[LU-17797] Fix coverity CID 425360 introduced in ("LU-17797 lnet: avoid use after free of lnet ifaces") - Whamcloud Community JIRA

Details

Type: Bug
Resolution: Fixed
Priority: Minor
Fix Version/s: Lustre 2.16.0
Affects Version/s: None
Labels:
None

Severity:
3
Rank (Obsolete):
9223372036854775807

Description

** CID 425360:    (USE_AFTER_FREE)
/lnet/lnet/lib-socket.c: 567 in lnet_inet_enumerate()
/lnet/lnet/lib-socket.c: 599 in lnet_inet_enumerate()


________________________________________________________________________________________________________
*** CID 425360:    (USE_AFTER_FREE)
/lnet/lnet/lib-socket.c: 567 in lnet_inet_enumerate()
561     			if (count < 0)
562     				CWARN("lnet: No IPv6 addresses for interface %s.\n",
563     				      dev->name);
564     			else
565     				nip = count;
566     
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Calling "lnet_inet4_enumerate" frees pointer "ifaces" which has already been freed.
567     			count = lnet_inet4_enumerate(dev, flags, &nalloc, nip,
568     						     cpt, &ifaces);
569     			if (count < 0)
570     				CWARN("lnet: No IPv4 addresses for interface %s.\n",
571     				      dev->name);
572     			else
/lnet/lnet/lib-socket.c: 567 in lnet_inet_enumerate()
561     			if (count < 0)
562     				CWARN("lnet: No IPv6 addresses for interface %s.\n",
563     				      dev->name);
564     			else
565     				nip = count;
566     
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Calling "lnet_inet4_enumerate" dereferences freed pointer "ifaces".
567     			count = lnet_inet4_enumerate(dev, flags, &nalloc, nip,
568     						     cpt, &ifaces);
569     			if (count < 0)
570     				CWARN("lnet: No IPv4 addresses for interface %s.\n",
571     				      dev->name);
572     			else
/lnet/lnet/lib-socket.c: 567 in lnet_inet_enumerate()
561     			if (count < 0)
562     				CWARN("lnet: No IPv6 addresses for interface %s.\n",
563     				      dev->name);
564     			else
565     				nip = count;
566     
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Calling "lnet_inet4_enumerate" frees pointer "ifaces" which has already been freed.
567     			count = lnet_inet4_enumerate(dev, flags, &nalloc, nip,
568     						     cpt, &ifaces);
569     			if (count < 0)
570     				CWARN("lnet: No IPv4 addresses for interface %s.\n",
571     				      dev->name);
572     			else
/lnet/lnet/lib-socket.c: 583 in lnet_inet_enumerate()
577     			if (count < 0)
578     				CWARN("lnet: No IPv4 addresses for interface %s.\n",
579     				      dev->name);
580     			else
581     				nip = count;
582     
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Calling "lnet_inet6_enumerate" frees pointer "ifaces" which has already been freed.
583     			count = lnet_inet6_enumerate(dev, flags, &nalloc, nip,
584     						     cpt, &ifaces);
585     			if (count < 0)
586     				CWARN("lnet: No IPv6 addresses for interface %s.\n",
587     				      dev->name);
588     			else
/lnet/lnet/lib-socket.c: 559 in lnet_inet_enumerate()
553     		}
554     
555     		node_id = dev_to_node(&dev->dev);
556     		cpt = cfs_cpt_of_node(lnet_cpt_table(), node_id);
557     
558     		if (v6_first) {
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Calling "lnet_inet6_enumerate" frees pointer "ifaces" which has already been freed.
559     			count = lnet_inet6_enumerate(dev, flags, &nalloc, nip,
560     						     cpt, &ifaces);
561     			if (count < 0)
562     				CWARN("lnet: No IPv6 addresses for interface %s.\n",
563     				      dev->name);
564     			else
/lnet/lnet/lib-socket.c: 559 in lnet_inet_enumerate()
553     		}
554     
555     		node_id = dev_to_node(&dev->dev);
556     		cpt = cfs_cpt_of_node(lnet_cpt_table(), node_id);
557     
558     		if (v6_first) {
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Calling "lnet_inet6_enumerate" dereferences freed pointer "ifaces".
559     			count = lnet_inet6_enumerate(dev, flags, &nalloc, nip,
560     						     cpt, &ifaces);
561     			if (count < 0)
562     				CWARN("lnet: No IPv6 addresses for interface %s.\n",
563     				      dev->name);
564     			else
/lnet/lnet/lib-socket.c: 567 in lnet_inet_enumerate()
561     			if (count < 0)
562     				CWARN("lnet: No IPv6 addresses for interface %s.\n",
563     				      dev->name);
564     			else
565     				nip = count;
566     
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Calling "lnet_inet4_enumerate" dereferences freed pointer "ifaces".
567     			count = lnet_inet4_enumerate(dev, flags, &nalloc, nip,
568     						     cpt, &ifaces);
569     			if (count < 0)
570     				CWARN("lnet: No IPv4 addresses for interface %s.\n",
571     				      dev->name);
572     			else
/lnet/lnet/lib-socket.c: 583 in lnet_inet_enumerate()
577     			if (count < 0)
578     				CWARN("lnet: No IPv4 addresses for interface %s.\n",
579     				      dev->name);
580     			else
581     				nip = count;
582     
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Calling "lnet_inet6_enumerate" dereferences freed pointer "ifaces".
583     			count = lnet_inet6_enumerate(dev, flags, &nalloc, nip,
584     						     cpt, &ifaces);
585     			if (count < 0)
586     				CWARN("lnet: No IPv6 addresses for interface %s.\n",
587     				      dev->name);
588     			else
/lnet/lnet/lib-socket.c: 599 in lnet_inet_enumerate()
593     
594     	if (nip == 0) {
595     		CERROR("lnet: Can't find any usable interfaces, rc = -ENOENT\n");
596     		nip = -ENOENT;
597     	}
598     
>>>     CID 425360:    (USE_AFTER_FREE)
>>>     Using freed pointer "ifaces".
599     	*dev_list = ifaces;
600     	return nip;
601     }

Attachments

Activity

[LU-17797] Fix coverity CID 425360 introduced in ("LU-17797 lnet: avoid use after free of lnet ifaces")

Peter Jones added a comment - 21/May/24 8:16 PM

Merged for 2.16

Peter Jones added a comment - 21/May/24 8:16 PM Merged for 2.16

Gerrit Updater added a comment - 21/May/24 6:46 PM

"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/54975/
Subject: ~~LU-17797~~ lnet: avoid use after free of lnet ifaces
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 2f20dc3f7614b583fe7f125f42a28ac47b76b36e

Gerrit Updater added a comment - 21/May/24 6:46 PM "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/54975/ Subject: LU-17797 lnet: avoid use after free of lnet ifaces Project: fs/lustre-release Branch: master Current Patch Set: Commit: 2f20dc3f7614b583fe7f125f42a28ac47b76b36e

Gerrit Updater added a comment - 01/May/24 5:31 AM

"Shaun Tancheff <shaun.tancheff@hpe.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/54975
Subject: ~~LU-17797~~ lnet: avoid use after free of lnet ifaces
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: d08f22e69a56d1173d6c742ba6fca84d37913fb7

Gerrit Updater added a comment - 01/May/24 5:31 AM "Shaun Tancheff <shaun.tancheff@hpe.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/54975 Subject: LU-17797 lnet: avoid use after free of lnet ifaces Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: d08f22e69a56d1173d6c742ba6fca84d37913fb7

Andreas Dilger added a comment - 01/May/24 5:02 AM

Shaun, it is probably more clear if you use the original LU ticket that introduced the issue for the Coverity fix, to make it easier to track both patches together, unless the origin of this issue is really old.

Andreas Dilger added a comment - 01/May/24 5:02 AM Shaun, it is probably more clear if you use the original LU ticket that introduced the issue for the Coverity fix, to make it easier to track both patches together, unless the origin of this issue is really old.

Fix coverity CID 425360 introduced in ("LU-17797 lnet: avoid use after free of lnet ifaces")

Details

Description

Attachments

Activity

People

Dates