Re: [PATCH 7/10] cciss: use safer test on the result of find_first_zero_bit

From: Jens Axboe
Date: Wed Jun 04 2014 - 12:55:59 EST


On 06/04/2014 08:51 AM, scameron@xxxxxxxxxxxxxxxxxx wrote:
>> Find_first_zero_bit considers BITS_PER_LONG bits at a time, and thus may
>> return a larger number than the maximum position argument if that position
>> is not a multiple of BITS_PER_LONG.
>>
>> The semantic match that finds this problem is as follows:
>> (http://coccinelle.lip6.fr/)
>>
>> // <smpl>
>> @@
>> expression e1,e2,e3;
>> statement S1,S2;
>> @@
>>
>> e1 = find_first_zero_bit(e2,e3)
>> ...
>> if (e1
>> - ==
>> + >=
>> e3)
>> S1 else S2
>> // </smpl>
>>
>> Signed-off-by: Julia Lawall <Julia.Lawall@xxxxxxx>
>>
>> ---
>> drivers/block/cciss.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff -u -p a/drivers/block/cciss.c b/drivers/block/cciss.c
>> --- a/drivers/block/cciss.c
>> +++ b/drivers/block/cciss.c
>> @@ -980,7 +980,7 @@ static CommandList_struct *cmd_alloc(ctl
>>
>> do {
>> i = find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds);
>> - if (i == h->nr_cmds)
>> + if (i >= h->nr_cmds)
>> return NULL;
>> } while (test_and_set_bit(i, h->cmd_pool_bits) != 0);
>> c = h->cmd_pool + i;
>
>
> Thanks. Ack.
>
> You can add
>
> Reviewed-by: Stephen M. Cameron <scameron@xxxxxxxxxxxxxxxxxx>
>
> to this patch if you want.
>
> You might consider adding "Cc: stable@xxxxxxxxxxxxxxx" into the
> sign-off area as well.

There are two such instances in cciss.c, btw.

--
Jens Axboe

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/