On Wed, Oct 16, 2024 at 06:54:00AM -0600, Everest K.C. wrote: > > > diff --git a/drivers/staging/gpib/eastwood/fluke_gpib.c b/drivers/staging/gpib/eastwood/fluke_gpib.c > > > index f9f149db222d..51b4f9891a34 100644 > > > --- a/drivers/staging/gpib/eastwood/fluke_gpib.c > > > +++ b/drivers/staging/gpib/eastwood/fluke_gpib.c > > > @@ -644,7 +644,7 @@ static int fluke_dma_read(gpib_board_t *board, uint8_t *buffer, > > > */ > > > usleep_range(10, 15); > > > residue = fluke_get_dma_residue(e_priv->dma_channel, dma_cookie); > > > - if (WARN_ON_ONCE(residue > length || residue < 0)) > > > + if (WARN_ON_ONCE(residue > length)) > > > > No, this is incorrect, now we never notice is the call to > > fluke_get_dma_residue() has failed. Please fix that bug instead (hint, > > Covertity is giving you a pointer to where something might be wrong, but > > this change is NOT how to fix it.) > I need a little guidance here. > My best guess to fix the bug would be to make fluke_get_dma_residue() > return an int instead of unsigned int or size_t. But theoretically the > maximum value of residue can be UINT_MAX, and casting it to int will > result in a negative number, which in turn will cause the error check > condition to evaluate to true. > The best solution I see would be to make fluke_get_dma_residue() return > an int (-1 for error and 0 for success). Then pass the address of residue > reference to fluke_get_dma_residue() to be updated. > Am I on the right track ? Functions shouldn't return -1 on error, they should return proper error codes. > > Also,I searched for the functions with names that match get_dma_residue > in the kernel source code and found that they return unsigned int. I also > noticed that no error checks have been made to check if get_dma_residue > was successful. $ git grep get_dma_residue | grep static | grep -v gpib arch/alpha/include/asm/dma.h:static __inline__ int get_dma_residue(unsigned int dmanr) arch/arm/mach-footbridge/dma-isa.c:static int isa_get_dma_residue(unsigned int chan, dma_t *dma) arch/m68k/include/asm/floppy.h:static int vdma_get_dma_residue(unsigned int dummy) arch/mips/include/asm/dma.h:static __inline__ int get_dma_residue(unsigned int dmanr) arch/mips/include/asm/mach-au1x00/au1000_dma.h:static inline int get_dma_residue(unsigned int dmanr) arch/mips/include/asm/mach-generic/floppy.h:static inline int fd_get_dma_residue(void) arch/mips/include/asm/mach-jazz/floppy.h:static inline int fd_get_dma_residue(void) arch/parisc/include/asm/dma.h:static __inline__ int get_dma_residue(unsigned int dmanr) arch/parisc/include/asm/floppy.h:static int vdma_get_dma_residue(unsigned int dummy) arch/powerpc/include/asm/dma.h:static __inline__ int get_dma_residue(unsigned int dmanr) arch/powerpc/include/asm/floppy.h:static int vdma_get_dma_residue(unsigned int dummy) arch/sh/drivers/dma/dma-pvr2.c:static int pvr2_get_dma_residue(struct dma_channel *chan) arch/sh/drivers/dma/dma-sh.c:static int sh_dmac_get_dma_residue(struct dma_channel *chan) arch/sparc/include/asm/floppy_64.h:static unsigned int sun_get_dma_residue(void) arch/sparc/include/asm/floppy_64.h:static unsigned int sun_pci_get_dma_residue(void) arch/sparc/include/asm/parport_64.h:static inline unsigned int get_dma_residue(unsigned int dmanr) arch/x86/include/asm/dma.h:static inline int get_dma_residue(unsigned int dmanr) arch/x86/include/asm/floppy.h:static int vdma_get_dma_residue(unsigned int dummy) Only the Sparc functions return unsigned int. The rest return int. The return value is going to be between 0 and priv->dma_buffer_size (0x7ff). It's set in fluke_allocate_private(). Just make the return value an int. regards, dan carpenter
