[char-misc:char-misc-linus 12/23] drivers/gpib/common/gpib_os.c:1318 close_dev_ioctl() warn: possible spectre second half. 'desc'

public inbox for oe-kbuild@lists.linux.dev
 help / color / mirror / Atom feed

From: kernel test robot <lkp@intel.com>
To: oe-kbuild@lists.linux.dev
Cc: lkp@intel.com, Dan Carpenter <error27@gmail.com>
Subject: [char-misc:char-misc-linus 12/23] drivers/gpib/common/gpib_os.c:1318 close_dev_ioctl() warn: possible spectre second half.  'desc'
Date: Tue, 07 Apr 2026 11:48:54 +0800	[thread overview]
Message-ID: <202604031743.Pk6AgFj7-lkp@intel.com> (raw)

BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
TO: Adam Crosser <adam.crosser@praetorian.com>
CC: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>
CC: Dave Penkler <dpenkler@gmail.com>

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git char-misc-linus
head:   d78ceee1e6205ffcd84ff581ccb40a008d39136f
commit: d1857f8296dceb75d00ab857fc3c61bc00c7f5c6 [12/23] gpib: fix use-after-free in IO ioctl handlers
:::::: branch date: 19 hours ago
:::::: commit date: 21 hours ago
config: microblaze-randconfig-r073-20260403 (https://download.01.org/0day-ci/archive/20260403/202604031743.Pk6AgFj7-lkp@intel.com/config)
compiler: microblaze-linux-gcc (GCC) 11.5.0
smatch: v0.5.0-9004-gb810ac53

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202604031743.Pk6AgFj7-lkp@intel.com/

New smatch warnings:
drivers/gpib/common/gpib_os.c:1318 close_dev_ioctl() warn: possible spectre second half.  'desc'

Old smatch warnings:
drivers/gpib/common/gpib_os.c:1317 close_dev_ioctl() warn: potential spectre issue 'file_priv->descriptors' [r] (local cap)

vim +/desc +1318 drivers/gpib/common/gpib_os.c

9dde4559e93955 drivers/staging/gpib/common/gpib_os.c Dave Penkler  2024-09-18  1299  
840459da1574db drivers/staging/gpib/common/gpib_os.c Michael Rubin 2025-03-19  1300  static int close_dev_ioctl(struct file *filep, struct gpib_board *board, unsigned long arg)
9dde4559e93955 drivers/staging/gpib/common/gpib_os.c Dave Penkler  2024-09-18  1301  {
2e9a95ddffc60c drivers/staging/gpib/common/gpib_os.c Michael Rubin 2025-04-09  1302  	struct gpib_close_dev_ioctl cmd;
c93577b9d4533a drivers/staging/gpib/common/gpib_os.c Michael Rubin 2025-04-08  1303  	struct gpib_file_private *file_priv = filep->private_data;
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1304  	struct gpib_descriptor *desc;
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1305  	unsigned int pad;
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1306  	int sad;
9dde4559e93955 drivers/staging/gpib/common/gpib_os.c Dave Penkler  2024-09-18  1307  	int retval;
9dde4559e93955 drivers/staging/gpib/common/gpib_os.c Dave Penkler  2024-09-18  1308  
8e7ff4e7a2358f drivers/staging/gpib/common/gpib_os.c Dave Penkler  2025-01-14  1309  	retval = copy_from_user(&cmd, (void __user *)arg, sizeof(cmd));
9dde4559e93955 drivers/staging/gpib/common/gpib_os.c Dave Penkler  2024-09-18  1310  	if (retval)
9dde4559e93955 drivers/staging/gpib/common/gpib_os.c Dave Penkler  2024-09-18  1311  		return -EFAULT;
9dde4559e93955 drivers/staging/gpib/common/gpib_os.c Dave Penkler  2024-09-18  1312  
9dde4559e93955 drivers/staging/gpib/common/gpib_os.c Dave Penkler  2024-09-18  1313  	if (cmd.handle >= GPIB_MAX_NUM_DESCRIPTORS)
9dde4559e93955 drivers/staging/gpib/common/gpib_os.c Dave Penkler  2024-09-18  1314  		return -EINVAL;
9dde4559e93955 drivers/staging/gpib/common/gpib_os.c Dave Penkler  2024-09-18  1315  
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1316  	mutex_lock(&file_priv->descriptors_mutex);
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1317  	desc = file_priv->descriptors[cmd.handle];
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17 @1318  	if (!desc) {
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1319  		mutex_unlock(&file_priv->descriptors_mutex);
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1320  		return -EINVAL;
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1321  	}
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1322  	if (atomic_read(&desc->descriptor_busy)) {
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1323  		mutex_unlock(&file_priv->descriptors_mutex);
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1324  		return -EBUSY;
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1325  	}
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1326  	/* Remove from table while holding lock to prevent new IO from starting */
9dde4559e93955 drivers/staging/gpib/common/gpib_os.c Dave Penkler  2024-09-18  1327  	file_priv->descriptors[cmd.handle] = NULL;
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1328  	pad = desc->pad;
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1329  	sad = desc->sad;
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1330  	mutex_unlock(&file_priv->descriptors_mutex);
9dde4559e93955 drivers/staging/gpib/common/gpib_os.c Dave Penkler  2024-09-18  1331  
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1332  	retval = decrement_open_device_count(board, &board->device_list, pad, sad);
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1333  
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1334  	kfree(desc);
d1857f8296dceb drivers/gpib/common/gpib_os.c         Adam Crosser  2026-03-17  1335  	return retval;
9dde4559e93955 drivers/staging/gpib/common/gpib_os.c Dave Penkler  2024-09-18  1336  }
9dde4559e93955 drivers/staging/gpib/common/gpib_os.c Dave Penkler  2024-09-18  1337  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

                 reply	other threads:[~2026-04-07  3:49 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202604031743.Pk6AgFj7-lkp@intel.com \
    --to=lkp@intel.com \
    --cc=error27@gmail.com \
    --cc=oe-kbuild@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox