* [PATCH][next] scsi: pm80xx: Fix potential infinite loop
@ 2021-04-07 13:58 Colin King
2021-04-07 14:13 ` Johannes Thumshirn
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Colin King @ 2021-04-07 13:58 UTC (permalink / raw)
To: Jack Wang, James E . J . Bottomley, Martin K . Petersen,
Viswas G, linux-scsi
Cc: kernel-janitors, linux-kernel
From: Colin Ian King <colin.king@canonical.com>
The for-loop iterates with a u8 loop counter i and compares this
with the loop upper limit of pm8001_ha->max_q_num which is a u32
type. There is a potential infinite loop if pm8001_ha->max_q_num
is larger than the u8 loop counter. Fix this by making the loop
counter the same type as pm8001_ha->max_q_num.
Addresses-Coverity: ("Infinite loop")
Fixes: 65df7d1986a1 ("scsi: pm80xx: Fix chip initialization failure")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
drivers/scsi/pm8001/pm8001_hwi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/pm8001/pm8001_hwi.c b/drivers/scsi/pm8001/pm8001_hwi.c
index d048455f4941..16edd84e7130 100644
--- a/drivers/scsi/pm8001/pm8001_hwi.c
+++ b/drivers/scsi/pm8001/pm8001_hwi.c
@@ -643,7 +643,7 @@ static void init_pci_device_addresses(struct pm8001_hba_info *pm8001_ha)
*/
static int pm8001_chip_init(struct pm8001_hba_info *pm8001_ha)
{
- u8 i = 0;
+ u32 i = 0;
u16 deviceid;
pci_read_config_word(pm8001_ha->pdev, PCI_DEVICE_ID, &deviceid);
/* 8081 controllers need BAR shift to access MPI space
--
2.30.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH][next] scsi: pm80xx: Fix potential infinite loop
2021-04-07 13:58 [PATCH][next] scsi: pm80xx: Fix potential infinite loop Colin King
@ 2021-04-07 14:13 ` Johannes Thumshirn
2021-04-07 17:18 ` Martin K. Petersen
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Johannes Thumshirn @ 2021-04-07 14:13 UTC (permalink / raw)
To: Colin King, Jack Wang, James E . J . Bottomley,
Martin K . Petersen, Viswas G, linux-scsi
Cc: kernel-janitors, linux-kernel
On 07/04/2021 15:58, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> The for-loop iterates with a u8 loop counter i and compares this
> with the loop upper limit of pm8001_ha->max_q_num which is a u32
> type. There is a potential infinite loop if pm8001_ha->max_q_num
> is larger than the u8 loop counter. Fix this by making the loop
> counter the same type as pm8001_ha->max_q_num.
Heh, coincidentally I've read your blog post on this issue today.
> Addresses-Coverity: ("Infinite loop")
> Fixes: 65df7d1986a1 ("scsi: pm80xx: Fix chip initialization failure")
AFAICS this still is in Martin's tree and not yet in Linus' tree.
Anyways, looks good.
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH][next] scsi: pm80xx: Fix potential infinite loop
2021-04-07 13:58 [PATCH][next] scsi: pm80xx: Fix potential infinite loop Colin King
2021-04-07 14:13 ` Johannes Thumshirn
@ 2021-04-07 17:18 ` Martin K. Petersen
2021-04-08 5:21 ` Jinpu Wang
2021-04-13 3:15 ` Martin K. Petersen
2021-04-16 2:51 ` Martin K. Petersen
3 siblings, 1 reply; 6+ messages in thread
From: Martin K. Petersen @ 2021-04-07 17:18 UTC (permalink / raw)
To: Colin King
Cc: Jack Wang, James E . J . Bottomley, Martin K . Petersen,
Viswas G, linux-scsi, kernel-janitors, linux-kernel
Hi Colin!
> The for-loop iterates with a u8 loop counter i and compares this with
> the loop upper limit of pm8001_ha->max_q_num which is a u32 type.
> There is a potential infinite loop if pm8001_ha->max_q_num is larger
> than the u8 loop counter. Fix this by making the loop counter the same
> type as pm8001_ha->max_q_num.
No particular objections to the patch for future-proofing. However, as
far as I can tell max_q_num is capped at 64 (PM8001_MAX_MSIX_VEC).
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH][next] scsi: pm80xx: Fix potential infinite loop
2021-04-07 17:18 ` Martin K. Petersen
@ 2021-04-08 5:21 ` Jinpu Wang
0 siblings, 0 replies; 6+ messages in thread
From: Jinpu Wang @ 2021-04-08 5:21 UTC (permalink / raw)
To: Martin K. Petersen
Cc: Colin King, Jack Wang, James E . J . Bottomley, Viswas G,
Linux SCSI Mailinglist, kernel-janitors, open list
On Wed, Apr 7, 2021 at 7:18 PM Martin K. Petersen
<martin.petersen@oracle.com> wrote:
>
>
> Hi Colin!
>
> > The for-loop iterates with a u8 loop counter i and compares this with
> > the loop upper limit of pm8001_ha->max_q_num which is a u32 type.
> > There is a potential infinite loop if pm8001_ha->max_q_num is larger
> > than the u8 loop counter. Fix this by making the loop counter the same
> > type as pm8001_ha->max_q_num.
>
> No particular objections to the patch for future-proofing. However, as
> far as I can tell max_q_num is capped at 64 (PM8001_MAX_MSIX_VEC).
Exactly.
>
> --
> Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH][next] scsi: pm80xx: Fix potential infinite loop
2021-04-07 13:58 [PATCH][next] scsi: pm80xx: Fix potential infinite loop Colin King
2021-04-07 14:13 ` Johannes Thumshirn
2021-04-07 17:18 ` Martin K. Petersen
@ 2021-04-13 3:15 ` Martin K. Petersen
2021-04-16 2:51 ` Martin K. Petersen
3 siblings, 0 replies; 6+ messages in thread
From: Martin K. Petersen @ 2021-04-13 3:15 UTC (permalink / raw)
To: Colin King
Cc: Jack Wang, James E . J . Bottomley, Martin K . Petersen,
Viswas G, linux-scsi, kernel-janitors, linux-kernel
Colin,
> The for-loop iterates with a u8 loop counter i and compares this with
> the loop upper limit of pm8001_ha->max_q_num which is a u32 type.
> There is a potential infinite loop if pm8001_ha->max_q_num is larger
> than the u8 loop counter. Fix this by making the loop counter the same
> type as pm8001_ha->max_q_num.
Applied to 5.13/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH][next] scsi: pm80xx: Fix potential infinite loop
2021-04-07 13:58 [PATCH][next] scsi: pm80xx: Fix potential infinite loop Colin King
` (2 preceding siblings ...)
2021-04-13 3:15 ` Martin K. Petersen
@ 2021-04-16 2:51 ` Martin K. Petersen
3 siblings, 0 replies; 6+ messages in thread
From: Martin K. Petersen @ 2021-04-16 2:51 UTC (permalink / raw)
To: Jack Wang, linux-scsi, James E . J . Bottomley, Colin King, Viswas G
Cc: Martin K . Petersen, linux-kernel, kernel-janitors
On Wed, 7 Apr 2021 14:58:40 +0100, Colin King wrote:
> The for-loop iterates with a u8 loop counter i and compares this
> with the loop upper limit of pm8001_ha->max_q_num which is a u32
> type. There is a potential infinite loop if pm8001_ha->max_q_num
> is larger than the u8 loop counter. Fix this by making the loop
> counter the same type as pm8001_ha->max_q_num.
Applied to 5.13/scsi-queue, thanks!
[1/1] scsi: pm80xx: Fix potential infinite loop
https://git.kernel.org/mkp/scsi/c/40fa7394a1ad
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-04-16 2:51 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-07 13:58 [PATCH][next] scsi: pm80xx: Fix potential infinite loop Colin King
2021-04-07 14:13 ` Johannes Thumshirn
2021-04-07 17:18 ` Martin K. Petersen
2021-04-08 5:21 ` Jinpu Wang
2021-04-13 3:15 ` Martin K. Petersen
2021-04-16 2:51 ` Martin K. Petersen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).