[bug report] NFSv4: Fix free of uninitialized nfs4_label on referral lookup.

Linux-NFS Archive mirror
 help / color / mirror / Atom feed

From: Dan Carpenter <dan.carpenter@linaro.org>
To: bcodding@redhat.com
Cc: linux-nfs@vger.kernel.org
Subject: [bug report] NFSv4: Fix free of uninitialized nfs4_label on referral lookup.
Date: Mon, 15 Apr 2024 11:08:13 +0300	[thread overview]
Message-ID: <ae03a217-e643-4127-bb4a-4993ad6a9d00@moroto.mountain> (raw)

[ Why is Smatch only complaining now, 2 years later??? It is a mystery.
  -dan ]

Hello Benjamin Coddington,

Commit c3ed222745d9 ("NFSv4: Fix free of uninitialized nfs4_label on
referral lookup.") from May 14, 2022 (linux-next), leads to the
following Smatch static checker warning:

	fs/nfs/nfs4state.c:2138 nfs4_try_migration()
	warn: missing error code here? 'nfs_alloc_fattr()' failed. 'result' = '0'

fs/nfs/nfs4state.c
    2115 static int nfs4_try_migration(struct nfs_server *server, const struct cred *cred)
    2116 {
    2117         struct nfs_client *clp = server->nfs_client;
    2118         struct nfs4_fs_locations *locations = NULL;
    2119         struct inode *inode;
    2120         struct page *page;
    2121         int status, result;
    2122 
    2123         dprintk("--> %s: FSID %llx:%llx on \"%s\"\n", __func__,
    2124                         (unsigned long long)server->fsid.major,
    2125                         (unsigned long long)server->fsid.minor,
    2126                         clp->cl_hostname);
    2127 
    2128         result = 0;
                 ^^^^^^^^^^^

    2129         page = alloc_page(GFP_KERNEL);
    2130         locations = kmalloc(sizeof(struct nfs4_fs_locations), GFP_KERNEL);
    2131         if (page == NULL || locations == NULL) {
    2132                 dprintk("<-- %s: no memory\n", __func__);
    2133                 goto out;
                         ^^^^^^^^
Success.

    2134         }
    2135         locations->fattr = nfs_alloc_fattr();
    2136         if (locations->fattr == NULL) {
    2137                 dprintk("<-- %s: no memory\n", __func__);
--> 2138                 goto out;
                         ^^^^^^^^^
Here too.

    2139         }
    2140 
    2141         inode = d_inode(server->super->s_root);
    2142         result = nfs4_proc_get_locations(server, NFS_FH(inode), locations,
    2143                                          page, cred);
    2144         if (result) {
    2145                 dprintk("<-- %s: failed to retrieve fs_locations: %d\n",
    2146                         __func__, result);
    2147                 goto out;
    2148         }
    2149 
    2150         result = -NFS4ERR_NXIO;
    2151         if (!locations->nlocations)
    2152                 goto out;
    2153 
    2154         if (!(locations->fattr->valid & NFS_ATTR_FATTR_V4_LOCATIONS)) {
    2155                 dprintk("<-- %s: No fs_locations data, migration skipped\n",
    2156                         __func__);
    2157                 goto out;
    2158         }
    2159 
    2160         status = nfs4_begin_drain_session(clp);
    2161         if (status != 0) {
    2162                 result = status;
    2163                 goto out;
    2164         }
    2165 
    2166         status = nfs4_replace_transport(server, locations);
    2167         if (status != 0) {
    2168                 dprintk("<-- %s: failed to replace transport: %d\n",
    2169                         __func__, status);
    2170                 goto out;
    2171         }
    2172 
    2173         result = 0;
    2174         dprintk("<-- %s: migration succeeded\n", __func__);
    2175 
    2176 out:
    2177         if (page != NULL)
    2178                 __free_page(page);
    2179         if (locations != NULL)
    2180                 kfree(locations->fattr);
    2181         kfree(locations);
    2182         if (result) {
    2183                 pr_err("NFS: migration recovery failed (server %s)\n",
    2184                                 clp->cl_hostname);
    2185                 set_bit(NFS_MIG_FAILED, &server->mig_status);
    2186         }
    2187         return result;
    2188 }

regards,
dan carpenter

next             reply	other threads:[~2024-04-15  8:08 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-15  8:08 Dan Carpenter [this message]
2024-04-17 12:00 ` [bug report] NFSv4: Fix free of uninitialized nfs4_label on referral lookup Benjamin Coddington
2024-04-17 12:40   ` Dan Carpenter
2024-04-17 13:51     ` Benjamin Coddington
2024-04-17 15:08       ` Dan Carpenter
2024-04-17 18:30         ` Benjamin Coddington
2024-04-17 18:52           ` Dan Carpenter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ae03a217-e643-4127-bb4a-4993ad6a9d00@moroto.mountain \
    --to=dan.carpenter@linaro.org \
    --cc=bcodding@redhat.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).