From: Eric Wong <normalperson@yhbt.net>
To: Hillf Danton <dhillf@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] fadvise: avoid EINVAL if user input is valid
Date: Sun, 26 Feb 2012 08:44:03 +0000 [thread overview]
Message-ID: <20120226084403.GA4641@dcvr.yhbt.net> (raw)
In-Reply-To: <CAJd=RBDHB8yM=LGkzhOWZO6ftYFyZ42SQKySc0hUzNEQzrmVTw@mail.gmail.com>
Hillf Danton <dhillf@gmail.com> wrote:
> On Sat, Feb 25, 2012 at 10:27 AM, Eric Wong <normalperson@yhbt.net> wrote:
> > index 469491e0..f9e48dd 100644
> > --- a/mm/fadvise.c
> > +++ b/mm/fadvise.c
> > @@ -43,13 +43,13 @@ SYSCALL_DEFINE(fadvise64_64)(int fd, loff_t offset, loff_t len, int advice)
> > A A A A A A A A goto out;
> > A A A A }
> >
> > - A A A mapping = file->f_mapping;
> > - A A A if (!mapping || len < 0) {
> > + A A A if (len < 0) {
>
> Current code makes sure mapping is valid after the above check,
Right. I moved the !mapping check down a few lines.
> > A A A A A A A A ret = -EINVAL;
> > A A A A A A A A goto out;
> > A A A A }
Now the check hits the "goto out" the get_xip_mem check hits:
> > - A A A if (mapping->a_ops->get_xip_mem) {
> > + A A A mapping = file->f_mapping;
> > + A A A if (!mapping || mapping->a_ops->get_xip_mem) {
> > A A A A A A A A switch (advice) {
> > A A A A A A A A case POSIX_FADV_NORMAL:
> > A A A A A A A A case POSIX_FADV_RANDOM:
case POSIX_FADV_SEQUENTIAL:
case POSIX_FADV_WILLNEED:
case POSIX_FADV_NOREUSE:
case POSIX_FADV_DONTNEED:
/* no bad return value, but ignore advice */
break;
default:
ret = -EINVAL;
}
goto out; <------ we hit this if (mapping == NULL)
}
> but backing devices info is no longer evaluated with that
> guarantee in your change.
>
> -hd
>
> 75: bdi = mapping->backing_dev_info;
The above line still doesn't evaluated because of the goto.
out:
fput(file);
return ret;
}
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Eric Wong <normalperson@yhbt.net>
To: Hillf Danton <dhillf@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] fadvise: avoid EINVAL if user input is valid
Date: Sun, 26 Feb 2012 08:44:03 +0000 [thread overview]
Message-ID: <20120226084403.GA4641@dcvr.yhbt.net> (raw)
In-Reply-To: <CAJd=RBDHB8yM=LGkzhOWZO6ftYFyZ42SQKySc0hUzNEQzrmVTw@mail.gmail.com>
Hillf Danton <dhillf@gmail.com> wrote:
> On Sat, Feb 25, 2012 at 10:27 AM, Eric Wong <normalperson@yhbt.net> wrote:
> > index 469491e0..f9e48dd 100644
> > --- a/mm/fadvise.c
> > +++ b/mm/fadvise.c
> > @@ -43,13 +43,13 @@ SYSCALL_DEFINE(fadvise64_64)(int fd, loff_t offset, loff_t len, int advice)
> > goto out;
> > }
> >
> > - mapping = file->f_mapping;
> > - if (!mapping || len < 0) {
> > + if (len < 0) {
>
> Current code makes sure mapping is valid after the above check,
Right. I moved the !mapping check down a few lines.
> > ret = -EINVAL;
> > goto out;
> > }
Now the check hits the "goto out" the get_xip_mem check hits:
> > - if (mapping->a_ops->get_xip_mem) {
> > + mapping = file->f_mapping;
> > + if (!mapping || mapping->a_ops->get_xip_mem) {
> > switch (advice) {
> > case POSIX_FADV_NORMAL:
> > case POSIX_FADV_RANDOM:
case POSIX_FADV_SEQUENTIAL:
case POSIX_FADV_WILLNEED:
case POSIX_FADV_NOREUSE:
case POSIX_FADV_DONTNEED:
/* no bad return value, but ignore advice */
break;
default:
ret = -EINVAL;
}
goto out; <------ we hit this if (mapping == NULL)
}
> but backing devices info is no longer evaluated with that
> guarantee in your change.
>
> -hd
>
> 75: bdi = mapping->backing_dev_info;
The above line still doesn't evaluated because of the goto.
out:
fput(file);
return ret;
}
next prev parent reply other threads:[~2012-02-26 8:44 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-25 2:27 [PATCH] fadvise: avoid EINVAL if user input is valid Eric Wong
2012-02-25 2:27 ` Eric Wong
2012-02-25 22:56 ` Pádraig Brady
2012-02-25 22:56 ` Pádraig Brady
2012-02-25 23:10 ` Eric Wong
2012-02-25 23:10 ` Eric Wong
2012-02-26 5:52 ` Hillf Danton
2012-02-26 5:52 ` Hillf Danton
2012-02-26 8:44 ` Eric Wong [this message]
2012-02-26 8:44 ` Eric Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120226084403.GA4641@dcvr.yhbt.net \
--to=normalperson@yhbt.net \
--cc=akpm@linux-foundation.org \
--cc=dhillf@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.