[bug report] vfs: Convert ceph to use the new mount API

[Dan Carpenter]

Hello David Howells,

The patch 108f95bfaa56: "vfs: Convert ceph to use the new mount API"
from Mar 25, 2019, leads to the following static checker warning:

        drivers/block/rbd.c:7141 do_rbd_add()
        warn: passing freed memory 'ctx.opt'

drivers/block/rbd.c
  7046          /* parse add command */
  7047          rc = rbd_add_parse_args(buf, &ctx);
  7048          if (rc < 0)
  7049                  goto out;
  7050  
  7051          rbdc = rbd_get_client(ctx.opt);

This looks like it frees ctx.opt if rbd_client_find() returns non-NULL.

  7052          if (IS_ERR(rbdc)) {
  7053                  rc = PTR_ERR(rbdc);
  7054                  goto err_out_args;
  7055          }
  7056  
  7057          /* pick the pool */
  7058          rc = ceph_pg_poolid_by_name(rbdc->client->osdc.osdmap,
  7059                                      ctx.rbd_spec->pool_name);
  7060          if (rc < 0) {
  7061                  if (rc == -ENOENT)
  7062                          pr_info("pool %s does not exist\n", 
ctx.rbd_spec->pool_name);
  7063                  goto err_out_client;
  7064          }

[ snip ]

  7125  out:
  7126          module_put(THIS_MODULE);
  7127          return rc;
  7128  
  7129  err_out_image_lock:
  7130          rbd_dev_image_unlock(rbd_dev);
  7131          rbd_dev_device_release(rbd_dev);
  7132  err_out_image_probe:
  7133          rbd_dev_image_release(rbd_dev);
  7134  err_out_rbd_dev:
  7135          rbd_dev_destroy(rbd_dev);
  7136  err_out_client:
  7137          rbd_put_client(rbdc);
  7138  err_out_args:
  7139          rbd_spec_put(ctx.rbd_spec);
  7140          kfree(ctx.rbd_opts);
  7141          ceph_destroy_options(ctx.opt);
                                     ^^^^^^^
Double free.

  7142          goto out;
  7143  }


regards,
dan carpenter