[kbuild] Re: [PATCH v11 09/10] fs/ntfs3: Add NTFS3 in fs/Kconfig and fs/Makefile
From: Dan Carpenter
Date: Mon Nov 02 2020 - 03:37:03 EST
Hi Konstantin,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on linus/master]
[also build test WARNING on v5.10-rc2 next-20201030]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch ]
url: https://github.com/0day-ci/linux/commits/Konstantin-Komarov/NTFS-read-write-driver-GPL-implementation-by-Paragon-Software/20201031-220904
base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5fc6b075e165f641fbc366b58b578055762d5f8c
config: i386-randconfig-m021-20201101 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
smatch warnings:
fs/ntfs3/attrib.c:331 attr_set_size_res() error: dereferencing freed memory 'attr_s'
fs/ntfs3/attrib.c:1267 attr_allocate_frame() error: uninitialized symbol 'hint'.
fs/ntfs3/attrib.c:1393 attr_allocate_frame() error: we previously assumed 'attr_b' could be null (see line 1306)
fs/ntfs3/namei.c:438 ntfs_rename() warn: variable dereferenced before check 'old_inode' (see line 296)
fs/ntfs3/fsntfs.c:844 ntfs_clear_mft_tail() error: uninitialized symbol 'err'.
fs/ntfs3/fsntfs.c:1294 ntfs_read_run_nb() error: uninitialized symbol 'idx'.
fs/ntfs3/frecord.c:166 ni_load_mi_ex() error: we previously assumed 'r' could be null (see line 159)
fs/ntfs3/frecord.c:505 ni_ins_new_attr() error: we previously assumed 'le' could be null (see line 490)
fs/ntfs3/frecord.c:658 ni_repack() warn: 'run.runs_' double freed
fs/ntfs3/frecord.c:1439 ni_insert_nonresident() warn: potential memory corrupting cast 8 vs 2 bytes
fs/ntfs3/frecord.c:2214 ni_read_frame() warn: ignoring unreachable code.
fs/ntfs3/xattr.c:514 ntfs_get_acl_ex() warn: passing zero to 'ERR_PTR'
fs/ntfs3/index.c:1133 indx_find() warn: variable dereferenced before check 'fnd' (see line 1117)
fs/ntfs3/index.c:1371 indx_find_raw() error: we previously assumed 'n' could be null (see line 1349)
fs/ntfs3/index.c:1404 indx_create_allocate() warn: should '1 << indx->index_bits' be a 64 bit type?
fs/ntfs3/index.c:1755 indx_insert_into_root() warn: possible memory leak of 're'
fs/ntfs3/index.c:549 hdr_find_split() warn: variable dereferenced before check 'e' (see line 547)
fs/ntfs3/inode.c:687 ntfs_readpage() warn: should 'page->index << 12' be a 64 bit type?
fs/ntfs3/fslog.c:2205 last_log_lsn() warn: possible memory leak of 'page_bufs'
fs/ntfs3/fslog.c:2418 find_log_rec() error: we previously assumed 'rh' could be null (see line 2404)
fs/ntfs3/fslog.c:2551 find_client_next_lsn() error: double free of 'lcb->lrh'
fs/ntfs3/fslog.c:639 enum_rstbl() error: we previously assumed 't' could be null (see line 628)
fs/ntfs3/fslog.c:3158 do_action() warn: variable dereferenced before check 'mi' (see line 3118)
fs/ntfs3/fslog.c:3913 log_replay() error: dereferencing freed memory 'rst_info.r_page'
vim +/attr_s +331 fs/ntfs3/attrib.c
e3a1cdcc648083 Konstantin Komarov 2020-10-30 241 static int attr_set_size_res(struct ntfs_inode *ni, struct ATTRIB *attr,
e3a1cdcc648083 Konstantin Komarov 2020-10-30 242 struct ATTR_LIST_ENTRY *le, struct mft_inode *mi,
e3a1cdcc648083 Konstantin Komarov 2020-10-30 243 u64 new_size, struct runs_tree *run,
e3a1cdcc648083 Konstantin Komarov 2020-10-30 244 struct ATTRIB **ins_attr)
e3a1cdcc648083 Konstantin Komarov 2020-10-30 245 {
e3a1cdcc648083 Konstantin Komarov 2020-10-30 246 int err = 0;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 247 struct ntfs_sb_info *sbi = mi->sbi;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 248 struct MFT_REC *rec = mi->mrec;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 249 u32 used = le32_to_cpu(rec->used);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 250 u32 asize = le32_to_cpu(attr->size);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 251 u32 aoff = PtrOffset(rec, attr);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 252 u32 rsize = le32_to_cpu(attr->res.data_size);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 253 u32 tail = used - aoff - asize;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 254 char *next = Add2Ptr(attr, asize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 255 int dsize = QuadAlign(new_size) - QuadAlign(rsize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 256 CLST len, alen;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 257 struct ATTRIB *attr_s = NULL;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 258 bool is_ext;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 259
e3a1cdcc648083 Konstantin Komarov 2020-10-30 260 if (dsize < 0) {
e3a1cdcc648083 Konstantin Komarov 2020-10-30 261 memmove(next + dsize, next, tail);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 262 } else if (dsize > 0) {
e3a1cdcc648083 Konstantin Komarov 2020-10-30 263 if (used + dsize > sbi->max_bytes_per_attr)
e3a1cdcc648083 Konstantin Komarov 2020-10-30 264 goto resident2nonresident;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 265
e3a1cdcc648083 Konstantin Komarov 2020-10-30 266 memmove(next + dsize, next, tail);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 267 memset(next, 0, dsize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 268 }
e3a1cdcc648083 Konstantin Komarov 2020-10-30 269
e3a1cdcc648083 Konstantin Komarov 2020-10-30 270 rec->used = cpu_to_le32(used + dsize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 271 attr->size = cpu_to_le32(asize + dsize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 272 attr->res.data_size = cpu_to_le32(new_size);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 273 mi->dirty = true;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 274 *ins_attr = attr;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 275
e3a1cdcc648083 Konstantin Komarov 2020-10-30 276 return 0;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 277
e3a1cdcc648083 Konstantin Komarov 2020-10-30 278 resident2nonresident:
e3a1cdcc648083 Konstantin Komarov 2020-10-30 279 len = bytes_to_cluster(sbi, rsize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 280
e3a1cdcc648083 Konstantin Komarov 2020-10-30 281 run_init(run);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 282
e3a1cdcc648083 Konstantin Komarov 2020-10-30 283 is_ext = is_attr_ext(attr);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 284
e3a1cdcc648083 Konstantin Komarov 2020-10-30 285 if (!len) {
e3a1cdcc648083 Konstantin Komarov 2020-10-30 286 alen = 0;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 287 } else if (is_ext) {
e3a1cdcc648083 Konstantin Komarov 2020-10-30 288 if (!run_add_entry(run, 0, SPARSE_LCN, len)) {
e3a1cdcc648083 Konstantin Komarov 2020-10-30 289 err = -ENOMEM;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 290 goto out;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 291 }
e3a1cdcc648083 Konstantin Komarov 2020-10-30 292 alen = len;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 293 } else {
e3a1cdcc648083 Konstantin Komarov 2020-10-30 294 err = attr_allocate_clusters(sbi, run, 0, 0, len, NULL,
e3a1cdcc648083 Konstantin Komarov 2020-10-30 295 ALLOCATE_DEF, &alen, 0, NULL);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 296 if (err)
e3a1cdcc648083 Konstantin Komarov 2020-10-30 297 goto out;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 298
e3a1cdcc648083 Konstantin Komarov 2020-10-30 299 err = ntfs_sb_write_run(sbi, run, 0, resident_data(attr),
e3a1cdcc648083 Konstantin Komarov 2020-10-30 300 rsize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 301 if (err)
e3a1cdcc648083 Konstantin Komarov 2020-10-30 302 goto out;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 303 }
e3a1cdcc648083 Konstantin Komarov 2020-10-30 304
e3a1cdcc648083 Konstantin Komarov 2020-10-30 305 attr_s = ntfs_memdup(attr, asize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 306 if (!attr_s) {
e3a1cdcc648083 Konstantin Komarov 2020-10-30 307 err = -ENOMEM;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 308 goto out;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 309 }
e3a1cdcc648083 Konstantin Komarov 2020-10-30 310
e3a1cdcc648083 Konstantin Komarov 2020-10-30 311 /*verify(mi_remove_attr(mi, attr));*/
e3a1cdcc648083 Konstantin Komarov 2020-10-30 312 used -= asize;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 313 memmove(attr, Add2Ptr(attr, asize), used - aoff);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 314 rec->used = cpu_to_le32(used);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 315 mi->dirty = true;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 316 if (le)
e3a1cdcc648083 Konstantin Komarov 2020-10-30 317 al_remove_le(ni, le);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 318
e3a1cdcc648083 Konstantin Komarov 2020-10-30 319 err = ni_insert_nonresident(ni, attr_s->type, attr_name(attr_s),
e3a1cdcc648083 Konstantin Komarov 2020-10-30 320 attr_s->name_len, run, 0, alen,
e3a1cdcc648083 Konstantin Komarov 2020-10-30 321 attr_s->flags, &attr, NULL);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 322 if (err)
e3a1cdcc648083 Konstantin Komarov 2020-10-30 323 goto out;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 324
e3a1cdcc648083 Konstantin Komarov 2020-10-30 325 ntfs_free(attr_s);
^^^^^^^^^^^^^^^^^
Freed.
e3a1cdcc648083 Konstantin Komarov 2020-10-30 326 attr->nres.data_size = cpu_to_le64(rsize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 327 attr->nres.valid_size = attr->nres.data_size;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 328
e3a1cdcc648083 Konstantin Komarov 2020-10-30 329 *ins_attr = attr;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 330
e3a1cdcc648083 Konstantin Komarov 2020-10-30 @331 if (attr_s->type == ATTR_DATA && !attr_s->name_len &&
^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^
Dereferenced after a free.
e3a1cdcc648083 Konstantin Komarov 2020-10-30 332 run == &ni->file.run) {
e3a1cdcc648083 Konstantin Komarov 2020-10-30 333 ni->ni_flags &= ~NI_FLAG_RESIDENT;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 334 }
e3a1cdcc648083 Konstantin Komarov 2020-10-30 335
e3a1cdcc648083 Konstantin Komarov 2020-10-30 336 /* Resident attribute becomes non resident */
e3a1cdcc648083 Konstantin Komarov 2020-10-30 337 return 0;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 338
e3a1cdcc648083 Konstantin Komarov 2020-10-30 339 out:
e3a1cdcc648083 Konstantin Komarov 2020-10-30 340 /* undo: do not trim new allocated clusters */
e3a1cdcc648083 Konstantin Komarov 2020-10-30 341 run_deallocate(sbi, run, false);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 342 run_close(run);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 343
e3a1cdcc648083 Konstantin Komarov 2020-10-30 344 if (attr_s) {
e3a1cdcc648083 Konstantin Komarov 2020-10-30 345 memmove(next, Add2Ptr(rec, aoff), used - aoff);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 346 memcpy(Add2Ptr(rec, aoff), attr_s, asize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 347 rec->used = cpu_to_le32(used + asize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 348 mi->dirty = true;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 349 ntfs_free(attr_s);
e3a1cdcc648083 Konstantin Komarov 2020-10-30 350 /*reinsert le*/
e3a1cdcc648083 Konstantin Komarov 2020-10-30 351 }
e3a1cdcc648083 Konstantin Komarov 2020-10-30 352
e3a1cdcc648083 Konstantin Komarov 2020-10-30 353 return err;
e3a1cdcc648083 Konstantin Komarov 2020-10-30 354 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx
Attachment:
.config.gz
Description: application/gzip
_______________________________________________
kbuild mailing list -- kbuild@xxxxxxxxxxxx
To unsubscribe send an email to kbuild-leave@xxxxxxxxxxxx