sparse was warning about incorrect type of argument:

drivers/staging/i4l/icn/icn.c:1048:49:
warning: incorrect type in argument 2 (different address spaces)
drivers/staging/i4l/icn/icn.c:1048:49:
expected void const [noderef] <asn:1>*from
drivers/staging/i4l/icn/icn.c:1048:49:
got unsigned char const [usertype] *buf
drivers/staging/i4l/icn/icn.c:1476:38:
warning: incorrect type in argument 1 (different address spaces)
drivers/staging/i4l/icn/icn.c:1476:38:
expected unsigned char const [usertype] *buf
drivers/staging/i4l/icn/icn.c:1476:38:
got unsigned char const [noderef] [usertype] <asn:1>*buf

The function icn_writecmd() was used to copy from userspace and also
from the kernelspace. Add another argument to the function to have two
separate pointers, one for the userspace and one for the kernelspace.
Based on the value of user as passed from the caller we use one of
the two pointers.

Signed-off-by: Sudip Mukherjee <sudip.mukher...@codethink.co.uk>
---

Wrong Signed-off in v1.

 drivers/staging/i4l/icn/icn.c | 35 +++++++++++++++++++++--------------
 1 file changed, 21 insertions(+), 14 deletions(-)

diff --git a/drivers/staging/i4l/icn/icn.c b/drivers/staging/i4l/icn/icn.c
index 6991259..5e3821b 100644
--- a/drivers/staging/i4l/icn/icn.c
+++ b/drivers/staging/i4l/icn/icn.c
@@ -1023,7 +1023,8 @@ icn_readstatus(u_char __user *buf, int len, icn_card 
*card)
 
 /* Put command-strings into the command-queue of the Interface */
 static int
-icn_writecmd(const u_char *buf, int len, int user, icn_card *card)
+icn_writecmd(const u_char __user *ubuf, const u_char *kbuf, int len,
+            int user, icn_card *card)
 {
        int mch = card->secondhalf ? 2 : 0;
        int pp;
@@ -1046,10 +1047,10 @@ icn_writecmd(const u_char *buf, int len, int user, 
icn_card *card)
                if (count > len)
                        count = len;
                if (user) {
-                       if (copy_from_user(msg, buf, count))
+                       if (copy_from_user(msg, ubuf, count))
                                return -EFAULT;
                } else
-                       memcpy(msg, buf, count);
+                       memcpy(msg, kbuf, count);
 
                spin_lock_irqsave(&dev.devlock, flags);
                lastmap_card = dev.mcard;
@@ -1275,7 +1276,9 @@ icn_command(isdn_ctrl *c, icn_card *card)
                                        msleep_interruptible(ICN_BOOT_TIMEOUT1);
                                        sprintf(cbuf, 
"00;FV2ON\n01;EAZ%c\n02;EAZ%c\n",
                                                (a & 1) ? '1' : 'C', (a & 2) ? 
'2' : 'C');
-                                       i = icn_writecmd(cbuf, strlen(cbuf), 0, 
card);
+                                       i = icn_writecmd(NULL, cbuf,
+                                                        strlen(cbuf),
+                                                        0, card);
                                        printk(KERN_INFO
                                               "icn: (%s) Leased-line mode 
enabled\n",
                                               CID);
@@ -1288,7 +1291,9 @@ icn_command(isdn_ctrl *c, icn_card *card)
                                if (card->leased) {
                                        card->leased = 0;
                                        sprintf(cbuf, "00;FV2OFF\n");
-                                       i = icn_writecmd(cbuf, strlen(cbuf), 0, 
card);
+                                       i = icn_writecmd(NULL, cbuf,
+                                                        strlen(cbuf),
+                                                        0, card);
                                        printk(KERN_INFO
                                               "icn: (%s) Leased-line mode 
disabled\n",
                                               CID);
@@ -1325,7 +1330,7 @@ icn_command(isdn_ctrl *c, icn_card *card)
                                 "%02d;D%s_R%s,%02d,%02d,%s\n", (int)(a + 1),
                                 dcode, p, c->parm.setup.si1,
                                 c->parm.setup.si2, c->parm.setup.eazmsn);
-                       i = icn_writecmd(cbuf, strlen(cbuf), 0, card);
+                       i = icn_writecmd(NULL, cbuf, strlen(cbuf), 0, card);
                }
                break;
        case ISDN_CMD_ACCEPTD:
@@ -1342,10 +1347,12 @@ icn_command(isdn_ctrl *c, icn_card *card)
                                        sprintf(cbuf, "%02d;BTRA\n", (int)a);
                                        break;
                                }
-                               i = icn_writecmd(cbuf, strlen(cbuf), 0, card);
+                               i = icn_writecmd(NULL, cbuf,
+                                                strlen(cbuf), 0,
+                                                card);
                        }
                        sprintf(cbuf, "%02d;DCON_R\n", (int)a);
-                       i = icn_writecmd(cbuf, strlen(cbuf), 0, card);
+                       i = icn_writecmd(NULL, cbuf, strlen(cbuf), 0, card);
                }
                break;
        case ISDN_CMD_ACCEPTB:
@@ -1363,7 +1370,7 @@ icn_command(isdn_ctrl *c, icn_card *card)
                                        break;
                                } else
                                sprintf(cbuf, "%02d;BCON_R\n", (int)a);
-                       i = icn_writecmd(cbuf, strlen(cbuf), 0, card);
+                       i = icn_writecmd(NULL, cbuf, strlen(cbuf), 0, card);
                }
                break;
        case ISDN_CMD_HANGUP:
@@ -1372,7 +1379,7 @@ icn_command(isdn_ctrl *c, icn_card *card)
                if (c->arg < ICN_BCH) {
                        a = c->arg + 1;
                        sprintf(cbuf, "%02d;BDIS_R\n%02d;DDIS_R\n", (int)a, 
(int)a);
-                       i = icn_writecmd(cbuf, strlen(cbuf), 0, card);
+                       i = icn_writecmd(NULL, cbuf, strlen(cbuf), 0, card);
                }
                break;
        case ISDN_CMD_SETEAZ:
@@ -1388,7 +1395,7 @@ icn_command(isdn_ctrl *c, icn_card *card)
                        } else
                                sprintf(cbuf, "%02d;EAZ%s\n", (int)a,
                                        c->parm.num[0] ? (char *)(c->parm.num) 
: "0123456789");
-                       i = icn_writecmd(cbuf, strlen(cbuf), 0, card);
+                       i = icn_writecmd(NULL, cbuf, strlen(cbuf), 0, card);
                }
                break;
        case ISDN_CMD_CLREAZ:
@@ -1402,7 +1409,7 @@ icn_command(isdn_ctrl *c, icn_card *card)
                                sprintf(cbuf, "%02d;MSNC\n", (int)a);
                        else
                                sprintf(cbuf, "%02d;EAZC\n", (int)a);
-                       i = icn_writecmd(cbuf, strlen(cbuf), 0, card);
+                       i = icn_writecmd(NULL, cbuf, strlen(cbuf), 0, card);
                }
                break;
        case ISDN_CMD_SETL2:
@@ -1420,7 +1427,7 @@ icn_command(isdn_ctrl *c, icn_card *card)
                        default:
                                return -EINVAL;
                        }
-                       i = icn_writecmd(cbuf, strlen(cbuf), 0, card);
+                       i = icn_writecmd(NULL, cbuf, strlen(cbuf), 0, card);
                        card->l2_proto[a & 255] = (a >> 8);
                }
                break;
@@ -1474,7 +1481,7 @@ if_writecmd(const u_char __user *buf, int len, int id, 
int channel)
        if (card) {
                if (!(card->flags & ICN_FLAGS_RUNNING))
                        return -ENODEV;
-               return icn_writecmd(buf, len, 1, card);
+               return icn_writecmd(buf, NULL, len, 1, card);
        }
        printk(KERN_ERR
               "icn: if_writecmd called with invalid driverId!\n");
-- 
1.9.1

Reply via email to