From: "Tkaczyk, Mariusz" <mariusz.tkaczyk@linux.intel.com>
To: Nigel Croxon <ncroxon@redhat.com>,
linux-raid <linux-raid@vger.kernel.org>
Subject: Re: [PATCH] Fix return value from fstat calls
Date: Wed, 11 Aug 2021 15:06:27 +0200 [thread overview]
Message-ID: <4d5a4bb0-e044-c225-f507-59d4167a8807@linux.intel.com> (raw)
In-Reply-To: <ed1b0603-e523-6ca6-12ce-d30a85afe885@linux.intel.com>
+ linux raid
Mariusz
On 11.08.2021 15:03, Tkaczyk, Mariusz wrote:
> On 10.08.2021 17:15, Nigel Croxon wrote:
>> To meet requirements of Common Criteria certification vulnerablility
>> assessment. Static code analysis has been run and found the following
>> errors:
>> check_return: Calling "fstat(fd, &dstb)" without checking return value.
>> This library function may fail and return an error code.
>>
>> Changes are to add a test to the return value from fstat calls.
>>
>
> Hi Nigel,
> You introduce three different errors, repeated many times across code.
> Could you make it generic using function or macro?
>
>> diff --git a/Assemble.c b/Assemble.c
>> index 0df46244..cae3224b 100644
>> --- a/Assemble.c
>> +++ b/Assemble.c
>> @@ -649,7 +649,14 @@ static int load_devices(struct devs *devices, char *devmap,
>> /* prepare useful information in info structures */
>> struct stat stb2;
>> int err;
>> - fstat(mdfd, &stb2);
>> +
>> + if (fstat(mdfd, &stb2) != 0) {
>> + pr_err("fstat failed for %s: %s\n",devname, strerror(errno));
>> + close(mdfd);
>> + free(devices);
>> + free(devmap);
>> + return -1;
>> + }
> another new case with direct error handling, could you use goto statement?
>
>
>> @@ -760,7 +767,17 @@ static int load_devices(struct devs *devices, char *devmap,
>> tst->ss->getinfo_super(tst, content, devmap + devcnt *
>> content->array.raid_disks);
>> }
>> - fstat(dfd, &stb);
>> + if (fstat(dfd, &stb) != 0) {
>> + pr_err("fstat failed for %s: %s - aborting\n",devname,
>> strerror(errno));
>> + close(dfd);
>> + close(mdfd);
>> + free(devices);
>> + free(devmap);
>> + tst->ss->free_super(tst);
>> + free(tst);
>> + *stp = st;
>> + return -1;
>> + }
> Same here, I know that it is implemented this way, but we should take care about
> code quality, this is our common interest.
>
>> diff --git a/Dump.c b/Dump.c
>> index 736bcb60..d1a8bb86 100644
>> --- a/Dump.c
>> +++ b/Dump.c
>> @@ -112,7 +112,14 @@ int Dump_metadata(char *dev, char *dir, struct context *c,
>> }
>> if (c->verbose >= 0)
>> printf("%s saved as %s.\n", dev, fname);
>> - fstat(fd, &dstb);
>> +
>> + if (fstat(fd, &dstb) != 0) {
>> + pr_err("fstat failed from %s: %s\n",fname, strerror(errno));
>> + close(fd);
>> + close(fl);
>> + free(fname);
>> + return 1;
>> + }
> Same here.
>
>> @@ -200,7 +207,11 @@ int Restore_metadata(char *dev, char *dir, struct context
>> *c,
>> char *chosen = NULL;
>> unsigned int chosen_inode = 0;
>> - fstat(fd, &dstb);
>> + if (fstat(fd, &dstb) != 0) {
>> + pr_err("fstat failed for %s: %s\n",dev, strerror(errno));
>> + close(fd);
>> + return 1;
>> + }
>> while (d && (de = readdir(d)) != NULL) {
>> if (de->d_name[0] == '.')
>> diff --git a/Grow.c b/Grow.c
>> index 7506ab46..4c3ec9c1 100644
>> --- a/Grow.c
>> +++ b/Grow.c
>> @@ -1163,9 +1163,17 @@ int reshape_open_backup_file(char *backup_file,
>> * way this will not notice, but it is better than
>> * nothing.
>> */
>> - fstat(*fdlist, &stb);
>> + if (fstat(*fdlist, &stb) != 0) {
>> + pr_err("fstat failed for %s: %s\n",devname, strerror(errno));
>> + close(*fdlist);
>> + return 0;
>> + }
>> dev = stb.st_dev;
>> - fstat(fd, &stb);
>> + if (fstat(fd, &stb) != 0) {
>> + pr_err("fstat failed for %s: %s\n",devname, strerror(errno));
>> + close(*fdlist);
>> + return 0;
>> + }
>> if (stb.st_rdev == dev) {
>> pr_err("backup file must NOT be on the array being reshaped.\n");
>> close(*fdlist);
> Same error handling duplicated.
>
> Thanks,
> Mariusz
>
next prev parent reply other threads:[~2021-08-11 13:06 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-10 15:15 [PATCH] Fix return value from fstat calls Nigel Croxon
[not found] ` <ed1b0603-e523-6ca6-12ce-d30a85afe885@linux.intel.com>
2021-08-11 13:06 ` Tkaczyk, Mariusz [this message]
2021-08-11 19:09 ` [PATCH V2] " Nigel Croxon
2021-08-11 22:52 ` NeilBrown
[not found] ` <346e8651-d861-45c7-9058-68008e691b93@Canary>
2021-08-12 23:23 ` NeilBrown
2021-08-13 7:00 ` Tkaczyk, Mariusz
2021-08-13 7:19 ` NeilBrown
2021-08-13 7:45 ` Tkaczyk, Mariusz
2021-08-13 19:19 ` Jes Sorensen
2021-08-12 6:49 ` Tkaczyk, Mariusz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4d5a4bb0-e044-c225-f507-59d4167a8807@linux.intel.com \
--to=mariusz.tkaczyk@linux.intel.com \
--cc=linux-raid@vger.kernel.org \
--cc=ncroxon@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox