[Bug 34422] New: Error-valued pointers used in pointer arithmetic in SCSI

linux-scsi.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [Bug 34422] New: Error-valued pointers used in pointer arithmetic in SCSI
@ 2011-05-04 14:22 bugzilla-daemon
  2014-06-25 15:50 ` [Bug 34422] " bugzilla-daemon
  0 siblings, 1 reply; 2+ messages in thread
From: bugzilla-daemon @ 2011-05-04 14:22 UTC (permalink / raw)
  To: linux-scsi

https://bugzilla.kernel.org/show_bug.cgi?id=34422

           Summary: Error-valued pointers used in pointer arithmetic in
                    SCSI
           Product: SCSI Drivers
           Version: 2.5
    Kernel Version: 2.6.38.3
          Platform: All
        OS/Version: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: Other
        AssignedTo: scsi_drivers-other@kernel-bugs.osdl.org
        ReportedBy: crubio@cs.wisc.edu
        Regression: No


Created an attachment (id=56582)
 --> (https://bugzilla.kernel.org/attachment.cgi?id=56582)
Complete sample traces and slices describing bad pointer arithmetic in SCSI

We have statically analyzed SCSI, VFS and the memory management module to
find error-valued pointers that are used in pointer arithmetic. We have found
12 instances:

include/linux/mm.h:389: Using variable virt_to_head_page#x in pointer
arithmetic, which may contain one of the following error codes: ENOMEM* 

m/slub.c:251: Using variable check_valid_pointer#object in pointer arithmetic,
which may contain one of the following error codes: ENOMEM* 

mm/slub.c:358: Using variable get_track#object in pointer arithmetic, which may
contain one of the following error codes: ENOMEM* 

mm/slub.c:360: Using variable get_track#object in pointer arithmetic, which may
contain one of the following error codes: ENOMEM* 

mm/slub.c:452: Using variable print_trailer#p in pointer arithmetic, which may
contain one of the following error codes: ENOMEM*

mm/slub.c:457: Using variable print_trailer#p in pointer arithmetic, which may
contain one of the following error codes: ENOMEM* 

mm/slub.c:470: Using variable print_trailer#p in pointer arithmetic, which may
contain one of the following error codes: ENOMEM*

m/slub.c:505: Using variable init_object#p in pointer arithmetic, which may
contain one of the following error codes: ENOMEM* 

mm/slub.c:537: Using variable check_bytes_and_report#start in pointer
arithmetic, which may contain one of the following error codes: ENOMEM*

mm/slub.c:603: Using variable check_pad_bytes#p in pointer arithmetic, which
may contain one of the following error codes: ENOMEM* 

mm/slub.c:643: Using variable check_object#object in pointer arithmetic, which
may contain one of the following error codes: ENOMEM* 

mm/slub.c:657: Using variable check_object#p in pointer arithmetic, which may
contain one of the following error codes: ENOMEM* 

For each case above, our tool produces a complete sample trace and a
corresponding slice. The complete sample trace illustrates how one error code
may reach the program point at which the error-valued pointer is used in
pointer arithmetic. The slice summarizes the complete sample trace by
including only relevant program points at which the error code is transferred
from variable to variable or returned by a function. Sample traces and slices
are attached.

All cases seem to be related: the error originates in the memory management
module, then it is propagated through VFS code (where there are some error
checks), SCSI code, and finally back to the memory management module where the
bad pointer arithmetic occurs (see sample traces). These bad pointer arithmetic
instances are reported only when analyzing SCSI code (and not any file system
implementation).

-- 
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [Bug 34422] Error-valued pointers used in pointer arithmetic in SCSI
  2011-05-04 14:22 [Bug 34422] New: Error-valued pointers used in pointer arithmetic in SCSI bugzilla-daemon
@ 2014-06-25 15:50 ` bugzilla-daemon
  0 siblings, 0 replies; 2+ messages in thread
From: bugzilla-daemon @ 2014-06-25 15:50 UTC (permalink / raw)
  To: linux-scsi

https://bugzilla.kernel.org/show_bug.cgi?id=34422

xerofoify@gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |xerofoify@gmail.com

--- Comment #1 from xerofoify@gmail.com ---
Please check this bug against a newer kernel to see if it's 
fixed.
Cheers Nick

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2014-06-25 15:50 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-05-04 14:22 [Bug 34422] New: Error-valued pointers used in pointer arithmetic in SCSI bugzilla-daemon
2014-06-25 15:50 ` [Bug 34422] " bugzilla-daemon

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).