tree: https://github.com/amir73il/linux fsnotify-fixes head: d25f3ce8da49ce1a3b0a0621f0bf7b1d6ba2dad6 commit: d25f3ce8da49ce1a3b0a0621f0bf7b1d6ba2dad6 [2/2] fsnotify: send FS_RENAME to groups watching the moved inode config: s390-randconfig-m031-20220508 (https://download.01.org/0day-ci/archive/20220508/202205080346.m0fb3UXK-lkp@intel.com/config) compiler: s390-linux-gcc (GCC) 11.3.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot Reported-by: Dan Carpenter smatch warnings: fs/notify/fsnotify.c:540 fsnotify() warn: variable dereferenced before check 'dir1' (see line 499) vim +/dir1 +540 fs/notify/fsnotify.c 40a100d3adc1ad Amir Goldstein 2020-07-22 475 int fsnotify(__u32 mask, const void *data, int data_type, struct inode *dir, 40a100d3adc1ad Amir Goldstein 2020-07-22 476 const struct qstr *file_name, struct inode *inode, u32 cookie) 90586523eb4b34 Eric Paris 2009-05-21 477 { b54cecf5e2293d Amir Goldstein 2020-06-07 478 const struct path *path = fsnotify_data_path(data, data_type); 29335033c574a1 Gabriel Krisman Bertazi 2021-10-25 479 struct super_block *sb = fsnotify_data_sb(data, data_type); 3427ce71554123 Miklos Szeredi 2017-10-30 480 struct fsnotify_iter_info iter_info = {}; 60f7ed8c7c4d06 Amir Goldstein 2018-09-01 481 struct mount *mnt = NULL; d25f3ce8da49ce Amir Goldstein 2022-05-07 482 struct inode *dir1, *dir2; e54183fa7047c1 Amir Goldstein 2021-11-29 483 struct dentry *moved; d25f3ce8da49ce Amir Goldstein 2022-05-07 484 int dir1_type = 0; 9385a84d7e1f65 Jan Kara 2016-11-10 485 int ret = 0; 71d734103edfa2 Mel Gorman 2020-07-08 486 __u32 test_mask, marks_mask; 90586523eb4b34 Eric Paris 2009-05-21 487 71d734103edfa2 Mel Gorman 2020-07-08 488 if (path) aa93bdc5500cc9 Amir Goldstein 2020-03-19 489 mnt = real_mount(path->mnt); 3a9fb89f4cd04c Eric Paris 2009-12-17 490 40a100d3adc1ad Amir Goldstein 2020-07-22 491 if (!inode) { 40a100d3adc1ad Amir Goldstein 2020-07-22 492 /* Dirent event - report on TYPE_INODE to dir */ 40a100d3adc1ad Amir Goldstein 2020-07-22 493 inode = dir; d25f3ce8da49ce Amir Goldstein 2022-05-07 494 } else if (mask & FS_RENAME) { d25f3ce8da49ce Amir Goldstein 2022-05-07 495 /* For FS_RENAME, dir1 is old_dir and dir2 is new_dir */ e54183fa7047c1 Amir Goldstein 2021-11-29 496 moved = fsnotify_data_dentry(data, data_type); d25f3ce8da49ce Amir Goldstein 2022-05-07 497 dir1 = moved->d_parent->d_inode; d25f3ce8da49ce Amir Goldstein 2022-05-07 498 dir2 = dir; d25f3ce8da49ce Amir Goldstein 2022-05-07 @499 if (dir1->i_fsnotify_marks || dir2->i_fsnotify_marks) ^^^^^^^^^^^^^^^^^^^^^^ Dereference d25f3ce8da49ce Amir Goldstein 2022-05-07 500 dir1_type = FSNOTIFY_ITER_TYPE_OLD_DIR; d25f3ce8da49ce Amir Goldstein 2022-05-07 501 /* d25f3ce8da49ce Amir Goldstein 2022-05-07 502 * Send FS_RENAME to groups watching the moved inode itself d25f3ce8da49ce Amir Goldstein 2022-05-07 503 * only if the moved inode is a non-dir. d25f3ce8da49ce Amir Goldstein 2022-05-07 504 * Sending FS_RENAME to a moved watched directory would be d25f3ce8da49ce Amir Goldstein 2022-05-07 505 * confusing and FS_MOVE_SELF provided enough information to d25f3ce8da49ce Amir Goldstein 2022-05-07 506 * track the movements of a watched directory. d25f3ce8da49ce Amir Goldstein 2022-05-07 507 */ d25f3ce8da49ce Amir Goldstein 2022-05-07 508 if (mask & FS_ISDIR) d25f3ce8da49ce Amir Goldstein 2022-05-07 509 inode = NULL; 40a100d3adc1ad Amir Goldstein 2020-07-22 510 } else if (mask & FS_EVENT_ON_CHILD) { 40a100d3adc1ad Amir Goldstein 2020-07-22 511 /* fecc4559780d52 Amir Goldstein 2020-12-02 512 * Event on child - report on TYPE_PARENT to dir if it is fecc4559780d52 Amir Goldstein 2020-12-02 513 * watching children and on TYPE_INODE to child. 40a100d3adc1ad Amir Goldstein 2020-07-22 514 */ d25f3ce8da49ce Amir Goldstein 2022-05-07 515 dir1 = dir; d25f3ce8da49ce Amir Goldstein 2022-05-07 516 dir2 = NULL; d25f3ce8da49ce Amir Goldstein 2022-05-07 517 if (dir1->i_fsnotify_marks) ^^^^^^^^^^^^^^^^^^^^^^ Dereference d25f3ce8da49ce Amir Goldstein 2022-05-07 518 dir1_type = FSNOTIFY_ITER_TYPE_PARENT; 40a100d3adc1ad Amir Goldstein 2020-07-22 519 } 497b0c5a7c0688 Amir Goldstein 2020-07-16 520 7c49b8616460eb Dave Hansen 2015-09-04 521 /* 7c49b8616460eb Dave Hansen 2015-09-04 522 * Optimization: srcu_read_lock() has a memory barrier which can 7c49b8616460eb Dave Hansen 2015-09-04 523 * be expensive. It protects walking the *_fsnotify_marks lists. 7c49b8616460eb Dave Hansen 2015-09-04 524 * However, if we do not walk the lists, we do not have to do 7c49b8616460eb Dave Hansen 2015-09-04 525 * SRCU because we have no references to any objects and do not 7c49b8616460eb Dave Hansen 2015-09-04 526 * need SRCU to keep them "alive". 7c49b8616460eb Dave Hansen 2015-09-04 527 */ 9b93f33105f5f9 Amir Goldstein 2020-07-16 528 if (!sb->s_fsnotify_marks && 497b0c5a7c0688 Amir Goldstein 2020-07-16 529 (!mnt || !mnt->mnt_fsnotify_marks) && 9b93f33105f5f9 Amir Goldstein 2020-07-16 530 (!inode || !inode->i_fsnotify_marks) && d25f3ce8da49ce Amir Goldstein 2022-05-07 531 !dir1_type) 7c49b8616460eb Dave Hansen 2015-09-04 532 return 0; 71d734103edfa2 Mel Gorman 2020-07-08 533 9b93f33105f5f9 Amir Goldstein 2020-07-16 534 marks_mask = sb->s_fsnotify_mask; 71d734103edfa2 Mel Gorman 2020-07-08 535 if (mnt) 71d734103edfa2 Mel Gorman 2020-07-08 536 marks_mask |= mnt->mnt_fsnotify_mask; 9b93f33105f5f9 Amir Goldstein 2020-07-16 537 if (inode) 9b93f33105f5f9 Amir Goldstein 2020-07-16 538 marks_mask |= inode->i_fsnotify_mask; d25f3ce8da49ce Amir Goldstein 2022-05-07 539 if (dir1_type) { d25f3ce8da49ce Amir Goldstein 2022-05-07 @540 if (dir1) If "dir1_type" is set then we have already dereferenced "dir1". I guess this unnecessary NULL check is something that probably wouldn't bother a human reader too much... d25f3ce8da49ce Amir Goldstein 2022-05-07 541 marks_mask |= dir1->i_fsnotify_mask; d25f3ce8da49ce Amir Goldstein 2022-05-07 542 if (dir2) d25f3ce8da49ce Amir Goldstein 2022-05-07 543 marks_mask |= dir2->i_fsnotify_mask; d25f3ce8da49ce Amir Goldstein 2022-05-07 544 } 497b0c5a7c0688 Amir Goldstein 2020-07-16 545 71d734103edfa2 Mel Gorman 2020-07-08 546 613a807fe7c793 Eric Paris 2010-07-28 547 /* 04e317ba72d079 Amir Goldstein 2022-02-23 548 * If this is a modify event we may need to clear some ignored masks. 04e317ba72d079 Amir Goldstein 2022-02-23 549 * In that case, the object with ignored masks will have the FS_MODIFY 04e317ba72d079 Amir Goldstein 2022-02-23 550 * event in its mask. 04e317ba72d079 Amir Goldstein 2022-02-23 551 * Otherwise, return if none of the marks care about this type of event. 613a807fe7c793 Eric Paris 2010-07-28 552 */ 71d734103edfa2 Mel Gorman 2020-07-08 553 test_mask = (mask & ALL_FSNOTIFY_EVENTS); 04e317ba72d079 Amir Goldstein 2022-02-23 554 if (!(test_mask & marks_mask)) 613a807fe7c793 Eric Paris 2010-07-28 555 return 0; 75c1be487a690d Eric Paris 2010-07-28 556 9385a84d7e1f65 Jan Kara 2016-11-10 557 iter_info.srcu_idx = srcu_read_lock(&fsnotify_mark_srcu); 75c1be487a690d Eric Paris 2010-07-28 558 1c9007d62bea6f Amir Goldstein 2021-11-29 559 iter_info.marks[FSNOTIFY_ITER_TYPE_SB] = 45a9fb3725d886 Amir Goldstein 2019-01-10 560 fsnotify_first_mark(&sb->s_fsnotify_marks); 9bdda4e9cf2dce Amir Goldstein 2018-09-01 561 if (mnt) { 1c9007d62bea6f Amir Goldstein 2021-11-29 562 iter_info.marks[FSNOTIFY_ITER_TYPE_VFSMOUNT] = 3427ce71554123 Miklos Szeredi 2017-10-30 563 fsnotify_first_mark(&mnt->mnt_fsnotify_marks); 7131485a93679f Eric Paris 2009-12-17 564 } 9b93f33105f5f9 Amir Goldstein 2020-07-16 565 if (inode) { 1c9007d62bea6f Amir Goldstein 2021-11-29 566 iter_info.marks[FSNOTIFY_ITER_TYPE_INODE] = 9b93f33105f5f9 Amir Goldstein 2020-07-16 567 fsnotify_first_mark(&inode->i_fsnotify_marks); 9b93f33105f5f9 Amir Goldstein 2020-07-16 568 } d25f3ce8da49ce Amir Goldstein 2022-05-07 569 if (dir1_type) { d25f3ce8da49ce Amir Goldstein 2022-05-07 570 if (dir1) d25f3ce8da49ce Amir Goldstein 2022-05-07 571 iter_info.marks[dir1_type] = d25f3ce8da49ce Amir Goldstein 2022-05-07 572 fsnotify_first_mark(&dir1->i_fsnotify_marks); d25f3ce8da49ce Amir Goldstein 2022-05-07 573 if (dir2) d25f3ce8da49ce Amir Goldstein 2022-05-07 574 iter_info.marks[FSNOTIFY_ITER_TYPE_NEW_DIR] = d25f3ce8da49ce Amir Goldstein 2022-05-07 575 fsnotify_first_mark(&dir2->i_fsnotify_marks); 497b0c5a7c0688 Amir Goldstein 2020-07-16 576 } 75c1be487a690d Eric Paris 2010-07-28 577 8edc6e1688fc8f Jan Kara 2014-11-13 578 /* 60f7ed8c7c4d06 Amir Goldstein 2018-09-01 579 * We need to merge inode/vfsmount/sb mark lists so that e.g. inode mark 60f7ed8c7c4d06 Amir Goldstein 2018-09-01 580 * ignore masks are properly reflected for mount/sb mark notifications. 8edc6e1688fc8f Jan Kara 2014-11-13 581 * That's why this traversal is so complicated... 8edc6e1688fc8f Jan Kara 2014-11-13 582 */ d9a6f30bb89309 Amir Goldstein 2018-04-20 583 while (fsnotify_iter_select_report_types(&iter_info)) { b54cecf5e2293d Amir Goldstein 2020-06-07 584 ret = send_to_group(mask, data, data_type, dir, file_name, b54cecf5e2293d Amir Goldstein 2020-06-07 585 cookie, &iter_info); 613a807fe7c793 Eric Paris 2010-07-28 586 ff8bcbd03da881 Eric Paris 2010-10-28 587 if (ret && (mask & ALL_FSNOTIFY_PERM_EVENTS)) ff8bcbd03da881 Eric Paris 2010-10-28 588 goto out; ff8bcbd03da881 Eric Paris 2010-10-28 589 d9a6f30bb89309 Amir Goldstein 2018-04-20 590 fsnotify_iter_next(&iter_info); 90586523eb4b34 Eric Paris 2009-05-21 591 } ff8bcbd03da881 Eric Paris 2010-10-28 592 ret = 0; ff8bcbd03da881 Eric Paris 2010-10-28 593 out: 9385a84d7e1f65 Jan Kara 2016-11-10 594 srcu_read_unlock(&fsnotify_mark_srcu, iter_info.srcu_idx); c4ec54b40d33f8 Eric Paris 2009-12-17 595 98b5c10d320adf Jean-Christophe Dubois 2010-03-23 596 return ret; 90586523eb4b34 Eric Paris 2009-05-21 597 } -- 0-DAY CI Kernel Test Service https://01.org/lkp