lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 17 Nov 2017 15:57:32 -0600
From:   "Gustavo A. R. Silva" <garsilva@...eddedor.com>
To:     David Howells <dhowells@...hat.com>
Cc:     linux-afs@...ts.infradead.org, linux-kernel@...r.kernel.org,
        "Gustavo A. R. Silva" <garsilva@...eddedor.com>
Subject: Logically dead code at fs/afs/cell.c:206

Hi David,

Today Coverity reported a "Logically dead code" issue at fs/afs/cell.c:206:

        if (!excl) {
                rcu_read_lock();
                cell = afs_lookup_cell_rcu(net, name, namesz);
                rcu_read_unlock();
                if (!IS_ERR(cell)) {
                        if (excl) {
                                afs_put_cell(net, cell);
                                return ERR_PTR(-EEXIST);
                        }
                        goto wait_for_cell;
                }
        }

The problem is that when this code block is executed, the code block starting at line 211 makes no sense, as _excl_ can never be true.

I was wondering if the original intention was to null check _cell_ instead of checking _excl_. So I took a look into function afs_lookup_cell_rcu to see if _cell_ can be returned as a null pointer and at the same time the if condition at line 210 be true, but I couldn't see how that could be possible. It seems to me that when _ret_ is equal to zero, _cell_ cannot be null in afs_lookup_cell_rcu. But is case I'm wrong here and _cell_ could be null at line 210, then I think line 211 should be changed as follows:

diff --git a/fs/afs/cell.c b/fs/afs/cell.c
index 1858c91..a69a11f 100644
--- a/fs/afs/cell.c
+++ b/fs/afs/cell.c
@@ -208,7 +208,7 @@ struct afs_cell *afs_lookup_cell(struct afs_net *net,
                cell = afs_lookup_cell_rcu(net, name, namesz);
                rcu_read_unlock();
                if (!IS_ERR(cell)) {
-                       if (excl) {
+                       if (cell) {
                                afs_put_cell(net, cell);
                                return ERR_PTR(-EEXIST);
                        }

But I'm suspicious about it.

What do you think?

Thanks
--
Gustavo A. R. Silva

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ