On 05/06/2025 08:17, Christoph Hellwig wrote:
> Remove the check for a NULL mru or mru->list in xfs_mru_cache_insert
> as this API misused lead to a direct NULL pointer dereference on first
> use and is not user triggerable. As a smatch run by Dan points out
> with the recent cleanup it would otherwise try to free the object we
> just determined to be NULL for this impossible to reach case.
>
> Fixes: 70b95cb86513 ("xfs: free the item in xfs_mru_cache_insert on failure")
> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> Signed-off-by: Christoph Hellwig <hch@xxxxxx>
> ---
> fs/xfs/xfs_mru_cache.c | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/fs/xfs/xfs_mru_cache.c b/fs/xfs/xfs_mru_cache.c
> index 08443ceec329..c95401de8397 100644
> --- a/fs/xfs/xfs_mru_cache.c
> +++ b/fs/xfs/xfs_mru_cache.c
> @@ -425,10 +425,6 @@ xfs_mru_cache_insert(
> {
> int error = -EINVAL;
>
> - ASSERT(mru && mru->lists);
> - if (!mru || !mru->lists)
> - goto out_free;
> -
> error = -ENOMEM;
> if (radix_tree_preload(GFP_KERNEL))
> goto out_free;
Looks good to me.
Reviewed-by: Hans Holmberg <hans.holmberg@xxxxxxx>
