mvsas: don't allow negative timeouts

Message ID	20151113142323.GB1445@mwanda (mailing list archive)
State	Accepted, archived
Headers	show Return-Path: <linux-scsi-owner@kernel.org> Date: Fri, 13 Nov 2015 17:23:23 +0300 From: Dan Carpenter <dan.carpenter@oracle.com> To: "James E.J. Bottomley" <JBottomley@odin.com> Cc: Hannes Reinecke <hare@suse.de>, Dan Williams <dan.j.williams@intel.com>, Bart Van Assche <bvanassche@acm.org>, "Martin K. Petersen" <martin.petersen@oracle.com>, Johannes Thumshirn <jthumshirn@suse.de>, Jack Wang <jinpu.wang@profitbricks.com>, linux-scsi@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [patch] mvsas: don't allow negative timeouts Message-ID: <20151113142323.GB1445@mwanda> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk

Message ID

20151113142323.GB1445@mwanda (mailing list archive)

State

Accepted, archived

Headers

Date: Fri, 13 Nov 2015 17:23:23 +0300
From: Dan Carpenter <dan.carpenter@oracle.com>
To: "James E.J. Bottomley" <JBottomley@odin.com>
Cc: Hannes Reinecke <hare@suse.de>, Dan Williams <dan.j.williams@intel.com>,
	Bart Van Assche <bvanassche@acm.org>,
	"Martin K. Petersen" <martin.petersen@oracle.com>,
	Johannes Thumshirn <jthumshirn@suse.de>,
	Jack Wang <jinpu.wang@profitbricks.com>,
	linux-scsi@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: [patch] mvsas: don't allow negative timeouts
Message-ID: <20151113142323.GB1445@mwanda>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-scsi-owner@vger.kernel.org
Precedence: bulk

Commit Message

Dan Carpenter Nov. 13, 2015, 2:23 p.m. UTC

There is a static checker warning here because "val" is controlled by
the user and we have a upper bound on it but allow negative numbers.
"val" appears to be a timeout in usec so this bug probably means we
have a longer timeout than we should.  Let's fix this by changing "val"
to unsigned.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
Checkpatch has several complaints about this code but I left it as-is.

--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Jinpu Wang Nov. 13, 2015, 3:20 p.m. UTC | #1

On Fri, Nov 13, 2015 at 3:23 PM, Dan Carpenter <dan.carpenter@oracle.com> wrote:
> There is a static checker warning here because "val" is controlled by
> the user and we have a upper bound on it but allow negative numbers.
> "val" appears to be a timeout in usec so this bug probably means we
> have a longer timeout than we should.  Let's fix this by changing "val"
> to unsigned.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> Checkpatch has several complaints about this code but I left it as-is.
>
> diff --git a/drivers/scsi/mvsas/mv_init.c b/drivers/scsi/mvsas/mv_init.c
> index 90fdf0e..675e7fa 100644
> --- a/drivers/scsi/mvsas/mv_init.c
> +++ b/drivers/scsi/mvsas/mv_init.c
> @@ -758,7 +758,7 @@ mvs_store_interrupt_coalescing(struct device *cdev,
>                         struct device_attribute *attr,
>                         const char *buffer, size_t size)
>  {
> -       int val = 0;
> +       unsigned int val = 0;
>         struct mvs_info *mvi = NULL;
>         struct Scsi_Host *shost = class_to_shost(cdev);
>         struct sas_ha_struct *sha = SHOST_TO_SAS_HA(shost);
> @@ -766,7 +766,7 @@ mvs_store_interrupt_coalescing(struct device *cdev,
>         if (buffer == NULL)
>                 return size;
>
> -       if (sscanf(buffer, "%d", &val) != 1)
> +       if (sscanf(buffer, "%u", &val) != 1)
>                 return -EINVAL;
>
>         if (val >= 0x10000) {

Looks good to me.
Reviewed-by: Jack Wang <jinpu.wang@profitbricks.com>

Martin K. Petersen Nov. 13, 2015, 8:46 p.m. UTC | #2

>>>>> "Dan" == Dan Carpenter <dan.carpenter@oracle.com> writes:

Dan> There is a static checker warning here because "val" is controlled
Dan> by the user and we have a upper bound on it but allow negative
Dan> numbers.  "val" appears to be a timeout in usec so this bug
Dan> probably means we have a longer timeout than we should.  Let's fix
Dan> this by changing "val" to unsigned.

Applied.

diff --git a/drivers/scsi/mvsas/mv_init.c b/drivers/scsi/mvsas/mv_init.c
index 90fdf0e..675e7fa 100644
--- a/drivers/scsi/mvsas/mv_init.c
+++ b/drivers/scsi/mvsas/mv_init.c
@@ -758,7 +758,7 @@  mvs_store_interrupt_coalescing(struct device *cdev,
 			struct device_attribute *attr,
 			const char *buffer, size_t size)
 {
-	int val = 0;
+	unsigned int val = 0;
 	struct mvs_info *mvi = NULL;
 	struct Scsi_Host *shost = class_to_shost(cdev);
 	struct sas_ha_struct *sha = SHOST_TO_SAS_HA(shost);
@@ -766,7 +766,7 @@  mvs_store_interrupt_coalescing(struct device *cdev,
 	if (buffer == NULL)
 		return size;
 
-	if (sscanf(buffer, "%d", &val) != 1)
+	if (sscanf(buffer, "%u", &val) != 1)
 		return -EINVAL;
 
 	if (val >= 0x10000) {

mvsas: don't allow negative timeouts

Commit Message

Comments

Patch