[PATCH] cifsd: fix error handling in ksmbd_server_init()

[PATCH] cifsd: fix error handling in ksmbd_server_init()

[Dan Carpenter]

The error handling in ksmbd_server_init() uses "one function to free
everything style" which is impossible to audit and leads to several
canonical bugs.  When we free something that wasn't allocated it may be
uninitialized, an error pointer, freed in a different function or we
try freeing "foo->bar" when "foo" is a NULL pointer.  And since the
code is impossible to audit then it leads to memory leaks.

In the ksmbd_server_init() function, every goto will lead to a crash
because we have not allocated the work queue but we call
ksmbd_workqueue_destroy() which tries to flush a NULL work queue.
Another bug is if ksmbd_init_buffer_pools() fails then it leads to a
double free because we free "work_cache" twice.  A third type of bug is
that we forgot to call ksmbd_release_inode_hash() so that is a resource
leak.

A better way to write error handling is for every function to clean up
after itself and never leave things partially allocated.  Then we can
use "free the last successfully allocated resource" style.  That way
when someone is reading the code they can just track the last resource
in their head and verify that the goto matches what they expect.

In this patch I modified ksmbd_ipc_init() to clean up after itself and
then I converted ksmbd_server_init() to use gotos to clean up.

Fixes: cabcebc31de4 ("cifsd: introduce SMB3 kernel server")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 fs/cifsd/server.c        | 33 +++++++++++++++++++++++----------
 fs/cifsd/transport_ipc.c | 14 +++++++++++---
 2 files changed, 34 insertions(+), 13 deletions(-)

diff --git a/fs/cifsd/server.c b/fs/cifsd/server.c
index b9e114f8a5d2..aea7b6788cac 100644
--- a/fs/cifsd/server.c
+++ b/fs/cifsd/server.c
@@ -569,39 +569,52 @@ static int __init ksmbd_server_init(void)
 
 	ret = server_conf_init();
 	if (ret)
-		return ret;
+		goto err_unregister;
 
 	ret = ksmbd_init_buffer_pools();
 	if (ret)
-		return ret;
+		goto err_unregister;
 
 	ret = ksmbd_init_session_table();
 	if (ret)
-		goto error;
+		goto err_destroy_pools;
 
 	ret = ksmbd_ipc_init();
 	if (ret)
-		goto error;
+		goto err_free_session_table;
 
 	ret = ksmbd_init_global_file_table();
 	if (ret)
-		goto error;
+		goto err_ipc_release;
 
 	ret = ksmbd_inode_hash_init();
 	if (ret)
-		goto error;
+		goto err_destroy_file_table;
 
 	ret = ksmbd_crypto_create();
 	if (ret)
-		goto error;
+		goto err_release_inode_hash;
 
 	ret = ksmbd_workqueue_init();
 	if (ret)
-		goto error;
+		goto err_crypto_destroy;
 	return 0;
 
-error:
-	ksmbd_server_shutdown();
+err_crypto_destroy:
+	ksmbd_crypto_destroy();
+err_release_inode_hash:
+	ksmbd_release_inode_hash();
+err_destroy_file_table:
+	ksmbd_free_global_file_table();
+err_ipc_release:
+	ksmbd_ipc_release();
+err_free_session_table:
+	ksmbd_free_session_table();
+err_destroy_pools:
+	ksmbd_destroy_buffer_pools();
+err_unregister:
+	class_unregister(&ksmbd_control_class);
+
 	return ret;
 }
 
diff --git a/fs/cifsd/transport_ipc.c b/fs/cifsd/transport_ipc.c
index b91fa265f85d..d2432f656635 100644
--- a/fs/cifsd/transport_ipc.c
+++ b/fs/cifsd/transport_ipc.c
@@ -890,11 +890,19 @@ int ksmbd_ipc_init(void)
 	if (ret) {
 		ksmbd_err("Failed to register KSMBD netlink interface %d\n",
 				ret);
-		return ret;
+		goto cancel_work;
 	}
 
 	ida = ksmbd_ida_alloc();
-	if (!ida)
-		return -ENOMEM;
+	if (!ida) {
+		ret = -ENOMEM;
+		goto unregister;
+	}
 	return 0;
+
+unregister:
+	genl_unregister_family(&ksmbd_genl_family);
+cancel_work:
+	cancel_delayed_work_sync(&ipc_timer_work);
+	return ret;
 }
-- 
2.30.2

Re: [PATCH] cifsd: fix error handling in ksmbd_server_init()

[kernel test robot]

[-- Attachment #1: Type: text/plain, Size: 2057 bytes --]

Hi Dan,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on next-20210319]
[cannot apply to linus/master v5.12-rc3 v5.12-rc2 v5.12-rc1 v5.12-rc3]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Dan-Carpenter/cifsd-fix-error-handling-in-ksmbd_server_init/20210319-225716
base:    f00397ee41c79b6155b9b44abd0055b2c0621349
config: m68k-allyesconfig (attached as .config)
compiler: m68k-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/cc0b000677e90ef32431e535861911bdcc4670b4
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Dan-Carpenter/cifsd-fix-error-handling-in-ksmbd_server_init/20210319-225716
        git checkout cc0b000677e90ef32431e535861911bdcc4670b4
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=m68k 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All warnings (new ones prefixed by >>, old ones prefixed by <<):

>> WARNING: modpost: vmlinux.o(.init.text+0x1c672): Section mismatch in reference from the function ksmbd_server_init() to the function .exit.text:ksmbd_release_inode_hash()
The function __init ksmbd_server_init() references
a function __exit ksmbd_release_inode_hash().
This is often seen when error handling in the init function
uses functionality in the exit path.
The fix is often to remove the __exit annotation of
ksmbd_release_inode_hash() so it may be used outside an exit section.

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 60387 bytes --]

Re: [PATCH] cifsd: fix error handling in ksmbd_server_init()

[kernel test robot]

[-- Attachment #1: Type: text/plain, Size: 2537 bytes --]

Hi Dan,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on next-20210319]
[cannot apply to linus/master v5.12-rc3 v5.12-rc2 v5.12-rc1 v5.12-rc3]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Dan-Carpenter/cifsd-fix-error-handling-in-ksmbd_server_init/20210319-225716
base:    f00397ee41c79b6155b9b44abd0055b2c0621349
config: sh-allmodconfig (attached as .config)
compiler: sh4-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/cc0b000677e90ef32431e535861911bdcc4670b4
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Dan-Carpenter/cifsd-fix-error-handling-in-ksmbd_server_init/20210319-225716
        git checkout cc0b000677e90ef32431e535861911bdcc4670b4
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=sh 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All error/warnings (new ones prefixed by >>, old ones prefixed by <<):

>> WARNING: modpost: fs/cifsd/ksmbd.o(.init.text+0x1c0): Section mismatch in reference from the function init_module() to the function .exit.text:ksmbd_release_inode_hash()
The function __init init_module() references
a function __exit ksmbd_release_inode_hash().
This is often seen when error handling in the init function
uses functionality in the exit path.
The fix is often to remove the __exit annotation of
ksmbd_release_inode_hash() so it may be used outside an exit section.
--
>> ERROR: modpost: "__delay" undefined!
>> ERROR: modpost: "__udivdi3" undefined!
>> ERROR: modpost: "__umoddi3" undefined!

Kconfig warnings: (for reference only)
   WARNING: unmet direct dependencies detected for SND_ATMEL_SOC_PDC
   Depends on SOUND && !UML && SND && SND_SOC && SND_ATMEL_SOC && HAS_DMA
   Selected by
   - SND_ATMEL_SOC_SSC && SOUND && !UML && SND && SND_SOC && SND_ATMEL_SOC
   - SND_ATMEL_SOC_SSC_PDC && SOUND && !UML && SND && SND_SOC && SND_ATMEL_SOC && ATMEL_SSC

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 54482 bytes --]