* re: [SCSI] sd: Ensure we correctly disable devices with unknown protection type
@ 2012-09-26 8:26 Dan Carpenter
2012-09-27 2:39 ` Martin K. Petersen
0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2012-09-26 8:26 UTC (permalink / raw)
To: martin.petersen; +Cc: linux-scsi
Hi Martin,
The patch fe542396da73: "[SCSI] sd: Ensure we correctly disable
devices with unknown protection type" from Sep 21, 2012, leads to the
following warning:
include/scsi/scsi_host.h:879 scsi_host_dif_capable()
warn: buffer overflow 'cap' 4 <= 4
838 enum scsi_host_prot_capabilities {
839 SHOST_DIF_TYPE1_PROTECTION = 1 << 0, /* T10 DIF Type 1 */
840 SHOST_DIF_TYPE2_PROTECTION = 1 << 1, /* T10 DIF Type 2 */
841 SHOST_DIF_TYPE3_PROTECTION = 1 << 2, /* T10 DIF Type 3 */
842
843 SHOST_DIX_TYPE0_PROTECTION = 1 << 3, /* DIX between OS and HBA only */
844 SHOST_DIX_TYPE1_PROTECTION = 1 << 4, /* DIX with DIF Type 1 */
845 SHOST_DIX_TYPE2_PROTECTION = 1 << 5, /* DIX with DIF Type 2 */
846 SHOST_DIX_TYPE3_PROTECTION = 1 << 6, /* DIX with DIF Type 3 */
847 };
869 static inline unsigned int scsi_host_dif_capable(struct Scsi_Host *shost, unsigned int target_type)
870 {
871 static unsigned char cap[] = { 0,
872 SHOST_DIF_TYPE1_PROTECTION,
873 SHOST_DIF_TYPE2_PROTECTION,
874 SHOST_DIF_TYPE3_PROTECTION };
875
876 if (target_type > SHOST_DIF_TYPE3_PROTECTION)
877 return 0;
878
879 return shost->prot_capabilities & cap[target_type] ? target_type : 0;
^^^^^^^^^^^^^^^^
It looks like we're doing cap[1 << 2] here not cap[2].
880 }
882 static inline unsigned int scsi_host_dix_capable(struct Scsi_Host *shost, unsigned int target_type)
883 {
884 #if defined(CONFIG_BLK_DEV_INTEGRITY)
885 static unsigned char cap[] = { SHOST_DIX_TYPE0_PROTECTION,
886 SHOST_DIX_TYPE1_PROTECTION,
887 SHOST_DIX_TYPE2_PROTECTION,
888 SHOST_DIX_TYPE3_PROTECTION };
889
890 if (target_type > SHOST_DIX_TYPE3_PROTECTION)
891 return 0;
892
893 return shost->prot_capabilities & cap[target_type];
^^^^^^^^^^^^^^^^^
We're doing cap[1 << 6] here, not cap[6];
894 #endif
895 return 0;
896 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [SCSI] sd: Ensure we correctly disable devices with unknown protection type
2012-09-26 8:26 [SCSI] sd: Ensure we correctly disable devices with unknown protection type Dan Carpenter
@ 2012-09-27 2:39 ` Martin K. Petersen
2013-02-06 19:29 ` Dan Carpenter
0 siblings, 1 reply; 4+ messages in thread
From: Martin K. Petersen @ 2012-09-27 2:39 UTC (permalink / raw)
To: Dan Carpenter; +Cc: martin.petersen, linux-scsi
>>>>> "Dan" == Dan Carpenter <dan.carpenter@oracle.com> writes:
Dan,
Dan> warn: buffer overflow 'cap' 4 <= 4
Argh, yes. Type 3 is 4 because it's a bitmask.
--
Martin K. Petersen Oracle Linux Engineering
SCSI: Fix range check in scsi_host.h
The range checking from fe542396 was bad. We would still end up walking
beyond the array as Type 3 is defined to be 4 in the protection
bitmask. Instead use ARRAY_SIZE() for the range check.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
diff --git a/include/scsi/scsi_host.h b/include/scsi/scsi_host.h
index 4908480..2b6956e 100644
--- a/include/scsi/scsi_host.h
+++ b/include/scsi/scsi_host.h
@@ -873,7 +873,7 @@ static inline unsigned int scsi_host_dif_capable(struct Scsi_Host *shost, unsign
SHOST_DIF_TYPE2_PROTECTION,
SHOST_DIF_TYPE3_PROTECTION };
- if (target_type > SHOST_DIF_TYPE3_PROTECTION)
+ if (target_type >= ARRAY_SIZE(cap))
return 0;
return shost->prot_capabilities & cap[target_type] ? target_type : 0;
@@ -887,7 +887,7 @@ static inline unsigned int scsi_host_dix_capable(struct Scsi_Host *shost, unsign
SHOST_DIX_TYPE2_PROTECTION,
SHOST_DIX_TYPE3_PROTECTION };
- if (target_type > SHOST_DIX_TYPE3_PROTECTION)
+ if (target_type >= ARRAY_SIZE(cap))
return 0;
return shost->prot_capabilities & cap[target_type];
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [SCSI] sd: Ensure we correctly disable devices with unknown protection type
2012-09-27 2:39 ` Martin K. Petersen
@ 2013-02-06 19:29 ` Dan Carpenter
2013-02-07 19:24 ` Martin K. Petersen
0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2013-02-06 19:29 UTC (permalink / raw)
To: Martin K. Petersen; +Cc: linux-scsi
This patch wasn't applied. Probably because it didn't have
[PATCH] in the email subject.
regards,
dan carpenter
On Wed, Sep 26, 2012 at 10:39:44PM -0400, Martin K. Petersen wrote:
> >>>>> "Dan" == Dan Carpenter <dan.carpenter@oracle.com> writes:
>
> Dan,
>
> Dan> warn: buffer overflow 'cap' 4 <= 4
>
> Argh, yes. Type 3 is 4 because it's a bitmask.
>
> --
> Martin K. Petersen Oracle Linux Engineering
>
>
> SCSI: Fix range check in scsi_host.h
>
> The range checking from fe542396 was bad. We would still end up walking
> beyond the array as Type 3 is defined to be 4 in the protection
> bitmask. Instead use ARRAY_SIZE() for the range check.
>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
>
> diff --git a/include/scsi/scsi_host.h b/include/scsi/scsi_host.h
> index 4908480..2b6956e 100644
> --- a/include/scsi/scsi_host.h
> +++ b/include/scsi/scsi_host.h
> @@ -873,7 +873,7 @@ static inline unsigned int scsi_host_dif_capable(struct Scsi_Host *shost, unsign
> SHOST_DIF_TYPE2_PROTECTION,
> SHOST_DIF_TYPE3_PROTECTION };
>
> - if (target_type > SHOST_DIF_TYPE3_PROTECTION)
> + if (target_type >= ARRAY_SIZE(cap))
> return 0;
>
> return shost->prot_capabilities & cap[target_type] ? target_type : 0;
> @@ -887,7 +887,7 @@ static inline unsigned int scsi_host_dix_capable(struct Scsi_Host *shost, unsign
> SHOST_DIX_TYPE2_PROTECTION,
> SHOST_DIX_TYPE3_PROTECTION };
>
> - if (target_type > SHOST_DIX_TYPE3_PROTECTION)
> + if (target_type >= ARRAY_SIZE(cap))
> return 0;
>
> return shost->prot_capabilities & cap[target_type];
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [SCSI] sd: Ensure we correctly disable devices with unknown protection type
2013-02-06 19:29 ` Dan Carpenter
@ 2013-02-07 19:24 ` Martin K. Petersen
0 siblings, 0 replies; 4+ messages in thread
From: Martin K. Petersen @ 2013-02-07 19:24 UTC (permalink / raw)
To: Dan Carpenter; +Cc: Martin K. Petersen, linux-scsi
>>>>> "Dan" == Dan Carpenter <dan.carpenter@oracle.com> writes:
Dan> This patch wasn't applied.
Nope, but it hasn't been forgotten. I have it in my resubmit queue with
a couple of other stable fixes.
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-02-07 19:24 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-09-26 8:26 [SCSI] sd: Ensure we correctly disable devices with unknown protection type Dan Carpenter
2012-09-27 2:39 ` Martin K. Petersen
2013-02-06 19:29 ` Dan Carpenter
2013-02-07 19:24 ` Martin K. Petersen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.