[ndctl PATCH 1/2] ndctl: fix potential null dereference in the smart error handler

[ndctl PATCH 1/2] ndctl: fix potential null dereference in the smart error handler

[Vishal Verma]

Static analysis reports that can potentially dereference a NULL pointer
in the smart cmd error handler. This can particular instance won't ever
be hit in practice as the handler is only registered for smart commands,
and smart commands are currently only DIMM commands, and will always
have a dimm object. However for completeness, and to avoid future
errors, we should perform a NULL check in the handler anyway.

Cc: Keith Busch <keith.busch@intel.com>
Fixes: ba17700bf227 ("ndctl, intel: Fallback to smart cached shutdown_count")
Signed-off-by: Vishal Verma <vishal.l.verma@intel.com>
---
 ndctl/lib/intel.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ndctl/lib/intel.c b/ndctl/lib/intel.c
index 00c65a5..b1254bb 100644
--- a/ndctl/lib/intel.c
+++ b/ndctl/lib/intel.c
@@ -67,6 +67,9 @@ static int intel_smart_handle_error(struct ndctl_cmd *cmd)
 	char *path = NULL, shutdown_count[16] = {};
 	int fd, rc = cmd->status;
 
+	if (!dimm)
+		return 0;
+
 	if (asprintf(&path, DEF_TMPFS_DIR "/%s/usc",
 		     ndctl_dimm_get_devname(dimm)) < 0)
 		return rc;
-- 
2.14.4

_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm

[ndctl PATCH 2/2] ndctl, udev: fix a resource leak in save_unsafe_shutdown_count

[Vishal Verma]

Static analysis reports that we leak the 'fd' in the above function. Fix
by adding a proper cleanup path that closes it.

Cc: Keith Busch <keith.busch@intel.com>
Fixes: dd8e6ff9ab00 ("ndctl: Create ndctl udev rules for dirty shutdown")
Signed-off-by: Vishal Verma <vishal.l.verma@intel.com>
---
 ndctl/ndctl-udev.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/ndctl/ndctl-udev.c b/ndctl/ndctl-udev.c
index 2b4d067..7b174b6 100644
--- a/ndctl/ndctl-udev.c
+++ b/ndctl/ndctl-udev.c
@@ -110,10 +110,13 @@ static void save_unsafe_shutdown_count(struct ndctl_dimm *dimm,
 		goto free_usc;
 
 	if (snprintf(count, sizeof(count), "%u\n", shutdown) < 0)
-		goto free_usc;
+		goto close_fd;
 
 	if (write(fd, count, strlen(count)) < 0)
-		goto free_usc;
+		goto close_fd;
+
+ close_fd:
+	close(fd);
  free_usc:
 	free(usc);
  free_path:
-- 
2.14.4

_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm

Re: [ndctl PATCH 1/2] ndctl: fix potential null dereference in the smart error handler

[Keith Busch]

On Fri, Aug 10, 2018 at 06:40:52PM -0600, Vishal Verma wrote:
> Static analysis reports that can potentially dereference a NULL pointer
> in the smart cmd error handler. This can particular instance won't ever
> be hit in practice as the handler is only registered for smart commands,
> and smart commands are currently only DIMM commands, and will always
> have a dimm object. However for completeness, and to avoid future
> errors, we should perform a NULL check in the handler anyway.

Hmm, I purposefully didn't have the NULL check because the dimm is never
not set in this path. Looks like a false positive, but the NULL check is
harmless.
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm