* [patch] cxlflash: a couple off by one bugs
@ 2015-09-22 12:32 Dan Carpenter
2015-09-22 13:27 ` Manoj Kumar
2015-09-22 15:41 ` Matthew R. Ochs
0 siblings, 2 replies; 3+ messages in thread
From: Dan Carpenter @ 2015-09-22 12:32 UTC (permalink / raw)
To: James E.J. Bottomley
Cc: Manoj N. Kumar, Wen Xiong, Michael Neuling, Matthew R. Ochs,
linux-scsi, kernel-janitors
The "> MAX_CONTEXT" should be ">= MAX_CONTEXT". Otherwise we go one
step beyond the end of the cfg->ctx_tbl[] array.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/scsi/cxlflash/superpipe.c b/drivers/scsi/cxlflash/superpipe.c
index f1b62ce..05e0ecf 100644
--- a/drivers/scsi/cxlflash/superpipe.c
+++ b/drivers/scsi/cxlflash/superpipe.c
@@ -1315,7 +1315,7 @@ static int cxlflash_disk_attach(struct scsi_device *sdev,
}
ctxid = cxl_process_element(ctx);
- if (unlikely((ctxid > MAX_CONTEXT) || (ctxid < 0))) {
+ if (unlikely((ctxid >= MAX_CONTEXT) || (ctxid < 0))) {
dev_err(dev, "%s: ctxid (%d) invalid!\n", __func__, ctxid);
rc = -EPERM;
goto err1;
@@ -1440,7 +1440,7 @@ static int recover_context(struct cxlflash_cfg *cfg, struct ctx_info *ctxi)
}
ctxid = cxl_process_element(ctx);
- if (unlikely((ctxid > MAX_CONTEXT) || (ctxid < 0))) {
+ if (unlikely((ctxid >= MAX_CONTEXT) || (ctxid < 0))) {
dev_err(dev, "%s: ctxid (%d) invalid!\n", __func__, ctxid);
rc = -EPERM;
goto err1;
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [patch] cxlflash: a couple off by one bugs
2015-09-22 12:32 [patch] cxlflash: a couple off by one bugs Dan Carpenter
@ 2015-09-22 13:27 ` Manoj Kumar
2015-09-22 15:41 ` Matthew R. Ochs
1 sibling, 0 replies; 3+ messages in thread
From: Manoj Kumar @ 2015-09-22 13:27 UTC (permalink / raw)
To: Dan Carpenter, James E.J. Bottomley
Cc: Wen Xiong, Michael Neuling, Matthew R. Ochs, linux-scsi,
kernel-janitors
Reviewed-by: Manoj Kumar <manoj@linux.vnet.ibm.com>
---
Manoj Kumar
On 9/22/2015 7:32 AM, Dan Carpenter wrote:
> The "> MAX_CONTEXT" should be ">= MAX_CONTEXT". Otherwise we go one
> step beyond the end of the cfg->ctx_tbl[] array.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/scsi/cxlflash/superpipe.c b/drivers/scsi/cxlflash/superpipe.c
> index f1b62ce..05e0ecf 100644
> --- a/drivers/scsi/cxlflash/superpipe.c
> +++ b/drivers/scsi/cxlflash/superpipe.c
> @@ -1315,7 +1315,7 @@ static int cxlflash_disk_attach(struct scsi_device *sdev,
> }
>
> ctxid = cxl_process_element(ctx);
> - if (unlikely((ctxid > MAX_CONTEXT) || (ctxid < 0))) {
> + if (unlikely((ctxid >= MAX_CONTEXT) || (ctxid < 0))) {
> dev_err(dev, "%s: ctxid (%d) invalid!\n", __func__, ctxid);
> rc = -EPERM;
> goto err1;
> @@ -1440,7 +1440,7 @@ static int recover_context(struct cxlflash_cfg *cfg, struct ctx_info *ctxi)
> }
>
> ctxid = cxl_process_element(ctx);
> - if (unlikely((ctxid > MAX_CONTEXT) || (ctxid < 0))) {
> + if (unlikely((ctxid >= MAX_CONTEXT) || (ctxid < 0))) {
> dev_err(dev, "%s: ctxid (%d) invalid!\n", __func__, ctxid);
> rc = -EPERM;
> goto err1;
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [patch] cxlflash: a couple off by one bugs
2015-09-22 12:32 [patch] cxlflash: a couple off by one bugs Dan Carpenter
2015-09-22 13:27 ` Manoj Kumar
@ 2015-09-22 15:41 ` Matthew R. Ochs
1 sibling, 0 replies; 3+ messages in thread
From: Matthew R. Ochs @ 2015-09-22 15:41 UTC (permalink / raw)
To: Dan Carpenter
Cc: James E.J. Bottomley, Manoj N. Kumar, Wen Xiong, Michael Neuling,
linux-scsi, kernel-janitors
> On Sep 22, 2015, at 7:32 AM, Dan Carpenter <dan.carpenter@oracle.com> wrote:
>
> The "> MAX_CONTEXT" should be ">= MAX_CONTEXT". Otherwise we go one
> step beyond the end of the cfg->ctx_tbl[] array.
Acked-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/scsi/cxlflash/superpipe.c b/drivers/scsi/cxlflash/superpipe.c
> index f1b62ce..05e0ecf 100644
> --- a/drivers/scsi/cxlflash/superpipe.c
> +++ b/drivers/scsi/cxlflash/superpipe.c
> @@ -1315,7 +1315,7 @@ static int cxlflash_disk_attach(struct scsi_device *sdev,
> }
>
> ctxid = cxl_process_element(ctx);
> - if (unlikely((ctxid > MAX_CONTEXT) || (ctxid < 0))) {
> + if (unlikely((ctxid >= MAX_CONTEXT) || (ctxid < 0))) {
> dev_err(dev, "%s: ctxid (%d) invalid!\n", __func__, ctxid);
> rc = -EPERM;
> goto err1;
> @@ -1440,7 +1440,7 @@ static int recover_context(struct cxlflash_cfg *cfg, struct ctx_info *ctxi)
> }
>
> ctxid = cxl_process_element(ctx);
> - if (unlikely((ctxid > MAX_CONTEXT) || (ctxid < 0))) {
> + if (unlikely((ctxid >= MAX_CONTEXT) || (ctxid < 0))) {
> dev_err(dev, "%s: ctxid (%d) invalid!\n", __func__, ctxid);
> rc = -EPERM;
> goto err1;
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-09-22 15:41 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-22 12:32 [patch] cxlflash: a couple off by one bugs Dan Carpenter
2015-09-22 13:27 ` Manoj Kumar
2015-09-22 15:41 ` Matthew R. Ochs
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox