* Re: [PATCH 3.1] iwlagn: fix stack corruption
2011-09-12 19:14 ` Daniel Halperin
@ 2011-09-12 18:40 ` Guy, Wey-Yi
2011-09-12 19:24 ` Julia Lawall
2011-09-13 7:18 ` Johannes Berg
2 siblings, 0 replies; 6+ messages in thread
From: Guy, Wey-Yi @ 2011-09-12 18:40 UTC (permalink / raw)
To: Daniel Halperin
Cc: Johannes Berg, julia@diku.dk, John Linville,
Venkataraman, Meenakshi, Alexander Diewald, linux-wireless
On Mon, 2011-09-12 at 12:14 -0700, Daniel Halperin wrote:
> On Mon, Sep 12, 2011 at 12:08 PM, Johannes Berg
> <johannes@sipsolutions.net> wrote:
> >
> > --- a/drivers/net/wireless/iwlwifi/iwl-agn-ucode.c 2011-09-12 21:01:34.000000000 +0200
> > +++ b/drivers/net/wireless/iwlwifi/iwl-agn-ucode.c 2011-09-12 21:01:43.000000000 +0200
> > @@ -167,7 +167,7 @@ static int iwlagn_set_temperature_offset
> >
> > memset(&cmd, 0, sizeof(cmd));
> > iwl_set_calib_hdr(&cmd.hdr, IWL_PHY_CALIBRATE_TEMP_OFFSET_CMD);
> > - memcpy(&cmd.radio_sensor_offset, offset_calib, sizeof(offset_calib));
> > + memcpy(&cmd.radio_sensor_offset, offset_calib, sizeof(*offset_calib));
> > if (!(cmd.radio_sensor_offset))
> > cmd.radio_sensor_offset = DEFAULT_RADIO_SENSOR_OFFSET;
>
> Nice catch!
>
> This kinda bug seems ideal for Julia Lawall's stuff to catch, doesn't it?
>
> Right: memcpy(addr, obj, sizeof(*obj))
> Wrong: memcpy(addr, obj, sizeof(obj))
>
Thank you very much for catch my mistake
Wey
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 3.1] iwlagn: fix stack corruption
@ 2011-09-12 19:08 Johannes Berg
2011-09-12 19:14 ` Daniel Halperin
2011-09-12 19:55 ` Alexander Diewald
0 siblings, 2 replies; 6+ messages in thread
From: Johannes Berg @ 2011-09-12 19:08 UTC (permalink / raw)
To: John Linville
Cc: Wey-Yi W Guy, Meenakshi Venkataraman, Alexander Diewald,
linux-wireless
From: Johannes Berg <johannes.berg@intel.com>
Alexander reported a strange crash in iwlagn that
Meenakshi and Wey couldn't reproduce. I just ran
into the same issue and tracked it down to stack
corruption. This fixes it.
The problem was introduced in
commit 4b8b99b6e650d0527f3a123744b7459976581d14
Author: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Date: Fri Jul 8 14:29:48 2011 -0700
iwlagn: radio sensor offset in le16 format
Cc: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Cc: Meenakshi Venkataraman <meenakshi.venkataraman@intel.com>
Reported-by: Alexander Diewald <alex@diewald.cc>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
Wey, please fix your recent commit in our internal tree
that does the v2 offset calibration -- it has the same
bug twice.
drivers/net/wireless/iwlwifi/iwl-agn-ucode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/wireless/iwlwifi/iwl-agn-ucode.c 2011-09-12 21:01:34.000000000 +0200
+++ b/drivers/net/wireless/iwlwifi/iwl-agn-ucode.c 2011-09-12 21:01:43.000000000 +0200
@@ -167,7 +167,7 @@ static int iwlagn_set_temperature_offset
memset(&cmd, 0, sizeof(cmd));
iwl_set_calib_hdr(&cmd.hdr, IWL_PHY_CALIBRATE_TEMP_OFFSET_CMD);
- memcpy(&cmd.radio_sensor_offset, offset_calib, sizeof(offset_calib));
+ memcpy(&cmd.radio_sensor_offset, offset_calib, sizeof(*offset_calib));
if (!(cmd.radio_sensor_offset))
cmd.radio_sensor_offset = DEFAULT_RADIO_SENSOR_OFFSET;
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 3.1] iwlagn: fix stack corruption
2011-09-12 19:08 [PATCH 3.1] iwlagn: fix stack corruption Johannes Berg
@ 2011-09-12 19:14 ` Daniel Halperin
2011-09-12 18:40 ` Guy, Wey-Yi
` (2 more replies)
2011-09-12 19:55 ` Alexander Diewald
1 sibling, 3 replies; 6+ messages in thread
From: Daniel Halperin @ 2011-09-12 19:14 UTC (permalink / raw)
To: Johannes Berg
Cc: julia, John Linville, Wey-Yi W Guy, Meenakshi Venkataraman,
Alexander Diewald, linux-wireless
On Mon, Sep 12, 2011 at 12:08 PM, Johannes Berg
<johannes@sipsolutions.net> wrote:
>
> --- a/drivers/net/wireless/iwlwifi/iwl-agn-ucode.c 2011-09-12 21:01:34.000000000 +0200
> +++ b/drivers/net/wireless/iwlwifi/iwl-agn-ucode.c 2011-09-12 21:01:43.000000000 +0200
> @@ -167,7 +167,7 @@ static int iwlagn_set_temperature_offset
>
> memset(&cmd, 0, sizeof(cmd));
> iwl_set_calib_hdr(&cmd.hdr, IWL_PHY_CALIBRATE_TEMP_OFFSET_CMD);
> - memcpy(&cmd.radio_sensor_offset, offset_calib, sizeof(offset_calib));
> + memcpy(&cmd.radio_sensor_offset, offset_calib, sizeof(*offset_calib));
> if (!(cmd.radio_sensor_offset))
> cmd.radio_sensor_offset = DEFAULT_RADIO_SENSOR_OFFSET;
Nice catch!
This kinda bug seems ideal for Julia Lawall's stuff to catch, doesn't it?
Right: memcpy(addr, obj, sizeof(*obj))
Wrong: memcpy(addr, obj, sizeof(obj))
Dan
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 3.1] iwlagn: fix stack corruption
2011-09-12 19:14 ` Daniel Halperin
2011-09-12 18:40 ` Guy, Wey-Yi
@ 2011-09-12 19:24 ` Julia Lawall
2011-09-13 7:18 ` Johannes Berg
2 siblings, 0 replies; 6+ messages in thread
From: Julia Lawall @ 2011-09-12 19:24 UTC (permalink / raw)
To: Daniel Halperin
Cc: Johannes Berg, John Linville, Wey-Yi W Guy,
Meenakshi Venkataraman, Alexander Diewald, linux-wireless
[-- Attachment #1: Type: TEXT/PLAIN, Size: 1142 bytes --]
On Mon, 12 Sep 2011, Daniel Halperin wrote:
> On Mon, Sep 12, 2011 at 12:08 PM, Johannes Berg
> <johannes@sipsolutions.net> wrote:
> >
> > --- a/drivers/net/wireless/iwlwifi/iwl-agn-ucode.c 2011-09-12 21:01:34.000000000 +0200
> > +++ b/drivers/net/wireless/iwlwifi/iwl-agn-ucode.c 2011-09-12 21:01:43.000000000 +0200
> > @@ -167,7 +167,7 @@ static int iwlagn_set_temperature_offset
> >
> > memset(&cmd, 0, sizeof(cmd));
> > iwl_set_calib_hdr(&cmd.hdr, IWL_PHY_CALIBRATE_TEMP_OFFSET_CMD);
> > - memcpy(&cmd.radio_sensor_offset, offset_calib, sizeof(offset_calib));
> > + memcpy(&cmd.radio_sensor_offset, offset_calib, sizeof(*offset_calib));
> > if (!(cmd.radio_sensor_offset))
> > cmd.radio_sensor_offset = DEFAULT_RADIO_SENSOR_OFFSET;
>
> Nice catch!
>
> This kinda bug seems ideal for Julia Lawall's stuff to catch, doesn't it?
>
> Right: memcpy(addr, obj, sizeof(*obj))
> Wrong: memcpy(addr, obj, sizeof(obj))
Yes... I have tried in the past the following:
x = <+... sizeof(x) ...+>
But that doesn't catch the above because there is no return value. I will
try it.
julia
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 3.1] iwlagn: fix stack corruption
2011-09-12 19:08 [PATCH 3.1] iwlagn: fix stack corruption Johannes Berg
2011-09-12 19:14 ` Daniel Halperin
@ 2011-09-12 19:55 ` Alexander Diewald
1 sibling, 0 replies; 6+ messages in thread
From: Alexander Diewald @ 2011-09-12 19:55 UTC (permalink / raw)
To: Johannes Berg
Cc: John Linville, Wey-Yi W Guy, Meenakshi Venkataraman,
linux-wireless
SGkgSm9oYW5uZXMsDQoNCkkndmUganVzdCB0cmllZCB0aGUgZml4IGFuZCBpdCB3b3Jrcy4gSSBz
d2l0Y2hlZCBvZmYgYWxsIHRoZSBkZWJ1Z2dpbmcgb3B0aW9ucyBpbiB0aGUgaXdsd2lmaSBkcml2
ZXIgYW5kIHRoZSB3aXJlbGVzcyBzdGFjayBhbmQgdHVybmVkIG9mZiB0aGUgZnJhbWUgcG9pbnRl
cnMgZm9yIHRlc3RpbmcuDQpUaGFuayB5b3UgdmVyeSBtdWNoLiANCg0KSnVzdCBzb21lIGZpbmFs
IG5vdGVzOg0KVGhhbmsgeW91IFdleSwgZm9yIGV2ZW4gZm9yd2FyZGluZyB0aGlzIGlzc3VlIHdo
ZW4geW91IHdlcmUgb24gdmFjYXRpb24hDQpBbHNvLCBzcGVjaWFsIFRoYW5rcyB0byB5b3UsIE1l
ZW5ha3NoaSwgZm9yIHRha2luZyB0aGF0IG11Y2ggdGltZS4gSSBhbHNvIGxlYXJuZWQgYSBsb3Qg
cmVnYXJkaW5nIGtlcm5lbCBkZWJ1Z2dpbmcgKG5ldGNvbnNvbGUgZXRjLikuIEkgaG9wZSBJIGNv
dWxkIGdpdmUgc29tZSBnb29kIGZlZWRiYWNrLg0KQW5kIHRoYW5rcyB0byBhbGwgb3RoZXIgcGVv
cGxlIGludm9sdmVkLg0KDQpNYXliZSwgc2VlIHlvdSBuZXh0IHRpbWUgOyksDQpBbGV4DQoNCg0K
T24gTW9uZGF5IDEyIFNlcHRlbWJlciAyMDExIDIxOjA4OjI1IEpvaGFubmVzIEJlcmcgd3JvdGU6
DQo+IEZyb206IEpvaGFubmVzIEJlcmcgPGpvaGFubmVzLmJlcmdAaW50ZWwuY29tPg0KPiANCj4g
QWxleGFuZGVyIHJlcG9ydGVkIGEgc3RyYW5nZSBjcmFzaCBpbiBpd2xhZ24gdGhhdA0KPiBNZWVu
YWtzaGkgYW5kIFdleSBjb3VsZG4ndCByZXByb2R1Y2UuIEkganVzdCByYW4NCj4gaW50byB0aGUg
c2FtZSBpc3N1ZSBhbmQgdHJhY2tlZCBpdCBkb3duIHRvIHN0YWNrDQo+IGNvcnJ1cHRpb24uIFRo
aXMgZml4ZXMgaXQuDQo+IA0KPiBUaGUgcHJvYmxlbSB3YXMgaW50cm9kdWNlZCBpbg0KPiBjb21t
aXQgNGI4Yjk5YjZlNjUwZDA1MjdmM2ExMjM3NDRiNzQ1OTk3NjU4MWQxNA0KPiBBdXRob3I6IFdl
eS1ZaSBHdXkgPHdleS15aS53Lmd1eUBpbnRlbC5jb20+DQo+IERhdGU6ICAgRnJpIEp1bCA4IDE0
OjI5OjQ4IDIwMTEgLTA3MDANCj4gDQo+ICAgICBpd2xhZ246IHJhZGlvIHNlbnNvciBvZmZzZXQg
aW4gbGUxNiBmb3JtYXQNCj4gDQo+IENjOiBXZXktWWkgR3V5IDx3ZXkteWkudy5ndXlAaW50ZWwu
Y29tPg0KPiBDYzogTWVlbmFrc2hpIFZlbmthdGFyYW1hbiA8bWVlbmFrc2hpLnZlbmthdGFyYW1h
bkBpbnRlbC5jb20+DQo+IFJlcG9ydGVkLWJ5OiBBbGV4YW5kZXIgRGlld2FsZCA8YWxleEBkaWV3
YWxkLmNjPg0KPiBTaWduZWQtb2ZmLWJ5OiBKb2hhbm5lcyBCZXJnIDxqb2hhbm5lcy5iZXJnQGlu
dGVsLmNvbT4NCj4gLS0tDQo+IFdleSwgcGxlYXNlIGZpeCB5b3VyIHJlY2VudCBjb21taXQgaW4g
b3VyIGludGVybmFsIHRyZWUNCj4gdGhhdCBkb2VzIHRoZSB2MiBvZmZzZXQgY2FsaWJyYXRpb24g
LS0gaXQgaGFzIHRoZSBzYW1lDQo+IGJ1ZyB0d2ljZS4NCj4gDQo+ICBkcml2ZXJzL25ldC93aXJl
bGVzcy9pd2x3aWZpL2l3bC1hZ24tdWNvZGUuYyB8ICAgIDIgKy0NCj4gIDEgZmlsZSBjaGFuZ2Vk
LCAxIGluc2VydGlvbigrKSwgMSBkZWxldGlvbigtKQ0KPiANCj4gLS0tIGEvZHJpdmVycy9uZXQv
d2lyZWxlc3MvaXdsd2lmaS9pd2wtYWduLXVjb2RlLmMJMjAxMS0wOS0xMg0KPiAyMTowMTozNC4w
MDAwMDAwMDAgKzAyMDAgKysrDQo+IGIvZHJpdmVycy9uZXQvd2lyZWxlc3MvaXdsd2lmaS9pd2wt
YWduLXVjb2RlLmMJMjAxMS0wOS0xMg0KPiAyMTowMTo0My4wMDAwMDAwMDAgKzAyMDAgQEAgLTE2
Nyw3ICsxNjcsNyBAQCBzdGF0aWMgaW50DQo+IGl3bGFnbl9zZXRfdGVtcGVyYXR1cmVfb2Zmc2V0
DQo+IA0KPiAgCW1lbXNldCgmY21kLCAwLCBzaXplb2YoY21kKSk7DQo+ICAJaXdsX3NldF9jYWxp
Yl9oZHIoJmNtZC5oZHIsIElXTF9QSFlfQ0FMSUJSQVRFX1RFTVBfT0ZGU0VUX0NNRCk7DQo+IC0J
bWVtY3B5KCZjbWQucmFkaW9fc2Vuc29yX29mZnNldCwgb2Zmc2V0X2NhbGliLCBzaXplb2Yob2Zm
c2V0X2NhbGliKSk7DQo+ICsJbWVtY3B5KCZjbWQucmFkaW9fc2Vuc29yX29mZnNldCwgb2Zmc2V0
X2NhbGliLCBzaXplb2YoKm9mZnNldF9jYWxpYikpOw0KPiAgCWlmICghKGNtZC5yYWRpb19zZW5z
b3Jfb2Zmc2V0KSkNCj4gIAkJY21kLnJhZGlvX3NlbnNvcl9vZmZzZXQgPSBERUZBVUxUX1JBRElP
X1NFTlNPUl9PRkZTRVQ7DQo=
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 3.1] iwlagn: fix stack corruption
2011-09-12 19:14 ` Daniel Halperin
2011-09-12 18:40 ` Guy, Wey-Yi
2011-09-12 19:24 ` Julia Lawall
@ 2011-09-13 7:18 ` Johannes Berg
2 siblings, 0 replies; 6+ messages in thread
From: Johannes Berg @ 2011-09-13 7:18 UTC (permalink / raw)
To: Daniel Halperin
Cc: julia, John Linville, Wey-Yi W Guy, Meenakshi Venkataraman,
Alexander Diewald, linux-wireless
On Mon, 2011-09-12 at 12:14 -0700, Daniel Halperin wrote:
> On Mon, Sep 12, 2011 at 12:08 PM, Johannes Berg
> <johannes@sipsolutions.net> wrote:
> >
> > --- a/drivers/net/wireless/iwlwifi/iwl-agn-ucode.c 2011-09-12 21:01:34.000000000 +0200
> > +++ b/drivers/net/wireless/iwlwifi/iwl-agn-ucode.c 2011-09-12 21:01:43.000000000 +0200
> > @@ -167,7 +167,7 @@ static int iwlagn_set_temperature_offset
> >
> > memset(&cmd, 0, sizeof(cmd));
> > iwl_set_calib_hdr(&cmd.hdr, IWL_PHY_CALIBRATE_TEMP_OFFSET_CMD);
> > - memcpy(&cmd.radio_sensor_offset, offset_calib, sizeof(offset_calib));
> > + memcpy(&cmd.radio_sensor_offset, offset_calib, sizeof(*offset_calib));
> > if (!(cmd.radio_sensor_offset))
> > cmd.radio_sensor_offset = DEFAULT_RADIO_SENSOR_OFFSET;
>
> Nice catch!
>
> This kinda bug seems ideal for Julia Lawall's stuff to catch, doesn't it?
>
> Right: memcpy(addr, obj, sizeof(*obj))
> Wrong: memcpy(addr, obj, sizeof(obj))
That thought occurred to me as well, but I had been debugging until late
at night so didn't even try to write a script to flag this. :)
johannes
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2011-09-13 7:18 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-09-12 19:08 [PATCH 3.1] iwlagn: fix stack corruption Johannes Berg
2011-09-12 19:14 ` Daniel Halperin
2011-09-12 18:40 ` Guy, Wey-Yi
2011-09-12 19:24 ` Julia Lawall
2011-09-13 7:18 ` Johannes Berg
2011-09-12 19:55 ` Alexander Diewald
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).