fix coverity defects with CID 147626-28 #5304
Conversation
|
@heary-cao, thanks for your PR! By analyzing the history of the files in this pull request, we identified @behlendorf, @grwilson and @ahrens to be potential reviewers. |
| zfs_putpage_commit_cb, pp); | ||
| if (zsb->z_log != NULL) | ||
| zfs_log_write(zsb->z_log, tx, TX_WRITE, zp, pgoff, pglen, 0, | ||
| zfs_putpage_commit_cb, pp); |
There was a problem hiding this comment.
This should never be a possible case in the existing code. Pages which are part of a snapshot should never be allowed to be dirtied, see commit 1e8db77. This check was added just in case somehow a page got dirtied. Now that pretty clearly can never happen or we would have NULL dereferenced here long ago and there are no issues like this open in the tracker. Given that I'd rather remove the NULL check around zil_commit() a few lines down.
This also has the advantage of bringing this code slightly closer inline with upstream at least in terms of intent and assumptions.
@tuxoko what are your thoughts on this.
There was a problem hiding this comment.
@behlendorf
Yes, I agree with you. I don't see why we need this.
There was a problem hiding this comment.
@behlendorf @tuxoko
thank your for review it.
| @@ -1701,8 +1701,7 @@ zfs_resume_fs(zfs_sb_t *zsb, const char *osname) | |||
| * Since we couldn't setup the sa framework, try to force | |||
| * unmount this file system. | |||
| */ | |||
| if (zsb->z_os) | |||
| (void) zfs_umount(zsb->z_sb); | |||
| (void) zfs_umount(zsb->z_sb); | |||
There was a problem hiding this comment.
Can you explain this change?
There was a problem hiding this comment.
The original fix here doesn't look quite right. Take a look at the stack from the original bug report. If zsb->z_os were NULL we should never have been able to make it to where the node finally crashed.
zfs_resume_fs
zfs_umount
zfs_sb_teardown
dmu_objset_pool <- PANIC
In zfs_sb_teardown several checks for zsb->z_os == NULL are made before it's used which should have prevented this. What exactly in this first check preventing that the other ones aren't?
There was a problem hiding this comment.
@behlendorf
The commit message says concurrent umount, so it's likely caused by race. Though I don't think the patch actually fix the race. Also, using zfs_umount here looks strange, I'm not sure how things would work in terms of VFS after this call.
There was a problem hiding this comment.
The fact that zsb->z_os can change outside a lock is definitely racy and problematic. Rather than needlessly change this let's leave it as is for now and I'll make a note in the Coverity analysis. @heary-cao go ahead and drop this hunk when you next refresh this patch.
There was a problem hiding this comment.
@behlendorf @tuxoko
ok,
thanks.
| @@ -68,7 +68,8 @@ uu_dprintf_create(const char *name, uu_dprintf_severity_t severity, | |||
| { | |||
| uu_dprintf_t *D; | |||
|
|
|||
| if (uu_check_name(name, UU_NAME_DOMAIN) == -1) { | |||
| if (name != NULL || | |||
| uu_check_name(name, UU_NAME_DOMAIN) == -1) { | |||
There was a problem hiding this comment.
What are you trying to do...
| @@ -131,7 +131,8 @@ zfs_ereport_start(nvlist_t **ereport_out, nvlist_t **detector_out, | |||
| * If we are doing a spa_tryimport() or in recovery mode, | |||
| * ignore errors. | |||
| */ | |||
| if (spa_load_state(spa) == SPA_LOAD_TRYIMPORT || | |||
| if (spa != NULL || | |||
| spa_load_state(spa) == SPA_LOAD_TRYIMPORT || | |||
There was a problem hiding this comment.
What are you trying to do....
There was a problem hiding this comment.
These are all defects identified by the Coverity static analysis tool. Specifically these are all cases where Coverity determined there's a NULL check latter in the function but it's pointless because by some call path we've already dereferenced the variable. So either the NULL check is pointless or it needs to be done sooner.
Type:Dereference before null check
There was a problem hiding this comment.
@behlendorf
If you look carefully, it doesn't fix null dereference...
There was a problem hiding this comment.
Right the fix itself is wrong here. It should be spa == NULL in the check so it returns immediately return when no spa is passed. Or better yet just drop think hunk completely. This is an internal function all callers know to always pass a spa. Period.
There was a problem hiding this comment.
This chunk isn't correct. Yes it prevents a NULL dereference in this block but the same thing can happen 5 lines down. Please drop think hunk from the patch and we'll address it if need be in a different PR.
| @@ -1701,8 +1701,7 @@ zfs_resume_fs(zfs_sb_t *zsb, const char *osname) | |||
| * Since we couldn't setup the sa framework, try to force | |||
| * unmount this file system. | |||
| */ | |||
| if (zsb->z_os) | |||
| (void) zfs_umount(zsb->z_sb); | |||
| (void) zfs_umount(zsb->z_sb); | |||
There was a problem hiding this comment.
Can you explain this change?
| zfs_putpage_commit_cb, pp); | ||
| if (zsb->z_log != NULL) | ||
| zfs_log_write(zsb->z_log, tx, TX_WRITE, zp, pgoff, pglen, 0, | ||
| zfs_putpage_commit_cb, pp); |
There was a problem hiding this comment.
@behlendorf
Yes, I agree with you. I don't see why we need this.
|
@behlendorf |
|
@tuxoko it's a useful tool as long as it's not used purely mechanically. Each change needs to be understood and you're right it shouldn't be used just to silence a warning but to make the code clearer. |
heary-cao
force-pushed
the
before_null_check
branch
2 times, most recently
from
e12cdcb to
18d865c
Compare
heary-cao
changed the title
heary-cao
force-pushed
the
before_null_check
branch
from
18d865c to
59b4b5c
Compare
| zfs_putpage_commit_cb, pp); | ||
| if (zsb->z_log != NULL) | ||
| zfs_log_write(zsb->z_log, tx, TX_WRITE, zp, pgoff, pglen, 0, | ||
| zfs_putpage_commit_cb, pp); |
There was a problem hiding this comment.
@behlendorf @tuxoko
thank your for review it.
| @@ -1701,8 +1701,7 @@ zfs_resume_fs(zfs_sb_t *zsb, const char *osname) | |||
| * Since we couldn't setup the sa framework, try to force | |||
| * unmount this file system. | |||
| */ | |||
| if (zsb->z_os) | |||
| (void) zfs_umount(zsb->z_sb); | |||
| (void) zfs_umount(zsb->z_sb); | |||
There was a problem hiding this comment.
@behlendorf @tuxoko
ok,
thanks.
| @@ -131,7 +131,8 @@ zfs_ereport_start(nvlist_t **ereport_out, nvlist_t **detector_out, | |||
| * If we are doing a spa_tryimport() or in recovery mode, | |||
| * ignore errors. | |||
| */ | |||
| if (spa_load_state(spa) == SPA_LOAD_TRYIMPORT || | |||
| if (spa != NULL || | |||
| spa_load_state(spa) == SPA_LOAD_TRYIMPORT || | |||
There was a problem hiding this comment.
This chunk isn't correct. Yes it prevents a NULL dereference in this block but the same thing can happen 5 lines down. Please drop think hunk from the patch and we'll address it if need be in a different PR.
| D->uud_name = strdup(name); | ||
| if (D->uud_name == NULL) { | ||
| uu_free(D); | ||
| return (NULL); |
There was a problem hiding this comment.
The intention of this function is clearly to allow name to be NULL. Rather than removing this code I'd recommend only running the uu_check_name() when name != NULL. I'd suggest moving to it's own PR too so we can merge the other parts of this PR.
There was a problem hiding this comment.
@behlendorf
thanks for your suggest
commit other PR:#5376
please review it.
thanks.
heary-cao
force-pushed
the
before_null_check
branch
from
59b4b5c to
18fdd8a
Compare
heary-cao
changed the title
heary-cao
force-pushed
the
before_null_check
branch
from
18fdd8a to
0935f03
Compare
issues: fix coverity defects coverity scan CID:147626, Type:Dereference before null check coverity scan CID:147628, Type:Dereference before null check Signed-off-by: cao.xuewen cao.xuewen@zte.com.cn
heary-cao
force-pushed
the
before_null_check
branch
from
0935f03 to
e8088a9
Compare
|
@tuxoko any remaining concerns with the trimmed down patch proposed. |
CID 147626: Type:Dereference before null check CID 147628: Type:Dereference before null check Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov Reviewed-by: Chunwei Chen <david.chen@osnexus.com> Signed-off-by: cao.xuewen <cao.xuewen@zte.com.cn> Closes openzfs#5304
issues:
fix coverity defects
coverity scan CID:147626, Type:Dereference before null check
coverity scan CID:147628, Type:Dereference before null check
Signed-off-by: cao.xuewen cao.xuewen@zte.com.cn