Fwd: New Defects reported by Coverity Scan for Linux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

FYI, this warning was introduced by 0723a0473fb4 ("btrfs: allow
mounting btrfs subvolumes with different ro/rw options").

It looks like "newargs" is eventually used in mount_fs(), so I think
this one is real.

---------- Forwarded message ----------
From:  <scan-admin@xxxxxxxxxxxx>
Date: Sat, Apr 12, 2014 at 1:24 AM
Subject: New Defects reported by Coverity Scan for Linux

...

** CID 1201425:  Use after free  (USE_AFTER_FREE)
/fs/btrfs/super.c: 1193 in mount_subvol()
/fs/btrfs/super.c: 1197 in mount_subvol()

...
________________________________________________________________________________________________________
*** CID 1201425:  Use after free  (USE_AFTER_FREE)
/fs/btrfs/super.c: 1193 in mount_subvol()
1187            mnt = vfs_kern_mount(&btrfs_fs_type, flags, device_name,
1188                                 newargs);
1189            kfree(newargs);
1190
1191            if (PTR_RET(mnt) == -EBUSY) {
1192                    if (flags & MS_RDONLY) {
>>>     CID 1201425:  Use after free  (USE_AFTER_FREE)
>>>     Passing freed pointer "newargs" as an argument to "vfs_kern_mount".
1193                            mnt = vfs_kern_mount(&btrfs_fs_type,
flags & ~MS_RDONLY, device_name,
1194                                                 newargs);
1195                    } else {
1196                            int r;
1197                            mnt = vfs_kern_mount(&btrfs_fs_type,
flags | MS_RDONLY, device_name,
1198                                                 newargs);
/fs/btrfs/super.c: 1197 in mount_subvol()
1191            if (PTR_RET(mnt) == -EBUSY) {
1192                    if (flags & MS_RDONLY) {
1193                            mnt = vfs_kern_mount(&btrfs_fs_type,
flags & ~MS_RDONLY, device_name,
1194                                                 newargs);
1195                    } else {
1196                            int r;
>>>     CID 1201425:  Use after free  (USE_AFTER_FREE)
>>>     Passing freed pointer "newargs" as an argument to "vfs_kern_mount".
1197                            mnt = vfs_kern_mount(&btrfs_fs_type,
flags | MS_RDONLY, device_name,
1198                                                 newargs);
1199                            if (IS_ERR(mnt))
1200                                    return ERR_CAST(mnt);
1201
1202                            r = btrfs_remount(mnt->mnt_sb, &flags, NULL);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
http://scan.coverity.com/projects/128?tab=Overview

To unsubscribe from the email notification for new defects,
http://scan5.coverity.com/cgi-bin/unsubscribe.py
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Filesystem Development]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux