/home/wollman/openafs/src/afs/VNOPS/afs_vnop

Bug Summary

File:	afs/VNOPS/afs_vnop_link.c
Location:	line 139, column 6
Description:	Dereference of null pointer

Annotated Source Code

* This software has been released under the terms of the IBM Public

* License. For details, see the LICENSE file in the top-level source

* directory or online at http://www.openafs.org/dl/license10.html

* Implements:

* afs_link

#include <afsconfig.h>

#include "afs/param.h"

#include "afs/sysincludes.h" /* Standard vendor system headers */

#include "afsincludes.h" /* Afs-based standard headers */

#include "afs/afs_stats.h" /* statistics */

#include "afs/afs_cbqueue.h"

#include "afs/nfsclient.h"

#include "afs/afs_osidnlc.h"

extern afs_rwlock_t afs_xcbhash;

/* Note that we don't set CDirty here, this is OK because the link

* RPC is called synchronously. */

int

#if defined(AFS_SUN5_ENV) || defined(AFS_SGI_ENV)

afs_link(OSI_VC_DECL(adp)struct vcache *adp, struct vcache *avc, char *aname,

afs_ucred_t *acred)

#else

afs_link(struct vcache *avc, OSI_VC_DECL(adp)struct vcache *adp, char *aname,

afs_ucred_t *acred)

#endif

{

struct vrequest treq;

struct dcache *tdc;

afs_int32 code;

struct afs_conn *tc;

afs_size_t offset, len;

struct AFSFetchStatus OutFidStatus, OutDirStatus;

struct AFSVolSync tsync;

struct afs_fakestat_state vfakestate, dfakestate;

struct rx_connection *rxconn;

XSTATS_DECLSstruct afs_stats_opTimingData *opP = ((void *)0); osi_timeval_t
opStartTime = { 0, 0}, opStopTime, elapsedTime;

OSI_VC_CONVERT(adp);

AFS_STATCNT(afs_link)((afs_cmstats.callInfo.C_afs_link)++);

afs_Trace3(afs_iclSetp, CM_TRACE_LINK, ICL_TYPE_POINTER, adp,(((afs_iclSetp) && (afs_iclSetp->states & 2)) ?
afs_icl_Event3(afs_iclSetp, (701087827L), (1<<24)+((2)
<<18)+((2)<<12)+((4)<<6), (long)(adp), (long
)(avc), (long)(aname)) : 0)

ICL_TYPE_POINTER, avc, ICL_TYPE_STRING, aname)(((afs_iclSetp) && (afs_iclSetp->states & 2)) ?
afs_icl_Event3(afs_iclSetp, (701087827L), (1<<24)+((2)
<<18)+((2)<<12)+((4)<<6), (long)(adp), (long
)(avc), (long)(aname)) : 0);

/* create a hard link; new entry is aname in dir adp */

if ((code = afs_InitReq(&treq, acred)))

1	Taking false branch

goto done2;

afs_InitFakeStat(&vfakestate);

afs_InitFakeStat(&dfakestate);

AFS_DISCON_LOCK()do { ; if (!((&afs_discon_lock)->excl_locked & 2))
((&afs_discon_lock)->readers_reading)++; else Afs_Lock_Obtain
(&afs_discon_lock, 1); (&afs_discon_lock)->pid_last_reader
= (((__curthread())->td_proc)->p_pid ); } while (0);

code = afs_EvalFakeStat(&avc, &vfakestate, &treq);

if (code)

2	Taking false branch

goto done;

code = afs_EvalFakeStat(&adp, &dfakestate, &treq);

if (code)

3	Taking false branch

goto done;

if (avc->f.fid.Cell != adp->f.fid.Cell

4	Taking false branch

|| avc->f.fid.Fid.Volume != adp->f.fid.Fid.Volume) {

code = EXDEV18;

goto done;

}

if (strlen(aname) > AFSNAMEMAX256) {

5	Taking false branch

code = ENAMETOOLONG63;

goto done;

}

code = afs_VerifyVCache(adp, &treq)(((adp)->f.states & 0x00000001) ? 0 : afs_VerifyVCache2
((adp),&treq));

if (code)

6	Taking false branch

goto done;

/** If the volume is read-only, return error without making an RPC to the

* fileserver

if (adp->f.states & CRO0x00000004) {

7	Taking false branch

code = EROFS30;

goto done;

}

if (AFS_IS_DISCONNECTED(afs_is_disconnected)) {

8	Taking false branch

code = ENETDOWN50;

goto done;

}

tdc = afs_GetDCache(adp, (afs_size_t) 0, &treq, &offset, &len, 1); /* test for error below */

ObtainWriteLock(&adp->lock, 145)do { ; if (!(&adp->lock)->excl_locked && !(
&adp->lock)->readers_reading) (&adp->lock) ->
excl_locked = 2; else Afs_Lock_Obtain(&adp->lock, 2);
(&adp->lock)->pid_writer = (((__curthread())->td_proc
)->p_pid ); (&adp->lock)->src_indicator = 145; }
while (0);

100

do {

10	Loop condition is true. Execution continues on line 101

12	Loop condition is false. Exiting loop

101

tc = afs_Conn(&adp->f.fid, &treq, SHARED_LOCK4, &rxconn);

102

if (tc) {

9	Taking false branch

11	Taking true branch

103

XSTATS_START_TIME(AFS_STATS_FS_RPCIDX_LINK)opP = &(afs_stats_cmfullperf.rpc.fsRPCTimes[10]); microtime
(&opStartTime);;

104

RX_AFS_GUNLOCK()do { (void)0; _mtx_unlock_flags(((&afs_global_mtx)), (0),
"/home/wollman/openafs/src/afs/VNOPS/afs_vnop_link.c", 104);
} while (0);

105

code =

106

RXAFS_Link(rxconn, (struct AFSFid *)&adp->f.fid.Fid, aname,

107

(struct AFSFid *)&avc->f.fid.Fid, &OutFidStatus,

108

&OutDirStatus, &tsync);

109

RX_AFS_GLOCK()do { (void)0; _mtx_lock_flags(((&afs_global_mtx)), (0), "/home/wollman/openafs/src/afs/VNOPS/afs_vnop_link.c"
, 109); (void)0; } while (0);

110

XSTATS_END_TIMEmicrotime(&opStopTime); (opP->numOps)++; if (!code) { (
opP->numSuccesses)++; { if (opStopTime.tv_usec < opStartTime
.tv_usec) { opStopTime.tv_usec += 1000000; opStopTime.tv_sec -=
1; } elapsedTime.tv_sec = opStopTime.tv_sec - opStartTime.tv_sec
; elapsedTime.tv_usec = opStopTime.tv_usec - opStartTime.tv_usec
; }; { (opP->sumTime).tv_sec += elapsedTime.tv_sec; (opP->
sumTime).tv_usec += elapsedTime.tv_usec; if ((opP->sumTime
).tv_usec > 1000000) { (opP->sumTime).tv_usec -= 1000000
; (opP->sumTime).tv_sec++; } }; { if(elapsedTime.tv_sec >
0 ) { (opP->sqrTime).tv_sec += elapsedTime.tv_sec * elapsedTime
.tv_sec + 2 * elapsedTime.tv_sec * elapsedTime.tv_usec /1000000
; (opP->sqrTime).tv_usec += (2 * elapsedTime.tv_sec * elapsedTime
.tv_usec) % 1000000 + (elapsedTime.tv_usec / 1000)*(elapsedTime
.tv_usec / 1000) + 2 * (elapsedTime.tv_usec / 1000) * (elapsedTime
.tv_usec % 1000) / 1000 + (((elapsedTime.tv_usec % 1000) >
707) ? 1 : 0); } else { (opP->sqrTime).tv_usec += (elapsedTime
.tv_usec / 1000)*(elapsedTime.tv_usec / 1000) + 2 * (elapsedTime
.tv_usec / 1000) * (elapsedTime.tv_usec % 1000) / 1000 + (((elapsedTime
.tv_usec % 1000) > 707) ? 1 : 0); } if ((opP->sqrTime).
tv_usec > 1000000) { (opP->sqrTime).tv_usec -= 1000000;
(opP->sqrTime).tv_sec++; } }; if (((elapsedTime.tv_sec <
(opP->minTime).tv_sec) ? 1 : (elapsedTime.tv_sec > (opP
->minTime).tv_sec) ? 0 : (elapsedTime.tv_usec < (opP->
minTime).tv_usec) ? 1 : 0)) { { (opP->minTime).tv_sec = elapsedTime
.tv_sec; (opP->minTime).tv_usec = elapsedTime.tv_usec; }; }
if (((elapsedTime.tv_sec > (opP->maxTime).tv_sec) ? 1 :
(elapsedTime.tv_sec < (opP->maxTime).tv_sec) ? 0 : (elapsedTime
.tv_usec > (opP->maxTime).tv_usec) ? 1 : 0)) { { (opP->
maxTime).tv_sec = elapsedTime.tv_sec; (opP->maxTime).tv_usec
= elapsedTime.tv_usec; }; } };

111

112

} else

113

code = -1;

114

} while (afs_Analyze

115

(tc, rxconn, code, &adp->f.fid, &treq, AFS_STATS_FS_RPCIDX_LINK10,

116

SHARED_LOCK4, NULL((void *)0)));

117

118

if (code) {

13	Taking false branch

119

if (tdc)

120

afs_PutDCache(tdc);

121

if (code < 0) {

122

ObtainWriteLock(&afs_xcbhash, 492)do { ; if (!(&afs_xcbhash)->excl_locked && !(&
afs_xcbhash)->readers_reading) (&afs_xcbhash) -> excl_locked
= 2; else Afs_Lock_Obtain(&afs_xcbhash, 2); (&afs_xcbhash
)->pid_writer = (((__curthread())->td_proc)->p_pid )
; (&afs_xcbhash)->src_indicator = 492; } while (0);

123

afs_DequeueCallback(adp);

124

adp->f.states &= ~CStatd0x00000001;

125

ReleaseWriteLock(&afs_xcbhash)do { ; (&afs_xcbhash)->excl_locked &= ~2; if ((&
afs_xcbhash)->wait_states) Afs_Lock_ReleaseR(&afs_xcbhash
); (&afs_xcbhash)->pid_writer=0; } while (0);

126

osi_dnlc_purgedp(adp);

127

}

128

ReleaseWriteLock(&adp->lock)do { ; (&adp->lock)->excl_locked &= ~2; if ((&
adp->lock)->wait_states) Afs_Lock_ReleaseR(&adp->
lock); (&adp->lock)->pid_writer=0; } while (0);

129

goto done;

130

}

131

if (tdc)

14	Taking false branch

132

ObtainWriteLock(&tdc->lock, 635)do { ; if (!(&tdc->lock)->excl_locked && !(
&tdc->lock)->readers_reading) (&tdc->lock) ->
excl_locked = 2; else Afs_Lock_Obtain(&tdc->lock, 2);
(&tdc->lock)->pid_writer = (((__curthread())->td_proc
)->p_pid ); (&tdc->lock)->src_indicator = 635; }
while (0);

133

if (afs_LocalHero(adp, tdc, &OutDirStatus, 1)) {

15	Taking true branch

134

/* we can do it locally */

135

ObtainWriteLock(&afs_xdcache, 290)do { ; if (!(&afs_xdcache)->excl_locked && !(&
afs_xdcache)->readers_reading) (&afs_xdcache) -> excl_locked
= 2; else Afs_Lock_Obtain(&afs_xdcache, 2); (&afs_xdcache
)->pid_writer = (((__curthread())->td_proc)->p_pid )
; (&afs_xdcache)->src_indicator = 290; } while (0);

136

code = afs_dir_Create(tdc, aname, &avc->f.fid.Fid);

137

ReleaseWriteLock(&afs_xdcache)do { ; (&afs_xdcache)->excl_locked &= ~2; if ((&
afs_xdcache)->wait_states) Afs_Lock_ReleaseR(&afs_xdcache
); (&afs_xdcache)->pid_writer=0; } while (0);

138

if (code) {

16	Taking true branch

139

ZapDCE(tdc)do { (tdc)->f.fid.Fid.Unique = 0; afs_indexUnique[(tdc)->
index] = 0; (tdc)->dflags |= 0x02; } while(0); /* surprise error -- invalid value */

17	Within the expansion of the macro 'ZapDCE':

a	Dereference of null pointer

140

DZap(tdc);

141

}

142

}

143

if (tdc) {

144

ReleaseWriteLock(&tdc->lock)do { ; (&tdc->lock)->excl_locked &= ~2; if ((&
tdc->lock)->wait_states) Afs_Lock_ReleaseR(&tdc->
lock); (&tdc->lock)->pid_writer=0; } while (0);

145

afs_PutDCache(tdc); /* drop ref count */

146

}

147

ReleaseWriteLock(&adp->lock)do { ; (&adp->lock)->excl_locked &= ~2; if ((&
adp->lock)->wait_states) Afs_Lock_ReleaseR(&adp->
lock); (&adp->lock)->pid_writer=0; } while (0);

148

ObtainWriteLock(&avc->lock, 146)do { ; if (!(&avc->lock)->excl_locked && !(
&avc->lock)->readers_reading) (&avc->lock) ->
excl_locked = 2; else Afs_Lock_Obtain(&avc->lock, 2);
(&avc->lock)->pid_writer = (((__curthread())->td_proc
)->p_pid ); (&avc->lock)->src_indicator = 146; }
while (0); /* correct link count */

149

150

/* we could lock both dir and file; since we get the new fid

151

* status back, you'd think we could put it in the cache status

152

* entry at that point. Note that if we don't lock the file over

153

* the rpc call, we have no guarantee that the status info

154

* returned in ustat is the most recent to store in the file's

155

* cache entry */

156

157

ObtainWriteLock(&afs_xcbhash, 493)do { ; if (!(&afs_xcbhash)->excl_locked && !(&
afs_xcbhash)->readers_reading) (&afs_xcbhash) -> excl_locked
= 2; else Afs_Lock_Obtain(&afs_xcbhash, 2); (&afs_xcbhash
)->pid_writer = (((__curthread())->td_proc)->p_pid )
; (&afs_xcbhash)->src_indicator = 493; } while (0);

158

afs_DequeueCallback(avc);

159

avc->f.states &= ~CStatd0x00000001; /* don't really know new link count */

160

ReleaseWriteLock(&afs_xcbhash)do { ; (&afs_xcbhash)->excl_locked &= ~2; if ((&
afs_xcbhash)->wait_states) Afs_Lock_ReleaseR(&afs_xcbhash
); (&afs_xcbhash)->pid_writer=0; } while (0);

161

if (avc->f.fid.Fid.Vnode & 1 || (vType(avc)((avc)->v)->v_type == VDIR))

162

osi_dnlc_purgedp(avc);

163

ReleaseWriteLock(&avc->lock)do { ; (&avc->lock)->excl_locked &= ~2; if ((&
avc->lock)->wait_states) Afs_Lock_ReleaseR(&avc->
lock); (&avc->lock)->pid_writer=0; } while (0);

164

code = 0;

165

done:

166

code = afs_CheckCode(code, &treq, 24);

167

afs_PutFakeStat(&vfakestate);

168

afs_PutFakeStat(&dfakestate);

169

AFS_DISCON_UNLOCK()do { ; if (!(--((&afs_discon_lock)->readers_reading)) &&
(&afs_discon_lock)->wait_states) Afs_Lock_ReleaseW(&
afs_discon_lock) ; if ( (&afs_discon_lock)->pid_last_reader
== (((__curthread())->td_proc)->p_pid ) ) (&afs_discon_lock
)->pid_last_reader =0; } while (0);

170

done2:

171

return code;

172

}