[prev in list] [next in list] [prev in thread] [next in thread] 

List:       drbd-dev
Subject:    [Drbd-dev] [bug report] drbd: Backport the "status" command
From:       Dan Carpenter <dan.carpenter () oracle ! com>
Date:       2021-11-18 8:49:30
Message-ID: 20211118084930.GB24550 () kili
[Download RAW message or body]

Hello Andreas Gruenbacher,

The patch a55bbd375d18: "drbd: Backport the "status" command" from
Aug 28, 2014, leads to the following Smatch static checker warning:

drivers/block/drbd/drbd_nl.c:3424 drbd_adm_dump_devices() warn: 'resource_filter' \
could be an error pointer drivers/block/drbd/drbd_nl.c:3513 \
drbd_adm_dump_connections() warn: 'resource_filter' could be an error pointer \
drivers/block/drbd/drbd_nl.c:3674 drbd_adm_dump_peer_devices() warn: \
'resource_filter' could be an error pointer

drivers/block/drbd/drbd_nl.c
    3410 int drbd_adm_dump_devices(struct sk_buff *skb, struct netlink_callback *cb)
    3411 {
    3412         struct nlattr *resource_filter;
    3413         struct drbd_resource *resource;
    3414         struct drbd_device *device;
    3415         int minor, err, retcode;
    3416         struct drbd_genlmsghdr *dh;
    3417         struct device_info device_info;
    3418         struct device_statistics device_statistics;
    3419         struct idr *idr_to_search;
    3420 
    3421         resource = (struct drbd_resource *)cb->args[0];
    3422         if (!cb->args[0] && !cb->args[1]) {
    3423                 resource_filter = find_cfg_context_attr(cb->nlh, \
                T_ctx_resource_name);
--> 3424                 if (resource_filter) {

The find_cfg_context_attr() function returns both NULL and error
pointers.  It if returns an error pointer here then that will lead to a
crash.  None of the callers check for error pointers.

    3425                         retcode = ERR_RES_NOT_KNOWN;
    3426                         resource = \
drbd_find_resource(nla_data(resource_filter));  3427                         if \
(!resource)  3428                                 goto put_result;
    3429                         cb->args[0] = (long)resource;
    3430                 }
    3431         }
    3432 
    3433         rcu_read_lock();
    3434         minor = cb->args[1];

regards,
dan carpenter
_______________________________________________
drbd-dev mailing list
drbd-dev@lists.linbit.com
https://lists.linbit.com/mailman/listinfo/drbd-dev


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic