Hello Ken Cox,
The patch dc95086172db: "staging: virthba driver to access shared
SCSI hba" from Mar 4, 2014, leads to the following Sparse warning:
drivers/staging/unisys/virthba/virthba.c:1442:24: warning:
Variable length array is used.
drivers/staging/unisys/virthba/virthba.c
1438 static ssize_t
1439 enable_ints_write(struct file *file, const char __user *buffer,
1440 size_t count, loff_t *ppos)
1441 {
1442 char buf[count + 1];
^^^^^^^^^
The kernel has an 8k stack for the whole call tree starting from the
syscall. Bugs like this could have pretty serious security
implications. There are a lot of Sparse bugs in the unisys code.
You will probably get some emails from zero day build bot as well.
https://lwn.net/Articles/205624/
1443 int i, new_value;
1444 struct virthba_info *virthbainfo;
1445 U64 *Features_addr;
1446 U64 mask;
1447
1448 buf[count] = '\0';
1449 if (copy_from_user(buf, buffer, count)) {
1450 LOGERR("copy_from_user failed. buf<<%.*s>> count<<%lu>>\n",
1451 (int) count, buf, count);
1452 return -EFAULT;
1453 }
regards,
dan carpenter
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
