Coverity: jbd_unlock_bh_journal_head(): Memory - corruptions

Coverity: jbd_unlock_bh_journal_head(): Memory - corruptions

[coverity-bot]

Hello!

This is an experimental automated report about issues detected by Coverity
from a scan of next-20191108 as part of the linux-next weekly scan project:
https://scan.coverity.com/projects/linux-next-weekly-scan

You're getting this email because you were associated with the identified
lines of code (noted below) that were touched by recent commits:

c290ea01abb7 ("fs: Remove ext3 filesystem driver")

Coverity reported the following:

*** CID 1487847:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/include/linux/jbd2.h: 351 in jbd_unlock_bh_journal_head()
345     {
346     	bit_spin_lock(BH_JournalHead, &bh->b_state);
347     }
348
349     static inline void jbd_unlock_bh_journal_head(struct buffer_head *bh)
350     {
vvv     CID 1487847:  Memory - corruptions  (ARRAY_VS_SINGLETON)
vvv     Passing "&bh->b_state" to function "bit_spin_unlock" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
351     	bit_spin_unlock(BH_JournalHead, &bh->b_state);
352     }
353
354     #define J_ASSERT(assert)	BUG_ON(!(assert))
355
356     #define J_ASSERT_BH(bh, expr)	J_ASSERT(expr)

If this is a false positive, please let us know so we can mark it as
such, or teach the Coverity rules to be smarter. If not, please make
sure fixes get into linux-next. :) For patches fixing this, please
include these lines (but double-check the "Fixes" first):

Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1487847 ("Memory - corruptions")
Fixes: c290ea01abb7 ("fs: Remove ext3 filesystem driver")


Thanks for your attention!

-- 
Coverity-bot

Re: Coverity: jbd_unlock_bh_journal_head(): Memory - corruptions

[Jan Kara]

Hello,

On Mon 11-11-19 17:35:18, coverity-bot wrote:
> This is an experimental automated report about issues detected by Coverity
> from a scan of next-20191108 as part of the linux-next weekly scan project:
> https://scan.coverity.com/projects/linux-next-weekly-scan
> 
> You're getting this email because you were associated with the identified
> lines of code (noted below) that were touched by recent commits:
> 
> c290ea01abb7 ("fs: Remove ext3 filesystem driver")
> 
> Coverity reported the following:
> 
> *** CID 1487847:  Memory - corruptions  (ARRAY_VS_SINGLETON)
> /include/linux/jbd2.h: 351 in jbd_unlock_bh_journal_head()
> 345     {
> 346     	bit_spin_lock(BH_JournalHead, &bh->b_state);
> 347     }
> 348
> 349     static inline void jbd_unlock_bh_journal_head(struct buffer_head *bh)
> 350     {
> vvv     CID 1487847:  Memory - corruptions  (ARRAY_VS_SINGLETON)
> vvv     Passing "&bh->b_state" to function "bit_spin_unlock" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
> 351     	bit_spin_unlock(BH_JournalHead, &bh->b_state);
> 352     }

This is obviously false positive. I guess coverity needs to learn about
bit-spinlocks so that it doesn't generate false positive report about each
usage?

								Honza

> 353
> 354     #define J_ASSERT(assert)	BUG_ON(!(assert))
> 355
> 356     #define J_ASSERT_BH(bh, expr)	J_ASSERT(expr)
> 
> If this is a false positive, please let us know so we can mark it as
> such, or teach the Coverity rules to be smarter. If not, please make
> sure fixes get into linux-next. :) For patches fixing this, please
> include these lines (but double-check the "Fixes" first):
> 
> Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
> Addresses-Coverity-ID: 1487847 ("Memory - corruptions")
> Fixes: c290ea01abb7 ("fs: Remove ext3 filesystem driver")
> 
> 
> Thanks for your attention!
> 
> -- 
> Coverity-bot
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: Coverity: jbd_unlock_bh_journal_head(): Memory - corruptions

[Kees Cook]

On Tue, Nov 12, 2019 at 12:09:21PM +0100, Jan Kara wrote:
> Hello,
> 
> On Mon 11-11-19 17:35:18, coverity-bot wrote:
> > This is an experimental automated report about issues detected by Coverity
> > from a scan of next-20191108 as part of the linux-next weekly scan project:
> > https://scan.coverity.com/projects/linux-next-weekly-scan
> > 
> > You're getting this email because you were associated with the identified
> > lines of code (noted below) that were touched by recent commits:
> > 
> > c290ea01abb7 ("fs: Remove ext3 filesystem driver")
> > 
> > Coverity reported the following:
> > 
> > *** CID 1487847:  Memory - corruptions  (ARRAY_VS_SINGLETON)
> > /include/linux/jbd2.h: 351 in jbd_unlock_bh_journal_head()
> > 345     {
> > 346     	bit_spin_lock(BH_JournalHead, &bh->b_state);
> > 347     }
> > 348
> > 349     static inline void jbd_unlock_bh_journal_head(struct buffer_head *bh)
> > 350     {
> > vvv     CID 1487847:  Memory - corruptions  (ARRAY_VS_SINGLETON)
> > vvv     Passing "&bh->b_state" to function "bit_spin_unlock" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
> > 351     	bit_spin_unlock(BH_JournalHead, &bh->b_state);
> > 352     }
> 
> This is obviously false positive. I guess coverity needs to learn about
> bit-spinlocks so that it doesn't generate false positive report about each
> usage?

Yeah, that's a pretty weird glitch on Coverity's part. I've taken a note
on this subset of warnings. Thanks for looking at it!

-- 
Kees Cook