| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <933d95b1-ee6c-eb74-9197-32852e7f7728@canonical.com>
Date: Fri, 21 Apr 2017 15:06:57 +0100
From: Colin Ian King <colin.king@...onical.com>
To: Christoph Hellwig <hch@....de>,
Johannes Thumshirn <jthumshirn@...e.de>,
Jens Axboe <axboe@...com>
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: re: mtip32xx: add a status field to struct mtip_cmd
Hi,
CoverityScan found an issue with the following part of the patch:
- if (likely(!reserv))
- blk_mq_complete_request(rq, -ENODEV);
- else if (test_bit(MTIP_PF_IC_ACTIVE_BIT, &dd->port->flags)) {
+ if (likely(!reserv)) {
+ cmd->status = -ENODEV;
+ blk_mq_complete_request(rq, 0);
+ } else if (test_bit(MTIP_PF_IC_ACTIVE_BIT, &dd->port->flags)) {
The issue is:
static void mtip_no_dev_cleanup(struct request *rq, void *data, bool reserv)
{
struct driver_data *dd = (struct driver_data *)data;
struct mtip_cmd *cmd;
if (likely(!reserv)) {
cmd->status = -ENODEV;
CID 1430258 (#1 of 1): Uninitialized pointer write (UNINIT)4.
uninit_use: Using uninitialized value cmd.
..basically a null ptr dereference on cmd.
Colin
Powered by blists - more mailing lists