There were a couple unlocks missing. They were found by smatch static
checker. Compile tested.
regards,
dan carpenter
Signed-off-by: Dan Carpenter erro...@gmail.com
--- orig/virt/kvm/irq_comm.c2009-11-08 19:00:50.0 +0200
+++ devel/virt/kvm/irq_comm.c 2009-11-08 19:04
here and we like newbies but it makes
everyone annoyed.
regards,
dan carpenter
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
I did an audit for potential integer overflows of values which get passed
to access_ok() and here are the results.
Signed-off-by: Dan Carpenter erro...@gmail.com
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index dd3d6f7..c2aa12c 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers
access_ok() returns 1 if it's OK otherwise it should return 0.
Signed-off-by: Dan Carpenter erro...@gmail.com
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index c2aa12c..f82fe57 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -371,7 +371,7 @@ static int
can any of the above two trigger?
It seems easier to check value for sanity at a single place where it's
passed from userspace to kernel.
Gar. Sorry for that. My mistake.
regards,
dan carpenter
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord
, mean:%lu\n,
+ chunks == 0 ? 0 : sum_total_chunks / chunks);
+ return p - buf;
+}
+
regards,
dan carpenter
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org
element in the list?
regards,
dan carpenter
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
with it going in as is...
Thanks again for your interest... are you using zcache?
No. I was just on the driver-devel list reviewing patches at
random.
regards,
dan carpenter
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord...@vger.kernel.org
More
branch be included in linux-next with a goal of being
accepted into v3.6.
Could you run Sparse over the driver?
http://lwn.net/Articles/205624/
It reports a bunch of endian problems. Some are definitely bugs
like:
*prev |= cpu_to_le32((u32)epos 20);
regards,
dan carpenter
The count variable is unsigned here so the test for errors doesn't
work.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
diff --git a/drivers/vfio/pci/vfio_pci_config.c
b/drivers/vfio/pci/vfio_pci_config.c
index a4f7321..10bc6a8 100644
--- a/drivers/vfio/pci/vfio_pci_config.c
+++ b
On Wed, Jun 27, 2012 at 01:23:23PM -0600, Alex Williamson wrote:
On Wed, 2012-06-27 at 15:37 +0300, Dan Carpenter wrote:
On Mon, Jun 25, 2012 at 10:55:52PM -0600, Alex Williamson wrote:
Hi,
VFIO has been kicking around for well over a year now and has been
posted numerous times
hdr.count vfio_pci_get_irq_count(vdev, hdr.index))
314 return -EINVAL;
315
316 data = kmalloc(hdr.count * size, GFP_KERNEL);
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
diff --git a/include/linux/vfio.h b/include/linux/vfio.h
index 300d49b..86ef2da
This ioctl function is supposed to return a negative error code or zero
on success. copy_to_user() returns zero or the number of bytes
remaining to be copied.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
index 457acf3..1aa373f
The count variable needs to be signed here because we use it to store
negative error codes.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
---
v2: Just declare count as signed.
diff --git a/drivers/vfio/pci/vfio_pci_config.c
b/drivers/vfio/pci/vfio_pci_config.c
index a4f7321..2e00aa8
We need to unlock here before returning.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
diff --git a/drivers/vhost/tcm_vhost.c b/drivers/vhost/tcm_vhost.c
index da0b8ac..d217bed 100644
--- a/drivers/vhost/tcm_vhost.c
+++ b/drivers/vhost/tcm_vhost.c
@@ -1189,6 +1189,7 @@ static int
We do snprintf() from page to a buffer with TCM_VHOST_NAMELEN
characters so the current code will silently truncate the last
character.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
diff --git a/drivers/vhost/tcm_vhost.c b/drivers/vhost/tcm_vhost.c
index d217bed..57d39c5 100644
There is a memory leak here.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
diff --git a/drivers/vhost/tcm_vhost.c b/drivers/vhost/tcm_vhost.c
index 57d39c5..29850cb 100644
--- a/drivers/vhost/tcm_vhost.c
+++ b/drivers/vhost/tcm_vhost.c
@@ -1420,6 +1420,7 @@ static struct se_wwn
strlen() doesn't count the NUL terminator. I missed this one in the
patches I sent yesterday.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
diff --git a/drivers/vhost/tcm_vhost.c b/drivers/vhost/tcm_vhost.c
index 29850cb..ea72198 100644
--- a/drivers/vhost/tcm_vhost.c
+++ b/drivers
}
622
(gdb)
Reverting the patch fixes things for me. I'm using linux-next from
Friday.
regards,
dan carpenter
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo
it, if only to silence the warning.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
diff --git a/virt/kvm/coalesced_mmio.c b/virt/kvm/coalesced_mmio.c
index a6ec206..88b2fe3 100644
--- a/virt/kvm/coalesced_mmio.c
+++ b/virt/kvm/coalesced_mmio.c
@@ -28,9 +28,15 @@ static int
Hi Alex,
FYI, there are new smatch warnings show up in
tree: git://github.com/awilliam/linux-vfio.git vfio-vga
head: 2c2e21fa66c40ed7b8e434c86a9f2ab0c879f21d
commit: f4d38f216ef420595d12f74b256b3961eb4c3c14 [3/5] vfio-pci: Cleanup BAR
access
New smatch warnings:
Hi Alex,
FYI, there are new smatch warnings show up in
tree: git://github.com/awilliam/linux-vfio.git vfio-vga
head: 2c2e21fa66c40ed7b8e434c86a9f2ab0c879f21d
commit: c5b7a5a85fa477e70497c513f2acda50eea73bf7 [4/5] vfio-pci: Add support
for legacy MMIO I/O port towards VGA support
New
Hi Fengguang,
I already forwarded these on Thursday. You should have got a mail
about it because I CC'd the kbuild list.
regards,
dan carpenter
On Thu, Jan 17, 2013 at 09:20:49AM +0800, Fengguang Wu wrote:
Hi Alex,
FYI, there are new smatch warnings show up in
tree: git://github.com
-off-by: Dan Carpenter dan.carpen...@oracle.com
---
Static analysis stuff. Untested.
This patch is not beautiful. There is probably a better limit to use if
I knew the code.
diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
index acfcb1a..de54f69 100644
--- a/drivers/vfio
On Tue, Mar 26, 2013 at 04:13:58PM +0300, Dan Carpenter wrote:
The worry here is that a large value of hdr.start would cause a
read before the start of the array and a crash in
vfio_msi_set_vector_signal().
The check in vfio_msi_set_block() is not enough:
if (start + count vdev
On Tue, Mar 26, 2013 at 09:03:02AM -0600, Alex Williamson wrote:
Thanks Dan. Is this more like what you're looking for?
Yes. That looks nice. :)
regards,
dan carpenter
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord...@vger.kernel.org
If vfio_unmap_unpin() returns an error then we leak split. I've moved
the allocation later in the function to fix this.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 98231d1..657f6a8 100644
If kvm_io_bus_register_dev() fails then it returns success but it should
return an error code.
I also did a little cleanup like removing an impossible NULL test.
Fixes: 2b3c246a682c ('KVM: Make coalesced mmio use a device per zone')
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
diff
On Wed, Jan 29, 2014 at 02:57:21PM +0100, walter harms wrote:
Am 29.01.2014 14:16, schrieb Dan Carpenter:
If kvm_io_bus_register_dev() fails then it returns success but it should
return an error code.
I also did a little cleanup like removing an impossible NULL test.
Fixes
This seems like a harmless off by one overflow if i is the last
element in the vcpu-arch.cpuid_entries[] array.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
---
Not tested. I always wonder if it's worth fixing these or if it's worth
reporting them? Either of those seem like a lot
On Thu, Feb 20, 2014 at 02:07:42PM +0100, Paolo Bonzini wrote:
Il 20/02/2014 13:34, Dan Carpenter ha scritto:
This seems like a harmless off by one overflow if i is the last
element in the vcpu-arch.cpuid_entries[] array.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
When copy_from_user() fails, this code returns the number of bytes
remaining instead of a negative error code. The positive number is
returned to the user but otherwise it is harmless.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
---
I am not able to compile this.
diff --git a/arch
!= X86EMUL_CONTINUE) {
2112 WARN_ON(!ctxt-mode != X86EMUL_MODE_PROT64);
^^^
2113 ops-set_segment(ctxt, old_cs, old_desc, 0,
VCPU_SREG_CS);
2114 }
2115 return rc;
2116 }
regards,
dan
cs.base is declared as a __u64 variable and vector is a u32 so this
causes a static checker warning. I'm not very familiar with this code
but my understanding is that the user can set sipi_vector to any u32
value in kvm_vcpu_ioctl_x86_set_vcpu_events().
Signed-off-by: Dan Carpenter dan.carpen
VHOST_SCSI_MAX_TARGET (256) elements so
anything higher than 255 then it is invalid. I have made that the limit
now.
In vhost_scsi_send_evt() we mask away values higher than 255, but now
that the limit has changed, we don't need the mask.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
---
Compile tested
On Fri, Jan 23, 2015 at 05:08:03PM +0100, Radim Krčmář wrote:
This patch will prevent future detection of functional bugs :(
Hm. You're right. Smatch should be able to follow the logic. The code
to handle this is pretty new. I'll look into why it wasn't working.
regards,
dan carpenter
() and kvm_x2apic_msr_read(). I looked at this code and
it seems like setting it to zero is a common default behaviour.
Signed-off-by: Dan Carpenter dan.carpen...@oracle.com
---
From static analysis only, not from real life.
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index a17d848..f0e30d2 100644
}
regards,
dan carpenter
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Jul 15, 2015 at 01:35:16PM +0200, walter harms wrote:
Is this function needed at all ?
It tries to kmalloc() memory and if it can't then it tries to vmalloc()
it. There are a bunch of these functions. Eventually someone should
put one in a common header.
regards,
dan carpenter
There is only one caller for vhost_kvzalloc() and it expects NULL on
allocation failure. Most people would probably expect that so let's
change ERR_PTR(-ENOMEM) to NULL.
Fixes: 4de7255f7d2b ('vhost: extend memory regions allocation to vmalloc')
Signed-off-by: Dan Carpenter dan.carpen
this one.
regards,
dan carpenter
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
he array size PCI_CAP_ID_MAX + 1. And let's
make a similar change to pci_ext_cap_length[] for consistency. Also
both these arrays can be made const.
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
---
v2: more cleanups
diff --git a/drivers/vfio/pci/vfio_pci_config.c
b/drivers/vfio/pci/vfio
Smatch complains about a possible out of bounds error:
drivers/vfio/pci/vfio_pci_config.c:1241 vfio_cap_init()
error: buffer overflow 'pci_cap_length' 20 <= 20
Fix this by making the array larger.
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
diff --git a/dri
better as const.
Sure. I will do this as well.
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
PCI_CAP_ID_EA
>
> So the array is implicitly sized to PCI_CAP_ID_MAX + 1 already, this
> doesn't make it any larger.
In linux-next it makes it larger. But also explicitly using
PCI_CAP_ID_MAX + 1 is cleaner as well as fixing the bug in case we add
more elements later again.
re
one already. (These are static
checker fixes).
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
This loop ends with count set to -1 and not zero so the warning message
isn't printed when it should be. I've fixed this by change the postop
to a preop.
Fixes: 0990822c9866 ('VFIO: platform: reset: AMD xgbe reset module')
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
diff
No problem. Fold away.
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
The indenting suggests missing curly braces.
Fixes: 7805f53a85ec ('KVM: Create debugfs dir and stat files for each VM')
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index f62621f..4740e54 100644
--- a/virt/kvm/kvm_main.c
The "goto out_err" is buggy because we forgot to set the return code.
The other issue is that if the kmalloc() fails, we should remove the
debugfs directory before returning.
Fixes: 7805f53a85ec ('KVM: Create debugfs dir and stat files for each VM')
Signed-off-by: Dan Carpenter &
The first argument to the WARN() macro has to be a condition. I'm sort
of disappointed that this code doesn't generate a compiler warning. I
guess -Wformat-extra-args doesn't work in the kernel.
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
diff --git a/drivers/vfio/vfio.c b/d
51 matches
Mail list logo