From: Kevin Wolf <kwolf@redhat.com>
To: "Дмитрий Фролов" <frolov@swemel.ru>
Cc: hreitz@redhat.com, qemu-block@nongnu.org,
sdl.qemu@linuxtesting.org, qemu-devel@nongnu.org
Subject: Re: [PATCH] block/monitor: blk_bs() return value check
Date: Fri, 24 Nov 2023 17:49:20 +0100 [thread overview]
Message-ID: <ZWDUEOutdtCNLOW_@redhat.com> (raw)
In-Reply-To: <53dc30ea-1156-f91f-736f-62ddc9401d68@swemel.ru>
Am 24.11.2023 um 15:05 hat Дмитрий Фролов geschrieben:
>
>
> On 24.11.2023 16:06, Kevin Wolf wrote:
> > Am 24.11.2023 um 12:30 hat Dmitry Frolov geschrieben:
> > > blk_bs() may return NULL, which will be dereferenced without a check in
> > > bdrv_commit().
> > >
> > > Found by Linux Verification Center (linuxtesting.org) with SVACE.
> > >
> > > Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
> > Do you have a reproducer for a crash?
> Actually, there was no crash. This problem was found by static analyzer.
> > As far as I can see, it will not be dereferenced, because
> > blk_is_available() returns false and we return an error before
> > calling bdrv_commit():
> As I see, there are 2 reasons, why blk_bs() may return NULL:
> blk->root == NULL or blk->root->bs == NULL
blk->root->bs == NULL shouldn't happen, but the code we're looking at is
safe even for this case.
> At the same time, blk_is_available() checks for
> blk_co_is_inserted(blk) and blk_dev_is_tray_open(blk).
> Does it also guarantee that blk->root and blk->root->bs are not NULL?
> This is not really obvious.
blk_co_is_inserted() does, it returns false for blk_bs(blk) == NULL.
> Maybe, in this case, it makes sense to check blk->root before of
> checking blk_is_available()?
Checking blk->root and those few other things is a really common thing
that most operations do, which is why we have blk_is_available() to
check all of this. If we did the checks before calling it, we wouldn't
need blk_is_available() any more.
Kevin
prev parent reply other threads:[~2023-11-24 16:50 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-24 11:30 [PATCH] block/monitor: blk_bs() return value check Dmitry Frolov
2023-11-24 13:06 ` Kevin Wolf
2023-11-24 14:05 ` Дмитрий Фролов
2023-11-24 16:49 ` Kevin Wolf [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZWDUEOutdtCNLOW_@redhat.com \
--to=kwolf@redhat.com \
--cc=frolov@swemel.ru \
--cc=hreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=sdl.qemu@linuxtesting.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.