[report] sata_qstor.c: ancient pointer math bug

linux-ide.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [report] sata_qstor.c: ancient pointer math bug
@ 2016-03-02  9:44 Dan Carpenter
  2016-03-02 14:28 ` Mark Lord
  2016-03-02 14:30 ` Mark Lord
  0 siblings, 2 replies; 3+ messages in thread
From: Dan Carpenter @ 2016-03-02  9:44 UTC (permalink / raw)
  To: Mark Lord; +Cc: linux-ide

Hello Mark Lord matches,

The patch 1da177e4c3f4 from Apr 16, 2005, leads to the following static
checker warning:

	drivers/ata/sata_qstor.c:270 qs_fill_sg()
	warn: was expecting 4 bytes for 'prd'

drivers/ata/sata_qstor.c
   252  static unsigned int qs_fill_sg(struct ata_queued_cmd *qc)
   253  {
   254          struct scatterlist *sg;
   255          struct ata_port *ap = qc->ap;
   256          struct qs_port_priv *pp = ap->private_data;
   257          u8 *prd = pp->pkt + QS_CPB_BYTES;
   258          unsigned int si;
   259  
   260          for_each_sg(qc->sg, sg, qc->n_elem, si) {
   261                  u64 addr;
   262                  u32 len;
   263  
   264                  addr = sg_dma_address(sg);
   265                  *(__le64 *)prd = cpu_to_le64(addr);
   266                  prd += sizeof(u64);
   267  
   268                  len = sg_dma_len(sg);
   269                  *(__le32 *)prd = cpu_to_le32(len);
   270                  prd += sizeof(u64);

This is almost certainly a cut and paste bug where prd += sizeof(u32)
was intended.  Probably no one cares at this point though...

   271  
   272                  VPRINTK("PRD[%u] = (0x%llX, 0x%X)\n", si,
   273                                          (unsigned long long)addr, len);
   274          }
   275  
   276          return si;
   277  }

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [report] sata_qstor.c: ancient pointer math bug
  2016-03-02  9:44 [report] sata_qstor.c: ancient pointer math bug Dan Carpenter
@ 2016-03-02 14:28 ` Mark Lord
  2016-03-02 14:30 ` Mark Lord
  1 sibling, 0 replies; 3+ messages in thread
From: Mark Lord @ 2016-03-02 14:28 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: linux-ide

On 16-03-02 04:44 AM, Dan Carpenter wrote:
..
> drivers/ata/sata_qstor.c
>     252  static unsigned int qs_fill_sg(struct ata_queued_cmd *qc)
>     253  {
>     254          struct scatterlist *sg;
>     255          struct ata_port *ap = qc->ap;
>     256          struct qs_port_priv *pp = ap->private_data;
>     257          u8 *prd = pp->pkt + QS_CPB_BYTES;
>     258          unsigned int si;
>     259
>     260          for_each_sg(qc->sg, sg, qc->n_elem, si) {
>     261                  u64 addr;
>     262                  u32 len;
>     263
>     264                  addr = sg_dma_address(sg);
>     265                  *(__le64 *)prd = cpu_to_le64(addr);
>     266                  prd += sizeof(u64);
>     267
>     268                  len = sg_dma_len(sg);
>     269                  *(__le32 *)prd = cpu_to_le32(len);
>     270                  prd += sizeof(u64);
>
> This is almost certainly a cut and paste bug where prd += sizeof(u32)
> was intended.  Probably no one cares at this point though...

No, the hardware really does want sizeof(u64) in both places above.
A PRD entry is 16 bytes in total.
-- 
Mark Lord
Real-Time Remedies Inc.
mlord@pobox.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [report] sata_qstor.c: ancient pointer math bug
  2016-03-02  9:44 [report] sata_qstor.c: ancient pointer math bug Dan Carpenter
  2016-03-02 14:28 ` Mark Lord
@ 2016-03-02 14:30 ` Mark Lord
  1 sibling, 0 replies; 3+ messages in thread
From: Mark Lord @ 2016-03-02 14:30 UTC (permalink / raw)
  To: Dan Carpenter, Mark Lord; +Cc: linux-ide

On 16-03-02 04:44 AM, Dan Carpenter wrote:
..
> drivers/ata/sata_qstor.c
>     252  static unsigned int qs_fill_sg(struct ata_queued_cmd *qc)
>     253  {
>     254          struct scatterlist *sg;
>     255          struct ata_port *ap = qc->ap;
>     256          struct qs_port_priv *pp = ap->private_data;
>     257          u8 *prd = pp->pkt + QS_CPB_BYTES;
>     258          unsigned int si;
>     259
>     260          for_each_sg(qc->sg, sg, qc->n_elem, si) {
>     261                  u64 addr;
>     262                  u32 len;
>     263
>     264                  addr = sg_dma_address(sg);
>     265                  *(__le64 *)prd = cpu_to_le64(addr);
>     266                  prd += sizeof(u64);
>     267
>     268                  len = sg_dma_len(sg);
>     269                  *(__le32 *)prd = cpu_to_le32(len);
>     270                  prd += sizeof(u64);
>
> This is almost certainly a cut and paste bug where prd += sizeof(u32)
> was intended.  Probably no one cares at this point though...

No, the hardware really does want sizeof(u64) in both places above.
A PRD entry is 16 bytes in total.
-- 
Mark Lord
Real-Time Remedies Inc.
mlord@pobox.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2016-03-02 14:44 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-03-02  9:44 [report] sata_qstor.c: ancient pointer math bug Dan Carpenter
2016-03-02 14:28 ` Mark Lord
2016-03-02 14:30 ` Mark Lord

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).