Hello Barak Witkowski, The patch a334872224a6: "bnx2x: add afex support" from Apr 23, 2012, leads to the following static checker warning: drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c:5913 bnx2x_func_send_afex_update() error: memset() 'rdata' too small (8 vs 24) drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c 5903 static inline int bnx2x_func_send_afex_update(struct bnx2x *bp, 5904 struct bnx2x_func_state_params *params) 5905 { 5906 struct bnx2x_func_sp_obj *o = params->f_obj; 5907 struct function_update_data *rdata = (void *)o->afex_rdata; 5908 dma_addr_t data_mapping = o->afex_rdata_mapping; 5909 struct bnx2x_func_afex_update_params *afex_update_params = 5910 ¶ms->params.afex_update; 5911 5912 memset(rdata, 0, sizeof(*rdata)); ->afex_rdata is a void pointer but actually it always points to a struct afex_vif_list_ramrod_data. You can verify this by looking at bnx2x__init_func_obj() and following the code through the call to bnx2x_init_func_obj(). The bnx2x_func_sp_obj struct is 24 bytes and afex_vif_list_ramrod_data is 8 bytes so the static checker (pending changes to Smatch) seems correct that we are corrupting memory here. I don't know what the fix is. 5913 5914 /* Fill the ramrod data with provided parameters */ 5915 rdata->vif_id_change_flg = 1; 5916 rdata->vif_id = cpu_to_le16(afex_update_params->vif_id); 5917 rdata->afex_default_vlan_change_flg = 1; 5918 rdata->afex_default_vlan = 5919 cpu_to_le16(afex_update_params->afex_default_vlan); regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html