Ocfs2 devel - Aug 2022 - [PATCH v1] ocfs2: Fix freeing uninitialized resource on ocfs2_dlm_shutdown

On local mount mode, no dlm resource is initialized. If
ocfs2_mount_volume() fails in ocfs2_find_slot(), error handling
will call ocfs2_dlm_shutdown(), then does dlm resource cleanup
job, which will trigger kernel crash.

Fixes: 0737e01de9c4 ("ocfs2: ocfs2_mount_volume does cleanup job before
return error")
Signed-off-by: Heming Zhao <heming.zhao at suse.com>
---
draft -> v1:
 - separate to a single patch
 - by review comment:
   - do free lockres in shutdown path
   - put 'Fixes' string in one line
 - revise misspelled & grammar mistake in commit log
---
 fs/ocfs2/dlmglue.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/fs/ocfs2/dlmglue.c b/fs/ocfs2/dlmglue.c
index 801e60bab955..c28bc983a7b1 100644
--- a/fs/ocfs2/dlmglue.c
+++ b/fs/ocfs2/dlmglue.c
@@ -3403,10 +3403,12 @@ void ocfs2_dlm_shutdown(struct ocfs2_super *osb,
 	ocfs2_lock_res_free(&osb->osb_nfs_sync_lockres);
 	ocfs2_lock_res_free(&osb->osb_orphan_scan.os_lockres);
 
-	ocfs2_cluster_disconnect(osb->cconn, hangup_pending);
-	osb->cconn = NULL;
+	if (osb->cconn) {
+		ocfs2_cluster_disconnect(osb->cconn, hangup_pending);
+		osb->cconn = NULL;
 
-	ocfs2_dlm_shutdown_debug(osb);
+		ocfs2_dlm_shutdown_debug(osb);
+	}
 }
 
 static int ocfs2_drop_lock(struct ocfs2_super *osb,
-- 
2.37.1

On 8/11/22 5:46 PM, Heming Zhao wrote:
> On local mount mode, no dlm resource is initialized. If
> ocfs2_mount_volume() fails in ocfs2_find_slot(), error handling
In fact, any procedure after ocfs2_dlm_init() fails will trigger this
issue. So we'd better describe it clearly, or just take the above case
as a example.
> will call ocfs2_dlm_shutdown(), then does dlm resource cleanup
> job, which will trigger kernel crash.
> 
> Fixes: 0737e01de9c4 ("ocfs2: ocfs2_mount_volume does cleanup job
before return error")
> Signed-off-by: Heming Zhao <heming.zhao at suse.com>
> ---
> draft -> v1:
>  - separate to a single patch
>  - by review comment:
>    - do free lockres in shutdown path
>    - put 'Fixes' string in one line
>  - revise misspelled & grammar mistake in commit log
> ---
>  fs/ocfs2/dlmglue.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/ocfs2/dlmglue.c b/fs/ocfs2/dlmglue.c
> index 801e60bab955..c28bc983a7b1 100644
> --- a/fs/ocfs2/dlmglue.c
> +++ b/fs/ocfs2/dlmglue.c
> @@ -3403,10 +3403,12 @@ void ocfs2_dlm_shutdown(struct ocfs2_super *osb,
>  	ocfs2_lock_res_free(&osb->osb_nfs_sync_lockres);
>  	ocfs2_lock_res_free(&osb->osb_orphan_scan.os_lockres);
>  
> -	ocfs2_cluster_disconnect(osb->cconn, hangup_pending);
> -	osb->cconn = NULL;
> +	if (osb->cconn) {
> +		ocfs2_cluster_disconnect(osb->cconn, hangup_pending);
> +		osb->cconn = NULL;
>  
> -	ocfs2_dlm_shutdown_debug(osb);
> +		ocfs2_dlm_shutdown_debug(osb);
> +	}
>  }
>  
>  static int ocfs2_drop_lock(struct ocfs2_super *osb,
The checking osb->cconn in ocfs2_dismount_volume() has to be removed.

Thanks,
Joseph