lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <0569be1f-0664-3387-725b-e99ff46ebf00@intel.com>
Date:   Tue, 14 Sep 2021 20:26:46 +0800
From:   kernel test robot <yujie.liu@...el.com>
To:     David Howells <dhowells@...hat.com>
CC:     <llvm@...ts.linux.dev>, <kbuild-all@...ts.01.org>,
        "Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>
Subject: [dhowells-fs:fscache-iter-2 41/75] fs/fscache/volume.c:286:2:
 warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git fscache-iter-2
head:   7c7521adffeb04466a42e8e1956353b9d9038d02
commit: f463b2680fc3404d89d7186c12fbb9533e48b1cc [41/75] fscache: Replace the object management state machine
:::::: branch date: 2 days ago
:::::: commit date: 9 weeks ago
config: riscv-randconfig-c006-20210910 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 261cbe98c38f8c1ee1a482fe76511110e790f58a)
reproduce (this is a W=1 build):
         wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
         chmod +x ~/bin/make.cross
         # install riscv cross compiling tool for clang build
         # apt-get install binutils-riscv64-linux-gnu
         # https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit/?id=f463b2680fc3404d89d7186c12fbb9533e48b1cc
         git remote add dhowells-fs https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
         git fetch --no-tags dhowells-fs fscache-iter-2
         git checkout f463b2680fc3404d89d7186c12fbb9533e48b1cc
         # save the attached .config to linux build tree
         COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv clang-analyzer

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>


clang-analyzer warnings: (new ones prefixed by >>)

 >> fs/fscache/volume.c:286:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
            return volume;
            ^      ~~~~~~
    fs/fscache/volume.c:277:7: note: 'volume' is non-null
         if (!volume)
              ^~~~~~
    fs/fscache/volume.c:277:2: note: Taking false branch
         if (!volume)
         ^
    fs/fscache/volume.c:280:2: note: Taking false branch
         if (!fscache_hash_volume(volume)) {
         ^
    fs/fscache/volume.c:285:2: note: Calling 'fscache_create_volume'
         fscache_create_volume(volume, false);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    fs/fscache/volume.c:243:6: note: Assuming the condition is false
         if (test_and_set_bit(FSCACHE_VOLUME_CREATING, &volume->flags))
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    fs/fscache/volume.c:243:2: note: Taking false branch
         if (test_and_set_bit(FSCACHE_VOLUME_CREATING, &volume->flags))
         ^
    fs/fscache/volume.c:245:6: note: Assuming field 'cache_priv' is null
         if (volume->cache_priv)
             ^~~~~~~~~~~~~~~~~~
    fs/fscache/volume.c:245:2: note: Taking false branch
         if (volume->cache_priv)
         ^
    fs/fscache/volume.c:247:6: note: Assuming the condition is false
         if (!fscache_begin_cache_access(volume->cache,
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    fs/fscache/volume.c:247:2: note: Taking false branch
         if (!fscache_begin_cache_access(volume->cache,
         ^
    fs/fscache/volume.c:252:6: note: Assuming the condition is true
         if (!schedule_work(&volume->work))
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    fs/fscache/volume.c:252:2: note: Taking true branch
         if (!schedule_work(&volume->work))
         ^
    fs/fscache/volume.c:253:3: note: Calling 'fscache_put_volume'
                 fscache_put_volume(volume, fscache_volume_put_create_work);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    fs/fscache/volume.c:359:6: note: 'volume' is non-null
         if (volume) {
             ^~~~~~
    fs/fscache/volume.c:359:2: note: Taking true branch
         if (volume) {
         ^
    fs/fscache/volume.c:366:7: note: 'zero' is true
                 if (zero)
                     ^~~~
    fs/fscache/volume.c:366:3: note: Taking true branch
                 if (zero)
                 ^
    fs/fscache/volume.c:367:4: note: Calling 'fscache_free_volume'
                         fscache_free_volume(volume);
                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~
    fs/fscache/volume.c:331:2: note: Taking false branch
         if (fscache_begin_volume_access(volume, fscache_access_relinquish_volume)) {
         ^
    fs/fscache/volume.c:343:2: note: Taking false branch
         if (!hlist_bl_unhashed(&volume->hash_link))
         ^
    fs/fscache/volume.c:348:2: note: Memory is released
         kfree(volume);
         ^~~~~~~~~~~~~
    fs/fscache/volume.c:349:2: note: Loop condition is false.  Exiting loop
         fscache_stat_d(&fscache_n_volumes);
         ^
    fs/fscache/internal.h:112:30: note: expanded from macro 'fscache_stat_d'
    #define fscache_stat_d(stat) do {} while (0)
                              ^
    fs/fscache/volume.c:367:4: note: Returning; memory was released via 1st parameter
                         fscache_free_volume(volume);
                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~
    fs/fscache/volume.c:253:3: note: Returning; memory was released via 1st parameter
                 fscache_put_volume(volume, fscache_volume_put_create_work);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    fs/fscache/volume.c:256:6: note: 'wait' is false
         if (wait) {
             ^~~~
    fs/fscache/volume.c:256:2: note: Taking false branch
         if (wait) {
         ^
    fs/fscache/volume.c:285:2: note: Returning; memory was released via 1st parameter
         fscache_create_volume(volume, false);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    fs/fscache/volume.c:286:2: note: Use of memory after it is freed
         return volume;
         ^      ~~~~~~

vim +286 fs/fscache/volume.c

f463b2680fc340 David Howells 2020-02-06  266
f463b2680fc340 David Howells 2020-02-06  267  /*
f463b2680fc340 David Howells 2020-02-06  268   * Acquire a volume representation cookie and link it to a (proposed) cache.
f463b2680fc340 David Howells 2020-02-06  269   */
f463b2680fc340 David Howells 2020-02-06  270  struct fscache_volume *__fscache_acquire_volume(const char *volume_key,
f463b2680fc340 David Howells 2020-02-06  271  						const char *cache_name,
f463b2680fc340 David Howells 2020-02-06  272  						u64 coherency_data)
f463b2680fc340 David Howells 2020-02-06  273  {
f463b2680fc340 David Howells 2020-02-06  274  	struct fscache_volume *volume;
f463b2680fc340 David Howells 2020-02-06  275
f463b2680fc340 David Howells 2020-02-06  276  	volume = fscache_alloc_volume(volume_key, cache_name, coherency_data);
f463b2680fc340 David Howells 2020-02-06  277  	if (!volume)
f463b2680fc340 David Howells 2020-02-06  278  		return NULL;
f463b2680fc340 David Howells 2020-02-06  279
f463b2680fc340 David Howells 2020-02-06  280  	if (!fscache_hash_volume(volume)) {
f463b2680fc340 David Howells 2020-02-06  281  		fscache_put_volume(volume, fscache_volume_put_hash_collision);
f463b2680fc340 David Howells 2020-02-06  282  		return NULL;
f463b2680fc340 David Howells 2020-02-06  283  	}
f463b2680fc340 David Howells 2020-02-06  284
f463b2680fc340 David Howells 2020-02-06  285  	fscache_create_volume(volume, false);
f463b2680fc340 David Howells 2020-02-06 @286  	return volume;
f463b2680fc340 David Howells 2020-02-06  287  }
f463b2680fc340 David Howells 2020-02-06  288  EXPORT_SYMBOL(__fscache_acquire_volume);
f463b2680fc340 David Howells 2020-02-06  289

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Download attachment ".config.gz" of type "application/gzip" (33735 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ