* [PATCH] smb/client: avoid possible NULL dereference in cifs_free_subrequest()
@ 2024-08-08 12:23 Su Hui
2024-08-08 21:51 ` Steve French
2024-08-09 15:00 ` Dan Carpenter
0 siblings, 2 replies; 7+ messages in thread
From: Su Hui @ 2024-08-08 12:23 UTC (permalink / raw)
To: sfrench, pc, ronniesahlberg, sprasad, tom, bharathsm, nathan,
ndesaulniers, morbo, justinstitt
Cc: Su Hui, linux-cifs, samba-technical, linux-kernel, llvm,
kernel-janitors
Clang static checker (scan-build) warning:
cifsglob.h:line 890, column 3
Access to field 'ops' results in a dereference of a null pointer.
Commit 519be989717c ("cifs: Add a tracepoint to track credits involved in
R/W requests") adds a check for 'rdata->server', and let clang throw this
warning about NULL dereference.
When 'rdata->credits.value != 0 && rdata->server == NULL' happens,
add_credits_and_wake_if() will call rdata->server->ops->add_credits().
This will cause NULL dereference problem. Add a check for 'rdata->server'
to avoid NULL dereference.
Signed-off-by: Su Hui <suhui@nfschina.com>
---
fs/smb/client/file.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c
index b2405dd4d4d4..45459af5044d 100644
--- a/fs/smb/client/file.c
+++ b/fs/smb/client/file.c
@@ -315,7 +315,7 @@ static void cifs_free_subrequest(struct netfs_io_subrequest *subreq)
#endif
}
- if (rdata->credits.value != 0)
+ if (rdata->credits.value != 0) {
trace_smb3_rw_credits(rdata->rreq->debug_id,
rdata->subreq.debug_index,
rdata->credits.value,
@@ -323,8 +323,12 @@ static void cifs_free_subrequest(struct netfs_io_subrequest *subreq)
rdata->server ? rdata->server->in_flight : 0,
-rdata->credits.value,
cifs_trace_rw_credits_free_subreq);
+ if (rdata->server)
+ add_credits_and_wake_if(rdata->server, &rdata->credits, 0);
+ else
+ rdata->credits.value = 0;
+ }
- add_credits_and_wake_if(rdata->server, &rdata->credits, 0);
if (rdata->have_xid)
free_xid(rdata->xid);
}
--
2.30.2
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [PATCH] smb/client: avoid possible NULL dereference in cifs_free_subrequest() 2024-08-08 12:23 [PATCH] smb/client: avoid possible NULL dereference in cifs_free_subrequest() Su Hui @ 2024-08-08 21:51 ` Steve French 2024-08-09 15:00 ` Dan Carpenter 1 sibling, 0 replies; 7+ messages in thread From: Steve French @ 2024-08-08 21:51 UTC (permalink / raw) To: Su Hui Cc: pc, ronniesahlberg, sprasad, tom, bharathsm, nathan, ndesaulniers, morbo, justinstitt, linux-cifs, samba-technical, linux-kernel, llvm, kernel-janitors, David Howells Tentatively merged into cifs-2.6.git pending review/testing Did minor update to add Cc: stable On Thu, Aug 8, 2024 at 7:26 AM Su Hui <suhui@nfschina.com> wrote: > > Clang static checker (scan-build) warning: > cifsglob.h:line 890, column 3 > Access to field 'ops' results in a dereference of a null pointer. > > Commit 519be989717c ("cifs: Add a tracepoint to track credits involved in > R/W requests") adds a check for 'rdata->server', and let clang throw this > warning about NULL dereference. > > When 'rdata->credits.value != 0 && rdata->server == NULL' happens, > add_credits_and_wake_if() will call rdata->server->ops->add_credits(). > This will cause NULL dereference problem. Add a check for 'rdata->server' > to avoid NULL dereference. > > Signed-off-by: Su Hui <suhui@nfschina.com> > --- > fs/smb/client/file.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c > index b2405dd4d4d4..45459af5044d 100644 > --- a/fs/smb/client/file.c > +++ b/fs/smb/client/file.c > @@ -315,7 +315,7 @@ static void cifs_free_subrequest(struct netfs_io_subrequest *subreq) > #endif > } > > - if (rdata->credits.value != 0) > + if (rdata->credits.value != 0) { > trace_smb3_rw_credits(rdata->rreq->debug_id, > rdata->subreq.debug_index, > rdata->credits.value, > @@ -323,8 +323,12 @@ static void cifs_free_subrequest(struct netfs_io_subrequest *subreq) > rdata->server ? rdata->server->in_flight : 0, > -rdata->credits.value, > cifs_trace_rw_credits_free_subreq); > + if (rdata->server) > + add_credits_and_wake_if(rdata->server, &rdata->credits, 0); > + else > + rdata->credits.value = 0; > + } > > - add_credits_and_wake_if(rdata->server, &rdata->credits, 0); > if (rdata->have_xid) > free_xid(rdata->xid); > } > -- > 2.30.2 > > -- Thanks, Steve ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] smb/client: avoid possible NULL dereference in cifs_free_subrequest() 2024-08-08 12:23 [PATCH] smb/client: avoid possible NULL dereference in cifs_free_subrequest() Su Hui 2024-08-08 21:51 ` Steve French @ 2024-08-09 15:00 ` Dan Carpenter 2024-08-09 15:11 ` Dan Carpenter 2024-08-09 15:38 ` Steve French 1 sibling, 2 replies; 7+ messages in thread From: Dan Carpenter @ 2024-08-09 15:00 UTC (permalink / raw) To: Su Hui, David Howells Cc: sfrench, pc, ronniesahlberg, sprasad, tom, bharathsm, nathan, ndesaulniers, morbo, justinstitt, linux-cifs, samba-technical, linux-kernel, llvm, kernel-janitors On Thu, Aug 08, 2024 at 08:23:32PM +0800, Su Hui wrote: > Clang static checker (scan-build) warning: > cifsglob.h:line 890, column 3 > Access to field 'ops' results in a dereference of a null pointer. > > Commit 519be989717c ("cifs: Add a tracepoint to track credits involved in > R/W requests") adds a check for 'rdata->server', and let clang throw this > warning about NULL dereference. > > When 'rdata->credits.value != 0 && rdata->server == NULL' happens, > add_credits_and_wake_if() will call rdata->server->ops->add_credits(). > This will cause NULL dereference problem. Add a check for 'rdata->server' > to avoid NULL dereference. > > Signed-off-by: Su Hui <suhui@nfschina.com> Needs a Fixes tag. Also when you add a Fixes tag, then get_maintainer will add the David Howells automatically. I've added him manually. > --- > fs/smb/client/file.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c > index b2405dd4d4d4..45459af5044d 100644 > --- a/fs/smb/client/file.c > +++ b/fs/smb/client/file.c > @@ -315,7 +315,7 @@ static void cifs_free_subrequest(struct netfs_io_subrequest *subreq) > #endif > } > > - if (rdata->credits.value != 0) > + if (rdata->credits.value != 0) { > trace_smb3_rw_credits(rdata->rreq->debug_id, > rdata->subreq.debug_index, > rdata->credits.value, > @@ -323,8 +323,12 @@ static void cifs_free_subrequest(struct netfs_io_subrequest *subreq) > rdata->server ? rdata->server->in_flight : 0, > -rdata->credits.value, > cifs_trace_rw_credits_free_subreq); > + if (rdata->server) > + add_credits_and_wake_if(rdata->server, &rdata->credits, 0); > + else > + rdata->credits.value = 0; ^^^^^^^^^^^^^^^^^^^^^^^^^ Why do this? regards, dan carpenter ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] smb/client: avoid possible NULL dereference in cifs_free_subrequest() 2024-08-09 15:00 ` Dan Carpenter @ 2024-08-09 15:11 ` Dan Carpenter 2024-08-09 15:42 ` Steve French 2024-08-09 15:38 ` Steve French 1 sibling, 1 reply; 7+ messages in thread From: Dan Carpenter @ 2024-08-09 15:11 UTC (permalink / raw) To: Su Hui, David Howells Cc: sfrench, pc, ronniesahlberg, sprasad, tom, bharathsm, nathan, ndesaulniers, morbo, justinstitt, linux-cifs, samba-technical, linux-kernel, llvm, kernel-janitors On Fri, Aug 09, 2024 at 06:00:26PM +0300, Dan Carpenter wrote: > On Thu, Aug 08, 2024 at 08:23:32PM +0800, Su Hui wrote: > > Clang static checker (scan-build) warning: > > cifsglob.h:line 890, column 3 > > Access to field 'ops' results in a dereference of a null pointer. > > > > Commit 519be989717c ("cifs: Add a tracepoint to track credits involved in > > R/W requests") adds a check for 'rdata->server', and let clang throw this > > warning about NULL dereference. > > > > When 'rdata->credits.value != 0 && rdata->server == NULL' happens, > > add_credits_and_wake_if() will call rdata->server->ops->add_credits(). > > This will cause NULL dereference problem. Add a check for 'rdata->server' > > to avoid NULL dereference. > > > > Signed-off-by: Su Hui <suhui@nfschina.com> > > Needs a Fixes tag. > > Also when you add a Fixes tag, then get_maintainer will add the David Howells > automatically. I've added him manually. > Actually, David should have been CC'd but the fixes tag wouldn't have pointed to his patch. This is an inconsistent NULL checking warning. It's not clear to me if the NULL checks should be removed or more added. If David were trying to fix a NULL pointer dereference and accidentally left one unchecked dereference out then the Fixes tag would point to his patch. Since David was doing something unrelated then we don't point to his patch. Instead it would point to the first patch to introduce the dereference. regards, dan carpenter ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] smb/client: avoid possible NULL dereference in cifs_free_subrequest() 2024-08-09 15:11 ` Dan Carpenter @ 2024-08-09 15:42 ` Steve French 2024-08-09 15:46 ` Steve French 0 siblings, 1 reply; 7+ messages in thread From: Steve French @ 2024-08-09 15:42 UTC (permalink / raw) To: Dan Carpenter Cc: Su Hui, David Howells, sfrench, pc, ronniesahlberg, sprasad, tom, bharathsm, nathan, ndesaulniers, morbo, justinstitt, linux-cifs, samba-technical, linux-kernel, llvm, kernel-janitors On Fri, Aug 9, 2024 at 10:11 AM Dan Carpenter <dan.carpenter@linaro.org> wrote: > > On Fri, Aug 09, 2024 at 06:00:26PM +0300, Dan Carpenter wrote: > > On Thu, Aug 08, 2024 at 08:23:32PM +0800, Su Hui wrote: > > > Clang static checker (scan-build) warning: > > > cifsglob.h:line 890, column 3 > > > Access to field 'ops' results in a dereference of a null pointer. > > > > > > Commit 519be989717c ("cifs: Add a tracepoint to track credits involved in > > > R/W requests") adds a check for 'rdata->server', and let clang throw this > > > warning about NULL dereference. > > > > > > When 'rdata->credits.value != 0 && rdata->server == NULL' happens, > > > add_credits_and_wake_if() will call rdata->server->ops->add_credits(). > > > This will cause NULL dereference problem. Add a check for 'rdata->server' > > > to avoid NULL dereference. > > > > > > Signed-off-by: Su Hui <suhui@nfschina.com> > > > > Needs a Fixes tag. > > > > Also when you add a Fixes tag, then get_maintainer will add the David Howells > > automatically. I've added him manually. > > > > Actually, David should have been CC'd but the fixes tag wouldn't have pointed > to his patch. > > This is an inconsistent NULL checking warning. It's not clear to me if the NULL > checks should be removed or more added. If David were trying to fix a NULL > pointer dereference and accidentally left one unchecked dereference out then the > Fixes tag would point to his patch. Since David was doing something unrelated Looks like (if this is even possible for server to to be null) then I will need to change the fixes to commit 69c3c023af25. I will update the tag in the current patch in for-next Author: David Howells <dhowells@redhat.com> Date: Fri Oct 6 18:16:15 2023 +0100 cifs: Implement netfslib hooks Provide implementation of the netfslib hooks that will be used by netfslib to ask cifs to set up and perform operations. -- Thanks, Steve ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] smb/client: avoid possible NULL dereference in cifs_free_subrequest() 2024-08-09 15:42 ` Steve French @ 2024-08-09 15:46 ` Steve French 0 siblings, 0 replies; 7+ messages in thread From: Steve French @ 2024-08-09 15:46 UTC (permalink / raw) To: Dan Carpenter Cc: Su Hui, David Howells, sfrench, pc, ronniesahlberg, sprasad, tom, bharathsm, nathan, ndesaulniers, morbo, justinstitt, linux-cifs, samba-technical, linux-kernel, llvm, kernel-janitors [-- Attachment #1: Type: text/plain, Size: 2239 bytes --] Updated patch to change Fixes tag and Cc: David On Fri, Aug 9, 2024 at 10:42 AM Steve French <smfrench@gmail.com> wrote: > > On Fri, Aug 9, 2024 at 10:11 AM Dan Carpenter <dan.carpenter@linaro.org> wrote: > > > > On Fri, Aug 09, 2024 at 06:00:26PM +0300, Dan Carpenter wrote: > > > On Thu, Aug 08, 2024 at 08:23:32PM +0800, Su Hui wrote: > > > > Clang static checker (scan-build) warning: > > > > cifsglob.h:line 890, column 3 > > > > Access to field 'ops' results in a dereference of a null pointer. > > > > > > > > Commit 519be989717c ("cifs: Add a tracepoint to track credits involved in > > > > R/W requests") adds a check for 'rdata->server', and let clang throw this > > > > warning about NULL dereference. > > > > > > > > When 'rdata->credits.value != 0 && rdata->server == NULL' happens, > > > > add_credits_and_wake_if() will call rdata->server->ops->add_credits(). > > > > This will cause NULL dereference problem. Add a check for 'rdata->server' > > > > to avoid NULL dereference. > > > > > > > > Signed-off-by: Su Hui <suhui@nfschina.com> > > > > > > Needs a Fixes tag. > > > > > > Also when you add a Fixes tag, then get_maintainer will add the David Howells > > > automatically. I've added him manually. > > > > > > > Actually, David should have been CC'd but the fixes tag wouldn't have pointed > > to his patch. > > > > This is an inconsistent NULL checking warning. It's not clear to me if the NULL > > checks should be removed or more added. If David were trying to fix a NULL > > pointer dereference and accidentally left one unchecked dereference out then the > > Fixes tag would point to his patch. Since David was doing something unrelated > > Looks like (if this is even possible for server to to be null) then I > will need to change > the fixes to commit 69c3c023af25. I will update the tag in the current > patch in for-next > > Author: David Howells <dhowells@redhat.com> > Date: Fri Oct 6 18:16:15 2023 +0100 > > cifs: Implement netfslib hooks > > Provide implementation of the netfslib hooks that will be used by netfslib > to ask cifs to set up and perform operations. > -- > Thanks, > > Steve -- Thanks, Steve [-- Attachment #2: 0001-smb-client-avoid-possible-NULL-dereference-in-cifs_f.patch --] [-- Type: text/x-patch, Size: 2025 bytes --] From 59ac1aac1550731ca241007af660fc5278c88136 Mon Sep 17 00:00:00 2001 From: Su Hui <suhui@nfschina.com> Date: Thu, 8 Aug 2024 20:23:32 +0800 Subject: [PATCH] smb/client: avoid possible NULL dereference in cifs_free_subrequest() Clang static checker (scan-build) warning: cifsglob.h:line 890, column 3 Access to field 'ops' results in a dereference of a null pointer. Commit 519be989717c ("cifs: Add a tracepoint to track credits involved in R/W requests") adds a check for 'rdata->server', and let clang throw this warning about NULL dereference. When 'rdata->credits.value != 0 && rdata->server == NULL' happens, add_credits_and_wake_if() will call rdata->server->ops->add_credits(). This will cause NULL dereference problem. Add a check for 'rdata->server' to avoid NULL dereference. Cc: stable@vger.kernel.org Fixes: 69c3c023af25 ("cifs: Implement netfslib hooks") Cc: David Howells <dhowells@redhat.com> Signed-off-by: Su Hui <suhui@nfschina.com> Signed-off-by: Steve French <stfrench@microsoft.com> --- fs/smb/client/file.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index b2405dd4d4d4..45459af5044d 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -315,7 +315,7 @@ static void cifs_free_subrequest(struct netfs_io_subrequest *subreq) #endif } - if (rdata->credits.value != 0) + if (rdata->credits.value != 0) { trace_smb3_rw_credits(rdata->rreq->debug_id, rdata->subreq.debug_index, rdata->credits.value, @@ -323,8 +323,12 @@ static void cifs_free_subrequest(struct netfs_io_subrequest *subreq) rdata->server ? rdata->server->in_flight : 0, -rdata->credits.value, cifs_trace_rw_credits_free_subreq); + if (rdata->server) + add_credits_and_wake_if(rdata->server, &rdata->credits, 0); + else + rdata->credits.value = 0; + } - add_credits_and_wake_if(rdata->server, &rdata->credits, 0); if (rdata->have_xid) free_xid(rdata->xid); } -- 2.43.0 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] smb/client: avoid possible NULL dereference in cifs_free_subrequest() 2024-08-09 15:00 ` Dan Carpenter 2024-08-09 15:11 ` Dan Carpenter @ 2024-08-09 15:38 ` Steve French 1 sibling, 0 replies; 7+ messages in thread From: Steve French @ 2024-08-09 15:38 UTC (permalink / raw) To: Dan Carpenter Cc: Su Hui, David Howells, sfrench, pc, ronniesahlberg, sprasad, tom, bharathsm, nathan, ndesaulniers, morbo, justinstitt, linux-cifs, samba-technical, linux-kernel, llvm, kernel-janitors On Fri, Aug 9, 2024 at 10:01 AM Dan Carpenter <dan.carpenter@linaro.org> wrote: > > On Thu, Aug 08, 2024 at 08:23:32PM +0800, Su Hui wrote: > > Clang static checker (scan-build) warning: > > cifsglob.h:line 890, column 3 > > Access to field 'ops' results in a dereference of a null pointer. > > > > Commit 519be989717c ("cifs: Add a tracepoint to track credits involved in > > R/W requests") adds a check for 'rdata->server', and let clang throw this > > warning about NULL dereference. > > > > When 'rdata->credits.value != 0 && rdata->server == NULL' happens, > > add_credits_and_wake_if() will call rdata->server->ops->add_credits(). > > This will cause NULL dereference problem. Add a check for 'rdata->server' > > to avoid NULL dereference. > > > > Signed-off-by: Su Hui <suhui@nfschina.com> > > Needs a Fixes tag. I had added a fixes tag > Also when you add a Fixes tag, then get_maintainer will add the David Howells > automatically. I've added him manually. > > > --- > > fs/smb/client/file.c | 8 ++++++-- > > 1 file changed, 6 insertions(+), 2 deletions(-) > > > > diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c > > index b2405dd4d4d4..45459af5044d 100644 > > --- a/fs/smb/client/file.c > > +++ b/fs/smb/client/file.c > > @@ -315,7 +315,7 @@ static void cifs_free_subrequest(struct netfs_io_subrequest *subreq) > > #endif > > } > > > > - if (rdata->credits.value != 0) > > + if (rdata->credits.value != 0) { > > trace_smb3_rw_credits(rdata->rreq->debug_id, > > rdata->subreq.debug_index, > > rdata->credits.value, > > @@ -323,8 +323,12 @@ static void cifs_free_subrequest(struct netfs_io_subrequest *subreq) > > rdata->server ? rdata->server->in_flight : 0, > > -rdata->credits.value, > > cifs_trace_rw_credits_free_subreq); > > + if (rdata->server) > > + add_credits_and_wake_if(rdata->server, &rdata->credits, 0); > > + else > > + rdata->credits.value = 0; > ^^^^^^^^^^^^^^^^^^^^^^^^^ > Why do this? add_credits_and_wake() has the effect of setting credits->value to 0 so seems reasonable here (in the case where add_credits_and_wake can not be safely called), even if an extremely unlikely for rdata->server to be null. -- Thanks, Steve ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-08-09 15:47 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-08-08 12:23 [PATCH] smb/client: avoid possible NULL dereference in cifs_free_subrequest() Su Hui 2024-08-08 21:51 ` Steve French 2024-08-09 15:00 ` Dan Carpenter 2024-08-09 15:11 ` Dan Carpenter 2024-08-09 15:42 ` Steve French 2024-08-09 15:46 ` Steve French 2024-08-09 15:38 ` Steve French
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox