We will fix it. Thank you! Kaike > -----Original Message----- > From: linux-rdma-owner@xxxxxxxxxxxxxxx [mailto:linux-rdma- > owner@xxxxxxxxxxxxxxx] On Behalf Of Dan Carpenter > Sent: Thursday, May 30, 2019 5:10 AM > To: mitko.haralanov@xxxxxxxxx > Cc: linux-rdma@xxxxxxxxxxxxxxx > Subject: [bug report] IB/hfi1: Rework fault injection machinery > > Hello Mitko Haralanov, > > The patch a74d5307caba: "IB/hfi1: Rework fault injection machinery" > from May 2, 2018, leads to the following static checker warning: > > drivers/infiniband/hw/hfi1/fault.c:183 fault_opcodes_write() > error: passing untrusted data 'i' to 'clear_bit()' > > drivers/infiniband/hw/hfi1/fault.c > 144 if (copy_from_user(data, buf, copy)) > 145 return -EFAULT; > 146 > 147 ret = debugfs_file_get(file->f_path.dentry); > 148 if (unlikely(ret)) > 149 return ret; > 150 ptr = data; > 151 token = ptr; > 152 for (ptr = data; *ptr; ptr = end + 1, token = ptr) { > 153 char *dash; > 154 unsigned long range_start, range_end, i; > 155 bool remove = false; > 156 > 157 end = strchr(ptr, ','); > 158 if (end) > 159 *end = '\0'; > 160 if (token[0] == '-') { > 161 remove = true; > 162 token++; > 163 } > 164 dash = strchr(token, '-'); > 165 if (dash) > 166 *dash = '\0'; > 167 if (kstrtoul(token, 0, &range_start)) > ^^^^^^^^^^^^ Smatch marks this as untrusted > > 168 break; > 169 if (dash) { > 170 token = dash + 1; > 171 if (kstrtoul(token, 0, &range_end)) > ^^^^^^^^^^ and this also > > 172 break; > 173 } else { > 174 range_end = range_start; > 175 } > 176 if (range_start == range_end && range_start == -1UL) { > 177 bitmap_zero(fault->opcodes, sizeof(fault->opcodes) * > 178 BITS_PER_BYTE); > 179 break; > 180 } > 181 for (i = range_start; i <= range_end; i++) { > 182 if (remove) > 183 clear_bit(i, fault->opcodes); > ^ > 184 else > 185 set_bit(i, fault->opcodes); > ^ > > Smatch complains that "i" can be beyond the end of bitmap. > > 186 } > 187 if (!end) > 188 break; > > regards, > dan carpenter
