From: "Bjørn Mork" <bjorn@mork.no>
To: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Cc: Bo.Yang@lsi.com, linux-scsi@vger.kernel.org,
megaraidlinux@lsi.com, James.Bottomley@suse.de
Subject: Re: [PATCH] [SCSI] megaraid_sas: Sanity check user supplied length before passing it to dma_alloc_coherent()
Date: Wed, 19 Jan 2011 09:56:34 +0100 [thread overview]
Message-ID: <87lj2h2rwd.fsf@nemi.mork.no> (raw)
In-Reply-To: <20110119165809X.fujita.tomonori@lab.ntt.co.jp> (FUJITA Tomonori's message of "Wed, 19 Jan 2011 17:12:00 +0900")
FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> writes:
> The patch looks fine to me. dma_alloc_coherent() doesn't take zero for
> the size argument (causes a kernel crash). The driver can't assume
> that an applications is sane so it needs to check the size that an
> application passed on.
>
> Unfortunately, your patch can't be applied to the latest git. I think
> that you need to submit the updated patch first. After it's merged,
> you can send stable maintainers the modified patch that can be applied
> to stable kernels.
>
> Btw, about your patch, it's better to use "if (!hoge)" instead of "if
> (hoge == 0)"
I believe that is a matter of taste, although I tend to agree that it
looks better. I used the "(hoge == 0)" syntax to try to keep in line
with the style already used in this driver, like e.g.
static int
megasas_queue_command_lck(struct scsi_cmnd *scmd, void (*done) (struct scsi_cmnd *))
{
struct megasas_instance *instance;
unsigned long flags;
instance = (struct megasas_instance *)
scmd->device->host->hostdata;
if (instance->issuepend_done == 0)
return SCSI_MLQUEUE_HOST_BUSY;
but I see now that there are quite a few "if (!hoge)" as well, so I will
update as you suggest.
> and kbuff_arr[] is initialized so seems that you don't
> need to reset it again.
Thanks. Don't understand how I could have missed that.
> The updated patch would be something like:
>
> diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
> index 5d6d07b..cee1d3b 100644
> --- a/drivers/scsi/megaraid/megaraid_sas_base.c
> +++ b/drivers/scsi/megaraid/megaraid_sas_base.c
> @@ -4611,6 +4611,9 @@ megasas_mgmt_fw_ioctl(struct megasas_instance *instance,
> * For each user buffer, create a mirror buffer and copy in
> */
> for (i = 0; i < ioc->sge_count; i++) {
> + if (!ioc->sgl[i].iov_len)
> + continue;
> +
> kbuff_arr[i] = dma_alloc_coherent(&instance->pdev->dev,
> ioc->sgl[i].iov_len,
> &buf_handle, GFP_KERNEL);
Yes, I'll followup with that in a separate mail. Thanks a lot for your
thorough review.
Bjørn
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-01-19 8:57 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4CDAD4A4.1080205@ngs.ru>
2010-11-11 18:02 ` [PATCH] [SCSI] megaraid_sas: Sanity check user supplied length before passing it to dma_alloc_coherent() Bjørn Mork
2010-12-03 14:37 ` Bjørn Mork
2011-01-18 21:46 ` Bjørn Mork
[not found] ` <4B6A08C587958942AA3002690DD4F8C30106FA7846@cosmail02.lsi.com>
2011-01-19 6:33 ` Bjørn Mork
2011-01-19 8:12 ` FUJITA Tomonori
2011-01-19 8:56 ` Bjørn Mork [this message]
2011-01-19 9:01 ` [PATCH v3] " Bjørn Mork
2011-01-20 0:20 ` [PATCH] " Benz, Michael
2011-01-20 2:39 ` FUJITA Tomonori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87lj2h2rwd.fsf@nemi.mork.no \
--to=bjorn@mork.no \
--cc=Bo.Yang@lsi.com \
--cc=James.Bottomley@suse.de \
--cc=fujita.tomonori@lab.ntt.co.jp \
--cc=linux-scsi@vger.kernel.org \
--cc=megaraidlinux@lsi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox