serial: vt8500_serial: Fix a parameter of find_first_zero_bit.
authorChristophe JAILLET <christophe.jaillet@wanadoo.fr>
Wed, 24 Aug 2016 05:06:58 +0000 (07:06 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 31 Aug 2016 13:42:28 +0000 (15:42 +0200)
The 2nd parameter of 'find_first_zero_bit' is the number of bits to search.
In this case, we are passing 'sizeof(vt8500_ports_in_use)'.
'vt8500_ports_in_use' is an 'unsigned long'. So the sizeof is likely to
return 4 on a 32 bits kernel.

A few lines below, we check if it is below VT8500_MAX_PORTS, which is 6.

It is likely that the number of bits in a long was expected here.

In order to fix it:
   - use DECLARE_BITMAP when declaring the vt8500_ports_in_use
   - use VT8500_MAX_PORTS as a maximum value when checking/setting bits in
     this bitmap
   - modify code now that 'vt8500_ports_in_use' has become a pointer
     because of the use of DECLARE_BITMAP

It has been spotted by the following coccinelle script:
@@
expression ret, x;

@@
*  ret = \(find_first_bit \| find_first_zero_bit\) (x, sizeof(...));

Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/tty/serial/vt8500_serial.c

index 23cfc5e16b45b5200f9c29e5f12b6da3c73e4e62..6b85adce0ac9d13b4d2dece11a5e694db7899159 100644 (file)
@@ -118,7 +118,7 @@ struct vt8500_port {
  * have been allocated as we can't use pdev->id in
  * devicetree
  */
-static unsigned long vt8500_ports_in_use;
+static DECLARE_BITMAP(vt8500_ports_in_use, VT8500_MAX_PORTS);
 
 static inline void vt8500_write(struct uart_port *port, unsigned int val,
                             unsigned int off)
@@ -663,15 +663,15 @@ static int vt8500_serial_probe(struct platform_device *pdev)
 
        if (port < 0) {
                /* calculate the port id */
-               port = find_first_zero_bit(&vt8500_ports_in_use,
-                                       sizeof(vt8500_ports_in_use));
+               port = find_first_zero_bit(vt8500_ports_in_use,
+                                          VT8500_MAX_PORTS);
        }
 
        if (port >= VT8500_MAX_PORTS)
                return -ENODEV;
 
        /* reserve the port id */
-       if (test_and_set_bit(port, &vt8500_ports_in_use)) {
+       if (test_and_set_bit(port, vt8500_ports_in_use)) {
                /* port already in use - shouldn't really happen */
                return -EBUSY;
        }