Hi Greg, FYI, there are new smatch warnings show up in tree: git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git staging-next head: e1878957b4676a17cf398f7f5723b365e9a2ca48 commit: 74f5671442c6e9b2b54137d20fd7789078265897 [120/274] Staging: ced1401: fix copy_from/to_user warning messages drivers/staging/ced1401/ced_ioc.c:844 WaitEvent() warn: buffer overflow 'pdx->rTransDef' 8 <= 8 drivers/staging/ced1401/ced_ioc.c:875 WaitEvent() warn: inconsistent returns mutex:&pdx->io_mutex: locked (853) unlocked (841,875) drivers/staging/ced1401/ced_ioc.c:890 TestEvent() warn: buffer overflow 'pdx->rTransDef' 8 <= 8 drivers/staging/ced1401/ced_ioc.c:916 GetTransfer() warn: 'tx' puts 3104 bytes on stack drivers/staging/ced1401/ced_ioc.c:926 GetTransfer() warn: check that 'tx.seg' doesn't leak information drivers/staging/ced1401/ced_ioc.c:1078 CheckSelfTest() warn: check that 'gst.code' doesn't leak information + drivers/staging/ced1401/ced_ioc.c:1514 FreeCircBlock() warn: inconsistent returns mutex:&pdx->io_mutex: locked (1511) unlocked (1423,1514) vim +1514 drivers/staging/ced1401/ced_ioc.c cd915200 Greg Kroah-Hartman 2012-09-17 1417 unsigned int nArea, uStart, uSize; cd915200 Greg Kroah-Hartman 2012-09-17 1418 TCIRCBLOCK cb; 74f56714 Greg Kroah-Hartman 2012-09-17 1419 cd915200 Greg Kroah-Hartman 2012-09-17 1420 dev_dbg(&pdx->interface->dev, "%s", __func__); 74f56714 Greg Kroah-Hartman 2012-09-17 1421 74f56714 Greg Kroah-Hartman 2012-09-17 1422 if (copy_from_user(&cb, pCB, sizeof(cb))) 74f56714 Greg Kroah-Hartman 2012-09-17 @1423 return -EFAULT; 74f56714 Greg Kroah-Hartman 2012-09-17 1424 cd915200 Greg Kroah-Hartman 2012-09-17 1425 mutex_lock(&pdx->io_mutex); cd915200 Greg Kroah-Hartman 2012-09-17 1426 cd915200 Greg Kroah-Hartman 2012-09-17 1427 nArea = cb.nArea; // Retrieve parameters first cd915200 Greg Kroah-Hartman 2012-09-17 1428 uStart = cb.dwOffset; cd915200 Greg Kroah-Hartman 2012-09-17 1429 uSize = cb.dwSize; cd915200 Greg Kroah-Hartman 2012-09-17 1430 cb.dwOffset = 0; // then set default result (nothing) cd915200 Greg Kroah-Hartman 2012-09-17 1431 cb.dwSize = 0; cd915200 Greg Kroah-Hartman 2012-09-17 1432 cd915200 Greg Kroah-Hartman 2012-09-17 1433 if (nArea < MAX_TRANSAREAS) // The area number must be OK cd915200 Greg Kroah-Hartman 2012-09-17 1434 { cd915200 Greg Kroah-Hartman 2012-09-17 1435 TRANSAREA *pArea = &pdx->rTransDef[nArea]; // Pointer to relevant info cd915200 Greg Kroah-Hartman 2012-09-17 1436 spin_lock_irq(&pdx->stagedLock); // Lock others out cd915200 Greg Kroah-Hartman 2012-09-17 1437 cd915200 Greg Kroah-Hartman 2012-09-17 1438 if ((pArea->bUsed) && (pArea->bCircular) && // Must be circular area cd915200 Greg Kroah-Hartman 2012-09-17 1439 (pArea->bCircToHost)) // For now at least must be to host cd915200 Greg Kroah-Hartman 2012-09-17 1440 { cd915200 Greg Kroah-Hartman 2012-09-17 1441 bool bWaiting = false; cd915200 Greg Kroah-Hartman 2012-09-17 1442 cd915200 Greg Kroah-Hartman 2012-09-17 1443 if ((pArea->aBlocks[0].dwSize >= uSize) && // Got anything? cd915200 Greg Kroah-Hartman 2012-09-17 1444 (pArea->aBlocks[0].dwOffset == uStart)) // Must be legal data cd915200 Greg Kroah-Hartman 2012-09-17 1445 { cd915200 Greg Kroah-Hartman 2012-09-17 1446 pArea->aBlocks[0].dwSize -= uSize; cd915200 Greg Kroah-Hartman 2012-09-17 1447 pArea->aBlocks[0].dwOffset += uSize; cd915200 Greg Kroah-Hartman 2012-09-17 1448 if (pArea->aBlocks[0].dwSize == 0) // Have we emptied this block? cd915200 Greg Kroah-Hartman 2012-09-17 1449 { cd915200 Greg Kroah-Hartman 2012-09-17 1450 if (pArea->aBlocks[1].dwSize) // Is there a second block? cd915200 Greg Kroah-Hartman 2012-09-17 1451 { cd915200 Greg Kroah-Hartman 2012-09-17 1452 pArea->aBlocks[0] = pArea->aBlocks[1]; // Copy down block 2 data cd915200 Greg Kroah-Hartman 2012-09-17 1453 pArea->aBlocks[1].dwSize = 0; // and mark the second block as unused cd915200 Greg Kroah-Hartman 2012-09-17 1454 pArea->aBlocks[1].dwOffset = 0; cd915200 Greg Kroah-Hartman 2012-09-17 1455 } else cd915200 Greg Kroah-Hartman 2012-09-17 1456 pArea->aBlocks[0].dwOffset = 0; cd915200 Greg Kroah-Hartman 2012-09-17 1457 } cd915200 Greg Kroah-Hartman 2012-09-17 1458 cd915200 Greg Kroah-Hartman 2012-09-17 1459 dev_dbg(&pdx->interface->dev, cd915200 Greg Kroah-Hartman 2012-09-17 1460 "%s free %d bytes at %d, return %d bytes at %d, wait=%d", cd915200 Greg Kroah-Hartman 2012-09-17 1461 __func__, uSize, uStart, cd915200 Greg Kroah-Hartman 2012-09-17 1462 pArea->aBlocks[0].dwSize, cd915200 Greg Kroah-Hartman 2012-09-17 1463 pArea->aBlocks[0].dwOffset, cd915200 Greg Kroah-Hartman 2012-09-17 1464 pdx->bXFerWaiting); cd915200 Greg Kroah-Hartman 2012-09-17 1465 cd915200 Greg Kroah-Hartman 2012-09-17 1466 // Return the next available block of memory as well cd915200 Greg Kroah-Hartman 2012-09-17 1467 if (pArea->aBlocks[0].dwSize > 0) // Got anything? cd915200 Greg Kroah-Hartman 2012-09-17 1468 { cd915200 Greg Kroah-Hartman 2012-09-17 1469 cb.dwOffset = cd915200 Greg Kroah-Hartman 2012-09-17 1470 pArea->aBlocks[0].dwOffset; cd915200 Greg Kroah-Hartman 2012-09-17 1471 cb.dwSize = pArea->aBlocks[0].dwSize; cd915200 Greg Kroah-Hartman 2012-09-17 1472 } cd915200 Greg Kroah-Hartman 2012-09-17 1473 cd915200 Greg Kroah-Hartman 2012-09-17 1474 bWaiting = pdx->bXFerWaiting; cd915200 Greg Kroah-Hartman 2012-09-17 1475 if (bWaiting && pdx->bStagedUrbPending) { cd915200 Greg Kroah-Hartman 2012-09-17 1476 dev_err(&pdx->interface->dev, cd915200 Greg Kroah-Hartman 2012-09-17 1477 "%s ERROR: waiting xfer and staged Urb pending!", cd915200 Greg Kroah-Hartman 2012-09-17 1478 __func__); cd915200 Greg Kroah-Hartman 2012-09-17 1479 bWaiting = false; cd915200 Greg Kroah-Hartman 2012-09-17 1480 } cd915200 Greg Kroah-Hartman 2012-09-17 1481 } else { cd915200 Greg Kroah-Hartman 2012-09-17 1482 dev_err(&pdx->interface->dev, cd915200 Greg Kroah-Hartman 2012-09-17 1483 "%s ERROR: freeing %d bytes at %d, block 0 is %d bytes at %d", cd915200 Greg Kroah-Hartman 2012-09-17 1484 __func__, uSize, uStart, cd915200 Greg Kroah-Hartman 2012-09-17 1485 pArea->aBlocks[0].dwSize, cd915200 Greg Kroah-Hartman 2012-09-17 1486 pArea->aBlocks[0].dwOffset); cd915200 Greg Kroah-Hartman 2012-09-17 1487 iReturn = U14ERR_NOMEMORY; cd915200 Greg Kroah-Hartman 2012-09-17 1488 } cd915200 Greg Kroah-Hartman 2012-09-17 1489 cd915200 Greg Kroah-Hartman 2012-09-17 1490 // If we have one, kick off pending transfer cd915200 Greg Kroah-Hartman 2012-09-17 1491 if (bWaiting) // Got a block xfer waiting? cd915200 Greg Kroah-Hartman 2012-09-17 1492 { cd915200 Greg Kroah-Hartman 2012-09-17 1493 int RWMStat = cd915200 Greg Kroah-Hartman 2012-09-17 1494 ReadWriteMem(pdx, !pdx->rDMAInfo.bOutWard, cd915200 Greg Kroah-Hartman 2012-09-17 1495 pdx->rDMAInfo.wIdent, cd915200 Greg Kroah-Hartman 2012-09-17 1496 pdx->rDMAInfo.dwOffset, cd915200 Greg Kroah-Hartman 2012-09-17 1497 pdx->rDMAInfo.dwSize); cd915200 Greg Kroah-Hartman 2012-09-17 1498 if (RWMStat != U14ERR_NOERROR) cd915200 Greg Kroah-Hartman 2012-09-17 1499 dev_err(&pdx->interface->dev, cd915200 Greg Kroah-Hartman 2012-09-17 1500 "%s rw setup failed %d", cd915200 Greg Kroah-Hartman 2012-09-17 1501 __func__, RWMStat); cd915200 Greg Kroah-Hartman 2012-09-17 1502 } cd915200 Greg Kroah-Hartman 2012-09-17 1503 } else cd915200 Greg Kroah-Hartman 2012-09-17 1504 iReturn = U14ERR_NOTSET; cd915200 Greg Kroah-Hartman 2012-09-17 1505 cd915200 Greg Kroah-Hartman 2012-09-17 1506 spin_unlock_irq(&pdx->stagedLock); cd915200 Greg Kroah-Hartman 2012-09-17 1507 } else cd915200 Greg Kroah-Hartman 2012-09-17 1508 iReturn = U14ERR_BADAREA; cd915200 Greg Kroah-Hartman 2012-09-17 1509 74f56714 Greg Kroah-Hartman 2012-09-17 1510 if (copy_to_user(pCB, &cb, sizeof(cb))) 74f56714 Greg Kroah-Hartman 2012-09-17 @1511 return -EFAULT; 74f56714 Greg Kroah-Hartman 2012-09-17 1512 cd915200 Greg Kroah-Hartman 2012-09-17 1513 mutex_unlock(&pdx->io_mutex); cd915200 Greg Kroah-Hartman 2012-09-17 @1514 return iReturn; 2eae6bdc Alois Schlögl 2012-09-17 1515 } --- 0-DAY kernel build testing backend Open Source Technology Center Fengguang Wu, Yuanhan Liu Intel Corporation