Re: [bug report] mfd: tps6594: Add driver for TI TPS6594 PMIC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> > Smatch finds this code hard to parse.  It says that "count" is a user
> > controlled number between 0-u64max which has an upperbound (but the
> > upper bound is variable instead of a constant).
> > 
> > Can count actually be zero?  Smatch is normally good at tracking that...
> 
> 'count' is the total number of bytes in i2c frame: it takes into account
> the number of bytes for address ('reg_bits / 8') + the number of bytes
> for data (which is at least 'val_bits / 8')
> So, with 'reg_bits = 16' and 'val_bits = 8' in 'tps6594_i2c_regmap_config'
> struct, 'count' should be at least 3. It cannot be zero.

Gar...  You're right.  I see that now in _regmap_raw_write_impl().

drivers/base/regmap/regmap.c
  1846          /* If we're doing a single register write we can probably just
  1847           * send the work_buf directly, otherwise try to do a gather
  1848           * write.
  1849           */
  1850          if (val == work_val)
  1851                  ret = map->write(map->bus_context, map->work_buf,
  1852                                   map->format.reg_bytes +
  1853                                   map->format.pad_bytes +
  1854                                   val_len);
  1855          else if (map->bus && map->bus->gather_write)
  1856                  ret = map->bus->gather_write(map->bus_context, map->work_buf,
  1857                                               map->format.reg_bytes +
  1858                                               map->format.pad_bytes,
  1859                                               val, val_len);
  1860          else
  1861                  ret = -ENOTSUPP;
  1862  

My mind only saw "val_len is the last parameter" and I missed the
"map->format.reg_bytes + map->format.pad_bytes + " on the lines before.

> Special handling for 'count == 1' (or 'count < 2') makes sense indeed.
> 
> I'm not sure that I fully understand, though. Will Smatch stop complaining
> for both things that you mentioned above with a patch for handling 'count < 2' ?
> Or will we consider either that warnings are handled, even if they are still there.

No, don't do anything to silence the warning.  Always fix the checker
instead of working around it.

Handling the "map->format.reg_bytes + map->format.pad_bytes + val_len"
is kind of complicated but still easier than handling the:

	if (val_len % map->format.val_bytes)

condition in regmap_raw_write() just because it's closer together.  It's
quite a bit of code to write to silence this false positive but it's
something which could be done.

regards,
dan carpenter
[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux