* [PATCH] [SCSI] libsas: fix test for negative unsigned and typos
@ 2008-11-29 16:31 roel kluin
2008-12-03 16:19 ` James Bottomley
0 siblings, 1 reply; 2+ messages in thread
From: roel kluin @ 2008-11-29 16:31 UTC (permalink / raw)
To: James.Bottomley; +Cc: linux-scsi, linux-kernel
unsigned req->data_len cannot be negative, and fix typo
Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
---
I am not sure whether this is what was intended, please review.
diff --git a/drivers/scsi/libsas/sas_host_smp.c b/drivers/scsi/libsas/sas_host_smp.c
index 16f9312..6eb0779 100644
--- a/drivers/scsi/libsas/sas_host_smp.c
+++ b/drivers/scsi/libsas/sas_host_smp.c
@@ -199,12 +199,12 @@ int sas_smp_host_handler(struct Scsi_Host *shost, struct request *req,
break;
case SMP_DISCOVER:
- req->data_len =- 16;
- if (req->data_len < 0) {
+ if (req->data_len < 15) {
req->data_len = 0;
error = -EINVAL;
goto out;
}
+ req->data_len -= 16;
resp_data_len -= 56;
sas_host_smp_discover(sas_ha, resp_data, req_data[9]);
break;
@@ -215,12 +215,12 @@ int sas_smp_host_handler(struct Scsi_Host *shost, struct request *req,
break;
case SMP_REPORT_PHY_SATA:
- req->data_len =- 16;
- if (req->data_len < 0) {
+ if (req->data_len < 15) {
req->data_len = 0;
error = -EINVAL;
goto out;
}
+ req->data_len -= 16;
resp_data_len -= 60;
sas_report_phy_sata(sas_ha, resp_data, req_data[9]);
break;
@@ -238,12 +238,12 @@ int sas_smp_host_handler(struct Scsi_Host *shost, struct request *req,
break;
case SMP_PHY_CONTROL:
- req->data_len =- 44;
- if (req->data_len < 0) {
+ if (req->data_len < 43) {
req->data_len = 0;
error = -EINVAL;
goto out;
}
+ req->data_len -= 44;
resp_data_len -= 8;
sas_phy_control(sas_ha, req_data[9], req_data[10],
req_data[32] >> 4, req_data[33] >> 4,
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] [SCSI] libsas: fix test for negative unsigned and typos
2008-11-29 16:31 [PATCH] [SCSI] libsas: fix test for negative unsigned and typos roel kluin
@ 2008-12-03 16:19 ` James Bottomley
0 siblings, 0 replies; 2+ messages in thread
From: James Bottomley @ 2008-12-03 16:19 UTC (permalink / raw)
To: roel kluin; +Cc: linux-scsi, linux-kernel
On Sat, 2008-11-29 at 11:31 -0500, roel kluin wrote:
> unsigned req->data_len cannot be negative, and fix typo
>
> Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
> ---
> I am not sure whether this is what was intended, please review.
I think it was. The fix looks like we need it. However:
> diff --git a/drivers/scsi/libsas/sas_host_smp.c b/drivers/scsi/libsas/sas_host_smp.c
> index 16f9312..6eb0779 100644
> --- a/drivers/scsi/libsas/sas_host_smp.c
> +++ b/drivers/scsi/libsas/sas_host_smp.c
> @@ -199,12 +199,12 @@ int sas_smp_host_handler(struct Scsi_Host *shost, struct request *req,
> break;
>
> case SMP_DISCOVER:
> - req->data_len =- 16;
> - if (req->data_len < 0) {
> + if (req->data_len < 15) {
> req->data_len = 0;
> error = -EINVAL;
> goto out;
> }
What I don't like about this code is the magic numbers for lengths.
This patch now doubles them (and makes them even more magic by having <
n-1). How about fixing it like this instead:
if ((int)req->data_len < 0) {
...
That way the signed comparison just works if there was a negative
overflow?
Thanks,
James
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-12-03 16:19 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-11-29 16:31 [PATCH] [SCSI] libsas: fix test for negative unsigned and typos roel kluin
2008-12-03 16:19 ` James Bottomley
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox