Re: [PATCH 2/9] libiscsi: drop taskqueuelock

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2/3/21 4:19 AM, Dan Carpenter wrote:
> Hi Mike,
> 
> url:    https://github.com/0day-ci/linux/commits/Mike-Christie/iscsi-fixes-and-cleanups/20210203-122757
> base:   https://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git for-next
> config: i386-randconfig-m021-20210202 (attached as .config)
> compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
> 
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@xxxxxxxxx>
> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> 
> smatch warnings:
> drivers/scsi/libiscsi_tcp.c:586 iscsi_tcp_r2t_rsp() warn: variable dereferenced before check 'task->sc' (see line 547)
> 
> vim +586 drivers/scsi/libiscsi_tcp.c
> 
> f7dbf0662a0167 Mike Christie     2021-02-02  529  static int iscsi_tcp_r2t_rsp(struct iscsi_conn *conn, struct iscsi_hdr *hdr)
> a081c13e39b5c1 Mike Christie     2008-12-02  530  {
> a081c13e39b5c1 Mike Christie     2008-12-02  531  	struct iscsi_session *session = conn->session;
> f7dbf0662a0167 Mike Christie     2021-02-02  532  	struct iscsi_tcp_task *tcp_task;
> f7dbf0662a0167 Mike Christie     2021-02-02  533  	struct iscsi_tcp_conn *tcp_conn;
> f7dbf0662a0167 Mike Christie     2021-02-02  534  	struct iscsi_r2t_rsp *rhdr;
> a081c13e39b5c1 Mike Christie     2008-12-02  535  	struct iscsi_r2t_info *r2t;
> f7dbf0662a0167 Mike Christie     2021-02-02  536  	struct iscsi_task *task;
> 5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  537  	u32 data_length;
> 5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  538  	u32 data_offset;
> f7dbf0662a0167 Mike Christie     2021-02-02  539  	int r2tsn;
> a081c13e39b5c1 Mike Christie     2008-12-02  540  	int rc;
> a081c13e39b5c1 Mike Christie     2008-12-02  541  
> f7dbf0662a0167 Mike Christie     2021-02-02  542  	spin_lock(&session->back_lock);
> f7dbf0662a0167 Mike Christie     2021-02-02  543  	task = iscsi_itt_to_ctask(conn, hdr->itt);
> f7dbf0662a0167 Mike Christie     2021-02-02  544  	if (!task) {
> f7dbf0662a0167 Mike Christie     2021-02-02  545  		spin_unlock(&session->back_lock);
> f7dbf0662a0167 Mike Christie     2021-02-02  546  		return ISCSI_ERR_BAD_ITT;
> f7dbf0662a0167 Mike Christie     2021-02-02 @547  	} else if (task->sc->sc_data_direction != DMA_TO_DEVICE) {
>                                                                    ^^^^^^^^
> New unchecked dereference.

I see the issue. iscsi_itt_ctask checks task->sc and if NULL returns NULL.
However, below in this function there is now a not needed task->sc check.
The checker saw that and thinks the above line could be a invalid access.

I'll fix the patch by removing the old check since it's confusing code
that's also not needed since it's done for us now.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux