From: Boaz Harrosh <bharrosh-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org>
To: Alan Stern <stern-nwvwT67g6+6dFdvTe/nMLpVzexx5G7lz@public.gmane.org>
Cc: Mark Glines <mark-6pk7R1svBr8dnm+yROfE0A@public.gmane.org>,
Matthew Dharm
<mdharm-usb-JGfshJpz5UybPZpvUQj5UqxOck334EZe@public.gmane.org>,
James Bottomley
<James.Bottomley-lYEaACU144FWk0Htik3J/w@public.gmane.org>,
USB list <linux-usb-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
linux-scsi <linux-scsi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH] bugfix for an underflow condition in usb storage & isd200.c
Date: Thu, 31 Jan 2008 21:00:06 +0200 [thread overview]
Message-ID: <47A21AB6.5060203@panasas.com> (raw)
In-Reply-To: <Pine.LNX.4.44L0.0801311244430.4373-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
On Thu, Jan 31 2008 at 19:49 +0200, Alan Stern <stern-nwvwT67g6+6dFdvTe/nMLpVzexx5G7lz@public.gmane.org> wrote:
> On Thu, 31 Jan 2008, Boaz Harrosh wrote:
>
>> @@ -228,9 +228,14 @@ void usb_stor_set_xfer_buf(unsigned char *buffer,
>> {
>> unsigned int offset = 0;
>> struct scatterlist *sg = NULL;
>> + unsigned int count;
>>
>> - usb_stor_access_xfer_buf(buffer, buflen, srb, &sg, &offset,
>> + count = usb_stor_access_xfer_buf(buffer, buflen, srb, &sg, &offset,
>> TO_XFER_BUF);
>> - if (buflen < scsi_bufflen(srb))
>> - scsi_set_resid(srb, scsi_bufflen(srb) - buflen);
>> +
>> + /* Check for underflow */
>> + if (buflen > scsi_bufflen(srb))
>> + count = buflen;
>> +
>> + scsi_set_resid(srb, scsi_bufflen(srb) - count);
>> }
>
> This last "if" statement doesn't look right. And since you know that
> count will never be larger than scsi_bufflen(srb), you don't have to
> check for underflow at all. Just leave out the "if" and call
> scsi_set_resid() directly.
>
> Alan Stern
>
I was thinking about that hard. And I disagree. It could be that we have
sg-list length (The total of all sg->length) that does not match
scsi_bufflen() - More or less. The code in usb_stor_access_xfer_buf() will
now correctly attempt to transfer according to buflen and what ever is available
at the passed sg's. Now this can be less or it can be more. SCSI standard defines
this as underflow/overflow. When overflow should be reported as negative values.
and an error status. (BUT not CHECK_CONDITION)
so the code is actualy
if (buflen > scsi_bufflen(srb))
scsi_set_resid(srb, scsi_bufflen(srb) - buflen); /* Negative overflow */
else
scsi_set_resid(srb, scsi_bufflen(srb) - count);
So this is actually code equivalent to above. Minus the extra call site.
The SCSI standard does allow these conditions and the system should cope
and go on. So a BUG_ON() is not accepted, I think.
But, ok, I mixed up with the comment I'll resend. underflow => overflow.
Boaz
next prev parent reply other threads:[~2008-01-31 19:00 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <Pine.LNX.4.44L0.0801301807420.17156-100000@iolanthe.rowland.org>
[not found] ` <47A1948B.2010402@panasas.com>
[not found] ` <20080131070846.4464eb3c@chirp.tahoe>
[not found] ` <20080131070846.4464eb3c-uevSgErl2ChVvDCLMmKh5Q@public.gmane.org>
2008-01-31 15:17 ` [linux-usb-devel] 2.6.24: NULL scatter-gather pointer in usb_storage:usb_stor_access_xfer_buf? Boaz Harrosh
2008-01-31 16:45 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.0801311143180.3970-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2008-01-31 17:20 ` Boaz Harrosh
[not found] ` <47A1E6A0.8050500-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org>
2008-01-31 17:19 ` [PATCH] bugfix for an underflow condition in usb storage & isd200.c Boaz Harrosh
[not found] ` <47A2033D.2050502-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org>
2008-01-31 17:49 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.0801311244430.4373-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2008-01-31 19:00 ` Boaz Harrosh [this message]
2008-01-31 19:34 ` Alan Stern
2008-01-31 19:53 ` Boaz Harrosh
2008-01-31 20:56 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.0801311546450.22845-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2008-02-03 8:59 ` Boaz Harrosh
[not found] ` <47A5825D.2030901-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org>
2008-02-03 16:01 ` Alan Stern
2008-02-03 16:28 ` Boaz Harrosh
2008-02-03 19:23 ` Matthew Dharm
2008-02-04 9:05 ` Boaz Harrosh
2008-02-04 20:05 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.0802041500420.5186-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2008-02-05 8:41 ` Boaz Harrosh
[not found] ` <47A8213B.9050705-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org>
2008-02-05 15:42 ` Alan Stern
2008-02-05 16:54 ` Boaz Harrosh
2008-02-05 17:54 ` Matthew Dharm
[not found] ` <20080205175403.GA31714-JGfshJpz5UybPZpvUQj5UqxOck334EZe@public.gmane.org>
2008-02-06 20:23 ` Alan Stern
2008-02-06 21:05 ` Matthew Dharm
2008-02-06 22:18 ` Alan Stern
2008-02-06 23:01 ` James Bottomley
[not found] ` <1202338869.3112.138.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-02-06 23:25 ` Alan Stern
2008-02-06 23:55 ` James Bottomley
[not found] ` <1202342108.3112.146.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-02-07 16:35 ` Alan Stern
2008-02-08 16:46 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.0802081143010.4593-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2008-02-08 16:59 ` Mark Glines
[not found] ` <47A5EBC0.3060401-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org>
2008-02-03 21:09 ` Matthew Dharm
2008-01-31 18:00 ` Greg KH
2008-01-31 18:32 ` Boaz Harrosh
2008-01-31 19:37 ` [PATCH 2.6.24] bugfix for an overflow " Boaz Harrosh
[not found] ` <47A22369.80906-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org>
2008-01-31 19:49 ` Matthew Dharm
2008-01-31 20:05 ` Boaz Harrosh
[not found] ` <47A229FF.4040404@panasas.com>
2008-01-31 20:16 ` Matthew Dharm
2008-02-02 0:55 ` Mark Glines
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47A21AB6.5060203@panasas.com \
--to=bharrosh-c4p08nqkorlbdgjk7y7tuq@public.gmane.org \
--cc=James.Bottomley-lYEaACU144FWk0Htik3J/w@public.gmane.org \
--cc=linux-scsi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-usb-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mark-6pk7R1svBr8dnm+yROfE0A@public.gmane.org \
--cc=mdharm-usb-JGfshJpz5UybPZpvUQj5UqxOck334EZe@public.gmane.org \
--cc=stern-nwvwT67g6+6dFdvTe/nMLpVzexx5G7lz@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.