lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 6 Nov 2019 11:25:05 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     riteshh@...ux.ibm.com
Cc:     linux-ext4@...r.kernel.org
Subject: [bug report] ext4: Add support for blocksize < pagesize in
 dioread_nolock

Hello Ritesh Harjani,

The patch c8cc88163f40: "ext4: Add support for blocksize < pagesize
in dioread_nolock" from Oct 16, 2019, leads to the following static
checker warning:

fs/ext4/inode.c:2390 mpage_process_page() error: 'io_end_vec' dereferencing possible ERR_PTR()
fs/ext4/inode.c:2557 mpage_map_and_submit_extent() error: 'io_end_vec' dereferencing possible ERR_PTR()
fs/ext4/inode.c:3677 ext4_end_io_dio() error: 'io_end_vec' dereferencing possible ERR_PTR()

fs/ext4/inode.c
  2371          bh = head = page_buffers(page);
  2372          do {
  2373                  if (lblk < mpd->map.m_lblk)
  2374                          continue;
  2375                  if (lblk >= mpd->map.m_lblk + mpd->map.m_len) {
  2376                          /*
  2377                           * Buffer after end of mapped extent.
  2378                           * Find next buffer in the page to map.
  2379                           */
  2380                          mpd->map.m_len = 0;
  2381                          mpd->map.m_flags = 0;
  2382                          io_end_vec->size += io_end_size;
  2383                          io_end_size = 0;
  2384  
  2385                          err = mpage_process_page_bufs(mpd, head, bh, lblk);
  2386                          if (err > 0)
  2387                                  err = 0;
  2388                          if (!err && mpd->map.m_len && mpd->map.m_lblk > lblk) {
  2389                                  io_end_vec = ext4_alloc_io_end_vec(io_end);
                                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This allocation can fail.

  2390                                  io_end_vec->offset = mpd->map.m_lblk << blkbits;
                                        ^^^^^^^^^^^^^^^^^^
Oops

  2391                          }
  2392                          *map_bh = true;
  2393                          goto out;
  2394                  }
  2395                  if (buffer_delay(bh)) {
  2396                          clear_buffer_delay(bh);
  2397                          bh->b_blocknr = pblock++;
  2398                  }
  2399                  clear_buffer_unwritten(bh);
  2400                  io_end_size += (1 << blkbits);
  2401          } while (lblk++, (bh = bh->b_this_page) != head);

regards,
dan carpenter

Powered by blists - more mailing lists