check disk_lookup return value

2020-03-11 Thread Jasper Lievisse Adriaanse 
Hi,

Check return value of disk_lookup before dereference as it can
return NULL. These are Coverity CID 1452925, 1452951, 1452967.

Other functions using disk_lookup (or the re-defined versions like
wdlookup) check the return value already, including in the context
of hibernation (sdmmc_scsi_hibernate_io and wd_hibernate_io). Is there
something special about the instances below or was it merely oversight?


Index: dev/softraid.c
===
RCS file: /cvs/src/sys/dev/softraid.c,v
retrieving revision 1.399
diff -u -p -r1.399 softraid.c
--- dev/softraid.c  10 Mar 2020 08:41:19 -  1.399
+++ dev/softraid.c  11 Mar 2020 12:28:53 -
@@ -5068,6 +5068,8 @@ sr_hibernate_io(dev_t dev, daddr_t blkno
 */
if (op == HIB_INIT) {
dv = disk_lookup(&sd_cd, DISKUNIT(dev));
+   if (dv == NULL)
+   return (EIO);
sd = (struct sd_softc *)dv;
sc = (struct sr_softc *)dv->dv_parent->dv_parent;
 
Index: dev/ic/nvme.c
===
RCS file: /cvs/src/sys/dev/ic/nvme.c,v
retrieving revision 1.72
diff -u -p -r1.72 nvme.c
--- dev/ic/nvme.c   10 Mar 2020 14:49:20 -  1.72
+++ dev/ic/nvme.c   11 Mar 2020 12:28:53 -
@@ -1498,6 +1498,8 @@ nvme_hibernate_io(dev_t dev, daddr_t blk
 
/* find nvme softc */
disk = disk_lookup(&sd_cd, DISKUNIT(dev));
+   if (disk == NULL)
+   return (EIO);
scsibus = disk->dv_parent;
my->sc = (struct nvme_softc *)disk->dv_parent->dv_parent;
 
Index: dev/ic/ahci.c
===
RCS file: /cvs/src/sys/dev/ic/ahci.c,v
retrieving revision 1.34
diff -u -p -r1.34 ahci.c
--- dev/ic/ahci.c   8 Jul 2019 22:02:59 -   1.34
+++ dev/ic/ahci.c   11 Mar 2020 12:28:53 -
@@ -3265,6 +3265,8 @@ ahci_hibernate_io(dev_t dev, daddr_t blk
 
/* map dev to an ahci port */
disk = disk_lookup(&sd_cd, DISKUNIT(dev));
+   if (disk == NULL)
+   return (EIO);
scsibus = disk->dv_parent;
sc = (struct ahci_softc *)disk->dv_parent->dv_parent;
 
-- 
jasper

Re: check disk_lookup return value

2020-03-11 Thread Theo de Raadt 
Jasper Lievisse Adriaanse  wrote:

> Check return value of disk_lookup before dereference as it can
> return NULL. These are Coverity CID 1452925, 1452951, 1452967.

In what case... nfs diskless root?  But in that case, do we even
get here because rootdev/swapdev will be -1 won't they?

I don't see how it can fail.  I think coverity doesn't see the
full picture.

However, I think it is fine to follow the API and check for
an error which can't happen...