[bug report] staging: add bcm2708 vchiq driver
Dan Carpenter
dan.carpenter at oracle.com
Tue Nov 15 05:15:52 PST 2016
Hello popcornmix,
The patch 71bad7f08641: "staging: add bcm2708 vchiq driver" from Jul
2, 2013, leads to the following static checker warning:
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c:1597 dump_phys_mem()
error: using offset into zero size array 'pages[]'
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
1537 static void
1538 dump_phys_mem(void *virt_addr, uint32_t num_bytes)
1539 {
1540 int rc;
1541 uint8_t *end_virt_addr = virt_addr + num_bytes;
1542 int num_pages;
1543 int offset;
1544 int end_offset;
1545 int page_idx;
1546 int prev_idx;
1547 struct page *page;
1548 struct page **pages;
1549 uint8_t *kmapped_virt_ptr;
1550
1551 /* Align virtAddr and endVirtAddr to 16 byte boundaries. */
1552
1553 virt_addr = (void *)((unsigned long)virt_addr & ~0x0fuL);
1554 end_virt_addr = (void *)(((unsigned long)end_virt_addr + 15uL) &
1555 ~0x0fuL);
1556
1557 offset = (int)(long)virt_addr & (PAGE_SIZE - 1);
1558 end_offset = (int)(long)end_virt_addr & (PAGE_SIZE - 1);
1559
1560 num_pages = (offset + num_bytes + PAGE_SIZE - 1) / PAGE_SIZE;
1561
1562 pages = kmalloc(sizeof(struct page *) * num_pages, GFP_KERNEL);
The problem that the static checker is complaining about is that
num_pages * sizeof(void *) can overflow to zero leading to an Oops
later.
But really shouldn't we just get rid of this whole function? Why are
we dumping memory?? I understand that the RPI doesn't have an MMU so we
perhaps don't care too much about security but still...
1563 if (pages == NULL) {
1564 vchiq_log_error(vchiq_arm_log_level,
1565 "Unable to allocation memory for %d pages\n",
1566 num_pages);
1567 return;
1568 }
1569
regards,
dan carpenter
More information about the linux-rpi-kernel
mailing list