Re: [stable] [PATCH] sbp2: fix check of return value of hpsb_allocate_and_register_addrspace

[Chris Wright]

* Stefan Richter (stefanr@xxxxxxxxxxxxxxxxx) wrote:
> I added a failure check in patch "sbp2: variable status FIFO address
> (fix login timeout)" --- alas for a wrong error value.  This is a bug
> since Linux 2.6.16.  Leads to NULL pointer dereference if the call
> failed, and bogus failure handling if call succeeded.
> 
> Signed-off-by: Stefan Richter <stefanr@xxxxxxxxxxxxxxxxx>
> ---
> applies to 2.6.17-rc5
> applies to 2.6.16.x after patch ''ohci1394, sbp2: fix "scsi_add_device
> failed" with PL-3507 based devices''
> 
> Index: linux-2.6.17-rc5/drivers/ieee1394/sbp2.c
> ===================================================================
> --- linux-2.6.17-rc5.orig/drivers/ieee1394/sbp2.c	2006-06-03 01:52:54.000000000 +0200
> +++ linux-2.6.17-rc5/drivers/ieee1394/sbp2.c	2006-06-03 01:54:23.000000000 +0200
> @@ -845,7 +845,7 @@ static struct scsi_id_instance_data *sbp
>  			&sbp2_highlevel, ud->ne->host, &sbp2_ops,
>  			sizeof(struct sbp2_status_block), sizeof(quadlet_t),
>  			0x010000000000ULL, CSR1212_ALL_SPACE_END);
> -	if (!scsi_id->status_fifo_addr) {
> +	if (scsi_id->status_fifo_addr == ~0ULL) {
>  		SBP2_ERR("failed to allocate status FIFO address range");
>  		goto failed_alloc;
>  	}
> 

Is that enough?

failed_alloc:
        sbp2_remove_device(scsi_id);

sbp2_remove_device(scsi_id)
  if (scsi_id->status_fifo_addr)
    hpsb_unregister_addrspace()

Suppose status_fifo_addr won't match any as->start.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/