From: Hongling Zeng <zhongling0719@126.com>
To: CharSyam <charsyam@gmail.com>, Hongling Zeng <zenghongling@kylinos.cn>
Cc: linkinjeon@kernel.org, hyc.lee@gmail.com,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ntfs: Validate error in ntfs_lookup()
Date: Thu, 21 May 2026 09:30:35 +0800 [thread overview]
Message-ID: <6A0E603B.7080603@126.com> (raw)
In-Reply-To: <CAMrLSE5LM1Okkh8zhBH1Pch=JF2U3e+B2H6ZqWo_NRaBcP_uYg@mail.gmail.com>
Hi, DaeMyung.
Thank you for the detailed review. You are absolutely right.
After looking at the code more carefully, I agree that:
1. ntfs_lookup_inode_by_name() already normalizes zero err to -EIO
before ERR_MREF(err), so MREF_ERR(mref) will never be 0 here.
2. Even if it were 0, returning NULL would be incorrect since this
is an error path.
The correct fix would be:
int err = MREF_ERR(mref);
return ERR_PTR(err ?: -EIO);
This ensures we return a proper error code instead of masking
the bug as success.
Should I submit a new version with this fix, or just drop this
patch entirely since the issue doesn't actually exist in practice?
Thanks for catching this.
Best regards,
Hongling
在 2026年05月20日 23:10, CharSyam 写道:
> Hi, Hongling.
>
> I don't think returning NULL is the right fallback here. This branch is
> already the IS_ERR_MREF(mref) path, and -ENOENT has been handled above as
> the negative-dentry case. If MREF_ERR(mref) ever decodes to 0 here, it
> should probably remain an error, e.g. -EIO, rather than being converted
> to a successful lookup return.
>
> Also, I do not see a current producer for MREF_ERR(mref) == 0:
> ntfs_lookup_inode_by_name() normalizes zero err to -EIO before
> ERR_MREF(err).
>
> The Fixes tag also seems wrong, since the same return is
> already present in af0db57d4293^.
>
> Thanks.
> DaeMyung.
>
> 2026년 5월 20일 (수) 오후 8:16, Hongling Zeng <zenghongling@kylinos.cn>님이 작성:
>> Check that MREF_ERR returns non-zero before using as error pointer.
>> This prevents potential ERR_PTR(0) when error code is zero
>>
>> Fixes: af0db57d4293 ("ntfs: update inode operations")
>> Signed-off-by: Hongling Zeng <zenghongling@kylinos.cn>
>> ---
>> fs/ntfs/namei.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/fs/ntfs/namei.c b/fs/ntfs/namei.c
>> index 10894de519c3..bb075aa97b53 100644
>> --- a/fs/ntfs/namei.c
>> +++ b/fs/ntfs/namei.c
>> @@ -236,7 +236,7 @@ static struct dentry *ntfs_lookup(struct inode *dir_ino, struct dentry *dent,
>> }
>> ntfs_error(vol->sb, "ntfs_lookup_ino_by_name() failed with error code %i.",
>> -MREF_ERR(mref));
>> - return ERR_PTR(MREF_ERR(mref));
>> + return MREF_ERR(mref) ? ERR_PTR(MREF_ERR(mref)) : NULL;
>> handle_name:
>> {
>> struct mft_record *m;
>> --
>> 2.25.1
>>
>>
next prev parent reply other threads:[~2026-05-21 1:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-20 11:15 [PATCH] ntfs: Validate error in ntfs_lookup() Hongling Zeng
2026-05-20 15:10 ` CharSyam
2026-05-21 1:30 ` Hongling Zeng [this message]
2026-05-21 15:00 ` CharSyam
2026-05-22 2:28 ` Hongling Zeng
-- strict thread matches above, loose matches on Subject: below --
2026-05-20 11:03 Hongling Zeng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6A0E603B.7080603@126.com \
--to=zhongling0719@126.com \
--cc=charsyam@gmail.com \
--cc=hyc.lee@gmail.com \
--cc=linkinjeon@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=zenghongling@kylinos.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.