Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-17797

Fix coverity CID 425360 introduced in ("LU-17797 lnet: avoid use after free of lnet ifaces")

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Minor
    • None
    • None
    • None
    • 3
    • 9223372036854775807

    Description

      ** CID 425360:    (USE_AFTER_FREE)
/lnet/lnet/lib-socket.c: 567 in lnet_inet_enumerate()
/lnet/lnet/lib-socket.c: 599 in lnet_inet_enumerate()


________________________________________________________________________________________________________
*** CID 425360:    (USE_AFTER_FREE)
/lnet/lnet/lib-socket.c: 567 in lnet_inet_enumerate()
561     			if (count < 0)
562     				CWARN("lnet: No IPv6 addresses for interface %s.\n",
563     				      dev->name);
564     			else
565     				nip = count;
566     
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Calling "lnet_inet4_enumerate" frees pointer "ifaces" which has already been freed.
567     			count = lnet_inet4_enumerate(dev, flags, &nalloc, nip,
568     						     cpt, &ifaces);
569     			if (count < 0)
570     				CWARN("lnet: No IPv4 addresses for interface %s.\n",
571     				      dev->name);
572     			else
/lnet/lnet/lib-socket.c: 567 in lnet_inet_enumerate()
561     			if (count < 0)
562     				CWARN("lnet: No IPv6 addresses for interface %s.\n",
563     				      dev->name);
564     			else
565     				nip = count;
566     
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Calling "lnet_inet4_enumerate" dereferences freed pointer "ifaces".
567     			count = lnet_inet4_enumerate(dev, flags, &nalloc, nip,
568     						     cpt, &ifaces);
569     			if (count < 0)
570     				CWARN("lnet: No IPv4 addresses for interface %s.\n",
571     				      dev->name);
572     			else
/lnet/lnet/lib-socket.c: 567 in lnet_inet_enumerate()
561     			if (count < 0)
562     				CWARN("lnet: No IPv6 addresses for interface %s.\n",
563     				      dev->name);
564     			else
565     				nip = count;
566     
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Calling "lnet_inet4_enumerate" frees pointer "ifaces" which has already been freed.
567     			count = lnet_inet4_enumerate(dev, flags, &nalloc, nip,
568     						     cpt, &ifaces);
569     			if (count < 0)
570     				CWARN("lnet: No IPv4 addresses for interface %s.\n",
571     				      dev->name);
572     			else
/lnet/lnet/lib-socket.c: 583 in lnet_inet_enumerate()
577     			if (count < 0)
578     				CWARN("lnet: No IPv4 addresses for interface %s.\n",
579     				      dev->name);
580     			else
581     				nip = count;
582     
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Calling "lnet_inet6_enumerate" frees pointer "ifaces" which has already been freed.
583     			count = lnet_inet6_enumerate(dev, flags, &nalloc, nip,
584     						     cpt, &ifaces);
585     			if (count < 0)
586     				CWARN("lnet: No IPv6 addresses for interface %s.\n",
587     				      dev->name);
588     			else
/lnet/lnet/lib-socket.c: 559 in lnet_inet_enumerate()
553     		}
554     
555     		node_id = dev_to_node(&dev->dev);
556     		cpt = cfs_cpt_of_node(lnet_cpt_table(), node_id);
557     
558     		if (v6_first) {
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Calling "lnet_inet6_enumerate" frees pointer "ifaces" which has already been freed.
559     			count = lnet_inet6_enumerate(dev, flags, &nalloc, nip,
560     						     cpt, &ifaces);
561     			if (count < 0)
562     				CWARN("lnet: No IPv6 addresses for interface %s.\n",
563     				      dev->name);
564     			else
/lnet/lnet/lib-socket.c: 559 in lnet_inet_enumerate()
553     		}
554     
555     		node_id = dev_to_node(&dev->dev);
556     		cpt = cfs_cpt_of_node(lnet_cpt_table(), node_id);
557     
558     		if (v6_first) {
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Calling "lnet_inet6_enumerate" dereferences freed pointer "ifaces".
559     			count = lnet_inet6_enumerate(dev, flags, &nalloc, nip,
560     						     cpt, &ifaces);
561     			if (count < 0)
562     				CWARN("lnet: No IPv6 addresses for interface %s.\n",
563     				      dev->name);
564     			else
/lnet/lnet/lib-socket.c: 567 in lnet_inet_enumerate()
561     			if (count < 0)
562     				CWARN("lnet: No IPv6 addresses for interface %s.\n",
563     				      dev->name);
564     			else
565     				nip = count;
566     
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Calling "lnet_inet4_enumerate" dereferences freed pointer "ifaces".
567     			count = lnet_inet4_enumerate(dev, flags, &nalloc, nip,
568     						     cpt, &ifaces);
569     			if (count < 0)
570     				CWARN("lnet: No IPv4 addresses for interface %s.\n",
571     				      dev->name);
572     			else
/lnet/lnet/lib-socket.c: 583 in lnet_inet_enumerate()
577     			if (count < 0)
578     				CWARN("lnet: No IPv4 addresses for interface %s.\n",
579     				      dev->name);
580     			else
581     				nip = count;
582     
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Calling "lnet_inet6_enumerate" dereferences freed pointer "ifaces".
583     			count = lnet_inet6_enumerate(dev, flags, &nalloc, nip,
584     						     cpt, &ifaces);
585     			if (count < 0)
586     				CWARN("lnet: No IPv6 addresses for interface %s.\n",
587     				      dev->name);
588     			else
/lnet/lnet/lib-socket.c: 599 in lnet_inet_enumerate()
593     
594     	if (nip == 0) {
595     		CERROR("lnet: Can't find any usable interfaces, rc = -ENOENT\n");
596     		nip = -ENOENT;
597     	}
598     
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Using freed pointer "ifaces".
599     	*dev_list = ifaces;
600     	return nip;
601     }

      Attachments

        Activity

          People

            stancheff Shaun Tancheff
            stancheff Shaun Tancheff
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: