Re: [PATCH] Fix pointer arithmetic in hpt3xx driver code (3rd try)

[Sergei Shtylyov]

Hello.

Masoud Sharbiani wrote:

> git commit 74811f355f4f69a187fa74892dcf2a684b84ce99 causes crash at
> module load (or boot) time on my machine with a hpt374 controller.
> The reason for this is that for initializing second controller which sets
> (hwif->dev == host->dev[1]) to true (1), adds 1 to a void ptr, which
> advances it by one byte instead of advancing it by sizeof(hpt_info) bytes.
> Because of this, all initialization functions get corrupted data in info
> variable which causes a crash at boot time.
>
> This patch fixes that and makes my machine boot again.
>   

  This description is better, thanks. You could also mention that 
you're factoring out the code to get to the 'struct hpt_info' into a 
separate function...

> Signed-Off-By: Masoud Sharbiani <masouds@xxxxxxxxxx>
>
> diff --git a/drivers/ide/pci/hpt366.c b/drivers/ide/pci/hpt366.c
> index eb107ee..4eae284 100644
> --- a/drivers/ide/pci/hpt366.c
> +++ b/drivers/ide/pci/hpt366.c
> @@ -613,6 +613,14 @@ static int check_in_drive_list(ide_drive_t *drive, const char **list)
>  	return 0;
>  }
>  
> +static struct hpt_info *hpt3xx_get_info(struct device *dev)
> +{
> +	struct ide_host *host	= pci_get_drvdata(to_pci_dev(pci_dev));
>   

  Oops, this just won't compile. :-/
  And please re-consider passing 'struct pci_dev *' to this function 
since it's pre-calculated by the callers and is used by them otherwise 
in 5 (not even 4) cases out of 7.

> +	struct hpt_info *info	= (struct hpt_info *)host->host_priv;
> +
> +	return dev == host->dev[1] ? info + 1 : info;
>   

   The 'dev' here would turn into '&dev->dev' if the parameter type 
would be changed.

MBR, Sergei


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/