From: Zhiqiang Liu <liuzhiqiang26@huawei.com>
To: <vishal.l.verma@intel.com>
Cc: <nvdimm@lists.linux.dev>, linfeilong <linfeilong@huawei.com>,
<lixiaokeng@huawei.com>,
Alison Schofield <alison.schofield@intel.com>,
<liuzhiqiang26@huawei.com>
Subject: [ndctl PATCH v2 1/2] libndctl: check return value of ndctl_pfn_get_namespace
Date: Tue, 6 Jul 2021 12:32:15 +0800 [thread overview]
Message-ID: <ff2e9afe-3af2-5f6d-eba9-9bf18a529174@huawei.com> (raw)
In-Reply-To: <c3c08075-4815-8e84-2ba6-64644e72abee@huawei.com>
Recently, we use Coverity to analysis the ndctl package,
one kind of NULL_RETURNS issue is reported as follows,
pfn_clear_badblocks():
CID 11690495: (NULL_RETURNS)
1429. dereference: Dereferencing a pointer that might be "NULL" "ndns" when calling "ndctl_namespace_disable_safe".
dax_clear_badblocks():
CID 11690504: (NULL_RETURNS)
1405. dereference: Dereferencing a pointer that might be "NULL" "ndns" when calling "ndctl_namespace_disable_safe".
util_pfn_badblocks_to_json():
CID 11690524: (NULL_RETURNS)
812. dereference: Dereferencing a pointer that might be "NULL" "ndns" when calling "util_namespace_badblocks_to_json".
ndctl_pfn_get_namespace() may return NULL, so callers
should check return value of it. Otherwise, it may
cause access NULL pointer problem.
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
---
v1->v2: add coverity report info as suggested by Alison
ndctl/namespace.c | 18 ++++++++++++++----
test/libndctl.c | 4 ++--
util/json.c | 2 ++
3 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/ndctl/namespace.c b/ndctl/namespace.c
index 0c8df9f..21089d7 100644
--- a/ndctl/namespace.c
+++ b/ndctl/namespace.c
@@ -1417,11 +1417,16 @@ static int nstype_clear_badblocks(struct ndctl_namespace *ndns,
static int dax_clear_badblocks(struct ndctl_dax *dax)
{
- struct ndctl_namespace *ndns = ndctl_dax_get_namespace(dax);
- const char *devname = ndctl_dax_get_devname(dax);
+ struct ndctl_namespace *ndns;
+ const char *devname;
unsigned long long begin, size;
int rc;
+ ndns = ndctl_dax_get_namespace(dax);
+ if (!ndns)
+ return -ENXIO;
+
+ devname = ndctl_dax_get_devname(dax);
begin = ndctl_dax_get_resource(dax);
if (begin == ULLONG_MAX)
return -ENXIO;
@@ -1441,11 +1446,16 @@ static int dax_clear_badblocks(struct ndctl_dax *dax)
static int pfn_clear_badblocks(struct ndctl_pfn *pfn)
{
- struct ndctl_namespace *ndns = ndctl_pfn_get_namespace(pfn);
- const char *devname = ndctl_pfn_get_devname(pfn);
+ struct ndctl_namespace *ndns;
+ const char *devname;
unsigned long long begin, size;
int rc;
+ ndns = ndctl_pfn_get_namespace(pfn);
+ if (!ndns)
+ return -ENXIO;
+
+ devname = ndctl_pfn_get_devname(pfn);
begin = ndctl_pfn_get_resource(pfn);
if (begin == ULLONG_MAX)
return -ENXIO;
diff --git a/test/libndctl.c b/test/libndctl.c
index 24d72b3..05e5ff2 100644
--- a/test/libndctl.c
+++ b/test/libndctl.c
@@ -1275,7 +1275,7 @@ static int check_pfn_autodetect(struct ndctl_bus *bus,
if (!ndctl_pfn_is_enabled(pfn))
continue;
pfn_ndns = ndctl_pfn_get_namespace(pfn);
- if (strcmp(ndctl_namespace_get_devname(pfn_ndns), devname) != 0)
+ if (!pfn_ndns || strcmp(ndctl_namespace_get_devname(pfn_ndns), devname) != 0)
continue;
fprintf(stderr, "%s: pfn_ndns: %p ndns: %p\n", __func__,
pfn_ndns, ndns);
@@ -1372,7 +1372,7 @@ static int check_dax_autodetect(struct ndctl_bus *bus,
if (!ndctl_dax_is_enabled(dax))
continue;
dax_ndns = ndctl_dax_get_namespace(dax);
- if (strcmp(ndctl_namespace_get_devname(dax_ndns), devname) != 0)
+ if (!dax_ndns || strcmp(ndctl_namespace_get_devname(dax_ndns), devname) != 0)
continue;
fprintf(stderr, "%s: dax_ndns: %p ndns: %p\n", __func__,
dax_ndns, ndns);
diff --git a/util/json.c b/util/json.c
index ca0167b..249f021 100644
--- a/util/json.c
+++ b/util/json.c
@@ -1002,6 +1002,8 @@ static struct json_object *util_pfn_badblocks_to_json(struct ndctl_pfn *pfn,
pfn_begin = ndctl_pfn_get_resource(pfn);
if (pfn_begin == ULLONG_MAX) {
struct ndctl_namespace *ndns = ndctl_pfn_get_namespace(pfn);
+ if (!ndns)
+ return NULL;
return util_namespace_badblocks_to_json(ndns, bb_count, flags);
}
--
2.23.0
next prev parent reply other threads:[~2021-07-06 4:49 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-06 4:31 [ndctl PATCH v2 0/2] fix two issues reported by Coverity Zhiqiang Liu
2021-07-06 4:32 ` Zhiqiang Liu [this message]
2021-07-06 4:33 ` [ndctl PATCH v2 2/2] namespace: Close fd before return in do_xaction_namespace() Zhiqiang Liu
2021-07-15 0:58 ` Zhiqiang Liu
2021-07-31 8:31 ` Zhiqiang Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ff2e9afe-3af2-5f6d-eba9-9bf18a529174@huawei.com \
--to=liuzhiqiang26@huawei.com \
--cc=alison.schofield@intel.com \
--cc=linfeilong@huawei.com \
--cc=lixiaokeng@huawei.com \
--cc=nvdimm@lists.linux.dev \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.