2023-03-01 17:19:42

by Jakob Koschel

[permalink] [raw]
Subject: [PATCH] scsi: lpfc: avoid usage of list iterator variable after loop

If the &epd_pool->list is empty when executing
lpfc_get_io_buf_from_expedite_pool() the function would return an
invalid pointer. Even in the case if the list is guaranteed to be
populated, the iterator variable should not be used after the loop to be
more robust for future changes.

Linus proposed to avoid any use of the list iterator variable after the
loop, in the attempt to move the list iterator variable declaration into
the marcro to avoid any potential misuse after the loop [1].

Link: https://lore.kernel.org/all/CAHk-=wgRr_D8CB-D9Kg-c=EHreAsk5SqXPwr9Y7k9sA6cWXJ6w@mail.gmail.com/ [1]
Signed-off-by: Jakob Koschel <[email protected]>
---
drivers/scsi/lpfc/lpfc_sli.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
index edbd81c3b643..5d06bf6d4f39 100644
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -21899,20 +21899,20 @@ lpfc_get_io_buf_from_private_pool(struct lpfc_hba *phba,
static struct lpfc_io_buf *
lpfc_get_io_buf_from_expedite_pool(struct lpfc_hba *phba)
{
- struct lpfc_io_buf *lpfc_ncmd;
+ struct lpfc_io_buf *lpfc_ncmd = NULL, *iter;
struct lpfc_io_buf *lpfc_ncmd_next;
unsigned long iflag;
struct lpfc_epd_pool *epd_pool;

epd_pool = &phba->epd_pool;
- lpfc_ncmd = NULL;

spin_lock_irqsave(&epd_pool->lock, iflag);
if (epd_pool->count > 0) {
- list_for_each_entry_safe(lpfc_ncmd, lpfc_ncmd_next,
+ list_for_each_entry_safe(iter, lpfc_ncmd_next,
&epd_pool->list, list) {
- list_del(&lpfc_ncmd->list);
+ list_del(&iter->list);
epd_pool->count--;
+ lpfc_ncmd = iter;
break;
}
}

---
base-commit: c0927a7a5391f7d8e593e5e50ead7505a23cadf9
change-id: 20230301-scsi-lpfc-avoid-list-iterator-after-loop-7b7d5c3a8efc

Best regards,
--
Jakob Koschel <[email protected]>



2023-03-01 23:01:39

by Justin Tee

[permalink] [raw]
Subject: Re: [PATCH] scsi: lpfc: avoid usage of list iterator variable after loop

On Wed, Mar 1, 2023 at 9:30 AM Jakob Koschel <[email protected]> wrote:
>
> If the &epd_pool->list is empty when executing
> lpfc_get_io_buf_from_expedite_pool() the function would return an
> invalid pointer. Even in the case if the list is guaranteed to be
> populated, the iterator variable should not be used after the loop to be
> more robust for future changes.
>
> Linus proposed to avoid any use of the list iterator variable after the
> loop, in the attempt to move the list iterator variable declaration into
> the marcro to avoid any potential misuse after the loop [1].
>
> Link: https://lore.kernel.org/all/CAHk-=wgRr_D8CB-D9Kg-c=EHreAsk5SqXPwr9Y7k9sA6cWXJ6w@mail.gmail.com/ [1]
> Signed-off-by: Jakob Koschel <[email protected]>
> ---
> drivers/scsi/lpfc/lpfc_sli.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
> index edbd81c3b643..5d06bf6d4f39 100644
> --- a/drivers/scsi/lpfc/lpfc_sli.c
> +++ b/drivers/scsi/lpfc/lpfc_sli.c
> @@ -21899,20 +21899,20 @@ lpfc_get_io_buf_from_private_pool(struct lpfc_hba *phba,
> static struct lpfc_io_buf *
> lpfc_get_io_buf_from_expedite_pool(struct lpfc_hba *phba)
> {
> - struct lpfc_io_buf *lpfc_ncmd;
> + struct lpfc_io_buf *lpfc_ncmd = NULL, *iter;
> struct lpfc_io_buf *lpfc_ncmd_next;
> unsigned long iflag;
> struct lpfc_epd_pool *epd_pool;
>
> epd_pool = &phba->epd_pool;
> - lpfc_ncmd = NULL;
>
> spin_lock_irqsave(&epd_pool->lock, iflag);
> if (epd_pool->count > 0) {
> - list_for_each_entry_safe(lpfc_ncmd, lpfc_ncmd_next,
> + list_for_each_entry_safe(iter, lpfc_ncmd_next,
> &epd_pool->list, list) {
> - list_del(&lpfc_ncmd->list);
> + list_del(&iter->list);
> epd_pool->count--;
> + lpfc_ncmd = iter;
> break;
> }
> }
>
> ---
> base-commit: c0927a7a5391f7d8e593e5e50ead7505a23cadf9
> change-id: 20230301-scsi-lpfc-avoid-list-iterator-after-loop-7b7d5c3a8efc
>
> Best regards,
> --
> Jakob Koschel <[email protected]>
>

Reviewed-by: Justin Tee <[email protected]>

Thanks looks fine.

Regards,
Justin

2023-03-07 02:57:51

by Martin K. Petersen

[permalink] [raw]
Subject: Re: [PATCH] scsi: lpfc: avoid usage of list iterator variable after loop

On Wed, 01 Mar 2023 18:19:14 +0100, Jakob Koschel wrote:

> If the &epd_pool->list is empty when executing
> lpfc_get_io_buf_from_expedite_pool() the function would return an
> invalid pointer. Even in the case if the list is guaranteed to be
> populated, the iterator variable should not be used after the loop to be
> more robust for future changes.
>
> Linus proposed to avoid any use of the list iterator variable after the
> loop, in the attempt to move the list iterator variable declaration into
> the marcro to avoid any potential misuse after the loop [1].
>
> [...]

Applied to 6.3/scsi-fixes, thanks!

[1/1] scsi: lpfc: avoid usage of list iterator variable after loop
https://git.kernel.org/mkp/scsi/c/2850b23e9f9a

--
Martin K. Petersen Oracle Linux Engineering