| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5eb54f3e-3438-ba47-3d43-baf6b27aad0e@huawei.com>
Date: Thu, 16 Nov 2023 10:54:29 +0800
From: Wenchao Hao <haowenchao2@...wei.com>
To: Xiubo Li <xiubli@...hat.com>, Ilya Dryomov <idryomov@...il.com>
CC: Jeff Layton <jlayton@...nel.org>, <ceph-devel@...r.kernel.org>,
<linux-kernel@...r.kernel.org>, <louhongxiang@...wei.com>
Subject: Re: [PATCH] ceph: quota: Fix invalid pointer access in
On 2023/11/15 21:34, Xiubo Li wrote:
>
> On 11/15/23 21:25, Ilya Dryomov wrote:
>> On Wed, Nov 15, 2023 at 2:17 PM Xiubo Li <xiubli@...hat.com> wrote:
>>>
>>> On 11/15/23 20:32, Ilya Dryomov wrote:
>>>> On Wed, Nov 15, 2023 at 1:35 AM Xiubo Li <xiubli@...hat.com> wrote:
>>>>> On 11/14/23 23:31, Wenchao Hao wrote:
>>>>>> This issue is reported by smatch, get_quota_realm() might return
>>>>>> ERR_PTR, so we should using IS_ERR_OR_NULL here to check the return
>>>>>> value.
>>>>>>
>>>>>> Signed-off-by: Wenchao Hao <haowenchao2@...wei.com>
>>>>>> ---
>>>>>> fs/ceph/quota.c | 2 +-
>>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>>
>>>>>> diff --git a/fs/ceph/quota.c b/fs/ceph/quota.c
>>>>>> index 9d36c3532de1..c4b2929c6a83 100644
>>>>>> --- a/fs/ceph/quota.c
>>>>>> +++ b/fs/ceph/quota.c
>>>>>> @@ -495,7 +495,7 @@ bool ceph_quota_update_statfs(struct ceph_fs_client *fsc, struct kstatfs *buf)
>>>>>> realm = get_quota_realm(mdsc, d_inode(fsc->sb->s_root),
>>>>>> QUOTA_GET_MAX_BYTES, true);
>>>>>> up_read(&mdsc->snap_rwsem);
>>>>>> - if (!realm)
>>>>>> + if (IS_ERR_OR_NULL(realm))
>>>>>> return false;
>>>>>>
>>>>>> spin_lock(&realm->inodes_with_caps_lock);
>>>>> Good catch.
>>>>>
>>>>> Reviewed-by: Xiubo Li <xiubli@...hat.com>
>>>>>
>>>>> We should CC the stable mail list.
>>>> Hi Xiubo,
>>>>
>>>> What exactly is being fixed here? get_quota_realm() is called with
>>>> retry=true, which means that no errors can be returned -- EAGAIN, the
>>>> only error that get_quota_realm() can otherwise generate, would be
>>>> handled internally by retrying.
>>> Yeah, that's true.
>>>
>>>> Am I missing something that makes this qualify for stable?
>>> Actually it's just for the smatch check for now.
>>>
>>> IMO we shouldn't depend on the 'retry', just potentially for new changes
>>> in future could return a ERR_PTR and cause potential bugs.
>> At present, ceph_quota_is_same_realm() also depends on it -- note how
>> old_realm isn't checked for errors at all and new_realm is only checked
>> for EAGAIN there.
>>
>>> If that's not worth to make it for stable, let's remove it.
>> Yes, let's remove it. Please update the commit message as well, so
>> that it's clear that this is squashing a static checker warning and
>> doesn't actually fix any immediate bug.
>
> WenChao,
>
> Could update the commit comment and send the V2 ?
>
OK, I would update the commit comment as following:
This issue is reported by smatch, get_quota_realm() might return
ERR_PTR. It's not a immediate bug because get_quota_realm() is called
with 'retry=true', no errors can be returned.
While we still should check the return value of get_quota_realm() with
IS_ERR_OR_NULL to avoid potential bugs if get_quota_realm() is changed
to return other ERR_PTR in future.
What's more, should I change the ceph_quota_is_same_realm() too?
Thanks
> Thanks
>
> - Xiubo
>
>
>> Thanks,
>>
>> Ilya
>>
>
Powered by blists - more mailing lists