From: Dan Carpenter <dan.carpenter@oracle.com>
To: James Simmons <jsimmons@infradead.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
devel@driverdev.osuosl.org, Oleg Drokin <oleg.drokin@intel.com>,
Andreas Dilger <andreas.dilger@intel.com>,
Sebastien Buisson <sebastien.buisson@bull.net>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
lustre-devel@lists.lustre.org
Subject: Re: [PATCH 02/40] staging: lustre: fix 'NULL pointer dereference' errors for LNet
Date: Wed, 2 Dec 2015 10:46:17 +0300 [thread overview]
Message-ID: <20151202074617.GI18797@mwanda> (raw)
In-Reply-To: <1448062576-23757-3-git-send-email-jsimmons@infradead.org>
On Fri, Nov 20, 2015 at 06:35:38PM -0500, James Simmons wrote:
> From: Sebastien Buisson <sebastien.buisson@bull.net>
>
> Fix 'NULL pointer dereference' defects found by Coverity version
> 6.5.3:
> Dereference after null check (FORWARD_NULL)
> For instance, Passing null pointer to a function which dereferences
> it.
> Dereference before null check (REVERSE_INULL)
> Null-checking variable suggests that it may be null, but it has
> already been dereferenced on all paths leading to the check.
> Dereference null return value (NULL_RETURNS)
>
> The following fixes for the LNet layer are broken out of patch
> http://review.whamcloud.com/4720.
>
> Signed-off-by: Sebastien Buisson <sebastien.buisson@bull.net>
> Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-2217
> Reviewed-on: http://review.whamcloud.com/4720
> Reviewed-by: Dmitry Eremin <dmitry.eremin@intel.com>
> Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
> ---
> .../staging/lustre/lnet/klnds/o2iblnd/o2iblnd.c | 2 +-
> drivers/staging/lustre/lnet/lnet/lib-move.c | 2 +
> drivers/staging/lustre/lnet/selftest/conctl.c | 51 ++++++++++----------
> 3 files changed, 29 insertions(+), 26 deletions(-)
>
> diff --git a/drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd.c b/drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd.c
> index de0f85f..0f4154c 100644
> --- a/drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd.c
> +++ b/drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd.c
> @@ -2829,7 +2829,7 @@ int kiblnd_startup(lnet_ni_t *ni)
> return 0;
>
> failed:
> - if (net->ibn_dev == NULL && ibdev != NULL)
> + if (net && net->ibn_dev == NULL && ibdev != NULL)
> kiblnd_destroy_dev(ibdev);
>
> net_failed:
I think the warning must be for a really really old version. This was
fixed in: 3247c4e5ef5d ('staging: lustre: lnet: klnds: o2iblnd: fix null
dereference on failed path in o2iblnd.c').
The new NULL check is superflous.
> diff --git a/drivers/staging/lustre/lnet/lnet/lib-move.c b/drivers/staging/lustre/lnet/lnet/lib-move.c
> index 5631f60..7a68382 100644
> --- a/drivers/staging/lustre/lnet/lnet/lib-move.c
> +++ b/drivers/staging/lustre/lnet/lnet/lib-move.c
> @@ -162,6 +162,7 @@ lnet_iov_nob(unsigned int niov, struct kvec *iov)
> {
> unsigned int nob = 0;
>
> + LASSERT(niov == 0 || iov);
> while (niov-- > 0)
> nob += (iov++)->iov_len;
>
> @@ -280,6 +281,7 @@ lnet_kiov_nob(unsigned int niov, lnet_kiov_t *kiov)
> {
> unsigned int nob = 0;
>
> + LASSERT(niov == 0 || kiov);
> while (niov-- > 0)
> nob += (kiov++)->kiov_len;
>
Fine, I suppose.
> diff --git a/drivers/staging/lustre/lnet/selftest/conctl.c b/drivers/staging/lustre/lnet/selftest/conctl.c
> index 556c837..2ca7d0e 100644
> --- a/drivers/staging/lustre/lnet/selftest/conctl.c
> +++ b/drivers/staging/lustre/lnet/selftest/conctl.c
> @@ -679,45 +679,46 @@ static int
> lst_stat_query_ioctl(lstio_stat_args_t *args)
> {
> int rc;
> - char *name;
> + char *name = NULL;
>
> /* TODO: not finished */
> if (args->lstio_sta_key != console_session.ses_key)
> return -EACCES;
>
> - if (args->lstio_sta_resultp == NULL ||
> - (args->lstio_sta_namep == NULL &&
> - args->lstio_sta_idsp == NULL) ||
> - args->lstio_sta_nmlen <= 0 ||
> - args->lstio_sta_nmlen > LST_NAME_SIZE)
> - return -EINVAL;
> -
> - if (args->lstio_sta_idsp != NULL &&
> - args->lstio_sta_count <= 0)
> + if (!args->lstio_sta_resultp)
> return -EINVAL;
>
> - LIBCFS_ALLOC(name, args->lstio_sta_nmlen + 1);
> - if (name == NULL)
> - return -ENOMEM;
> -
> - if (copy_from_user(name, args->lstio_sta_namep,
> - args->lstio_sta_nmlen)) {
> - LIBCFS_FREE(name, args->lstio_sta_nmlen + 1);
> - return -EFAULT;
> - }
> + if (args->lstio_sta_idsp) {
> + if (args->lstio_sta_count <= 0)
> + return -EINVAL;
>
> - if (args->lstio_sta_idsp == NULL) {
> - rc = lstcon_group_stat(name, args->lstio_sta_timeout,
> - args->lstio_sta_resultp);
> - } else {
> rc = lstcon_nodes_stat(args->lstio_sta_count,
> args->lstio_sta_idsp,
> args->lstio_sta_timeout,
> args->lstio_sta_resultp);
> - }
> + } else if (args->lstio_sta_namep) {
> + if (args->lstio_sta_nmlen <= 0 ||
> + args->lstio_sta_nmlen > LST_NAME_SIZE)
> + return -EINVAL;
> +
> + LIBCFS_ALLOC(name, args->lstio_sta_nmlen + 1);
> + if (!name)
> + return -ENOMEM;
>
> - LIBCFS_FREE(name, args->lstio_sta_nmlen + 1);
> + rc = copy_from_user(name, args->lstio_sta_namep,
> + args->lstio_sta_nmlen);
> + if (!rc)
> + rc = lstcon_group_stat(name, args->lstio_sta_timeout,
> + args->lstio_sta_resultp);
> + else
> + rc = -EFAULT;
>
> + } else {
> + rc = -EINVAL;
> + }
> +
> + if (name)
> + LIBCFS_FREE(name, args->lstio_sta_nmlen + 1);
There is no bug fix here. This code was fine when it was merged into
the kernel in 2013 so I have no idea how out of date the static checker
warning is... The new code doesn't do unnecessary allocations so that's
good but "name" should be declared in the block where it is used instead
of at the start of the function. Btw, we assume that the user gives us
a NUL terminated string for "name" so we should fix that bug as well.
TODO: lustre: don't assume "name" is NUL terminated
regards,
dan carpenter
next prev parent reply other threads:[~2015-12-02 7:47 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-20 23:35 [PATCH 00/40] Sync upstream lustre client LNet core James Simmons
2015-11-20 23:35 ` [PATCH 01/40] staging: lustre: drop *_t from end of struct lnet_text_buf James Simmons
2015-11-20 23:35 ` [PATCH 02/40] staging: lustre: fix 'NULL pointer dereference' errors for LNet James Simmons
2015-12-02 7:46 ` Dan Carpenter [this message]
2015-12-15 18:08 ` Simmons, James A.
2015-11-20 23:35 ` [PATCH 03/40] staging: lustre: reflect down routes in /proc/sys/lnet/routes James Simmons
2015-12-02 7:54 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 04/40] staging: lustre: fix failure handle of create reply James Simmons
2015-11-20 23:35 ` [PATCH 05/40] staging: lustre: eliminate obsolete Cray SeaStar support James Simmons
2015-11-20 23:35 ` [PATCH 06/40] staging: lustre: remove uses of IS_ERR_VALUE() James Simmons
2015-11-21 18:45 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 07/40] staging: lustre: return +ve for blocked lnet message James Simmons
2015-11-20 23:35 ` [PATCH 08/40] staging: lustre: do not memset after LIBCFS_ALLOC James Simmons
2015-11-20 23:35 ` [PATCH 09/40] staging: lustre: Dynamic LNet Configuration (DLC) James Simmons
2015-11-20 23:35 ` [PATCH 10/40] staging: lustre: Dynamic LNet Configuration (DLC) dynamic routing James Simmons
2015-11-20 23:35 ` [PATCH 11/40] staging: lustre: DLC Feature dynamic net config James Simmons
2015-12-02 9:23 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 12/40] staging: lustre: Dynamic LNet Configuration (DLC) IOCTL changes James Simmons
2015-12-02 9:48 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 13/40] staging: lustre: Dynamic LNet Configuration (DLC) show command James Simmons
2015-12-02 11:20 ` Dan Carpenter
2015-12-15 18:14 ` Simmons, James A.
2015-12-15 18:19 ` Dan Carpenter
2015-12-15 18:39 ` Simmons, James A.
2015-12-15 18:48 ` Greg Kroah-Hartman
2015-12-15 19:48 ` Simmons, James A.
2015-12-15 19:55 ` 'Greg Kroah-Hartman'
2015-12-02 12:00 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 14/40] staging: lustre: fix crash due to NULL networks string James Simmons
2015-12-02 11:27 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 15/40] staging: lustre: DLC user/kernel space glue code James Simmons
2015-12-02 12:11 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 16/40] staging: lustre: make local functions static for LNet ni James Simmons
2015-11-20 23:35 ` [PATCH 17/40] staging: lustre: add sparse annotation __user wherever needed for lnet James Simmons
2015-11-20 23:35 ` [PATCH 18/40] staging: lustre: remove LUSTRE_{,SRV_}LNET_PID James Simmons
2015-11-20 23:35 ` [PATCH 19/40] staging: lustre: copy out libcfs ioctl inline buffer James Simmons
2015-12-02 12:34 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 20/40] staging: lustre: fix kernel crash when network failed to start James Simmons
2015-12-02 12:44 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 21/40] staging: lustre: improve LNet clean up code and API James Simmons
2015-12-02 12:59 ` Dan Carpenter
2015-12-02 13:20 ` [lustre-devel] " Alexander Zarochentsev
2015-12-02 13:59 ` Dan Carpenter
2015-12-15 17:10 ` Simmons, James A.
2015-12-15 17:41 ` Dan Carpenter
2015-11-20 23:35 ` [PATCH 22/40] staging: lustre: Fixes to make lnetctl function as expected James Simmons
2015-11-20 23:35 ` [PATCH 23/40] staging: lustre: return appropriate errno when adding route James Simmons
2015-11-20 23:36 ` [PATCH 24/40] staging: lustre: make some lnet functions static James Simmons
2015-11-20 23:36 ` [PATCH 25/40] staging: lustre: missed a few cases of using NULL instead of 0 James Simmons
2015-11-20 23:36 ` [PATCH 26/40] staging: lustre: startup lnet acceptor thread dynamically James Simmons
2015-11-20 23:36 ` [PATCH 27/40] staging: lustre: reject invalid net configuration for lnet James Simmons
2015-11-20 23:36 ` [PATCH 28/40] staging: lustre: return -EEXIST if NI is not unique James Simmons
2015-11-20 23:36 ` [PATCH 29/40] staging: lustre: handle lnet_check_routes() errors James Simmons
2015-11-20 23:36 ` [PATCH 30/40] staging: lustre: improvement to router checker James Simmons
2015-11-20 23:36 ` [PATCH 31/40] staging: lustre: assume a kernel build James Simmons
2015-11-20 23:36 ` [PATCH 32/40] staging: lustre: prevent assert on LNet module unload James Simmons
2015-11-20 23:36 ` [PATCH 33/40] staging: lustre: remove messages from lazy portal on NI shutdown James Simmons
2015-11-20 23:36 ` [PATCH 34/40] staging: lustre: remove unnecessary EXPORT_SYMBOL from lnet layer James Simmons
2015-11-20 23:36 ` [PATCH 35/40] staging: lustre: avoid race during lnet acceptor thread termination James Simmons
2015-11-20 23:36 ` [PATCH 36/40] staging: lustre: test for sk_sleep presence in compact-2.6.h James Simmons
2015-11-20 23:36 ` [PATCH 37/40] staging: lustre: remove unnecessary NULL check in IOC_LIBCFS_GET_NET James Simmons
2015-11-20 23:36 ` [PATCH 38/40] staging: lustre: Allocate the correct number of rtr buffers James Simmons
2015-11-20 23:36 ` [PATCH 39/40] staging: lustre: Use lnet_is_route_alive for router aliveness James Simmons
2015-11-20 23:36 ` [PATCH 40/40] staging: lustre: Remove LASSERTS from router checker James Simmons
2015-12-21 23:41 ` [PATCH 00/40] Sync upstream lustre client LNet core Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151202074617.GI18797@mwanda \
--to=dan.carpenter@oracle.com \
--cc=andreas.dilger@intel.com \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=jsimmons@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lustre-devel@lists.lustre.org \
--cc=oleg.drokin@intel.com \
--cc=sebastien.buisson@bull.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox