From: Andrzej Hajda <a.hajda@samsung.com>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: linux-kernel@vger.kernel.org,
Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>,
Marek Szyprowski <m.szyprowski@samsung.com>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Patrick McHardy <kaber@trash.net>,
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
"David S. Miller" <davem@davemloft.net>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
James Morris <jmorris@namei.org>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org
Subject: Re: [PATCH 1/7] netfilter: fix IS_ERR_VALUE usage
Date: Wed, 17 Feb 2016 09:45:50 +0100 [thread overview]
Message-ID: <56C4333E.5070905@samsung.com> (raw)
In-Reply-To: <20160217023127.GG17997@ZenIV.linux.org.uk>
On 02/17/2016 03:31 AM, Al Viro wrote:
> On Mon, Feb 15, 2016 at 03:35:19PM +0100, Andrzej Hajda wrote:
>> IS_ERR_VALUE should be used only with unsigned long type.
>> Otherwise it can work incorrectly. To achieve this function
>> xt_percpu_counter_alloc is modified to return unsigned long,
>> and its result is assigned to temporary variable to perform
>> error checking, before assigning to .pcnt field.
> Wrong fix, IMO. Just have an anon union of u64 pcnt and
> struct xt_counters __percpu *pcpu in there. And make this
>
>> +static inline unsigned long xt_percpu_counter_alloc(void)
>> {
>> if (nr_cpu_ids > 1) {
>> void __percpu *res = __alloc_percpu(sizeof(struct xt_counters),
>> sizeof(struct xt_counters));
>>
>> if (res == NULL)
>> - return (u64) -ENOMEM;
>> + return -ENOMEM;
>>
>> - return (u64) (__force unsigned long) res;
>> + return (__force unsigned long) res;
>> }
>>
>> return 0;
> take struct xt_counters * and return 0 or -ENOMEM. Storing the result of
> allocation in ->pcpu of passed structure.
>
> I mean, look at the callers -
>
>> - e->counters.pcnt = xt_percpu_counter_alloc();
>> - if (IS_ERR_VALUE(e->counters.pcnt))
>> + pcnt = xt_percpu_counter_alloc();
>> + if (IS_ERR_VALUE(pcnt))
>> return -ENOMEM;
>> + e->counters.pcnt = pcnt;
> should be
> if (xt_percpu_counter_alloc(&e->counters) < 0)
> return -ENOMEM;
>
> and similar for the rest of callers. Moreover, if you look at the _users_
> of that fields, you'll see that a bunch of those actually want to use
> ->pcpu instead of doing all those casts.
>
> Really, that's the point - IS_ERR_VALUE is a big red flag saying "we need
> to figure out what's going on in that place", which does include reading
> through the code. Mechanical "solutions" like that only hide the problem.
>
>
I just tried to make the patch the least invasive :)
The problem with your proposition is that struct xt_counters is exposed
to userspace as well as the structs containing it:
struct arpt_entry,
struct ipt_entry,
struct ip6t_entry
Mixing __percpu pointer into these structures seems problematic.
Maybe it would be better to skip adding union and do ugly casting
in xt_percpu_counter_alloc(struct xt_counters *) and friends.
Regards
Andrzej
next prev parent reply other threads:[~2016-02-17 8:45 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-15 14:35 [PATCH 0/7] fix IS_ERR_VALUE usage Andrzej Hajda
2016-02-15 14:35 ` Andrzej Hajda
2016-02-15 14:35 ` Andrzej Hajda
2016-02-15 14:35 ` [PATCH 1/7] netfilter: " Andrzej Hajda
2016-02-17 2:31 ` Al Viro
2016-02-17 8:45 ` Andrzej Hajda [this message]
2016-02-17 12:41 ` [PATCH v2 " Andrzej Hajda
2016-02-17 13:42 ` Arnd Bergmann
2016-02-17 14:54 ` Andrzej Hajda
2016-02-17 15:40 ` Arnd Bergmann
2016-02-15 14:35 ` [PATCH 2/7] MIPS: module: fix incorrect IS_ERR_VALUE macro usages Andrzej Hajda
2016-02-15 14:35 ` [PATCH 3/7] drivers: char: mem: fix IS_ERROR_VALUE usage Andrzej Hajda
2016-02-17 2:33 ` Al Viro
2016-02-15 14:35 ` [PATCH 4/7] atmel-isi: fix IS_ERR_VALUE usage Andrzej Hajda
2016-02-17 2:33 ` Al Viro
2016-02-21 16:04 ` Guennadi Liakhovetski
2016-02-15 14:35 ` [PATCH 5/7] serial: clps711x: " Andrzej Hajda
2016-02-15 14:35 ` Andrzej Hajda
2016-02-17 2:33 ` Al Viro
2016-02-17 2:33 ` Al Viro
2016-02-15 14:35 ` [PATCH 6/7] fbdev: exynos: " Andrzej Hajda
2016-02-15 14:35 ` Andrzej Hajda
2016-02-16 13:36 ` Tomi Valkeinen
2016-02-16 13:36 ` Tomi Valkeinen
2016-02-16 13:36 ` Tomi Valkeinen
2016-02-15 14:35 ` [PATCH 7/7] usb: gadget: fsl_qe_udc: " Andrzej Hajda
2016-02-17 10:48 ` [PATCH 0/7] " Arnd Bergmann
2016-02-17 10:48 ` Arnd Bergmann
2016-02-17 10:48 ` Arnd Bergmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56C4333E.5070905@samsung.com \
--to=a.hajda@samsung.com \
--cc=b.zolnierkie@samsung.com \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=jmorris@namei.org \
--cc=kaber@trash.net \
--cc=kadlec@blackhole.kfki.hu \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=viro@ZenIV.linux.org.uk \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.