fs/smb/server/oplock.c:155 opinfo_get_list() warn: can 'opinfo' even be NULL?

fs/smb/server/oplock.c:155 opinfo_get_list() warn: can 'opinfo' even be NULL?

[Dan Carpenter]

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   707df3375124b51048233625a7e1c801e8c8a7fd
commit: 18b4fac5ef17f77fed9417d22210ceafd6525fc7 ksmbd: fix use-after-free in smb_break_all_levII_oplock()
config: i386-randconfig-141-20250416 (https://download.01.org/0day-ci/archive/20250508/202505080231.7OXwq4Te-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
| Closes: https://lore.kernel.org/r/202505080231.7OXwq4Te-lkp@intel.com/

New smatch warnings:
fs/smb/server/oplock.c:155 opinfo_get_list() warn: can 'opinfo' even be NULL?

vim +/opinfo +155 fs/smb/server/oplock.c

e2f34481b24db2f fs/cifsd/oplock.c      Namjae Jeon 2021-03-16  145  static struct oplock_info *opinfo_get_list(struct ksmbd_inode *ci)
e2f34481b24db2f fs/cifsd/oplock.c      Namjae Jeon 2021-03-16  146  {
e2f34481b24db2f fs/cifsd/oplock.c      Namjae Jeon 2021-03-16  147  	struct oplock_info *opinfo;
e2f34481b24db2f fs/cifsd/oplock.c      Namjae Jeon 2021-03-16  148  
e2f34481b24db2f fs/cifsd/oplock.c      Namjae Jeon 2021-03-16  149  	if (list_empty(&ci->m_op_list))
e2f34481b24db2f fs/cifsd/oplock.c      Namjae Jeon 2021-03-16  150  		return NULL;
e2f34481b24db2f fs/cifsd/oplock.c      Namjae Jeon 2021-03-16  151  
18b4fac5ef17f77 fs/smb/server/oplock.c Namjae Jeon 2025-04-15  152  	down_read(&ci->m_lock);
18b4fac5ef17f77 fs/smb/server/oplock.c Namjae Jeon 2025-04-15  153  	opinfo = list_first_entry(&ci->m_op_list, struct oplock_info,
e2f34481b24db2f fs/cifsd/oplock.c      Namjae Jeon 2021-03-16  154  					op_entry);

The list_first_entry() macro never returns NULL.  If the list is
empty then it returns an invalid pointer.  Use
list_first_entry_or_null().  We have the check for list_empty()
at the start of the function but it's outside of the lock so it's
probably not safe to assume it's still true.  (I haven't looked
at the locking here outside of what the kbuild-bot includes in this
email).

36322523dddb111 fs/smb/server/oplock.c Namjae Jeon 2023-05-19 @155  	if (opinfo) {
c8efcc786146a95 fs/smb/server/oplock.c Namjae Jeon 2024-03-12  156  		if (opinfo->conn == NULL ||
c8efcc786146a95 fs/smb/server/oplock.c Namjae Jeon 2024-03-12  157  		    !atomic_inc_not_zero(&opinfo->refcount))
36322523dddb111 fs/smb/server/oplock.c Namjae Jeon 2023-05-19  158  			opinfo = NULL;
36322523dddb111 fs/smb/server/oplock.c Namjae Jeon 2023-05-19  159  		else {
36322523dddb111 fs/smb/server/oplock.c Namjae Jeon 2023-05-19  160  			if (ksmbd_conn_releasing(opinfo->conn)) {
36322523dddb111 fs/smb/server/oplock.c Namjae Jeon 2023-05-19  161  				atomic_dec(&opinfo->refcount);
e2f34481b24db2f fs/cifsd/oplock.c      Namjae Jeon 2021-03-16  162  				opinfo = NULL;
36322523dddb111 fs/smb/server/oplock.c Namjae Jeon 2023-05-19  163  			}
36322523dddb111 fs/smb/server/oplock.c Namjae Jeon 2023-05-19  164  		}
36322523dddb111 fs/smb/server/oplock.c Namjae Jeon 2023-05-19  165  	}
18b4fac5ef17f77 fs/smb/server/oplock.c Namjae Jeon 2025-04-15  166  	up_read(&ci->m_lock);
e2f34481b24db2f fs/cifsd/oplock.c      Namjae Jeon 2021-03-16  167  
e2f34481b24db2f fs/cifsd/oplock.c      Namjae Jeon 2021-03-16  168  	return opinfo;
e2f34481b24db2f fs/cifsd/oplock.c      Namjae Jeon 2021-03-16  169  }

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki