From: Julia Lawall <julia.law...@lip6.fr> Find_first_zero_bit considers BITS_PER_LONG bits at a time, and thus may return a larger number than the maximum position argument if that position is not a multiple of BITS_PER_LONG.
The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ expression e1,e2,e3; statement S1,S2; @@ e1 = find_first_zero_bit(e2,e3) ... if (e1 - == + >= e3) S1 else S2 // </smpl> Signed-off-by: Julia Lawall <julia.law...@lip6.fr> --- drivers/block/cciss.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -u -p a/drivers/block/cciss.c b/drivers/block/cciss.c --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c @@ -980,7 +980,7 @@ static CommandList_struct *cmd_alloc(ctl do { i = find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds); - if (i == h->nr_cmds) + if (i >= h->nr_cmds) return NULL; } while (test_and_set_bit(i, h->cmd_pool_bits) != 0); c = h->cmd_pool + i; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/