From: Steffen Maier <maier@linux.vnet.ibm.com>
To: Julia Lawall <Julia.Lawall@lip6.fr>
Cc: kernel-janitors@vger.kernel.org, linux390@de.ibm.com,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org,
"linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>
Subject: Re: [PATCH 7/7] drivers/s390/scsi/zfcp_cfdc.c: remove invalid reference to list iterator variable
Date: Mon, 20 Aug 2012 18:30:39 +0000 [thread overview]
Message-ID: <5032824F.6090607@linux.vnet.ibm.com> (raw)
In-Reply-To: <1341747464-1772-8-git-send-email-Julia.Lawall@lip6.fr>
Hi Julia,
sorry for the long delay until I finally responded.
Thanks a lot for your report and patch.
I'll queue this and send it for v3.6rcX hopefully soon.
On 07/08/2012 01:37 PM, Julia Lawall wrote:
> From: Julia Lawall <Julia.Lawall@lip6.fr>
>
> If list_for_each_entry, etc complete a traversal of the list, the iterator
> variable ends up pointing to an address at an offset from the list head,
> and not a meaningful structure. Thus this value should not be used after
> the end of the iterator. Replace port->adapter->scsi_host by
> adapter->scsi_host.
>
> This problem was found using Coccinelle (http://coccinelle.lip6.fr/).
>
> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
>
> ---
> This is not tested, an I am not sure that this is the right change.
> Indeed, I'm not at all sure how the original code could have worked, since
> port->adapter->scsi_host should be a completely random value.
This is most probably a copy & paste oversight in
commit a1ca48319a9aa1c5b57ce142f538e76050bb8972
"[SCSI] zfcp: Move ACL/CFDC code to zfcp_cfdc.c"
v2.6.37
where the content of
static void zfcp_erp_port_access_changed(struct zfcp_port *port, char *id,
void *ref)
{
struct scsi_device *sdev;
int status = atomic_read(&port->status);
if (!(status & (ZFCP_STATUS_COMMON_ACCESS_DENIED |
ZFCP_STATUS_COMMON_ACCESS_BOXED))) {
shost_for_each_device(sdev, port->adapter->scsi_host)
^^^^
was merged into
zfcp_cfdc_adapter_access_changed(struct zfcp_adapter *adapter)
Since this code is for older hardware and users not using NPIV
and this is only executed on dynamic access changes,
nobody has noticed this so far I guess.
> drivers/s390/scsi/zfcp_cfdc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/s390/scsi/zfcp_cfdc.c b/drivers/s390/scsi/zfcp_cfdc.c
> index fab2c25..8ed63aa 100644
> --- a/drivers/s390/scsi/zfcp_cfdc.c
> +++ b/drivers/s390/scsi/zfcp_cfdc.c
> @@ -293,7 +293,7 @@ void zfcp_cfdc_adapter_access_changed(struct zfcp_adapter *adapter)
> }
> read_unlock_irqrestore(&adapter->port_list_lock, flags);
>
> - shost_for_each_device(sdev, port->adapter->scsi_host) {
> + shost_for_each_device(sdev, adapter->scsi_host) {
> zfcp_sdev = sdev_to_zfcp(sdev);
> status = atomic_read(&zfcp_sdev->status);
> if ((status & ZFCP_STATUS_COMMON_ACCESS_DENIED) ||
>
Steffen
Linux on System z Development
IBM Deutschland Research & Development GmbH
Vorsitzende des Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Steffen Maier <maier@linux.vnet.ibm.com>
To: Julia Lawall <Julia.Lawall@lip6.fr>
Cc: kernel-janitors@vger.kernel.org, linux390@de.ibm.com,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org,
"linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>
Subject: Re: [PATCH 7/7] drivers/s390/scsi/zfcp_cfdc.c: remove invalid reference to list iterator variable
Date: Mon, 20 Aug 2012 20:30:39 +0200 [thread overview]
Message-ID: <5032824F.6090607@linux.vnet.ibm.com> (raw)
In-Reply-To: <1341747464-1772-8-git-send-email-Julia.Lawall@lip6.fr>
Hi Julia,
sorry for the long delay until I finally responded.
Thanks a lot for your report and patch.
I'll queue this and send it for v3.6rcX hopefully soon.
On 07/08/2012 01:37 PM, Julia Lawall wrote:
> From: Julia Lawall <Julia.Lawall@lip6.fr>
>
> If list_for_each_entry, etc complete a traversal of the list, the iterator
> variable ends up pointing to an address at an offset from the list head,
> and not a meaningful structure. Thus this value should not be used after
> the end of the iterator. Replace port->adapter->scsi_host by
> adapter->scsi_host.
>
> This problem was found using Coccinelle (http://coccinelle.lip6.fr/).
>
> Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
>
> ---
> This is not tested, an I am not sure that this is the right change.
> Indeed, I'm not at all sure how the original code could have worked, since
> port->adapter->scsi_host should be a completely random value.
This is most probably a copy & paste oversight in
commit a1ca48319a9aa1c5b57ce142f538e76050bb8972
"[SCSI] zfcp: Move ACL/CFDC code to zfcp_cfdc.c"
v2.6.37
where the content of
static void zfcp_erp_port_access_changed(struct zfcp_port *port, char *id,
void *ref)
{
struct scsi_device *sdev;
int status = atomic_read(&port->status);
if (!(status & (ZFCP_STATUS_COMMON_ACCESS_DENIED |
ZFCP_STATUS_COMMON_ACCESS_BOXED))) {
shost_for_each_device(sdev, port->adapter->scsi_host)
^^^^
was merged into
zfcp_cfdc_adapter_access_changed(struct zfcp_adapter *adapter)
Since this code is for older hardware and users not using NPIV
and this is only executed on dynamic access changes,
nobody has noticed this so far I guess.
> drivers/s390/scsi/zfcp_cfdc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/s390/scsi/zfcp_cfdc.c b/drivers/s390/scsi/zfcp_cfdc.c
> index fab2c25..8ed63aa 100644
> --- a/drivers/s390/scsi/zfcp_cfdc.c
> +++ b/drivers/s390/scsi/zfcp_cfdc.c
> @@ -293,7 +293,7 @@ void zfcp_cfdc_adapter_access_changed(struct zfcp_adapter *adapter)
> }
> read_unlock_irqrestore(&adapter->port_list_lock, flags);
>
> - shost_for_each_device(sdev, port->adapter->scsi_host) {
> + shost_for_each_device(sdev, adapter->scsi_host) {
> zfcp_sdev = sdev_to_zfcp(sdev);
> status = atomic_read(&zfcp_sdev->status);
> if ((status & ZFCP_STATUS_COMMON_ACCESS_DENIED) ||
>
Steffen
Linux on System z Development
IBM Deutschland Research & Development GmbH
Vorsitzende des Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
next prev parent reply other threads:[~2012-08-20 18:30 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-08 11:37 [PATCH 0/7] remove invalid reference to list iterator variable Julia Lawall
2012-07-08 11:37 ` Julia Lawall
2012-07-08 11:37 ` [PATCH 1/7] drivers/isdn/mISDN/stack.c: " Julia Lawall
2012-07-08 11:37 ` Julia Lawall
2012-07-09 22:24 ` David Miller
2012-07-09 22:24 ` David Miller
2012-07-08 11:37 ` [PATCH 2/7] net/rxrpc/ar-peer.c: " Julia Lawall
2012-07-08 11:37 ` Julia Lawall
2012-07-09 22:24 ` David Miller
2012-07-09 22:24 ` David Miller
2012-07-08 11:37 ` [PATCH 3/7] mm/slub.c: " Julia Lawall
2012-07-08 11:37 ` Julia Lawall
2012-07-08 11:37 ` Julia Lawall
2012-07-09 9:04 ` Pekka Enberg
2012-07-09 9:04 ` Pekka Enberg
2012-07-09 9:04 ` Pekka Enberg
2012-07-09 13:53 ` Christoph Lameter
2012-07-09 13:53 ` Christoph Lameter
2012-07-09 13:53 ` Christoph Lameter
2012-07-08 11:37 ` [PATCH 4/7] drivers/gpu/drm: " Julia Lawall
2012-07-08 11:37 ` Julia Lawall
2012-07-08 20:52 ` Paul Menzel
2012-07-08 20:52 ` Paul Menzel
2012-07-08 20:56 ` Julia Lawall
2012-07-08 20:56 ` Julia Lawall
2012-07-08 11:37 ` [PATCH 5/7] drivers/iommu/tegra-smmu.c: " Julia Lawall
2012-07-08 11:37 ` Julia Lawall
[not found] ` <1341747464-1772-6-git-send-email-Julia.Lawall-L2FTfq7BK8M@public.gmane.org>
2012-07-23 17:59 ` Stephen Warren
2012-07-23 17:59 ` Stephen Warren
2012-07-23 17:59 ` Stephen Warren
[not found] ` <500D90F9.7030909-3lzwWm7+Weoh9ZMKESR00Q@public.gmane.org>
2012-07-24 8:45 ` Hiroshi Doyu
2012-07-24 8:45 ` Hiroshi Doyu
2012-07-24 8:45 ` Hiroshi Doyu
2012-07-08 11:37 ` [PATCH 6/7] drivers/net/ethernet/broadcom/cnic.c: " Julia Lawall
2012-07-08 11:37 ` Julia Lawall
2012-07-09 22:25 ` [PATCH 6/7] drivers/net/ethernet/broadcom/cnic.c: remove invalid reference to list iterator vari David Miller
2012-07-09 22:25 ` [PATCH 6/7] drivers/net/ethernet/broadcom/cnic.c: remove invalid reference to list iterator variable David Miller
2012-07-08 11:37 ` [PATCH 7/7] drivers/s390/scsi/zfcp_cfdc.c: " Julia Lawall
2012-07-08 11:37 ` Julia Lawall
2012-08-20 18:30 ` Steffen Maier [this message]
2012-08-20 18:30 ` Steffen Maier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5032824F.6090607@linux.vnet.ibm.com \
--to=maier@linux.vnet.ibm.com \
--cc=Julia.Lawall@lip6.fr \
--cc=heiko.carstens@de.ibm.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=linux390@de.ibm.com \
--cc=schwidefsky@de.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.