fs/orangefs/super.c:583:18-25: ERROR: ORANGEFS_SB ( sb ) is NULL but dereferenced. (fwd)

[Julia Lawall]

Please check lines 527-529 and the goto, where it looks like tere is a
null pointer dereference.

julia

---------- Forwarded message ----------
Date: Fri, 26 Jan 2024 03:13:12 +0800
From: kernel test robot <lkp@xxxxxxxxx>
To: oe-kbuild@xxxxxxxxxxxxxxx
Cc: lkp@xxxxxxxxx, Julia Lawall <julia.lawall@xxxxxxxx>
Subject: fs/orangefs/super.c:583:18-25: ERROR: ORANGEFS_SB ( sb ) is NULL but
    dereferenced.

BCC: lkp@xxxxxxxxx
CC: oe-kbuild-all@xxxxxxxxxxxxxxx
CC: linux-kernel@xxxxxxxxxxxxxxx
TO: Chenyuan Mi <cymi20@xxxxxxxxxxxx>
CC: Mike Marshall <hubcap@xxxxxxxxxxxx>
CC: Xiyu Yang <xiyuyang19@xxxxxxxxxxxx>
CC: Xin Tan <tanxin.ctf@xxxxxxxxx>

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   6098d87eaf31f48153c984e2adadf14762520a87
commit: ac2c63757f4f413980d6c676dbe1ae2941b94afa orangefs: Fix sb refcount leak when allocate sb info failed.
date:   2 years, 3 months ago
:::::: branch date: 18 hours ago
:::::: commit date: 2 years, 3 months ago
config: arm-randconfig-r062-20240117 (https://download.01.org/0day-ci/archive/20240126/202401260328.WPmVVmk3-lkp@xxxxxxxxx/config)
compiler: clang version 18.0.0git (https://github.com/llvm/llvm-project 9bde5becb44ea071f5e1fa1f5d4071dc8788b18c)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@xxxxxxxxx>
| Reported-by: Julia Lawall <julia.lawall@xxxxxxxx>
| Closes: https://lore.kernel.org/r/202401260328.WPmVVmk3-lkp@xxxxxxxxx/

cocci warnings: (new ones prefixed by >>)
>> fs/orangefs/super.c:583:18-25: ERROR: ORANGEFS_SB ( sb ) is NULL but dereferenced.

vim +583 fs/orangefs/super.c

1182fca3bc0044 Mike Marshall      2015-07-17  472
8bb8aefd5afb54 Yi Liu             2015-11-24  473  struct dentry *orangefs_mount(struct file_system_type *fst,
1182fca3bc0044 Mike Marshall      2015-07-17  474  			   int flags,
1182fca3bc0044 Mike Marshall      2015-07-17  475  			   const char *devname,
1182fca3bc0044 Mike Marshall      2015-07-17  476  			   void *data)
1182fca3bc0044 Mike Marshall      2015-07-17  477  {
507874c08f633e Colin Ian King     2021-09-10  478  	int ret;
1182fca3bc0044 Mike Marshall      2015-07-17  479  	struct super_block *sb = ERR_PTR(-EINVAL);
8bb8aefd5afb54 Yi Liu             2015-11-24  480  	struct orangefs_kernel_op_s *new_op;
1be21f865aa5a9 Mike Marshall      2015-09-29  481  	struct dentry *d = ERR_PTR(-EINVAL);
1182fca3bc0044 Mike Marshall      2015-07-17  482
1182fca3bc0044 Mike Marshall      2015-07-17  483  	gossip_debug(GOSSIP_SUPER_DEBUG,
8bb8aefd5afb54 Yi Liu             2015-11-24  484  		     "orangefs_mount: called with devname %s\n",
1182fca3bc0044 Mike Marshall      2015-07-17  485  		     devname);
1182fca3bc0044 Mike Marshall      2015-07-17  486
1182fca3bc0044 Mike Marshall      2015-07-17  487  	if (!devname) {
1182fca3bc0044 Mike Marshall      2015-07-17  488  		gossip_err("ERROR: device name not specified.\n");
1182fca3bc0044 Mike Marshall      2015-07-17  489  		return ERR_PTR(-EINVAL);
1182fca3bc0044 Mike Marshall      2015-07-17  490  	}
1182fca3bc0044 Mike Marshall      2015-07-17  491
8bb8aefd5afb54 Yi Liu             2015-11-24  492  	new_op = op_alloc(ORANGEFS_VFS_OP_FS_MOUNT);
1182fca3bc0044 Mike Marshall      2015-07-17  493  	if (!new_op)
1182fca3bc0044 Mike Marshall      2015-07-17  494  		return ERR_PTR(-ENOMEM);
1182fca3bc0044 Mike Marshall      2015-07-17  495
8bb8aefd5afb54 Yi Liu             2015-11-24  496  	strncpy(new_op->upcall.req.fs_mount.orangefs_config_server,
1182fca3bc0044 Mike Marshall      2015-07-17  497  		devname,
6bdfb48dae8e1b Xiongfeng Wang     2018-01-08  498  		ORANGEFS_MAX_SERVER_ADDR_LEN - 1);
1182fca3bc0044 Mike Marshall      2015-07-17  499
1182fca3bc0044 Mike Marshall      2015-07-17  500  	gossip_debug(GOSSIP_SUPER_DEBUG,
8bb8aefd5afb54 Yi Liu             2015-11-24  501  		     "Attempting ORANGEFS Mount via host %s\n",
8bb8aefd5afb54 Yi Liu             2015-11-24  502  		     new_op->upcall.req.fs_mount.orangefs_config_server);
1182fca3bc0044 Mike Marshall      2015-07-17  503
8bb8aefd5afb54 Yi Liu             2015-11-24  504  	ret = service_operation(new_op, "orangefs_mount", 0);
1182fca3bc0044 Mike Marshall      2015-07-17  505  	gossip_debug(GOSSIP_SUPER_DEBUG,
8bb8aefd5afb54 Yi Liu             2015-11-24  506  		     "orangefs_mount: mount got return value of %d\n", ret);
1182fca3bc0044 Mike Marshall      2015-07-17  507  	if (ret)
1182fca3bc0044 Mike Marshall      2015-07-17  508  		goto free_op;
1182fca3bc0044 Mike Marshall      2015-07-17  509
8bb8aefd5afb54 Yi Liu             2015-11-24  510  	if (new_op->downcall.resp.fs_mount.fs_id == ORANGEFS_FS_ID_NULL) {
1182fca3bc0044 Mike Marshall      2015-07-17  511  		gossip_err("ERROR: Retrieved null fs_id\n");
1182fca3bc0044 Mike Marshall      2015-07-17  512  		ret = -EINVAL;
1182fca3bc0044 Mike Marshall      2015-07-17  513  		goto free_op;
1182fca3bc0044 Mike Marshall      2015-07-17  514  	}
1182fca3bc0044 Mike Marshall      2015-07-17  515
1be21f865aa5a9 Mike Marshall      2015-09-29  516  	sb = sget(fst, NULL, set_anon_super, flags, NULL);
1be21f865aa5a9 Mike Marshall      2015-09-29  517
1be21f865aa5a9 Mike Marshall      2015-09-29  518  	if (IS_ERR(sb)) {
1be21f865aa5a9 Mike Marshall      2015-09-29  519  		d = ERR_CAST(sb);
9d286b0d8207a7 Martin Brandenburg 2017-04-25  520  		orangefs_unmount(new_op->downcall.resp.fs_mount.id,
9d286b0d8207a7 Martin Brandenburg 2017-04-25  521  		    new_op->downcall.resp.fs_mount.fs_id, devname);
1182fca3bc0044 Mike Marshall      2015-07-17  522  		goto free_op;
1182fca3bc0044 Mike Marshall      2015-07-17  523  	}
1182fca3bc0044 Mike Marshall      2015-07-17  524
f2d34c738cbf21 Martin Brandenburg 2018-02-12  525  	/* alloc and init our private orangefs sb info */
f2d34c738cbf21 Martin Brandenburg 2018-02-12  526  	sb->s_fs_info = kzalloc(sizeof(struct orangefs_sb_info_s), GFP_KERNEL);
f2d34c738cbf21 Martin Brandenburg 2018-02-12  527  	if (!ORANGEFS_SB(sb)) {
f2d34c738cbf21 Martin Brandenburg 2018-02-12  528  		d = ERR_PTR(-ENOMEM);
ac2c63757f4f41 Chenyuan Mi        2021-09-07  529  		goto free_sb_and_op;
f2d34c738cbf21 Martin Brandenburg 2018-02-12  530  	}
f2d34c738cbf21 Martin Brandenburg 2018-02-12  531
8bb8aefd5afb54 Yi Liu             2015-11-24  532  	ret = orangefs_fill_sb(sb,
5c0dbbc64b25fd Al Viro            2015-10-08  533  	      &new_op->downcall.resp.fs_mount, data,
1751e8a6cb935e Linus Torvalds     2017-11-27  534  	      flags & SB_SILENT ? 1 : 0);
1be21f865aa5a9 Mike Marshall      2015-09-29  535
1be21f865aa5a9 Mike Marshall      2015-09-29  536  	if (ret) {
1be21f865aa5a9 Mike Marshall      2015-09-29  537  		d = ERR_PTR(ret);
1ec1688c5360e1 Martin Brandenburg 2017-04-14  538  		goto free_sb_and_op;
1be21f865aa5a9 Mike Marshall      2015-09-29  539  	}
1182fca3bc0044 Mike Marshall      2015-07-17  540
1182fca3bc0044 Mike Marshall      2015-07-17  541  	/*
1182fca3bc0044 Mike Marshall      2015-07-17  542  	 * on successful mount, store the devname and data
1182fca3bc0044 Mike Marshall      2015-07-17  543  	 * used
1182fca3bc0044 Mike Marshall      2015-07-17  544  	 */
8bb8aefd5afb54 Yi Liu             2015-11-24  545  	strncpy(ORANGEFS_SB(sb)->devname,
1182fca3bc0044 Mike Marshall      2015-07-17  546  		devname,
6bdfb48dae8e1b Xiongfeng Wang     2018-01-08  547  		ORANGEFS_MAX_SERVER_ADDR_LEN - 1);
1182fca3bc0044 Mike Marshall      2015-07-17  548
1182fca3bc0044 Mike Marshall      2015-07-17  549  	/* mount_pending must be cleared */
8bb8aefd5afb54 Yi Liu             2015-11-24  550  	ORANGEFS_SB(sb)->mount_pending = 0;
1182fca3bc0044 Mike Marshall      2015-07-17  551
1182fca3bc0044 Mike Marshall      2015-07-17  552  	/*
8bb8aefd5afb54 Yi Liu             2015-11-24  553  	 * finally, add this sb to our list of known orangefs
1182fca3bc0044 Mike Marshall      2015-07-17  554  	 * sb's
1182fca3bc0044 Mike Marshall      2015-07-17  555  	 */
45996492e5c85a Al Viro            2016-03-25  556  	gossip_debug(GOSSIP_SUPER_DEBUG,
45996492e5c85a Al Viro            2016-03-25  557  		     "Adding SB %p to orangefs superblocks\n",
45996492e5c85a Al Viro            2016-03-25  558  		     ORANGEFS_SB(sb));
45996492e5c85a Al Viro            2016-03-25  559  	spin_lock(&orangefs_superblocks_lock);
45996492e5c85a Al Viro            2016-03-25  560  	list_add_tail(&ORANGEFS_SB(sb)->list, &orangefs_superblocks);
45996492e5c85a Al Viro            2016-03-25  561  	spin_unlock(&orangefs_superblocks_lock);
1182fca3bc0044 Mike Marshall      2015-07-17  562  	op_release(new_op);
482664ddba81b3 Martin Brandenburg 2016-08-12  563
1ec1688c5360e1 Martin Brandenburg 2017-04-14  564  	/* Must be removed from the list now. */
1ec1688c5360e1 Martin Brandenburg 2017-04-14  565  	ORANGEFS_SB(sb)->no_list = 0;
1ec1688c5360e1 Martin Brandenburg 2017-04-14  566
f60fbdbf41c802 Mike Marshall      2016-10-03  567  	if (orangefs_userspace_version >= 20906) {
482664ddba81b3 Martin Brandenburg 2016-08-12  568  		new_op = op_alloc(ORANGEFS_VFS_OP_FEATURES);
482664ddba81b3 Martin Brandenburg 2016-08-12  569  		if (!new_op)
482664ddba81b3 Martin Brandenburg 2016-08-12  570  			return ERR_PTR(-ENOMEM);
482664ddba81b3 Martin Brandenburg 2016-08-12  571  		new_op->upcall.req.features.features = 0;
482664ddba81b3 Martin Brandenburg 2016-08-12  572  		ret = service_operation(new_op, "orangefs_features", 0);
482664ddba81b3 Martin Brandenburg 2016-08-12  573  		orangefs_features = new_op->downcall.resp.features.features;
482664ddba81b3 Martin Brandenburg 2016-08-12  574  		op_release(new_op);
482664ddba81b3 Martin Brandenburg 2016-08-12  575  	} else {
482664ddba81b3 Martin Brandenburg 2016-08-12  576  		orangefs_features = 0;
482664ddba81b3 Martin Brandenburg 2016-08-12  577  	}
482664ddba81b3 Martin Brandenburg 2016-08-12  578
1be21f865aa5a9 Mike Marshall      2015-09-29  579  	return dget(sb->s_root);
1182fca3bc0044 Mike Marshall      2015-07-17  580
1ec1688c5360e1 Martin Brandenburg 2017-04-14  581  free_sb_and_op:
1ec1688c5360e1 Martin Brandenburg 2017-04-14  582  	/* Will call orangefs_kill_sb with sb not in list. */
1ec1688c5360e1 Martin Brandenburg 2017-04-14 @583  	ORANGEFS_SB(sb)->no_list = 1;
9d286b0d8207a7 Martin Brandenburg 2017-04-25  584  	/* ORANGEFS_VFS_OP_FS_UMOUNT is done by orangefs_kill_sb. */
1ec1688c5360e1 Martin Brandenburg 2017-04-14  585  	deactivate_locked_super(sb);
1182fca3bc0044 Mike Marshall      2015-07-17  586  free_op:
8bb8aefd5afb54 Yi Liu             2015-11-24  587  	gossip_err("orangefs_mount: mount request failed with %d\n", ret);
1182fca3bc0044 Mike Marshall      2015-07-17  588  	if (ret == -EINVAL) {
8bb8aefd5afb54 Yi Liu             2015-11-24  589  		gossip_err("Ensure that all orangefs-servers have the same FS configuration files\n");
1182fca3bc0044 Mike Marshall      2015-07-17  590  		gossip_err("Look at pvfs2-client-core log file (typically /tmp/pvfs2-client.log) for more details\n");
1182fca3bc0044 Mike Marshall      2015-07-17  591  	}
1182fca3bc0044 Mike Marshall      2015-07-17  592
1182fca3bc0044 Mike Marshall      2015-07-17  593  	op_release(new_op);
1182fca3bc0044 Mike Marshall      2015-07-17  594
1be21f865aa5a9 Mike Marshall      2015-09-29  595  	return d;
1182fca3bc0044 Mike Marshall      2015-07-17  596  }
1182fca3bc0044 Mike Marshall      2015-07-17  597

:::::: The code at line 583 was first introduced by commit
:::::: 1ec1688c5360e14dde4094d6acbf7516bf6db37e orangefs: free superblock when mount fails

:::::: TO: Martin Brandenburg <martin@xxxxxxxxxxxx>
:::::: CC: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki