LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] [SCSI] megaraid_sas: Fix possible divide-by-zero bugs in megaraid_sas_fp.c
@ 2021-08-11 13:16 Tuo Li
  2021-08-11 13:58 ` James Bottomley
  0 siblings, 1 reply; 2+ messages in thread
From: Tuo Li @ 2021-08-11 13:16 UTC (permalink / raw)
  To: kashyap.desai, sumit.saxena, shivasharan.srikanteshwara, jejb,
	martin.petersen
  Cc: megaraidlinux.pdl, linux-scsi, linux-kernel, baijiaju1990,
	Tuo Li, TOTE Robot

In the function mega_mod64(). the variable is checked in:
  if (!divisor)

This indicates that divisor can be zero.
If so, a divide-by-zero bug will occur:
  remainder = do_div(d, divisor);

Also, in the function mega_div64_32(), a divide-by-zero bug can also occur 
if divisor is NULL.

To fix these divide-by-zero bugs, the functions return 0 if divisor is 
zero.

Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Tuo Li <islituo@gmail.com>
---
 drivers/scsi/megaraid/megaraid_sas_fp.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/scsi/megaraid/megaraid_sas_fp.c b/drivers/scsi/megaraid/megaraid_sas_fp.c
index 83f69c33b01a..05eb0d201aed 100644
--- a/drivers/scsi/megaraid/megaraid_sas_fp.c
+++ b/drivers/scsi/megaraid/megaraid_sas_fp.c
@@ -72,8 +72,10 @@ u32 mega_mod64(u64 dividend, u32 divisor)
 	u64 d;
 	u32 remainder;
 
-	if (!divisor)
+	if (!divisor) {
 		printk(KERN_ERR "megasas : DIVISOR is zero, in div fn\n");
+		return 0;
+	}
 	d = dividend;
 	remainder = do_div(d, divisor);
 	return remainder;
@@ -90,8 +92,10 @@ static u64 mega_div64_32(uint64_t dividend, uint32_t divisor)
 {
 	u64 d = dividend;
 
-	if (!divisor)
+	if (!divisor) {
 		printk(KERN_ERR "megasas : DIVISOR is zero in mod fn\n");
+		return 0;
+	}
 
 	do_div(d, divisor);
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] [SCSI] megaraid_sas: Fix possible divide-by-zero bugs in megaraid_sas_fp.c
  2021-08-11 13:16 [PATCH] [SCSI] megaraid_sas: Fix possible divide-by-zero bugs in megaraid_sas_fp.c Tuo Li
@ 2021-08-11 13:58 ` James Bottomley
  0 siblings, 0 replies; 2+ messages in thread
From: James Bottomley @ 2021-08-11 13:58 UTC (permalink / raw)
  To: Tuo Li, kashyap.desai, sumit.saxena, shivasharan.srikanteshwara,
	martin.petersen
  Cc: megaraidlinux.pdl, linux-scsi, linux-kernel, baijiaju1990, TOTE Robot

On Wed, 2021-08-11 at 06:16 -0700, Tuo Li wrote:
> In the function mega_mod64(). the variable is checked in:
>   if (!divisor)
> 
> This indicates that divisor can be zero.
> If so, a divide-by-zero bug will occur:
>   remainder = do_div(d, divisor);
> 
> Also, in the function mega_div64_32(), a divide-by-zero bug can also
> occur if divisor is NULL.
> 
> To fix these divide-by-zero bugs, the functions return 0 if divisor
> is zero.

How exactly is this fixing anything?  Simply returning zero because
there is a dividion by zero isn't a fix unless you know what that
return is going to do.  If you look at the inputs to all the
mega_div/mod functions, they're already checked for zero divisor before
calling, so the error handling is already being done correctly and this
"fix" would add nothing to that.  You can argue that the check and
print is pointless since the condition never occurs, but it's not
exactly fast path code.

James





^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-08-11 14:00 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-11 13:16 [PATCH] [SCSI] megaraid_sas: Fix possible divide-by-zero bugs in megaraid_sas_fp.c Tuo Li
2021-08-11 13:58 ` James Bottomley

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).