subject:"\[kbuild\] \[next\:master 7695\/9788\] drivers\/staging\/i2o\/i2o_config.c\:255 i2o_cfg_swdl\(\) warn\: check for integer overflow 'swlen'"

[kbuild] [next:master 7695/9788] drivers/staging/i2o/i2o_config.c:255 i2o_cfg_swdl() warn: check for integer overflow 'swlen'

2015-02-15 Thread kbuild test robot

TO: Alan Cox a...@linux.intel.com
CC: Greg Kroah-Hartman gre...@linuxfoundation.org

tree:   git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head:   b8acf73194186a5cba86812eb4ba17b897f0e13e
commit: 2cbf7fe2d5d32a4747c1f8ad163e886dccad930c [7695/9788] i2o: move to 
staging
:: branch date: 3 days ago
:: commit date: 12 days ago

drivers/staging/i2o/i2o_config.c:255 i2o_cfg_swdl() warn: check for integer 
overflow 'swlen'
drivers/staging/i2o/i2o_config.c:334 i2o_cfg_swul() warn: check for integer 
overflow 'swlen'
drivers/staging/i2o/i2o_config.c:508 i2o_cfg_evt_get() error: we previously 
assumed 'p' could be null (see line 504)
drivers/staging/i2o/i2o_config.c:807 i2o_cfg_passthru() warn: check for integer 
over/underflow 'user_msg'

git remote add next 
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
git remote update next
git checkout 2cbf7fe2d5d32a4747c1f8ad163e886dccad930c
vim +/swlen +255 drivers/staging/i2o/i2o_config.c

^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  249
return -EFAULT;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  250  
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  251
if (get_user(curfrag, kxfer.curfrag)  0)
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  252
return -EFAULT;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  253  
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  254
if (curfrag == maxfrag)
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 @255
fragsize = swlen - (maxfrag - 1) * 8192;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  256  
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  257
if (!kxfer.buf || !access_ok(VERIFY_READ, kxfer.buf, fragsize))
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  258
return -EFAULT;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  259  
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  260
c = i2o_find_iop(kxfer.iop);
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  261
if (!c)
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  262
return -ENXIO;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  263  
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  264
msg = i2o_msg_get_wait(c, I2O_TIMEOUT_MESSAGE_GET);
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  265
if (IS_ERR(msg))
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  266
return PTR_ERR(msg);
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  267  
9d793b0b drivers/message/i2o/i2o_config.c Alan Cox   2008-10-15  268
if (i2o_dma_alloc(c-pdev-dev, buffer, fragsize)) {
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  269
i2o_msg_nop(c, msg);
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  270
return -ENOMEM;
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  271
}
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  272  
9d69b7d3 drivers/message/i2o/i2o_config.c Randy Dunlap   2006-12-06  273
if (__copy_from_user(buffer.virt, kxfer.buf, fragsize)) {
9d69b7d3 drivers/message/i2o/i2o_config.c Randy Dunlap   2006-12-06  274
i2o_msg_nop(c, msg);
9d69b7d3 drivers/message/i2o/i2o_config.c Randy Dunlap   2006-12-06  275
i2o_dma_free(c-pdev-dev, buffer);
9d69b7d3 drivers/message/i2o/i2o_config.c Randy Dunlap   2006-12-06  276
return -EFAULT;
9d69b7d3 drivers/message/i2o/i2o_config.c Randy Dunlap   2006-12-06  277
}
^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  278  
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  279
msg-u.head[0] = cpu_to_le32(NINE_WORD_MSG_SIZE | SGL_OFFSET_7);
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  280
msg-u.head[1] =
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  281
cpu_to_le32(I2O_CMD_SW_DOWNLOAD  24 | HOST_TID  12 |
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  282
ADAPTER_TID);
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  283
msg-u.head[2] = cpu_to_le32(i2o_config_driver.context);
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  284
msg-u.head[3] = cpu_to_le32(0);
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  285
msg-body[0] =
a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  286
cpu_to_le32u32) kxfer.flags)

Re: [kbuild] [next:master 7695/9788] drivers/staging/i2o/i2o_config.c:255 i2o_cfg_swdl() warn: check for integer overflow 'swlen'

2015-02-15 Thread Dan Carpenter

This code is scary from a security perspective.  It's old code, we just
moved it to staging so we could delete it in a later kernel release.  So
I'm not going to bother with this warning.

regards,
dan carpenter

On Mon, Feb 16, 2015 at 06:04:22AM +0800, kbuild test robot wrote:
 TO: Alan Cox a...@linux.intel.com
 CC: Greg Kroah-Hartman gre...@linuxfoundation.org
 
 tree:   git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 
 master
 head:   b8acf73194186a5cba86812eb4ba17b897f0e13e
 commit: 2cbf7fe2d5d32a4747c1f8ad163e886dccad930c [7695/9788] i2o: move to 
 staging
 :: branch date: 3 days ago
 :: commit date: 12 days ago
 
 drivers/staging/i2o/i2o_config.c:255 i2o_cfg_swdl() warn: check for integer 
 overflow 'swlen'
 drivers/staging/i2o/i2o_config.c:334 i2o_cfg_swul() warn: check for integer 
 overflow 'swlen'
 drivers/staging/i2o/i2o_config.c:508 i2o_cfg_evt_get() error: we previously 
 assumed 'p' could be null (see line 504)
 drivers/staging/i2o/i2o_config.c:807 i2o_cfg_passthru() warn: check for 
 integer over/underflow 'user_msg'
 
 git remote add next 
 git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
 git remote update next
 git checkout 2cbf7fe2d5d32a4747c1f8ad163e886dccad930c
 vim +/swlen +255 drivers/staging/i2o/i2o_config.c
 
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  249  
 return -EFAULT;
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  250  
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  251  
 if (get_user(curfrag, kxfer.curfrag)  0)
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  252  
 return -EFAULT;
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  253  
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  254  
 if (curfrag == maxfrag)
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16 @255  
 fragsize = swlen - (maxfrag - 1) * 8192;
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  256  
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  257  
 if (!kxfer.buf || !access_ok(VERIFY_READ, kxfer.buf, fragsize))
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  258  
 return -EFAULT;
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  259  
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  260  
 c = i2o_find_iop(kxfer.iop);
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  261  
 if (!c)
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  262  
 return -ENXIO;
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  263  
 a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  264  
 msg = i2o_msg_get_wait(c, I2O_TIMEOUT_MESSAGE_GET);
 a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  265  
 if (IS_ERR(msg))
 a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  266  
 return PTR_ERR(msg);
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  267  
 9d793b0b drivers/message/i2o/i2o_config.c Alan Cox   2008-10-15  268  
 if (i2o_dma_alloc(c-pdev-dev, buffer, fragsize)) {
 a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  269  
 i2o_msg_nop(c, msg);
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  270  
 return -ENOMEM;
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  271  
 }
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  272  
 9d69b7d3 drivers/message/i2o/i2o_config.c Randy Dunlap   2006-12-06  273  
 if (__copy_from_user(buffer.virt, kxfer.buf, fragsize)) {
 9d69b7d3 drivers/message/i2o/i2o_config.c Randy Dunlap   2006-12-06  274  
 i2o_msg_nop(c, msg);
 9d69b7d3 drivers/message/i2o/i2o_config.c Randy Dunlap   2006-12-06  275  
 i2o_dma_free(c-pdev-dev, buffer);
 9d69b7d3 drivers/message/i2o/i2o_config.c Randy Dunlap   2006-12-06  276  
 return -EFAULT;
 9d69b7d3 drivers/message/i2o/i2o_config.c Randy Dunlap   2006-12-06  277  
 }
 ^1da177e drivers/message/i2o/i2o_config.c Linus Torvalds 2005-04-16  278  
 a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  279  
 msg-u.head[0] = cpu_to_le32(NINE_WORD_MSG_SIZE | SGL_OFFSET_7);
 a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  280  
 msg-u.head[1] =
 a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  281  
 cpu_to_le32(I2O_CMD_SW_DOWNLOAD  24 | HOST_TID  12 |
 a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  282  
 ADAPTER_TID);
 a1a5ea70 drivers/message/i2o/i2o_config.c Markus Lidel   2006-01-06  283  
 msg-u.head[2] = cpu_to_le32(i2o_config_driver.context);
 a1a5ea70

[kbuild] [next:master 7695/9788] drivers/staging/i2o/i2o_config.c:255 i2o_cfg_swdl() warn: check for integer overflow 'swlen'

Re: [kbuild] [next:master 7695/9788] drivers/staging/i2o/i2o_config.c:255 i2o_cfg_swdl() warn: check for integer overflow 'swlen'

2 matches

Site Navigation

Mail list logo

Footer information