* Re: [PATCH] [SCSI] megaraid_sas: Fix possible divide-by-zero bugs in megaraid_sas_fp.c
@ 2021-08-21 19:14 kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2021-08-21 19:14 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 20868 bytes --]
CC: clang-built-linux(a)googlegroups.com
CC: kbuild-all(a)lists.01.org
In-Reply-To: <20210811131647.9300-1-islituo@gmail.com>
References: <20210811131647.9300-1-islituo@gmail.com>
TO: Tuo Li <islituo@gmail.com>
TO: kashyap.desai(a)broadcom.com
TO: sumit.saxena(a)broadcom.com
TO: shivasharan.srikanteshwara(a)broadcom.com
TO: jejb(a)linux.ibm.com
TO: martin.petersen(a)oracle.com
CC: megaraidlinux.pdl(a)broadcom.com
CC: linux-scsi(a)vger.kernel.org
CC: linux-kernel(a)vger.kernel.org
CC: baijiaju1990(a)gmail.com
CC: Tuo Li <islituo@gmail.com>
Hi Tuo,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on mkp-scsi/for-next]
[also build test WARNING on scsi/for-next linux/master linus/master v5.14-rc6 next-20210820]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Tuo-Li/megaraid_sas-Fix-possible-divide-by-zero-bugs-in-megaraid_sas_fp-c/20210811-211944
base: https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git for-next
:::::: branch date: 10 days ago
:::::: commit date: 10 days ago
config: x86_64-randconfig-c001-20210810 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project d39ebdae674c8efc84ebe8dc32716ec353220530)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/0day-ci/linux/commit/5397652c5a3ddb7ddee62fa672ab5fd2065b1e5c
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Tuo-Li/megaraid_sas-Fix-possible-divide-by-zero-bugs-in-megaraid_sas_fp-c/20210811-211944
git checkout 5397652c5a3ddb7ddee62fa672ab5fd2065b1e5c
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
if (req->long_data) {
^
drivers/memstick/host/rtsx_pci_ms.c:352:9: note: Calling 'ms_transfer_data'
err = ms_transfer_data(host, req->data_dir,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/memstick/host/rtsx_pci_ms.c:137:18: note: Assuming field 'type' is not equal to MEMSTICK_TYPE_PRO
bool pro_card = card->id.type == MEMSTICK_TYPE_PRO;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/memstick/host/rtsx_pci_ms.c:140:20: note: Assuming 'data_dir' is equal to 0
__func__, tpc, (data_dir == READ) ? "READ" : "WRITE",
^
include/linux/dev_printk.h:126:46: note: expanded from macro 'dev_dbg'
dev_printk(KERN_DEBUG, dev, dev_fmt(fmt), ##__VA_ARGS__)
^~~~~~~~~~~
drivers/memstick/host/rtsx_pci_ms.c:140:19: note: '?' condition is true
__func__, tpc, (data_dir == READ) ? "READ" : "WRITE",
^
drivers/memstick/host/rtsx_pci_ms.c:143:6: note: 'data_dir' is equal to READ
if (data_dir == READ) {
^~~~~~~~
drivers/memstick/host/rtsx_pci_ms.c:143:2: note: Taking true branch
if (data_dir == READ) {
^
drivers/memstick/host/rtsx_pci_ms.c:145:16: note: 'pro_card' is false
trans_mode = pro_card ? MS_TM_AUTO_READ : MS_TM_NORMAL_READ;
^~~~~~~~
drivers/memstick/host/rtsx_pci_ms.c:145:16: note: '?' condition is false
drivers/memstick/host/rtsx_pci_ms.c:154:6: note: 'pro_card' is false
if (pro_card) {
^~~~~~~~
drivers/memstick/host/rtsx_pci_ms.c:154:2: note: Taking false branch
if (pro_card) {
^
drivers/memstick/host/rtsx_pci_ms.c:180:8: note: Value assigned to field 'need_card_int', which participates in a condition later
err = rtsx_pci_transfer_data(pcr, sg, 1, data_dir == READ, 10000);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/memstick/host/rtsx_pci_ms.c:181:6: note: Assuming 'err' is >= 0
if (err < 0) {
^~~~~~~
drivers/memstick/host/rtsx_pci_ms.c:181:2: note: Taking false branch
if (err < 0) {
^
drivers/memstick/host/rtsx_pci_ms.c:187:6: note: 'pro_card' is false
if (pro_card) {
^~~~~~~~
drivers/memstick/host/rtsx_pci_ms.c:187:2: note: Taking false branch
if (pro_card) {
^
drivers/memstick/host/rtsx_pci_ms.c:192:7: note: Assuming the condition is false
if (val & (MS_CRC16_ERR | MS_RDY_TIMEOUT))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/memstick/host/rtsx_pci_ms.c:192:3: note: Taking false branch
if (val & (MS_CRC16_ERR | MS_RDY_TIMEOUT))
^
drivers/memstick/host/rtsx_pci_ms.c:352:9: note: Returning from 'ms_transfer_data'
err = ms_transfer_data(host, req->data_dir,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/memstick/host/rtsx_pci_ms.c:363:6: note: 'err' is >= 0
if (err < 0)
^~~
drivers/memstick/host/rtsx_pci_ms.c:363:2: note: Taking false branch
if (err < 0)
^
drivers/memstick/host/rtsx_pci_ms.c:366:6: note: Assuming field 'need_card_int' is not equal to 0
if (req->need_card_int && (host->ifmode == MEMSTICK_SERIAL)) {
^~~~~~~~~~~~~~~~~~
drivers/memstick/host/rtsx_pci_ms.c:366:6: note: Left side of '&&' is true
drivers/memstick/host/rtsx_pci_ms.c:366:29: note: Assuming field 'ifmode' is not equal to MEMSTICK_SERIAL
if (req->need_card_int && (host->ifmode == MEMSTICK_SERIAL)) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/memstick/host/rtsx_pci_ms.c:366:2: note: Taking false branch
if (req->need_card_int && (host->ifmode == MEMSTICK_SERIAL)) {
^
drivers/memstick/host/rtsx_pci_ms.c:373:11: note: Field 'need_card_int' is not equal to 0
if (req->need_card_int) {
^
drivers/memstick/host/rtsx_pci_ms.c:373:2: note: Taking true branch
if (req->need_card_int) {
^
drivers/memstick/host/rtsx_pci_ms.c:374:3: note: 4th function call argument is an uninitialized value
dev_dbg(ms_dev(host), "int_reg: 0x%02x\n", int_reg);
^
include/linux/dev_printk.h:126:2: note: expanded from macro 'dev_dbg'
dev_printk(KERN_DEBUG, dev, dev_fmt(fmt), ##__VA_ARGS__)
^ ~~~~~~~~~~~
drivers/memstick/host/rtsx_pci_ms.c:451:4: warning: Value stored to 'err' is never read [clang-analyzer-deadcode.DeadStores]
err = ms_power_on(host);
^ ~~~~~~~~~~~~~~~~~
drivers/memstick/host/rtsx_pci_ms.c:451:4: note: Value stored to 'err' is never read
err = ms_power_on(host);
^ ~~~~~~~~~~~~~~~~~
drivers/memstick/host/rtsx_pci_ms.c:453:4: warning: Value stored to 'err' is never read [clang-analyzer-deadcode.DeadStores]
err = ms_power_off(host);
^ ~~~~~~~~~~~~~~~~~~
drivers/memstick/host/rtsx_pci_ms.c:453:4: note: Value stored to 'err' is never read
err = ms_power_off(host);
^ ~~~~~~~~~~~~~~~~~~
Suppressed 7 warnings (7 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
9 warnings generated.
>> drivers/scsi/megaraid/megaraid_sas_fp.c:951:34: warning: The result of the left shift is undefined because the left operand is negative [clang-analyzer-core.UndefinedBinaryOperatorResult]
(u16)(rightmostParityArm << RAID_CTX_R56_P_ARM_SHIFT);
^
drivers/scsi/megaraid/megaraid_sas_fp.c:1013:6: note: Assuming field 'rowDataSize' is not equal to 0
if (raid->rowDataSize == 0) {
^~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/megaraid/megaraid_sas_fp.c:1013:2: note: Taking false branch
if (raid->rowDataSize == 0) {
^
drivers/scsi/megaraid/megaraid_sas_fp.c:1043:15: note: Field 'IoforUnevenSpan' is 0
if (io_info->IoforUnevenSpan) {
^
drivers/scsi/megaraid/megaraid_sas_fp.c:1043:2: note: Taking false branch
if (io_info->IoforUnevenSpan) {
^
drivers/scsi/megaraid/megaraid_sas_fp.c:1088:6: note: Assuming field 'fpCapable' is 0
if (raid->capability.fpCapable) {
^~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/megaraid/megaraid_sas_fp.c:1088:2: note: Taking false branch
if (raid->capability.fpCapable) {
^
drivers/scsi/megaraid/megaraid_sas_fp.c:1102:6: note: Assuming 'numRows' is equal to 1
if (numRows == 1) {
^~~~~~~~~~~~
drivers/scsi/megaraid/megaraid_sas_fp.c:1102:2: note: Taking true branch
if (numRows == 1) {
^
drivers/scsi/megaraid/megaraid_sas_fp.c:1104:7: note: Assuming 'num_strips' is not equal to 1
if (num_strips == 1) {
^~~~~~~~~~~~~~~
drivers/scsi/megaraid/megaraid_sas_fp.c:1104:3: note: Taking false branch
if (num_strips == 1) {
^
drivers/scsi/megaraid/megaraid_sas_fp.c:1157:15: note: Assuming field 'fpIoTimeoutForLd' is not equal to 0
cpu_to_le16(raid->fpIoTimeoutForLd ?
^
include/linux/byteorder/generic.h:90:21: note: expanded from macro 'cpu_to_le16'
#define cpu_to_le16 __cpu_to_le16
^
include/uapi/linux/byteorder/little_endian.h:35:51: note: expanded from macro '__cpu_to_le16'
#define __cpu_to_le16(x) ((__force __le16)(__u16)(x))
^
drivers/scsi/megaraid/megaraid_sas_fp.c:1157:15: note: '?' condition is true
cpu_to_le16(raid->fpIoTimeoutForLd ?
^
include/linux/byteorder/generic.h:90:21: note: expanded from macro 'cpu_to_le16'
#define cpu_to_le16 __cpu_to_le16
^
drivers/scsi/megaraid/megaraid_sas_fp.c:1160:6: note: Assuming field 'adapter_type' is not equal to INVADER_SERIES
if (instance->adapter_type == INVADER_SERIES)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/megaraid/megaraid_sas_fp.c:1160:2: note: Taking false branch
if (instance->adapter_type == INVADER_SERIES)
^
drivers/scsi/megaraid/megaraid_sas_fp.c:1163:11: note: Assuming field 'adapter_type' is not equal to THUNDERBOLT_SERIES
else if (instance->adapter_type == THUNDERBOLT_SERIES)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/megaraid/megaraid_sas_fp.c:1163:7: note: Taking false branch
else if (instance->adapter_type == THUNDERBOLT_SERIES)
^
drivers/scsi/megaraid/megaraid_sas_fp.c:1174:6: note: Assuming field 'r56_div_offload' is true
if (fusion->r56_div_offload && (raid->level >= 5) && !isRead) {
^~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/megaraid/megaraid_sas_fp.c:1174:6: note: Left side of '&&' is true
drivers/scsi/megaraid/megaraid_sas_fp.c:1174:34: note: Assuming field 'level' is >= 5
if (fusion->r56_div_offload && (raid->level >= 5) && !isRead) {
^~~~~~~~~~~~~~~~
drivers/scsi/megaraid/megaraid_sas_fp.c:1174:6: note: Left side of '&&' is true
if (fusion->r56_div_offload && (raid->level >= 5) && !isRead) {
^
drivers/scsi/megaraid/megaraid_sas_fp.c:1174:55: note: Assuming 'isRead' is 0
if (fusion->r56_div_offload && (raid->level >= 5) && !isRead) {
^~~~~~~
drivers/scsi/megaraid/megaraid_sas_fp.c:1174:2: note: Taking true branch
if (fusion->r56_div_offload && (raid->level >= 5) && !isRead) {
^
drivers/scsi/megaraid/megaraid_sas_fp.c:1175:3: note: Calling 'mr_get_phy_params_r56_rmw'
mr_get_phy_params_r56_rmw(instance, ld, start_strip, io_info,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/megaraid/megaraid_sas_fp.c:923:2: note: The value -1 is assigned to 'rightmostParityArm'
rightmostParityArm = (arms - 1) - mega_mod64(rowNum, arms);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/scsi/megaraid/megaraid_sas_fp.c:930:6: note: Assuming field 'spanDepth' is equal to 1
if (raid->spanDepth == 1) {
^~~~~~~~~~~~~~~~~~~~
drivers/scsi/megaraid/megaraid_sas_fp.c:930:2: note: Taking true branch
if (raid->spanDepth == 1) {
^
drivers/scsi/megaraid/megaraid_sas_fp.c:938:6: note: Assuming field 'level' is not equal to 6
if (raid->level == 6) {
^~~~~~~~~~~~~~~~
drivers/scsi/megaraid/megaraid_sas_fp.c:938:2: note: Taking false branch
if (raid->level == 6) {
^
drivers/scsi/megaraid/megaraid_sas_fp.c:951:34: note: The result of the left shift is undefined because the left operand is negative
(u16)(rightmostParityArm << RAID_CTX_R56_P_ARM_SHIFT);
~~~~~~~~~~~~~~~~~~ ^
drivers/scsi/megaraid/megaraid_sas_fp.c:1386:3: warning: Value stored to 'bestArm' is never read [clang-analyzer-deadcode.DeadStores]
bestArm = arm;
^ ~~~
drivers/scsi/megaraid/megaraid_sas_fp.c:1386:3: note: Value stored to 'bestArm' is never read
vim +951 drivers/scsi/megaraid/megaraid_sas_fp.c
9c915a8c99bce6 Adam Radford 2010-12-21 893
7fc557005c454f Chandrakanth Patil 2019-06-25 894 /*
7fc557005c454f Chandrakanth Patil 2019-06-25 895 * mr_get_phy_params_r56_rmw - Calculate parameters for R56 CTIO write operation
7fc557005c454f Chandrakanth Patil 2019-06-25 896 * @instance: Adapter soft state
7fc557005c454f Chandrakanth Patil 2019-06-25 897 * @ld: LD index
7fc557005c454f Chandrakanth Patil 2019-06-25 898 * @stripNo: Strip Number
7fc557005c454f Chandrakanth Patil 2019-06-25 899 * @io_info: IO info structure pointer
7fc557005c454f Chandrakanth Patil 2019-06-25 900 * pRAID_Context: RAID context pointer
7fc557005c454f Chandrakanth Patil 2019-06-25 901 * map: RAID map pointer
7fc557005c454f Chandrakanth Patil 2019-06-25 902 *
7fc557005c454f Chandrakanth Patil 2019-06-25 903 * This routine calculates the logical arm, data Arm, row number and parity arm
7fc557005c454f Chandrakanth Patil 2019-06-25 904 * for R56 CTIO write operation.
7fc557005c454f Chandrakanth Patil 2019-06-25 905 */
7fc557005c454f Chandrakanth Patil 2019-06-25 906 static void mr_get_phy_params_r56_rmw(struct megasas_instance *instance,
7fc557005c454f Chandrakanth Patil 2019-06-25 907 u32 ld, u64 stripNo,
7fc557005c454f Chandrakanth Patil 2019-06-25 908 struct IO_REQUEST_INFO *io_info,
7fc557005c454f Chandrakanth Patil 2019-06-25 909 struct RAID_CONTEXT_G35 *pRAID_Context,
7fc557005c454f Chandrakanth Patil 2019-06-25 910 struct MR_DRV_RAID_MAP_ALL *map)
7fc557005c454f Chandrakanth Patil 2019-06-25 911 {
7fc557005c454f Chandrakanth Patil 2019-06-25 912 struct MR_LD_RAID *raid = MR_LdRaidGet(ld, map);
7fc557005c454f Chandrakanth Patil 2019-06-25 913 u8 span, dataArms, arms, dataArm, logArm;
7fc557005c454f Chandrakanth Patil 2019-06-25 914 s8 rightmostParityArm, PParityArm;
7fc557005c454f Chandrakanth Patil 2019-06-25 915 u64 rowNum;
7fc557005c454f Chandrakanth Patil 2019-06-25 916 u64 *pdBlock = &io_info->pdBlock;
7fc557005c454f Chandrakanth Patil 2019-06-25 917
7fc557005c454f Chandrakanth Patil 2019-06-25 918 dataArms = raid->rowDataSize;
7fc557005c454f Chandrakanth Patil 2019-06-25 919 arms = raid->rowSize;
7fc557005c454f Chandrakanth Patil 2019-06-25 920
7fc557005c454f Chandrakanth Patil 2019-06-25 921 rowNum = mega_div64_32(stripNo, dataArms);
7fc557005c454f Chandrakanth Patil 2019-06-25 922 /* parity disk arm, first arm is 0 */
7fc557005c454f Chandrakanth Patil 2019-06-25 923 rightmostParityArm = (arms - 1) - mega_mod64(rowNum, arms);
7fc557005c454f Chandrakanth Patil 2019-06-25 924
7fc557005c454f Chandrakanth Patil 2019-06-25 925 /* logical arm within row */
7fc557005c454f Chandrakanth Patil 2019-06-25 926 logArm = mega_mod64(stripNo, dataArms);
7fc557005c454f Chandrakanth Patil 2019-06-25 927 /* physical arm for data */
7fc557005c454f Chandrakanth Patil 2019-06-25 928 dataArm = mega_mod64((rightmostParityArm + 1 + logArm), arms);
7fc557005c454f Chandrakanth Patil 2019-06-25 929
7fc557005c454f Chandrakanth Patil 2019-06-25 930 if (raid->spanDepth == 1) {
7fc557005c454f Chandrakanth Patil 2019-06-25 931 span = 0;
7fc557005c454f Chandrakanth Patil 2019-06-25 932 } else {
7fc557005c454f Chandrakanth Patil 2019-06-25 933 span = (u8)MR_GetSpanBlock(ld, rowNum, pdBlock, map);
7fc557005c454f Chandrakanth Patil 2019-06-25 934 if (span == SPAN_INVALID)
7fc557005c454f Chandrakanth Patil 2019-06-25 935 return;
7fc557005c454f Chandrakanth Patil 2019-06-25 936 }
7fc557005c454f Chandrakanth Patil 2019-06-25 937
7fc557005c454f Chandrakanth Patil 2019-06-25 938 if (raid->level == 6) {
7fc557005c454f Chandrakanth Patil 2019-06-25 939 /* P Parity arm, note this can go negative adjust if negative */
7fc557005c454f Chandrakanth Patil 2019-06-25 940 PParityArm = (arms - 2) - mega_mod64(rowNum, arms);
7fc557005c454f Chandrakanth Patil 2019-06-25 941
7fc557005c454f Chandrakanth Patil 2019-06-25 942 if (PParityArm < 0)
7fc557005c454f Chandrakanth Patil 2019-06-25 943 PParityArm += arms;
7fc557005c454f Chandrakanth Patil 2019-06-25 944
7fc557005c454f Chandrakanth Patil 2019-06-25 945 /* rightmostParityArm is P-Parity for RAID 5 and Q-Parity for RAID */
7fc557005c454f Chandrakanth Patil 2019-06-25 946 pRAID_Context->flow_specific.r56_arm_map = rightmostParityArm;
7fc557005c454f Chandrakanth Patil 2019-06-25 947 pRAID_Context->flow_specific.r56_arm_map |=
7fc557005c454f Chandrakanth Patil 2019-06-25 948 (u16)(PParityArm << RAID_CTX_R56_P_ARM_SHIFT);
7fc557005c454f Chandrakanth Patil 2019-06-25 949 } else {
7fc557005c454f Chandrakanth Patil 2019-06-25 950 pRAID_Context->flow_specific.r56_arm_map |=
7fc557005c454f Chandrakanth Patil 2019-06-25 @951 (u16)(rightmostParityArm << RAID_CTX_R56_P_ARM_SHIFT);
7fc557005c454f Chandrakanth Patil 2019-06-25 952 }
7fc557005c454f Chandrakanth Patil 2019-06-25 953
7fc557005c454f Chandrakanth Patil 2019-06-25 954 pRAID_Context->reg_lock_row_lba = cpu_to_le64(rowNum);
7fc557005c454f Chandrakanth Patil 2019-06-25 955 pRAID_Context->flow_specific.r56_arm_map |=
7fc557005c454f Chandrakanth Patil 2019-06-25 956 (u16)(logArm << RAID_CTX_R56_LOG_ARM_SHIFT);
7fc557005c454f Chandrakanth Patil 2019-06-25 957 cpu_to_le16s(&pRAID_Context->flow_specific.r56_arm_map);
7fc557005c454f Chandrakanth Patil 2019-06-25 958 pRAID_Context->span_arm = (span << RAID_CTX_SPANARM_SPAN_SHIFT) | dataArm;
7fc557005c454f Chandrakanth Patil 2019-06-25 959 pRAID_Context->raid_flags = (MR_RAID_FLAGS_IO_SUB_TYPE_R56_DIV_OFFLOAD <<
7fc557005c454f Chandrakanth Patil 2019-06-25 960 MR_RAID_CTX_RAID_FLAGS_IO_SUB_TYPE_SHIFT);
7fc557005c454f Chandrakanth Patil 2019-06-25 961
7fc557005c454f Chandrakanth Patil 2019-06-25 962 return;
7fc557005c454f Chandrakanth Patil 2019-06-25 963 }
7fc557005c454f Chandrakanth Patil 2019-06-25 964
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 36323 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread* [PATCH] [SCSI] megaraid_sas: Fix possible divide-by-zero bugs in megaraid_sas_fp.c
@ 2021-08-11 13:16 Tuo Li
2021-08-11 13:58 ` James Bottomley
0 siblings, 1 reply; 3+ messages in thread
From: Tuo Li @ 2021-08-11 13:16 UTC (permalink / raw)
To: kashyap.desai, sumit.saxena, shivasharan.srikanteshwara, jejb,
martin.petersen
Cc: megaraidlinux.pdl, linux-scsi, linux-kernel, baijiaju1990,
Tuo Li, TOTE Robot
In the function mega_mod64(). the variable is checked in:
if (!divisor)
This indicates that divisor can be zero.
If so, a divide-by-zero bug will occur:
remainder = do_div(d, divisor);
Also, in the function mega_div64_32(), a divide-by-zero bug can also occur
if divisor is NULL.
To fix these divide-by-zero bugs, the functions return 0 if divisor is
zero.
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Tuo Li <islituo@gmail.com>
---
drivers/scsi/megaraid/megaraid_sas_fp.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/megaraid/megaraid_sas_fp.c b/drivers/scsi/megaraid/megaraid_sas_fp.c
index 83f69c33b01a..05eb0d201aed 100644
--- a/drivers/scsi/megaraid/megaraid_sas_fp.c
+++ b/drivers/scsi/megaraid/megaraid_sas_fp.c
@@ -72,8 +72,10 @@ u32 mega_mod64(u64 dividend, u32 divisor)
u64 d;
u32 remainder;
- if (!divisor)
+ if (!divisor) {
printk(KERN_ERR "megasas : DIVISOR is zero, in div fn\n");
+ return 0;
+ }
d = dividend;
remainder = do_div(d, divisor);
return remainder;
@@ -90,8 +92,10 @@ static u64 mega_div64_32(uint64_t dividend, uint32_t divisor)
{
u64 d = dividend;
- if (!divisor)
+ if (!divisor) {
printk(KERN_ERR "megasas : DIVISOR is zero in mod fn\n");
+ return 0;
+ }
do_div(d, divisor);
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] [SCSI] megaraid_sas: Fix possible divide-by-zero bugs in megaraid_sas_fp.c
2021-08-11 13:16 Tuo Li
@ 2021-08-11 13:58 ` James Bottomley
0 siblings, 0 replies; 3+ messages in thread
From: James Bottomley @ 2021-08-11 13:58 UTC (permalink / raw)
To: Tuo Li, kashyap.desai, sumit.saxena, shivasharan.srikanteshwara,
martin.petersen
Cc: megaraidlinux.pdl, linux-scsi, linux-kernel, baijiaju1990, TOTE Robot
On Wed, 2021-08-11 at 06:16 -0700, Tuo Li wrote:
> In the function mega_mod64(). the variable is checked in:
> if (!divisor)
>
> This indicates that divisor can be zero.
> If so, a divide-by-zero bug will occur:
> remainder = do_div(d, divisor);
>
> Also, in the function mega_div64_32(), a divide-by-zero bug can also
> occur if divisor is NULL.
>
> To fix these divide-by-zero bugs, the functions return 0 if divisor
> is zero.
How exactly is this fixing anything? Simply returning zero because
there is a dividion by zero isn't a fix unless you know what that
return is going to do. If you look at the inputs to all the
mega_div/mod functions, they're already checked for zero divisor before
calling, so the error handling is already being done correctly and this
"fix" would add nothing to that. You can argue that the check and
print is pointless since the condition never occurs, but it's not
exactly fast path code.
James
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-08-21 19:14 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-21 19:14 [PATCH] [SCSI] megaraid_sas: Fix possible divide-by-zero bugs in megaraid_sas_fp.c kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2021-08-11 13:16 Tuo Li
2021-08-11 13:58 ` James Bottomley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.