Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a739735c authored by Sebastien Buisson's avatar Sebastien Buisson Committed by Greg Kroah-Hartman
Browse files

staging: lustre: fix 'NULL pointer dereference' errors 

Fix 'NULL pointer dereference' defects found by Coverity version
6.5.3:
Dereference after null check (FORWARD_NULL)
For instance, Passing null pointer to a function which dereferences
it.
Dereference before null check (REVERSE_INULL)
Null-checking variable suggests that it may be null, but it has
already been dereferenced on all paths leading to the check.
Dereference null return value (NULL_RETURNS)

The following fixes for the LNet layer are broken out of patch
http://review.whamcloud.com/4720

.

Signed-off-by: default avatarSebastien Buisson <sbuisson@ddn.com>
Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-2217
Reviewed-on: http://review.whamcloud.com/4720


Reviewed-by: default avatarDmitry Eremin <dmitry.eremin@intel.com>
Reviewed-by: default avatarOleg Drokin <oleg.drokin@intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent c206f8bc

drivers/staging/lustre/lnet/lnet/lib-move.c

+2 −0
Original line number Diff line number Diff line
@@ -162,6 +162,7 @@ lnet_iov_nob(unsigned int niov, struct kvec *iov) 
{

	unsigned int nob = 0;



	LASSERT(!niov || iov);

	while (niov-- > 0)

		nob += (iov++)->iov_len;
@@ -282,6 +283,7 @@ lnet_kiov_nob(unsigned int niov, lnet_kiov_t *kiov) 
{

	unsigned int nob = 0;



	LASSERT(!niov || kiov);

	while (niov-- > 0)

		nob += (kiov++)->kiov_len;

drivers/staging/lustre/lnet/selftest/conctl.c

+25 −24
Original line number Diff line number Diff line
@@ -670,44 +670,45 @@ static int 
lst_stat_query_ioctl(lstio_stat_args_t *args)

{

	int rc;

	char *name;

	char *name = NULL;



	/* TODO: not finished */

	if (args->lstio_sta_key != console_session.ses_key)

		return -EACCES;



	if (!args->lstio_sta_resultp ||

	    (!args->lstio_sta_namep && !args->lstio_sta_idsp) ||

	    args->lstio_sta_nmlen <= 0 ||

	    args->lstio_sta_nmlen > LST_NAME_SIZE)

	if (!args->lstio_sta_resultp)

		return -EINVAL;



	if (args->lstio_sta_idsp &&

	    args->lstio_sta_count <= 0)

	if (args->lstio_sta_idsp) {

		if (args->lstio_sta_count <= 0)

			return -EINVAL;



		rc = lstcon_nodes_stat(args->lstio_sta_count,

				       args->lstio_sta_idsp,

				       args->lstio_sta_timeout,

				       args->lstio_sta_resultp);

	} else if (args->lstio_sta_namep) {

		if (args->lstio_sta_nmlen <= 0 ||

		    args->lstio_sta_nmlen > LST_NAME_SIZE)

			return -EINVAL;



		LIBCFS_ALLOC(name, args->lstio_sta_nmlen + 1);

		if (!name)

			return -ENOMEM;



	if (copy_from_user(name, args->lstio_sta_namep,

			   args->lstio_sta_nmlen)) {

		LIBCFS_FREE(name, args->lstio_sta_nmlen + 1);

		return -EFAULT;

	}



	if (!args->lstio_sta_idsp) {

		rc = copy_from_user(name, args->lstio_sta_namep,

				    args->lstio_sta_nmlen);

		if (!rc)

			rc = lstcon_group_stat(name, args->lstio_sta_timeout,

					       args->lstio_sta_resultp);

		else

			rc = -EFAULT;

	} else {

		rc = lstcon_nodes_stat(args->lstio_sta_count,

				       args->lstio_sta_idsp,

				       args->lstio_sta_timeout,

				       args->lstio_sta_resultp);

		rc = -EINVAL;

	}



	if (name)

		LIBCFS_FREE(name, args->lstio_sta_nmlen + 1);



	return rc;

}

drivers/staging/lustre/lustre/include/lustre/lustre_user.h

+3 −0
Original line number Diff line number Diff line
@@ -448,6 +448,9 @@ static inline void obd_str2uuid(struct obd_uuid *uuid, const char *tmp) 
/* For printf's only, make sure uuid is terminated */

static inline char *obd_uuid2str(const struct obd_uuid *uuid)

{

	if (!uuid)

		return NULL;



	if (uuid->uuid[sizeof(*uuid) - 1] != '\0') {

		/* Obviously not safe, but for printfs, no real harm done...

		 * we're always null-terminated, even in a race.

drivers/staging/lustre/lustre/ldlm/ldlm_request.c

+6 −1
Original line number Diff line number Diff line
@@ -708,8 +708,13 @@ int ldlm_cli_enqueue(struct obd_export *exp, struct ptlrpc_request **reqp, 
		if (policy)

			lock->l_policy_data = *policy;



		if (einfo->ei_type == LDLM_EXTENT)

		if (einfo->ei_type == LDLM_EXTENT) {

			/* extent lock without policy is a bug */

			if (!policy)

				LBUG();



			lock->l_req_extent = policy->l_extent;

		}

		LDLM_DEBUG(lock, "client-side enqueue START, flags %llx\n",

			   *flags);

	}

drivers/staging/lustre/lustre/lmv/lmv_obd.c

+1 −1
Original line number Diff line number Diff line
@@ -238,7 +238,7 @@ static int lmv_connect(const struct lu_env *env, 
	 * and MDC stuff will be called directly, for instance while reading

	 * ../mdc/../kbytesfree procfs file, etc.

	 */

	if (data->ocd_connect_flags & OBD_CONNECT_REAL)

	if (data && data->ocd_connect_flags & OBD_CONNECT_REAL)

		rc = lmv_check_connect(obd);



	if (rc && lmv->lmv_tgts_kobj)