On 06/02/2017 12:11 AM, Jonathan Corbet wrote:
On Thu, 01 Jun 2017 09:05:07 +0800
Jia-Ju Bai wrote:
I admit my patches are not well tested, and they may not well fix the bugs.
I am looking forward to opinions and suggestions :)
May I politely suggest that sending out untested locking changes
tic analysis tool (DSAC) and my code
review.
Thanks,
Jia-Ju Bai
nly report.
This possible bug is found by my static analysis tool (DSAC) and my code
review.
Thanks,
Jia-Ju Bai
bug is found by my static analysis tool (DSAC) and my code
review.
Thanks,
Jia-Ju Bai
Thanks,
Jia-Ju Bai
with
"mdelay".
If this fixing is correct, I can send a patch.
This possible is found by my static analysis tool (DSAC) and checked by
my code review.
Thanks,
Jia-Ju Bai
quot; with
"mdelay".
If this fixing is correct, I can send a patch.
This possible bug is found by my static analysis tool (DSAC) and checked
by my code review.
Thanks,
Jia-Ju Bai
by my static analysis tool (DSAC) and checked
by my code review.
Thanks,
Jia-Ju Bai
From: Jia-Ju Bai
The kernel module may sleep under a spinlock.
The function call paths are:
NCR5380_select (acquire the spinlock)
NCR5380_reselect
NCR5380_poll_politely
NCR5380_poll_politely2
schedule_timeout_uninterruptible --> may sleep
NCR5380_abort (acquire the spinl
cmd
wait_for_completion --> may sleep (>_lock is still held)
I do not find a good way to fix them, so I only report.
These possible bugs are found by my static analysis tool (DSAC) and
checked by my code review.
Thanks,
Jia-Ju Bai
my static analysis tool (DSAC) and checked
by my code review.
Thanks,
Jia-Ju Bai
may sleep
I do not find a good way to fix it, so I only report.
This possible bug is found by my static analysis tool (DSAC) and checked
by my code review.
Thanks,
Jia-Ju Bai
errupt (interrupt handler)
vortex_error
vortex_up
pci_set_power_state --> may sleep
pci_enable_device --> may sleep
I do not find a good way to fix them, so I only report.
These possible bugs are found by my static analysis tool (DSAC) and
checked by my code review.
Th
Thanks for your reply :)
On 2017/12/12 11:38, Finn Thain wrote:
On Tue, 12 Dec 2017, Jia-Ju Bai wrote:
From: Jia-Ju Bai
The kernel module may sleep under a spinlock.
The spinlock is always taken in irq mode, and the
schedule_timeout_uninterruptible() is conditional on !irqs_disabled().
I
-> may sleep
grgpio_irq_map (acquire the spinlock)
request_irq --> may sleep
grgpio_irq_unmap (acquire the spinlock)
free_irq --> may sleep
I do not find a good way to fix them, so I only report.
These possible bugs is found by my static analysis tool (DSAC) and
checked by my code review.
Thanks,
Jia-Ju Bai
ort.
This possible bug is found by my static analysis tool (DSAC) and checked
by my code review.
Thanks,
Jia-Ju Bai
is replaced with mdelay.
This bug is found by my static analysis tool(DSAC) and checked by my code
review.
Signed-off-by: Jia-Ju Bai
---
drivers/scsi/esas2r/esas2r_init.c |6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/esas2r/esas2r_init.c
b/drivers
do not find a good way to fix it, so I only report.
This possible bug is found by my static analysis tool (DSAC) and checked
by my code review.
Thanks,
Jia-Ju Bai
esas2r_flash_access
schedule_timeout_interruptible --> may sleep
To fix it, schedule_timeout_uninterruptible is replaced with mdelay.
This bug is found by my static analysis tool(DSAC) and checked by my code
review.
Signed-off-by: Jia-Ju Bai
---
drivers/scsi/esas2r/esas2r_flas
schedule_timeout_interruptible --> may sleep
To fix it, schedule_timeout_uninterruptible is replaced with mdelay.
This bug is found by my static analysis tool(DSAC) and checked by my code
review.
Signed-off-by: Jia-Ju Bai
---
drivers/scsi/esas2r/esas2r_main.c |2 +-
1 file changed, 1 insertion(+)
my static analysis tool (DSAC) and checked
by my code review.
Thanks,
Jia-Ju Bai
SAC) and checked
by my code review.
Thanks,
Jia-Ju Bai
off-by: Jia-Ju Bai
---
drivers/net/hippi/rrunner.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/hippi/rrunner.c b/drivers/net/hippi/rrunner.c
index 8483f03..1ab97d9 100644
--- a/drivers/net/hippi/rrunner.c
+++ b/drivers/net/hippi/rrunner.c
@@ -1379,8 +1379,8 @@ sta
my code review.
Thanks,
Jia-Ju Bai
SAC) and checked
by my code review.
Thanks,
Jia-Ju Bai
off-by: Jia-Ju Bai
---
drivers/net/wireless/mac80211_hwsim.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mac80211_hwsim.c
b/drivers/net/wireless/mac80211_hwsim.c
index 10b075a..f2ebf4a 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/
SAC) and checked
by my code review.
Thanks,
Jia-Ju Bai
___might_sleep in cond_resched_lock.
This bug is found by my static analysis tool and my code review.
Thanks,
Jia-Ju Bai
Thanks for your reply and explanation :)
I will improve my analysis.
Thanks,
Jia-Ju Bai
On 2017/10/9 12:10, Kirill A. Shutemov wrote:
On Mon, Oct 09, 2017 at 12:00:33PM +0800, Jia-Ju Bai wrote:
The ___might_sleep is called under a spinlock, and the function call graph
Thanks for your reply :)
Yes, you are right. Sorry for this false positive.
Thanks,
Jia-Ju Bai
On 2017/10/9 14:32, Clemens Ladisch wrote:
Jia-Ju Bai wrote:
The driver may sleep under a spinlock, and the function call path is:
snd_opl3_note_on (acquire the spinlock)
snd_opl3_find_patch
Okay, I will send a patch :)
Thanks,
Jia-Ju Bai
On 2017/10/9 13:43, Greg KH wrote:
On Mon, Oct 09, 2017 at 09:10:28AM +0800, Jia-Ju Bai wrote:
According to device_main.c, the driver may sleep under a spinlock,
and the function call path is:
vt6655_suspend (acquire the spinlock
hese bugs are found by my static analysis tool and my code review.
Signed-off-by: Jia-Ju Bai
---
drivers/pci/pci.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index 6078dfc..7b763a3 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
Oh, sorry, I will send the patches for each driver.
Thanks,
Jia-Ju Bai
On 2017/10/9 16:17, Greg KH wrote:
On Mon, Oct 09, 2017 at 04:16:20PM +0800, Jia-Ju Bai wrote:
The drivers vt6655 and gma500 call pci_set_power_state under a spinlock, which
may sleep.
The function call paths
und by my static analysis tool and my code review.
Signed-off-by: Jia-Ju Bai
---
drivers/staging/vt6655/device_main.c |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/vt6655/device_main.c
b/drivers/staging/vt6655/device_main.c
index 9fcf2e2..1123b4f 100
x them, the spinlock is released before gma_resume_pci, and it is acquired
again after gma_resume_pci.
This bug is found by my static analysis tool and my code review.
Signed-off-by: Jia-Ju Bai
---
drivers/gpu/drm/gma500/power.c |2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/
bug is found by my static analysis tool (DSAC) and checked
by my code review.
Thanks,
Jia-Ju Bai
ool(DSAC) and checked by my code
review.
Signed-off-by: Jia-Ju Bai
---
drivers/vme/vme.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/vme/vme.c b/drivers/vme/vme.c
index 8124622..92500f6 100644
--- a/drivers/vme/vme.c
+++ b/drivers/vme/vme.c
@@ -1290,7 +129
by my static analysis tool(DSAC) and checked by my code
review.
Signed-off-by: Jia-Ju Bai
---
drivers/staging/rtl8188eu/core/rtw_mlme_ext.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c
b/drivers/staging/rtl8188e
my static analysis tool(DSAC) and checked by my code
review.
Signed-off-by: Jia-Ju Bai
---
drivers/tty/isicom.c |6 +-
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/tty/isicom.c b/drivers/tty/isicom.c
index 015686f..bdd3027 100644
--- a/drivers/tty/isicom.c
+++ b/d
From: Jia-Ju Bai
The driver may sleep under a spinlock, and the function call paths are:
arcmsr_queue_command(acquire the spinlock)
arcmsr_queue_command_lck
arcmsr_handle_virtual_command
arcmsr_iop_message_xfer
arcmsr_iop_parking
arcmsr_stop_adapter_bgrb
SAC) and checked by my code
review.
Signed-off-by: Jia-Ju Bai
---
drivers/media/platform/sti/bdisp/bdisp-hw.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/sti/bdisp/bdisp-hw.c
b/drivers/media/platform/sti/bdisp/bdisp-hw.c
index 4b62ceb..7b45
The driver may sleep under a spinlock.
The function call path is:
bdisp_device_run (acquire the spinlock)
bdisp_hw_reset
msleep --> may sleep
To fix it, msleep is replaced with mdelay.
This bug is found by my static analysis tool(DSAC) and checked by my code
review.
Signed-off-by: Jia
ort.
This possible bug is found by my static analysis tool (DSAC) and checked
by my code review.
Thanks,
Jia-Ju Bai
bug is found by my static analysis tool (DSAC) and checked
by my code review.
Thanks,
Jia-Ju Bai
de review.
Thanks,
Jia-Ju Bai
ead
mutex_lock --> may sleep
I do not find a good way to fix them, so I only report.
These possible bugs are found by my static analysis tool (DSAC) and
checked by my code review.
Thanks,
Jia-Ju Bai
set (acquire the spinlock)
phy_start_aneg
phy_start_aneg_priv
mutex_lock --> may sleep
I do not find a good way to fix them, so I only report.
These possible bugs are found by my static analysis tool (DSAC) and
checked by my code review.
Thanks,
Jia-Ju Bai
set (acquire the spinlock)
phy_start_aneg
phy_start_aneg_priv
mutex_lock --> may sleep
I do not find a good way to fix them, so I only report.
These possible bugs are found by my static analysis tool (DSAC) and
checked by my code review.
Thanks,
Jia-Ju Bai
On 2017/12/13 12:42, James Bottomley wrote:
On Wed, 2017-12-13 at 11:18 +0800, Jia-Ju Bai wrote:
The driver may sleep under a spinlock.
The function call paths are:
qlt_handle_abts_recv_work (acquire the spinlock)
qlt_response_pkt_all_vps
qlt_response_pkt
On 2017/12/13 13:18, Stephen Hemminger wrote:
On Tue, 12 Dec 2017 20:57:01 -0500 (EST)
David Miller wrote:
From: Stephen Hemminger
Date: Tue, 12 Dec 2017 10:22:40 -0800
On Tue, 12 Dec 2017 08:34:45 -0500 (EST)
David Miller wrote:
From: Jia-Ju Bai
Date: Tue, 12 Dec 2017 16:38:12
eep
usb_kill_urb --> may sleep
I do not find a good way to fix it, so I only report.
This possible bug is found by my static analysis tool (DSAC) and checked
by my code review.
Thanks,
Jia-Ju Bai
und by my static analysis tool(DSAC) and checked by my code
review.
Signed-off-by: Jia-Ju Bai
---
drivers/scsi/qedi/qedi_fw.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/qedi/qedi_fw.c b/drivers/scsi/qedi/qedi_fw.c
index bd302d3..20a9259 100644
--- a/driv
my code
review.
Signed-off-by: Jia-Ju Bai
---
drivers/bluetooth/bluecard_cs.c |8 ++--
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/drivers/bluetooth/bluecard_cs.c b/drivers/bluetooth/bluecard_cs.c
index d513ef4..82437a6 100644
--- a/drivers/bluetooth/bluecard_cs.c
++
sis tool(DSAC) and checked by my code
review.
Signed-off-by: Jia-Ju Bai
---
drivers/net/ethernet/hp/hp100.c |9 +++--
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/drivers/net/ethernet/hp/hp100.c b/drivers/net/ethernet/hp/hp100.c
index c8c7ad2..6addcbd 100644
--- a/drivers/
und by my static analysis tool(DSAC) and checked by my code
review.
Signed-off-by: Jia-Ju Bai
---
drivers/net/ethernet/hp/hp100.c | 15 +--
1 file changed, 5 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ethernet/hp/hp100.c b/drivers/net/ethernet/hp/hp100.c
index c8c7
off-by: Jia-Ju Bai
---
drivers/net/ethernet/qlogic/qla3xxx.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/qlogic/qla3xxx.c
b/drivers/net/ethernet/qlogic/qla3xxx.c
index 8ad3e24..7994d04 100644
--- a/drivers/net/ethernet/qlogic/qla3xxx.c
+++ b/drivers/
is bug is found by my static analysis tool(DSAC) and checked by my code
review.
Signed-off-by: Jia-Ju Bai
---
drivers/net/ethernet/qlogic/qla3xxx.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/qlogic/qla3xxx.c
b/drivers/net/ethernet/qlogic/qla3xxx.c
ode review.
Thanks,
Jia-Ju Bai
tic analysis tool (DSAC) and checked
by my code review.
Thanks,
Jia-Ju Bai
ned-off-by: Jia-Ju Bai
---
drivers/net/ethernet/cadence/macb_main.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/cadence/macb_main.c
b/drivers/net/ethernet/cadence/macb_main.c
index 72a67f7..b02c806 100644
--- a/drivers/net/ethernet/cadence/macb_mai
iew.
Signed-off-by: Jia-Ju Bai
---
drivers/rtc/rtc-r7301.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/rtc/rtc-r7301.c b/drivers/rtc/rtc-r7301.c
index 28d5408..d846e97 100644
--- a/drivers/rtc/rtc-r7301.c
+++ b/drivers/rtc/rtc-r7301.c
@@ -95,7 +95,7 @@ static
The driver may sleep under a spinlock.
The function call path is:
rtc7301_set_time (acquire the spinlock)
usleep_range --> may sleep
To fix it, usleep_range is replaced with udelay.
This bug is found by my static analysis tool(DSAC) and checked by my code
review.
Signed-off-by: Jia-Ju
ode review.
Thanks,
Jia-Ju Bai
SAC) and checked by my code
review.
Signed-off-by: Jia-Ju Bai
---
drivers/gpu/drm/drm_mm.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_mm.c b/drivers/gpu/drm/drm_mm.c
index 61a1c8e..5b9965d 100644
--- a/drivers/gpu/drm/drm_mm.c
+++ b/drivers/gpu/
On 2017/12/14 0:50, Stephen Hemminger wrote:
On Wed, 13 Dec 2017 15:42:56 +0800
Jia-Ju Bai wrote:
On 2017/12/13 13:18, Stephen Hemminger wrote:
On Tue, 12 Dec 2017 20:57:01 -0500 (EST)
David Miller wrote:
From: Stephen Hemminger
Date: Tue, 12 Dec 2017 10:22:40 -0800
On Tue, 12
Thanks for reply :)
I think I should use "udelay(10/HZ)" instead, do you think it is right?
Thanks,
Jia-Ju Bai
On 2017/12/14 5:20, David Miller wrote:
I want you to review all of your patches and resend them after you
have checked them carefully.
The first patch I e
On 2020/9/2 5:16, Pavel Machek wrote:
On Tue 2020-09-01 18:35:23, Greg Kroah-Hartman wrote:
On Tue, Sep 01, 2020 at 05:25:12PM +0100, Sean Young wrote:
Greg,
On Tue, Sep 01, 2020 at 05:09:31PM +0200, Greg Kroah-Hartman wrote:
From: Jia-Ju Bai
[ Upstream commit
lem, skb->data[3] is assigned to a local variable before
DMA mapping, and then the driver accesses this local variable instead of
skb->data[3].
Signed-off-by: Jia-Ju Bai
---
drivers/atm/eni.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/atm/eni.c b/drivers/atm/en
s problem, the calculation result of skb->data is stored in a
local variable before DMA mapping, and then the driver accesses this
local variable instead of skb->data.
Signed-off-by: Jia-Ju Bai
---
drivers/atm/idt77252.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --
e.
To fix this problem, dma_map_single() is called after these accesses.
Signed-off-by: Jia-Ju Bai
---
drivers/net/vmxnet3/vmxnet3_drv.c | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/drivers/net/vmxnet3/vmxnet3_drv.c
b/drivers/net/vmxnet3/vmxnet3_drv.c
index ca3
->data_p = 0;
These accesses may cause data inconsistency between CPU cache and hardware.
I am not sure how to properly fix this problem, and thus I only report it.
Best wishes,
Jia-Ju Bai
hardware.
To fix this problem, ((struct p54_hdr *)skb->data)->req_id is stored in
a local variable before DMA mapping, and then the driver accesses this
local variable instead of skb->data.
Signed-off-by: Jia-Ju Bai
---
drivers/net/wireless/intersil/p54/p54pci.c | 4 +++-
1 file
how to properly fix this problem, and thus I only report it.
Best wishes,
Jia-Ju Bai
h as:
bufl->bufers[y].len = sg->length;
bufl->num_bufs = sg_nctr;
bufers = buflout->bufers;
buflout->num_bufs = sg_nctr;
These accesses may cause data inconsistency between CPU cache and hardware.
I am not sure how to properly fix this problem, and thus I only report it.
Best wishes,
Jia-Ju Bai
he and hardware.
I am not sure how to properly fix this problem, and thus I only report it.
Best wishes,
Jia-Ju Bai
o cause buffer overflow.
To fix this problem, "fsc->command" is assigned to a local variable, and
then this local variable is used to replace "fsc->command".
Signed-off-by: Jia-Ju Bai
---
drivers/scsi/esas2r/esas2r_flash.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
q->op" can be
modified to cause buffer overflow when the driver accesses
"vfdi_ops[req->op]".
To fix this problem, "req->op" is assigned to a local variable, and then
the driver accesses this variable instead of "req->op".
Signed-off-by: Jia-Ju Bai
---
dri
On 2020/8/3 9:12, Zhou Wang wrote:
On 2020/8/2 22:52, Jia-Ju Bai wrote:
In qm_qp_ctx_cfg(), "sqc" and "aeqc" are mapped to streaming DMA:
eqc_dma = dma_map_single(..., eqc, ...);
..
aeqc_dma = dma_map_single(..., aeqc, ...);
Only sqc, cqc will be configu
On 2020/8/2 23:47, James Bottomley wrote:
On Sun, 2020-08-02 at 23:21 +0800, Jia-Ju Bai wrote:
Because "fs" is mapped to DMA, its data can be modified at anytime by
malicious or malfunctioning hardware. In this case, the check
"if (fsc->command >= cmdcnt)" ca
On 2020/8/4 6:59, David Miller wrote:
From: Jia-Ju Bai
Date: Sun, 2 Aug 2020 21:11:07 +0800
In vmxnet3_probe_device(), "adapter" is mapped to streaming DMA:
adapter->adapter_pa = dma_map_single(..., adapter, ...);
Then "adapter" is accessed at many places in
rol is accessed on line 681:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai
---
v2:
* Use "rtlwifi" as subject pref
rol is accessed on line 670:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai
---
v2:
* Use "rtlwifi" as subject pref
Thanks for the advice.
I have added the description of the changes and resent the patches.
Best wishes,
Jia-Ju Bai
On 2020/11/19 1:20, Larry Finger wrote:
On 11/17/20 7:53 PM, Jia-Ju Bai wrote:
In rtl88ee_tx_fill_cmddesc(), skb->data is mapped to streaming DMA on
line 677:
dma_add
t;frame_control is accessed on line 535:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai
---
v2:
* Use "rtlwifi" as subject pref
rol is accessed on line 534:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai
---
v2:
* Use "rtlwifi" as subject pref
rol is accessed on line 534:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai
---
drivers/net/wireless/realtek/rtlwifi/rtl8192ce/trx
rol is accessed on line 670:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai
---
drivers/net/wireless/realtek/rtlwifi/rtl8192de/trx
rol is accessed on line 681:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai
---
drivers/net/wireless/realtek/rtlwifi/rtl8188ee/trx
On 2020/11/7 19:44, Kalle Valo wrote:
Jia-Ju Bai wrote:
In rtl92ce_tx_fill_cmddesc(), skb->data is mapped to streaming DMA on
line 530:
dma_addr_t mapping = dma_map_single(..., skb->data, ...);
On line 533, skb->data is assigned to hdr after cast:
struct ieee80211_hdr *hdr
t;frame_control is accessed on line 535:
__le16 fc = hdr->frame_control;
This DMA access may cause data inconsistency between CPU and hardwre.
To fix this bug, hdr->frame_control is accessed before the DMA mapping.
Signed-off-by: Jia-Ju Bai
---
drivers/net/wireless/realtek/rtlwifi/rtl8723ae/trx
On 2019/7/29 21:45, Andrew Lunn wrote:
On Mon, Jul 29, 2019 at 05:24:24PM +0800, Jia-Ju Bai wrote:
In phy_led_trigger_change_speed(), there is an if statement on line 48
to check whether phy->last_triggered is NULL:
if (!phy->last_triggered)
When phy->last_triggered is NULL, i
nd by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai
---
v2:
* Adjust the code and add an assignment.
Thank Darrick J. Wong for helpful advice.
---
fs/xfs/scrub/dabtree.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/fs/xfs/scrub/dabt
On 2019/7/30 11:41, David Miller wrote:
From: Andrew Lunn
Date: Tue, 30 Jul 2019 05:32:29 +0200
On Tue, Jul 30, 2019 at 10:25:36AM +0800, Jia-Ju Bai wrote:
On 2019/7/29 21:45, Andrew Lunn wrote:
On Mon, Jul 29, 2019 at 05:24:24PM +0800, Jia-Ju Bai wrote:
In phy_led_trigger_change_speed
le null-pointer dereference may occur.
To fix this bug, led_trigger_event(>last_triggered->trigger,
LED_OFF) is called when phy->last_triggered is not NULL.
This bug is found by a static analysis tool STCheck written by
the OSLAB group in Tsinghua University.
Signed-off-by: J
this patch.
Thus, I think the definition of ocfs2_xa_add_entry() could be removed.
If it is okay, I can send a new patch (v3).
Best wishes,
Jia-Ju Bai
_to_auditdata(skb, , NULL);
Thus, possible null-pointer dereferences may occur when skb is NULL.
To fix these possible bugs, an if statement is added to check skb.
These bugs are found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai
---
security/smack/smack_lsm
null-pointer dereference may occur in this case.
To fix this possible bug, an if statement is added in afs_put_read() to
check req->pages.
This bug is found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai
---
fs/afs/file.c | 12 +++-
1 file changed, 7 i
rt;
Thus, possible null-pointer dereferences may occur.
To fix these possible bugs, vma is checked on line 1063.
These bugs are found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai
---
arch/x86/mm/pat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --g
ay occur in this case.
To fix this possible bug, block->next is checked before using it.
This bug is found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai
---
sound/isa/gus/gus_mem.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/isa/gus/g
Thanks for the quick reply :)
I think you are right, and I did not consider "if (alloc->last == block)"
Sorry for the false report...
Best wishes,
Jia-Ju Bai
On 2019/7/23 21:47, Takashi Iwai wrote:
On Tue, 23 Jul 2019 15:40:20 +0200,
Jia-Ju Bai wrote:
In snd_
701 - 800 of 1251 matches
Mail list logo
