Re: [PATCH] [SCSI] libsas: fix test for negative unsigned and typos

From: James Bottomley
Date: Wed Dec 03 2008 - 11:19:20 EST

Next message: Frédéric Weisbecker: "Re: [PATCH 2/2] ftrace: fix race in function graph during fork"
Previous message: Ingo Molnar: "Re: [PATCH 0/2] ftrace: fixes for tip"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 2008-11-29 at 11:31 -0500, roel kluin wrote:
> unsigned req->data_len cannot be negative, and fix typo
>
> Signed-off-by: Roel Kluin <roel.kluin@xxxxxxxxx>
> ---
> I am not sure whether this is what was intended, please review.

I think it was. The fix looks like we need it. However:

> diff --git a/drivers/scsi/libsas/sas_host_smp.c b/drivers/scsi/libsas/sas_host_smp.c
> index 16f9312..6eb0779 100644
> --- a/drivers/scsi/libsas/sas_host_smp.c
> +++ b/drivers/scsi/libsas/sas_host_smp.c
> @@ -199,12 +199,12 @@ int sas_smp_host_handler(struct Scsi_Host *shost, struct request *req,
> break;
>
> case SMP_DISCOVER:
> - req->data_len =- 16;
> - if (req->data_len < 0) {
> + if (req->data_len < 15) {
> req->data_len = 0;
> error = -EINVAL;
> goto out;
> }

What I don't like about this code is the magic numbers for lengths.
This patch now doubles them (and makes them even more magic by having <
n-1). How about fixing it like this instead:

if ((int)req->data_len < 0) {
...

That way the signed comparison just works if there was a negative
overflow?

Thanks,

James

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Frédéric Weisbecker: "Re: [PATCH 2/2] ftrace: fix race in function graph during fork"
Previous message: Ingo Molnar: "Re: [PATCH 0/2] ftrace: fixes for tip"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]