[patch] cxlflash: a couple off by one bugs

public inbox for linux-scsi@vger.kernel.org
 help / color / mirror / Atom feed

* [patch] cxlflash: a couple off by one bugs
@ 2015-09-22 12:32 Dan Carpenter
  2015-09-22 13:27 ` Manoj Kumar
  2015-09-22 15:41 ` Matthew R. Ochs
  0 siblings, 2 replies; 3+ messages in thread
From: Dan Carpenter @ 2015-09-22 12:32 UTC (permalink / raw)
  To: James E.J. Bottomley
  Cc: Manoj N. Kumar, Wen Xiong, Michael Neuling, Matthew R. Ochs,
	linux-scsi, kernel-janitors

The "> MAX_CONTEXT" should be ">= MAX_CONTEXT".  Otherwise we go one
step beyond the end of the cfg->ctx_tbl[] array.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/drivers/scsi/cxlflash/superpipe.c b/drivers/scsi/cxlflash/superpipe.c
index f1b62ce..05e0ecf 100644
--- a/drivers/scsi/cxlflash/superpipe.c
+++ b/drivers/scsi/cxlflash/superpipe.c
@@ -1315,7 +1315,7 @@ static int cxlflash_disk_attach(struct scsi_device *sdev,
 	}
 
 	ctxid = cxl_process_element(ctx);
-	if (unlikely((ctxid > MAX_CONTEXT) || (ctxid < 0))) {
+	if (unlikely((ctxid >= MAX_CONTEXT) || (ctxid < 0))) {
 		dev_err(dev, "%s: ctxid (%d) invalid!\n", __func__, ctxid);
 		rc = -EPERM;
 		goto err1;
@@ -1440,7 +1440,7 @@ static int recover_context(struct cxlflash_cfg *cfg, struct ctx_info *ctxi)
 	}
 
 	ctxid = cxl_process_element(ctx);
-	if (unlikely((ctxid > MAX_CONTEXT) || (ctxid < 0))) {
+	if (unlikely((ctxid >= MAX_CONTEXT) || (ctxid < 0))) {
 		dev_err(dev, "%s: ctxid (%d) invalid!\n", __func__, ctxid);
 		rc = -EPERM;
 		goto err1;

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [patch] cxlflash: a couple off by one bugs
  2015-09-22 12:32 [patch] cxlflash: a couple off by one bugs Dan Carpenter
@ 2015-09-22 13:27 ` Manoj Kumar
  2015-09-22 15:41 ` Matthew R. Ochs
  1 sibling, 0 replies; 3+ messages in thread
From: Manoj Kumar @ 2015-09-22 13:27 UTC (permalink / raw)
  To: Dan Carpenter, James E.J. Bottomley
  Cc: Wen Xiong, Michael Neuling, Matthew R. Ochs, linux-scsi,
	kernel-janitors

Reviewed-by: Manoj Kumar <manoj@linux.vnet.ibm.com>

---
Manoj Kumar

On 9/22/2015 7:32 AM, Dan Carpenter wrote:
> The "> MAX_CONTEXT" should be ">= MAX_CONTEXT".  Otherwise we go one
> step beyond the end of the cfg->ctx_tbl[] array.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/scsi/cxlflash/superpipe.c b/drivers/scsi/cxlflash/superpipe.c
> index f1b62ce..05e0ecf 100644
> --- a/drivers/scsi/cxlflash/superpipe.c
> +++ b/drivers/scsi/cxlflash/superpipe.c
> @@ -1315,7 +1315,7 @@ static int cxlflash_disk_attach(struct scsi_device *sdev,
>   	}
>
>   	ctxid = cxl_process_element(ctx);
> -	if (unlikely((ctxid > MAX_CONTEXT) || (ctxid < 0))) {
> +	if (unlikely((ctxid >= MAX_CONTEXT) || (ctxid < 0))) {
>   		dev_err(dev, "%s: ctxid (%d) invalid!\n", __func__, ctxid);
>   		rc = -EPERM;
>   		goto err1;
> @@ -1440,7 +1440,7 @@ static int recover_context(struct cxlflash_cfg *cfg, struct ctx_info *ctxi)
>   	}
>
>   	ctxid = cxl_process_element(ctx);
> -	if (unlikely((ctxid > MAX_CONTEXT) || (ctxid < 0))) {
> +	if (unlikely((ctxid >= MAX_CONTEXT) || (ctxid < 0))) {
>   		dev_err(dev, "%s: ctxid (%d) invalid!\n", __func__, ctxid);
>   		rc = -EPERM;
>   		goto err1;
>


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [patch] cxlflash: a couple off by one bugs
  2015-09-22 12:32 [patch] cxlflash: a couple off by one bugs Dan Carpenter
  2015-09-22 13:27 ` Manoj Kumar
@ 2015-09-22 15:41 ` Matthew R. Ochs
  1 sibling, 0 replies; 3+ messages in thread
From: Matthew R. Ochs @ 2015-09-22 15:41 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: James E.J. Bottomley, Manoj N. Kumar, Wen Xiong, Michael Neuling,
	linux-scsi, kernel-janitors

> On Sep 22, 2015, at 7:32 AM, Dan Carpenter <dan.carpenter@oracle.com> wrote:
> 
> The "> MAX_CONTEXT" should be ">= MAX_CONTEXT".  Otherwise we go one
> step beyond the end of the cfg->ctx_tbl[] array.

Acked-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>

> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/drivers/scsi/cxlflash/superpipe.c b/drivers/scsi/cxlflash/superpipe.c
> index f1b62ce..05e0ecf 100644
> --- a/drivers/scsi/cxlflash/superpipe.c
> +++ b/drivers/scsi/cxlflash/superpipe.c
> @@ -1315,7 +1315,7 @@ static int cxlflash_disk_attach(struct scsi_device *sdev,
> 	}
> 
> 	ctxid = cxl_process_element(ctx);
> -	if (unlikely((ctxid > MAX_CONTEXT) || (ctxid < 0))) {
> +	if (unlikely((ctxid >= MAX_CONTEXT) || (ctxid < 0))) {
> 		dev_err(dev, "%s: ctxid (%d) invalid!\n", __func__, ctxid);
> 		rc = -EPERM;
> 		goto err1;
> @@ -1440,7 +1440,7 @@ static int recover_context(struct cxlflash_cfg *cfg, struct ctx_info *ctxi)
> 	}
> 
> 	ctxid = cxl_process_element(ctx);
> -	if (unlikely((ctxid > MAX_CONTEXT) || (ctxid < 0))) {
> +	if (unlikely((ctxid >= MAX_CONTEXT) || (ctxid < 0))) {
> 		dev_err(dev, "%s: ctxid (%d) invalid!\n", __func__, ctxid);
> 		rc = -EPERM;
> 		goto err1;
> 


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2015-09-22 15:41 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-22 12:32 [patch] cxlflash: a couple off by one bugs Dan Carpenter
2015-09-22 13:27 ` Manoj Kumar
2015-09-22 15:41 ` Matthew R. Ochs

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox