From: Jeff Garzik <jeff@garzik.org>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Roel Kluin <roel.kluin@gmail.com>,
linux-scsi@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH] scsi_transport_sas: Write outside array bounds
Date: Tue, 28 Jul 2009 16:10:23 -0400 [thread overview]
Message-ID: <4A6F5B2F.7020905@garzik.org> (raw)
In-Reply-To: <1248799145.3855.237.camel@mulgrave.site>
James Bottomley wrote:
> In this case, as you can see all of the SETUP_X are using count to step
> through an array and when we're finished we add a NULL to the end. For
> the case of SETUP_PORT_ATTR, the array is i->port_attrs, so the bug here
> is apparently that the NULL is going in the wrong array. Trying to put
> a NULL at the zero element is manifestly wrong because sas_internal is
> zero allocated.
>
> Actually, as a final weirdness, we have a duplicate initialisation of
> this anyway, so the correct patch is below.
>
> James
>
> ---
>
> diff --git a/drivers/scsi/scsi_transport_sas.c b/drivers/scsi/scsi_transport_sas.c
> index 0895d3c..fd47cb1 100644
> --- a/drivers/scsi/scsi_transport_sas.c
> +++ b/drivers/scsi/scsi_transport_sas.c
> @@ -1692,10 +1692,6 @@ sas_attach_transport(struct sas_function_template *ft)
> i->f = ft;
>
> count = 0;
> - SETUP_PORT_ATTRIBUTE(num_phys);
> - i->host_attrs[count] = NULL;
> -
> - count = 0;
> SETUP_PHY_ATTRIBUTE(initiator_port_protocols);
> SETUP_PHY_ATTRIBUTE(target_port_protocols);
> SETUP_PHY_ATTRIBUTE(device_type);
er, eh?
It's not a duplicate initialization, as port attributes != phy
attributes. Different macro, same counter variable.
Your fix seems quite strange - num_phy attribute goes away?
Jeff
next prev parent reply other threads:[~2009-07-28 20:10 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-28 10:20 [PATCH] scsi_transport_sas: Write outside array bounds Roel Kluin
2009-07-28 16:39 ` James Bottomley
2009-07-28 20:10 ` Jeff Garzik [this message]
2009-07-28 21:31 ` James Bottomley
2009-07-29 2:50 ` Jeff Garzik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A6F5B2F.7020905@garzik.org \
--to=jeff@garzik.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=akpm@linux-foundation.org \
--cc=linux-scsi@vger.kernel.org \
--cc=roel.kluin@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.