https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-6519 Lustre <p>smatch highlighted this in class_newdev:</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre> if (result == NULL &amp;&amp; i &gt;= class_devno_max()) { CERROR("all %u OBD devices used, increase MAX_OBD_DEVICES\n", class_devno_max()); GOTO(out, result = ERR_PTR(-EOVERFLOW)); } if (IS_ERR(result)) GOTO(out, result); CDEBUG(D_IOCTL, "Adding new device %s (%p)\n", result-&gt;obd_name, result); </pre> </div></div> <p>So this totally seems to assume that if result == NULL, but we did not go beyond the obd device limit, we are ok to print this NULL pointer?</p> <p>I suspect we should chance the IS_ERRO to either result == NULL || IS_ERR?</p> LU-6519

potential null pointer dereference in class_newdev

Bug Minor Open Unresolved WC Triage Oleg Drokin Mon, 27 Apr 2015 04:55:58 +0000 Mon, 18 May 2015 09:50:47 +0000 0 2 <p>Hi,<br/> Following is analysis from my side -<br/> Below is relevent part of code of newdev</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre> for (i = 0; i &lt; class_devno_max(); i++) { struct obd_device *obd = class_num2obd(i); if (obd &amp;&amp; (strcmp(name, obd-&gt;obd_name) == 0)) { CERROR("Device %s already exists at %d, won't add\n", name, i); if (result) { LASSERTF(result-&gt;obd_magic == OBD_DEVICE_MAGIC, "%p obd_magic %08x != %08x\n", result, result-&gt;obd_magic, OBD_DEVICE_MAGIC); LASSERTF(result-&gt;obd_minor == new_obd_minor, "%p obd_minor %d != %d\n", result, result-&gt;obd_minor, new_obd_minor); obd_devs[result-&gt;obd_minor] = NULL; result-&gt;obd_name[0]='\0'; } result = ERR_PTR(-EEXIST); break; } if (!result &amp;&amp; !obd) { result = newdev; result-&gt;obd_minor = i; new_obd_minor = i; result-&gt;obd_type = type; strncpy(result-&gt;obd_name, name, sizeof(result-&gt;obd_name) - 1); obd_devs[i] = result; } } write_unlock(&amp;obd_dev_lock); if (result == NULL &amp;&amp; i &gt;= class_devno_max()) { CERROR("all %u OBD devices used, increase MAX_OBD_DEVICES\n", class_devno_max()); GOTO(out, result = ERR_PTR(-EOVERFLOW)); } </pre> </div></div> <p>1. if result is NULL and loop is completed this means no slot is found for new obd. This case is handled ihere -</p> <p> if (result == NULL &amp;&amp; i &gt;= class_devno_max()) </p> { CERROR("all %u OBD devices used, increase MAX_OBD_DEVICES\n", class_devno_max()); GOTO(out, result = ERR_PTR(-EOVERFLOW)); } <p>and result value is reassigned. We printing max no of obd devices.<br/> 2. If we break out of loop because obd exists then result will have error code -EEXIST so result will no be NULL<br/> Out code frees the menory allocated to newdev. <br/> This code seems fine to me and probabally a false alarm from the tool.<br/> Please confirm.</p> <p>-Ulka</p> Development Rank 1|hzxbrb: Rank (Obsolete) 9223372036854775807 Severity