linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [patch] scsi_dh_alua: uninitialized variable in alua_rtpg()
@ 2016-04-14  9:39 Dan Carpenter
  2016-04-14 15:45 ` Bart Van Assche
  0 siblings, 1 reply; 7+ messages in thread
From: Dan Carpenter @ 2016-04-14  9:39 UTC (permalink / raw)
  To: James E.J. Bottomley
  Cc: Martin K. Petersen, Hannes Reinecke, Bart Van Assche,
	Johannes Thumshirn, Ewan Milne, linux-scsi, linux-kernel,
	kernel-janitors

It's possible to use "err" without initializing it.  If it happens to be
a 2 which is SCSI_DH_RETRY then that could cause a bug.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c
index 8eaed05..f3c994f 100644
--- a/drivers/scsi/device_handler/scsi_dh_alua.c
+++ b/drivers/scsi/device_handler/scsi_dh_alua.c
@@ -513,7 +513,8 @@ static int alua_rtpg(struct scsi_device *sdev, struct alua_port_group *pg)
 	struct alua_port_group *tmp_pg;
 	int len, k, off, valid_states = 0, bufflen = ALUA_RTPG_SIZE;
 	unsigned char *desc, *buff;
-	unsigned err, retval;
+	unsigned int err = 0;
+	unsigned int retval;
 	unsigned int tpg_desc_tbl_off;
 	unsigned char orig_transition_tmo;
 	unsigned long flags;

^ permalink raw reply related	[flat|nested] 7+ messages in thread
* Re: [patch] scsi_dh_alua: uninitialized variable in alua_rtpg()
  2016-04-14  9:39 [patch] scsi_dh_alua: uninitialized variable in alua_rtpg() Dan Carpenter
@ 2016-04-14 15:45 ` Bart Van Assche
  2016-04-14 18:20   ` [patch v2] " Dan Carpenter
  2016-04-14 18:20   ` [patch] " Dan Carpenter
  0 siblings, 2 replies; 7+ messages in thread
From: Bart Van Assche @ 2016-04-14 15:45 UTC (permalink / raw)
  To: Dan Carpenter, James E.J. Bottomley
  Cc: Martin K. Petersen, Hannes Reinecke, Bart Van Assche,
	Johannes Thumshirn, Ewan Milne, linux-scsi, linux-kernel,
	kernel-janitors

On 04/14/2016 02:39 AM, Dan Carpenter wrote:
> It's possible to use "err" without initializing it.  If it happens to be
> a 2 which is SCSI_DH_RETRY then that could cause a bug.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c
> index 8eaed05..f3c994f 100644
> --- a/drivers/scsi/device_handler/scsi_dh_alua.c
> +++ b/drivers/scsi/device_handler/scsi_dh_alua.c
> @@ -513,7 +513,8 @@ static int alua_rtpg(struct scsi_device *sdev, struct alua_port_group *pg)
>   	struct alua_port_group *tmp_pg;
>   	int len, k, off, valid_states = 0, bufflen = ALUA_RTPG_SIZE;
>   	unsigned char *desc, *buff;
> -	unsigned err, retval;
> +	unsigned int err = 0;
> +	unsigned int retval;
>   	unsigned int tpg_desc_tbl_off;
>   	unsigned char orig_transition_tmo;
>   	unsigned long flags;

Hello Dan,

The code that uses the 'err' variable occurs in a loop. I think the 
initialization of 'err' should occur after the "retry:" label.

Bart.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* [patch v2] scsi_dh_alua: uninitialized variable in alua_rtpg()
  2016-04-14 15:45 ` Bart Van Assche
@ 2016-04-14 18:20   ` Dan Carpenter
  2016-04-14 18:55     ` Bart Van Assche
                       ` (2 more replies)
  2016-04-14 18:20   ` [patch] " Dan Carpenter
  1 sibling, 3 replies; 7+ messages in thread
From: Dan Carpenter @ 2016-04-14 18:20 UTC (permalink / raw)
  To: James E.J. Bottomley
  Cc: Martin K. Petersen, Hannes Reinecke, Bart Van Assche,
	Johannes Thumshirn, Ewan Milne, linux-scsi, linux-kernel,
	kernel-janitors

It's possible to use "err" without initializing it.  If it happens to be
a 2 which is SCSI_DH_RETRY then that could cause a bug.  Bart Van Assche
pointed out that we should probably re-initialize it for every iteration
through the retry loop.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: The first version just initialized it at the start of the function.

diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c
index 8eaed05..a655cf2 100644
--- a/drivers/scsi/device_handler/scsi_dh_alua.c
+++ b/drivers/scsi/device_handler/scsi_dh_alua.c
@@ -532,6 +532,7 @@ static int alua_rtpg(struct scsi_device *sdev, struct alua_port_group *pg)
 		return SCSI_DH_DEV_TEMP_BUSY;
 
  retry:
+	err = 0;
 	retval = submit_rtpg(sdev, buff, bufflen, &sense_hdr, pg->flags);
 
 	if (retval) {

^ permalink raw reply related	[flat|nested] 7+ messages in thread
* Re: [patch] scsi_dh_alua: uninitialized variable in alua_rtpg()
  2016-04-14 15:45 ` Bart Van Assche
  2016-04-14 18:20   ` [patch v2] " Dan Carpenter
@ 2016-04-14 18:20   ` Dan Carpenter
  1 sibling, 0 replies; 7+ messages in thread
From: Dan Carpenter @ 2016-04-14 18:20 UTC (permalink / raw)
  To: Bart Van Assche
  Cc: James E.J. Bottomley, Martin K. Petersen, Hannes Reinecke,
	Johannes Thumshirn, Ewan Milne, linux-scsi, linux-kernel,
	kernel-janitors

On Thu, Apr 14, 2016 at 08:45:18AM -0700, Bart Van Assche wrote:
> On 04/14/2016 02:39 AM, Dan Carpenter wrote:
> >It's possible to use "err" without initializing it.  If it happens to be
> >a 2 which is SCSI_DH_RETRY then that could cause a bug.
> >
> >Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> >
> >diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c
> >index 8eaed05..f3c994f 100644
> >--- a/drivers/scsi/device_handler/scsi_dh_alua.c
> >+++ b/drivers/scsi/device_handler/scsi_dh_alua.c
> >@@ -513,7 +513,8 @@ static int alua_rtpg(struct scsi_device *sdev, struct alua_port_group *pg)
> >  	struct alua_port_group *tmp_pg;
> >  	int len, k, off, valid_states = 0, bufflen = ALUA_RTPG_SIZE;
> >  	unsigned char *desc, *buff;
> >-	unsigned err, retval;
> >+	unsigned int err = 0;
> >+	unsigned int retval;
> >  	unsigned int tpg_desc_tbl_off;
> >  	unsigned char orig_transition_tmo;
> >  	unsigned long flags;
> 
> Hello Dan,
> 
> The code that uses the 'err' variable occurs in a loop. I think the
> initialization of 'err' should occur after the "retry:" label.

It looks like you're right.  I'll resend.  I don't know this code very
well, obviously and it's a static checker fix not something I have
tested.

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [patch v2] scsi_dh_alua: uninitialized variable in alua_rtpg()
  2016-04-14 18:20   ` [patch v2] " Dan Carpenter
@ 2016-04-14 18:55     ` Bart Van Assche
  2016-04-15  5:59     ` Hannes Reinecke
  2016-04-15 20:26     ` Martin K. Petersen
  2 siblings, 0 replies; 7+ messages in thread
From: Bart Van Assche @ 2016-04-14 18:55 UTC (permalink / raw)
  To: Dan Carpenter, James E.J. Bottomley
  Cc: Martin K. Petersen, Hannes Reinecke, Johannes Thumshirn,
	Ewan Milne, linux-scsi, linux-kernel, kernel-janitors

On 04/14/2016 11:20 AM, Dan Carpenter wrote:
> It's possible to use "err" without initializing it.  If it happens to be
> a 2 which is SCSI_DH_RETRY then that could cause a bug.  Bart Van Assche
> pointed out that we should probably re-initialize it for every iteration
> through the retry loop.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> v2: The first version just initialized it at the start of the function.
>
> diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c
> index 8eaed05..a655cf2 100644
> --- a/drivers/scsi/device_handler/scsi_dh_alua.c
> +++ b/drivers/scsi/device_handler/scsi_dh_alua.c
> @@ -532,6 +532,7 @@ static int alua_rtpg(struct scsi_device *sdev, struct alua_port_group *pg)
>   		return SCSI_DH_DEV_TEMP_BUSY;
>
>    retry:
> +	err = 0;
>   	retval = submit_rtpg(sdev, buff, bufflen, &sense_hdr, pg->flags);
>
>   	if (retval) {

Although I would have preferred that that initialization would have been 
closer to the other 'err' assignments this patch looks fine to me. If 
this patch does not get integrated in kernel v4.6 a "Cc: stable" tag 
will be needed.

Bart.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [patch v2] scsi_dh_alua: uninitialized variable in alua_rtpg()
  2016-04-14 18:20   ` [patch v2] " Dan Carpenter
  2016-04-14 18:55     ` Bart Van Assche
@ 2016-04-15  5:59     ` Hannes Reinecke
  2016-04-15 20:26     ` Martin K. Petersen
  2 siblings, 0 replies; 7+ messages in thread
From: Hannes Reinecke @ 2016-04-15  5:59 UTC (permalink / raw)
  To: Dan Carpenter, James E.J. Bottomley
  Cc: Martin K. Petersen, Bart Van Assche, Johannes Thumshirn,
	Ewan Milne, linux-scsi, linux-kernel, kernel-janitors

On 04/14/2016 08:20 PM, Dan Carpenter wrote:
> It's possible to use "err" without initializing it.  If it happens to be
> a 2 which is SCSI_DH_RETRY then that could cause a bug.  Bart Van Assche
> pointed out that we should probably re-initialize it for every iteration
> through the retry loop.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> v2: The first version just initialized it at the start of the function.
> 
> diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c
> index 8eaed05..a655cf2 100644
> --- a/drivers/scsi/device_handler/scsi_dh_alua.c
> +++ b/drivers/scsi/device_handler/scsi_dh_alua.c
> @@ -532,6 +532,7 @@ static int alua_rtpg(struct scsi_device *sdev, struct alua_port_group *pg)
>  		return SCSI_DH_DEV_TEMP_BUSY;
>  
>   retry:
> +	err = 0;
>  	retval = submit_rtpg(sdev, buff, bufflen, &sense_hdr, pg->flags);
>  
>  	if (retval) {
> 
Reviewed-by: Hannes Reinecke <hare@suse.com>

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		   Teamlead Storage & Networking
hare@suse.de			               +49 911 74053 688
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: F. Imendörffer, J. Smithard, J. Guild, D. Upmanyu, G. Norton
HRB 21284 (AG Nürnberg)

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [patch v2] scsi_dh_alua: uninitialized variable in alua_rtpg()
  2016-04-14 18:20   ` [patch v2] " Dan Carpenter
  2016-04-14 18:55     ` Bart Van Assche
  2016-04-15  5:59     ` Hannes Reinecke
@ 2016-04-15 20:26     ` Martin K. Petersen
  2 siblings, 0 replies; 7+ messages in thread
From: Martin K. Petersen @ 2016-04-15 20:26 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: James E.J. Bottomley, Martin K. Petersen, Hannes Reinecke,
	Bart Van Assche, Johannes Thumshirn, Ewan Milne, linux-scsi,
	linux-kernel, kernel-janitors

>>>>> "Dan" == Dan Carpenter <dan.carpenter@oracle.com> writes:

Dan> It's possible to use "err" without initializing it.  If it happens
Dan> to be a 2 which is SCSI_DH_RETRY then that could cause a bug.  Bart
Dan> Van Assche pointed out that we should probably re-initialize it for
Dan> every iteration through the retry loop.

Applied to 4.6/scsi-fixes.

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2016-04-15 20:27 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-14  9:39 [patch] scsi_dh_alua: uninitialized variable in alua_rtpg() Dan Carpenter
2016-04-14 15:45 ` Bart Van Assche
2016-04-14 18:20   ` [patch v2] " Dan Carpenter
2016-04-14 18:55     ` Bart Van Assche
2016-04-15  5:59     ` Hannes Reinecke
2016-04-15 20:26     ` Martin K. Petersen
2016-04-14 18:20   ` [patch] " Dan Carpenter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).