Re: bug report: libceph: follow redirect replies from osds

From: Ilya Dryomov
Date: Fri Aug 30 2019 - 10:23:31 EST

Next message: David Howells: "Re: [PATCH 10/11] selinux: Implement the watch_key security hook [ver #7]"
Previous message: Joerg Roedel: "Re: [PATCH v11 00/23] MT8183 IOMMU SUPPORT"
In reply to: Colin Ian King: "bug report: libceph: follow redirect replies from osds"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Aug 30, 2019 at 4:05 PM Colin Ian King <colin.king@xxxxxxxxxxxxx> wrote:
>
> Hi,
>
> Static analysis with Coverity has picked up an issue with commit:
>
> commit 205ee1187a671c3b067d7f1e974903b44036f270
> Author: Ilya Dryomov <ilya.dryomov@xxxxxxxxxxx>
> Date: Mon Jan 27 17:40:20 2014 +0200
>
> libceph: follow redirect replies from osds
>
> Specifically in function ceph_redirect_decode in net/ceph/osd_client.c:
>
> 3485
> 3486 len = ceph_decode_32(p);
>
> CID 17904: Unused value (UNUSED_VALUE)
>
> 3487 *p += len; /* skip osd_instructions */
> 3488
> 3489 /* skip the rest */
> 3490 *p = struct_end;
>
> The double write to *p looks wrong, I suspect the *p += len; should be
> just incrementing pointer p as in: p += len. Am I correct to assume
> this is the correct fix?

Hi Colin,

No, the double write to *p is correct. It skips over len bytes and
then skips to the end of the redirect reply. There is no bug here but
we could drop

len = ceph_decode_32(p);
*p += len; /* skip osd_instructions */

and skip to the end directly to make Coverity happier.

Thanks,

Ilya

Next message: David Howells: "Re: [PATCH 10/11] selinux: Implement the watch_key security hook [ver #7]"
Previous message: Joerg Roedel: "Re: [PATCH v11 00/23] MT8183 IOMMU SUPPORT"
In reply to: Colin Ian King: "bug report: libceph: follow redirect replies from osds"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]