lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5eb54f3e-3438-ba47-3d43-baf6b27aad0e@huawei.com>
Date:   Thu, 16 Nov 2023 10:54:29 +0800
From:   Wenchao Hao <haowenchao2@...wei.com>
To:     Xiubo Li <xiubli@...hat.com>, Ilya Dryomov <idryomov@...il.com>
CC:     Jeff Layton <jlayton@...nel.org>, <ceph-devel@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>, <louhongxiang@...wei.com>
Subject: Re: [PATCH] ceph: quota: Fix invalid pointer access in

On 2023/11/15 21:34, Xiubo Li wrote:
> 
> On 11/15/23 21:25, Ilya Dryomov wrote:
>> On Wed, Nov 15, 2023 at 2:17 PM Xiubo Li <xiubli@...hat.com> wrote:
>>>
>>> On 11/15/23 20:32, Ilya Dryomov wrote:
>>>> On Wed, Nov 15, 2023 at 1:35 AM Xiubo Li <xiubli@...hat.com> wrote:
>>>>> On 11/14/23 23:31, Wenchao Hao wrote:
>>>>>> This issue is reported by smatch, get_quota_realm() might return
>>>>>> ERR_PTR, so we should using IS_ERR_OR_NULL here to check the return
>>>>>> value.
>>>>>>
>>>>>> Signed-off-by: Wenchao Hao <haowenchao2@...wei.com>
>>>>>> ---
>>>>>>     fs/ceph/quota.c | 2 +-
>>>>>>     1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>>
>>>>>> diff --git a/fs/ceph/quota.c b/fs/ceph/quota.c
>>>>>> index 9d36c3532de1..c4b2929c6a83 100644
>>>>>> --- a/fs/ceph/quota.c
>>>>>> +++ b/fs/ceph/quota.c
>>>>>> @@ -495,7 +495,7 @@ bool ceph_quota_update_statfs(struct ceph_fs_client *fsc, struct kstatfs *buf)
>>>>>>         realm = get_quota_realm(mdsc, d_inode(fsc->sb->s_root),
>>>>>>                                 QUOTA_GET_MAX_BYTES, true);
>>>>>>         up_read(&mdsc->snap_rwsem);
>>>>>> -     if (!realm)
>>>>>> +     if (IS_ERR_OR_NULL(realm))
>>>>>>                 return false;
>>>>>>
>>>>>>         spin_lock(&realm->inodes_with_caps_lock);
>>>>> Good catch.
>>>>>
>>>>> Reviewed-by: Xiubo Li <xiubli@...hat.com>
>>>>>
>>>>> We should CC the stable mail list.
>>>> Hi Xiubo,
>>>>
>>>> What exactly is being fixed here?  get_quota_realm() is called with
>>>> retry=true, which means that no errors can be returned -- EAGAIN, the
>>>> only error that get_quota_realm() can otherwise generate, would be
>>>> handled internally by retrying.
>>> Yeah, that's true.
>>>
>>>> Am I missing something that makes this qualify for stable?
>>> Actually it's just for the smatch check for now.
>>>
>>> IMO we shouldn't depend on the 'retry', just potentially for new changes
>>> in future could return a ERR_PTR and cause potential bugs.
>> At present, ceph_quota_is_same_realm() also depends on it -- note how
>> old_realm isn't checked for errors at all and new_realm is only checked
>> for EAGAIN there.
>>
>>> If that's not worth to make it for stable, let's remove it.
>> Yes, let's remove it.  Please update the commit message as well, so
>> that it's clear that this is squashing a static checker warning and
>> doesn't actually fix any immediate bug.
> 
> WenChao,
> 
> Could update the commit comment and send the V2 ?
> 

OK, I would update the commit comment as following:

This issue is reported by smatch, get_quota_realm() might return
ERR_PTR. It's not a immediate bug because get_quota_realm() is called
with 'retry=true', no errors can be returned.

While we still should check the return value of get_quota_realm() with
IS_ERR_OR_NULL to avoid potential bugs if get_quota_realm() is changed
to return other ERR_PTR in future.

What's more, should I change the ceph_quota_is_same_realm() too?

Thanks

> Thanks
> 
> - Xiubo
> 
> 
>> Thanks,
>>
>>                  Ilya
>>
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ