[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <202205080346.m0fb3UXK-lkp@intel.com>
Date: Mon, 9 May 2022 13:08:37 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: kbuild@...ts.01.org, Amir Goldstein <amir73il@...il.com>
Cc: lkp@...el.com, kbuild-all@...ts.01.org,
linux-kernel@...r.kernel.org
Subject: [amir73il:fsnotify-fixes 2/2] fs/notify/fsnotify.c:540 fsnotify()
warn: variable dereferenced before check 'dir1' (see line 499)
tree: https://github.com/amir73il/linux fsnotify-fixes
head: d25f3ce8da49ce1a3b0a0621f0bf7b1d6ba2dad6
commit: d25f3ce8da49ce1a3b0a0621f0bf7b1d6ba2dad6 [2/2] fsnotify: send FS_RENAME to groups watching the moved inode
config: s390-randconfig-m031-20220508 (https://download.01.org/0day-ci/archive/20220508/202205080346.m0fb3UXK-lkp@intel.com/config)
compiler: s390-linux-gcc (GCC) 11.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
smatch warnings:
fs/notify/fsnotify.c:540 fsnotify() warn: variable dereferenced before check 'dir1' (see line 499)
vim +/dir1 +540 fs/notify/fsnotify.c
40a100d3adc1ad Amir Goldstein 2020-07-22 475 int fsnotify(__u32 mask, const void *data, int data_type, struct inode *dir,
40a100d3adc1ad Amir Goldstein 2020-07-22 476 const struct qstr *file_name, struct inode *inode, u32 cookie)
90586523eb4b34 Eric Paris 2009-05-21 477 {
b54cecf5e2293d Amir Goldstein 2020-06-07 478 const struct path *path = fsnotify_data_path(data, data_type);
29335033c574a1 Gabriel Krisman Bertazi 2021-10-25 479 struct super_block *sb = fsnotify_data_sb(data, data_type);
3427ce71554123 Miklos Szeredi 2017-10-30 480 struct fsnotify_iter_info iter_info = {};
60f7ed8c7c4d06 Amir Goldstein 2018-09-01 481 struct mount *mnt = NULL;
d25f3ce8da49ce Amir Goldstein 2022-05-07 482 struct inode *dir1, *dir2;
e54183fa7047c1 Amir Goldstein 2021-11-29 483 struct dentry *moved;
d25f3ce8da49ce Amir Goldstein 2022-05-07 484 int dir1_type = 0;
9385a84d7e1f65 Jan Kara 2016-11-10 485 int ret = 0;
71d734103edfa2 Mel Gorman 2020-07-08 486 __u32 test_mask, marks_mask;
90586523eb4b34 Eric Paris 2009-05-21 487
71d734103edfa2 Mel Gorman 2020-07-08 488 if (path)
aa93bdc5500cc9 Amir Goldstein 2020-03-19 489 mnt = real_mount(path->mnt);
3a9fb89f4cd04c Eric Paris 2009-12-17 490
40a100d3adc1ad Amir Goldstein 2020-07-22 491 if (!inode) {
40a100d3adc1ad Amir Goldstein 2020-07-22 492 /* Dirent event - report on TYPE_INODE to dir */
40a100d3adc1ad Amir Goldstein 2020-07-22 493 inode = dir;
d25f3ce8da49ce Amir Goldstein 2022-05-07 494 } else if (mask & FS_RENAME) {
d25f3ce8da49ce Amir Goldstein 2022-05-07 495 /* For FS_RENAME, dir1 is old_dir and dir2 is new_dir */
e54183fa7047c1 Amir Goldstein 2021-11-29 496 moved = fsnotify_data_dentry(data, data_type);
d25f3ce8da49ce Amir Goldstein 2022-05-07 497 dir1 = moved->d_parent->d_inode;
d25f3ce8da49ce Amir Goldstein 2022-05-07 498 dir2 = dir;
d25f3ce8da49ce Amir Goldstein 2022-05-07 @499 if (dir1->i_fsnotify_marks || dir2->i_fsnotify_marks)
^^^^^^^^^^^^^^^^^^^^^^
Dereference
d25f3ce8da49ce Amir Goldstein 2022-05-07 500 dir1_type = FSNOTIFY_ITER_TYPE_OLD_DIR;
d25f3ce8da49ce Amir Goldstein 2022-05-07 501 /*
d25f3ce8da49ce Amir Goldstein 2022-05-07 502 * Send FS_RENAME to groups watching the moved inode itself
d25f3ce8da49ce Amir Goldstein 2022-05-07 503 * only if the moved inode is a non-dir.
d25f3ce8da49ce Amir Goldstein 2022-05-07 504 * Sending FS_RENAME to a moved watched directory would be
d25f3ce8da49ce Amir Goldstein 2022-05-07 505 * confusing and FS_MOVE_SELF provided enough information to
d25f3ce8da49ce Amir Goldstein 2022-05-07 506 * track the movements of a watched directory.
d25f3ce8da49ce Amir Goldstein 2022-05-07 507 */
d25f3ce8da49ce Amir Goldstein 2022-05-07 508 if (mask & FS_ISDIR)
d25f3ce8da49ce Amir Goldstein 2022-05-07 509 inode = NULL;
40a100d3adc1ad Amir Goldstein 2020-07-22 510 } else if (mask & FS_EVENT_ON_CHILD) {
40a100d3adc1ad Amir Goldstein 2020-07-22 511 /*
fecc4559780d52 Amir Goldstein 2020-12-02 512 * Event on child - report on TYPE_PARENT to dir if it is
fecc4559780d52 Amir Goldstein 2020-12-02 513 * watching children and on TYPE_INODE to child.
40a100d3adc1ad Amir Goldstein 2020-07-22 514 */
d25f3ce8da49ce Amir Goldstein 2022-05-07 515 dir1 = dir;
d25f3ce8da49ce Amir Goldstein 2022-05-07 516 dir2 = NULL;
d25f3ce8da49ce Amir Goldstein 2022-05-07 517 if (dir1->i_fsnotify_marks)
^^^^^^^^^^^^^^^^^^^^^^
Dereference
d25f3ce8da49ce Amir Goldstein 2022-05-07 518 dir1_type = FSNOTIFY_ITER_TYPE_PARENT;
40a100d3adc1ad Amir Goldstein 2020-07-22 519 }
497b0c5a7c0688 Amir Goldstein 2020-07-16 520
7c49b8616460eb Dave Hansen 2015-09-04 521 /*
7c49b8616460eb Dave Hansen 2015-09-04 522 * Optimization: srcu_read_lock() has a memory barrier which can
7c49b8616460eb Dave Hansen 2015-09-04 523 * be expensive. It protects walking the *_fsnotify_marks lists.
7c49b8616460eb Dave Hansen 2015-09-04 524 * However, if we do not walk the lists, we do not have to do
7c49b8616460eb Dave Hansen 2015-09-04 525 * SRCU because we have no references to any objects and do not
7c49b8616460eb Dave Hansen 2015-09-04 526 * need SRCU to keep them "alive".
7c49b8616460eb Dave Hansen 2015-09-04 527 */
9b93f33105f5f9 Amir Goldstein 2020-07-16 528 if (!sb->s_fsnotify_marks &&
497b0c5a7c0688 Amir Goldstein 2020-07-16 529 (!mnt || !mnt->mnt_fsnotify_marks) &&
9b93f33105f5f9 Amir Goldstein 2020-07-16 530 (!inode || !inode->i_fsnotify_marks) &&
d25f3ce8da49ce Amir Goldstein 2022-05-07 531 !dir1_type)
7c49b8616460eb Dave Hansen 2015-09-04 532 return 0;
71d734103edfa2 Mel Gorman 2020-07-08 533
9b93f33105f5f9 Amir Goldstein 2020-07-16 534 marks_mask = sb->s_fsnotify_mask;
71d734103edfa2 Mel Gorman 2020-07-08 535 if (mnt)
71d734103edfa2 Mel Gorman 2020-07-08 536 marks_mask |= mnt->mnt_fsnotify_mask;
9b93f33105f5f9 Amir Goldstein 2020-07-16 537 if (inode)
9b93f33105f5f9 Amir Goldstein 2020-07-16 538 marks_mask |= inode->i_fsnotify_mask;
d25f3ce8da49ce Amir Goldstein 2022-05-07 539 if (dir1_type) {
d25f3ce8da49ce Amir Goldstein 2022-05-07 @540 if (dir1)
If "dir1_type" is set then we have already dereferenced "dir1". I guess
this unnecessary NULL check is something that probably wouldn't bother
a human reader too much...
d25f3ce8da49ce Amir Goldstein 2022-05-07 541 marks_mask |= dir1->i_fsnotify_mask;
d25f3ce8da49ce Amir Goldstein 2022-05-07 542 if (dir2)
d25f3ce8da49ce Amir Goldstein 2022-05-07 543 marks_mask |= dir2->i_fsnotify_mask;
d25f3ce8da49ce Amir Goldstein 2022-05-07 544 }
497b0c5a7c0688 Amir Goldstein 2020-07-16 545
71d734103edfa2 Mel Gorman 2020-07-08 546
613a807fe7c793 Eric Paris 2010-07-28 547 /*
04e317ba72d079 Amir Goldstein 2022-02-23 548 * If this is a modify event we may need to clear some ignored masks.
04e317ba72d079 Amir Goldstein 2022-02-23 549 * In that case, the object with ignored masks will have the FS_MODIFY
04e317ba72d079 Amir Goldstein 2022-02-23 550 * event in its mask.
04e317ba72d079 Amir Goldstein 2022-02-23 551 * Otherwise, return if none of the marks care about this type of event.
613a807fe7c793 Eric Paris 2010-07-28 552 */
71d734103edfa2 Mel Gorman 2020-07-08 553 test_mask = (mask & ALL_FSNOTIFY_EVENTS);
04e317ba72d079 Amir Goldstein 2022-02-23 554 if (!(test_mask & marks_mask))
613a807fe7c793 Eric Paris 2010-07-28 555 return 0;
75c1be487a690d Eric Paris 2010-07-28 556
9385a84d7e1f65 Jan Kara 2016-11-10 557 iter_info.srcu_idx = srcu_read_lock(&fsnotify_mark_srcu);
75c1be487a690d Eric Paris 2010-07-28 558
1c9007d62bea6f Amir Goldstein 2021-11-29 559 iter_info.marks[FSNOTIFY_ITER_TYPE_SB] =
45a9fb3725d886 Amir Goldstein 2019-01-10 560 fsnotify_first_mark(&sb->s_fsnotify_marks);
9bdda4e9cf2dce Amir Goldstein 2018-09-01 561 if (mnt) {
1c9007d62bea6f Amir Goldstein 2021-11-29 562 iter_info.marks[FSNOTIFY_ITER_TYPE_VFSMOUNT] =
3427ce71554123 Miklos Szeredi 2017-10-30 563 fsnotify_first_mark(&mnt->mnt_fsnotify_marks);
7131485a93679f Eric Paris 2009-12-17 564 }
9b93f33105f5f9 Amir Goldstein 2020-07-16 565 if (inode) {
1c9007d62bea6f Amir Goldstein 2021-11-29 566 iter_info.marks[FSNOTIFY_ITER_TYPE_INODE] =
9b93f33105f5f9 Amir Goldstein 2020-07-16 567 fsnotify_first_mark(&inode->i_fsnotify_marks);
9b93f33105f5f9 Amir Goldstein 2020-07-16 568 }
d25f3ce8da49ce Amir Goldstein 2022-05-07 569 if (dir1_type) {
d25f3ce8da49ce Amir Goldstein 2022-05-07 570 if (dir1)
d25f3ce8da49ce Amir Goldstein 2022-05-07 571 iter_info.marks[dir1_type] =
d25f3ce8da49ce Amir Goldstein 2022-05-07 572 fsnotify_first_mark(&dir1->i_fsnotify_marks);
d25f3ce8da49ce Amir Goldstein 2022-05-07 573 if (dir2)
d25f3ce8da49ce Amir Goldstein 2022-05-07 574 iter_info.marks[FSNOTIFY_ITER_TYPE_NEW_DIR] =
d25f3ce8da49ce Amir Goldstein 2022-05-07 575 fsnotify_first_mark(&dir2->i_fsnotify_marks);
497b0c5a7c0688 Amir Goldstein 2020-07-16 576 }
75c1be487a690d Eric Paris 2010-07-28 577
8edc6e1688fc8f Jan Kara 2014-11-13 578 /*
60f7ed8c7c4d06 Amir Goldstein 2018-09-01 579 * We need to merge inode/vfsmount/sb mark lists so that e.g. inode mark
60f7ed8c7c4d06 Amir Goldstein 2018-09-01 580 * ignore masks are properly reflected for mount/sb mark notifications.
8edc6e1688fc8f Jan Kara 2014-11-13 581 * That's why this traversal is so complicated...
8edc6e1688fc8f Jan Kara 2014-11-13 582 */
d9a6f30bb89309 Amir Goldstein 2018-04-20 583 while (fsnotify_iter_select_report_types(&iter_info)) {
b54cecf5e2293d Amir Goldstein 2020-06-07 584 ret = send_to_group(mask, data, data_type, dir, file_name,
b54cecf5e2293d Amir Goldstein 2020-06-07 585 cookie, &iter_info);
613a807fe7c793 Eric Paris 2010-07-28 586
ff8bcbd03da881 Eric Paris 2010-10-28 587 if (ret && (mask & ALL_FSNOTIFY_PERM_EVENTS))
ff8bcbd03da881 Eric Paris 2010-10-28 588 goto out;
ff8bcbd03da881 Eric Paris 2010-10-28 589
d9a6f30bb89309 Amir Goldstein 2018-04-20 590 fsnotify_iter_next(&iter_info);
90586523eb4b34 Eric Paris 2009-05-21 591 }
ff8bcbd03da881 Eric Paris 2010-10-28 592 ret = 0;
ff8bcbd03da881 Eric Paris 2010-10-28 593 out:
9385a84d7e1f65 Jan Kara 2016-11-10 594 srcu_read_unlock(&fsnotify_mark_srcu, iter_info.srcu_idx);
c4ec54b40d33f8 Eric Paris 2009-12-17 595
98b5c10d320adf Jean-Christophe Dubois 2010-03-23 596 return ret;
90586523eb4b34 Eric Paris 2009-05-21 597 }
--
0-DAY CI Kernel Test Service
https://01.org/lkp
Powered by blists - more mailing lists