lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aeb8b9e7-c2ce-e758-1b45-67572e686e2c@redhat.com>
Date:   Wed, 15 Nov 2023 21:17:28 +0800
From:   Xiubo Li <xiubli@...hat.com>
To:     Ilya Dryomov <idryomov@...il.com>
Cc:     Wenchao Hao <haowenchao2@...wei.com>,
        Jeff Layton <jlayton@...nel.org>, ceph-devel@...r.kernel.org,
        linux-kernel@...r.kernel.org, louhongxiang@...wei.com
Subject: Re: [PATCH] ceph: quota: Fix invalid pointer access in


On 11/15/23 20:32, Ilya Dryomov wrote:
> On Wed, Nov 15, 2023 at 1:35 AM Xiubo Li <xiubli@...hat.com> wrote:
>>
>> On 11/14/23 23:31, Wenchao Hao wrote:
>>> This issue is reported by smatch, get_quota_realm() might return
>>> ERR_PTR, so we should using IS_ERR_OR_NULL here to check the return
>>> value.
>>>
>>> Signed-off-by: Wenchao Hao <haowenchao2@...wei.com>
>>> ---
>>>    fs/ceph/quota.c | 2 +-
>>>    1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/fs/ceph/quota.c b/fs/ceph/quota.c
>>> index 9d36c3532de1..c4b2929c6a83 100644
>>> --- a/fs/ceph/quota.c
>>> +++ b/fs/ceph/quota.c
>>> @@ -495,7 +495,7 @@ bool ceph_quota_update_statfs(struct ceph_fs_client *fsc, struct kstatfs *buf)
>>>        realm = get_quota_realm(mdsc, d_inode(fsc->sb->s_root),
>>>                                QUOTA_GET_MAX_BYTES, true);
>>>        up_read(&mdsc->snap_rwsem);
>>> -     if (!realm)
>>> +     if (IS_ERR_OR_NULL(realm))
>>>                return false;
>>>
>>>        spin_lock(&realm->inodes_with_caps_lock);
>> Good catch.
>>
>> Reviewed-by: Xiubo Li <xiubli@...hat.com>
>>
>> We should CC the stable mail list.
> Hi Xiubo,
>
> What exactly is being fixed here?  get_quota_realm() is called with
> retry=true, which means that no errors can be returned -- EAGAIN, the
> only error that get_quota_realm() can otherwise generate, would be
> handled internally by retrying.

Yeah, that's true.

> Am I missing something that makes this qualify for stable?

Actually it's just for the smatch check for now.

IMO we shouldn't depend on the 'retry', just potentially for new changes 
in future could return a ERR_PTR and cause potential bugs.

If that's not worth to make it for stable, let's remove it.

Thanks

- Xiubo

>
> Thanks,
>
>                  Ilya
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ