Fix argument order in incorrect memset invocations in hyperv driver.

Fix argument order in incorrect memset invocations in hyperv driver.

[Dave Jones]

Nearly every invocation of memset in drivers/staging/hv/StorVsc.c
has it's arguments the wrong way around.

Signed-off-by: Dave Jones <davej@redhat.com>

diff --git a/drivers/staging/hv/StorVsc.c b/drivers/staging/hv/StorVsc.c
index 14015c9..2f7c425 100644
--- a/drivers/staging/hv/StorVsc.c
+++ b/drivers/staging/hv/StorVsc.c
@@ -196,7 +196,7 @@ static int StorVscChannelInit(struct hv_device *Device)
 	 * Now, initiate the vsc/vsp initialization protocol on the open
 	 * channel
 	 */
-	memset(request, sizeof(struct storvsc_request_extension), 0);
+	memset(request, 0, sizeof(struct storvsc_request_extension));
 	request->WaitEvent = osd_WaitEventCreate();
 
 	vstorPacket->Operation = VStorOperationBeginInitialization;
@@ -233,7 +233,7 @@ static int StorVscChannelInit(struct hv_device *Device)
 	DPRINT_INFO(STORVSC, "QUERY_PROTOCOL_VERSION_OPERATION...");
 
 	/* reuse the packet for version range supported */
-	memset(vstorPacket, sizeof(struct vstor_packet), 0);
+	memset(vstorPacket, 0, sizeof(struct vstor_packet));
 	vstorPacket->Operation = VStorOperationQueryProtocolVersion;
 	vstorPacket->Flags = REQUEST_COMPLETION_FLAG;
 
@@ -266,7 +266,7 @@ static int StorVscChannelInit(struct hv_device *Device)
 	/* Query channel properties */
 	DPRINT_INFO(STORVSC, "QUERY_PROPERTIES_OPERATION...");
 
-	memset(vstorPacket, sizeof(struct vstor_packet), 0);
+	memset(vstorPacket, 0, sizeof(struct vstor_packet));
 	vstorPacket->Operation = VStorOperationQueryProperties;
 	vstorPacket->Flags = REQUEST_COMPLETION_FLAG;
 	vstorPacket->StorageChannelProperties.PortNumber =
@@ -305,7 +305,7 @@ static int StorVscChannelInit(struct hv_device *Device)
 
 	DPRINT_INFO(STORVSC, "END_INITIALIZATION_OPERATION...");
 
-	memset(vstorPacket, sizeof(struct vstor_packet), 0);
+	memset(vstorPacket, 0, sizeof(struct vstor_packet));
 	vstorPacket->Operation = VStorOperationEndInitialization;
 	vstorPacket->Flags = REQUEST_COMPLETION_FLAG;
 
@@ -508,7 +508,7 @@ static int StorVscConnectToVsp(struct hv_device *Device)
 	int ret;
 
 	storDriver = (struct storvsc_driver_object *)Device->Driver;
-	memset(&props, sizeof(struct vmstorage_channel_properties), 0);
+	memset(&props, 0, sizeof(struct vmstorage_channel_properties));
 
 	/* Open the channel */
 	ret = Device->Driver->VmbusChannelInterface.Open(Device,

Memset of length zero bugs

[Török Edwin]

[-- Attachment #1: Type: text/plain, Size: 2160 bytes --]

On 2009-11-11 23:57, Dave Jones wrote:
> Nearly every invocation of memset in drivers/staging/hv/StorVsc.c
> has it's arguments the wrong way around.
Hi,

I found 2 more bugs like this in v2.6.32-rc8-11-ga8a8a66 by letting gcc
warn in such cases on an allyesconfig build.
I used the attached patch (meant to be used only to find bugs, linking
fails).

Here are the warnings:
1. Wrong parameter order
In function ‘memset’,
inlined from ‘ir_input_init’ at drivers/media/common/ir-functions.c:67:
/home/edwin/builds/linux-2.6/arch/x86/include/asm/string_64.h:61:
warning: call to ‘__warn_memset_zero_len’ declared with attribute
warning: memset used with constant zero length parameter; this could be
due to transposed parameters
memset(ir->ir_codes, sizeof(ir->ir_codes), 0);

2. pgsize variable (and hence length argument) is always zero.

In function ‘memset’,
inlined from ‘erasecrosstest’ at drivers/mtd/tests/mtd_pagetest.c:345:
/home/edwin/builds/linux-2.6/arch/x86/include/asm/string_64.h:61:
warning: call to ‘__warn_memset_zero_len’ declared with attribute
warning: memset used with constant zero length parameter; this could be
due to transposed parameters
memset(readbuf, 0, pgsize);
In function ‘memset’,
inlined from ‘erasecrosstest’ at drivers/mtd/tests/mtd_pagetest.c:384:
/home/edwin/builds/linux-2.6/arch/x86/include/asm/string_64.h:61:
warning: call to ‘__warn_memset_zero_len’ declared with attribute
warning: memset used with constant zero length parameter; this could be
due to transposed parameters
In function ‘memset’,
inlined from ‘crosstest’ at drivers/mtd/tests/mtd_pagetest.c:219:
/home/edwin/builds/linux-2.6/arch/x86/include/asm/string_64.h:61:
warning: call to ‘__warn_memset_zero_len’ declared with attribute
warning: memset used with constant zero length parameter; this could be
due to transposed parameters

Now this one is interesting, the memsets are fine, however pgsize is
always zero, it is declared as 'static int pgsize' and never assigned a
value (hence it is always zero).
I didn't look at what mtd_pagetest wants to test, but the name suggests
that a pagesize of zero isn't a very useful test.

Best regards,
--Edwin

[-- Attachment #2: patch --]
[-- Type: text/plain, Size: 997 bytes --]

diff --git a/arch/x86/include/asm/string_64.h b/arch/x86/include/asm/string_64.h
index 19e2c46..cddefb7 100644
--- a/arch/x86/include/asm/string_64.h
+++ b/arch/x86/include/asm/string_64.h
@@ -52,7 +52,17 @@ extern void *__memcpy(void *to, const void *from, size_t len);
 #endif
 
 #define __HAVE_ARCH_MEMSET
-void *memset(void *s, int c, size_t n);
+extern void __warn_memset_zero_len (void) __attribute__((__warning__ ("memset used with constant zero length parameter; this could be due to transposed parameters")));
+extern __inline __attribute__ ((__always_inline__)) __attribute__ ((__artificial__)) void *
+__attribute__ ((__nothrow__)) memset (void *__dest, int __ch, size_t __len)
+{
+  if (__builtin_constant_p (__len) && __len == 0)
+    {
+      __warn_memset_zero_len ();
+      return __dest;
+    }
+  return __builtin___memset_chk (__dest, __ch, __len, __builtin_object_size (__dest, 0));
+}
 
 #define __HAVE_ARCH_MEMMOVE
 void *memmove(void *dest, const void *src, size_t count);

Re: Memset of length zero bugs

[Török Edwin]

On 2009-11-26 13:07, Török Edwin wrote:
> On 2009-11-11 23:57, Dave Jones wrote:
>   
>> Nearly every invocation of memset in drivers/staging/hv/StorVsc.c
>> has it's arguments the wrong way around.
>>     
> Hi,
>
> I found 2 more bugs like this in v2.6.32-rc8-11-ga8a8a66 by letting gcc
> warn in such cases on an allyesconfig build.
> I used the attached patch (meant to be used only to find bugs, linking
> fails).
>   

Forgot to mention that this code is the one from glibc (2.10.1)'s memset.

Best regards,
--Edwin

Re: Memset of length zero bugs

[Artem Bityutskiy]

On Thu, 2009-11-26 at 13:07 +0200, Török Edwin wrote:
... snip ...

> inlined from ‘crosstest’ at drivers/mtd/tests/mtd_pagetest.c:219:
> /home/edwin/builds/linux-2.6/arch/x86/include/asm/string_64.h:61:
> warning: call to ‘__warn_memset_zero_len’ declared with attribute
> warning: memset used with constant zero length parameter; this could be
> due to transposed parameters
> 
> Now this one is interesting, the memsets are fine, however pgsize is
> always zero, it is declared as 'static int pgsize' and never assigned a
> value (hence it is always zero).
> I didn't look at what mtd_pagetest wants to test, but the name suggests
> that a pagesize of zero isn't a very useful test.

Thanks for finding this, quite shame bug. I've fixed this in my
l2-mtd-2.6.git tree:
http://git.infradead.org/users/dedekind/l2-mtd-2.6.git/commit/e109a419146efa5751642a11caf32b96fe187130

-- 
Best Regards,
Artem Bityutskiy (Артём Битюцкий)