Coverity: super_1_load(): Memory - illegal accesses

Coverity: super_1_load(): Memory - illegal accesses

[coverity-bot]

Hello!

This is an experimental automated report about issues detected by Coverity
from a scan of next-20191025 as part of the linux-next weekly scan project:
https://scan.coverity.com/projects/linux-next-weekly-scan

You're getting this email because you were associated with the identified
lines of code (noted below) that were touched by recent commits:

6a5cb53aaa4e ("md: no longer compare spare disk superblock events in super_load")

Coverity reported the following:

*** CID 1487373:  Memory - illegal accesses  (NEGATIVE_RETURNS)
/drivers/md/md.c: 1684 in super_1_load()
1678     	}
1679
1680     	if ((le32_to_cpu(sb->feature_map) & MD_FEATURE_RAID0_LAYOUT) &&
1681     	    sb->level != 0)
1682     		return -EINVAL;
1683
vvv     CID 1487373:  Memory - illegal accesses  (NEGATIVE_RETURNS)
vvv     Using variable "rdev->desc_nr" as an index to array "sb->dev_roles".
1684     	role = le16_to_cpu(sb->dev_roles[rdev->desc_nr]);
1685
1686     	if (!refdev) {
1687     		/*
1688     		 * Insist of good event counter while assembling, except for
1689     		 * spares (which don't need an event count)

If this is a false positive, please let us know so we can mark it as
such, or teach the Coverity rules to be smarter. If not, please make
sure fixes get into linux-next. :) For patches fixing this, please
include:

Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
Addresses-Coverity-ID: 1487373 ("Memory - illegal accesses")
Fixes: 6a5cb53aaa4e ("md: no longer compare spare disk superblock events in super_load")


Thanks for your attention!

-- 
Coverity-bot

Re: Coverity: super_1_load(): Memory - illegal accesses

[Yufen Yu]

On 2019/10/29 7:02, coverity-bot wrote:
> Hello!
>
> This is an experimental automated report about issues detected by Coverity
> from a scan of next-20191025 as part of the linux-next weekly scan project:
> https://scan.coverity.com/projects/linux-next-weekly-scan
>
> You're getting this email because you were associated with the identified
> lines of code (noted below) that were touched by recent commits:
>
> 6a5cb53aaa4e ("md: no longer compare spare disk superblock events in super_load")
>
> Coverity reported the following:
>
> *** CID 1487373:  Memory - illegal accesses  (NEGATIVE_RETURNS)
> /drivers/md/md.c: 1684 in super_1_load()
> 1678     	}
> 1679
> 1680     	if ((le32_to_cpu(sb->feature_map) & MD_FEATURE_RAID0_LAYOUT) &&
> 1681     	    sb->level != 0)
> 1682     		return -EINVAL;
> 1683
> vvv     CID 1487373:  Memory - illegal accesses  (NEGATIVE_RETURNS)
> vvv     Using variable "rdev->desc_nr" as an index to array "sb->dev_roles".
> 1684     	role = le16_to_cpu(sb->dev_roles[rdev->desc_nr]);
> 1685
> 1686     	if (!refdev) {
> 1687     		/*
> 1688     		 * Insist of good event counter while assembling, except for
> 1689     		 * spares (which don't need an event count)
>
> If this is a false positive, please let us know so we can mark it as
> such, or teach the Coverity rules to be smarter. If not, please make
> sure fixes get into linux-next. :) For patches fixing this, please
> include:
>
> Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
> Addresses-Coverity-ID: 1487373 ("Memory - illegal accesses")
> Fixes: 6a5cb53aaa4e ("md: no longer compare spare disk superblock events in super_load")
>
>
> Thanks for your attention!
>

Thanks a lot for report!
I am sorry for forgetting to verify 'rdev->desc_nr' after moving it up.
I will send a patch to fix this.

Thanks,
Yufen