloc(&c->pdev->dev, &buffer, fragsize)) {
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 269
i2o_msg_nop(c, msg);
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 270
return -ENOMEM;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 271
}
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 272
9d69b7d3 drivers/message/i2o/i2o_config.c Randy Dunlap 2006-12-06 273
if (__copy_from_user(buffer.virt, kxfer.buf, fragsize)) {
9d69b7d3 drivers/message/i2o/i2o_config.c Randy Dunlap 2006-12-06 274
i2o_msg_nop(c, msg);
9d69b7d3 drivers/message/i2o/i2o_config.c Randy Dunlap 2006-12-06 275
i2o_dma_free(&c->pdev->dev, &buffer);
9d69b7d3 drivers/message/i2o/i2o_config.c Randy Dunlap 2006-12-06 276
return -EFAULT;
9d69b7d3 drivers/message/i2o/i2o_config.c Randy Dunlap 2006-12-06 277
}
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 278
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 279
msg->u.head[0] = cpu_to_le32(NINE_WORD_MSG_SIZE | SGL_OFFSET_7);
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 280
msg->u.head[1] =
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 281
cpu_to_le32(I2O_CMD_SW_DOWNLOAD << 24 | HOST_TID << 12 |
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 282
ADAPTER_TID);
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 283
msg->u.head[2] = cpu_to_le32(i2o_config_driver.context);
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 284
msg->u.head[3] = cpu_to_le32(0);
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 285
msg->body[0] =
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 286
cpu_to_le32((((u32) kxfer.flags) << 24) | (((u32) kxfer.
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 287
sw_type) << 16) |
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 288
(((u32) maxfrag) << 8) | (((u32) curfrag)));
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 289
msg->body[1] = cpu_to_le32(swlen);
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 290
msg->body[2] = cpu_to_le32(kxfer.sw_id);
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 291
msg->body[3] = cpu_to_le32(0xD0000000 | fragsize);
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 292
msg->body[4] = cpu_to_le32(buffer.phys);
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 293
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 294
osm_debug("swdl frag %d/%d (size %d)\n", curfrag, maxfrag, fragsize);
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 295
status = i2o_msg_post_wait_mem(c, msg, 60, &buffer);
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 296
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 297
if (status != -ETIMEDOUT)
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 298
i2o_dma_free(&c->pdev->dev, &buffer);
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 299
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 300
if (status != I2O_POST_WAIT_OK) {
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 301
// it fails if you try and send frags out of order
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 302
// and for some yet unknown reasons too
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 303
osm_info("swdl failed, DetailedStatus = %d\n", status);
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 304
return status;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 305
}
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 306
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 307
return 0;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 308 };
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 309
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 310
static int i2o_cfg_swul(unsigned long arg)
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 311 {
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 312
struct i2o_sw_xfer kxfer;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 313
struct i2o_sw_xfer __user *pxfer = (struct i2o_sw_xfer __user *)arg;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 314
unsigned char maxfrag = 0, curfrag = 1;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 315
struct i2o_dma buffer;
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel 2006-01-06 316
struct i2o_message *msg;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 317
unsigned int status = 0, swlen = 0, fragsize = 8192;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 318
struct i2o_controller *c;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 319
int ret = 0;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 320
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 321
if (copy_from_user(&kxfer, pxfer, sizeof(struct i2o_sw_xfer)))
b1ffdc8f drivers/message/i2o/i2o_config.c Dan Carpenter 2010-04-23 322
return -EFAULT;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 323
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 324
if (get_user(swlen, kxfer.swlen) < 0)
b1ffdc8f drivers/message/i2o/i2o_config.c Dan Carpenter 2010-04-23 325
return -EFAULT;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 326
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 327
if (get_user(maxfrag, kxfer.maxfrag) < 0)
b1ffdc8f drivers/message/i2o/i2o_config.c Dan Carpenter 2010-04-23 328
return -EFAULT;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 329
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 330
if (get_user(curfrag, kxfer.curfrag) < 0)
b1ffdc8f drivers/message/i2o/i2o_config.c Dan Carpenter 2010-04-23 331
return -EFAULT;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 332
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 333
if (curfrag == maxfrag)
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 @334
fragsize = swlen - (maxfrag - 1) * 8192;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 335
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 336
if (!kxfer.buf)
b1ffdc8f drivers/message/i2o/i2o_config.c Dan Carpenter 2010-04-23 337
return -EFAULT;
:::::: The code at line 255 was first introduced by commit
:::::: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Linux-2.6.12-rc2
:::::: TO: Linus Torvalds <torva...@ppc970.osdl.org>
:::::: CC: Linus Torvalds <torva...@ppc970.osdl.org>
---
0-DAY kernel test infrastructure Open Source Technology Center
http://lists.01.org/mailman/listinfo/kbuild Intel Corporation
_______________________________________________
kbuild mailing list
kbuild@lists.01.org
https://lists.01.org/mailman/listinfo/kbuild
