lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Sun, 9 Aug 2020 07:29:05 +0800
From:   kernel test robot <lkp@...el.com>
To:     Olga Kornievskaia <kolga@...app.com>
Cc:     kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org,
        Andy Adamson <andros@...app.com>
Subject: fs/nfs/nfs4file.c:347 nfs42_ssc_open() error: potential null
 dereference 'ctx'. (alloc_nfs_open_context returns null)

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   06a81c1c7db9bd5de0bd38cd5acc44bb22b99150
commit: ec4b0925089826af45e99cdf78a8ac84c1d005f1 NFS: inter ssc open
date:   10 months ago
config: openrisc-randconfig-m031-20200809 (attached as .config)
compiler: or1k-linux-gcc (GCC) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>

smatch warnings:
fs/nfs/nfs4file.c:347 nfs42_ssc_open() error: potential null dereference 'ctx'.  (alloc_nfs_open_context returns null)

vim +/ctx +347 fs/nfs/nfs4file.c

   293	
   294	struct file *
   295	nfs42_ssc_open(struct vfsmount *ss_mnt, struct nfs_fh *src_fh,
   296			nfs4_stateid *stateid)
   297	{
   298		struct nfs_fattr fattr;
   299		struct file *filep, *res;
   300		struct nfs_server *server;
   301		struct inode *r_ino = NULL;
   302		struct nfs_open_context *ctx;
   303		struct nfs4_state_owner *sp;
   304		char *read_name;
   305		int len, status = 0;
   306	
   307		server = NFS_SERVER(ss_mnt->mnt_root->d_inode);
   308	
   309		nfs_fattr_init(&fattr);
   310	
   311		status = nfs4_proc_getattr(server, src_fh, &fattr, NULL, NULL);
   312		if (status < 0) {
   313			res = ERR_PTR(status);
   314			goto out;
   315		}
   316	
   317		res = ERR_PTR(-ENOMEM);
   318		len = strlen(SSC_READ_NAME_BODY) + 16;
   319		read_name = kzalloc(len, GFP_NOFS);
   320		if (read_name == NULL)
   321			goto out;
   322		snprintf(read_name, len, SSC_READ_NAME_BODY, read_name_gen++);
   323	
   324		r_ino = nfs_fhget(ss_mnt->mnt_root->d_inode->i_sb, src_fh, &fattr,
   325				NULL);
   326		if (IS_ERR(r_ino)) {
   327			res = ERR_CAST(r_ino);
   328			goto out;
   329		}
   330	
   331		filep = alloc_file_pseudo(r_ino, ss_mnt, read_name, FMODE_READ,
   332					     r_ino->i_fop);
   333		if (IS_ERR(filep)) {
   334			res = ERR_CAST(filep);
   335			goto out;
   336		}
   337		filep->f_mode |= FMODE_READ;
   338	
   339		ctx = alloc_nfs_open_context(filep->f_path.dentry, filep->f_mode,
   340						filep);
   341		if (IS_ERR(ctx)) {
   342			res = ERR_CAST(ctx);
   343			goto out_filep;
   344		}
   345	
   346		res = ERR_PTR(-EINVAL);
 > 347		sp = nfs4_get_state_owner(server, ctx->cred, GFP_KERNEL);
   348		if (sp == NULL)
   349			goto out_ctx;
   350	
   351		ctx->state = nfs4_get_open_state(r_ino, sp);
   352		if (ctx->state == NULL)
   353			goto out_stateowner;
   354	
   355		set_bit(NFS_OPEN_STATE, &ctx->state->flags);
   356		memcpy(&ctx->state->open_stateid.other, &stateid->other,
   357		       NFS4_STATEID_OTHER_SIZE);
   358		update_open_stateid(ctx->state, stateid, NULL, filep->f_mode);
   359	
   360		nfs_file_set_open_context(filep, ctx);
   361		put_nfs_open_context(ctx);
   362	
   363		file_ra_state_init(&filep->f_ra, filep->f_mapping->host->i_mapping);
   364		res = filep;
   365	out:
   366		return res;
   367	out_stateowner:
   368		nfs4_put_state_owner(sp);
   369	out_ctx:
   370		put_nfs_open_context(ctx);
   371	out_filep:
   372		fput(filep);
   373		goto out;
   374	}
   375	EXPORT_SYMBOL_GPL(nfs42_ssc_open);
   376	void nfs42_ssc_close(struct file *filep)
   377	{
   378		struct nfs_open_context *ctx = nfs_file_open_context(filep);
   379	
   380		ctx->state->flags = 0;
   381	}
   382	EXPORT_SYMBOL_GPL(nfs42_ssc_close);
   383	#endif /* CONFIG_NFS_V4_2 */
   384	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (25365 bytes)

Powered by blists - more mailing lists