LU-3042 build: fix 'NULL pointer dereference' errors

Fix 'NULL pointer dereference' defects found by Coverity version
6.5.0:
Dereference after null check (FORWARD_NULL)
For instance, Passing null pointer to a function which dereferences
it.
Dereference before null check (REVERSE_INULL)
Null-checking variable suggests that it may be null, but it has
already been dereferenced on all paths leading to the check.
Dereference null return value (NULL_RETURNS)

Signed-off-by: Sebastien Buisson <sebastien.buisson@bull.net>
Signed-off-by: James Nunez <james.a.nunez@intel.com>
Change-Id: Ie04698f49ec7804466962511e3035c00b14b3d8c
Reviewed-on: http://review.whamcloud.com/5868
Tested-by: Hudson
Tested-by: Maloo <whamcloud.maloo@gmail.com>
Reviewed-by: Dmitry Eremin <dmitry.eremin@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>

diff --git a/lustre/fid/fid_handler.c b/lustre/fid/fid_handler.c
index caea0dc..f80efb9 100644 (file)
--- a/lustre/fid/fid_handler.c
+++ b/lustre/fid/fid_handler.c
@@ -513,7 +513,6 @@ int seq_server_init(struct lu_server_seq *seq,
                         LUSTRE_SEQ_ZERO_RANGE:
                         LUSTRE_SEQ_SPACE_RANGE;
 
-               LASSERT(ss != NULL);
                seq->lss_space.lsr_index = ss->ss_node_id;
                LCONSOLE_INFO("%s: No data found "
                              "on store. Initialize space\n",

diff --git a/lustre/include/lustre_update.h b/lustre/include/lustre_update.h
index d7f8cab..1829cf6 100644 (file)
--- a/lustre/include/lustre_update.h
+++ b/lustre/include/lustre_update.h
@@ -165,12 +165,13 @@ static inline int update_get_reply_buf(struct update_reply *reply, void **buf,
        int  result;
 
        ptr = update_get_buf_internal(reply, index, &size);
+       LASSERT(ptr != NULL);
        result = *(int *)ptr;
 
        if (result < 0)
                return result;
 
-       LASSERT((ptr != NULL && size >= sizeof(int)));
+       LASSERT(size >= sizeof(int));
        *buf = ptr + sizeof(int);
        return size - sizeof(int);
 }

diff --git a/lustre/llite/dir.c b/lustre/llite/dir.c
index 0496b01..35f6810 100644 (file)
--- a/lustre/llite/dir.c
+++ b/lustre/llite/dir.c
@@ -595,7 +595,7 @@ static int ll_readdir(struct file *filp, void *cookie, filldir_t filldir)
        struct inode            *inode  = filp->f_dentry->d_inode;
        struct ll_file_data     *lfd    = LUSTRE_FPRIVATE(filp);
        struct ll_sb_info       *sbi    = ll_i2sbi(inode);
-       __u64                   pos     = lfd->lfd_pos;
+       __u64                   pos;
        int                     hash64  = sbi->ll_flags & LL_SBI_64BIT_HASH;
        int                     api32   = ll_need_32bit_api(sbi);
        int                     rc;
@@ -604,6 +604,11 @@ static int ll_readdir(struct file *filp, void *cookie, filldir_t filldir)
 #endif
        ENTRY;
 
+       if (lfd != NULL)
+               pos = lfd->lfd_pos;
+       else
+               pos = 0;
+
        CDEBUG(D_VFSTRACE, "VFS Op:inode=%lu/%u(%p) pos %lu/%llu "
               " 32bit_api %d\n", inode->i_ino, inode->i_generation,
               inode, (unsigned long)pos, i_size_read(inode), api32);
@@ -615,7 +620,8 @@ static int ll_readdir(struct file *filp, void *cookie, filldir_t filldir)
                GOTO(out, rc = 0);
 
        rc = ll_dir_read(inode, &pos, cookie, filldir);
-       lfd->lfd_pos = pos;
+       if (lfd != NULL)
+               lfd->lfd_pos = pos;
         if (pos == MDS_DIR_END_OFF) {
                 if (api32)
                         filp->f_pos = LL_DIR_END_OFF_32BIT;
@@ -1453,7 +1459,7 @@ free_lmv:
                 * on 2.4, we use OBD_CONNECT_LVB_TYPE to detect whether the
                 * server will support REINT_RMENTRY XXX*/
                if (!(exp_connect_flags(sbi->ll_md_exp) & OBD_CONNECT_LVB_TYPE))
-                       return -ENOTSUPP;
+                       RETURN(-ENOTSUPP);
 
                filename = ll_getname((const char *)arg);
                if (IS_ERR(filename))

diff --git a/lustre/lov/lov_io.c b/lustre/lov/lov_io.c
index 5d2b455..3a0222b 100644 (file)
--- a/lustre/lov/lov_io.c
+++ b/lustre/lov/lov_io.c
@@ -278,11 +278,12 @@ struct lov_io_sub *lov_page_subio(const struct lu_env *env, struct lov_io *lio,
 static int lov_io_subio_init(const struct lu_env *env, struct lov_io *lio,
                              struct cl_io *io)
 {
-       struct lov_stripe_md *lsm = lio->lis_object->lo_lsm;
+       struct lov_stripe_md *lsm;
        int result;
+       ENTRY;
 
-        LASSERT(lio->lis_object != NULL);
-        ENTRY;
+       LASSERT(lio->lis_object != NULL);
+       lsm = lio->lis_object->lo_lsm;
 
         /*
          * Need to be optimized, we can't afford to allocate a piece of memory

diff --git a/lustre/mdt/mdt_handler.c b/lustre/mdt/mdt_handler.c
index 0de83de..a3b2a1d 100644 (file)
--- a/lustre/mdt/mdt_handler.c
+++ b/lustre/mdt/mdt_handler.c
@@ -3008,7 +3008,8 @@ static int mdt_req_handle(struct mdt_thread_info *info,
                                  */
                                 rc = -EPROTO;
                         } else {
-                                if (info->mti_mdt->mdt_opts.mo_compat_resname)
+                               if (info->mti_mdt &&
+                                   info->mti_mdt->mdt_opts.mo_compat_resname)
                                         rc = mdt_lock_resname_compat(
                                                                 info->mti_mdt,
                                                                 dlm_req);
@@ -3057,7 +3058,7 @@ static int mdt_req_handle(struct mdt_thread_info *info,
 
         LASSERT(current->journal_info == NULL);
 
-        if (rc == 0 && (flags & HABEO_CLAVIS) &&
+       if (rc == 0 && (flags & HABEO_CLAVIS) && info->mti_mdt &&
             info->mti_mdt->mdt_opts.mo_compat_resname) {
                 struct ldlm_reply *dlmrep;
 
@@ -3449,12 +3450,12 @@ int mdt_handle_common(struct ptlrpc_request *req,
         ENTRY;
 
         env = req->rq_svc_thread->t_env;
+       LASSERT(env != NULL);
        /* Refill(initilize) the context(mdt_thread_info), in case it is
         * not initialized yet. Usually it happens during start up, after
         * MDS(ptlrpc threads) is start up, it gets the first CONNECT request,
         * before MDT_thread_info is initialized */
        lu_env_refill(env);
-        LASSERT(env != NULL);
         LASSERT(env->le_ses != NULL);
         LASSERT(env->le_ctx.lc_thread == req->rq_svc_thread);
         info = lu_context_key_get(&env->le_ctx, &mdt_thread_key);
@@ -5520,7 +5521,7 @@ static int mdt_obd_connect(const struct lu_env *env,
         * XXX: probably not very appropriate method is used now
         *      at some point we should find a better one
         */
-       if (!test_bit(MDT_FL_SYNCED, &mdt->mdt_state) &&
+       if (!test_bit(MDT_FL_SYNCED, &mdt->mdt_state) && data != NULL &&
            !(data->ocd_connect_flags & OBD_CONNECT_LIGHTWEIGHT)) {
                rc = obd_health_check(env, mdt->mdt_child_exp->exp_obd);
                if (rc)

diff --git a/lustre/osp/osp_md_object.c b/lustre/osp/osp_md_object.c
index 4bbcabe..42eeee6 100644 (file)
--- a/lustre/osp/osp_md_object.c
+++ b/lustre/osp/osp_md_object.c
@@ -311,7 +311,7 @@ static int osp_get_attr_from_req(const struct lu_env *env,
 
        reply = req_capsule_server_sized_get(&req->rq_pill, &RMF_UPDATE_REPLY,
                                             UPDATE_BUFFER_SIZE);
-       if (reply->ur_version != UPDATE_REPLY_V1)
+       if (reply == NULL || reply->ur_version != UPDATE_REPLY_V1)
                return -EPROTO;
 
        size = update_get_reply_buf(reply, (void **)&wobdo, index);
@@ -666,8 +666,7 @@ out:
        if (req != NULL)
                ptlrpc_req_finished(req);
 
-       if (update != NULL)
-               osp_destroy_update_req(update);
+       osp_destroy_update_req(update);
 
        RETURN(rc);
 }
@@ -801,8 +800,7 @@ out:
        if (req != NULL)
                ptlrpc_req_finished(req);
 
-       if (update != NULL)
-               osp_destroy_update_req(update);
+       osp_destroy_update_req(update);
 
        RETURN(rc);
 }
@@ -1053,8 +1051,7 @@ out:
        if (req != NULL)
                ptlrpc_req_finished(req);
 
-       if (update != NULL)
-               osp_destroy_update_req(update);
+       osp_destroy_update_req(update);
 
        RETURN(rc);
 }

diff --git a/lustre/target/out_handler.c b/lustre/target/out_handler.c
index ab75768..bd89e6c 100644 (file)
--- a/lustre/target/out_handler.c
+++ b/lustre/target/out_handler.c
@@ -1269,6 +1269,8 @@ int out_handle(struct tgt_session_info *tsi)
 
        /* Prepare the update reply buffer */
        update_reply = req_capsule_server_get(pill, &RMF_UPDATE_REPLY);
+       if (update_reply == NULL)
+               RETURN(err_serious(-EPROTO));
        update_init_reply_buf(update_reply, count);
        tti->tti_u.update.tti_update_reply = update_reply;
 

diff --git a/lustre/utils/mount_utils_ldiskfs.c b/lustre/utils/mount_utils_ldiskfs.c
index 9ce1e8f..7915967 100644 (file)
--- a/lustre/utils/mount_utils_ldiskfs.c
+++ b/lustre/utils/mount_utils_ldiskfs.c
@@ -983,7 +983,8 @@ int set_blockdev_tunables(char *source, struct mount_opts *mop, int fan_out)
 
                chk_major = strtok_r(buf, ":", &savept);
                chk_minor = savept;
-               if (major == atoi(chk_major) &&minor == atoi(chk_minor))
+               if (chk_major != NULL && major == atoi(chk_major) &&
+                   chk_minor != NULL && minor == atoi(chk_minor))
                        break;
        }