[bug report] staging: add bcm2708 vchiq driver

Michael Zoran mzoran at crowfest.net
Tue Nov 15 10:54:53 PST 2016 

On Tue, 2016-11-15 at 16:15 +0300, Dan Carpenter wrote:
> Hello popcornmix,
> 
> The patch 71bad7f08641: "staging: add bcm2708 vchiq driver" from Jul
> 2, 2013, leads to the following static checker warning:
> 
> 	drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c:1
> 597 dump_phys_mem()
> 	error: using offset into zero size array 'pages[]'
> 
> drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
>   1537  static void
>   1538  dump_phys_mem(void *virt_addr, uint32_t num_bytes)
>   1539  {
>   1540          int            rc;
>   1541          uint8_t       *end_virt_addr = virt_addr + num_bytes;
>   1542          int            num_pages;
>   1543          int            offset;
>   1544          int            end_offset;
>   1545          int            page_idx;
>   1546          int            prev_idx;
>   1547          struct page   *page;
>   1548          struct page  **pages;
>   1549          uint8_t       *kmapped_virt_ptr;
>   1550  
>   1551          /* Align virtAddr and endVirtAddr to 16 byte
> boundaries. */
>   1552  
>   1553          virt_addr = (void *)((unsigned long)virt_addr &
> ~0x0fuL);
>   1554          end_virt_addr = (void *)(((unsigned
> long)end_virt_addr + 15uL) &
>   1555                  ~0x0fuL);
>   1556  
>   1557          offset = (int)(long)virt_addr & (PAGE_SIZE - 1);
>   1558          end_offset = (int)(long)end_virt_addr & (PAGE_SIZE -
> 1);
>   1559  
>   1560          num_pages = (offset + num_bytes + PAGE_SIZE - 1) /
> PAGE_SIZE;
>   1561  
>   1562          pages = kmalloc(sizeof(struct page *) * num_pages,
> GFP_KERNEL);
> 
> The problem that the static checker is complaining about is that
> num_pages * sizeof(void *) can overflow to zero leading to an Oops
> later.
> 
> But really shouldn't we just get rid of this whole function?  Why are
> we dumping memory??  I understand that the RPI doesn't have an MMU so
> we
> perhaps don't care too much about security but still...
> 
> 

Hi Dan,

That's interesting about the MMU.  How are swap files implemented on
the RPI?

I took a random RPI off my shelf(I have a few different models) and by
opening a large number of applications at once and watching top I was
able to see what appeared to be swaping?

More information about the linux-rpi-kernel mailing list