Linux-Next Archive on lore.kernel.org
 help / color / Atom feed
From: coverity-bot <keescook@chromium.org>
To: Aditya Pakki <pakki001@umn.edu>
Cc: Santosh Shilimkar <santosh.shilimkar@oracle.com>,
	"David S. Miller" <davem@davemloft.net>,
	"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
	linux-next@vger.kernel.org
Subject: Coverity: rds_send_remove_from_sock(): Null pointer dereferences
Date: Thu, 8 Apr 2021 16:40:39 -0700
Message-ID: <202104081640.1A09A99900@keescook> (raw)

Hello!

This is an experimental semi-automated report about issues detected by
Coverity from a scan of next-20210408 as part of the linux-next scan project:
https://scan.coverity.com/projects/linux-next-weekly-scan

You're getting this email because you were associated with the identified
lines of code (noted below) that were touched by commits:

  Wed Apr 7 14:01:24 2021 -0700
    0c85a7e87465 ("net/rds: Avoid potential use after free in rds_send_remove_from_sock")

Coverity reported the following:

*** CID 1503716:  Null pointer dereferences  (REVERSE_INULL)
/net/rds/send.c: 668 in rds_send_remove_from_sock()
662     		}
663     		spin_unlock(&rs->rs_lock);
664
665     unlock_and_drop:
666     		spin_unlock_irqrestore(&rm->m_rs_lock, flags);
667     		rds_message_put(rm);
vvv     CID 1503716:  Null pointer dereferences  (REVERSE_INULL)
vvv     Null-checking "rm" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
668     		if (was_on_sock && rm)
669     			rds_message_put(rm);
670     	}
671
672     	if (rs) {
673     		rds_wake_sk_sleep(rs);

If this is a false positive, please let us know so we can mark it as
such, or teach the Coverity rules to be smarter. If not, please make
sure fixes get into linux-next. :) For patches fixing this, please
include these lines (but double-check the "Fixes" first):

Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1503716 ("Null pointer dereferences")
Fixes: 0c85a7e87465 ("net/rds: Avoid potential use after free in rds_send_remove_from_sock")

Thanks for your attention!

-- 
Coverity-bot

                 reply index

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202104081640.1A09A99900@keescook \
    --to=keescook@chromium.org \
    --cc=davem@davemloft.net \
    --cc=gustavo@embeddedor.com \
    --cc=linux-next@vger.kernel.org \
    --cc=pakki001@umn.edu \
    --cc=santosh.shilimkar@oracle.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Next Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-next/0 linux-next/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-next linux-next/ https://lore.kernel.org/linux-next \
		linux-next@vger.kernel.org
	public-inbox-index linux-next

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-next


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git