[PATCH 8/9] staging: rtl8192e: Fix smatch warnings regarding large arrays on stack

Larry Finger Larry.Finger at lwfinger.net
Tue Aug 30 16:53:08 UTC 2011


Smatch reports the following warnings:

  CHECK   drivers/staging/rtl8192e/rtllib_rx.c
drivers/staging/rtl8192e/rtllib_rx.c +552 RxReorderIndicatePacket(6) warn: 'prxbIndicateArray' puts 1024 bytes on stack

  CHECK   drivers/staging/rtl8192e/rtl819x_TSProc.c
drivers/staging/rtl8192e/rtl819x_TSProc.c +40 RxPktPendingTimeout(9) warn: 'stats_IndicateArray' puts 1024 bytes on stack

  CHECK   drivers/staging/rtl8192e/r8192E_phy.c
drivers/staging/rtl8192e/r8192E_phy.c +859 rtl8192_phy_SwChnlStepByStep(11) warn: function puts 797 bytes on stack

  CHECK   drivers/staging/rtl8192e/rtllib_rx.c
drivers/staging/rtl8192e/rtllib_rx.c +552 RxReorderIndicatePacket(6) warn: 'prxbIndicateArray' puts 1024 bytes on stack

These are fixed by adding the arrays in question as a union in a struct used
by nearly all routines.

Signed-off-by: Larry Finger <Larry.Finger at lwfinger.net>
---
 drivers/staging/rtl8192e/r8192E_phy.c     |   28 ++++++++++++++------------
 drivers/staging/rtl8192e/r8192E_phy.h     |   24 ----------------------
 drivers/staging/rtl8192e/rtl819x_TSProc.c |    5 +--
 drivers/staging/rtl8192e/rtllib.h         |   31 +++++++++++++++++++++++++++++
 drivers/staging/rtl8192e/rtllib_rx.c      |   12 ++++------
 5 files changed, 53 insertions(+), 47 deletions(-)

diff --git a/drivers/staging/rtl8192e/r8192E_phy.c b/drivers/staging/rtl8192e/r8192E_phy.c
index 7ec6139..7fe69a3 100644
--- a/drivers/staging/rtl8192e/r8192E_phy.c
+++ b/drivers/staging/rtl8192e/r8192E_phy.c
@@ -849,11 +849,9 @@ static u8 rtl8192_phy_SwChnlStepByStep(struct net_device *dev, u8 channel,
 				       u8 *stage, u8 *step, u32 *delay)
 {
 	struct r8192_priv *priv = rtllib_priv(dev);
-	struct sw_chnl_cmd PreCommonCmd[MAX_PRECMD_CNT];
+	struct rtllib_device *ieee = priv->rtllib;
 	u32					PreCommonCmdCnt;
-	struct sw_chnl_cmd PostCommonCmd[MAX_POSTCMD_CNT];
 	u32					PostCommonCmdCnt;
-	struct sw_chnl_cmd RfDependCmd[MAX_RFDEPENDCMD_CNT];
 	u32					RfDependCmdCnt;
 	struct sw_chnl_cmd *CurrentCmd = NULL;
 	u8		eRFPath;
@@ -869,15 +867,18 @@ static u8 rtl8192_phy_SwChnlStepByStep(struct net_device *dev, u8 channel,
 
 	{
 		PreCommonCmdCnt = 0;
-		rtl8192_phy_SetSwChnlCmdArray(PreCommonCmd, PreCommonCmdCnt++,
+		rtl8192_phy_SetSwChnlCmdArray(ieee->PreCommonCmd,
+					PreCommonCmdCnt++,
 					MAX_PRECMD_CNT, CmdID_SetTxPowerLevel,
 					0, 0, 0);
-		rtl8192_phy_SetSwChnlCmdArray(PreCommonCmd, PreCommonCmdCnt++,
+		rtl8192_phy_SetSwChnlCmdArray(ieee->PreCommonCmd,
+					PreCommonCmdCnt++,
 					MAX_PRECMD_CNT, CmdID_End, 0, 0, 0);
 
 		PostCommonCmdCnt = 0;
 
-		rtl8192_phy_SetSwChnlCmdArray(PostCommonCmd, PostCommonCmdCnt++,
+		rtl8192_phy_SetSwChnlCmdArray(ieee->PostCommonCmd,
+					PostCommonCmdCnt++,
 					MAX_POSTCMD_CNT, CmdID_End, 0, 0, 0);
 
 		RfDependCmdCnt = 0;
@@ -888,11 +889,11 @@ static u8 rtl8192_phy_SwChnlStepByStep(struct net_device *dev, u8 channel,
 					 "8225: %d\n", channel);
 				return false;
 			}
-			rtl8192_phy_SetSwChnlCmdArray(RfDependCmd,
+			rtl8192_phy_SetSwChnlCmdArray(ieee->RfDependCmd,
 				RfDependCmdCnt++, MAX_RFDEPENDCMD_CNT,
 				CmdID_RF_WriteReg, rZebra1_Channel,
 				RF_CHANNEL_TABLE_ZEBRA[channel], 10);
-			rtl8192_phy_SetSwChnlCmdArray(RfDependCmd,
+			rtl8192_phy_SetSwChnlCmdArray(ieee->RfDependCmd,
 				RfDependCmdCnt++, MAX_RFDEPENDCMD_CNT,
 				CmdID_End, 0, 0, 0);
 			break;
@@ -903,11 +904,12 @@ static u8 rtl8192_phy_SwChnlStepByStep(struct net_device *dev, u8 channel,
 					 " 8256: %d\n", channel);
 				return false;
 			}
-			rtl8192_phy_SetSwChnlCmdArray(RfDependCmd,
+			rtl8192_phy_SetSwChnlCmdArray(ieee->RfDependCmd,
 				 RfDependCmdCnt++, MAX_RFDEPENDCMD_CNT,
 				CmdID_RF_WriteReg, rZebra1_Channel, channel,
 				 10);
-			rtl8192_phy_SetSwChnlCmdArray(RfDependCmd,
+			rtl8192_phy_SetSwChnlCmdArray(ieee->RfDependCmd,
+
 						      RfDependCmdCnt++,
 						      MAX_RFDEPENDCMD_CNT,
 			CmdID_End, 0, 0, 0);
@@ -927,13 +929,13 @@ static u8 rtl8192_phy_SwChnlStepByStep(struct net_device *dev, u8 channel,
 		do {
 			switch (*stage) {
 			case 0:
-				CurrentCmd = &PreCommonCmd[*step];
+				CurrentCmd = &ieee->PreCommonCmd[*step];
 				break;
 			case 1:
-				CurrentCmd = &RfDependCmd[*step];
+				CurrentCmd = &ieee->RfDependCmd[*step];
 				break;
 			case 2:
-				CurrentCmd = &PostCommonCmd[*step];
+				CurrentCmd = &ieee->PostCommonCmd[*step];
 				break;
 			}
 
diff --git a/drivers/staging/rtl8192e/r8192E_phy.h b/drivers/staging/rtl8192e/r8192E_phy.h
index 86c6acd..7318f88 100644
--- a/drivers/staging/rtl8192e/r8192E_phy.h
+++ b/drivers/staging/rtl8192e/r8192E_phy.h
@@ -21,10 +21,6 @@
 
 #define MAX_DOZE_WAITING_TIMES_9x 64
 
-#define MAX_PRECMD_CNT 16
-#define MAX_RFDEPENDCMD_CNT 16
-#define MAX_POSTCMD_CNT 16
-
 #define AGCTAB_ArrayLength			AGCTAB_ArrayLengthPciE
 #define MACPHY_ArrayLength			MACPHY_ArrayLengthPciE
 #define RadioA_ArrayLength			RadioA_ArrayLengthPciE
@@ -45,26 +41,6 @@
 #define Rtl819XPHY_REGArray			Rtl8192PciEPHY_REGArray
 #define Rtl819XPHY_REG_1T2RArray		Rtl8192PciEPHY_REG_1T2RArray
 
-
-
-enum sw_chnl_cmd_id {
-	CmdID_End,
-	CmdID_SetTxPowerLevel,
-	CmdID_BBRegWrite10,
-	CmdID_WritePortUlong,
-	CmdID_WritePortUshort,
-	CmdID_WritePortUchar,
-	CmdID_RF_WriteReg,
-};
-
-/*--------------------------------Define structure----------------------------*/
-struct sw_chnl_cmd {
-	enum sw_chnl_cmd_id CmdID;
-	u32			Para1;
-	u32			Para2;
-	u32			msDelay;
-} __packed;
-
 extern u32 rtl819XMACPHY_Array_PG[];
 extern u32 rtl819XPHY_REG_1T2RArray[];
 extern u32 rtl819XAGCTAB_Array[];
diff --git a/drivers/staging/rtl8192e/rtl819x_TSProc.c b/drivers/staging/rtl8192e/rtl819x_TSProc.c
index ccec382..5323a9c 100644
--- a/drivers/staging/rtl8192e/rtl819x_TSProc.c
+++ b/drivers/staging/rtl8192e/rtl819x_TSProc.c
@@ -37,7 +37,6 @@ static void RxPktPendingTimeout(unsigned long data)
 	struct rx_reorder_entry *pReorderEntry = NULL;
 
 	unsigned long flags = 0;
-	struct rtllib_rxb *stats_IndicateArray[REORDER_WIN_SIZE];
 	u8 index = 0;
 	bool bPktInBuf = false;
 
@@ -62,7 +61,7 @@ static void RxPktPendingTimeout(unsigned long data)
 				RTLLIB_DEBUG(RTLLIB_DL_REORDER, "%s(): Indicate"
 					     " SeqNum: %d\n", __func__,
 					     pReorderEntry->SeqNum);
-				stats_IndicateArray[index] =
+				ieee->stats_IndicateArray[index] =
 							 pReorderEntry->prxb;
 				index++;
 
@@ -85,7 +84,7 @@ static void RxPktPendingTimeout(unsigned long data)
 					       flags);
 			return;
 		}
-		rtllib_indicate_packets(ieee, stats_IndicateArray, index);
+		rtllib_indicate_packets(ieee, ieee->stats_IndicateArray, index);
 		bPktInBuf = false;
 	}
 
diff --git a/drivers/staging/rtl8192e/rtllib.h b/drivers/staging/rtl8192e/rtllib.h
index b33cacc..4c5249f 100644
--- a/drivers/staging/rtl8192e/rtllib.h
+++ b/drivers/staging/rtl8192e/rtllib.h
@@ -42,6 +42,10 @@
 #include <linux/netdevice.h>
 #include <linux/if_arp.h> /* ARPHRD_ETHER */
 
+#define MAX_PRECMD_CNT 16
+#define MAX_RFDEPENDCMD_CNT 16
+#define MAX_POSTCMD_CNT 16
+
 #ifndef WIRELESS_SPY
 #define WIRELESS_SPY
 #endif
@@ -207,6 +211,23 @@ struct cb_desc {
 	u8 bIsBTProbRsp;
 };
 
+enum sw_chnl_cmd_id {
+	CmdID_End,
+	CmdID_SetTxPowerLevel,
+	CmdID_BBRegWrite10,
+	CmdID_WritePortUlong,
+	CmdID_WritePortUshort,
+	CmdID_WritePortUchar,
+	CmdID_RF_WriteReg,
+};
+
+struct sw_chnl_cmd {
+	enum sw_chnl_cmd_id CmdID;
+	u32			Para1;
+	u32			Para2;
+	u32			msDelay;
+} __packed;
+
 /*--------------------------Define -------------------------------------------*/
 #define MGN_1M		  0x02
 #define MGN_2M		  0x04
@@ -2415,6 +2436,16 @@ struct rtllib_device {
 	struct work_struct wx_sync_scan_wq;
 
 	struct workqueue_struct *wq;
+	union {
+		struct rtllib_rxb *RfdArray[REORDER_WIN_SIZE];
+		struct rtllib_rxb *stats_IndicateArray[REORDER_WIN_SIZE];
+		struct rtllib_rxb *prxbIndicateArray[REORDER_WIN_SIZE];
+		struct {
+			struct sw_chnl_cmd PreCommonCmd[MAX_PRECMD_CNT];
+			struct sw_chnl_cmd PostCommonCmd[MAX_POSTCMD_CNT];
+			struct sw_chnl_cmd RfDependCmd[MAX_RFDEPENDCMD_CNT];
+		};
+	};
 
 	/* Callback functions */
 	void (*set_security)(struct net_device *dev,
diff --git a/drivers/staging/rtl8192e/rtllib_rx.c b/drivers/staging/rtl8192e/rtllib_rx.c
index 745ae08..8d0af5e 100644
--- a/drivers/staging/rtl8192e/rtllib_rx.c
+++ b/drivers/staging/rtl8192e/rtllib_rx.c
@@ -520,7 +520,6 @@ void rtllib_indicate_packets(struct rtllib_device *ieee, struct rtllib_rxb **prx
 void rtllib_FlushRxTsPendingPkts(struct rtllib_device *ieee,	struct rx_ts_record *pTS)
 {
 	struct rx_reorder_entry *pRxReorderEntry;
-	struct rtllib_rxb *RfdArray[REORDER_WIN_SIZE];
 	u8 RfdCnt = 0;
 
 	del_timer_sync(&pTS->RxPktPendingTimer);
@@ -534,12 +533,12 @@ void rtllib_FlushRxTsPendingPkts(struct rtllib_device *ieee,	struct rx_ts_record
 		RTLLIB_DEBUG(RTLLIB_DL_REORDER, "%s(): Indicate SeqNum %d!\n", __func__, pRxReorderEntry->SeqNum);
 		list_del_init(&pRxReorderEntry->List);
 
-		RfdArray[RfdCnt] = pRxReorderEntry->prxb;
+		ieee->RfdArray[RfdCnt] = pRxReorderEntry->prxb;
 
 		RfdCnt = RfdCnt + 1;
 		list_add_tail(&pRxReorderEntry->List, &ieee->RxReorder_Unused_List);
 	}
-	rtllib_indicate_packets(ieee, RfdArray, RfdCnt);
+	rtllib_indicate_packets(ieee, ieee->RfdArray, RfdCnt);
 
 	pTS->RxIndicateSeq = 0xffff;
 }
@@ -550,7 +549,6 @@ static void RxReorderIndicatePacket(struct rtllib_device *ieee,
 {
 	struct rt_hi_throughput *pHTInfo = ieee->pHTInfo;
 	struct rx_reorder_entry *pReorderEntry = NULL;
-	struct rtllib_rxb *prxbIndicateArray[REORDER_WIN_SIZE];
 	u8 WinSize = pHTInfo->RxReorderWinSize;
 	u16 WinEnd = 0;
 	u8 index = 0;
@@ -617,7 +615,7 @@ static void RxReorderIndicatePacket(struct rtllib_device *ieee,
 		RTLLIB_DEBUG(RTLLIB_DL_REORDER, "Packets indication!! "
 				"IndicateSeq: %d, NewSeq: %d\n",
 				pTS->RxIndicateSeq, SeqNum);
-		prxbIndicateArray[0] = prxb;
+		ieee->prxbIndicateArray[0] = prxb;
 		index = 1;
 	} else {
 		/* Current packet is going to be inserted into pending list.*/
@@ -693,7 +691,7 @@ static void RxReorderIndicatePacket(struct rtllib_device *ieee,
 			if (SN_EQUAL(pReorderEntry->SeqNum, pTS->RxIndicateSeq))
 				pTS->RxIndicateSeq = (pTS->RxIndicateSeq + 1) % 4096;
 
-			prxbIndicateArray[index] = pReorderEntry->prxb;
+			ieee->prxbIndicateArray[index] = pReorderEntry->prxb;
 			RTLLIB_DEBUG(RTLLIB_DL_REORDER, "%s(): Indicate SeqNum"
 				     " %d!\n", __func__, pReorderEntry->SeqNum);
 			index++;
@@ -720,7 +718,7 @@ static void RxReorderIndicatePacket(struct rtllib_device *ieee,
 					       flags);
 			return;
 		}
-		rtllib_indicate_packets(ieee, prxbIndicateArray, index);
+		rtllib_indicate_packets(ieee, ieee->prxbIndicateArray, index);
 		bPktInBuf = false;
 	}
 
-- 
1.7.3.4




More information about the devel mailing list