Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp465388pxu;
        Tue, 5 Jan 2021 16:46:07 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxDcvJ+Q8DtI78ShD1qsv95xJzVTJlD7hek9EEBFfipjUHJYD59TzWM5RuXEncx92m63XZT
X-Received: by 2002:aa7:d2d3:: with SMTP id k19mr2248981edr.28.1609893967033;
        Tue, 05 Jan 2021 16:46:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1609893967; cv=none;
        d=google.com; s=arc-20160816;
        b=b4lwkkOUvTHgQ9mw3aNJKG6IZKvR2CYUW6cG+ubuGIW8b++1Qm0StePKbUzXwkiXsu
         1mMb5luNdGXDLSX48bjrcy0V/zSCPfOnNcHLBikdJXaCYo/yGOzu4DGplF7DQKsk3b8y
         q8NCjhfRFXqKmi+ZubgwK+miJJ8/ye1ZjQ2fWHU/rbWYDCXW02IQihpz5ZcEccT4x1Ol
         r+CQTGmL1+CbN9TTh/hjYzqFmSpyFWlWmiNor+wRq2kmiTeoRWPwbAox6GnAY/ewXhMl
         5Md4qTQNBZeMFdrB/bOEvGpsSWK1+mAaTbZwr4BopoqlSmsp5miSlmtDjxpTThwnDNmC
         yPFw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=juELTIvRTW/b337nrNxecDrCQElvIPPbt17rQzuvz4Y=;
        b=vJGenZ9Q2n8zZ0TExBQ2+tIVzqSqek4EiQJxbvHcqWCQA13SdKu9QHZbX38sJY4948
         rswSGgqruK/evG93sGuRb4tJjsMsomJaW5zjAUIicv9hEbtg11rkfLMzEs3lv5Yh905W
         T1z25U5cNhEYm3DWJ2ZzKAqf1tth0UlWLZDnNSwI8VIa1I9Ggkag7xBCHZ4enCTRc+6E
         OCCUS3/x3Gil+sOu8rSdiaijqdaLFYViJ18gaJOQjFOkgR2McGWxThCghmpmBE+RGgpx
         my8f4ImoVFb0eajTUeCyPemh85469ruUwyT+c5YsnM/8n2neIav9Lcp+4ZiIZah5bPjQ
         zZNA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=GWOTgxfT;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id n14si295594edq.574.2021.01.05.16.45.43;
        Tue, 05 Jan 2021 16:46:07 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=GWOTgxfT;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730560AbhAEW0n (ORCPT
        <rfc822;linuxmailingsubscription@gmail.com> + 99 others);
        Tue, 5 Jan 2021 17:26:43 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46994 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727914AbhAEW0m (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 5 Jan 2021 17:26:42 -0500
Received: from mail-qt1-x82d.google.com (mail-qt1-x82d.google.com [IPv6:2607:f8b0:4864:20::82d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9D413C061574;
        Tue,  5 Jan 2021 14:26:02 -0800 (PST)
Received: by mail-qt1-x82d.google.com with SMTP id 7so978585qtp.1;
        Tue, 05 Jan 2021 14:26:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=juELTIvRTW/b337nrNxecDrCQElvIPPbt17rQzuvz4Y=;
        b=GWOTgxfTuwVusuw6FiZSg4Lg14sGKM28Wa5zwlqPf0jkJ/qh3SnmrsaYAYKAOzat3J
         DyNe9gobWbe7Uyya1GgTAqbUvv/MnUfbytb0+Jv8QA0lgucsCY5DRgiFzwJAoB9W82dm
         qQoizwtdGpUNtuI5zyW4/mC8O1Oj/+hqpZVnV1kijtwq2ehmPOXsGKN62+5zixBqcgoo
         CoLMvbJkrLtMYqftrc1TmronQLD9An8u9svRo6B1hqWa+ZDtuFDSmM0CwmJVq6MdmjJn
         TQoJqdqhfvwemWYmN+0uqfG2gq4aYaiCNoP6JTRlVwKU3haHxVvx3rGKkFPFjY2LN4tz
         W0AQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=juELTIvRTW/b337nrNxecDrCQElvIPPbt17rQzuvz4Y=;
        b=iSDHt+Sz+IVCGb3ug+m5hbJ/jQ9AfgQguv6XxkACPeXleVQbtdYBJJhEpdpXvAdpd3
         9MYmMdfAP1avEMKRICk/WeECqWhYRYdB5L8CqEnY3fbRRHmP0laVo55afVbOI+YEorMe
         FTEOBEewt4rVOqSeg4cmyHAsFSA6tEg5vKAlMST069giHsk+88MPGTsmbFxek0vZ9677
         15SQW1Gkwf89XHrpBUmy/MzOJqJaut26z5l81J5Zc+s9HPUBqvZ1ioAECFThoZvJAjuC
         oo3kdx8QdK8MBe7nblHIpHDiDWVnzoDehkwt8ui/s7VH5cq7vjhjbQs+pQnzQhsserIh
         ek0A==
X-Gm-Message-State: AOAM5300bKobX1SeufJmnJ5qGSZixvmUJlWrMHF/tuE1QX41o9TEcn+I
        9YBB2pEfdYgH4QjiqN89Vmo=
X-Received: by 2002:aed:2b45:: with SMTP id p63mr1582005qtd.111.1609885561863;
        Tue, 05 Jan 2021 14:26:01 -0800 (PST)
Received: from ubuntu-m3-large-x86 ([2604:1380:45f1:1d00::1])
        by smtp.gmail.com with ESMTPSA id n4sm330015qtl.22.2021.01.05.14.26.00
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 05 Jan 2021 14:26:00 -0800 (PST)
Date:   Tue, 5 Jan 2021 15:25:59 -0700
From:   Nathan Chancellor <natechancellor@gmail.com>
To:     trix@redhat.com
Cc:     sfrench@samba.org, ndesaulniers@google.com, aaptel@suse.com,
        palcantara@suse.de, linux-cifs@vger.kernel.org,
        samba-technical@lists.samba.org, linux-kernel@vger.kernel.org,
        clang-built-linux@googlegroups.com
Subject: Re: [PATCH] cifs: check pointer before freeing
Message-ID: <20210105222559.GA4118247@ubuntu-m3-large-x86>
References: <20210105202126.2879650-1-trix@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210105202126.2879650-1-trix@redhat.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Jan 05, 2021 at 12:21:26PM -0800, trix@redhat.com wrote:
> From: Tom Rix <trix@redhat.com>
> 
> clang static analysis reports this problem
> 
> dfs_cache.c:591:2: warning: Argument to kfree() is a constant address
>   (18446744073709551614), which is not memory allocated by malloc()
>         kfree(vi);
>         ^~~~~~~~~
> 
> In dfs_cache_del_vol() the volume info pointer 'vi' being freed
> is the return of a call to find_vol().  The large constant address
> is find_vol() returning an error.
> 
> Add an error check to dfs_cache_del_vol() similar to the one done
> in dfs_cache_update_vol().
> 
> Fixes: 54be1f6c1c37 ("cifs: Add DFS cache routines")
> Signed-off-by: Tom Rix <trix@redhat.com>

Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>

> ---
>  fs/cifs/dfs_cache.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/cifs/dfs_cache.c b/fs/cifs/dfs_cache.c
> index 6ad6ba5f6ebe..0fdb0de7ff86 100644
> --- a/fs/cifs/dfs_cache.c
> +++ b/fs/cifs/dfs_cache.c
> @@ -1260,7 +1260,8 @@ void dfs_cache_del_vol(const char *fullpath)
>  	vi = find_vol(fullpath);
>  	spin_unlock(&vol_list_lock);
>  
> -	kref_put(&vi->refcnt, vol_release);
> +	if (!IS_ERR(vi))
> +		kref_put(&vi->refcnt, vol_release);
>  }
>  
>  /**
> -- 
> 2.27.0
>