[LU-7595] New static analysis issues in 2.7.64-46-gf960273 Created: 22/Dec/15  Updated: 30/Aug/23  Resolved: 28/Mar/21

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: Lustre 2.8.0
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Dmitry Eremin (Inactive) Assignee: Dmitry Eremin (Inactive)
Resolution: Fixed Votes: 0
Labels: kw

Issue Links:
Related
is related to LU-4629 Issues found by static analysis tools Resolved
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

Found 3 new static analysis issues in 2.7.64-46-gf960273:

  1. Null pointer may be dereferenced
    • lustre/lfsck/lfsck_lib.c: in lfsck_verify_lpf, Null pointer 'child2' that comes from line 1475 may be dereferenced at line 1490. Also there is one similar error on line 1490.
  2. Uninitialized Array - possible
    • lustre/utils/lustre_cfg.c: in jt_lcfg_setparam, 'pattern' array elements might be used uninitialized in this function.
  3. Result of function that can return NULL may be dereferenced
    • ldiskfs/super.c: in __ldiskfs_corrupted_block_group, Pointer 'gdp' returned from call to function 'ldiskfs_get_group_desc' at line 570 may be NULL and may be dereferenced at line 574.

The list of commits since the previous build 2.7.63-4-gf84e06e:

f960273 LU-7534 build: Allow lustre to build against ZFS/SPL DKMS install
87b0e9a LU-7555 tests: add load_module to mount_facet
5a3dfc2 LU-7301 tests: delete old lfsck tests
9b520c3 LU-7173 mdt: intent vs unlink race
2fe2d1e LU-7531 osp: allow few requests during recovery
e414f14 LU-7192 tests: conf-sanity test 32c supports DNE on ZFS
70bb27b LU-5710 all: fourth set of corrected typos and grammar errors
0bcc4f6 LU-7274 gss_do_ctx_fini_rpc() passes an already freed request
fdddeb2 LU-6866 hsm: prevent migration of HSM archived files
927effd LU-6662 utils: allow overriding default mountopts
4c45115 LU-6895 lfsck: drop bad OI files after MDT file-level restore
0d3a07a LU-7430 mdt: better handle MDT recovery error path
09141c0 LU-7465 llite: Do not track memory leak for kernel function
6506cd4 LU-7394 obd: remove HAVE_SELINUX_IS_ENABLED
8c63d91 LU-5030 utils: add -R parameter to lctl get_param
acc918d Revert "LU-6910 osp: add procfs values for OST reserved size"
b3caa50 LU-7381 e2fsck: update recommended e2fsprogs version
9ae3a28 LU-7053 osd: don't lookup object at insert
6765d78 LU-7408 target: declare write for reply data
be0c22a LU-7144 tests: skip scrub/lfsck test under interoperation
c965fc8 LU-7450 osd: call commit_callback if no write updates
bd8224b LU-7209 doc: more accurate documentation for obdfilter-survey
63a3e41 LU-7419 llog: lock new llog object creation
e48f5a5 LU-7475 lnet: ensure buffer config symmetry
ffaebaf LU-6020 gss: properly map buffers to sg
9e21c0c LU-5690 mount: fix lmd_parse() to handle commas in expr_list
e667cd0 LU-6714 llog: test on-disk llog header values
504ca28 LU-7030 security: put imp_sec after all requests drained off
10e5161 LU-7530 mdt: Do not leak identity when no nodemap is present
0585b0f LU-6910 osp: add procfs values for OST reserved size
f85eaef LU-7136 test: allow more time for copytools to stop
f045898 LU-6767 osd-zfs: Track readonly status of ZFS
b9f3c95 LU-6229 utils: fix lustre_rsync bug of cascade move
dbc0d90 LU-7515 obdclass: add export for lprocfs_stats_alloc_one()
8f81049 LU-3569 utils: remove ll_recover_lost_found_obj
5e2d956 LU-7446 clio: lov_io_init() should return error code
05300cb LU-6732 llite: ll_write_begin/end not passing on errors
1c24b0a LU-1606 misc: clean up DFID related error messages
cc623e9 LU-2524 test: Clean up sanity-quota
57c5752 LU-7148 osc: Remove remains of osc_ast_guard
8c69ef1 LU-5951 ptlrpc: track unreplied requests
3f4572c LU-7508 ldlm: Don't check opcode with NULL rq_reqmsg
af46e57 LU-7268 scrub: NOT assign LMA for EA inode
eaf3353 LU-6298 hsm: shutdown HSM CDTs in parallel
5023ca3 LU-5921 tests: enhance server target mount race testing
5cb0a72 LU-7383 mdt: retry for busy lock during migration
9aebc6c New tag 2.7.64
74d95a0 LU-7428 test: disable conf-sanity, test_84
2d11035 LU-7437 lctl: list_param -R can't work correctly
f4ea6cd LU-7297 osd-zfs: initialize oh_lock
e727c38 LU-1026 ldiskfs: make bitmaps corruption not fatal
343364d LU-7315 osd-ldiskfs: handle pdo lock properly
2f6a3f6 LU-6856 zfs: handle non existing file in osd_object_ref_del
78335a9 LU-6802 ptlrpc: reset imp_replay_cursor
d059b3c LU-6693 out: not return NULL in object_update_param_get
2eb0c38 LU-7316 build: Update ZFS/SPL version to 0.6.5.3
88f761b LU-4423 lnet: don't use iovec instead of kvec
10763bd LU-7462 mdd: check object existence
a482691 LU-7375 lbuild: add missing case to lbuild
cddbef5 LU-7103 test: avoid cat of /dev/urandom
5434d94 LU-7447 lfsck: correct nlink attr for new created dir
7023698 LU-7371 test: wrong read length over isize
cdc97ad LU-6851 lnet: Ignore hops if not explicitly set
082eabd LU-7400 lod: register stop callbacks at create
2aea469 LU-7199 nodemap: assign nodemap to export before connecting
5fda01f LU-7428 tests: write superblock in conf-sanity test_84
795e13a LU-7329 obdclass: sync device to flush journal callbacks
323293b LU-7098 osd-ldiskfs: don't alloc inode directly
3cc79c2 LU-1095 mdc: remove console spew from mdc_ioc_fid2path
544d46e LU-7396 llite: check request != NULL in ll_migrate
3041bbc LU-7276 utils: make llog_reader consistent with kernel
0e54f07 LU-7068 mdd: object leak in mdd_migrate_entries
ac1d6ab LU-6666 osc: Do not merge extents with partial pages
eedb94a LU-7463 osd: Change existence assert into error
585becc LU-7461 lod: retry to get remote update log
2bfc03f LU-7416 osp: check rq_repmsg in osp_request_commit_cb
113aac9 LU-7343 osd-ldiskfs: handle ldiskfs_append failure
8524994 LU-7376 tests: sanity-hsm/59 should skip old servers.
8438f2a LU-7436 tests: skip conf-sanity/91 with old servers
0620323 LU-7415 kernel: kernel update RHEL 6.7 [2.6.32-573.8.1.el6]
f790db6 LU-7164 osc: osc_extent should hold refcount to osc_object
9a466ec LU-7384 lfsck: check transaction stop status
d7e6212 LU-3536 lfsck: reuse parameter name for re-locating object
4c689a5 LU-3322 lnet: make connect parameters persistent
01a6f01 LU-7324 lnet: recv could access freed message
6ff4171 LU-7221 ldlm: do not take a reference on target if stopping
12d6356 LU-7318 out: dynamic reply size
a7eface LU-7077 target: avoid using possible error return NULL pointer
187bdef LU-7174 build: make git ignore dkms generated file


 Comments   
Comment by Dmitry Eremin (Inactive) [ 22/Dec/15 ]

Null pointer 'child2' that comes from line 1391 may be dereferenced at line 1490.

1391			struct dt_object	 *child2 = NULL;
1392			const struct lu_name	 *cname;
1393			char			  name[8];
1394			int			  node   = lfsck_dev_idx(lfsck);
1395			int			  rc	 = 0;
1396			ENTRY;
1397		
1398			LASSERT(lfsck->li_master);
1399		
1400			if (lfsck->li_lpf_root_obj != NULL)
1401				RETURN(0);
1402		
1403			if (node == 0) {...}
1406			else {...}
1417		
1418			if (IS_ERR(parent))
1419				RETURN(PTR_ERR(parent));
1420		 
1421			LASSERT(dt_object_exists(parent));
1422		 
1423			if (unlikely(!dt_try_as_dir(env, parent))) {...}
1428		 
1429			lfsck->li_lpf_root_obj = parent;
1430			if (node == 0) {...}
1437		 
1438			/* child2 */
1439			snprintf(name, 8, "MDT%04x", node);
1440			rc = dt_lookup(env, parent, (struct dt_rec *)cfid,
1441				       (const struct dt_key *)name);
1442			if (rc == -ENOENT) {...}
1446		 
1447			if (rc != 0)
1448				GOTO(put, rc);
1449		 
1450			/* Invalid FID in the name entry, remove the name entry. */
1451			if (!fid_is_norm(cfid)) {...}
1458		
1459			child2 = lfsck_object_find_bottom(env, lfsck, cfid);
1460			if (IS_ERR(child2))
1461				GOTO(put, rc = PTR_ERR(child2));
1462		
1463			if (unlikely(!dt_object_exists(child2) ||
1464				     dt_object_remote(child2)) ||
1465				     !S_ISDIR(lfsck_object_type(child2))) {...}
1472		 
1473			if (unlikely(!dt_try_as_dir(env, child2))) {...}
1478		 
1479		find_child1:
1480			if (fid_is_zero(&bk->lb_lpf_fid))
1481				goto check_child2;
1482		 
1483			if (likely(lu_fid_eq(cfid, &bk->lb_lpf_fid))) {
1484				if (lfsck->li_lpf_obj == NULL) {...}
1488		 
1489				cname = lfsck_name_get_const(env, name, strlen(name));
1490				rc = lfsck_verify_linkea(env, child2, cname, &LU_LPF_FID);
Comment by Andreas Dilger [ 29/Jan/21 ]

Hit a crash in a test session https://testing.whamcloud.com/test_sets/9badce4c-33a1-413c-be47-e1c6fa879bcc related to this:

[ 4483.064705] LustreError: 19809:0:(lod_dev.c:1557:lod_sync()) lustre-MDT0003-mdtlov: can't sync ost 0: rc = -110
[ 4483.073157] LustreError: 19809:0:(lfsck_namespace.c:1470:lfsck_namespace_create_orphan_dir()) ASSERTION( lfsck->li_lpf_root_obj != ((void *)0) ) failed: 
[ 4483.075608] LustreError: 19809:0:(lfsck_namespace.c:1470:lfsck_namespace_create_orphan_dir()) LBUG
[ 4483.077208] Pid: 19809, comm: lfsck_namespace 3.10.0-1127.19.1.el7_lustre.x86_64 #1 SMP Wed Dec 9 21:14:52 UTC 2020
[ 4483.079166] Call Trace:
[ 4483.079888]  [<ffffffffc06d767c>] libcfs_call_trace+0x8c/0xc0 [libcfs]
[ 4483.081191]  [<ffffffffc06d799c>] lbug_with_loc+0x4c/0xa0 [libcfs]
[ 4483.082411]  [<ffffffffc0ef207a>] lfsck_namespace_create_orphan_dir.isra.62+0x10da/0x15e0 [lfsck]
[ 4483.084470]  [<ffffffffc0eff520>] lfsck_namespace_dsd_single+0x690/0xfd0 [lfsck]
[ 4483.085938]  [<ffffffffc0f02ff3>] lfsck_namespace_double_scan_dir+0x583/0xca0 [lfsck]
[ 4483.087391]  [<ffffffffc0f03b6f>] lfsck_namespace_double_scan_one+0x45f/0x1530 [lfsck]
[ 4483.088982]  [<ffffffffc0f05002>] lfsck_namespace_double_scan_one_trace_file+0x3c2/0x7c0 [lfsck]
[ 4483.090651]  [<ffffffffc0f08fa5>] lfsck_namespace_assistant_handler_p2+0x775/0xa90 [lfsck]
[ 4483.092262]  [<ffffffffc0eeaac7>] lfsck_assistant_engine+0x11f7/0x1f20 [lfsck]
Comment by Andreas Dilger [ 28/Mar/21 ]

Close old ticket, we have different static analysis tools now.

Generated at Sat Feb 10 02:10:15 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.