Re: [PATCH] drivers/block/drbd: add NULL test around call tocrypto_free_hash
From: Julia Lawall
Date: Mon Jan 31 2011 - 12:45:10 EST
On Mon, 31 Jan 2011, walter harms wrote:
>
>
> Am 31.01.2011 18:51, schrieb Julia Lawall:
> > crypto_free_hash calls the function crypto_hash_tfm and then
> > crypto_free_tfm on the result. crypto_free_tfm calls crypto_destroy_tfm,
> > which tests this result for NULL and then dereferences it. crypto_hash_tfm
> > returns &tfm->base where tfm is its argument. base is actually the first
> > and only field of a crypto_hash-typed structure, so perhaps one can rely on
> > it to return NULL for a NULL value of tfm. But most calls to
> > crypto_hash_tfm where the argument might be NULL don't rely on this
> > property and test for NULL explicitly.
> >
> > The semantic match that finds this problem is as follows:
> > (http://coccinelle.lip6.fr/)
> >
> > // <smpl>
> > @safe@
> > position p;
> > expression x;
> > @@
> >
> > if (x) { <+... crypto_free_hash@p(x) ...+> }
> >
> > @@
> > expression x;
> > position p!=safe.p;
> > @@
> >
> > *x = NULL
> > ...
> > *crypto_free_hash@p(x)
> > // </smpl>
> >
> > Signed-off-by: Julia Lawall <julia@xxxxxxx>
> >
> > ---
> > drivers/block/drbd/drbd_nl.c | 18 ++++++++++++------
> > drivers/block/drbd/drbd_receiver.c | 6 ++++--
> > 2 files changed, 16 insertions(+), 8 deletions(-)
> >
> > diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c
> > index 8cbfaa6..aa5fbc0 100644
> > --- a/drivers/block/drbd/drbd_nl.c
> > +++ b/drivers/block/drbd/drbd_nl.c
> > @@ -1482,13 +1482,16 @@ static int drbd_nl_net_conf(struct drbd_conf *mdev, struct drbd_nl_cfg_req *nlp,
> > mdev->ee_hash = new_ee_hash;
> > }
> >
> > - crypto_free_hash(mdev->cram_hmac_tfm);
> > + if (mdev->cram_hmac_tfm)
> > + crypto_free_hash(mdev->cram_hmac_tfm);
> > mdev->cram_hmac_tfm = tfm;
> >
> > - crypto_free_hash(mdev->integrity_w_tfm);
> > + if (mdev->integrity_w_tfm)
> > + crypto_free_hash(mdev->integrity_w_tfm);
> > mdev->integrity_w_tfm = integrity_w_tfm;
> >
> > - crypto_free_hash(mdev->integrity_r_tfm);
> > + if (mdev->integrity_r_tfm)
> > + crypto_free_hash(mdev->integrity_r_tfm);
> > mdev->integrity_r_tfm = integrity_r_tfm;
> >
> > kfree(mdev->int_dig_out);
> > @@ -1509,9 +1512,12 @@ fail:
> > kfree(int_dig_out);
> > kfree(int_dig_in);
> > kfree(int_dig_vv);
> > - crypto_free_hash(tfm);
> > - crypto_free_hash(integrity_w_tfm);
> > - crypto_free_hash(integrity_r_tfm);
> > + if (tfm)
> > + crypto_free_hash(tfm);
> > + if (integrity_w_tfm)
> > + crypto_free_hash(integrity_w_tfm);
> > + if (integrity_r_tfm)
> > + crypto_free_hash(integrity_r_tfm);
> > kfree(new_tl_hash);
> > kfree(new_ee_hash);
> > kfree(new_conf);
> > diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c
> > index 24487d4..3453cc3 100644
> > --- a/drivers/block/drbd/drbd_receiver.c
> > +++ b/drivers/block/drbd/drbd_receiver.c
> > @@ -2871,9 +2871,11 @@ static int receive_SyncParam(struct drbd_conf *mdev, enum drbd_packets cmd, unsi
> > disconnect:
> > /* just for completeness: actually not needed,
> > * as this is not reached if csums_tfm was ok. */
> > - crypto_free_hash(csums_tfm);
> > + if (csums_tfm)
> > + crypto_free_hash(csums_tfm);
> > /* but free the verify_tfm again, if csums_tfm did not work out */
> > - crypto_free_hash(verify_tfm);
> > + if (verify_tfm)
> > + crypto_free_hash(verify_tfm);
> > drbd_force_state(mdev, NS(conn, C_DISCONNECTING));
> > return FALSE;
> > }
> >
>
> it looks that it would be more sensibel to change crypto_free_hash() to handle
> NULL that would be more consistent with the free() family.
That was the other option...
julia
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/