dereference before check in ext4_move_extents()

dereference before check in ext4_move_extents()

[Dan Carpenter]

Hi, going through some static checker warnings and reporting bugs.
These were introduced a long time ago.

The patch 748de6736c1e: "ext4: online defrag -- Add EXT4_IOC_MOVE_EXT 
ioctl" from Jun 17, 2009, leads to the following Smatch complaint:

fs/ext4/move_extent.c:1381 ext4_move_extents()
	 warn: variable dereferenced before check 'holecheck_path' (see line 1292)

fs/ext4/move_extent.c
  1291			ext_prev = ext_cur;
  1292			last_extent = mext_next_extent(orig_inode, holecheck_path,
                                                                   ^^^^^^^^^^^^^^
Dereferenced unconditionally inside the mext_next_extent() function.

  1293							&ext_cur);
  1294			if (last_extent < 0) {
  1295				ret1 = last_extent;
  1296				break;
  1297			}

	[snip]

  1376			double_down_write_data_sem(orig_inode, donor_inode);
  1377			if (ret1 < 0)
  1378				break;
  1379	
  1380			/* Decrease buffer counter */
  1381			if (holecheck_path)
                            ^^^^^^^^^^^^^^
Checked here.

  1382				ext4_ext_drop_refs(holecheck_path);
  1383			ret1 = get_ext_path(orig_inode, seq_start, &holecheck_path);

regards,
dan carpenter

Re: dereference before check in ext4_move_extents()

[Akira Fujita]

Hi Dan,

> fs/ext4/move_extent.c:1381 ext4_move_extents()
> 	 warn: variable dereferenced before check 'holecheck_path' (see line 1292)

Thanks for reporting.
I tried to reproduce this with Smatch and kernel 3.4-rc7,
but another compile warning turned up.

# make CHECK="/home/KERN/smatch/smatch -p=kernel" C=1 bzImage modules

<snip>

  CHECK   fs/ext4/block_validity.c
  CC      fs/ext4/block_validity.o
  CHECK   fs/ext4/move_extent.c
fs/ext4/move_extent.c:696 mext_replace_branches() warn: variable dereferenced before check 'dext' (see line 686)
  CC      fs/ext4/move_extent.o
  CHECK   fs/ext4/mmp.c

I'll fix above compile warning surely, but it's not the original
you reported. Hmm, how can I reproduce yours?

Regards,
Akira Fujita


(2012/05/14 3:43), Dan Carpenter wrote:
> Hi, going through some static checker warnings and reporting bugs.
> These were introduced a long time ago.
> 
> The patch 748de6736c1e: "ext4: online defrag -- Add EXT4_IOC_MOVE_EXT
> ioctl" from Jun 17, 2009, leads to the following Smatch complaint:
> 
> fs/ext4/move_extent.c:1381 ext4_move_extents()
> 	 warn: variable dereferenced before check 'holecheck_path' (see line 1292)
> 
> fs/ext4/move_extent.c
>    1291			ext_prev = ext_cur;
>    1292			last_extent = mext_next_extent(orig_inode, holecheck_path,
>                                                                     ^^^^^^^^^^^^^^
> Dereferenced unconditionally inside the mext_next_extent() function.
> 
>    1293							&ext_cur);
>    1294			if (last_extent<  0) {
>    1295				ret1 = last_extent;
>    1296				break;
>    1297			}
> 
> 	[snip]
> 
>    1376			double_down_write_data_sem(orig_inode, donor_inode);
>    1377			if (ret1<  0)
>    1378				break;
>    1379	
>    1380			/* Decrease buffer counter */
>    1381			if (holecheck_path)
>                              ^^^^^^^^^^^^^^
> Checked here.
> 
>    1382				ext4_ext_drop_refs(holecheck_path);
>    1383			ret1 = get_ext_path(orig_inode, seq_start,&holecheck_path);
> 
> regards,
> dan carpenter
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

Re: dereference before check in ext4_move_extents()

[Dan Carpenter]

On Mon, May 14, 2012 at 05:30:23PM +0900, Akira Fujita wrote:
> I'll fix above compile warning surely, but it's not the original
> you reported. Hmm, how can I reproduce yours?
> 

Sorry, I apologize for that.  It's some new Smatch stuff I'm working
on.  I haven't pushed it yet.

regards,
dan carpenter

Re: dereference before check in ext4_move_extents()

[Akira Fujita]

> Sorry, I apologize for that.  It's some new Smatch stuff I'm working
> on.  I haven't pushed it yet.

Ok, I'll make a patch when new Smatch appears.

Regards,
Akira Fujita

(2012/05/14 17:51), Dan Carpenter wrote:
> On Mon, May 14, 2012 at 05:30:23PM +0900, Akira Fujita wrote:
>> I'll fix above compile warning surely, but it's not the original
>> you reported. Hmm, how can I reproduce yours?
>>
> 
> Sorry, I apologize for that.  It's some new Smatch stuff I'm working
> on.  I haven't pushed it yet.
> 
> regards,
> dan carpenter
> 
> 

Re: dereference before check in ext4_move_extents()

[Dan Carpenter]

On Tue, May 15, 2012 at 11:01:55AM +0900, Akira Fujita wrote:
> > Sorry, I apologize for that.  It's some new Smatch stuff I'm working
> > on.  I haven't pushed it yet.
> 
> Ok, I'll make a patch when new Smatch appears.
> 

That works.  The fix would be to remove the unnecessary NULL check
so there is no rush.

regards,
dan carpenter