All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] cifs: fix potential double free during failed mount
@ 2022-05-31  3:01 Ronnie Sahlberg
  2022-05-31  4:06 ` Steve French
  0 siblings, 1 reply; 4+ messages in thread
From: Ronnie Sahlberg @ 2022-05-31  3:01 UTC (permalink / raw)
  To: linux-cifs; +Cc: Steve French

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799

Signed-off-by: Roberto Bergantinos <rbergant@redhat.com>
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
---
 fs/cifs/cifsfs.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index f539a39d47f5..12c872800326 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -838,7 +838,7 @@ cifs_smb3_do_mount(struct file_system_type *fs_type,
 	      int flags, struct smb3_fs_context *old_ctx)
 {
 	int rc;
-	struct super_block *sb;
+	struct super_block *sb = NULL;
 	struct cifs_sb_info *cifs_sb = NULL;
 	struct cifs_mnt_data mnt_data;
 	struct dentry *root;
@@ -934,9 +934,11 @@ cifs_smb3_do_mount(struct file_system_type *fs_type,
 	return root;
 out:
 	if (cifs_sb) {
-		kfree(cifs_sb->prepath);
-		smb3_cleanup_fs_context(cifs_sb->ctx);
-		kfree(cifs_sb);
+		if (!sb || IS_ERR(sb)) {  /* otherwise kill_sb will handle */
+			kfree(cifs_sb->prepath);
+			smb3_cleanup_fs_context(cifs_sb->ctx);
+			kfree(cifs_sb);
+		}
 	}
 	return root;
 }
-- 
2.35.3


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] cifs: fix potential double free during failed mount
  2022-05-31  3:01 [PATCH] cifs: fix potential double free during failed mount Ronnie Sahlberg
@ 2022-05-31  4:06 ` Steve French
  0 siblings, 0 replies; 4+ messages in thread
From: Steve French @ 2022-05-31  4:06 UTC (permalink / raw)
  To: Ronnie Sahlberg; +Cc: linux-cifs

added cc:stable and merged into cifs-2.6.git for-next

On Mon, May 30, 2022 at 10:01 PM Ronnie Sahlberg <lsahlber@redhat.com> wrote:
>
> RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799
>
> Signed-off-by: Roberto Bergantinos <rbergant@redhat.com>
> Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
> ---
>  fs/cifs/cifsfs.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
> index f539a39d47f5..12c872800326 100644
> --- a/fs/cifs/cifsfs.c
> +++ b/fs/cifs/cifsfs.c
> @@ -838,7 +838,7 @@ cifs_smb3_do_mount(struct file_system_type *fs_type,
>               int flags, struct smb3_fs_context *old_ctx)
>  {
>         int rc;
> -       struct super_block *sb;
> +       struct super_block *sb = NULL;
>         struct cifs_sb_info *cifs_sb = NULL;
>         struct cifs_mnt_data mnt_data;
>         struct dentry *root;
> @@ -934,9 +934,11 @@ cifs_smb3_do_mount(struct file_system_type *fs_type,
>         return root;
>  out:
>         if (cifs_sb) {
> -               kfree(cifs_sb->prepath);
> -               smb3_cleanup_fs_context(cifs_sb->ctx);
> -               kfree(cifs_sb);
> +               if (!sb || IS_ERR(sb)) {  /* otherwise kill_sb will handle */
> +                       kfree(cifs_sb->prepath);
> +                       smb3_cleanup_fs_context(cifs_sb->ctx);
> +                       kfree(cifs_sb);
> +               }
>         }
>         return root;
>  }
> --
> 2.35.3
>


-- 
Thanks,

Steve

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] cifs: fix potential double free during failed mount
  2022-05-31  3:01 [PATCH] cifs: fix potential double free during failed mount Ronnie Sahlberg
@ 2022-06-06 11:04 ` Dan Carpenter
  0 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2022-05-31 16:15 UTC (permalink / raw)
  To: kbuild

[-- Attachment #1: Type: text/plain, Size: 9101 bytes --]

CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
In-Reply-To: <20220531030117.403302-1-lsahlber@redhat.com>
References: <20220531030117.403302-1-lsahlber@redhat.com>
TO: Ronnie Sahlberg <lsahlber@redhat.com>

Hi Ronnie,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on cifs/for-next]
[also build test WARNING on v5.18 next-20220531]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/intel-lab-lkp/linux/commits/Ronnie-Sahlberg/cifs-fix-potential-double-free-during-failed-mount/20220531-110333
base:   git://git.samba.org/sfrench/cifs-2.6.git for-next
:::::: branch date: 13 hours ago
:::::: commit date: 13 hours ago
config: x86_64-randconfig-m001 (https://download.01.org/0day-ci/archive/20220601/202206010002.h5WsjBSv-lkp(a)intel.com/config)
compiler: gcc-11 (Debian 11.3.0-1) 11.3.0

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

smatch warnings:
fs/cifs/cifsfs.c:943 cifs_smb3_do_mount() warn: possible memory leak of 'cifs_sb'

vim +/cifs_sb +943 fs/cifs/cifsfs.c

ee01a14d9ddcf3 Al Viro         2011-06-17  835  
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  836  struct dentry *
c7c137b931b689 Steve French    2018-06-06  837  cifs_smb3_do_mount(struct file_system_type *fs_type,
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  838  	      int flags, struct smb3_fs_context *old_ctx)
^1da177e4c3f41 Linus Torvalds  2005-04-16  839  {
^1da177e4c3f41 Linus Torvalds  2005-04-16  840  	int rc;
cd7b7bbd4355bf Ronnie Sahlberg 2022-05-31  841  	struct super_block *sb = NULL;
d17abdf7566566 Ronnie Sahlberg 2020-11-10  842  	struct cifs_sb_info *cifs_sb = NULL;
25c7f41e9234f6 Pavel Shilovsky 2011-05-26  843  	struct cifs_mnt_data mnt_data;
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  844  	struct dentry *root;
^1da177e4c3f41 Linus Torvalds  2005-04-16  845  
8c1beb9801293b Steve French    2018-10-07  846  	/*
8c1beb9801293b Steve French    2018-10-07  847  	 * Prints in Kernel / CIFS log the attempted mount operation
8c1beb9801293b Steve French    2018-10-07  848  	 *	If CIFS_DEBUG && cifs_FYI
8c1beb9801293b Steve French    2018-10-07  849  	 */
f80eaedd6c5978 Rodrigo Freire  2018-10-07  850  	if (cifsFYI)
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  851  		cifs_dbg(FYI, "Devname: %s flags: %d\n", old_ctx->UNC, flags);
f80eaedd6c5978 Rodrigo Freire  2018-10-07  852  	else
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  853  		cifs_info("Attempting to mount %s\n", old_ctx->UNC);
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  854  
d17abdf7566566 Ronnie Sahlberg 2020-11-10  855  	cifs_sb = kzalloc(sizeof(struct cifs_sb_info), GFP_KERNEL);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  856  	if (cifs_sb == NULL) {
d17abdf7566566 Ronnie Sahlberg 2020-11-10  857  		root = ERR_PTR(-ENOMEM);
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  858  		goto out;
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  859  	}
^1da177e4c3f41 Linus Torvalds  2005-04-16  860  
d17abdf7566566 Ronnie Sahlberg 2020-11-10  861  	cifs_sb->ctx = kzalloc(sizeof(struct smb3_fs_context), GFP_KERNEL);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  862  	if (!cifs_sb->ctx) {
d17abdf7566566 Ronnie Sahlberg 2020-11-10  863  		root = ERR_PTR(-ENOMEM);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  864  		goto out;
d17abdf7566566 Ronnie Sahlberg 2020-11-10  865  	}
d17abdf7566566 Ronnie Sahlberg 2020-11-10  866  	rc = smb3_fs_context_dup(cifs_sb->ctx, old_ctx);
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  867  	if (rc) {
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  868  		root = ERR_PTR(rc);
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  869  		goto out;
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  870  	}
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  871  
5c1acf3fe05ce4 Paulo Alcantara 2021-05-03  872  	rc = cifs_setup_volume_info(cifs_sb->ctx, NULL, NULL);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  873  	if (rc) {
d17abdf7566566 Ronnie Sahlberg 2020-11-10  874  		root = ERR_PTR(rc);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  875  		goto out;
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  876  	}
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  877  
51acd208bd57c8 Ronnie Sahlberg 2020-12-14  878  	rc = cifs_setup_cifs_sb(cifs_sb);
4214ebf4654798 Sachin Prabhu   2016-07-29  879  	if (rc) {
4214ebf4654798 Sachin Prabhu   2016-07-29  880  		root = ERR_PTR(rc);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  881  		goto out;
a6b5058fafdf50 Aurelien Aptel  2016-05-25  882  	}
a6b5058fafdf50 Aurelien Aptel  2016-05-25  883  
d17abdf7566566 Ronnie Sahlberg 2020-11-10  884  	rc = cifs_mount(cifs_sb, cifs_sb->ctx);
97d1152acec064 Al Viro         2011-06-17  885  	if (rc) {
1751e8a6cb935e Linus Torvalds  2017-11-27  886  		if (!(flags & SB_SILENT))
f96637be081141 Joe Perches     2013-05-04  887  			cifs_dbg(VFS, "cifs_mount failed w/return code = %d\n",
f96637be081141 Joe Perches     2013-05-04  888  				 rc);
97d1152acec064 Al Viro         2011-06-17  889  		root = ERR_PTR(rc);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  890  		goto out;
97d1152acec064 Al Viro         2011-06-17  891  	}
97d1152acec064 Al Viro         2011-06-17  892  
d17abdf7566566 Ronnie Sahlberg 2020-11-10  893  	mnt_data.ctx = cifs_sb->ctx;
25c7f41e9234f6 Pavel Shilovsky 2011-05-26  894  	mnt_data.cifs_sb = cifs_sb;
25c7f41e9234f6 Pavel Shilovsky 2011-05-26  895  	mnt_data.flags = flags;
25c7f41e9234f6 Pavel Shilovsky 2011-05-26  896  
9249e17fe094d8 David Howells   2012-06-25  897  	/* BB should we make this contingent on mount parm? */
1751e8a6cb935e Linus Torvalds  2017-11-27  898  	flags |= SB_NODIRATIME | SB_NOATIME;
9249e17fe094d8 David Howells   2012-06-25  899  
9249e17fe094d8 David Howells   2012-06-25  900  	sb = sget(fs_type, cifs_match_super, cifs_set_super, flags, &mnt_data);
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  901  	if (IS_ERR(sb)) {
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  902  		root = ERR_CAST(sb);
97d1152acec064 Al Viro         2011-06-17  903  		cifs_umount(cifs_sb);
6cf5abbfa8c8a2 Ronnie Sahlberg 2020-12-16  904  		cifs_sb = NULL;
d757d71bfc3066 Al Viro         2011-06-17  905  		goto out;
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  906  	}
^1da177e4c3f41 Linus Torvalds  2005-04-16  907  
ee01a14d9ddcf3 Al Viro         2011-06-17  908  	if (sb->s_root) {
f96637be081141 Joe Perches     2013-05-04  909  		cifs_dbg(FYI, "Use existing superblock\n");
97d1152acec064 Al Viro         2011-06-17  910  		cifs_umount(cifs_sb);
6cf5abbfa8c8a2 Ronnie Sahlberg 2020-12-16  911  		cifs_sb = NULL;
5c4f1ad7c6aa3b Al Viro         2011-06-17  912  	} else {
97d1152acec064 Al Viro         2011-06-17  913  		rc = cifs_read_super(sb);
^1da177e4c3f41 Linus Torvalds  2005-04-16  914  		if (rc) {
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  915  			root = ERR_PTR(rc);
641a58d66d0863 Pavel Shilovsky 2011-05-26  916  			goto out_super;
^1da177e4c3f41 Linus Torvalds  2005-04-16  917  		}
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  918  
1751e8a6cb935e Linus Torvalds  2017-11-27  919  		sb->s_flags |= SB_ACTIVE;
5c4f1ad7c6aa3b Al Viro         2011-06-17  920  	}
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  921  
6cf5abbfa8c8a2 Ronnie Sahlberg 2020-12-16  922  	root = cifs_get_root(cifs_sb ? cifs_sb->ctx : old_ctx, sb);
9403c9c598e91d Al Viro         2011-06-17  923  	if (IS_ERR(root))
f87d39d951329c Steve French    2011-05-27  924  		goto out_super;
25c7f41e9234f6 Pavel Shilovsky 2011-05-26  925  
269f67e1ffead6 Ronnie Sahlberg 2021-03-09  926  	if (cifs_sb)
269f67e1ffead6 Ronnie Sahlberg 2021-03-09  927  		cifs_sb->root = dget(root);
269f67e1ffead6 Ronnie Sahlberg 2021-03-09  928  
f96637be081141 Joe Perches     2013-05-04  929  	cifs_dbg(FYI, "dentry root is: %p\n", root);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  930  	return root;
25c7f41e9234f6 Pavel Shilovsky 2011-05-26  931  
641a58d66d0863 Pavel Shilovsky 2011-05-26  932  out_super:
641a58d66d0863 Pavel Shilovsky 2011-05-26  933  	deactivate_locked_super(sb);
3d6cc9898efdfb Ronnie Sahlberg 2022-02-11  934  	return root;
641a58d66d0863 Pavel Shilovsky 2011-05-26  935  out:
d17abdf7566566 Ronnie Sahlberg 2020-11-10  936  	if (cifs_sb) {
cd7b7bbd4355bf Ronnie Sahlberg 2022-05-31  937  		if (!sb || IS_ERR(sb)) {  /* otherwise kill_sb will handle */
4214ebf4654798 Sachin Prabhu   2016-07-29  938  			kfree(cifs_sb->prepath);
c741cba2cd1d14 Ronnie Sahlberg 2020-12-14  939  			smb3_cleanup_fs_context(cifs_sb->ctx);
5c4f1ad7c6aa3b Al Viro         2011-06-17  940  			kfree(cifs_sb);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  941  		}
cd7b7bbd4355bf Ronnie Sahlberg 2022-05-31  942  	}
d17abdf7566566 Ronnie Sahlberg 2020-11-10 @943  	return root;
^1da177e4c3f41 Linus Torvalds  2005-04-16  944  }
^1da177e4c3f41 Linus Torvalds  2005-04-16  945  

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] cifs: fix potential double free during failed mount
@ 2022-06-06 11:04 ` Dan Carpenter
  0 siblings, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2022-06-06 11:04 UTC (permalink / raw)
  To: kbuild-all

[-- Attachment #1: Type: text/plain, Size: 8536 bytes --]

Hi Ronnie,

url:    https://github.com/intel-lab-lkp/linux/commits/Ronnie-Sahlberg/cifs-fix-potential-double-free-during-failed-mount/20220531-110333
base:   git://git.samba.org/sfrench/cifs-2.6.git for-next
config: x86_64-randconfig-m001 (https://download.01.org/0day-ci/archive/20220601/202206010002.h5WsjBSv-lkp(a)intel.com/config)
compiler: gcc-11 (Debian 11.3.0-1) 11.3.0

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

smatch warnings:
fs/cifs/cifsfs.c:943 cifs_smb3_do_mount() warn: possible memory leak of 'cifs_sb'

vim +/cifs_sb +943 fs/cifs/cifsfs.c

24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  836  struct dentry *
c7c137b931b689 Steve French    2018-06-06  837  cifs_smb3_do_mount(struct file_system_type *fs_type,
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  838  	      int flags, struct smb3_fs_context *old_ctx)
^1da177e4c3f41 Linus Torvalds  2005-04-16  839  {
^1da177e4c3f41 Linus Torvalds  2005-04-16  840  	int rc;
cd7b7bbd4355bf Ronnie Sahlberg 2022-05-31  841  	struct super_block *sb = NULL;
d17abdf7566566 Ronnie Sahlberg 2020-11-10  842  	struct cifs_sb_info *cifs_sb = NULL;
25c7f41e9234f6 Pavel Shilovsky 2011-05-26  843  	struct cifs_mnt_data mnt_data;
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  844  	struct dentry *root;
^1da177e4c3f41 Linus Torvalds  2005-04-16  845  
8c1beb9801293b Steve French    2018-10-07  846  	/*
8c1beb9801293b Steve French    2018-10-07  847  	 * Prints in Kernel / CIFS log the attempted mount operation
8c1beb9801293b Steve French    2018-10-07  848  	 *	If CIFS_DEBUG && cifs_FYI
8c1beb9801293b Steve French    2018-10-07  849  	 */
f80eaedd6c5978 Rodrigo Freire  2018-10-07  850  	if (cifsFYI)
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  851  		cifs_dbg(FYI, "Devname: %s flags: %d\n", old_ctx->UNC, flags);
f80eaedd6c5978 Rodrigo Freire  2018-10-07  852  	else
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  853  		cifs_info("Attempting to mount %s\n", old_ctx->UNC);
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  854  
d17abdf7566566 Ronnie Sahlberg 2020-11-10  855  	cifs_sb = kzalloc(sizeof(struct cifs_sb_info), GFP_KERNEL);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  856  	if (cifs_sb == NULL) {
d17abdf7566566 Ronnie Sahlberg 2020-11-10  857  		root = ERR_PTR(-ENOMEM);
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  858  		goto out;
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  859  	}
^1da177e4c3f41 Linus Torvalds  2005-04-16  860  
d17abdf7566566 Ronnie Sahlberg 2020-11-10  861  	cifs_sb->ctx = kzalloc(sizeof(struct smb3_fs_context), GFP_KERNEL);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  862  	if (!cifs_sb->ctx) {
d17abdf7566566 Ronnie Sahlberg 2020-11-10  863  		root = ERR_PTR(-ENOMEM);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  864  		goto out;
d17abdf7566566 Ronnie Sahlberg 2020-11-10  865  	}
d17abdf7566566 Ronnie Sahlberg 2020-11-10  866  	rc = smb3_fs_context_dup(cifs_sb->ctx, old_ctx);
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  867  	if (rc) {
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  868  		root = ERR_PTR(rc);
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  869  		goto out;
24e0a1eff9e2b9 Ronnie Sahlberg 2020-12-10  870  	}
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  871  
5c1acf3fe05ce4 Paulo Alcantara 2021-05-03  872  	rc = cifs_setup_volume_info(cifs_sb->ctx, NULL, NULL);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  873  	if (rc) {
d17abdf7566566 Ronnie Sahlberg 2020-11-10  874  		root = ERR_PTR(rc);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  875  		goto out;
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  876  	}
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  877  
51acd208bd57c8 Ronnie Sahlberg 2020-12-14  878  	rc = cifs_setup_cifs_sb(cifs_sb);
4214ebf4654798 Sachin Prabhu   2016-07-29  879  	if (rc) {
4214ebf4654798 Sachin Prabhu   2016-07-29  880  		root = ERR_PTR(rc);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  881  		goto out;
a6b5058fafdf50 Aurelien Aptel  2016-05-25  882  	}
a6b5058fafdf50 Aurelien Aptel  2016-05-25  883  
d17abdf7566566 Ronnie Sahlberg 2020-11-10  884  	rc = cifs_mount(cifs_sb, cifs_sb->ctx);
97d1152acec064 Al Viro         2011-06-17  885  	if (rc) {
1751e8a6cb935e Linus Torvalds  2017-11-27  886  		if (!(flags & SB_SILENT))
f96637be081141 Joe Perches     2013-05-04  887  			cifs_dbg(VFS, "cifs_mount failed w/return code = %d\n",
f96637be081141 Joe Perches     2013-05-04  888  				 rc);
97d1152acec064 Al Viro         2011-06-17  889  		root = ERR_PTR(rc);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  890  		goto out;
97d1152acec064 Al Viro         2011-06-17  891  	}
97d1152acec064 Al Viro         2011-06-17  892  
d17abdf7566566 Ronnie Sahlberg 2020-11-10  893  	mnt_data.ctx = cifs_sb->ctx;
25c7f41e9234f6 Pavel Shilovsky 2011-05-26  894  	mnt_data.cifs_sb = cifs_sb;
25c7f41e9234f6 Pavel Shilovsky 2011-05-26  895  	mnt_data.flags = flags;
25c7f41e9234f6 Pavel Shilovsky 2011-05-26  896  
9249e17fe094d8 David Howells   2012-06-25  897  	/* BB should we make this contingent on mount parm? */
1751e8a6cb935e Linus Torvalds  2017-11-27  898  	flags |= SB_NODIRATIME | SB_NOATIME;
9249e17fe094d8 David Howells   2012-06-25  899  
9249e17fe094d8 David Howells   2012-06-25  900  	sb = sget(fs_type, cifs_match_super, cifs_set_super, flags, &mnt_data);
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  901  	if (IS_ERR(sb)) {
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  902  		root = ERR_CAST(sb);
97d1152acec064 Al Viro         2011-06-17  903  		cifs_umount(cifs_sb);
6cf5abbfa8c8a2 Ronnie Sahlberg 2020-12-16  904  		cifs_sb = NULL;
d757d71bfc3066 Al Viro         2011-06-17  905  		goto out;
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  906  	}
^1da177e4c3f41 Linus Torvalds  2005-04-16  907  
ee01a14d9ddcf3 Al Viro         2011-06-17  908  	if (sb->s_root) {
f96637be081141 Joe Perches     2013-05-04  909  		cifs_dbg(FYI, "Use existing superblock\n");
97d1152acec064 Al Viro         2011-06-17  910  		cifs_umount(cifs_sb);
6cf5abbfa8c8a2 Ronnie Sahlberg 2020-12-16  911  		cifs_sb = NULL;
5c4f1ad7c6aa3b Al Viro         2011-06-17  912  	} else {
97d1152acec064 Al Viro         2011-06-17  913  		rc = cifs_read_super(sb);
^1da177e4c3f41 Linus Torvalds  2005-04-16  914  		if (rc) {
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  915  			root = ERR_PTR(rc);
641a58d66d0863 Pavel Shilovsky 2011-05-26  916  			goto out_super;
^1da177e4c3f41 Linus Torvalds  2005-04-16  917  		}
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  918  
1751e8a6cb935e Linus Torvalds  2017-11-27  919  		sb->s_flags |= SB_ACTIVE;
5c4f1ad7c6aa3b Al Viro         2011-06-17  920  	}
724d9f1cfba0cb Pavel Shilovsky 2011-05-05  921  
6cf5abbfa8c8a2 Ronnie Sahlberg 2020-12-16  922  	root = cifs_get_root(cifs_sb ? cifs_sb->ctx : old_ctx, sb);
9403c9c598e91d Al Viro         2011-06-17  923  	if (IS_ERR(root))
f87d39d951329c Steve French    2011-05-27  924  		goto out_super;
25c7f41e9234f6 Pavel Shilovsky 2011-05-26  925  
269f67e1ffead6 Ronnie Sahlberg 2021-03-09  926  	if (cifs_sb)
269f67e1ffead6 Ronnie Sahlberg 2021-03-09  927  		cifs_sb->root = dget(root);
269f67e1ffead6 Ronnie Sahlberg 2021-03-09  928  
f96637be081141 Joe Perches     2013-05-04  929  	cifs_dbg(FYI, "dentry root is: %p\n", root);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  930  	return root;
25c7f41e9234f6 Pavel Shilovsky 2011-05-26  931  
641a58d66d0863 Pavel Shilovsky 2011-05-26  932  out_super:
641a58d66d0863 Pavel Shilovsky 2011-05-26  933  	deactivate_locked_super(sb);
3d6cc9898efdfb Ronnie Sahlberg 2022-02-11  934  	return root;
641a58d66d0863 Pavel Shilovsky 2011-05-26  935  out:
d17abdf7566566 Ronnie Sahlberg 2020-11-10  936  	if (cifs_sb) {
cd7b7bbd4355bf Ronnie Sahlberg 2022-05-31  937  		if (!sb || IS_ERR(sb)) {  /* otherwise kill_sb will handle */

This condition is always true.  When there is an always true condition
then Smatch doesn't try to figure the implications so it leads to false
positives.

4214ebf4654798 Sachin Prabhu   2016-07-29  938  			kfree(cifs_sb->prepath);
c741cba2cd1d14 Ronnie Sahlberg 2020-12-14  939  			smb3_cleanup_fs_context(cifs_sb->ctx);
5c4f1ad7c6aa3b Al Viro         2011-06-17  940  			kfree(cifs_sb);
d17abdf7566566 Ronnie Sahlberg 2020-11-10  941  		}
cd7b7bbd4355bf Ronnie Sahlberg 2022-05-31  942  	}
d17abdf7566566 Ronnie Sahlberg 2020-11-10 @943  	return root;
^1da177e4c3f41 Linus Torvalds  2005-04-16  944  }

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-06-06 11:04 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-31  3:01 [PATCH] cifs: fix potential double free during failed mount Ronnie Sahlberg
2022-05-31  4:06 ` Steve French
2022-05-31 16:15 kernel test robot
2022-06-06 11:04 ` Dan Carpenter

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.