From: Kees Cook <keescook@chromium.org>
To: "Darrick J. Wong" <darrick.wong@oracle.com>
Cc: Christoph Hellwig <hch@lst.de>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
linux-next@vger.kernel.org, xfs <linux-xfs@vger.kernel.org>
Subject: Re: Coverity: xlog_write_iclog(): Memory - corruptions
Date: Tue, 12 Nov 2019 14:44:36 -0800 [thread overview]
Message-ID: <201911121439.BFB4B66C@keescook> (raw)
In-Reply-To: <20191112024130.GA6212@magnolia>
On Mon, Nov 11, 2019 at 06:41:30PM -0800, Darrick J. Wong wrote:
> [Might as well add the XFS list]
>
> On Mon, Nov 11, 2019 at 05:34:25PM -0800, coverity-bot wrote:
> > Hello!
> >
> > This is an experimental automated report about issues detected by Coverity
> > from a scan of next-20191108 as part of the linux-next weekly scan project:
> > https://scan.coverity.com/projects/linux-next-weekly-scan
> >
> > You're getting this email because you were associated with the identified
> > lines of code (noted below) that were touched by recent commits:
> >
> > 79b54d9bfcdc ("xfs: use bios directly to write log buffers")
> >
> > Coverity reported the following:
> >
> > *** CID 1487853: Memory - corruptions (BAD_FREE)
> > /fs/xfs/xfs_log.c: 1819 in xlog_write_iclog()
> > 1813 submit_bio(split);
> > 1814
> > 1815 /* restart at logical offset zero for the remainder */
> > 1816 iclog->ic_bio.bi_iter.bi_sector = log->l_logBBstart;
> > 1817 }
> > 1818
> > vvv CID 1487853: Memory - corruptions (BAD_FREE)
>
> Isn't this a duplicate of 1451989 in the main kernel coverity scan?
> Which, AFAICT 145989 is a false positive since iclog->ic_bio does not
> itself become the target of a bio_chain.
It might be, yes. The two projects are not correlated within Coverity,
and I've been trying to focus on "newly added" issues in linux-next.
I'm still trying to figure out where Coverity sees a "free" happening...
Thanks for looking at this!
-Kees
>
> --D
>
> > vvv "submit_bio" frees address of "iclog->ic_bio".
> > 1819 submit_bio(&iclog->ic_bio);
> > 1820 }
> > 1821
> > 1822 /*
> > 1823 * We need to bump cycle number for the part of the iclog that is
> > 1824 * written to the start of the log. Watch out for the header magic
> >
> > If this is a false positive, please let us know so we can mark it as
> > such, or teach the Coverity rules to be smarter. If not, please make
> > sure fixes get into linux-next. :) For patches fixing this, please
> > include these lines (but double-check the "Fixes" first):
> >
> > Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
> > Addresses-Coverity-ID: 1487853 ("Memory - corruptions")
> > Fixes: 79b54d9bfcdc ("xfs: use bios directly to write log buffers")
> >
> >
> > Thanks for your attention!
> >
> > --
> > Coverity-bot
--
Kees Cook
prev parent reply other threads:[~2019-11-12 22:44 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-12 1:34 Coverity: xlog_write_iclog(): Memory - corruptions coverity-bot
2019-11-12 2:41 ` Darrick J. Wong
2019-11-12 22:44 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201911121439.BFB4B66C@keescook \
--to=keescook@chromium.org \
--cc=darrick.wong@oracle.com \
--cc=gustavo@embeddedor.com \
--cc=hch@lst.de \
--cc=linux-next@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).