From: Dan Carpenter <dan.carpenter@oracle.com>
To: Johan Hovold <jhovold@gmail.com>
Cc: kbuild test robot <fengguang.wu@intel.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
kbuild-all@01.org, linux-kernel@vger.kernel.org,
linux-usb@vger.kernel.org
Subject: Re: [usb:usb-next 50/92] drivers/usb/serial/pl2303.c:149 pl2303_vendor_read() error: doing dma on the stack (buf)
Date: Sat, 4 Jan 2014 20:32:22 +0300 [thread overview]
Message-ID: <20140104173222.GE5443@mwanda> (raw)
In-Reply-To: <20140104112341.GA10004@localhost>
On Sat, Jan 04, 2014 at 12:23:41PM +0100, Johan Hovold wrote:
> On Sat, Jan 04, 2014 at 05:28:35AM +0800, kbuild test robot wrote:
> > tree: git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-next
> > head: bd6383c81d5f33e01688a87c50a8d3a878aa43d5
> > commit: 362eb02603be7bb835c47f2cf585954a5080449d [50/92] USB: pl2303: add error handling to vendor read and write functions
> >
> > New smatch warnings:
> > drivers/usb/serial/pl2303.c:149 pl2303_vendor_read() error: doing dma on the stack (buf)
> >
> > Old smatch warnings:
> > drivers/usb/serial/pl2303.c:673 pl2303_ioctl() warn: check that 'ser' doesn't leak information (struct has a hole after 'iomem_reg_shift')
> >
> > vim +149 drivers/usb/serial/pl2303.c
> >
> > 8bf769eb Johan Hovold 2012-10-15 133 };
> > 8bf769eb Johan Hovold 2012-10-15 134
> > ^1da177e Linus Torvalds 2005-04-16 135 struct pl2303_private {
> > ^1da177e Linus Torvalds 2005-04-16 136 spinlock_t lock;
> > ^1da177e Linus Torvalds 2005-04-16 137 u8 line_control;
> > ^1da177e Linus Torvalds 2005-04-16 138 u8 line_status;
> > 623c8263 Johan Hovold 2013-12-29 139
> > 623c8263 Johan Hovold 2013-12-29 140 u8 line_settings[7];
> > ^1da177e Linus Torvalds 2005-04-16 141 };
> > ^1da177e Linus Torvalds 2005-04-16 142
> > 362eb026 Johan Hovold 2013-12-29 143 static int pl2303_vendor_read(struct usb_serial *serial, u16 value,
> > 362eb026 Johan Hovold 2013-12-29 144 unsigned char buf[1])
>
> This is a false positive. A pointer passed as an array is still just a
> pointer (and in this case the buffer it points to is not on the stack).
>
> Looks like smatch needs to be updated.
>
Thanks. I have written a fix for this and will push next week.
regards,
dan carpenter
prev parent reply other threads:[~2014-01-04 17:32 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <52c72b83.q16oondgjy37AZvd%fengguang.wu@intel.com>
2014-01-04 11:23 ` [usb:usb-next 50/92] drivers/usb/serial/pl2303.c:149 pl2303_vendor_read() error: doing dma on the stack (buf) Johan Hovold
2014-01-04 17:32 ` Dan Carpenter [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140104173222.GE5443@mwanda \
--to=dan.carpenter@oracle.com \
--cc=fengguang.wu@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jhovold@gmail.com \
--cc=kbuild-all@01.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.