On Wed, Jun 15, 2016 at 8:44 PM, Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
> Hello Yan, Zheng,
>
> The patch 5dda377cf0a6: "ceph: set i_head_snapc when getting
> CEPH_CAP_FILE_WR reference" from Apr 30, 2015, leads to the following
> static checker warning:
>
> fs/ceph/snap.c:557 ceph_queue_cap_snap()
> error: potential NULL dereference 'old_snapc'.
>
> fs/ceph/snap.c
> 547 /* dirty page count moved from _head to this cap_snap;
> 548 all subsequent writes page dirties occur _after_ this
> 549 snapshot. */
> 550 capsnap->dirty_pages = ci->i_wrbuffer_ref_head;
> 551 ci->i_wrbuffer_ref_head = 0;
> 552 capsnap->context = old_snapc;
> 553 list_add_tail(&capsnap->ci_item, &ci->i_cap_snaps);
> 554 old_snapc = NULL;
> ^^^^^^^^^^^^^^^^^
> 555
> 556 if (used & CEPH_CAP_FILE_WR) {
> 557 dout("queue_cap_snap %p cap_snap %p snapc %p"
> 558 " seq %llu used WR, now pending\n", inode,
> 559 capsnap, old_snapc, old_snapc->seq);
> ^^^^^^^^^^^^^^
> This is a NULL deref.
>
> 560 capsnap->writing = 1;
> 561 } else {
> 562 /* note mtime, size NOW. */
> 563 __ceph_finish_cap_snap(ci, capsnap);
> 564 }
> 565 capsnap = NULL;
Fixed by https://github.com/ceph/ceph-client/commit/c17197fca778207cc24d434106b5b5b2f2a17c16
Thanks
Yan, Zheng
>
> regards,
> dan carpenter
> --
> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
