[OPERA] Potential bugs detected by static analysis tool in 2.6.4

From: Zhenmin Li
Date: Wed May 05 2004 - 22:45:21 EST

Next message: Alec H. Peterson: "pci_request_regions() failure"
Previous message: Benjamin Herrenschmidt: "[PATCH] FIx race on tty close"
Next in thread: Geert Uytterhoeven: "Re: [OPERA] Potential bugs detected by static analysis tool in 2.6.4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We ran our static analysis tool upon Linux 2.6.4 source files, and found
some potential errors. Since all of them are detected by the tool, we need
more effort to inspect. We would appreciate your help if anyone can verify
whether they are bugs or not.

Thanks a lot,

OPERA Research Group
University of Illinois at Urbana-Champaign

Version: 2.6.4
Files:
/arch/sparc/prom/memory.c
/arch/sparc64/prom/memory.c
/arch/sparc/kernel/sun4m_smp.c
/arch/sparc64/kernel/sunos_ioctl32.c
/arch/x86_64/kernel/mpparse.c
/arch/mips/kernel/sysirix.c
/arch/ppc/platforms/pmac_feature.c
/arch/m68k/mac/iop.c
/drivers/pci/hotplug/shpchp_ctrl.c
/sound/oss/swarm_cs4297a.c

1. /arch/sparc/prom/memory.c, Line 158-159:
prom_prom_taken[iter].theres_more = &prom_phys_total[iter+1];

Maybe change to:
prom_prom_taken[iter].theres_more = &prom_prom_taken[iter+1];

2. /arch/sparc64/prom/memory.c, Line 116-117:
prom_prom_taken[iter].theres_more = &prom_phys_total[iter+1];

Maybe change to:
prom_prom_taken[iter].theres_more = &prom_prom_taken[iter+1];

3. /arch/sparc/kernel/sun4m_smp.c, Line 227-228:
__cpu_number_map[i] = i;
__cpu_logical_map[i] = i;

Maybe change to:
__cpu_number_map[i] = cpucount;
__cpu_logical_map[cpucount] = i;

4. /arch/sparc64/kernel/sunos_ioctl32.c, Line 163-168:
case _IOW('i', 21, struct ifreq): /* SIOCSIFMTU */
ret = sys_ioctl(fd, SIOCSIFMTU, arg);
goto out;
case _IOWR('i', 22, struct ifreq): /* SIOCGIFMTU */
ret = sys_ioctl(fd, SIOCGIFMTU, arg);
goto out;

Maybe change to:
case _IOW('i', 21, struct ifreq32): /* SIOCSIFMTU */
ret = compat_sys_ioctl(fd, SIOCSIFMTU, arg);
goto out;
case _IOWR('i', 22, struct ifreq32): /* SIOCGIFMTU */
ret = compat_sys_ioctl(fd, SIOCGIFMTU, arg);
goto out;

5. /arch/x86_64/kernel/mpparse.c, Line 652:
Dprintk("Boot CPU = %d\n", boot_cpu_physical_apicid);

Maybe change to:
Dprintk("Boot CPU = %d\n", boot_cpu_id);

6. /arch/mips/kernel/sysirix.c, Line 1643:
error = verify_area(VERIFY_WRITE, buf, sizeof(struct irix_statvfs));

Maybe change to:
error = verify_area(VERIFY_WRITE, buf, sizeof(struct irix_statvfs64));

7. /arch/ppc/platforms/pmac_feature.c, Line 1160:
MACIO_BIS(KEYLARGO_FCR0, KL1_USB2_CELL_ENABLE);

Maybe change to:
MACIO_BIS(KEYLARGO_FCR1, KL1_USB2_CELL_ENABLE);

8. /arch/m68k/mac/iop.c, Line 164:
iop_base[IOP_NUM_SCC]->status_ctrl = 0;

Maybe change to:
iop_base[IOP_NUM_ISM]->status_ctrl = 0;

9. /drivers/pci/hotplug/shpchp_ctrl.c, Line 1575:
err("%s: Failed to disable slot, error code(%d)\n", __FUNCTION__, rc);

Maybe change to:
err("%s: Failed to disable slot, error code(%d)\n", __FUNCTION__, retval);

10. /sound/oss/swarm_cs4297a.c, Line 2019:
s->dma_adc.blocks = s->dma_dac.wakeup = 0;

Maybe change to:
s->dma_adc.blocks = s->dma_adc.wakeup = 0;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alec H. Peterson: "pci_request_regions() failure"
Previous message: Benjamin Herrenschmidt: "[PATCH] FIx race on tty close"
Next in thread: Geert Uytterhoeven: "Re: [OPERA] Potential bugs detected by static analysis tool in 2.6.4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]