From: Julia Lawall <Julia.Lawall@xxxxxxx> Find_first_zero_bit considers BITS_PER_LONG bits at a time, and thus may return a larger number than the maximum position argument if that position is not a multiple of BITS_PER_LONG. The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ expression e1,e2,e3; statement S1,S2; @@ e1 = find_first_zero_bit(e2,e3) ... if (e1 - == + >= e3) S1 else S2 // </smpl> Signed-off-by: Julia Lawall <Julia.Lawall@xxxxxxx> --- drivers/scsi/hpsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -u -p a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -4703,7 +4703,7 @@ static struct CommandList *cmd_alloc(str spin_lock_irqsave(&h->lock, flags); do { i = find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds); - if (i == h->nr_cmds) { + if (i >= h->nr_cmds) { spin_unlock_irqrestore(&h->lock, flags); return NULL; } -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html