Coverity: frwr_unmap_sync(): Null pointer dereferences

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello!

This is an experimental semi-automated report about issues detected by
Coverity from a scan of next-20210430 as part of the linux-next scan project:
https://scan.coverity.com/projects/linux-next-weekly-scan

You're getting this email because you were associated with the identified
lines of code (noted below) that were touched by commits:

  Mon Apr 26 09:27:06 2021 -0400
    9a301cafc861 ("xprtrdma: Move fr_linv_done field to struct rpcrdma_mr")

Coverity reported the following:

*** CID 1504556:  Null pointer dereferences  (FORWARD_NULL)
/net/sunrpc/xprtrdma/frwr_ops.c: 539 in frwr_unmap_sync()
533
534     	/* Strong send queue ordering guarantees that when the
535     	 * last WR in the chain completes, all WRs in the chain
536     	 * are complete.
537     	 */
538     	last->wr_cqe->done = frwr_wc_localinv_wake;
vvv     CID 1504556:  Null pointer dereferences  (FORWARD_NULL)
vvv     Passing null pointer "&mr->mr_linv_done" to "reinit_completion", which dereferences it.
539     	reinit_completion(&mr->mr_linv_done);
540
541     	/* Transport disconnect drains the receive CQ before it
542     	 * replaces the QP. The RPC reply handler won't call us
543     	 * unless re_id->qp is a valid pointer.
544     	 */

If this is a false positive, please let us know so we can mark it as
such, or teach the Coverity rules to be smarter. If not, please make
sure fixes get into linux-next. :) For patches fixing this, please
include these lines (but double-check the "Fixes" first):

Reported-by: coverity-bot <keescook+coverity-bot@xxxxxxxxxxxx>
Addresses-Coverity-ID: 1504556 ("Null pointer dereferences")
Fixes: 9a301cafc861 ("xprtrdma: Move fr_linv_done field to struct rpcrdma_mr")

Thanks for your attention!

-- 
Coverity-bot



[Index of Archives]     [Linux Kernel]     [Linux USB Development]     [Yosemite News]     [Linux SCSI]

  Powered by Linux