All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dan Carpenter <dan.carpenter@oracle.com>
To: houpu.main@gmail.com
Cc: linux-block@vger.kernel.org
Subject: [bug report] nbd: requeue command if the soecket is changed
Date: Tue, 17 Mar 2020 12:11:42 +0300	[thread overview]
Message-ID: <20200317091142.GA17584@mwanda> (raw)

Hello Hou Pu,

This is a semi-automatic email about new static checker warnings.

The patch 2c272542baee: "nbd: requeue command if the soecket is
changed" from Feb 28, 2020, leads to the following Smatch complaint:

    drivers/block/nbd.c:437 nbd_xmit_timeout()
    error: we previously assumed 'config->socks' could be null (see line 410)

drivers/block/nbd.c
   409			 */
   410			if (config->socks) {
                            ^^^^^^^^^^^^^
Check for NULL.

   411				if (cmd->index < config->num_connections) {
   412					struct nbd_sock *nsock =
   413						config->socks[cmd->index];
   414					mutex_lock(&nsock->tx_lock);
   415					/* We can have multiple outstanding requests, so
   416					 * we don't want to mark the nsock dead if we've
   417					 * already reconnected with a new socket, so
   418					 * only mark it dead if its the same socket we
   419					 * were sent out on.
   420					 */
   421					if (cmd->cookie == nsock->cookie)
   422						nbd_mark_nsock_dead(nbd, nsock, 1);
   423					mutex_unlock(&nsock->tx_lock);
   424				}
   425				mutex_unlock(&cmd->lock);
   426				nbd_requeue_cmd(cmd);
   427				nbd_config_put(nbd);
   428				return BLK_EH_DONE;
   429			}
   430		}
   431	
   432		if (!nbd->tag_set.timeout) {
   433			/*
   434			 * Userspace sets timeout=0 to disable socket disconnection,
   435			 * so just warn and reset the timer.
   436			 */
   437			struct nbd_sock *nsock = config->socks[cmd->index];
                                                 ^^^^^^^^^^^^^
New unchecked dereference.

Also on the other path, we check that "cmd->index" is within bounds but
here we just assume that it is.

   438			cmd->retries++;
   439			dev_info(nbd_to_dev(nbd), "Possible stuck request %p: control (%s@%llu,%uB). Runtime %u seconds\n",

regards,
dan carpenter

                 reply	other threads:[~2020-03-17  9:11 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200317091142.GA17584@mwanda \
    --to=dan.carpenter@oracle.com \
    --cc=houpu.main@gmail.com \
    --cc=linux-block@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.