On Sat, Jan 04, 2014 at 05:28:35AM +0800, kbuild test robot wrote: > tree: git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-next > head: bd6383c81d5f33e01688a87c50a8d3a878aa43d5 > commit: 362eb02603be7bb835c47f2cf585954a5080449d [50/92] USB: pl2303: add error handling to vendor read and write functions > > New smatch warnings: > drivers/usb/serial/pl2303.c:149 pl2303_vendor_read() error: doing dma on the stack (buf) > > Old smatch warnings: > drivers/usb/serial/pl2303.c:673 pl2303_ioctl() warn: check that 'ser' doesn't leak information (struct has a hole after 'iomem_reg_shift') > > vim +149 drivers/usb/serial/pl2303.c > > 8bf769eb Johan Hovold 2012-10-15 133 }; > 8bf769eb Johan Hovold 2012-10-15 134 > ^1da177e Linus Torvalds 2005-04-16 135 struct pl2303_private { > ^1da177e Linus Torvalds 2005-04-16 136 spinlock_t lock; > ^1da177e Linus Torvalds 2005-04-16 137 u8 line_control; > ^1da177e Linus Torvalds 2005-04-16 138 u8 line_status; > 623c8263 Johan Hovold 2013-12-29 139 > 623c8263 Johan Hovold 2013-12-29 140 u8 line_settings[7]; > ^1da177e Linus Torvalds 2005-04-16 141 }; > ^1da177e Linus Torvalds 2005-04-16 142 > 362eb026 Johan Hovold 2013-12-29 143 static int pl2303_vendor_read(struct usb_serial *serial, u16 value, > 362eb026 Johan Hovold 2013-12-29 144 unsigned char buf[1]) This is a false positive. A pointer passed as an array is still just a pointer (and in this case the buffer it points to is not on the stack). Looks like smatch needs to be updated. Thanks, Johan > eb44da0b Sarah Sharp 2007-12-14 145 { > 362eb026 Johan Hovold 2013-12-29 146 struct device *dev = &serial->interface->dev; > ccfe8188 Johan Hovold 2013-12-29 147 int res; > ccfe8188 Johan Hovold 2013-12-29 148 > ccfe8188 Johan Hovold 2013-12-29 @149 res = usb_control_msg(serial->dev, usb_rcvctrlpipe(serial->dev, 0), > eb44da0b Sarah Sharp 2007-12-14 150 VENDOR_READ_REQUEST, VENDOR_READ_REQUEST_TYPE, > 362eb026 Johan Hovold 2013-12-29 151 value, 0, buf, 1, 100); > 362eb026 Johan Hovold 2013-12-29 152 if (res != 1) { > 362eb026 Johan Hovold 2013-12-29 153 dev_err(dev, "%s - failed to read [%04x]: %d\n", __func__, > 362eb026 Johan Hovold 2013-12-29 154 value, res); > 362eb026 Johan Hovold 2013-12-29 155 if (res >= 0) > 362eb026 Johan Hovold 2013-12-29 156 res = -EIO; > 362eb026 Johan Hovold 2013-12-29 157 > > :::::: The code at line 149 was first introduced by commit > :::::: ccfe8188a321f4039a7e52c8336bb4ff3ca35139 USB: pl2303: clean up driver somewhat > > :::::: TO: Johan Hovold <jhovold@xxxxxxxxx> > :::::: CC: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > > --- > 0-DAY kernel build testing backend Open Source Technology Center > http://lists.01.org/mailman/listinfo/kbuild Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html