bug report: potential null deref send_mds_reconnect()

bug report: potential null deref send_mds_reconnect()

[Dan Carpenter]

This is a Smatch thing.

fs/ceph/mds_client.c +2217 send_mds_reconnect(82) error: we previously assumed 'session' could be null.
  2176          down_read(&mdsc->snap_rwsem);
  2177
  2178          if (!session)
  2179                  goto send;

	If we hit this goto then we will dereference session and oops.

  2180          dout("session %p state %s\n", session,
  2181               session_state_name(session->s_state));
 
regards,
dan carpenter

Re: bug report: potential null deref send_mds_reconnect()

[Sage Weil]

On Fri, 14 May 2010, Dan Carpenter wrote:
> This is a Smatch thing.
> 
> fs/ceph/mds_client.c +2217 send_mds_reconnect(82) error: we previously assumed 'session' could be null.
>   2176          down_read(&mdsc->snap_rwsem);
>   2177
>   2178          if (!session)
>   2179                  goto send;
> 
> 	If we hit this goto then we will dereference session and oops.
> 
>   2180          dout("session %p state %s\n", session,
>   2181               session_state_name(session->s_state));

Yeah, this is a bit of a mess.  There is already a fix (and big cleanup of 
this function) in the unstable branch, queued up for the next merge 
window.  I forgot it's theoretically possible to hit this with the current 
code (although only with the clustered mds).  If I send a final set fixes 
for .34 I'll include something for this too...

Thanks!
sage