[PATCH 01/17] staging: comedi: s526: don't dereference insn->data pointer

H Hartley Sweeten hartleys at visionengravers.com
Wed Sep 19 22:08:35 UTC 2012 

The comedi_insn 'data' pointer is a __user pointer that is
passed into the kernel using an ioctl. The comedi core copies
this data to kernel space in do_insnlist_ioctl() and then
passes that kernel data to the drivers as a separate parameter.
The drivers never need to access the data through the insn->data
pointer.

This fixes a number of sparse warnings about:

  warning: dereference of noderef expression

Signed-off-by: H Hartley Sweeten <hsweeten at visionengravers.com>
Cc: Ian Abbott <abbotti at mev.co.uk>
Cc: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
---
 drivers/staging/comedi/drivers/s526.c | 73 +++++++++++++++++------------------
 1 file changed, 36 insertions(+), 37 deletions(-)

diff --git a/drivers/staging/comedi/drivers/s526.c b/drivers/staging/comedi/drivers/s526.c
index c89bd6c..43f5c7d 100644
--- a/drivers/staging/comedi/drivers/s526.c
+++ b/drivers/staging/comedi/drivers/s526.c
@@ -256,14 +256,13 @@ static int s526_gpct_insn_config(struct comedi_device *dev,
 						subdev_channel); */
 
 	for (i = 0; i < MAX_GPCT_CONFIG_DATA; i++) {
-		devpriv->s526_gpct_config[subdev_channel].data[i] =
-		    insn->data[i];
-/* printk("data[%d]=%x\n", i, insn->data[i]); */
+		devpriv->s526_gpct_config[subdev_channel].data[i] = data[i];
+/* printk("data[%d]=%x\n", i, data[i]); */
 	}
 
 	/*  Check what type of Counter the user requested, data[0] contains */
 	/*  the Application type */
-	switch (insn->data[0]) {
+	switch (data[0]) {
 	case INSN_CONFIG_GPCT_QUADRATURE_ENCODER:
 		/*
 		   data[0]: Application Type
@@ -307,7 +306,7 @@ static int s526_gpct_insn_config(struct comedi_device *dev,
 
 #if 1
 		/*  Set Counter Mode Register */
-		cmReg.value = insn->data[1] & 0xFFFF;
+		cmReg.value = data[1] & 0xFFFF;
 
 /* printk("s526: Counter Mode register=%x\n", cmReg.value); */
 		outw(cmReg.value, ADDR_CHAN_REG(REG_C0M, subdev_channel));
@@ -325,39 +324,39 @@ static int s526_gpct_insn_config(struct comedi_device *dev,
 		cmReg.reg.countDirCtrl = 0;
 
 		/*  data[1] contains GPCT_X1, GPCT_X2 or GPCT_X4 */
-		if (insn->data[1] == GPCT_X2)
+		if (data[1] == GPCT_X2)
 			cmReg.reg.clockSource = 1;
-		else if (insn->data[1] == GPCT_X4)
+		else if (data[1] == GPCT_X4)
 			cmReg.reg.clockSource = 2;
 		else
 			cmReg.reg.clockSource = 0;
 
 		/*  When to take into account the indexpulse: */
-		/*if (insn->data[2] == GPCT_IndexPhaseLowLow) {
-		} else if (insn->data[2] == GPCT_IndexPhaseLowHigh) {
-		} else if (insn->data[2] == GPCT_IndexPhaseHighLow) {
-		} else if (insn->data[2] == GPCT_IndexPhaseHighHigh) {
+		/*if (data[2] == GPCT_IndexPhaseLowLow) {
+		} else if (data[2] == GPCT_IndexPhaseLowHigh) {
+		} else if (data[2] == GPCT_IndexPhaseHighLow) {
+		} else if (data[2] == GPCT_IndexPhaseHighHigh) {
 		}*/
 		/*  Take into account the index pulse? */
-		if (insn->data[3] == GPCT_RESET_COUNTER_ON_INDEX)
+		if (data[3] == GPCT_RESET_COUNTER_ON_INDEX)
 			/*  Auto load with INDEX^ */
 			cmReg.reg.autoLoadResetRcap = 4;
 
 		/*  Set Counter Mode Register */
-		cmReg.value = (short)(insn->data[1] & 0xFFFF);
+		cmReg.value = (short)(data[1] & 0xFFFF);
 		outw(cmReg.value, ADDR_CHAN_REG(REG_C0M, subdev_channel));
 
 		/*  Load the pre-load register high word */
-		value = (short)((insn->data[2] >> 16) & 0xFFFF);
+		value = (short)((data[2] >> 16) & 0xFFFF);
 		outw(value, ADDR_CHAN_REG(REG_C0H, subdev_channel));
 
 		/*  Load the pre-load register low word */
-		value = (short)(insn->data[2] & 0xFFFF);
+		value = (short)(data[2] & 0xFFFF);
 		outw(value, ADDR_CHAN_REG(REG_C0L, subdev_channel));
 
 		/*  Write the Counter Control Register */
-		if (insn->data[3] != 0) {
-			value = (short)(insn->data[3] & 0xFFFF);
+		if (data[3] != 0) {
+			value = (short)(data[3] & 0xFFFF);
 			outw(value, ADDR_CHAN_REG(REG_C0C, subdev_channel));
 		}
 		/*  Reset the counter if it is software preload */
@@ -383,34 +382,34 @@ static int s526_gpct_insn_config(struct comedi_device *dev,
 		    SinglePulseGeneration;
 
 		/*  Set Counter Mode Register */
-		cmReg.value = (short)(insn->data[1] & 0xFFFF);
+		cmReg.value = (short)(data[1] & 0xFFFF);
 		cmReg.reg.preloadRegSel = 0;	/*  PR0 */
 		outw(cmReg.value, ADDR_CHAN_REG(REG_C0M, subdev_channel));
 
 		/*  Load the pre-load register 0 high word */
-		value = (short)((insn->data[2] >> 16) & 0xFFFF);
+		value = (short)((data[2] >> 16) & 0xFFFF);
 		outw(value, ADDR_CHAN_REG(REG_C0H, subdev_channel));
 
 		/*  Load the pre-load register 0 low word */
-		value = (short)(insn->data[2] & 0xFFFF);
+		value = (short)(data[2] & 0xFFFF);
 		outw(value, ADDR_CHAN_REG(REG_C0L, subdev_channel));
 
 		/*  Set Counter Mode Register */
-		cmReg.value = (short)(insn->data[1] & 0xFFFF);
+		cmReg.value = (short)(data[1] & 0xFFFF);
 		cmReg.reg.preloadRegSel = 1;	/*  PR1 */
 		outw(cmReg.value, ADDR_CHAN_REG(REG_C0M, subdev_channel));
 
 		/*  Load the pre-load register 1 high word */
-		value = (short)((insn->data[3] >> 16) & 0xFFFF);
+		value = (short)((data[3] >> 16) & 0xFFFF);
 		outw(value, ADDR_CHAN_REG(REG_C0H, subdev_channel));
 
 		/*  Load the pre-load register 1 low word */
-		value = (short)(insn->data[3] & 0xFFFF);
+		value = (short)(data[3] & 0xFFFF);
 		outw(value, ADDR_CHAN_REG(REG_C0L, subdev_channel));
 
 		/*  Write the Counter Control Register */
-		if (insn->data[4] != 0) {
-			value = (short)(insn->data[4] & 0xFFFF);
+		if (data[4] != 0) {
+			value = (short)(data[4] & 0xFFFF);
 			outw(value, ADDR_CHAN_REG(REG_C0C, subdev_channel));
 		}
 		break;
@@ -428,34 +427,34 @@ static int s526_gpct_insn_config(struct comedi_device *dev,
 		    PulseTrainGeneration;
 
 		/*  Set Counter Mode Register */
-		cmReg.value = (short)(insn->data[1] & 0xFFFF);
+		cmReg.value = (short)(data[1] & 0xFFFF);
 		cmReg.reg.preloadRegSel = 0;	/*  PR0 */
 		outw(cmReg.value, ADDR_CHAN_REG(REG_C0M, subdev_channel));
 
 		/*  Load the pre-load register 0 high word */
-		value = (short)((insn->data[2] >> 16) & 0xFFFF);
+		value = (short)((data[2] >> 16) & 0xFFFF);
 		outw(value, ADDR_CHAN_REG(REG_C0H, subdev_channel));
 
 		/*  Load the pre-load register 0 low word */
-		value = (short)(insn->data[2] & 0xFFFF);
+		value = (short)(data[2] & 0xFFFF);
 		outw(value, ADDR_CHAN_REG(REG_C0L, subdev_channel));
 
 		/*  Set Counter Mode Register */
-		cmReg.value = (short)(insn->data[1] & 0xFFFF);
+		cmReg.value = (short)(data[1] & 0xFFFF);
 		cmReg.reg.preloadRegSel = 1;	/*  PR1 */
 		outw(cmReg.value, ADDR_CHAN_REG(REG_C0M, subdev_channel));
 
 		/*  Load the pre-load register 1 high word */
-		value = (short)((insn->data[3] >> 16) & 0xFFFF);
+		value = (short)((data[3] >> 16) & 0xFFFF);
 		outw(value, ADDR_CHAN_REG(REG_C0H, subdev_channel));
 
 		/*  Load the pre-load register 1 low word */
-		value = (short)(insn->data[3] & 0xFFFF);
+		value = (short)(data[3] & 0xFFFF);
 		outw(value, ADDR_CHAN_REG(REG_C0L, subdev_channel));
 
 		/*  Write the Counter Control Register */
-		if (insn->data[4] != 0) {
-			value = (short)(insn->data[4] & 0xFFFF);
+		if (data[4] != 0) {
+			value = (short)(data[4] & 0xFFFF);
 			outw(value, ADDR_CHAN_REG(REG_C0C, subdev_channel));
 		}
 		break;
@@ -505,14 +504,14 @@ static int s526_gpct_winsn(struct comedi_device *dev,
 		   pulse frequency on the selected source
 		 */
 		printk(KERN_INFO "S526: INSN_WRITE: PTG\n");
-		if ((insn->data[1] > insn->data[0]) && (insn->data[0] > 0)) {
+		if ((data[1] > data[0]) && (data[0] > 0)) {
 			(devpriv->s526_gpct_config[subdev_channel]).data[0] =
-			    insn->data[0];
+			    data[0];
 			(devpriv->s526_gpct_config[subdev_channel]).data[1] =
-			    insn->data[1];
+			    data[1];
 		} else {
 			printk(KERN_ERR "s526: INSN_WRITE: PTG: Problem with Pulse params -> %d %d\n",
-				insn->data[0], insn->data[1]);
+				data[0], data[1]);
 			return -EINVAL;
 		}
 
-- 
1.7.11

More information about the devel mailing list