From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: James Smart <James.Smart@Emulex.Com>,
roel.kluin@gmail.com, linux-scsi@vger.kernel.org
Subject: Re: [PATCH] lpfc: Read buffer overflow
Date: Tue, 04 Aug 2009 00:31:18 +0000 [thread overview]
Message-ID: <1249345878.3943.240.camel@mulgrave.site> (raw)
In-Reply-To: <20090803164223.6aa6555b.akpm@linux-foundation.org>
On Mon, 2009-08-03 at 16:42 -0700, Andrew Morton wrote:
> On Mon, 3 Aug 2009 11:02:37 -0400
> James Smart <James.Smart@Emulex.Com> wrote:
>
> > Roel Kluin wrote:
> > > Check whether index is within bounds before testing the element.
> > >
> > > Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
> > > ---
> > > diff --git a/drivers/scsi/lpfc/lpfc_vport.c b/drivers/scsi/lpfc/lpfc_vport.c
> > > index e0b4992..ade2df6 100644
> > > --- a/drivers/scsi/lpfc/lpfc_vport.c
> > > +++ b/drivers/scsi/lpfc/lpfc_vport.c
> > > @@ -762,7 +762,7 @@ lpfc_destroy_vport_work_array(struct lpfc_hba *phba, struct lpfc_vport **vports)
> > > int i;
> > > if (vports == NULL)
> > > return;
> > > - for (i = 0; vports[i] != NULL && i <= phba->max_vports; i++)
> > > + for (i = 0; i <= phba->max_vports && vports[i] != NULL; i++)
> > > scsi_host_put(lpfc_shost_from_vport(vports[i]));
> > > kfree(vports);
> > > }
> >
> > NACK - the vports array is created such that it is sized for
> > phba->max_vports + 1.
>
> (top-posting repaired so that I can feasibly reply to the email, dammit)
>
> There's no need to allocate the extra slot in the vports array if we're
> also retaining its size. I'd suggest that we merge Roel's patch and
> then reduce the size of vports[].
I'd suggest not:
jejb@mulgrave:~/git/linux-2.6/drivers/scsi/lpfc> git grep 'max_vports && vports'|wc -l
17
Assuming this secures agreement as a patch, I don't really want to wade
through another 16 patches for the remaining ones. You definitely can't
reduce the vport array length until they're all fixed.
What I hear is that it's not a problem, but it's a possible
micro-optimisation. Assuming the maintainer agrees, it's far better
just to fix everything at once. However, I'm equally happy to leave it
as is since there's no actual problem given the allocation definition.
> What prevents the loop in lpfc_create_vport_work_array() from wandering
> off the end of vports[], btw?
We refuse to create any vports beyond this number ... the iterator
counts the number of created vports (it's actually a firmware limited
number, I believe).
James
next prev parent reply other threads:[~2009-08-04 0:31 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-02 8:08 [PATCH] lpfc: Read buffer overflow Roel Kluin
2009-08-03 15:02 ` James Smart
2009-08-03 17:15 ` Joe Eykholt
2009-08-04 13:29 ` James Smart
2009-08-03 23:42 ` Andrew Morton
2009-08-04 0:31 ` James Bottomley [this message]
2009-08-04 13:39 ` James Smart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1249345878.3943.240.camel@mulgrave.site \
--to=james.bottomley@hansenpartnership.com \
--cc=James.Smart@Emulex.Com \
--cc=akpm@linux-foundation.org \
--cc=linux-scsi@vger.kernel.org \
--cc=roel.kluin@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox