* [patch -next] csiostor: off by one error
@ 2013-03-16 10:07 Dan Carpenter
2013-03-25 12:00 ` Naresh Kumar Inna
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2013-03-16 10:07 UTC (permalink / raw)
To: James E.J. Bottomley
Cc: Naresh Kumar Inna, David S. Miller, Arvind Bhushan, linux-scsi,
kbuild
We need to store PROTO_ERR_IMPL_LOGO (26) things here, but the
first element isn't used so the array should have 27 elements.
This matches fwevt_to_rnevt[] which has 27 elements.
The patch solves a Smatch static checker warning on my system:
drivers/scsi/csiostor/csio_rnode.c:880 csio_rnode_fwevt_handler()
error: buffer overflow '(rn)->stats.n_evt_fw' 26 <= 26
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
This goes on top of d69630e8a4222 "csiostor: Header file
modifications for chip support and bug fixes." That patch is in
linux-next but I don't know which tree it came from. It's not
the scsi for-next tree.
diff --git a/drivers/scsi/csiostor/csio_rnode.h b/drivers/scsi/csiostor/csio_rnode.h
index 6594009..4334342 100644
--- a/drivers/scsi/csiostor/csio_rnode.h
+++ b/drivers/scsi/csiostor/csio_rnode.h
@@ -63,7 +63,7 @@ struct csio_rnode_stats {
uint32_t n_err_nomem; /* error nomem */
uint32_t n_evt_unexp; /* unexpected event */
uint32_t n_evt_drop; /* unexpected event */
- uint32_t n_evt_fw[PROTO_ERR_IMPL_LOGO]; /* fw events */
+ uint32_t n_evt_fw[PROTO_ERR_IMPL_LOGO + 1]; /* fw events */
enum csio_rn_ev n_evt_sm[CSIO_RNFE_MAX_EVENT]; /* State m/c events */
uint32_t n_lun_rst; /* Number of resets of
* of LUNs under this
diff --git a/drivers/scsi/csiostor/csio_lnode.h b/drivers/scsi/csiostor/csio_lnode.h
index 0f9c041..372a67d 100644
--- a/drivers/scsi/csiostor/csio_lnode.h
+++ b/drivers/scsi/csiostor/csio_lnode.h
@@ -114,7 +114,7 @@ struct csio_lnode_stats {
uint32_t n_rnode_match; /* matched rnode */
uint32_t n_dev_loss_tmo; /* Device loss timeout */
uint32_t n_fdmi_err; /* fdmi err */
- uint32_t n_evt_fw[PROTO_ERR_IMPL_LOGO]; /* fw events */
+ uint32_t n_evt_fw[PROTO_ERR_IMPL_LOGO + 1]; /* fw events */
enum csio_ln_ev n_evt_sm[CSIO_LNE_MAX_EVENT]; /* State m/c events */
uint32_t n_rnode_alloc; /* rnode allocated */
uint32_t n_rnode_free; /* rnode freed */
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [patch -next] csiostor: off by one error
2013-03-16 10:07 [patch -next] csiostor: off by one error Dan Carpenter
@ 2013-03-25 12:00 ` Naresh Kumar Inna
0 siblings, 0 replies; 2+ messages in thread
From: Naresh Kumar Inna @ 2013-03-25 12:00 UTC (permalink / raw)
To: Dan Carpenter
Cc: James E.J. Bottomley, David S. Miller, Arvind Bhushan,
linux-scsi@vger.kernel.org, kbuild@01.org
On 3/16/2013 3:37 PM, Dan Carpenter wrote:
> We need to store PROTO_ERR_IMPL_LOGO (26) things here, but the
> first element isn't used so the array should have 27 elements.
> This matches fwevt_to_rnevt[] which has 27 elements.
>
> The patch solves a Smatch static checker warning on my system:
> drivers/scsi/csiostor/csio_rnode.c:880 csio_rnode_fwevt_handler()
> error: buffer overflow '(rn)->stats.n_evt_fw' 26 <= 26
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> This goes on top of d69630e8a4222 "csiostor: Header file
> modifications for chip support and bug fixes." That patch is in
> linux-next but I don't know which tree it came from. It's not
> the scsi for-next tree.
>
> diff --git a/drivers/scsi/csiostor/csio_rnode.h b/drivers/scsi/csiostor/csio_rnode.h
> index 6594009..4334342 100644
> --- a/drivers/scsi/csiostor/csio_rnode.h
> +++ b/drivers/scsi/csiostor/csio_rnode.h
> @@ -63,7 +63,7 @@ struct csio_rnode_stats {
> uint32_t n_err_nomem; /* error nomem */
> uint32_t n_evt_unexp; /* unexpected event */
> uint32_t n_evt_drop; /* unexpected event */
> - uint32_t n_evt_fw[PROTO_ERR_IMPL_LOGO]; /* fw events */
> + uint32_t n_evt_fw[PROTO_ERR_IMPL_LOGO + 1]; /* fw events */
> enum csio_rn_ev n_evt_sm[CSIO_RNFE_MAX_EVENT]; /* State m/c events */
> uint32_t n_lun_rst; /* Number of resets of
> * of LUNs under this
> diff --git a/drivers/scsi/csiostor/csio_lnode.h b/drivers/scsi/csiostor/csio_lnode.h
> index 0f9c041..372a67d 100644
> --- a/drivers/scsi/csiostor/csio_lnode.h
> +++ b/drivers/scsi/csiostor/csio_lnode.h
> @@ -114,7 +114,7 @@ struct csio_lnode_stats {
> uint32_t n_rnode_match; /* matched rnode */
> uint32_t n_dev_loss_tmo; /* Device loss timeout */
> uint32_t n_fdmi_err; /* fdmi err */
> - uint32_t n_evt_fw[PROTO_ERR_IMPL_LOGO]; /* fw events */
> + uint32_t n_evt_fw[PROTO_ERR_IMPL_LOGO + 1]; /* fw events */
> enum csio_ln_ev n_evt_sm[CSIO_LNE_MAX_EVENT]; /* State m/c events */
> uint32_t n_rnode_alloc; /* rnode allocated */
> uint32_t n_rnode_free; /* rnode freed */
>
Acked-by: Naresh Kumar Inna <naresh@chelsio.com>
Thanks,
Naresh.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-03-25 12:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-03-16 10:07 [patch -next] csiostor: off by one error Dan Carpenter
2013-03-25 12:00 ` Naresh Kumar Inna
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).