From: Lars Ellenberg <lars.ellenberg@linbit.com>
To: drbd-dev@lists.linbit.com
Subject: Re: [Drbd-dev] [bug report] drbd: Backport the "events2" command
Date: Fri, 24 Feb 2017 16:29:42 +0100 [thread overview]
Message-ID: <20170224152942.GY21236@soda.linbit> (raw)
In-Reply-To: <20170223155508.GA12798@mwanda>
On Thu, Feb 23, 2017 at 06:55:08PM +0300, Dan Carpenter wrote:
> Hello Andreas Gruenbacher,
Andreas has since moved to more exiting challenges :)
> The patch a29728463b25: "drbd: Backport the "events2" command" from
> Jul 31, 2014, leads to the following static checker warning:
>
> drivers/block/drbd/drbd_nl.c:4934 get_initial_state()
> error: dereferencing freed memory 'skb'
>
> drivers/block/drbd/drbd_nl.c
> 4880 static int get_initial_state(struct sk_buff *skb, struct netlink_callback *cb)
> 4881 {
> 4882 struct drbd_state_change *state_change = (struct drbd_state_change *)cb->args[0];
> 4883 unsigned int seq = cb->args[2];
> 4884 unsigned int n;
> 4885 enum drbd_notification_type flags = 0;
> 4886
> 4887 /* There is no need for taking notification_mutex here: it doesn't
> 4888 matter if the initial state events mix with later state chage
> 4889 events; we can always tell the events apart by the NOTIFY_EXISTS
> 4890 flag. */
> 4891
> 4892 cb->args[5]--;
> 4893 if (cb->args[5] == 1) {
> 4894 notify_initial_state_done(skb, seq);
> ^^^
> skb is freed on error inside notify_initial_state_done().
So notify_resource_state_change needs to become non void,
and we need to change notify_initial_state_done(); goto out;
to return notify_initial_state_done();
right?
--
: Lars Ellenberg
: LINBIT | Keeping the Digital World Running
: DRBD -- Heartbeat -- Corosync -- Pacemaker
: R&D, Integration, Ops, Consulting, Support
DRBD® and LINBIT® are registered trademarks of LINBIT
next prev parent reply other threads:[~2017-02-24 15:29 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-23 15:55 [Drbd-dev] [bug report] drbd: Backport the "events2" command Dan Carpenter
2017-02-24 15:29 ` Lars Ellenberg [this message]
-- strict thread matches above, loose matches on Subject: below --
2017-03-06 15:22 Dan Carpenter
2017-03-06 15:58 ` Lars Ellenberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170224152942.GY21236@soda.linbit \
--to=lars.ellenberg@linbit.com \
--cc=drbd-dev@lists.linbit.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.