From patchwork Tue Jul 6 04:32:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zhiqiang Liu X-Patchwork-Id: 12359731 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3799572 for ; Tue, 6 Jul 2021 04:49:51 +0000 (UTC) Received: from dggemv711-chm.china.huawei.com (unknown [172.30.72.54]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4GJqM63x0FzZqnQ for ; Tue, 6 Jul 2021 12:29:06 +0800 (CST) Received: from dggema765-chm.china.huawei.com (10.1.198.207) by dggemv711-chm.china.huawei.com (10.1.198.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2176.2; Tue, 6 Jul 2021 12:32:17 +0800 Received: from [127.0.0.1] (10.174.177.249) by dggema765-chm.china.huawei.com (10.1.198.207) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2176.2; Tue, 6 Jul 2021 12:32:17 +0800 Subject: [ndctl PATCH v2 1/2] libndctl: check return value of ndctl_pfn_get_namespace To: CC: , linfeilong , , Alison Schofield , References: From: Zhiqiang Liu Message-ID: Date: Tue, 6 Jul 2021 12:32:15 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 Precedence: bulk X-Mailing-List: nvdimm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Originating-IP: [10.174.177.249] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To dggema765-chm.china.huawei.com (10.1.198.207) X-CFilter-Loop: Reflected Recently, we use Coverity to analysis the ndctl package, one kind of NULL_RETURNS issue is reported as follows, pfn_clear_badblocks(): CID 11690495: (NULL_RETURNS) 1429. dereference: Dereferencing a pointer that might be "NULL" "ndns" when calling "ndctl_namespace_disable_safe". dax_clear_badblocks(): CID 11690504: (NULL_RETURNS) 1405. dereference: Dereferencing a pointer that might be "NULL" "ndns" when calling "ndctl_namespace_disable_safe". util_pfn_badblocks_to_json(): CID 11690524: (NULL_RETURNS) 812. dereference: Dereferencing a pointer that might be "NULL" "ndns" when calling "util_namespace_badblocks_to_json". ndctl_pfn_get_namespace() may return NULL, so callers should check return value of it. Otherwise, it may cause access NULL pointer problem. Signed-off-by: Zhiqiang Liu --- v1->v2: add coverity report info as suggested by Alison ndctl/namespace.c | 18 ++++++++++++++---- test/libndctl.c | 4 ++-- util/json.c | 2 ++ 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/ndctl/namespace.c b/ndctl/namespace.c index 0c8df9f..21089d7 100644 --- a/ndctl/namespace.c +++ b/ndctl/namespace.c @@ -1417,11 +1417,16 @@ static int nstype_clear_badblocks(struct ndctl_namespace *ndns, static int dax_clear_badblocks(struct ndctl_dax *dax) { - struct ndctl_namespace *ndns = ndctl_dax_get_namespace(dax); - const char *devname = ndctl_dax_get_devname(dax); + struct ndctl_namespace *ndns; + const char *devname; unsigned long long begin, size; int rc; + ndns = ndctl_dax_get_namespace(dax); + if (!ndns) + return -ENXIO; + + devname = ndctl_dax_get_devname(dax); begin = ndctl_dax_get_resource(dax); if (begin == ULLONG_MAX) return -ENXIO; @@ -1441,11 +1446,16 @@ static int dax_clear_badblocks(struct ndctl_dax *dax) static int pfn_clear_badblocks(struct ndctl_pfn *pfn) { - struct ndctl_namespace *ndns = ndctl_pfn_get_namespace(pfn); - const char *devname = ndctl_pfn_get_devname(pfn); + struct ndctl_namespace *ndns; + const char *devname; unsigned long long begin, size; int rc; + ndns = ndctl_pfn_get_namespace(pfn); + if (!ndns) + return -ENXIO; + + devname = ndctl_pfn_get_devname(pfn); begin = ndctl_pfn_get_resource(pfn); if (begin == ULLONG_MAX) return -ENXIO; diff --git a/test/libndctl.c b/test/libndctl.c index 24d72b3..05e5ff2 100644 --- a/test/libndctl.c +++ b/test/libndctl.c @@ -1275,7 +1275,7 @@ static int check_pfn_autodetect(struct ndctl_bus *bus, if (!ndctl_pfn_is_enabled(pfn)) continue; pfn_ndns = ndctl_pfn_get_namespace(pfn); - if (strcmp(ndctl_namespace_get_devname(pfn_ndns), devname) != 0) + if (!pfn_ndns || strcmp(ndctl_namespace_get_devname(pfn_ndns), devname) != 0) continue; fprintf(stderr, "%s: pfn_ndns: %p ndns: %p\n", __func__, pfn_ndns, ndns); @@ -1372,7 +1372,7 @@ static int check_dax_autodetect(struct ndctl_bus *bus, if (!ndctl_dax_is_enabled(dax)) continue; dax_ndns = ndctl_dax_get_namespace(dax); - if (strcmp(ndctl_namespace_get_devname(dax_ndns), devname) != 0) + if (!dax_ndns || strcmp(ndctl_namespace_get_devname(dax_ndns), devname) != 0) continue; fprintf(stderr, "%s: dax_ndns: %p ndns: %p\n", __func__, dax_ndns, ndns); diff --git a/util/json.c b/util/json.c index ca0167b..249f021 100644 --- a/util/json.c +++ b/util/json.c @@ -1002,6 +1002,8 @@ static struct json_object *util_pfn_badblocks_to_json(struct ndctl_pfn *pfn, pfn_begin = ndctl_pfn_get_resource(pfn); if (pfn_begin == ULLONG_MAX) { struct ndctl_namespace *ndns = ndctl_pfn_get_namespace(pfn); + if (!ndns) + return NULL; return util_namespace_badblocks_to_json(ndns, bb_count, flags); } From patchwork Tue Jul 6 04:33:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zhiqiang Liu X-Patchwork-Id: 12359725 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 22D9972 for ; Tue, 6 Jul 2021 04:33:10 +0000 (UTC) Received: from dggemv704-chm.china.huawei.com (unknown [172.30.72.56]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4GJqMz66qwzZn0N for ; Tue, 6 Jul 2021 12:29:51 +0800 (CST) Received: from dggema765-chm.china.huawei.com (10.1.198.207) by dggemv704-chm.china.huawei.com (10.3.19.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2176.2; Tue, 6 Jul 2021 12:33:02 +0800 Received: from [127.0.0.1] (10.174.177.249) by dggema765-chm.china.huawei.com (10.1.198.207) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2176.2; Tue, 6 Jul 2021 12:33:02 +0800 Subject: [ndctl PATCH v2 2/2] namespace: Close fd before return in do_xaction_namespace() To: CC: , linfeilong , , Alison Schofield , References: From: Zhiqiang Liu Message-ID: Date: Tue, 6 Jul 2021 12:33:01 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 Precedence: bulk X-Mailing-List: nvdimm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Originating-IP: [10.174.177.249] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To dggema765-chm.china.huawei.com (10.1.198.207) X-CFilter-Loop: Reflected Recently, we use Coverity to analysis the ndctl package, one issue in do_xaction_namespace() is reported as follows, CID 11690564: (RESOURCE_LEAK) 2058. leaked_storage: Variable "ri_ctx" going out of scope leaks the storage "ri_ctx.f_out" points to. In do_xaction_namespace(), ri_ctx.f_out should be closed after being opened. This prevents a potential file descriptor leak in do_xaction_namespace(). Signed-off-by: Zhiqiang Liu --- v1->v2: add coverity report info as suggested by Alison ndctl/namespace.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/ndctl/namespace.c b/ndctl/namespace.c index 21089d7..55364ac 100644 --- a/ndctl/namespace.c +++ b/ndctl/namespace.c @@ -2141,7 +2141,7 @@ static int do_xaction_namespace(const char *namespace, util_display_json_array(ri_ctx.f_out, ri_ctx.jblocks, 0); if (rc >= 0) (*processed)++; - return rc; + goto out; } } @@ -2152,11 +2152,11 @@ static int do_xaction_namespace(const char *namespace, rc = file_write_infoblock(param.outfile); if (rc >= 0) (*processed)++; - return rc; + goto out; } if (!namespace && action != ACTION_CREATE) - return rc; + goto out; if (verbose) ndctl_set_log_priority(ctx, LOG_DEBUG); @@ -2212,7 +2212,7 @@ static int do_xaction_namespace(const char *namespace, saved_rc = rc; continue; } - return rc; + goto out; } ndctl_namespace_foreach_safe(region, ndns, _n) { ndns_name = ndctl_namespace_get_devname(ndns); @@ -2259,7 +2259,7 @@ static int do_xaction_namespace(const char *namespace, rc = namespace_reconfig(region, ndns); if (rc == 0) *processed = 1; - return rc; + goto out; case ACTION_READ_INFOBLOCK: rc = namespace_rw_infoblock(ndns, &ri_ctx, READ); if (rc == 0) @@ -2281,9 +2281,6 @@ static int do_xaction_namespace(const char *namespace, if (ri_ctx.jblocks) util_display_json_array(ri_ctx.f_out, ri_ctx.jblocks, 0); - if (ri_ctx.f_out && ri_ctx.f_out != stdout) - fclose(ri_ctx.f_out); - if (action == ACTION_CREATE && rc == -EAGAIN) { /* * Namespace creation searched through all candidate @@ -2301,6 +2298,10 @@ static int do_xaction_namespace(const char *namespace, if (saved_rc) rc = saved_rc; +out: + if (ri_ctx.f_out && ri_ctx.f_out != stdout) + fclose(ri_ctx.f_out); + return rc; }