Re: New Defects based on recent changes in Kernel code found by Coverity Scan

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andrew Morton <akpm@linux-foundation.org>
To: Chris Mason <chris.mason@fusionio.com>
Cc: Scan Subscription <scan-subscription@coverity.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>,
	"Chris L. Mason" <clmason@fusionio.com>,
	Bing Zhao <bzhao@marvell.com>,
	Robert Love <robert.w.love@intel.com>,
	Andrew Vasquez <andrew.vasquez@qlogic.com>,
	"Theodore Ts'o" <tytso@mit.edu>,
	"linux-ext4@vger.kernel.org" <linux-ext4@vger.kernel.org>,
	Mattia Dongili <malattia@linux.it>,
	Matthew Garrett <mjg@redhat.com>
Subject: Re: New Defects based on recent changes in Kernel code found by Coverity Scan
Date: Thu, 5 Jul 2012 12:44:26 -0700	[thread overview]
Message-ID: <20120705124426.c4a2f347.akpm@linux-foundation.org> (raw)
In-Reply-To: <20120705153316.GN14928@shiny>

On Thu, 5 Jul 2012 11:33:16 -0400 Chris Mason <chris.mason@fusionio.com> wrote:

> > > * CID 709112: Dereference after null check - fs/btrfs/ioctl.c, line: 1309 Comparing "device->fs_devices" to null implies that "device->fs_devices" might be null, and then it is deference
> > > fs/btrfs/ioctl.c:1309
> > 
> > Chris.
> 
> Thanks for forwarding this.  But I'm a little confused, our line 1309 is
> this:
> 
>         if (device->fs_devices && device->fs_devices->seeding) {
> 
> Is coverity telling me that I'm using fs_devices later on in the
> function without extra checks?  Some functions we call do assume it
> isn't null, but the seeding devices are special snowflakes. 

There were more details further down in the email:

> ____________________________________________________________________________________________________________
> CID 709112: Dereference after null check 
> 
> fs/btrfs/ioctl.c:1309
> 1256 static noinline int btrfs_ioctl_resize(struct btrfs_root *root,
> 1257                                        void __user *arg)
> 1258 {
> ...
> >>> At conditional (1): "device->fs_devices" taking the false branch.
> >>> CID 709112: Dereference after null check (FORWARD_NULL) Comparing "device->fs_devices" to null implies that "device->fs_devices" might be null.
> 1309        if (device->fs_devices && device->fs_devices->seeding) {
> 1310                printk(KERN_INFO "btrfs: resizer unable to apply on "
> 1311                       "seeding device %llu\n", devid);
> 1312                ret = -EINVAL;
> 1313                goto out_free;
> 1314        }
> ...
> >>> Passing null variable "device->fs_devices" to function "btrfs_grow_device", which dereferences it. 
> 1367                ret = btrfs_grow_device(trans, device, new_size);
> 1368                btrfs_commit_transaction(trans, root);
> 1369        } else if (new_size < old_size) {
> >>> Passing null variable "device->fs_devices" to function "btrfs_shrink_device", which dereferences it. 
> 1370                ret = btrfs_shrink_device(device, new_size);
> 1371        }
> 1378 }

     prev parent reply	other threads:[~2012-07-05 19:44 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-06-28 18:32 New Defects based on recent changes in Kernel code found by Coverity Scan Scan Subscription
2012-07-03 22:27 ` Andrew Morton
2012-07-03 23:05   ` Bing Zhao
2012-07-04  3:31   ` [Patch] kernel/sys.c: fix an incorrect error branch in orderly_poweroff() Cong Wang
2012-07-04  6:44     ` David Rientjes
2012-07-04  6:56     ` Cyrill Gorcunov
2012-07-05  2:59     ` Kees Cook
2012-07-11 23:23     ` Andrew Morton
2012-07-11 23:32       ` Andrew Morton
     [not found]   ` <20120703152739.ea7df9e6.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2012-07-05 14:52     ` [PATCH] fcoe: Remove redundant 'less than zero' check Robert Love
2012-07-09 23:29       ` Andrew Morton
2012-07-09 23:50         ` Love, Robert W
2012-07-05 15:12   ` New Defects based on recent changes in Kernel code found by Coverity Scan Love, Robert W
2012-07-05 15:33   ` Chris Mason
2012-07-05 19:44     ` Andrew Morton [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120705124426.c4a2f347.akpm@linux-foundation.org \
    --to=akpm@linux-foundation.org \
    --cc=andrew.vasquez@qlogic.com \
    --cc=bzhao@marvell.com \
    --cc=chris.mason@fusionio.com \
    --cc=clmason@fusionio.com \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-scsi@vger.kernel.org \
    --cc=malattia@linux.it \
    --cc=mjg@redhat.com \
    --cc=robert.w.love@intel.com \
    --cc=scan-subscription@coverity.com \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.