Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp709596ybf; Fri, 28 Feb 2020 06:15:36 -0800 (PST) X-Google-Smtp-Source: APXvYqwnVcg5riDgR2knCyvb94pMyfNwXKOH0NIB+dIzUjUCCxQnck7i8iNnd1ubgn4iS4G66UOt X-Received: by 2002:aca:f354:: with SMTP id r81mr3163269oih.90.1582899336777; Fri, 28 Feb 2020 06:15:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582899336; cv=none; d=google.com; s=arc-20160816; b=P1Vtr3VUEpJewK42m36kHN1StNN0nDH0oxrCeNGWNXUWrXXWbkqzsc5pWYrstx92aH 3hweJZ3rTcZYql4mQiNPvZzjATFHQWGwDlItdvdkeXDt32+HgvGkmdOJ6KGmvl6fRcDD /HEPmhD3k08wwj685d4z/tfE7KvBRksFV79iRCiQz+bmb2gd28S2E3bhwFzdhhreSl0s u4Ly5mzJfL2ffOszF0dZDdMoKEJdwy/BQ0cC/FwJAT1HyWfU5d2BJhhv/F/7dWbH7upw NHp0DcNs3AXi2yRm9D9vz0kI7hcRS/VTVDrqniDAA39TEsOPpqNdxPJ+4qL9IhySucQi Q4fw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=1vX3IGGP77c2b/3UBHdZdGDWsxibLNsHOtAy3Rk4ea4=; b=f6eysgFzYdlqeWr4xZWrHPFXMIWkm04niuxBxDKyFtDOD6SCF4soNPjicDFjphcvBs VMiaw+SiOzxapSeg1Yv0g+6XUaAczwNXO43FlrsXvG48quFwfkm8BDUHEBxNS43GI/t7 aU5vfkzTBu+2x3+eq97ifdXi2f2ko22/xr5VrKnu80db1pyz2/Cbm8ikXW6NnQScUlQM k5Lzu8Q4OxMGhoi8hVTckatM6ZqkAn7QnE3KjznxtpahZTNQm3ubBPHviTpZ1CaQRfCL y7x9U9g/5QLB+oBT7P+oGqkrk+ZO8QrvxVStR2pMBZXxTtZX9Md6GuTjFj64Gd+kXiws Qc2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=eb5jF986; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c5si2284192ots.233.2020.02.28.06.15.24; Fri, 28 Feb 2020 06:15:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=eb5jF986; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726876AbgB1ONj (ORCPT + 99 others); Fri, 28 Feb 2020 09:13:39 -0500 Received: from mail-il1-f196.google.com ([209.85.166.196]:37310 "EHLO mail-il1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725796AbgB1ONj (ORCPT ); Fri, 28 Feb 2020 09:13:39 -0500 Received: by mail-il1-f196.google.com with SMTP id a6so2823810ilc.4; Fri, 28 Feb 2020 06:13:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1vX3IGGP77c2b/3UBHdZdGDWsxibLNsHOtAy3Rk4ea4=; b=eb5jF9862cw9ZNPWS2BvKJuITHtXepRuabw7mxV7xRO+8D+2SngMexFxgDTVD+V35t oHVN6Ce4xkmFc7ISDc7IMIBCBYRIIwmYsx3NSZqeTVvi9eYu4/zkw81aHP8+AOrfb4aT hDmO9chY/TibE2rw06l2pOvmQ5ncep1JWCow0G9ag2U53lTNDYvkL7CHv9726DMOz0GN N3J0GghJvjRzRlLex3aSibA70NvsVJo2uw0MCdVVqvR4mThQRMca2LtykoMtRYw1WPPN oPGV0iMjabGSrkTDOhgV/0kPT5qNaacw1iGqUPR6TgRk0rTBhiwCx8OYJJJG3pvgHSIe SgVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1vX3IGGP77c2b/3UBHdZdGDWsxibLNsHOtAy3Rk4ea4=; b=edR4c6MCdhMp2VjeEBa2bbC01g/CwLU0XHrH2OW3GlYwT5WLdrIegAN+ITOfbUD+iO LyfGP6ra7lP25bSQZn9g7FiJOAygDRAYyjZ6bWD+uq6wn/M76wijfumomlN+caLNz6iL Fa6s5CxXhYNpoK87WuZMHz1fbdytpkCPocvkxqpCP2clkNk6HAA8uIW5vNK9gbMFFe7+ Gxjn99cAATSmVFjr6YPFiqjKsEtd51y3V9kapT4xzrf8DOzqBuu6n3Dr4gXRUx0QQbjL PbfaXqTDVUkgJxWdSAz8AsdQ3Cw29Vcc8L4eQ8IS6zCEis2Aa4gWntxL5X3DmiZA3cmk KD4g== X-Gm-Message-State: APjAAAV+sXyUHvlAuoNBXY2cH+8D2f//3g7HqMwbKxAKJqagdttHtud+ NatzMV/H6uWOH7acQB1pbgRIm8nsj+mnwaIZIWo= X-Received: by 2002:a05:6e02:4c:: with SMTP id i12mr4248350ilr.112.1582899217185; Fri, 28 Feb 2020 06:13:37 -0800 (PST) MIME-Version: 1.0 References: <6ea7e486-a3f3-7def-1f88-2e645e3b9780@canonical.com> <6567c8fa690d9f9a0682ee22e528fcd5e3b51212.camel@kernel.org> In-Reply-To: <6567c8fa690d9f9a0682ee22e528fcd5e3b51212.camel@kernel.org> From: Ilya Dryomov Date: Fri, 28 Feb 2020 15:13:30 +0100 Message-ID: Subject: Re: libceph: follow redirect replies from osds To: Jeff Layton Cc: Colin Ian King , Sage Weil , Ceph Development , "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 28, 2020 at 3:01 PM Jeff Layton wrote: > > On Fri, 2020-02-28 at 12:46 +0000, Colin Ian King wrote: > > Hi, > > > > Static analysis with Coverity has detected a potential issue in the > > following commit in function ceph_redirect_decode(): > > > > commit 205ee1187a671c3b067d7f1e974903b44036f270 > > Author: Ilya Dryomov > > Date: Mon Jan 27 17:40:20 2014 +0200 > > > > libceph: follow redirect replies from osds > > > > The issue is as follows: > > > > > > 3486 len = ceph_decode_32(p); > > > > Unused value (UNUSED_VALUE) > > assigned_pointer: Assigning value from len to *p here, but that stored > > value is overwritten before it can be used. > > > > 3487 *p += len; /* skip osd_instructions */ > > 3488 > > 3489 /* skip the rest */ > > > > value_overwrite: Overwriting previous write to *p with value from > > struct_end. > > > > 3490 *p = struct_end; > > > > The *p assignment in line 3487 is effectively being overwritten by the > > *p assignment in 3490. Maybe the following is correct: > > > > len = ceph_decode_32(p); > > - p += len; /* skip osd_instructions */ > > + struct_end = *p + len; /* skip osd_instructions */ > > > > /* skip the rest */ > > *p = struct_end; > > > > I'm not familiar with the ceph structure here, so I'm not sure what the > > correct fix would be. > > > > Probably something like this? (untested, of course) > > ---------------------- > > [PATCH] libceph: fix up Coverity warning in ceph_redirect_decode > > We're going to skip to the end of the msg after checking the > object_name anyway, so there is no need to separately decode > the osd instructions that follow it. > > Reported-by: Colin Ian King > Signed-off-by: Jeff Layton > --- > net/ceph/osd_client.c | 3 --- > 1 file changed, 3 deletions(-) > > diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c > index 8ff2856e2d52..51810db4130a 100644 > --- a/net/ceph/osd_client.c > +++ b/net/ceph/osd_client.c > @@ -3483,9 +3483,6 @@ static int ceph_redirect_decode(void **p, void > *end, > goto e_inval; > } > > - len = ceph_decode_32(p); > - *p += len; /* skip osd_instructions */ > - > /* skip the rest */ > *p = struct_end; > out: Yeah, I have had the same patch in a local branch here since last year: https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2092861.html I'll make sure to push it out this time ;) Thanks, Ilya