[bug report] cgroup: make cgroup_path() and friends behave in the style of strlcpy()

cgroups.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [bug report] cgroup: make cgroup_path() and friends behave in the style of strlcpy()
@ 2016-09-29  9:27 Dan Carpenter
  2016-09-29  9:58 ` [PATCH cgroup/for-4.9] cpuset: fix error error handling regression in proc_cpuset_show() Tejun Heo
  0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2016-09-29  9:27 UTC (permalink / raw)
  To: tj-DgEjT+Ai2ygdnm+yROfE0A; +Cc: cgroups-u79uwXL29TY76Z2rM5mHXA

Hello Tejun Heo,

The patch 4c737b41de7f: "cgroup: make cgroup_path() and friends
behave in the style of strlcpy()" from Aug 10, 2016, leads to the
following static checker warning:

	kernel/cpuset.c:2732 proc_cpuset_show()
	warn: signed compare with PATH_MAX 'retval'

kernel/cpuset.c
  2715  int proc_cpuset_show(struct seq_file *m, struct pid_namespace *ns,
  2716                       struct pid *pid, struct task_struct *tsk)
  2717  {
  2718          char *buf;
  2719          struct cgroup_subsys_state *css;
  2720          int retval;
  2721  
  2722          retval = -ENOMEM;
  2723          buf = kmalloc(PATH_MAX, GFP_KERNEL);
  2724          if (!buf)
  2725                  goto out;
  2726  
  2727          retval = -ENAMETOOLONG;
  2728          css = task_get_css(tsk, cpuset_cgrp_id);
  2729          retval = cgroup_path_ns(css->cgroup, buf, PATH_MAX,
  2730                                  current->nsproxy->cgroup_ns);
  2731          css_put(css);
  2732          if (retval >= PATH_MAX)
  2733                  goto out_free;
  2734          seq_puts(m, buf);
  2735          seq_putc(m, '\n');
  2736          retval = 0;
  2737  out_free:
  2738          kfree(buf);
  2739  out:
  2740          return 0;

Theoretically the out label should make this code totally future proof
but something broke somehow.  The comments imply that cgroup_path_ns()
returns negative error codes.

  2741  }

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH cgroup/for-4.9] cpuset: fix error error handling regression in proc_cpuset_show()
  2016-09-29  9:27 [bug report] cgroup: make cgroup_path() and friends behave in the style of strlcpy() Dan Carpenter
@ 2016-09-29  9:58 ` Tejun Heo
       [not found]   ` <20160929095836.GB24034-qYNAdHglDFBN0TnZuCh8vA@public.gmane.org>
  0 siblings, 1 reply; 4+ messages in thread
From: Tejun Heo @ 2016-09-29  9:58 UTC (permalink / raw)
  To: Dan Carpenter, Li Zefan
  Cc: Johannes Weiner, cgroups-u79uwXL29TY76Z2rM5mHXA,
	linux-kernel-u79uwXL29TY76Z2rM5mHXA

4c737b41de7f ("cgroup: make cgroup_path() and friends behave in the
style of strlcpy()") botched the conversion of proc_cpuset_show() and
broke its error handling.  It made the function return 0 on failures
and fail to handle error returns from cgroup_path_ns().  Fix it.

Reported-by: Dan Carpenter <dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
Signed-off-by: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
---
Hello, Dan.

Does this make the warning go away?

Thanks.

 kernel/cpuset.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/kernel/cpuset.c b/kernel/cpuset.c
index 793ae6f..97dd8e1 100644
--- a/kernel/cpuset.c
+++ b/kernel/cpuset.c
@@ -2698,12 +2698,13 @@ int proc_cpuset_show(struct seq_file *m, struct pid_namespace *ns,
 	if (!buf)
 		goto out;
 
-	retval = -ENAMETOOLONG;
 	css = task_get_css(tsk, cpuset_cgrp_id);
 	retval = cgroup_path_ns(css->cgroup, buf, PATH_MAX,
 				current->nsproxy->cgroup_ns);
 	css_put(css);
 	if (retval >= PATH_MAX)
+		retval = -ENAMETOOLONG;
+	if (retval < 0)
 		goto out_free;
 	seq_puts(m, buf);
 	seq_putc(m, '\n');
@@ -2711,7 +2712,7 @@ int proc_cpuset_show(struct seq_file *m, struct pid_namespace *ns,
 out_free:
 	kfree(buf);
 out:
-	return 0;
+	return retval;
 }
 #endif /* CONFIG_PROC_PID_CPUSET */
 

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH cgroup/for-4.9] cpuset: fix error error handling regression in proc_cpuset_show()
       [not found]   ` <20160929095836.GB24034-qYNAdHglDFBN0TnZuCh8vA@public.gmane.org>
@ 2016-09-29 13:27     ` Dan Carpenter
  2016-09-29 13:54       ` [PATCH cgroup/for-4.6] cgroup: fix error handling regressions in proc_cgroup_show() and cgroup_release_agent() Tejun Heo
  0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2016-09-29 13:27 UTC (permalink / raw)
  To: Tejun Heo
  Cc: Li Zefan, Johannes Weiner, cgroups-u79uwXL29TY76Z2rM5mHXA,
	linux-kernel-u79uwXL29TY76Z2rM5mHXA

That works but there are two other related warnings:

kernel/cgroup.c:5811 proc_cgroup_show() warn: signed compare with PATH_MAX 'retval'
kernel/cgroup.c:6099 cgroup_release_agent() warn: signed compare with PATH_MAX 'ret'

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH cgroup/for-4.6] cgroup: fix error handling regressions in proc_cgroup_show() and cgroup_release_agent()
  2016-09-29 13:27     ` Dan Carpenter
@ 2016-09-29 13:54       ` Tejun Heo
  0 siblings, 0 replies; 4+ messages in thread
From: Tejun Heo @ 2016-09-29 13:54 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: Li Zefan, Johannes Weiner, cgroups-u79uwXL29TY76Z2rM5mHXA,
	linux-kernel-u79uwXL29TY76Z2rM5mHXA

4c737b41de7f ("cgroup: make cgroup_path() and friends behave in the
style of strlcpy()") broke error handling in proc_cgroup_show() and
cgroup_release_agent() by not handling negative return values from
cgroup_path_ns_locked().  Fix it.

Reported-by: Dan Carpenter <dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
Signed-off-by: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
---
 kernel/cgroup.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 5e2e81a..a7f9fb4 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -5781,10 +5781,10 @@ int proc_cgroup_show(struct seq_file *m, struct pid_namespace *ns,
 		if (cgroup_on_dfl(cgrp) || !(tsk->flags & PF_EXITING)) {
 			retval = cgroup_path_ns_locked(cgrp, buf, PATH_MAX,
 						current->nsproxy->cgroup_ns);
-			if (retval >= PATH_MAX) {
+			if (retval >= PATH_MAX)
 				retval = -ENAMETOOLONG;
+			if (retval < 0)
 				goto out_unlock;
-			}
 
 			seq_puts(m, buf);
 		} else {
@@ -6069,7 +6069,7 @@ static void cgroup_release_agent(struct work_struct *work)
 	spin_lock_irq(&css_set_lock);
 	ret = cgroup_path_ns_locked(cgrp, pathbuf, PATH_MAX, &init_cgroup_ns);
 	spin_unlock_irq(&css_set_lock);
-	if (ret >= PATH_MAX)
+	if (ret < 0 || ret >= PATH_MAX)
 		goto out;
 
 	argv[0] = agentbuf;
-- 
2.7.4

^ permalink raw reply related	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2016-09-29 13:54 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-09-29  9:27 [bug report] cgroup: make cgroup_path() and friends behave in the style of strlcpy() Dan Carpenter
2016-09-29  9:58 ` [PATCH cgroup/for-4.9] cpuset: fix error error handling regression in proc_cpuset_show() Tejun Heo
     [not found]   ` <20160929095836.GB24034-qYNAdHglDFBN0TnZuCh8vA@public.gmane.org>
2016-09-29 13:27     ` Dan Carpenter
2016-09-29 13:54       ` [PATCH cgroup/for-4.6] cgroup: fix error handling regressions in proc_cgroup_show() and cgroup_release_agent() Tejun Heo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).