From: Milan Broz <mbroz@redhat.com>
To: Jesper Juhl <jj@chaosbits.net>
Cc: linux-kernel@vger.kernel.org, Alexander Kjeldaas <astor@fast.no>,
David Woodhouse <David.Woodhouse@intel.com>,
Herbert Xu <herbert@gondor.hengli.com.au>,
Pekka Enberg <penberg@cs.helsinki.fi>
Subject: Re: NULL deref in drivers/md/dm-crypt.c:crypt_convert()
Date: Sun, 06 Feb 2011 23:50:11 +0100 [thread overview]
Message-ID: <4D4F25A3.1090401@redhat.com> (raw)
In-Reply-To: <alpine.LNX.2.00.1102062320230.13593@swampdragon.chaosbits.net>
On 02/06/2011 11:31 PM, Jesper Juhl wrote:
> The coverity checker found this. I don't know how to fix it, so I'll just
> report it and hope that someone else can address the issue.
Hi,
can I see the plain output from the coverity check somewhere?
>
> In drivers/md/dm-crypt.c:crypt_convert() we have this code:
> ...
> while(ctx->idx_in < ctx->bio_in->bi_vcnt &&
> ctx->idx_out < ctx->bio_out->bi_vcnt) {
>
> crypt_alloc_req(cc, ctx);
Here in crypt_alloc_req() you have:
struct crypt_cpu *this_cc = this_crypt_config(cc);
if (!this_cc->req)
this_cc->req = mempool_alloc(cc->req_pool, GFP_NOIO);
>
> atomic_inc(&ctx->pending);
>
> r = crypt_convert_block(cc, ctx, this_cc->req);
this_cc is: struct crypt_cpu *this_cc = this_crypt_config(cc);
and because it is always running on the same CPU,
this_cc->req cannot be NULL here, because it was allocated
in crypt_alloc_req().
It is false positive here.
Milan
next prev parent reply other threads:[~2011-02-06 22:51 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-06 22:31 NULL deref in drivers/md/dm-crypt.c:crypt_convert() Jesper Juhl
2011-02-06 22:50 ` Milan Broz [this message]
2011-02-10 19:14 ` Jesper Juhl
2011-02-11 7:37 ` Milan Broz
2011-02-11 9:26 ` Jesper Juhl
2011-02-11 10:01 ` Milan Broz
2011-02-11 11:04 ` Jesper Juhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D4F25A3.1090401@redhat.com \
--to=mbroz@redhat.com \
--cc=David.Woodhouse@intel.com \
--cc=astor@fast.no \
--cc=herbert@gondor.hengli.com.au \
--cc=jj@chaosbits.net \
--cc=linux-kernel@vger.kernel.org \
--cc=penberg@cs.helsinki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox