| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190305071242.GF13452@kadam>
Date: Tue, 5 Mar 2019 10:12:43 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: kbuild@...org, liaoweixiong <liaoweixiong@...winnertech.com>
Cc: kbuild-all@...org, Kees Cook <keescook@...omium.org>,
Anton Vorontsov <anton@...msg.org>,
Colin Cross <ccross@...roid.com>,
Tony Luck <tony.luck@...el.com>,
Jonathan Corbet <corbet@....net>,
Mauro Carvalho Chehab <mchehab+samsung@...nel.org>,
"David S. Miller" <davem@...emloft.net>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Nicolas Ferre <nicolas.ferre@...rochip.com>,
Arnd Bergmann <arnd@...db.de>, Rob Herring <robh@...nel.org>,
Randy Dunlap <rdunlap@...radead.org>,
linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
liaoweixiong <liaoweixiong@...winnertech.com>
Subject: Re: [PATCH v12 1/4] pstore/blk: new support logger for block devices
Hi liaoweixiong,
url: https://github.com/0day-ci/linux/commits/liaoweixiong/pstore-block-new-support-logger-for-block-devices/20190303-142003
base: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/pstore
smatch warnings:
fs/pstore/blkzone.c:180 blkz_zone_write() error: we previously assumed 'zone->buffer' could be null (see line 167)
# https://github.com/0day-ci/linux/commit/113727d0f1946ad094dbc6531d653a88c7a221bf
git remote add linux-review https://github.com/0day-ci/linux
git remote update linux-review
git checkout 113727d0f1946ad094dbc6531d653a88c7a221bf
vim +180 fs/pstore/blkzone.c
113727d0 liaoweixiong 2019-02-28 153
113727d0 liaoweixiong 2019-02-28 154 static int blkz_zone_write(struct blkz_zone *zone,
113727d0 liaoweixiong 2019-02-28 155 enum blkz_flush_mode flush_mode, const char *buf,
113727d0 liaoweixiong 2019-02-28 156 size_t len, unsigned long off)
113727d0 liaoweixiong 2019-02-28 157 {
113727d0 liaoweixiong 2019-02-28 158 struct blkz_info *info = blkz_cxt.bzinfo;
113727d0 liaoweixiong 2019-02-28 159 ssize_t wcnt;
113727d0 liaoweixiong 2019-02-28 160 ssize_t (*writeop)(const char *buf, size_t bytes, loff_t pos);
113727d0 liaoweixiong 2019-02-28 161 size_t wlen;
113727d0 liaoweixiong 2019-02-28 162
113727d0 liaoweixiong 2019-02-28 163 if (off > zone->buffer_size)
113727d0 liaoweixiong 2019-02-28 164 return -EINVAL;
113727d0 liaoweixiong 2019-02-28 165 wlen = min_t(size_t, len, zone->buffer_size - off);
113727d0 liaoweixiong 2019-02-28 166 if (flush_mode != FLUSH_META && flush_mode != FLUSH_NONE) {
113727d0 liaoweixiong 2019-02-28 @167 if (buf && zone->buffer)
^^^^^^^^^^^^
Check.
113727d0 liaoweixiong 2019-02-28 168 memcpy(zone->buffer->data + off, buf, wlen);
113727d0 liaoweixiong 2019-02-28 169 atomic_set(&zone->buffer->datalen, wlen + off);
113727d0 liaoweixiong 2019-02-28 170 }
113727d0 liaoweixiong 2019-02-28 171
113727d0 liaoweixiong 2019-02-28 172 writeop = is_on_panic() ? info->panic_write : info->write;
113727d0 liaoweixiong 2019-02-28 173 if (!writeop)
113727d0 liaoweixiong 2019-02-28 174 return -EINVAL;
113727d0 liaoweixiong 2019-02-28 175
113727d0 liaoweixiong 2019-02-28 176 switch (flush_mode) {
113727d0 liaoweixiong 2019-02-28 177 case FLUSH_NONE:
113727d0 liaoweixiong 2019-02-28 178 return 0;
113727d0 liaoweixiong 2019-02-28 179 case FLUSH_PART:
113727d0 liaoweixiong 2019-02-28 @180 wcnt = writeop((const char *)zone->buffer->data + off, wlen,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Unchecked.
113727d0 liaoweixiong 2019-02-28 181 zone->off + sizeof(*zone->buffer) + off);
^^^^^^^^^^^^
This is weird. I can't fetch for-next/pstore so I don't know what
type "buffer" is. It's vague. We also have ->buffer_size which seems
like a more expected way to describe the size.
113727d0 liaoweixiong 2019-02-28 182 if (wcnt != wlen)
113727d0 liaoweixiong 2019-02-28 183 goto set_dirty;
113727d0 liaoweixiong 2019-02-28 184 case FLUSH_META:
113727d0 liaoweixiong 2019-02-28 185 wlen = sizeof(struct blkz_buffer);
113727d0 liaoweixiong 2019-02-28 186 wcnt = writeop((const char *)zone->buffer, wlen, zone->off);
113727d0 liaoweixiong 2019-02-28 187 if (wcnt != wlen)
113727d0 liaoweixiong 2019-02-28 188 goto set_dirty;
113727d0 liaoweixiong 2019-02-28 189 break;
113727d0 liaoweixiong 2019-02-28 190 case FLUSH_ALL:
113727d0 liaoweixiong 2019-02-28 191 wlen = buffer_datalen(zone) + sizeof(*zone->buffer);
113727d0 liaoweixiong 2019-02-28 192 wcnt = writeop((const char *)zone->buffer, wlen, zone->off);
113727d0 liaoweixiong 2019-02-28 193 if (wcnt != wlen)
113727d0 liaoweixiong 2019-02-28 194 goto set_dirty;
113727d0 liaoweixiong 2019-02-28 195 break;
113727d0 liaoweixiong 2019-02-28 196 }
113727d0 liaoweixiong 2019-02-28 197
113727d0 liaoweixiong 2019-02-28 198 return 0;
113727d0 liaoweixiong 2019-02-28 199 set_dirty:
113727d0 liaoweixiong 2019-02-28 200 pr_err("write failed with %zd returned, set dirty\n", wcnt);
113727d0 liaoweixiong 2019-02-28 201 atomic_set(&zone->dirty, true);
113727d0 liaoweixiong 2019-02-28 202 return -EBUSY;
113727d0 liaoweixiong 2019-02-28 203 }
113727d0 liaoweixiong 2019-02-28 204
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
Powered by blists - more mailing lists