* [PATCH RESEND] cxlflash: a couple off by one bugs
@ 2015-12-02 23:26 Matthew R. Ochs
2015-12-03 9:18 ` Johannes Thumshirn
2015-12-10 17:54 ` Martin K. Petersen
0 siblings, 2 replies; 3+ messages in thread
From: Matthew R. Ochs @ 2015-12-02 23:26 UTC (permalink / raw)
To: James Bottomley
Cc: Dan Carpenter, Manoj N. Kumar, Wen Xiong, Michael Neuling,
Uma Krishnan, linux-scsi, kernel-janitors
From: Dan Carpenter <dan.carpenter@oracle.com>
The "> MAX_CONTEXT" should be ">= MAX_CONTEXT". Otherwise we go one
step beyond the end of the cfg->ctx_tbl[] array.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Manoj Kumar <manoj@linux.vnet.ibm.com>
Acked-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
Signed-off-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
---
This patch was originally sent by Dan Carpenter in September 2015. I had
based my large patch series that went into 4.4 off of it but this patch
appears to have not made it in. As a valid fix, I'd like to see this make
it into 'next'. I've gone ahead and performed the rebase so that it
applies cleanly.
drivers/scsi/cxlflash/superpipe.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/cxlflash/superpipe.c b/drivers/scsi/cxlflash/superpipe.c
index cac2e6a..34b21a0 100644
--- a/drivers/scsi/cxlflash/superpipe.c
+++ b/drivers/scsi/cxlflash/superpipe.c
@@ -1380,7 +1380,7 @@ static int cxlflash_disk_attach(struct scsi_device *sdev,
}
ctxid = cxl_process_element(ctx);
- if (unlikely((ctxid > MAX_CONTEXT) || (ctxid < 0))) {
+ if (unlikely((ctxid >= MAX_CONTEXT) || (ctxid < 0))) {
dev_err(dev, "%s: ctxid (%d) invalid!\n", __func__, ctxid);
rc = -EPERM;
goto err2;
@@ -1508,7 +1508,7 @@ static int recover_context(struct cxlflash_cfg *cfg, struct ctx_info *ctxi)
}
ctxid = cxl_process_element(ctx);
- if (unlikely((ctxid > MAX_CONTEXT) || (ctxid < 0))) {
+ if (unlikely((ctxid >= MAX_CONTEXT) || (ctxid < 0))) {
dev_err(dev, "%s: ctxid (%d) invalid!\n", __func__, ctxid);
rc = -EPERM;
goto err1;
--
2.1.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH RESEND] cxlflash: a couple off by one bugs
2015-12-02 23:26 [PATCH RESEND] cxlflash: a couple off by one bugs Matthew R. Ochs
@ 2015-12-03 9:18 ` Johannes Thumshirn
2015-12-10 17:54 ` Martin K. Petersen
1 sibling, 0 replies; 3+ messages in thread
From: Johannes Thumshirn @ 2015-12-03 9:18 UTC (permalink / raw)
To: Matthew R. Ochs, James Bottomley
Cc: Dan Carpenter, Manoj N. Kumar, Wen Xiong, Michael Neuling,
Uma Krishnan, linux-scsi, kernel-janitors
On Wed, 2015-12-02 at 17:26 -0600, Matthew R. Ochs wrote:
> From: Dan Carpenter <dan.carpenter@oracle.com>
>
> The "> MAX_CONTEXT" should be ">= MAX_CONTEXT". Otherwise we go one
> step beyond the end of the cfg->ctx_tbl[] array.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> Reviewed-by: Manoj Kumar <manoj@linux.vnet.ibm.com>
> Acked-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
> Signed-off-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
> ---
> This patch was originally sent by Dan Carpenter in September 2015. I had
> based my large patch series that went into 4.4 off of it but this patch
> appears to have not made it in. As a valid fix, I'd like to see this make
> it into 'next'. I've gone ahead and performed the rebase so that it
> applies cleanly.
>
> drivers/scsi/cxlflash/superpipe.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/scsi/cxlflash/superpipe.c
> b/drivers/scsi/cxlflash/superpipe.c
> index cac2e6a..34b21a0 100644
> --- a/drivers/scsi/cxlflash/superpipe.c
> +++ b/drivers/scsi/cxlflash/superpipe.c
> @@ -1380,7 +1380,7 @@ static int cxlflash_disk_attach(struct scsi_device
> *sdev,
> }
>
> ctxid = cxl_process_element(ctx);
> - if (unlikely((ctxid > MAX_CONTEXT) || (ctxid < 0))) {
> + if (unlikely((ctxid >= MAX_CONTEXT) || (ctxid < 0))) {
> dev_err(dev, "%s: ctxid (%d) invalid!\n", __func__, ctxid);
> rc = -EPERM;
> goto err2;
> @@ -1508,7 +1508,7 @@ static int recover_context(struct cxlflash_cfg *cfg,
> struct ctx_info *ctxi)
> }
>
> ctxid = cxl_process_element(ctx);
> - if (unlikely((ctxid > MAX_CONTEXT) || (ctxid < 0))) {
> + if (unlikely((ctxid >= MAX_CONTEXT) || (ctxid < 0))) {
> dev_err(dev, "%s: ctxid (%d) invalid!\n", __func__, ctxid);
> rc = -EPERM;
> goto err1;
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH RESEND] cxlflash: a couple off by one bugs
2015-12-02 23:26 [PATCH RESEND] cxlflash: a couple off by one bugs Matthew R. Ochs
2015-12-03 9:18 ` Johannes Thumshirn
@ 2015-12-10 17:54 ` Martin K. Petersen
1 sibling, 0 replies; 3+ messages in thread
From: Martin K. Petersen @ 2015-12-10 17:54 UTC (permalink / raw)
To: Matthew R. Ochs
Cc: James Bottomley, Dan Carpenter, Manoj N. Kumar, Wen Xiong,
Michael Neuling, Uma Krishnan, linux-scsi, kernel-janitors
>>>>> "Matthew" = Matthew R Ochs <mrochs@linux.vnet.ibm.com> writes:
Matthew> The "> MAX_CONTEXT" should be ">= MAX_CONTEXT". Otherwise we
Matthew> go one step beyond the end of the cfg->ctx_tbl[] array.
Applied to 4.5/scsi-queue.
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-12-10 17:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-12-02 23:26 [PATCH RESEND] cxlflash: a couple off by one bugs Matthew R. Ochs
2015-12-03 9:18 ` Johannes Thumshirn
2015-12-10 17:54 ` Martin K. Petersen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).