| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Sep 2021 20:26:46 +0800
From: kernel test robot <yujie.liu@...el.com>
To: David Howells <dhowells@...hat.com>
CC: <llvm@...ts.linux.dev>, <kbuild-all@...ts.01.org>,
"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>
Subject: [dhowells-fs:fscache-iter-2 41/75] fs/fscache/volume.c:286:2:
warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git fscache-iter-2
head: 7c7521adffeb04466a42e8e1956353b9d9038d02
commit: f463b2680fc3404d89d7186c12fbb9533e48b1cc [41/75] fscache: Replace the object management state machine
:::::: branch date: 2 days ago
:::::: commit date: 9 weeks ago
config: riscv-randconfig-c006-20210910 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 261cbe98c38f8c1ee1a482fe76511110e790f58a)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install riscv cross compiling tool for clang build
# apt-get install binutils-riscv64-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit/?id=f463b2680fc3404d89d7186c12fbb9533e48b1cc
git remote add dhowells-fs https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
git fetch --no-tags dhowells-fs fscache-iter-2
git checkout f463b2680fc3404d89d7186c12fbb9533e48b1cc
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
clang-analyzer warnings: (new ones prefixed by >>)
>> fs/fscache/volume.c:286:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
return volume;
^ ~~~~~~
fs/fscache/volume.c:277:7: note: 'volume' is non-null
if (!volume)
^~~~~~
fs/fscache/volume.c:277:2: note: Taking false branch
if (!volume)
^
fs/fscache/volume.c:280:2: note: Taking false branch
if (!fscache_hash_volume(volume)) {
^
fs/fscache/volume.c:285:2: note: Calling 'fscache_create_volume'
fscache_create_volume(volume, false);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:243:6: note: Assuming the condition is false
if (test_and_set_bit(FSCACHE_VOLUME_CREATING, &volume->flags))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:243:2: note: Taking false branch
if (test_and_set_bit(FSCACHE_VOLUME_CREATING, &volume->flags))
^
fs/fscache/volume.c:245:6: note: Assuming field 'cache_priv' is null
if (volume->cache_priv)
^~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:245:2: note: Taking false branch
if (volume->cache_priv)
^
fs/fscache/volume.c:247:6: note: Assuming the condition is false
if (!fscache_begin_cache_access(volume->cache,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:247:2: note: Taking false branch
if (!fscache_begin_cache_access(volume->cache,
^
fs/fscache/volume.c:252:6: note: Assuming the condition is true
if (!schedule_work(&volume->work))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:252:2: note: Taking true branch
if (!schedule_work(&volume->work))
^
fs/fscache/volume.c:253:3: note: Calling 'fscache_put_volume'
fscache_put_volume(volume, fscache_volume_put_create_work);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:359:6: note: 'volume' is non-null
if (volume) {
^~~~~~
fs/fscache/volume.c:359:2: note: Taking true branch
if (volume) {
^
fs/fscache/volume.c:366:7: note: 'zero' is true
if (zero)
^~~~
fs/fscache/volume.c:366:3: note: Taking true branch
if (zero)
^
fs/fscache/volume.c:367:4: note: Calling 'fscache_free_volume'
fscache_free_volume(volume);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:331:2: note: Taking false branch
if (fscache_begin_volume_access(volume, fscache_access_relinquish_volume)) {
^
fs/fscache/volume.c:343:2: note: Taking false branch
if (!hlist_bl_unhashed(&volume->hash_link))
^
fs/fscache/volume.c:348:2: note: Memory is released
kfree(volume);
^~~~~~~~~~~~~
fs/fscache/volume.c:349:2: note: Loop condition is false. Exiting loop
fscache_stat_d(&fscache_n_volumes);
^
fs/fscache/internal.h:112:30: note: expanded from macro 'fscache_stat_d'
#define fscache_stat_d(stat) do {} while (0)
^
fs/fscache/volume.c:367:4: note: Returning; memory was released via 1st parameter
fscache_free_volume(volume);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:253:3: note: Returning; memory was released via 1st parameter
fscache_put_volume(volume, fscache_volume_put_create_work);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:256:6: note: 'wait' is false
if (wait) {
^~~~
fs/fscache/volume.c:256:2: note: Taking false branch
if (wait) {
^
fs/fscache/volume.c:285:2: note: Returning; memory was released via 1st parameter
fscache_create_volume(volume, false);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fs/fscache/volume.c:286:2: note: Use of memory after it is freed
return volume;
^ ~~~~~~
vim +286 fs/fscache/volume.c
f463b2680fc340 David Howells 2020-02-06 266
f463b2680fc340 David Howells 2020-02-06 267 /*
f463b2680fc340 David Howells 2020-02-06 268 * Acquire a volume representation cookie and link it to a (proposed) cache.
f463b2680fc340 David Howells 2020-02-06 269 */
f463b2680fc340 David Howells 2020-02-06 270 struct fscache_volume *__fscache_acquire_volume(const char *volume_key,
f463b2680fc340 David Howells 2020-02-06 271 const char *cache_name,
f463b2680fc340 David Howells 2020-02-06 272 u64 coherency_data)
f463b2680fc340 David Howells 2020-02-06 273 {
f463b2680fc340 David Howells 2020-02-06 274 struct fscache_volume *volume;
f463b2680fc340 David Howells 2020-02-06 275
f463b2680fc340 David Howells 2020-02-06 276 volume = fscache_alloc_volume(volume_key, cache_name, coherency_data);
f463b2680fc340 David Howells 2020-02-06 277 if (!volume)
f463b2680fc340 David Howells 2020-02-06 278 return NULL;
f463b2680fc340 David Howells 2020-02-06 279
f463b2680fc340 David Howells 2020-02-06 280 if (!fscache_hash_volume(volume)) {
f463b2680fc340 David Howells 2020-02-06 281 fscache_put_volume(volume, fscache_volume_put_hash_collision);
f463b2680fc340 David Howells 2020-02-06 282 return NULL;
f463b2680fc340 David Howells 2020-02-06 283 }
f463b2680fc340 David Howells 2020-02-06 284
f463b2680fc340 David Howells 2020-02-06 285 fscache_create_volume(volume, false);
f463b2680fc340 David Howells 2020-02-06 @286 return volume;
f463b2680fc340 David Howells 2020-02-06 287 }
f463b2680fc340 David Howells 2020-02-06 288 EXPORT_SYMBOL(__fscache_acquire_volume);
f463b2680fc340 David Howells 2020-02-06 289
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Download attachment ".config.gz" of type "application/gzip" (33735 bytes)
Powered by blists - more mailing lists