[kbuild-all] [fuse:fs_fuse_split 5/5] fs/fuse/virtio_fs.c:1458 virtio_fs_get_tree() error: uninitialized symbol 'fc'.

Monday, 15 February 2021

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git fs_fuse_split
head:   674d5faded4c40245ea02240e731aa82c7ab4c9e
commit: 674d5faded4c40245ea02240e731aa82c7ab4c9e [5/5] fuse: alloc initial fuse_conn and
fuse_mount
config: i386-randconfig-m021-20210209 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp(a)intel.com&gt;
Reported-by: Dan Carpenter <dan.carpenter(a)oracle.com&gt;

New smatch warnings:
fs/fuse/virtio_fs.c:1458 virtio_fs_get_tree() error: uninitialized symbol 'fc'.

Old smatch warnings:
fs/fuse/virtio_fs.c:1444 virtio_fs_get_tree() error: double free of 'fm'

vim +/fc +1458 fs/fuse/virtio_fs.c

a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1405  static int virtio_fs_get_tree(struct
fs_context *fsc)
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1406  {
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1407  	struct virtio_fs *fs;
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1408  	struct super_block *sb;
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1409  	struct fuse_conn *fc;
fcee216beb9c15 Max Reitz       2020-05-06  1410  	struct fuse_mount *fm;
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1411  	int err;
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1412  
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1413  	/* This gets a reference on virtio_fs
object. This ptr gets installed
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1414  	 * in fc->iq->priv. Once fuse_conn
is going away, it calls ->put()
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1415  	 * to drop the reference to this
object.
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1416  	 */
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1417  	fs =
virtio_fs_find_instance(fsc->source);
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1418  	if (!fs) {
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1419  		pr_info("virtio-fs: tag <%s>
not found\n", fsc->source);
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1420  		return -EINVAL;
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1421  	}
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1422  
833c5a42e28bee Miklos Szeredi  2020-11-11  1423  	err = -ENOMEM;
674d5faded4c40 Miklos Szeredi  2021-02-11  1424  	fm =
fuse_conn_new(get_user_ns(current_user_ns()), &virtio_fs_fiq_ops, fs, NULL, NULL);
833c5a42e28bee Miklos Szeredi  2020-11-11  1425  	if (!fm)
833c5a42e28bee Miklos Szeredi  2020-11-11  1426  		goto out_err;

"fc" not initialized on this path.

674d5faded4c40 Miklos Szeredi  2021-02-11  1427  	fc = fm->fc;
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1428  	fc->delete_stale = true;
bf109c64040f5b Max Reitz       2020-04-21  1429  	fc->auto_submounts = true;
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1430  
fcee216beb9c15 Max Reitz       2020-05-06  1431  	fsc->s_fs_info = fm;
b19d3d00d662cf Miklos Szeredi  2020-11-11  1432  	sb = sget_fc(fsc, virtio_fs_test_super,
set_anon_super_fc);
514b5e3ff45e6c Miklos Szeredi  2020-11-11  1433  	if (fsc->s_fs_info) {
514b5e3ff45e6c Miklos Szeredi  2020-11-11  1434  		fuse_conn_put(fc);
514b5e3ff45e6c Miklos Szeredi  2020-11-11  1435  		kfree(fm);

The error handling in this function is very confusing...

514b5e3ff45e6c Miklos Szeredi  2020-11-11  1436  	}
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1437  	if (IS_ERR(sb))
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1438  		return PTR_ERR(sb);
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1439  
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1440  	if (!sb->s_root) {
1dd539577c42b6 Vivek Goyal     2020-08-19  1441  		err = virtio_fs_fill_super(sb, fsc);
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1442  		if (err) {
514b5e3ff45e6c Miklos Szeredi  2020-11-11  1443  			fuse_conn_put(fc);
514b5e3ff45e6c Miklos Szeredi  2020-11-11  1444  			kfree(fm);

Smatch doesn't complain about a double free so presumably the earlier
kfree(fm) is done IFF sb is an error pointer.

66ab33bf6d4341 Miklos Szeredi  2020-11-11  1445  			sb->s_fs_info = NULL;
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1446  			deactivate_locked_super(sb);
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1447  			return err;
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1448  		}
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1449  
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1450  		sb->s_flags |= SB_ACTIVE;
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1451  	}
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1452  
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1453  	WARN_ON(fsc->root);
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1454  	fsc->root = dget(sb->s_root);
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1455  	return 0;
833c5a42e28bee Miklos Szeredi  2020-11-11  1456  
833c5a42e28bee Miklos Szeredi  2020-11-11  1457  out_err:
833c5a42e28bee Miklos Szeredi  2020-11-11 @1458  	kfree(fc);
833c5a42e28bee Miklos Szeredi  2020-11-11  1459  	mutex_lock(&virtio_fs_mutex);
833c5a42e28bee Miklos Szeredi  2020-11-11  1460  	virtio_fs_put(fs);
833c5a42e28bee Miklos Szeredi  2020-11-11  1461  	mutex_unlock(&virtio_fs_mutex);
833c5a42e28bee Miklos Szeredi  2020-11-11  1462  	return err;
a62a8ef9d97da2 Stefan Hajnoczi 2018-06-12  1463  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

2022

2021

2020

2019

[kbuild-all] [fuse:fs_fuse_split 5/5] fs/fuse/virtio_fs.c:1458 virtio_fs_get_tree() error: uninitialized symbol 'fc'.