tree: git://git.samba.org/sfrench/cifs-2.6.git for-next head: 5fc321fb644fc787710353be11129edadd313f3a commit: 5fc321fb644fc787710353be11129edadd313f3a [31/31] smb3: fix unmount hang in open_shroot If you fix the issue, kindly add following tag Reported-by: kbuild test robot <lkp@xxxxxxxxx> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> New smatch warnings: fs/cifs/smb2ops.c:786 open_shroot() error: double unlock 'mutex:&tcon->crfid.fid_mutex' git remote add cifs git://git.samba.org/sfrench/cifs-2.6.git git remote update cifs git checkout 5fc321fb644fc787710353be11129edadd313f3a vim +786 fs/cifs/smb2ops.c fs/cifs/smb2ops.c 726 /* 727 * caller expects this func to set pfid to a valid 728 * cached root, so we copy the existing one and get a 729 * reference. 730 */ 731 memcpy(pfid, tcon->crfid.fid, sizeof(*pfid)); 732 kref_get(&tcon->crfid.refcount); 733 734 mutex_unlock(&tcon->crfid.fid_mutex); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Unlock (recently added) 735 736 if (rc == 0) { 737 /* close extra handle outside of crit sec */ 738 SMB2_close(xid, tcon, fid.persistent_fid, fid.volatile_fid); 739 } 740 goto oshr_free; 741 } 742 743 /* Cached root is still invalid, continue normaly */ 744 745 if (rc) { 746 if (rc == -EREMCHG) { 747 tcon->need_reconnect = true; 748 printk_once(KERN_WARNING "server share %s deleted\n", 749 tcon->treeName); 750 } 751 goto oshr_exit; 752 } 753 754 o_rsp = (struct smb2_create_rsp *)rsp_iov[0].iov_base; 755 oparms.fid->persistent_fid = o_rsp->PersistentFileId; 756 oparms.fid->volatile_fid = o_rsp->VolatileFileId; 757 #ifdef CONFIG_CIFS_DEBUG2 758 oparms.fid->mid = le64_to_cpu(o_rsp->sync_hdr.MessageId); 759 #endif /* CIFS_DEBUG2 */ 760 761 memcpy(tcon->crfid.fid, pfid, sizeof(struct cifs_fid)); 762 tcon->crfid.tcon = tcon; 763 tcon->crfid.is_valid = true; 764 kref_init(&tcon->crfid.refcount); 765 766 /* BB TBD check to see if oplock level check can be removed below */ 767 if (o_rsp->OplockLevel == SMB2_OPLOCK_LEVEL_LEASE) { 768 kref_get(&tcon->crfid.refcount); 769 smb2_parse_contexts(server, o_rsp, 770 &oparms.fid->epoch, 771 oparms.fid->lease_key, &oplock, NULL); 772 } else 773 goto oshr_exit; 774 775 qi_rsp = (struct smb2_query_info_rsp *)rsp_iov[1].iov_base; 776 if (le32_to_cpu(qi_rsp->OutputBufferLength) < sizeof(struct smb2_file_all_info)) 777 goto oshr_exit; 778 if (!smb2_validate_and_copy_iov( 779 le16_to_cpu(qi_rsp->OutputBufferOffset), 780 sizeof(struct smb2_file_all_info), 781 &rsp_iov[1], sizeof(struct smb2_file_all_info), 782 (char *)&tcon->crfid.file_all_info)) 783 tcon->crfid.file_all_info_is_valid = 1; 784 785 oshr_exit: 786 mutex_unlock(&tcon->crfid.fid_mutex); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Double unlock. 787 oshr_free: 788 SMB2_open_free(&rqst[0]); 789 SMB2_query_info_free(&rqst[1]); 790 free_rsp_buf(resp_buftype[0], rsp_iov[0].iov_base); 791 free_rsp_buf(resp_buftype[1], rsp_iov[1].iov_base); 792 return rc; 793 } --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation