Showing error 1818

User: Jiri Slaby
Error type: Invalid Pointer Dereference
Error type description: A pointer which is invalid is being dereferenced
File location: drivers/message/i2o/i2o_config.c
Line in file: 507
Project: Linux Kernel
Project version: 2.6.28
Tools: Smatch (1.59)
Entered: 2013-09-11 08:47:26 UTC

Source: 

 477                return -ENODEV;
 478
 479        msg = i2o_msg_get_wait(c, I2O_TIMEOUT_MESSAGE_GET);
 480        if (IS_ERR(msg))
 481                return PTR_ERR(msg);
 482
 483        msg->u.head[0] = cpu_to_le32(FOUR_WORD_MSG_SIZE | SGL_OFFSET_0);
 484        msg->u.head[1] =
 485            cpu_to_le32(I2O_CMD_UTIL_EVT_REGISTER << 24 | HOST_TID << 12 |
 486                        kdesc.tid);
 487        msg->u.head[2] = cpu_to_le32(i2o_config_driver.context);
 488        msg->u.head[3] = cpu_to_le32(i2o_cntxt_list_add(c, fp->private_data));
 489        msg->body[0] = cpu_to_le32(kdesc.evt_mask);
 490
 491        i2o_msg_post(c, msg);
 492
 493        return 0;
 494}
 495
 496static int i2o_cfg_evt_get(unsigned long arg, struct file *fp)
 497{
 498        struct i2o_cfg_info *p = NULL;
 499        struct i2o_evt_get __user *uget = (struct i2o_evt_get __user *)arg;
 500        struct i2o_evt_get kget;
 501        unsigned long flags;
 502
 503        for (p = open_files; p; p = p->next)
 504                if (p->q_id == (ulong) fp->private_data)
 505                        break;
 506
 507        if (!p->q_len)
 508                return -ENOENT;
 509
 510        memcpy(&kget.info, &p->event_q[p->q_out], sizeof(struct i2o_evt_info));
 511        MODINC(p->q_out, I2O_EVT_Q_LEN);
 512        spin_lock_irqsave(&i2o_config_lock, flags);
 513        p->q_len--;
 514        kget.pending = p->q_len;
 515        kget.lost = p->q_lost;
 516        spin_unlock_irqrestore(&i2o_config_lock, flags);
 517
Show full sources