From: Al Viro <viro@ZenIV.linux.org.uk>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: Dmitry Vyukov <dvyukov@google.com>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
syzkaller <syzkaller@googlegroups.com>,
Kostya Serebryany <kcc@google.com>,
Alexander Potapenko <glider@google.com>,
Sasha Levin <sasha.levin@oracle.com>
Subject: Re: fs: NULL deref in atime_needs_update
Date: Sat, 20 Feb 2016 20:50:45 +0000 [thread overview]
Message-ID: <20160220205044.GJ17997@ZenIV.linux.org.uk> (raw)
In-Reply-To: <56C8CBF4.9020207@digikod.net>
On Sat, Feb 20, 2016 at 09:26:28PM +0100, Micka�l Sala�n wrote:
> > + if (unlikely(error > 0)) {
> > + WARN_ON(1);
> > + error = -EINVAL;
> > + }
> > if (got_write)
> > mnt_drop_write(nd->path.mnt);
> > path_put(&save_parent);
> >
>
> I think your warning patch should be upstreamed to detect such cases :)
I'm not sure whether it's better done there or one step closer to the
source - e.g. telling whether it was bogus ->open() or a bogus LSM hook
(and _which_ bogus LSM hook had it been) would be hard with that location
of test.
It still leaves the question of what's going on in Dmitry's tests - it might
be one of those source or it might be something else entirely; this location
of test would at least tell whether a stack underrun is involved or not...
WARNING: multiple messages have this Message-ID (diff)
From: Al Viro <viro@ZenIV.linux.org.uk>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: Dmitry Vyukov <dvyukov@google.com>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
syzkaller <syzkaller@googlegroups.com>,
Kostya Serebryany <kcc@google.com>,
Alexander Potapenko <glider@google.com>,
Sasha Levin <sasha.levin@oracle.com>
Subject: Re: fs: NULL deref in atime_needs_update
Date: Sat, 20 Feb 2016 20:50:45 +0000 [thread overview]
Message-ID: <20160220205044.GJ17997@ZenIV.linux.org.uk> (raw)
In-Reply-To: <56C8CBF4.9020207@digikod.net>
On Sat, Feb 20, 2016 at 09:26:28PM +0100, Mickaël Salaün wrote:
> > + if (unlikely(error > 0)) {
> > + WARN_ON(1);
> > + error = -EINVAL;
> > + }
> > if (got_write)
> > mnt_drop_write(nd->path.mnt);
> > path_put(&save_parent);
> >
>
> I think your warning patch should be upstreamed to detect such cases :)
I'm not sure whether it's better done there or one step closer to the
source - e.g. telling whether it was bogus ->open() or a bogus LSM hook
(and _which_ bogus LSM hook had it been) would be hard with that location
of test.
It still leaves the question of what's going on in Dmitry's tests - it might
be one of those source or it might be something else entirely; this location
of test would at least tell whether a stack underrun is involved or not...
next prev parent reply other threads:[~2016-02-20 20:50 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-05 21:11 fs: NULL deref in atime_needs_update Dmitry Vyukov
2016-02-16 23:40 ` Mickaël Salaün
2016-02-19 19:32 ` Dmitry Vyukov
2016-02-20 3:21 ` Al Viro
2016-02-20 3:54 ` Al Viro
2016-02-20 3:54 ` Al Viro
2016-02-20 13:25 ` Mickaël Salaün
2016-02-20 17:10 ` Al Viro
2016-02-20 17:10 ` Al Viro
2016-02-20 20:26 ` Mickaël Salaün
2016-02-20 20:50 ` Al Viro [this message]
2016-02-20 20:50 ` Al Viro
2016-02-22 11:20 ` Dmitry Vyukov
2016-02-22 17:23 ` Al Viro
2016-02-23 15:34 ` Dmitry Vyukov
2016-02-23 18:17 ` Al Viro
2016-02-20 10:36 ` Dmitry Vyukov
2016-02-24 3:12 ` Ian Kent
2016-02-24 4:46 ` Al Viro
2016-02-24 4:46 ` Al Viro
2016-02-24 10:03 ` Dmitry Vyukov
2016-02-24 10:15 ` Dmitry Vyukov
2016-02-24 13:35 ` Dmitry Vyukov
2016-02-24 15:15 ` Al Viro
2016-02-25 8:29 ` Dmitry Vyukov
2016-02-25 16:39 ` Al Viro
2016-02-26 21:21 ` Al Viro
2016-02-26 21:25 ` Dmitry Vyukov
2016-02-26 22:07 ` Al Viro
2016-02-26 22:07 ` Al Viro
2016-02-27 22:27 ` Al Viro
2016-02-27 22:27 ` Al Viro
2016-02-28 15:43 ` Dmitry Vyukov
2016-02-28 16:04 ` Dmitry Vyukov
2016-02-28 17:01 ` Al Viro
2016-02-28 20:01 ` Al Viro
2016-02-29 9:38 ` Dmitry Vyukov
2016-02-29 12:34 ` Dmitry Vyukov
2016-02-29 16:11 ` Al Viro
2016-02-29 13:09 ` Al Viro
2016-02-29 13:43 ` David Howells
2016-02-29 15:54 ` Dmitry Vyukov
2016-02-29 16:19 ` Al Viro
2016-02-29 18:19 ` Dmitry Vyukov
2016-03-01 8:59 ` Dmitry Vyukov
2016-02-29 16:45 ` Linus Torvalds
2016-02-29 16:50 ` Al Viro
2016-02-29 17:20 ` Al Viro
2016-02-29 17:24 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160220205044.GJ17997@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=kcc@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mic@digikod.net \
--cc=sasha.levin@oracle.com \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.