lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 2 Nov 2020 11:36:04 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     kbuild@...ts.01.org,
        Konstantin Komarov <almaz.alexandrovich@...agon-software.com>,
        linux-fsdevel@...r.kernel.org
Cc:     lkp@...el.com, Dan Carpenter <error27@...il.com>,
        kbuild-all@...ts.01.org, viro@...iv.linux.org.uk,
        linux-kernel@...r.kernel.org, pali@...nel.org, dsterba@...e.cz,
        aaptel@...e.com, willy@...radead.org, rdunlap@...radead.org,
        joe@...ches.com, mark@...mstone.com
Subject: [kbuild] Re: [PATCH v11 09/10] fs/ntfs3: Add NTFS3 in fs/Kconfig and
 fs/Makefile

Hi Konstantin,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on linus/master]
[also build test WARNING on v5.10-rc2 next-20201030]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch ]

url:    https://github.com/0day-ci/linux/commits/Konstantin-Komarov/NTFS-read-write-driver-GPL-implementation-by-Paragon-Software/20201031-220904 
base:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git  5fc6b075e165f641fbc366b58b578055762d5f8c
config: i386-randconfig-m021-20201101 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>

smatch warnings:
fs/ntfs3/attrib.c:331 attr_set_size_res() error: dereferencing freed memory 'attr_s'
fs/ntfs3/attrib.c:1267 attr_allocate_frame() error: uninitialized symbol 'hint'.
fs/ntfs3/attrib.c:1393 attr_allocate_frame() error: we previously assumed 'attr_b' could be null (see line 1306)
fs/ntfs3/namei.c:438 ntfs_rename() warn: variable dereferenced before check 'old_inode' (see line 296)
fs/ntfs3/fsntfs.c:844 ntfs_clear_mft_tail() error: uninitialized symbol 'err'.
fs/ntfs3/fsntfs.c:1294 ntfs_read_run_nb() error: uninitialized symbol 'idx'.
fs/ntfs3/frecord.c:166 ni_load_mi_ex() error: we previously assumed 'r' could be null (see line 159)
fs/ntfs3/frecord.c:505 ni_ins_new_attr() error: we previously assumed 'le' could be null (see line 490)
fs/ntfs3/frecord.c:658 ni_repack() warn: 'run.runs_' double freed
fs/ntfs3/frecord.c:1439 ni_insert_nonresident() warn: potential memory corrupting cast 8 vs 2 bytes
fs/ntfs3/frecord.c:2214 ni_read_frame() warn: ignoring unreachable code.
fs/ntfs3/xattr.c:514 ntfs_get_acl_ex() warn: passing zero to 'ERR_PTR'
fs/ntfs3/index.c:1133 indx_find() warn: variable dereferenced before check 'fnd' (see line 1117)
fs/ntfs3/index.c:1371 indx_find_raw() error: we previously assumed 'n' could be null (see line 1349)
fs/ntfs3/index.c:1404 indx_create_allocate() warn: should '1 << indx->index_bits' be a 64 bit type?
fs/ntfs3/index.c:1755 indx_insert_into_root() warn: possible memory leak of 're'
fs/ntfs3/index.c:549 hdr_find_split() warn: variable dereferenced before check 'e' (see line 547)
fs/ntfs3/inode.c:687 ntfs_readpage() warn: should 'page->index << 12' be a 64 bit type?
fs/ntfs3/fslog.c:2205 last_log_lsn() warn: possible memory leak of 'page_bufs'
fs/ntfs3/fslog.c:2418 find_log_rec() error: we previously assumed 'rh' could be null (see line 2404)
fs/ntfs3/fslog.c:2551 find_client_next_lsn() error: double free of 'lcb->lrh'
fs/ntfs3/fslog.c:639 enum_rstbl() error: we previously assumed 't' could be null (see line 628)
fs/ntfs3/fslog.c:3158 do_action() warn: variable dereferenced before check 'mi' (see line 3118)
fs/ntfs3/fslog.c:3913 log_replay() error: dereferencing freed memory 'rst_info.r_page'

vim +/attr_s +331 fs/ntfs3/attrib.c

e3a1cdcc648083 Konstantin Komarov 2020-10-30  241  static int attr_set_size_res(struct ntfs_inode *ni, struct ATTRIB *attr,
e3a1cdcc648083 Konstantin Komarov 2020-10-30  242  			     struct ATTR_LIST_ENTRY *le, struct mft_inode *mi,
e3a1cdcc648083 Konstantin Komarov 2020-10-30  243  			     u64 new_size, struct runs_tree *run,
e3a1cdcc648083 Konstantin Komarov 2020-10-30  244  			     struct ATTRIB **ins_attr)
e3a1cdcc648083 Konstantin Komarov 2020-10-30  245  {
e3a1cdcc648083 Konstantin Komarov 2020-10-30  246  	int err = 0;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  247  	struct ntfs_sb_info *sbi = mi->sbi;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  248  	struct MFT_REC *rec = mi->mrec;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  249  	u32 used = le32_to_cpu(rec->used);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  250  	u32 asize = le32_to_cpu(attr->size);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  251  	u32 aoff = PtrOffset(rec, attr);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  252  	u32 rsize = le32_to_cpu(attr->res.data_size);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  253  	u32 tail = used - aoff - asize;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  254  	char *next = Add2Ptr(attr, asize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  255  	int dsize = QuadAlign(new_size) - QuadAlign(rsize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  256  	CLST len, alen;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  257  	struct ATTRIB *attr_s = NULL;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  258  	bool is_ext;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  259  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  260  	if (dsize < 0) {
e3a1cdcc648083 Konstantin Komarov 2020-10-30  261  		memmove(next + dsize, next, tail);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  262  	} else if (dsize > 0) {
e3a1cdcc648083 Konstantin Komarov 2020-10-30  263  		if (used + dsize > sbi->max_bytes_per_attr)
e3a1cdcc648083 Konstantin Komarov 2020-10-30  264  			goto resident2nonresident;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  265  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  266  		memmove(next + dsize, next, tail);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  267  		memset(next, 0, dsize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  268  	}
e3a1cdcc648083 Konstantin Komarov 2020-10-30  269  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  270  	rec->used = cpu_to_le32(used + dsize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  271  	attr->size = cpu_to_le32(asize + dsize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  272  	attr->res.data_size = cpu_to_le32(new_size);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  273  	mi->dirty = true;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  274  	*ins_attr = attr;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  275  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  276  	return 0;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  277  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  278  resident2nonresident:
e3a1cdcc648083 Konstantin Komarov 2020-10-30  279  	len = bytes_to_cluster(sbi, rsize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  280  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  281  	run_init(run);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  282  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  283  	is_ext = is_attr_ext(attr);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  284  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  285  	if (!len) {
e3a1cdcc648083 Konstantin Komarov 2020-10-30  286  		alen = 0;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  287  	} else if (is_ext) {
e3a1cdcc648083 Konstantin Komarov 2020-10-30  288  		if (!run_add_entry(run, 0, SPARSE_LCN, len)) {
e3a1cdcc648083 Konstantin Komarov 2020-10-30  289  			err = -ENOMEM;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  290  			goto out;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  291  		}
e3a1cdcc648083 Konstantin Komarov 2020-10-30  292  		alen = len;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  293  	} else {
e3a1cdcc648083 Konstantin Komarov 2020-10-30  294  		err = attr_allocate_clusters(sbi, run, 0, 0, len, NULL,
e3a1cdcc648083 Konstantin Komarov 2020-10-30  295  					     ALLOCATE_DEF, &alen, 0, NULL);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  296  		if (err)
e3a1cdcc648083 Konstantin Komarov 2020-10-30  297  			goto out;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  298  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  299  		err = ntfs_sb_write_run(sbi, run, 0, resident_data(attr),
e3a1cdcc648083 Konstantin Komarov 2020-10-30  300  					rsize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  301  		if (err)
e3a1cdcc648083 Konstantin Komarov 2020-10-30  302  			goto out;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  303  	}
e3a1cdcc648083 Konstantin Komarov 2020-10-30  304  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  305  	attr_s = ntfs_memdup(attr, asize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  306  	if (!attr_s) {
e3a1cdcc648083 Konstantin Komarov 2020-10-30  307  		err = -ENOMEM;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  308  		goto out;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  309  	}
e3a1cdcc648083 Konstantin Komarov 2020-10-30  310  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  311  	/*verify(mi_remove_attr(mi, attr));*/
e3a1cdcc648083 Konstantin Komarov 2020-10-30  312  	used -= asize;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  313  	memmove(attr, Add2Ptr(attr, asize), used - aoff);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  314  	rec->used = cpu_to_le32(used);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  315  	mi->dirty = true;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  316  	if (le)
e3a1cdcc648083 Konstantin Komarov 2020-10-30  317  		al_remove_le(ni, le);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  318  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  319  	err = ni_insert_nonresident(ni, attr_s->type, attr_name(attr_s),
e3a1cdcc648083 Konstantin Komarov 2020-10-30  320  				    attr_s->name_len, run, 0, alen,
e3a1cdcc648083 Konstantin Komarov 2020-10-30  321  				    attr_s->flags, &attr, NULL);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  322  	if (err)
e3a1cdcc648083 Konstantin Komarov 2020-10-30  323  		goto out;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  324  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  325  	ntfs_free(attr_s);
                                                        ^^^^^^^^^^^^^^^^^
Freed.

e3a1cdcc648083 Konstantin Komarov 2020-10-30  326  	attr->nres.data_size = cpu_to_le64(rsize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  327  	attr->nres.valid_size = attr->nres.data_size;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  328  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  329  	*ins_attr = attr;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  330  
e3a1cdcc648083 Konstantin Komarov 2020-10-30 @331  	if (attr_s->type == ATTR_DATA && !attr_s->name_len &&
                                                            ^^^^^^^^^^^^                  ^^^^^^^^^^^^^^^^
Dereferenced after a free.

e3a1cdcc648083 Konstantin Komarov 2020-10-30  332  	    run == &ni->file.run) {
e3a1cdcc648083 Konstantin Komarov 2020-10-30  333  		ni->ni_flags &= ~NI_FLAG_RESIDENT;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  334  	}
e3a1cdcc648083 Konstantin Komarov 2020-10-30  335  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  336  	/* Resident attribute becomes non resident */
e3a1cdcc648083 Konstantin Komarov 2020-10-30  337  	return 0;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  338  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  339  out:
e3a1cdcc648083 Konstantin Komarov 2020-10-30  340  	/* undo: do not trim new allocated clusters */
e3a1cdcc648083 Konstantin Komarov 2020-10-30  341  	run_deallocate(sbi, run, false);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  342  	run_close(run);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  343  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  344  	if (attr_s) {
e3a1cdcc648083 Konstantin Komarov 2020-10-30  345  		memmove(next, Add2Ptr(rec, aoff), used - aoff);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  346  		memcpy(Add2Ptr(rec, aoff), attr_s, asize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  347  		rec->used = cpu_to_le32(used + asize);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  348  		mi->dirty = true;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  349  		ntfs_free(attr_s);
e3a1cdcc648083 Konstantin Komarov 2020-10-30  350  		/*reinsert le*/
e3a1cdcc648083 Konstantin Komarov 2020-10-30  351  	}
e3a1cdcc648083 Konstantin Komarov 2020-10-30  352  
e3a1cdcc648083 Konstantin Komarov 2020-10-30  353  	return err;
e3a1cdcc648083 Konstantin Komarov 2020-10-30  354  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org 

Download attachment ".config.gz" of type "application/gzip" (32884 bytes)

_______________________________________________
kbuild mailing list -- kbuild@...ts.01.org
To unsubscribe send an email to kbuild-leave@...ts.01.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ