lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <89f8474b-c7da-470f-b145-a73088ee381c@wdc.com>
Date: Tue, 22 Oct 2024 06:37:18 +0000
From: Johannes Thumshirn <Johannes.Thumshirn@....com>
To: Yue Haibing <yuehaibing@...wei.com>, "clm@...com" <clm@...com>,
	"josef@...icpanda.com" <josef@...icpanda.com>, "dsterba@...e.com"
	<dsterba@...e.com>, "mpdesouza@...e.com" <mpdesouza@...e.com>,
	"gniebler@...e.com" <gniebler@...e.com>
CC: "linux-btrfs@...r.kernel.org" <linux-btrfs@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] btrfs: Fix passing 0 to ERR_PTR in
 btrfs_search_dir_index_item()

On 22.10.24 05:22, Yue Haibing wrote:
> On 2024/10/21 16:25, Johannes Thumshirn wrote:
>> On 19.10.24 11:07, Yue Haibing wrote:
>>> Return NULL instead of passing to ERR_PTR while ret is zero, this fix
>>> smatch warnings:
>>>
>>> fs/btrfs/dir-item.c:353
>>>    btrfs_search_dir_index_item() warn: passing zero to 'ERR_PTR'
>>>
>>> Fixes: 9dcbe16fccbb ("btrfs: use btrfs_for_each_slot in btrfs_search_dir_index_item")
>>> Signed-off-by: Yue Haibing <yuehaibing@...wei.com>
>>> ---
>>>    fs/btrfs/dir-item.c | 2 +-
>>>    1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/fs/btrfs/dir-item.c b/fs/btrfs/dir-item.c
>>> index 001c0c2f872c..cdb30ec7366a 100644
>>> --- a/fs/btrfs/dir-item.c
>>> +++ b/fs/btrfs/dir-item.c
>>> @@ -350,7 +350,7 @@ btrfs_search_dir_index_item(struct btrfs_root *root, struct btrfs_path *path,
>>>    	if (ret > 0)
>>>    		ret = 0;
>>>    
>>> -	return ERR_PTR(ret);
>>> +	return ret ? ERR_PTR(ret) : NULL;
>>>    }
>>>    
>>>    struct btrfs_dir_item *btrfs_lookup_xattr(struct btrfs_trans_handle *trans,
>>
>> The only caller to this is in btrfs_unlink_subvol(), which does the
>> following:
>>
>>
>>                    di = btrfs_search_dir_index_item(root, path, dir_ino,
>> 						  &fname.disk_name);
>>                    if (IS_ERR_OR_NULL(di)) {
>>                            if (!di)
>>                                    ret = -ENOENT;
>>                            else
>>                                    ret = PTR_ERR(di);
>>                            btrfs_abort_transaction(trans, ret);
>>                            goto out;
>>                    }
>>
>> to do:
>>
>> diff --git a/fs/btrfs/dir-item.c b/fs/btrfs/dir-item.c
>> index d3093eba54a5..e755228d909a 100644
>> --- a/fs/btrfs/dir-item.c
>> +++ b/fs/btrfs/dir-item.c
>> @@ -345,10 +345,7 @@ btrfs_search_dir_index_item(struct btrfs_root
>> *root, struct btrfs_path *path,
>>                           return di;
>>           }
>>           /* Adjust return code if the key was not found in the next leaf. */
> 
> 
> ret is output variable of btrfs_for_each_slot, that return value can be 0, if a
> valid slot was found, 1 if there were no more leaves, and < 0 if there was an
> error.
> 

Yes.

>> -       if (ret > 0)
>> -               ret = 0;
>> -
>> -       return ERR_PTR(ret);
>> +       return ERR_PTR(-ENOENT);
> 
> This overwrite other ret code, which expecting return to upstream caller

Right for ret < 0, but for ret >= 0 we set it to 0 and then do return 
(void*)0 a.k.a. return NULL.

> 
>>    }
>>
>>    struct btrfs_dir_item *btrfs_lookup_xattr(struct btrfs_trans_handle
>> *trans,
>> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
>> index 35f89d14c110..00602634db3a 100644
>> --- a/fs/btrfs/inode.c
>> +++ b/fs/btrfs/inode.c
>> @@ -4337,11 +4337,8 @@ static int btrfs_unlink_subvol(struct
>> btrfs_trans_handle *trans,
>>            */
>>           if (btrfs_ino(inode) == BTRFS_EMPTY_SUBVOL_DIR_OBJECTID) {
>>                   di = btrfs_search_dir_index_item(root, path, dir_ino,
>> &fname.disk_name);
>> -               if (IS_ERR_OR_NULL(di)) {
>> -                       if (!di)
>> -                               ret = -ENOENT;


and then set it to ENOENT if it is NULL. So it should be

if (ret >= 0)
	ret = -ENOENT;
return ERR_PTR(-ENOENT);

and in the caller

if (IS_ERR(di)) {
	ret = PTR_ERR(di);
	btrfs_abort_transaction(...);
	break;
}


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ