From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id F003E287245
	for <linux-kernel@vger.kernel.org>; Fri,  6 Feb 2026 15:23:46 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.66
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1770391427; cv=none; b=BBe47VvfRaWaUJxkZa4toHBs5QiWzZ9jLbEad95WJriWoqiAWjq3hDexewyfUaGkIEAt2wiSwZCWEAqyJuGb2jOZPlklL7JbeVsnGx+3+uZtHZRNmibmmYFtfXYJgrizeVystMIh0xcwpy6RnPobc4wOfT54UfjZBtUieutyOWA=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1770391427; c=relaxed/simple;
	bh=+O1Ls5mJN2w86ohgl0FWaLhpMAN9yWArFMvJtTQfTl0=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=JHZi+bg3VkhIZgxOiyEFYHIy3BLbD/71u2ZtgYzPoBpnaJDHxLhQ8u1S/djyuAKw1y2BNgmu9RQQoB/BfUob8yen1qiq5Kz+iUf2p7cuHn5xzz5OvbHEGG2v4gmsrHcwmCBuWO79k7bG/f3bI7zJhPbPu4GxUU63Oyq7fen93Hs=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=K/uXAkMD; arc=none smtp.client-ip=209.85.128.66
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="K/uXAkMD"
Received: by mail-wm1-f66.google.com with SMTP id 5b1f17b1804b1-4806dffc64cso19893455e9.1
        for <linux-kernel@vger.kernel.org>; Fri, 06 Feb 2026 07:23:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google; t=1770391425; x=1770996225; darn=vger.kernel.org;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=vmk3i2Xic+N6h+88mYHjXnA3IoHoaC3fj4TmXWw7rGg=;
        b=K/uXAkMDWvGQxodUUir939WxLkYqVCxvkC6umuDuKPQ+bl/LrMa2xTRS1g6wpO5zSe
         FubY9ilhu3RR3GIfEql69EVwOmXbdN2OBTEb1C7o8NQ6P8bwMP4U/PnmTYRHix/Hpb7u
         6lzE3KZtcPQNtId6S3uuJ4FqV4YG8ueqltz0stLJRSbi9yDRLq0v4H01SwDTerxTzXeA
         dQrKivfRuOxhNeU3pxDWMbpV/zkO3nu6FtwgPAzcRJZFvF9ZfgM+kmiKR8g8wVPhU1mR
         XLKpNnOBu1LsthkmCoiQxd9VJ8XIAUQ6XnLXvlswQ8R+DP6aJTeomLsiqZ8W7JXLSlVp
         ETTg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1770391425; x=1770996225;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=vmk3i2Xic+N6h+88mYHjXnA3IoHoaC3fj4TmXWw7rGg=;
        b=VWR/qRu5Yh6+xhWIb7UYU80IerC17Lx3BH7JGUIYyV7/uXFfQWx6RluK11m2AAFIot
         2bEeqEmtVsP3v5LtlLuUUAlp1F3ZfQyvtGVQrQY7J/lYbbO/QRADExxyuyuJzdFJp2wh
         RZi52z4+0aZ6V+pSz4UGJ3/P9vSLaLaXlM67KE1JMbp1hjcnLMmSZlfLvQpymWHT4UfY
         fURte0H+8g1ETm8Rcxorrq00XgpxEax8yLYRdFPfl7vXAehY5MMTJkTg3lg/+/0J7htz
         LIJmMUUzxtdWuFhX+qklYC5/G+TWrm9djoKVCgN4Sn6neHTvgM6D1/pK29M9BmptaBXq
         pZog==
X-Forwarded-Encrypted: i=1; AJvYcCVmSi33qvhh/FRK3XdWHkmV6mR58Kxj1Gkcc/f9osIzuJuCM+jn+CZH0QRpoeR+3/NOyheSLtf19OskPnc=@vger.kernel.org
X-Gm-Message-State: AOJu0YyMwFciiMUFqMT91NfHnIyuXTAkB6HZpE2DonFPdoH0zHWASg0D
	q5zZlOBeYqomg+CPMksM7l0givByb+qgJNL+xtWxe2skKYkHt91LxTjnhkS8ZnwJZL8=
X-Gm-Gg: AZuq6aIDJrT9qqT9/Q0Gw8wOa2IQ35pWFm+pa8+3WArxiOBTdySjZn2GdQ1IqHhqkLS
	xGjwbQdNl2/TTMn0oEpH4bbU5jAX7sqa+gfyHVFcls/nHb4+H19mHnwbRDT2/qLERTI0eXJrqhR
	8xqaL0gtHiqxbOb3aIO8UbFmpwSowvVePKPptvdgJx7NPinXSXdf0Q5edZ3+Cz8KXFVAD7OnHaw
	VJZ7z04gmiNeabwkMK3OXOAqMRzvs2uKy3QYemWTQZ5s3sWM4mcfo+4QJ313PtuH32exlPxZevJ
	4aG46mjQyVQq/Km3KImpCFPbpZXEI0GaBxib3mA2fhfkiQLC/J2AwOi3cZUmBRgyGE9xrjVC+YT
	QcjN7jiHDeZiDeSvbBflHeCPlGO6TNI5nRirbWBlcP9Rtq2ppzyQgdplKbzySDFFp0Y4jD9+acc
	gLCr9DmTsGMh5vuJ6cA0tEP4LaU58=
X-Received: by 2002:a05:600c:3b87:b0:477:df7:b020 with SMTP id 5b1f17b1804b1-48320966a0cmr42152645e9.18.1770391425272;
        Fri, 06 Feb 2026 07:23:45 -0800 (PST)
Received: from localhost ([196.207.164.177])
        by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48317d7a924sm202077135e9.10.2026.02.06.07.23.44
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 06 Feb 2026 07:23:44 -0800 (PST)
Date: Fri, 6 Feb 2026 18:23:41 +0300
From: Dan Carpenter <dan.carpenter@linaro.org>
To: Stephan Gerhold <stephan.gerhold@linaro.org>
Cc: Stephan Gerhold <stephan@gerhold.net>,
	Johannes Berg <johannes@sipsolutions.net>, netdev@vger.kernel.org,
	linux-arm-msm@vger.kernel.org,
	linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [bug report] net: wwan: Add Qualcomm BAM-DMUX WWAN network driver
Message-ID: <aYYHfapZdjGYCGLI@stanley.mountain>
References: <caa37f28-a2e8-4e0a-a9ce-a365ce805e4b@stanley.mountain>
 <aYXu1uXRG1KHrKej@stanley.mountain>
 <aYYE0SBR6V-HWcPr@linaro.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <aYYE0SBR6V-HWcPr@linaro.org>

On Fri, Feb 06, 2026 at 04:12:17PM +0100, Stephan Gerhold wrote:
> Hi Dan,
> 
> On Fri, Feb 06, 2026 at 04:38:30PM +0300, Dan Carpenter wrote:
> > [ Smatch checking is paused while we raise funding.  #SadFace
> >   https://lore.kernel.org/all/aTaiGSbWZ9DJaGo7@stanley.mountain/ -dan ]
> > 
> > Hello Stephan Gerhold,
> > 
> > Commit 21a0ffd9b38c ("net: wwan: Add Qualcomm BAM-DMUX WWAN network
> > driver") from Nov 27, 2021 (linux-next), leads to the following
> > Smatch static checker warning:
> > 
> > 	drivers/net/wwan/qcom_bam_dmux.c:505 bam_dmux_cmd_data()
> > 	error: buffer overflow 'dmux->netdevs' 8 <= 255 user_rl='0-255' uncapped
> > 
> > drivers/net/wwan/qcom_bam_dmux.c
> >     500 static void bam_dmux_cmd_data(struct bam_dmux_skb_dma *skb_dma)
> >     501 {
> >     502         struct bam_dmux *dmux = skb_dma->dmux;
> >     503         struct sk_buff *skb = skb_dma->skb;
> >     504         struct bam_dmux_hdr *hdr = (struct bam_dmux_hdr *)skb->data;
> > --> 505         struct net_device *netdev = dmux->netdevs[hdr->ch];
> >                                                           ^^^^^^^
> > Smatch thinks skb->data is untrusted.  This is the rx path.
> > 
> 
> Thanks a lot for the report!
> 
> I believe this is not a problem in practice, since there is an existing
> check for this in bam_dmux_rx_callback() (which is the only function
> that calls bam_dmux_cmd_data()):
> 
> 	if (hdr->ch >= BAM_DMUX_NUM_CH) {
> 		dev_dbg(dmux->dev, "Unsupported channel: %u\n", hdr->ch);
> 		goto out;
> 	}
> 
> 	switch (hdr->cmd) {
> 	case BAM_DMUX_CMD_DATA:
> 		bam_dmux_cmd_data(skb_dma);
> 		break;
> 
> Is that something Smatch should be able to detect?
> 

Ah, you are right.  Thanks.

The problem is that skb->data is a buffer of u8 data.  Smatch does cross
function analysis, but it treats a buffer like that as opaque data.

Btw, I see that this code is actually from five years ago so I don't know
why it's showing up as a warning now.  :/  Sorry about that.

regards,
dan carpenter