Hi,
Static analysis on today's linux-next has found an issue with the
following commit:
commit 55ea6691d52875b921d3712f9a08db8e81e059b4
Author: J. Bruce Fields <[email protected]>
Date: Fri Nov 20 17:39:19 2020 -0500
nfsd: skip some unnecessary stats in the v4 case
The analysis is as follows:
286 /*
287 * Fill in the post_op attr for the wcc data
288 */
289 void fill_post_wcc(struct svc_fh *fhp)
290 {
291 bool v4 = (fhp->fh_maxsize == NFS4_FHSIZE);
292 struct inode *inode = d_inode(fhp->fh_dentry);
1. var_decl: Declaring variable err without initializer.
293 __be32 err;
294
2. Condition fhp->fh_post_saved, taking true branch.
295 if (fhp->fh_post_saved)
296 printk("nfsd: inode locked twice during operation.\n");
297
298
3. Condition !v4, taking false branch.
4. Condition !inode->i_sb->s_export_op->fetch_iversion, taking false
branch.
299 if (!v4 || !inode->i_sb->s_export_op->fetch_iversion)
300 err = fh_getattr(fhp, &fhp->fh_post_attr);
5. Condition v4, taking true branch.
301 if (v4)
302 fhp->fh_post_change =
303 nfsd4_change_attribute(&fhp->fh_post_attr,
inode);
Uninitialized scalar variable (UNINIT)6. uninit_use: Using uninitialized
value err.
304 if (err) {
305 fhp->fh_post_saved = false;
306 /* Grab the ctime anyway - set_change_info might use
it */
307 fhp->fh_post_attr.ctime = inode->i_ctime;
308 } else
309 fhp->fh_post_saved = true;
310 }
Prior to this commit, variable err used to be always assigned by the
call to err = fh_getattr(fhp, &stat), but now it is only called on
specific conditions, so now we have this unassigned err issue.
Colin
On Wed, Nov 25, 2020 at 02:50:51PM +0000, Colin Ian King wrote:
> Static analysis on today's linux-next has found an issue with the
> following commit:
Thanks! I'll probably do something like this.
Though this still all seems slightly more complicated than necessary.
--b.
diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c
index 8502a493be6d..7eb761801169 100644
--- a/fs/nfsd/nfs3xdr.c
+++ b/fs/nfsd/nfs3xdr.c
@@ -260,13 +260,12 @@ void fill_pre_wcc(struct svc_fh *fhp)
struct inode *inode;
struct kstat stat;
bool v4 = (fhp->fh_maxsize == NFS4_FHSIZE);
- __be32 err;
if (fhp->fh_pre_saved)
return;
inode = d_inode(fhp->fh_dentry);
if (!v4 || !inode->i_sb->s_export_op->fetch_iversion) {
- err = fh_getattr(fhp, &stat);
+ __be32 err = fh_getattr(fhp, &stat);
if (err) {
/* Grab the times from inode anyway */
stat.mtime = inode->i_mtime;
@@ -290,23 +289,23 @@ void fill_post_wcc(struct svc_fh *fhp)
{
bool v4 = (fhp->fh_maxsize == NFS4_FHSIZE);
struct inode *inode = d_inode(fhp->fh_dentry);
- __be32 err;
if (fhp->fh_post_saved)
printk("nfsd: inode locked twice during operation.\n");
+ fhp->fh_post_saved = true;
- if (!v4 || !inode->i_sb->s_export_op->fetch_iversion)
- err = fh_getattr(fhp, &fhp->fh_post_attr);
+ if (!v4 || !inode->i_sb->s_export_op->fetch_iversion) {
+ __be32 err = fh_getattr(fhp, &fhp->fh_post_attr);
+ if (err) {
+ fhp->fh_post_saved = false;
+ /* set_change_info might still need this: */
+ fhp->fh_post_attr.ctime = inode->i_ctime;
+ }
+ }
if (v4)
fhp->fh_post_change =
nfsd4_change_attribute(&fhp->fh_post_attr, inode);
- if (err) {
- fhp->fh_post_saved = false;
- /* Grab the ctime anyway - set_change_info might use it */
- fhp->fh_post_attr.ctime = inode->i_ctime;
- } else
- fhp->fh_post_saved = true;
}
/*
On 25/11/2020 16:47, J. Bruce Fields wrote:
> On Wed, Nov 25, 2020 at 02:50:51PM +0000, Colin Ian King wrote:
>> Static analysis on today's linux-next has found an issue with the
>> following commit:
>
> Thanks! I'll probably do something like this.
Looks good to me, even if it is a little more convoluted. Thanks.
>
> Though this still all seems slightly more complicated than necessary.
>
> --b.
>
> diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c
> index 8502a493be6d..7eb761801169 100644
> --- a/fs/nfsd/nfs3xdr.c
> +++ b/fs/nfsd/nfs3xdr.c
> @@ -260,13 +260,12 @@ void fill_pre_wcc(struct svc_fh *fhp)
> struct inode *inode;
> struct kstat stat;
> bool v4 = (fhp->fh_maxsize == NFS4_FHSIZE);
> - __be32 err;
>
> if (fhp->fh_pre_saved)
> return;
> inode = d_inode(fhp->fh_dentry);
> if (!v4 || !inode->i_sb->s_export_op->fetch_iversion) {
> - err = fh_getattr(fhp, &stat);
> + __be32 err = fh_getattr(fhp, &stat);
> if (err) {
> /* Grab the times from inode anyway */
> stat.mtime = inode->i_mtime;
> @@ -290,23 +289,23 @@ void fill_post_wcc(struct svc_fh *fhp)
> {
> bool v4 = (fhp->fh_maxsize == NFS4_FHSIZE);
> struct inode *inode = d_inode(fhp->fh_dentry);
> - __be32 err;
>
> if (fhp->fh_post_saved)
> printk("nfsd: inode locked twice during operation.\n");
>
> + fhp->fh_post_saved = true;
>
> - if (!v4 || !inode->i_sb->s_export_op->fetch_iversion)
> - err = fh_getattr(fhp, &fhp->fh_post_attr);
> + if (!v4 || !inode->i_sb->s_export_op->fetch_iversion) {
> + __be32 err = fh_getattr(fhp, &fhp->fh_post_attr);
> + if (err) {
> + fhp->fh_post_saved = false;
> + /* set_change_info might still need this: */
> + fhp->fh_post_attr.ctime = inode->i_ctime;
> + }
> + }
> if (v4)
> fhp->fh_post_change =
> nfsd4_change_attribute(&fhp->fh_post_attr, inode);
> - if (err) {
> - fhp->fh_post_saved = false;
> - /* Grab the ctime anyway - set_change_info might use it */
> - fhp->fh_post_attr.ctime = inode->i_ctime;
> - } else
> - fhp->fh_post_saved = true;
> }
>
> /*
>