On 06/04/2014 10:59 AM, Julia Lawall wrote: > > > On Wed, 4 Jun 2014, Jens Axboe wrote: > >> On 06/04/2014 08:51 AM, scame...@beardog.cce.hp.com wrote: >>>> Find_first_zero_bit considers BITS_PER_LONG bits at a time, and thus may >>>> return a larger number than the maximum position argument if that position >>>> is not a multiple of BITS_PER_LONG. >>>> >>>> The semantic match that finds this problem is as follows: >>>> (http://coccinelle.lip6.fr/) >>>> >>>> // <smpl> >>>> @@ >>>> expression e1,e2,e3; >>>> statement S1,S2; >>>> @@ >>>> >>>> e1 = find_first_zero_bit(e2,e3) >>>> ... >>>> if (e1 >>>> - == >>>> + >= >>>> e3) >>>> S1 else S2 >>>> // </smpl> >>>> >>>> Signed-off-by: Julia Lawall <julia.law...@lip6.fr> >>>> >>>> --- >>>> drivers/block/cciss.c | 2 +- >>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>> >>>> diff -u -p a/drivers/block/cciss.c b/drivers/block/cciss.c >>>> --- a/drivers/block/cciss.c >>>> +++ b/drivers/block/cciss.c >>>> @@ -980,7 +980,7 @@ static CommandList_struct *cmd_alloc(ctl >>>> >>>> do { >>>> i = find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds); >>>> - if (i == h->nr_cmds) >>>> + if (i >= h->nr_cmds) >>>> return NULL; >>>> } while (test_and_set_bit(i, h->cmd_pool_bits) != 0); >>>> c = h->cmd_pool + i; >>> >>> >>> Thanks. Ack. >>> >>> You can add >>> >>> Reviewed-by: Stephen M. Cameron <scame...@beardog.cce.hp.com> >>> >>> to this patch if you want. >>> >>> You might consider adding "Cc: sta...@vger.kernel.org" into the >>> sign-off area as well. >> >> There are two such instances in cciss.c, btw. > > Actually, there seem to be three, and I didn't find the other two because > the assignment is inlined into the test. But the patch isn't needed > anyway, because it turns out that the result never goes over the bound > value.
I have always defensively programmed it, but it would make a shitty API if it did. -- Jens Axboe -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
