* drivers/block/ataflop.c:745 do_format() error: testing array offset 'type' after use.
@ 2021-04-18 1:05 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2021-04-18 1:05 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 7381 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Christoph Hellwig <hch@lst.de>
CC: Jens Axboe <axboe@kernel.dk>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 194cf4825638256e9afe1d360831aa5379b3517a
commit: bf9c0538e485b591a2ee02d9adb8a99db4be5a2a ataflop: use a separate gendisk for each media format
date: 5 months ago
:::::: branch date: 6 hours ago
:::::: commit date: 5 months ago
config: m68k-randconfig-m031-20210418 (attached as .config)
compiler: m68k-linux-gcc (GCC) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
drivers/block/ataflop.c:745 do_format() error: testing array offset 'type' after use.
drivers/block/ataflop.c:2008 ataflop_probe() error: buffer overflow 'unit[drive]->disk' 31 <= 31
Old smatch warnings:
drivers/block/ataflop.c:2010 ataflop_probe() error: buffer overflow 'unit[drive]->disk' 31 <= 31
vim +/type +745 drivers/block/ataflop.c
^1da177e4c3f41 Linus Torvalds 2005-04-16 717
^1da177e4c3f41 Linus Torvalds 2005-04-16 718 #define FILL(n,val) \
^1da177e4c3f41 Linus Torvalds 2005-04-16 719 do { \
^1da177e4c3f41 Linus Torvalds 2005-04-16 720 memset( p, val, n ); \
^1da177e4c3f41 Linus Torvalds 2005-04-16 721 p += n; \
^1da177e4c3f41 Linus Torvalds 2005-04-16 722 } while(0)
^1da177e4c3f41 Linus Torvalds 2005-04-16 723
^1da177e4c3f41 Linus Torvalds 2005-04-16 724 static int do_format(int drive, int type, struct atari_format_descr *desc)
^1da177e4c3f41 Linus Torvalds 2005-04-16 725 {
bf9c0538e485b5 Christoph Hellwig 2020-10-29 726 struct request_queue *q;
^1da177e4c3f41 Linus Torvalds 2005-04-16 727 unsigned char *p;
^1da177e4c3f41 Linus Torvalds 2005-04-16 728 int sect, nsect;
^1da177e4c3f41 Linus Torvalds 2005-04-16 729 unsigned long flags;
6ec3938cff95fe Omar Sandoval 2018-10-15 730 int ret;
^1da177e4c3f41 Linus Torvalds 2005-04-16 731
bf9c0538e485b5 Christoph Hellwig 2020-10-29 732 if (type)
bf9c0538e485b5 Christoph Hellwig 2020-10-29 733 type--;
bf9c0538e485b5 Christoph Hellwig 2020-10-29 734
bf9c0538e485b5 Christoph Hellwig 2020-10-29 735 q = unit[drive].disk[type]->queue;
6ec3938cff95fe Omar Sandoval 2018-10-15 736 blk_mq_freeze_queue(q);
6ec3938cff95fe Omar Sandoval 2018-10-15 737 blk_mq_quiesce_queue(q);
^1da177e4c3f41 Linus Torvalds 2005-04-16 738
^1da177e4c3f41 Linus Torvalds 2005-04-16 739 local_irq_save(flags);
^1da177e4c3f41 Linus Torvalds 2005-04-16 740 stdma_lock(floppy_irq, NULL);
^1da177e4c3f41 Linus Torvalds 2005-04-16 741 atari_turnon_irq( IRQ_MFP_FDC ); /* should be already, just to be sure */
^1da177e4c3f41 Linus Torvalds 2005-04-16 742 local_irq_restore(flags);
^1da177e4c3f41 Linus Torvalds 2005-04-16 743
^1da177e4c3f41 Linus Torvalds 2005-04-16 744 if (type) {
bf9c0538e485b5 Christoph Hellwig 2020-10-29 @745 if (type >= NUM_DISK_MINORS ||
^1da177e4c3f41 Linus Torvalds 2005-04-16 746 minor2disktype[type].drive_types > DriveType) {
6ec3938cff95fe Omar Sandoval 2018-10-15 747 ret = -EINVAL;
6ec3938cff95fe Omar Sandoval 2018-10-15 748 goto out;
^1da177e4c3f41 Linus Torvalds 2005-04-16 749 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 750 type = minor2disktype[type].index;
5ceadd2a2a9cf2 Geert Uytterhoeven 2008-02-06 751 UDT = &atari_disk_type[type];
^1da177e4c3f41 Linus Torvalds 2005-04-16 752 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 753
^1da177e4c3f41 Linus Torvalds 2005-04-16 754 if (!UDT || desc->track >= UDT->blocks/UDT->spt/2 || desc->head >= 2) {
6ec3938cff95fe Omar Sandoval 2018-10-15 755 ret = -EINVAL;
6ec3938cff95fe Omar Sandoval 2018-10-15 756 goto out;
^1da177e4c3f41 Linus Torvalds 2005-04-16 757 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 758
^1da177e4c3f41 Linus Torvalds 2005-04-16 759 nsect = UDT->spt;
^1da177e4c3f41 Linus Torvalds 2005-04-16 760 p = TrackBuffer;
^1da177e4c3f41 Linus Torvalds 2005-04-16 761 /* The track buffer is used for the raw track data, so its
^1da177e4c3f41 Linus Torvalds 2005-04-16 762 contents become invalid! */
^1da177e4c3f41 Linus Torvalds 2005-04-16 763 BufferDrive = -1;
^1da177e4c3f41 Linus Torvalds 2005-04-16 764 /* stop deselect timer */
^1da177e4c3f41 Linus Torvalds 2005-04-16 765 del_timer( &motor_off_timer );
^1da177e4c3f41 Linus Torvalds 2005-04-16 766
^1da177e4c3f41 Linus Torvalds 2005-04-16 767 FILL( 60 * (nsect / 9), 0x4e );
^1da177e4c3f41 Linus Torvalds 2005-04-16 768 for( sect = 0; sect < nsect; ++sect ) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 769 FILL( 12, 0 );
^1da177e4c3f41 Linus Torvalds 2005-04-16 770 FILL( 3, 0xf5 );
^1da177e4c3f41 Linus Torvalds 2005-04-16 771 *p++ = 0xfe;
^1da177e4c3f41 Linus Torvalds 2005-04-16 772 *p++ = desc->track;
^1da177e4c3f41 Linus Torvalds 2005-04-16 773 *p++ = desc->head;
^1da177e4c3f41 Linus Torvalds 2005-04-16 774 *p++ = (nsect + sect - desc->sect_offset) % nsect + 1;
^1da177e4c3f41 Linus Torvalds 2005-04-16 775 *p++ = 2;
^1da177e4c3f41 Linus Torvalds 2005-04-16 776 *p++ = 0xf7;
^1da177e4c3f41 Linus Torvalds 2005-04-16 777 FILL( 22, 0x4e );
^1da177e4c3f41 Linus Torvalds 2005-04-16 778 FILL( 12, 0 );
^1da177e4c3f41 Linus Torvalds 2005-04-16 779 FILL( 3, 0xf5 );
^1da177e4c3f41 Linus Torvalds 2005-04-16 780 *p++ = 0xfb;
^1da177e4c3f41 Linus Torvalds 2005-04-16 781 FILL( 512, 0xe5 );
^1da177e4c3f41 Linus Torvalds 2005-04-16 782 *p++ = 0xf7;
^1da177e4c3f41 Linus Torvalds 2005-04-16 783 FILL( 40, 0x4e );
^1da177e4c3f41 Linus Torvalds 2005-04-16 784 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 785 FILL( TrackBuffer+BUFFER_SIZE-p, 0x4e );
^1da177e4c3f41 Linus Torvalds 2005-04-16 786
^1da177e4c3f41 Linus Torvalds 2005-04-16 787 IsFormatting = 1;
^1da177e4c3f41 Linus Torvalds 2005-04-16 788 FormatError = 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 789 ReqTrack = desc->track;
^1da177e4c3f41 Linus Torvalds 2005-04-16 790 ReqSide = desc->head;
^1da177e4c3f41 Linus Torvalds 2005-04-16 791 do_fd_action( drive );
^1da177e4c3f41 Linus Torvalds 2005-04-16 792
7b8a3d22ba9368 Arnd Bergmann 2014-02-26 793 wait_for_completion(&format_wait);
^1da177e4c3f41 Linus Torvalds 2005-04-16 794
6ec3938cff95fe Omar Sandoval 2018-10-15 795 ret = FormatError ? -EIO : 0;
6ec3938cff95fe Omar Sandoval 2018-10-15 796 out:
6ec3938cff95fe Omar Sandoval 2018-10-15 797 blk_mq_unquiesce_queue(q);
6ec3938cff95fe Omar Sandoval 2018-10-15 798 blk_mq_unfreeze_queue(q);
6ec3938cff95fe Omar Sandoval 2018-10-15 799 return ret;
^1da177e4c3f41 Linus Torvalds 2005-04-16 800 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 801
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 27702 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-04-18 1:05 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-18 1:05 drivers/block/ataflop.c:745 do_format() error: testing array offset 'type' after use kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.