From 3942453948015228d6b1ae9835a6f6ca3e842aaa Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Sat, 4 Jul 2009 11:31:47 +0000 Subject: [PATCH] drivers/net/smsc911x.c: Fix resource size off by 1 error The call resource_size(res) returns res->end - res->start + 1 and thus the second change is semantics-preserving. res_size is then used as the second argument of a call to request_mem_region, and the memory allocated by this call appears to be the same as what is released in the two calls to release_mem_region. So the size argument for those calls should be resource_size(size) as well. Alternatively, in the second call to release_mem_region, the second argument could be res_size, as that variable has already been initialized at the point of this call. The problem was found using the following semantic patch: (http://www.emn.fr/x-info/coccinelle/) // @@ struct resource *res; @@ - (res->end - res->start) + 1 + resource_size(res) @@ struct resource *res; @@ - res->end - res->start + BAD(resource_size(res)) // Signed-off-by: Julia Lawall Signed-off-by: David S. Miller --- drivers/net/smsc911x.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/smsc911x.c b/drivers/net/smsc911x.c index b60639bd181b..66067f9d91c0 100644 --- a/drivers/net/smsc911x.c +++ b/drivers/net/smsc911x.c @@ -1938,7 +1938,7 @@ static int __devexit smsc911x_drv_remove(struct platform_device *pdev) if (!res) res = platform_get_resource(pdev, IORESOURCE_MEM, 0); - release_mem_region(res->start, res->end - res->start); + release_mem_region(res->start, resource_size(res)); iounmap(pdata->ioaddr); @@ -1976,7 +1976,7 @@ static int __devinit smsc911x_drv_probe(struct platform_device *pdev) retval = -ENODEV; goto out_0; } - res_size = res->end - res->start + 1; + res_size = resource_size(res); irq_res = platform_get_resource(pdev, IORESOURCE_IRQ, 0); if (!irq_res) { @@ -2104,7 +2104,7 @@ out_unmap_io_3: out_free_netdev_2: free_netdev(dev); out_release_io_1: - release_mem_region(res->start, res->end - res->start); + release_mem_region(res->start, resource_size(res)); out_0: return retval; } -- 2.20.1