* Re: f2fs: avoid abnormal behavior on broken symlink
@ 2015-04-20 14:49 Dan Carpenter
2015-04-21 18:20 ` Jaegeuk Kim
0 siblings, 1 reply; 9+ messages in thread
From: Dan Carpenter @ 2015-04-20 14:49 UTC (permalink / raw
To: jaegeuk; +Cc: linux-f2fs-devel
Hello Jaegeuk Kim,
The patch feb7cbb079e6: "f2fs: avoid abnormal behavior on broken
symlink" from Apr 15, 2015, leads to the following static checker
warning:
fs/f2fs/namei.c:304 f2fs_follow_link()
warn: 'page' isn't an ERR_PTR
fs/f2fs/namei.c
299 static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
300 {
301 struct page *page;
302
303 page = page_follow_link_light(dentry, nd);
304 if (IS_ERR(page))
^^^^
The code in page_follow_link_light() is a bit hard to follow but it
returns NULL on error.
305 return page;
306
307 /* this is broken symlink case */
308 if (*nd_get_link(nd) == 0) {
309 kunmap(page);
^^^^^^^^^^^^
Potential NULL deref.
310 page_cache_release(page);
311 return ERR_PTR(-ENOENT);
312 }
313 return page;
314 }
regards,
dan carpenter
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: f2fs: avoid abnormal behavior on broken symlink
2015-04-20 14:49 f2fs: avoid abnormal behavior on broken symlink Dan Carpenter
@ 2015-04-21 18:20 ` Jaegeuk Kim
2015-04-22 6:28 ` Chao Yu
0 siblings, 1 reply; 9+ messages in thread
From: Jaegeuk Kim @ 2015-04-21 18:20 UTC (permalink / raw
To: Dan Carpenter; +Cc: linux-f2fs-devel
Hi Dan,
Thank you for letting me know.
I wrote a patch for this below.
Thanks,
On Mon, Apr 20, 2015 at 05:49:47PM +0300, Dan Carpenter wrote:
> Hello Jaegeuk Kim,
>
> The patch feb7cbb079e6: "f2fs: avoid abnormal behavior on broken
> symlink" from Apr 15, 2015, leads to the following static checker
> warning:
>
> fs/f2fs/namei.c:304 f2fs_follow_link()
> warn: 'page' isn't an ERR_PTR
>
> fs/f2fs/namei.c
> 299 static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> 300 {
> 301 struct page *page;
> 302
> 303 page = page_follow_link_light(dentry, nd);
> 304 if (IS_ERR(page))
> ^^^^
> The code in page_follow_link_light() is a bit hard to follow but it
> returns NULL on error.
>
> 305 return page;
> 306
> 307 /* this is broken symlink case */
> 308 if (*nd_get_link(nd) == 0) {
> 309 kunmap(page);
> ^^^^^^^^^^^^
> Potential NULL deref.
>
> 310 page_cache_release(page);
> 311 return ERR_PTR(-ENOENT);
> 312 }
> 313 return page;
> 314 }
>
> regards,
> dan carpenter
>From 52889398489d4edc0cb016ae24036b994e3d9ccd Mon Sep 17 00:00:00 2001
From: Jaegeuk Kim <jaegeuk@kernel.org>
Date: Mon, 20 Apr 2015 16:30:14 -0700
Subject: [PATCH] f2fs: fix wrong error hanlder in f2fs_follow_link
The page_follow_link_light returns NULL and its error pointer was remained
in nd->path.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
---
fs/f2fs/namei.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
index 407dde3..678b6dd 100644
--- a/fs/f2fs/namei.c
+++ b/fs/f2fs/namei.c
@@ -301,8 +301,8 @@ static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
struct page *page;
page = page_follow_link_light(dentry, nd);
- if (IS_ERR(page))
- return page;
+ if (!page)
+ return NULL;
/* this is broken symlink case */
if (*nd_get_link(nd) == 0) {
--
2.1.1
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: f2fs: avoid abnormal behavior on broken symlink
2015-04-21 18:20 ` Jaegeuk Kim
@ 2015-04-22 6:28 ` Chao Yu
2015-04-22 7:48 ` Jaegeuk Kim
2015-04-22 10:27 ` Dan Carpenter
0 siblings, 2 replies; 9+ messages in thread
From: Chao Yu @ 2015-04-22 6:28 UTC (permalink / raw
To: 'Jaegeuk Kim', 'Dan Carpenter'; +Cc: linux-f2fs-devel
Hi all,
> -----Original Message-----
> From: Jaegeuk Kim [mailto:jaegeuk@kernel.org]
> Sent: Wednesday, April 22, 2015 2:21 AM
> To: Dan Carpenter
> Cc: linux-f2fs-devel@lists.sourceforge.net
> Subject: Re: [f2fs-dev] f2fs: avoid abnormal behavior on broken symlink
>
> Hi Dan,
>
> Thank you for letting me know.
> I wrote a patch for this below.
>
> Thanks,
>
> On Mon, Apr 20, 2015 at 05:49:47PM +0300, Dan Carpenter wrote:
> > Hello Jaegeuk Kim,
> >
> > The patch feb7cbb079e6: "f2fs: avoid abnormal behavior on broken
> > symlink" from Apr 15, 2015, leads to the following static checker
> > warning:
> >
> > fs/f2fs/namei.c:304 f2fs_follow_link()
> > warn: 'page' isn't an ERR_PTR
> >
> > fs/f2fs/namei.c
> > 299 static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> > 300 {
> > 301 struct page *page;
> > 302
> > 303 page = page_follow_link_light(dentry, nd);
> > 304 if (IS_ERR(page))
> > ^^^^
> > The code in page_follow_link_light() is a bit hard to follow but it
> > returns NULL on error.
I try to find out the other callers' error handling method for
page_follow_link_light, and it shows all of them use the "IS_ERR" one.
In page_follow_link_light I also can't find a path which will return a NULL value.
So, Dan, is that report from smatch not true? or I made a mistake? If so, please
correct me.
Thanks,
> >
> > 305 return page;
> > 306
> > 307 /* this is broken symlink case */
> > 308 if (*nd_get_link(nd) == 0) {
> > 309 kunmap(page);
> > ^^^^^^^^^^^^
> > Potential NULL deref.
> >
> > 310 page_cache_release(page);
> > 311 return ERR_PTR(-ENOENT);
> > 312 }
> > 313 return page;
> > 314 }
> >
> > regards,
> > dan carpenter
>
> >From 52889398489d4edc0cb016ae24036b994e3d9ccd Mon Sep 17 00:00:00 2001
> From: Jaegeuk Kim <jaegeuk@kernel.org>
> Date: Mon, 20 Apr 2015 16:30:14 -0700
> Subject: [PATCH] f2fs: fix wrong error hanlder in f2fs_follow_link
>
> The page_follow_link_light returns NULL and its error pointer was remained
> in nd->path.
>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
> ---
> fs/f2fs/namei.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
> index 407dde3..678b6dd 100644
> --- a/fs/f2fs/namei.c
> +++ b/fs/f2fs/namei.c
> @@ -301,8 +301,8 @@ static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> struct page *page;
>
> page = page_follow_link_light(dentry, nd);
> - if (IS_ERR(page))
> - return page;
> + if (!page)
> + return NULL;
>
> /* this is broken symlink case */
> if (*nd_get_link(nd) == 0) {
> --
> 2.1.1
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> Linux-f2fs-devel mailing list
> Linux-f2fs-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: f2fs: avoid abnormal behavior on broken symlink
2015-04-22 6:28 ` Chao Yu
@ 2015-04-22 7:48 ` Jaegeuk Kim
2015-04-22 9:31 ` Chao Yu
2015-04-22 10:27 ` Dan Carpenter
1 sibling, 1 reply; 9+ messages in thread
From: Jaegeuk Kim @ 2015-04-22 7:48 UTC (permalink / raw
To: Chao Yu; +Cc: 'Dan Carpenter', linux-f2fs-devel
Hi Chao,
On Wed, Apr 22, 2015 at 02:28:22PM +0800, Chao Yu wrote:
> Hi all,
>
> > -----Original Message-----
> > From: Jaegeuk Kim [mailto:jaegeuk@kernel.org]
> > Sent: Wednesday, April 22, 2015 2:21 AM
> > To: Dan Carpenter
> > Cc: linux-f2fs-devel@lists.sourceforge.net
> > Subject: Re: [f2fs-dev] f2fs: avoid abnormal behavior on broken symlink
> >
> > Hi Dan,
> >
> > Thank you for letting me know.
> > I wrote a patch for this below.
> >
> > Thanks,
> >
> > On Mon, Apr 20, 2015 at 05:49:47PM +0300, Dan Carpenter wrote:
> > > Hello Jaegeuk Kim,
> > >
> > > The patch feb7cbb079e6: "f2fs: avoid abnormal behavior on broken
> > > symlink" from Apr 15, 2015, leads to the following static checker
> > > warning:
> > >
> > > fs/f2fs/namei.c:304 f2fs_follow_link()
> > > warn: 'page' isn't an ERR_PTR
> > >
> > > fs/f2fs/namei.c
> > > 299 static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> > > 300 {
> > > 301 struct page *page;
> > > 302
> > > 303 page = page_follow_link_light(dentry, nd);
> > > 304 if (IS_ERR(page))
> > > ^^^^
> > > The code in page_follow_link_light() is a bit hard to follow but it
> > > returns NULL on error.
>
> I try to find out the other callers' error handling method for
> page_follow_link_light, and it shows all of them use the "IS_ERR" one.
>
> In page_follow_link_light I also can't find a path which will return a NULL value.
>
> So, Dan, is that report from smatch not true? or I made a mistake? If so, please
> correct me.
The page_getlink returns ERR_PTR(page) without setting *ppage.
So, page_follow_link_light returns NULL and nd->saved_names[nd->depth] has
error pointer by nd_set_link().
Thanks,
>
> Thanks,
>
> > >
> > > 305 return page;
> > > 306
> > > 307 /* this is broken symlink case */
> > > 308 if (*nd_get_link(nd) == 0) {
> > > 309 kunmap(page);
> > > ^^^^^^^^^^^^
> > > Potential NULL deref.
> > >
> > > 310 page_cache_release(page);
> > > 311 return ERR_PTR(-ENOENT);
> > > 312 }
> > > 313 return page;
> > > 314 }
> > >
> > > regards,
> > > dan carpenter
> >
> > >From 52889398489d4edc0cb016ae24036b994e3d9ccd Mon Sep 17 00:00:00 2001
> > From: Jaegeuk Kim <jaegeuk@kernel.org>
> > Date: Mon, 20 Apr 2015 16:30:14 -0700
> > Subject: [PATCH] f2fs: fix wrong error hanlder in f2fs_follow_link
> >
> > The page_follow_link_light returns NULL and its error pointer was remained
> > in nd->path.
> >
> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> > Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
> > ---
> > fs/f2fs/namei.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
> > index 407dde3..678b6dd 100644
> > --- a/fs/f2fs/namei.c
> > +++ b/fs/f2fs/namei.c
> > @@ -301,8 +301,8 @@ static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> > struct page *page;
> >
> > page = page_follow_link_light(dentry, nd);
> > - if (IS_ERR(page))
> > - return page;
> > + if (!page)
> > + return NULL;
> >
> > /* this is broken symlink case */
> > if (*nd_get_link(nd) == 0) {
> > --
> > 2.1.1
> >
> > ------------------------------------------------------------------------------
> > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> > Develop your own process in accordance with the BPMN 2 standard
> > Learn Process modeling best practices with Bonita BPM through live exercises
> > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> > _______________________________________________
> > Linux-f2fs-devel mailing list
> > Linux-f2fs-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: f2fs: avoid abnormal behavior on broken symlink
2015-04-22 7:48 ` Jaegeuk Kim
@ 2015-04-22 9:31 ` Chao Yu
2015-04-22 16:52 ` Jaegeuk Kim
0 siblings, 1 reply; 9+ messages in thread
From: Chao Yu @ 2015-04-22 9:31 UTC (permalink / raw
To: 'Jaegeuk Kim'; +Cc: 'Dan Carpenter', linux-f2fs-devel
Hi Jaegeuk,
> -----Original Message-----
> From: Jaegeuk Kim [mailto:jaegeuk@kernel.org]
> Sent: Wednesday, April 22, 2015 3:49 PM
> To: Chao Yu
> Cc: 'Dan Carpenter'; linux-f2fs-devel@lists.sourceforge.net
> Subject: Re: [f2fs-dev] f2fs: avoid abnormal behavior on broken symlink
>
> Hi Chao,
>
> On Wed, Apr 22, 2015 at 02:28:22PM +0800, Chao Yu wrote:
> > Hi all,
> >
> > > -----Original Message-----
> > > From: Jaegeuk Kim [mailto:jaegeuk@kernel.org]
> > > Sent: Wednesday, April 22, 2015 2:21 AM
> > > To: Dan Carpenter
> > > Cc: linux-f2fs-devel@lists.sourceforge.net
> > > Subject: Re: [f2fs-dev] f2fs: avoid abnormal behavior on broken symlink
> > >
> > > Hi Dan,
> > >
> > > Thank you for letting me know.
> > > I wrote a patch for this below.
> > >
> > > Thanks,
> > >
> > > On Mon, Apr 20, 2015 at 05:49:47PM +0300, Dan Carpenter wrote:
> > > > Hello Jaegeuk Kim,
> > > >
> > > > The patch feb7cbb079e6: "f2fs: avoid abnormal behavior on broken
> > > > symlink" from Apr 15, 2015, leads to the following static checker
> > > > warning:
> > > >
> > > > fs/f2fs/namei.c:304 f2fs_follow_link()
> > > > warn: 'page' isn't an ERR_PTR
> > > >
> > > > fs/f2fs/namei.c
> > > > 299 static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> > > > 300 {
> > > > 301 struct page *page;
> > > > 302
> > > > 303 page = page_follow_link_light(dentry, nd);
> > > > 304 if (IS_ERR(page))
> > > > ^^^^
> > > > The code in page_follow_link_light() is a bit hard to follow but it
> > > > returns NULL on error.
> >
> > I try to find out the other callers' error handling method for
> > page_follow_link_light, and it shows all of them use the "IS_ERR" one.
> >
> > In page_follow_link_light I also can't find a path which will return a NULL value.
> >
> > So, Dan, is that report from smatch not true? or I made a mistake? If so, please
> > correct me.
>
> The page_getlink returns ERR_PTR(page) without setting *ppage.
> So, page_follow_link_light returns NULL and nd->saved_names[nd->depth] has
> error pointer by nd_set_link().
Yes, I can see it in last linux-next repo. But in commit 093ee96e7e37
("new ->follow_link() and ->put_link() calling conventions"), it has
been refactored by Al Viro in his tree. You can see it in following link:
https://git.kernel.org/cgit/linux/kernel/git/viro/vfs.git/commit/?h=link_path_walk&id=093ee96e7e3770b7188ed8aec18378309da3fe79
If this commit is been merged into mainline, our patch could be a wrong fixing.
So how about keeping this patch and wait?
Thanks,
>
> Thanks,
>
> >
> > Thanks,
> >
> > > >
> > > > 305 return page;
> > > > 306
> > > > 307 /* this is broken symlink case */
> > > > 308 if (*nd_get_link(nd) == 0) {
> > > > 309 kunmap(page);
> > > > ^^^^^^^^^^^^
> > > > Potential NULL deref.
> > > >
> > > > 310 page_cache_release(page);
> > > > 311 return ERR_PTR(-ENOENT);
> > > > 312 }
> > > > 313 return page;
> > > > 314 }
> > > >
> > > > regards,
> > > > dan carpenter
> > >
> > > >From 52889398489d4edc0cb016ae24036b994e3d9ccd Mon Sep 17 00:00:00 2001
> > > From: Jaegeuk Kim <jaegeuk@kernel.org>
> > > Date: Mon, 20 Apr 2015 16:30:14 -0700
> > > Subject: [PATCH] f2fs: fix wrong error hanlder in f2fs_follow_link
> > >
> > > The page_follow_link_light returns NULL and its error pointer was remained
> > > in nd->path.
> > >
> > > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> > > Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
> > > ---
> > > fs/f2fs/namei.c | 4 ++--
> > > 1 file changed, 2 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
> > > index 407dde3..678b6dd 100644
> > > --- a/fs/f2fs/namei.c
> > > +++ b/fs/f2fs/namei.c
> > > @@ -301,8 +301,8 @@ static void *f2fs_follow_link(struct dentry *dentry, struct nameidata
> *nd)
> > > struct page *page;
> > >
> > > page = page_follow_link_light(dentry, nd);
> > > - if (IS_ERR(page))
> > > - return page;
> > > + if (!page)
> > > + return NULL;
> > >
> > > /* this is broken symlink case */
> > > if (*nd_get_link(nd) == 0) {
> > > --
> > > 2.1.1
> > >
> > > ------------------------------------------------------------------------------
> > > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> > > Develop your own process in accordance with the BPMN 2 standard
> > > Learn Process modeling best practices with Bonita BPM through live exercises
> > > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> > > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> > > _______________________________________________
> > > Linux-f2fs-devel mailing list
> > > Linux-f2fs-devel@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: f2fs: avoid abnormal behavior on broken symlink
2015-04-22 6:28 ` Chao Yu
2015-04-22 7:48 ` Jaegeuk Kim
@ 2015-04-22 10:27 ` Dan Carpenter
2015-04-22 18:13 ` Jaegeuk Kim
1 sibling, 1 reply; 9+ messages in thread
From: Dan Carpenter @ 2015-04-22 10:27 UTC (permalink / raw
To: Chao Yu; +Cc: 'Jaegeuk Kim', linux-f2fs-devel
On Wed, Apr 22, 2015 at 02:28:22PM +0800, Chao Yu wrote:
> > > fs/f2fs/namei.c
> > > 299 static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> > > 300 {
> > > 301 struct page *page;
> > > 302
> > > 303 page = page_follow_link_light(dentry, nd);
> > > 304 if (IS_ERR(page))
> > > ^^^^
> > > The code in page_follow_link_light() is a bit hard to follow but it
> > > returns NULL on error.
>
> I try to find out the other callers' error handling method for
> page_follow_link_light, and it shows all of them use the "IS_ERR" one.
>
> In page_follow_link_light I also can't find a path which will return a NULL value.
>
> So, Dan, is that report from smatch not true? or I made a mistake? If so, please
> correct me.
Smatch is correct, it returns NULL on error. However, I agree that it
looks like it is supposed to return an ERR_PTR. Every caller seems to
expect that.
I suspect the right fix is to change page_follow_link_light(). But I
don't know this code very well so I just sent the bug report instead of
fixing it myself. :)
regards,
dan carpenter
diff --git a/fs/namei.c b/fs/namei.c
index ffab2e0..5ca251e 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -4473,7 +4473,12 @@ EXPORT_SYMBOL(page_readlink);
void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd)
{
struct page *page = NULL;
- nd_set_link(nd, page_getlink(dentry, &page));
+ char *link;
+
+ link = page_getlink(dentry, &page);
+ if (IS_ERR(link))
+ return link;
+ nd_set_link(nd, link);
return page;
}
EXPORT_SYMBOL(page_follow_link_light);
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: f2fs: avoid abnormal behavior on broken symlink
2015-04-22 9:31 ` Chao Yu
@ 2015-04-22 16:52 ` Jaegeuk Kim
0 siblings, 0 replies; 9+ messages in thread
From: Jaegeuk Kim @ 2015-04-22 16:52 UTC (permalink / raw
To: Chao Yu; +Cc: 'Dan Carpenter', linux-f2fs-devel
Hi Chao,
On Wed, Apr 22, 2015 at 05:31:30PM +0800, Chao Yu wrote:
> Hi Jaegeuk,
>
> > -----Original Message-----
> > From: Jaegeuk Kim [mailto:jaegeuk@kernel.org]
> > Sent: Wednesday, April 22, 2015 3:49 PM
> > To: Chao Yu
> > Cc: 'Dan Carpenter'; linux-f2fs-devel@lists.sourceforge.net
> > Subject: Re: [f2fs-dev] f2fs: avoid abnormal behavior on broken symlink
> >
> > Hi Chao,
> >
> > On Wed, Apr 22, 2015 at 02:28:22PM +0800, Chao Yu wrote:
> > > Hi all,
> > >
> > > > -----Original Message-----
> > > > From: Jaegeuk Kim [mailto:jaegeuk@kernel.org]
> > > > Sent: Wednesday, April 22, 2015 2:21 AM
> > > > To: Dan Carpenter
> > > > Cc: linux-f2fs-devel@lists.sourceforge.net
> > > > Subject: Re: [f2fs-dev] f2fs: avoid abnormal behavior on broken symlink
> > > >
> > > > Hi Dan,
> > > >
> > > > Thank you for letting me know.
> > > > I wrote a patch for this below.
> > > >
> > > > Thanks,
> > > >
> > > > On Mon, Apr 20, 2015 at 05:49:47PM +0300, Dan Carpenter wrote:
> > > > > Hello Jaegeuk Kim,
> > > > >
> > > > > The patch feb7cbb079e6: "f2fs: avoid abnormal behavior on broken
> > > > > symlink" from Apr 15, 2015, leads to the following static checker
> > > > > warning:
> > > > >
> > > > > fs/f2fs/namei.c:304 f2fs_follow_link()
> > > > > warn: 'page' isn't an ERR_PTR
> > > > >
> > > > > fs/f2fs/namei.c
> > > > > 299 static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> > > > > 300 {
> > > > > 301 struct page *page;
> > > > > 302
> > > > > 303 page = page_follow_link_light(dentry, nd);
> > > > > 304 if (IS_ERR(page))
> > > > > ^^^^
> > > > > The code in page_follow_link_light() is a bit hard to follow but it
> > > > > returns NULL on error.
> > >
> > > I try to find out the other callers' error handling method for
> > > page_follow_link_light, and it shows all of them use the "IS_ERR" one.
> > >
> > > In page_follow_link_light I also can't find a path which will return a NULL value.
> > >
> > > So, Dan, is that report from smatch not true? or I made a mistake? If so, please
> > > correct me.
> >
> > The page_getlink returns ERR_PTR(page) without setting *ppage.
> > So, page_follow_link_light returns NULL and nd->saved_names[nd->depth] has
> > error pointer by nd_set_link().
>
> Yes, I can see it in last linux-next repo. But in commit 093ee96e7e37
> ("new ->follow_link() and ->put_link() calling conventions"), it has
> been refactored by Al Viro in his tree. You can see it in following link:
>
> https://git.kernel.org/cgit/linux/kernel/git/viro/vfs.git/commit/?h=link_path_walk&id=093ee96e7e3770b7188ed8aec18378309da3fe79
>
> If this commit is been merged into mainline, our patch could be a wrong fixing.
AFAICT, that is not merged yet, which means Al needs to change f2fs_follow_link,
since f2fs was merged already.
>
> So how about keeping this patch and wait?
Sure. At least, I think that can be merged after rc1.
Thanks,
>
> Thanks,
>
> >
> > Thanks,
> >
> > >
> > > Thanks,
> > >
> > > > >
> > > > > 305 return page;
> > > > > 306
> > > > > 307 /* this is broken symlink case */
> > > > > 308 if (*nd_get_link(nd) == 0) {
> > > > > 309 kunmap(page);
> > > > > ^^^^^^^^^^^^
> > > > > Potential NULL deref.
> > > > >
> > > > > 310 page_cache_release(page);
> > > > > 311 return ERR_PTR(-ENOENT);
> > > > > 312 }
> > > > > 313 return page;
> > > > > 314 }
> > > > >
> > > > > regards,
> > > > > dan carpenter
> > > >
> > > > >From 52889398489d4edc0cb016ae24036b994e3d9ccd Mon Sep 17 00:00:00 2001
> > > > From: Jaegeuk Kim <jaegeuk@kernel.org>
> > > > Date: Mon, 20 Apr 2015 16:30:14 -0700
> > > > Subject: [PATCH] f2fs: fix wrong error hanlder in f2fs_follow_link
> > > >
> > > > The page_follow_link_light returns NULL and its error pointer was remained
> > > > in nd->path.
> > > >
> > > > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> > > > Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
> > > > ---
> > > > fs/f2fs/namei.c | 4 ++--
> > > > 1 file changed, 2 insertions(+), 2 deletions(-)
> > > >
> > > > diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
> > > > index 407dde3..678b6dd 100644
> > > > --- a/fs/f2fs/namei.c
> > > > +++ b/fs/f2fs/namei.c
> > > > @@ -301,8 +301,8 @@ static void *f2fs_follow_link(struct dentry *dentry, struct nameidata
> > *nd)
> > > > struct page *page;
> > > >
> > > > page = page_follow_link_light(dentry, nd);
> > > > - if (IS_ERR(page))
> > > > - return page;
> > > > + if (!page)
> > > > + return NULL;
> > > >
> > > > /* this is broken symlink case */
> > > > if (*nd_get_link(nd) == 0) {
> > > > --
> > > > 2.1.1
> > > >
> > > > ------------------------------------------------------------------------------
> > > > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> > > > Develop your own process in accordance with the BPMN 2 standard
> > > > Learn Process modeling best practices with Bonita BPM through live exercises
> > > > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> > > > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> > > > _______________________________________________
> > > > Linux-f2fs-devel mailing list
> > > > Linux-f2fs-devel@lists.sourceforge.net
> > > > https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: f2fs: avoid abnormal behavior on broken symlink
2015-04-22 10:27 ` Dan Carpenter
@ 2015-04-22 18:13 ` Jaegeuk Kim
2015-04-22 19:19 ` Dan Carpenter
0 siblings, 1 reply; 9+ messages in thread
From: Jaegeuk Kim @ 2015-04-22 18:13 UTC (permalink / raw
To: Dan Carpenter; +Cc: linux-f2fs-devel
On Wed, Apr 22, 2015 at 01:27:22PM +0300, Dan Carpenter wrote:
> On Wed, Apr 22, 2015 at 02:28:22PM +0800, Chao Yu wrote:
> > > > fs/f2fs/namei.c
> > > > 299 static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> > > > 300 {
> > > > 301 struct page *page;
> > > > 302
> > > > 303 page = page_follow_link_light(dentry, nd);
> > > > 304 if (IS_ERR(page))
> > > > ^^^^
> > > > The code in page_follow_link_light() is a bit hard to follow but it
> > > > returns NULL on error.
> >
> > I try to find out the other callers' error handling method for
> > page_follow_link_light, and it shows all of them use the "IS_ERR" one.
> >
> > In page_follow_link_light I also can't find a path which will return a NULL value.
> >
> > So, Dan, is that report from smatch not true? or I made a mistake? If so, please
> > correct me.
>
> Smatch is correct, it returns NULL on error. However, I agree that it
> looks like it is supposed to return an ERR_PTR. Every caller seems to
> expect that.
Well, at least, it seems vfs handles the error correctly.
The page_follow_link_light is used only by several filesystems.
And, follow_link is called by:
1. fs/namei.c <<follow_link>>
-> No problem. It checks the error with nd->saved_names.
2. fs/namei.c <<generic_readlink>>
-> No problem. The error is checked by readlink_copy.
Whatever it is expected or not, the fact is that there is no bug in vfs.
So at this moment, IMO, it needs to fix f2fs_follow_link by adding
IS_ERR_OR_NULL() to avoid all the cases (including the backporting effort).
As Chao mentioned, it seems that Al is going to fix that with new convention,
though. :)
Thanks,
>
> I suspect the right fix is to change page_follow_link_light(). But I
> don't know this code very well so I just sent the bug report instead of
> fixing it myself. :)
>
> regards,
> dan carpenter
>
> diff --git a/fs/namei.c b/fs/namei.c
> index ffab2e0..5ca251e 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -4473,7 +4473,12 @@ EXPORT_SYMBOL(page_readlink);
> void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd)
> {
> struct page *page = NULL;
> - nd_set_link(nd, page_getlink(dentry, &page));
> + char *link;
> +
> + link = page_getlink(dentry, &page);
> + if (IS_ERR(link))
> + return link;
> + nd_set_link(nd, link);
> return page;
> }
> EXPORT_SYMBOL(page_follow_link_light);
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: f2fs: avoid abnormal behavior on broken symlink
2015-04-22 18:13 ` Jaegeuk Kim
@ 2015-04-22 19:19 ` Dan Carpenter
0 siblings, 0 replies; 9+ messages in thread
From: Dan Carpenter @ 2015-04-22 19:19 UTC (permalink / raw
To: Jaegeuk Kim; +Cc: linux-f2fs-devel
On Wed, Apr 22, 2015 at 11:13:36AM -0700, Jaegeuk Kim wrote:
> On Wed, Apr 22, 2015 at 01:27:22PM +0300, Dan Carpenter wrote:
> > On Wed, Apr 22, 2015 at 02:28:22PM +0800, Chao Yu wrote:
> > > > > fs/f2fs/namei.c
> > > > > 299 static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> > > > > 300 {
> > > > > 301 struct page *page;
> > > > > 302
> > > > > 303 page = page_follow_link_light(dentry, nd);
> > > > > 304 if (IS_ERR(page))
> > > > > ^^^^
> > > > > The code in page_follow_link_light() is a bit hard to follow but it
> > > > > returns NULL on error.
> > >
> > > I try to find out the other callers' error handling method for
> > > page_follow_link_light, and it shows all of them use the "IS_ERR" one.
> > >
> > > In page_follow_link_light I also can't find a path which will return a NULL value.
> > >
> > > So, Dan, is that report from smatch not true? or I made a mistake? If so, please
> > > correct me.
> >
> > Smatch is correct, it returns NULL on error. However, I agree that it
> > looks like it is supposed to return an ERR_PTR. Every caller seems to
> > expect that.
>
> Well, at least, it seems vfs handles the error correctly.
> The page_follow_link_light is used only by several filesystems.
>
> And, follow_link is called by:
>
> 1. fs/namei.c <<follow_link>>
> -> No problem. It checks the error with nd->saved_names.
>
> 2. fs/namei.c <<generic_readlink>>
> -> No problem. The error is checked by readlink_copy.
You're right. My patch was wrong because it doesn't set
nd->saved_names. But wow, though! So convoluted!
4423 /*
4424 * A helper for ->readlink(). This should be used *ONLY* for symlinks that
4425 * have ->follow_link() touching nd only in nd_set_link(). Using (or not
4426 * using) it for any given inode is up to filesystem.
4427 */
4428 int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
4429 {
4430 struct nameidata nd;
4431 void *cookie;
4432 int res;
4433
4434 nd.depth = 0;
4435 cookie = dentry->d_inode->i_op->follow_link(dentry, &nd);
4436 if (IS_ERR(cookie))
4437 return PTR_ERR(cookie);
Even though we don't return here, the rest of the function is a no-op.
4438
4439 res = readlink_copy(buffer, buflen, nd_get_link(&nd));
4440 if (dentry->d_inode->i_op->put_link)
4441 dentry->d_inode->i_op->put_link(dentry, &nd, cookie);
4442 return res;
4443 }
4444 EXPORT_SYMBOL(generic_readlink);
>
> Whatever it is expected or not, the fact is that there is no bug in vfs.
> So at this moment, IMO, it needs to fix f2fs_follow_link by adding
> IS_ERR_OR_NULL() to avoid all the cases (including the backporting effort).
>
I guess that works... The follow_link() functions often seem to return
NULL on sucess. But the page_follow_link_light() only returns NULL on
error. It's very strange.
regards,
dan carpenter
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2015-04-22 19:20 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-04-20 14:49 f2fs: avoid abnormal behavior on broken symlink Dan Carpenter
2015-04-21 18:20 ` Jaegeuk Kim
2015-04-22 6:28 ` Chao Yu
2015-04-22 7:48 ` Jaegeuk Kim
2015-04-22 9:31 ` Chao Yu
2015-04-22 16:52 ` Jaegeuk Kim
2015-04-22 10:27 ` Dan Carpenter
2015-04-22 18:13 ` Jaegeuk Kim
2015-04-22 19:19 ` Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).