From c03d8b1fe386cfb7b8bf58923d293b87832481f9 Mon Sep 17 00:00:00 2001 From: Sebastien Buisson Date: Thu, 28 Mar 2013 14:55:08 +0100 Subject: [PATCH] LU-3042 build: fix 'NULL pointer dereference' errors Fix 'NULL pointer dereference' defects found by Coverity version 6.5.0: Dereference after null check (FORWARD_NULL) For instance, Passing null pointer to a function which dereferences it. Dereference before null check (REVERSE_INULL) Null-checking variable suggests that it may be null, but it has already been dereferenced on all paths leading to the check. Dereference null return value (NULL_RETURNS) Signed-off-by: Sebastien Buisson Signed-off-by: James Nunez Change-Id: Ie04698f49ec7804466962511e3035c00b14b3d8c Reviewed-on: http://review.whamcloud.com/5868 Tested-by: Hudson Tested-by: Maloo Reviewed-by: Dmitry Eremin Reviewed-by: Oleg Drokin --- lustre/fid/fid_handler.c | 1 - lustre/include/lustre_update.h | 3 ++- lustre/llite/dir.c | 12 +++++++++--- lustre/lov/lov_io.c | 7 ++++--- lustre/mdt/mdt_handler.c | 9 +++++---- lustre/osp/osp_md_object.c | 11 ++++------- lustre/target/out_handler.c | 2 ++ lustre/utils/mount_utils_ldiskfs.c | 3 ++- 8 files changed, 28 insertions(+), 20 deletions(-) diff --git a/lustre/fid/fid_handler.c b/lustre/fid/fid_handler.c index caea0dc..f80efb9 100644 --- a/lustre/fid/fid_handler.c +++ b/lustre/fid/fid_handler.c @@ -513,7 +513,6 @@ int seq_server_init(struct lu_server_seq *seq, LUSTRE_SEQ_ZERO_RANGE: LUSTRE_SEQ_SPACE_RANGE; - LASSERT(ss != NULL); seq->lss_space.lsr_index = ss->ss_node_id; LCONSOLE_INFO("%s: No data found " "on store. Initialize space\n", diff --git a/lustre/include/lustre_update.h b/lustre/include/lustre_update.h index d7f8cab..1829cf60 100644 --- a/lustre/include/lustre_update.h +++ b/lustre/include/lustre_update.h @@ -165,12 +165,13 @@ static inline int update_get_reply_buf(struct update_reply *reply, void **buf, int result; ptr = update_get_buf_internal(reply, index, &size); + LASSERT(ptr != NULL); result = *(int *)ptr; if (result < 0) return result; - LASSERT((ptr != NULL && size >= sizeof(int))); + LASSERT(size >= sizeof(int)); *buf = ptr + sizeof(int); return size - sizeof(int); } diff --git a/lustre/llite/dir.c b/lustre/llite/dir.c index 0496b01..35f6810 100644 --- a/lustre/llite/dir.c +++ b/lustre/llite/dir.c @@ -595,7 +595,7 @@ static int ll_readdir(struct file *filp, void *cookie, filldir_t filldir) struct inode *inode = filp->f_dentry->d_inode; struct ll_file_data *lfd = LUSTRE_FPRIVATE(filp); struct ll_sb_info *sbi = ll_i2sbi(inode); - __u64 pos = lfd->lfd_pos; + __u64 pos; int hash64 = sbi->ll_flags & LL_SBI_64BIT_HASH; int api32 = ll_need_32bit_api(sbi); int rc; @@ -604,6 +604,11 @@ static int ll_readdir(struct file *filp, void *cookie, filldir_t filldir) #endif ENTRY; + if (lfd != NULL) + pos = lfd->lfd_pos; + else + pos = 0; + CDEBUG(D_VFSTRACE, "VFS Op:inode=%lu/%u(%p) pos %lu/%llu " " 32bit_api %d\n", inode->i_ino, inode->i_generation, inode, (unsigned long)pos, i_size_read(inode), api32); @@ -615,7 +620,8 @@ static int ll_readdir(struct file *filp, void *cookie, filldir_t filldir) GOTO(out, rc = 0); rc = ll_dir_read(inode, &pos, cookie, filldir); - lfd->lfd_pos = pos; + if (lfd != NULL) + lfd->lfd_pos = pos; if (pos == MDS_DIR_END_OFF) { if (api32) filp->f_pos = LL_DIR_END_OFF_32BIT; @@ -1453,7 +1459,7 @@ free_lmv: * on 2.4, we use OBD_CONNECT_LVB_TYPE to detect whether the * server will support REINT_RMENTRY XXX*/ if (!(exp_connect_flags(sbi->ll_md_exp) & OBD_CONNECT_LVB_TYPE)) - return -ENOTSUPP; + RETURN(-ENOTSUPP); filename = ll_getname((const char *)arg); if (IS_ERR(filename)) diff --git a/lustre/lov/lov_io.c b/lustre/lov/lov_io.c index 5d2b455..3a0222b 100644 --- a/lustre/lov/lov_io.c +++ b/lustre/lov/lov_io.c @@ -278,11 +278,12 @@ struct lov_io_sub *lov_page_subio(const struct lu_env *env, struct lov_io *lio, static int lov_io_subio_init(const struct lu_env *env, struct lov_io *lio, struct cl_io *io) { - struct lov_stripe_md *lsm = lio->lis_object->lo_lsm; + struct lov_stripe_md *lsm; int result; + ENTRY; - LASSERT(lio->lis_object != NULL); - ENTRY; + LASSERT(lio->lis_object != NULL); + lsm = lio->lis_object->lo_lsm; /* * Need to be optimized, we can't afford to allocate a piece of memory diff --git a/lustre/mdt/mdt_handler.c b/lustre/mdt/mdt_handler.c index 0de83de..a3b2a1d 100644 --- a/lustre/mdt/mdt_handler.c +++ b/lustre/mdt/mdt_handler.c @@ -3008,7 +3008,8 @@ static int mdt_req_handle(struct mdt_thread_info *info, */ rc = -EPROTO; } else { - if (info->mti_mdt->mdt_opts.mo_compat_resname) + if (info->mti_mdt && + info->mti_mdt->mdt_opts.mo_compat_resname) rc = mdt_lock_resname_compat( info->mti_mdt, dlm_req); @@ -3057,7 +3058,7 @@ static int mdt_req_handle(struct mdt_thread_info *info, LASSERT(current->journal_info == NULL); - if (rc == 0 && (flags & HABEO_CLAVIS) && + if (rc == 0 && (flags & HABEO_CLAVIS) && info->mti_mdt && info->mti_mdt->mdt_opts.mo_compat_resname) { struct ldlm_reply *dlmrep; @@ -3449,12 +3450,12 @@ int mdt_handle_common(struct ptlrpc_request *req, ENTRY; env = req->rq_svc_thread->t_env; + LASSERT(env != NULL); /* Refill(initilize) the context(mdt_thread_info), in case it is * not initialized yet. Usually it happens during start up, after * MDS(ptlrpc threads) is start up, it gets the first CONNECT request, * before MDT_thread_info is initialized */ lu_env_refill(env); - LASSERT(env != NULL); LASSERT(env->le_ses != NULL); LASSERT(env->le_ctx.lc_thread == req->rq_svc_thread); info = lu_context_key_get(&env->le_ctx, &mdt_thread_key); @@ -5520,7 +5521,7 @@ static int mdt_obd_connect(const struct lu_env *env, * XXX: probably not very appropriate method is used now * at some point we should find a better one */ - if (!test_bit(MDT_FL_SYNCED, &mdt->mdt_state) && + if (!test_bit(MDT_FL_SYNCED, &mdt->mdt_state) && data != NULL && !(data->ocd_connect_flags & OBD_CONNECT_LIGHTWEIGHT)) { rc = obd_health_check(env, mdt->mdt_child_exp->exp_obd); if (rc) diff --git a/lustre/osp/osp_md_object.c b/lustre/osp/osp_md_object.c index 4bbcabe..42eeee6 100644 --- a/lustre/osp/osp_md_object.c +++ b/lustre/osp/osp_md_object.c @@ -311,7 +311,7 @@ static int osp_get_attr_from_req(const struct lu_env *env, reply = req_capsule_server_sized_get(&req->rq_pill, &RMF_UPDATE_REPLY, UPDATE_BUFFER_SIZE); - if (reply->ur_version != UPDATE_REPLY_V1) + if (reply == NULL || reply->ur_version != UPDATE_REPLY_V1) return -EPROTO; size = update_get_reply_buf(reply, (void **)&wobdo, index); @@ -666,8 +666,7 @@ out: if (req != NULL) ptlrpc_req_finished(req); - if (update != NULL) - osp_destroy_update_req(update); + osp_destroy_update_req(update); RETURN(rc); } @@ -801,8 +800,7 @@ out: if (req != NULL) ptlrpc_req_finished(req); - if (update != NULL) - osp_destroy_update_req(update); + osp_destroy_update_req(update); RETURN(rc); } @@ -1053,8 +1051,7 @@ out: if (req != NULL) ptlrpc_req_finished(req); - if (update != NULL) - osp_destroy_update_req(update); + osp_destroy_update_req(update); RETURN(rc); } diff --git a/lustre/target/out_handler.c b/lustre/target/out_handler.c index ab75768..bd89e6c 100644 --- a/lustre/target/out_handler.c +++ b/lustre/target/out_handler.c @@ -1269,6 +1269,8 @@ int out_handle(struct tgt_session_info *tsi) /* Prepare the update reply buffer */ update_reply = req_capsule_server_get(pill, &RMF_UPDATE_REPLY); + if (update_reply == NULL) + RETURN(err_serious(-EPROTO)); update_init_reply_buf(update_reply, count); tti->tti_u.update.tti_update_reply = update_reply; diff --git a/lustre/utils/mount_utils_ldiskfs.c b/lustre/utils/mount_utils_ldiskfs.c index 9ce1e8f..7915967 100644 --- a/lustre/utils/mount_utils_ldiskfs.c +++ b/lustre/utils/mount_utils_ldiskfs.c @@ -983,7 +983,8 @@ int set_blockdev_tunables(char *source, struct mount_opts *mop, int fan_out) chk_major = strtok_r(buf, ":", &savept); chk_minor = savept; - if (major == atoi(chk_major) &&minor == atoi(chk_minor)) + if (chk_major != NULL && major == atoi(chk_major) && + chk_minor != NULL && minor == atoi(chk_minor)) break; } -- 1.8.3.1