[LU-18560] ldiskfs_write_ldd(): Coverity reports issues - Whamcloud Community JIRA

Details

Type: Bug
Resolution: Fixed
Priority: Minor
Fix Version/s: Lustre 2.17.0
Affects Version/s: Lustre 2.17.0
Labels:
- mount

Severity:
3
Rank (Obsolete):
9223372036854775807

Description

After patching ~~LU-9936~~, Coverity reports issues:

  
    
    *** CID 451701:  Memory - illegal accesses  (OVERRUN)
/lustre/utils/libmount_utils_ldiskfs.c: 229 in ldiskfs_write_ldd()
223     			filepnm, strerror(errno));
224     		ret = errno;
225     		goto out_umnt;
226     	}
227     	total_written = 0;
228     	while (total_written < sizeof(mop->mo_ldd)) {
   CID 451701:  Memory - illegal accesses  (OVERRUN)
   Overrunning array of 12288 bytes at byte offset 150982656 by dereferencing pointer "&mop->mo_ldd + total_written".
229     		write_cnt = write(fd, &mop->mo_ldd + total_written,
230     				  sizeof(mop->mo_ldd) - total_written);
231     		if (write_cnt < 0) {
232     			fprintf(stderr,
233     				"%s: Unable to write to file (%s): %s\n",
234     				progname, filepnm, strerror(errno));
  
    
    
*** CID 451700:  Insecure data handling  (INTEGER_OVERFLOW)
/lustre/utils/libmount_utils_ldiskfs.c: 229 in ldiskfs_write_ldd()
223     			filepnm, strerror(errno));
224     		ret = errno;
225     		goto out_umnt;
226     	}
227     	total_written = 0;
228     	while (total_written < sizeof(mop->mo_ldd)) {
   CID 451700:  Insecure data handling  (INTEGER_OVERFLOW)
   "12288UL - total_written", which might have underflowed, is passed to "write(fd, &mop->mo_ldd + total_written, 12288UL - total_written)".
229     		write_cnt = write(fd, &mop->mo_ldd + total_written,
230     				  sizeof(mop->mo_ldd) - total_written);
231     		if (write_cnt < 0) {
232     			fprintf(stderr,
233     				"%s: Unable to write to file (%s): %s\n",
234     				progname, filepnm, strerror(errno));
  
    
    *** CID 451721:  Control flow issues  (NO_EFFECT)
/lustre/utils/libmount_utils_ldiskfs.c: 231 in ldiskfs_write_ldd()
225     		goto out_umnt;
226     	}
227     	total_written = 0;
228     	while (total_written < sizeof(mop->mo_ldd)) {
229     		write_cnt = write(fd, &mop->mo_ldd + total_written,
230     				  sizeof(mop->mo_ldd) - total_written);
   CID 451721:  Control flow issues  (NO_EFFECT)
   This less-than-zero comparison of an unsigned value is never true. "write_cnt < 0UL".
231     		if (write_cnt < 0) {
232     			fprintf(stderr,
233     				"%s: Unable to write to file (%s): %s\n",
234     				progname, filepnm, strerror(errno));
235     			ret = errno;
236     			goto close_fd;
  
    
    *** CID 451718:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/lustre/utils/libmount_utils_ldiskfs.c: 229 in ldiskfs_write_ldd()
223     			filepnm, strerror(errno));
224     		ret = errno;
225     		goto out_umnt;
226     	}
227     	total_written = 0;
228     	while (total_written < sizeof(mop->mo_ldd)) {
   CID 451718:  Memory - corruptions  (ARRAY_VS_SINGLETON)
   Using "&mop->mo_ldd" as an array.  This might corrupt or misinterpret adjacent memory locations.
229     		write_cnt = write(fd, &mop->mo_ldd + total_written,
230     				  sizeof(mop->mo_ldd) - total_written);
231     		if (write_cnt < 0) {
232     			fprintf(stderr,
233     				"%s: Unable to write to file (%s): %s\n",
234     				progname, filepnm, strerror(errno));

Attachments

Issue Links

is related to

LU-18818 remove mount+open+write+close from ldiskfs_write_ldd()

Open

is related to

LU-9936 ldiskfs_write_ldd() calls fsync(filep->_fileno) but doesn't fflush() flip first

Resolved

LU-17000 Coverity static analysis issues

Open

Activity

[LU-18560] ldiskfs_write_ldd(): Coverity reports issues

Andreas Dilger made changes - 16/Mar/25 10:50 AM

Link

New: This issue is related to LU-18818 [ LU-18818 ]

Peter Jones made changes - 19/Jan/25 3:02 AM

Fix Version/s		New: Lustre 2.17.0 [ 16192 ]
Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Peter Jones added a comment - 19/Jan/25 3:02 AM

Merged for 2.17

Peter Jones added a comment - 19/Jan/25 3:02 AM Merged for 2.17

Gerrit Updater added a comment - 18/Jan/25 10:05 PM

"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/57449/
Subject: ~~LU-18560~~ utils: Fix ldiskfs_write_dd Coverity warnings
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 52105a555f55b399a115f3158b3827eb0db726f6

Gerrit Updater added a comment - 18/Jan/25 10:05 PM "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/57449/ Subject: LU-18560 utils: Fix ldiskfs_write_dd Coverity warnings Project: fs/lustre-release Branch: master Current Patch Set: Commit: 52105a555f55b399a115f3158b3827eb0db726f6

Marc Vef added a comment - 16/Dec/24 9:24 AM

Thanks, Andreas, and will do for the future. Do you have a patch at hand that refreshes an already landed patch? I'm wondering what that looks like.

Marc Vef added a comment - 16/Dec/24 9:24 AM Thanks, Andreas, and will do for the future. Do you have a patch at hand that refreshes an already landed patch? I'm wondering what that looks like.

Andreas Dilger made changes - 15/Dec/24 9:55 PM

Link

New: This issue is related to LU-17000 [ LU-17000 ]

Andreas Dilger added a comment - 15/Dec/24 9:55 PM

Note that it is OK to re-use the original patch that introduced the issue for minor follow-on fixes like this. Alternately, there is LU-17000 for generic Coverity fixes, so that we don't have a proliferation of Jira tickets for the thousands of Coverity issues outstanding.

Andreas Dilger added a comment - 15/Dec/24 9:55 PM Note that it is OK to re-use the original patch that introduced the issue for minor follow-on fixes like this. Alternately, there is LU-17000 for generic Coverity fixes, so that we don't have a proliferation of Jira tickets for the thousands of Coverity issues outstanding.

Gerrit Updater added a comment - 15/Dec/24 8:22 PM

"Marc Vef <mvef@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/57449
Subject: ~~LU-18560~~ utils: Fix ldiskfs_write_dd Coverity warnings
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: baaccd0cc41f7b1fa1b7ffb30eddccc37ee3397d

Gerrit Updater added a comment - 15/Dec/24 8:22 PM "Marc Vef <mvef@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/57449 Subject: LU-18560 utils: Fix ldiskfs_write_dd Coverity warnings Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: baaccd0cc41f7b1fa1b7ffb30eddccc37ee3397d

Marc Vef made changes - 15/Dec/24 8:03 PM

Description

New: After patching ~~LU-9936~~, Coverity reports issues:
{code:java}


    *** CID 451701: Memory - illegal accesses (OVERRUN)
/lustre/utils/libmount_utils_ldiskfs.c: 229 in ldiskfs_write_ldd()
223 filepnm, strerror(errno));
224 ret = errno;
225 goto out_umnt;
226 }
227 total_written = 0;
228 while (total_written < sizeof(mop->mo_ldd)) {
   CID 451701: Memory - illegal accesses (OVERRUN)
   Overrunning array of 12288 bytes at byte offset 150982656 by dereferencing pointer "&mop->mo_ldd + total_written".
229 write_cnt = write(fd, &mop->mo_ldd + total_written,
230 sizeof(mop->mo_ldd) - total_written);
231 if (write_cnt < 0) {
232 fprintf(stderr,
233 "%s: Unable to write to file (%s): %s\n",
234 progname, filepnm, strerror(errno));



*** CID 451700: Insecure data handling (INTEGER_OVERFLOW)
/lustre/utils/libmount_utils_ldiskfs.c: 229 in ldiskfs_write_ldd()
223 filepnm, strerror(errno));
224 ret = errno;
225 goto out_umnt;
226 }
227 total_written = 0;
228 while (total_written < sizeof(mop->mo_ldd)) {
   CID 451700: Insecure data handling (INTEGER_OVERFLOW)
   "12288UL - total_written", which might have underflowed, is passed to "write(fd, &mop->mo_ldd + total_written, 12288UL - total_written)".
229 write_cnt = write(fd, &mop->mo_ldd + total_written,
230 sizeof(mop->mo_ldd) - total_written);
231 if (write_cnt < 0) {
232 fprintf(stderr,
233 "%s: Unable to write to file (%s): %s\n",
234 progname, filepnm, strerror(errno));


    *** CID 451721: Control flow issues (NO_EFFECT)
/lustre/utils/libmount_utils_ldiskfs.c: 231 in ldiskfs_write_ldd()
225 goto out_umnt;
226 }
227 total_written = 0;
228 while (total_written < sizeof(mop->mo_ldd)) {
229 write_cnt = write(fd, &mop->mo_ldd + total_written,
230 sizeof(mop->mo_ldd) - total_written);
   CID 451721: Control flow issues (NO_EFFECT)
   This less-than-zero comparison of an unsigned value is never true. "write_cnt < 0UL".
231 if (write_cnt < 0) {
232 fprintf(stderr,
233 "%s: Unable to write to file (%s): %s\n",
234 progname, filepnm, strerror(errno));
235 ret = errno;
236 goto close_fd;


    *** CID 451718: Memory - corruptions (ARRAY_VS_SINGLETON)
/lustre/utils/libmount_utils_ldiskfs.c: 229 in ldiskfs_write_ldd()
223 filepnm, strerror(errno));
224 ret = errno;
225 goto out_umnt;
226 }
227 total_written = 0;
228 while (total_written < sizeof(mop->mo_ldd)) {
   CID 451718: Memory - corruptions (ARRAY_VS_SINGLETON)
   Using "&mop->mo_ldd" as an array. This might corrupt or misinterpret adjacent memory locations.
229 write_cnt = write(fd, &mop->mo_ldd + total_written,
230 sizeof(mop->mo_ldd) - total_written);
231 if (write_cnt < 0) {
232 fprintf(stderr,
233 "%s: Unable to write to file (%s): %s\n",
234 progname, filepnm, strerror(errno));
   {code}

Marc Vef made changes - 15/Dec/24 8:02 PM

Link

New: This issue is related to ~~LU-9936~~ [ ~~LU-9936~~ ]

People

Assignee:: Marc Vef

Reporter:: Marc Vef

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 15/Dec/24 8:01 PM

Updated:: 16/Mar/25 10:50 AM

Resolved:: 19/Jan/25 3:02 AM