Re: [PATCH] btrfs: fix extent buffer read/write range checks

public inbox for linux-btrfs@vger.kernel.org
 help / color / mirror / Atom feed

From: Nikolay Borisov <nborisov@suse.com>
To: Qu Wenruo <quwenruo.btrfs@gmx.com>, Naohiro Aota <naohiro.aota@wdc.com>
Cc: David Sterba <dsterba@suse.com>, linux-btrfs@vger.kernel.org
Subject: Re: [PATCH] btrfs: fix extent buffer read/write range checks
Date: Mon, 29 Jul 2019 09:46:23 +0300	[thread overview]
Message-ID: <c89565ac-4a23-a1cf-a889-e3da34d877a8@suse.com> (raw)
In-Reply-To: <009c2be3-f09d-3dfc-6c95-8fa0e62d4f41@gmx.com>

<snip>

>>
>> But then, we can even say "start > eb->len" is valid if len == 0?
> 
> Tried the "start >= eb->len" check in the centralized check_eb_range(),
> and unfortunately it triggers a lot of warnings.
> 
> Some callers in fact pass start == eb->len and len == 0:

Isn't this a noop?

> memmove_extent_buffer() in btrfs_del_items()
> copy_extent_buffer() in __push_leaf_*()
> 
> Since the check of "start > eb->len || len > eb->len || start + len >
> eb->len)" has already ensured we won't access anything beyond the eb
> data, I'd prefer to let the start == eb->len && len == 0 case to pass.

In an ideal world shouldn't callers detect their parameters are going to
be a NOOP and never execute the code in the first place? E.g. is it
posible that the math in btrfs_del_item is broken for some edge
condition hence calling those functions with such parameters?

> 
> Doing the extra len == 0 check in those callers seems a little
> over-reacted IMHO.
> 
> Thanks,
> Qu
>>
>>> Or should we also warn such bad practice?
>>
>> Maybe...
>>
>> Or how about let the callers bailing out by e.g. "if (!len) return 1;"
>> in the check function?
>>
>> Regards,
>> Naohiro
>

next prev parent reply	other threads:[~2019-07-29  6:46 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-26  5:27 [PATCH] btrfs: fix extent buffer read/write range checks Naohiro Aota
2019-07-26  5:38 ` Nikolay Borisov
2019-07-26  6:13   ` Naohiro Aota
2019-07-26  6:36     ` Qu Wenruo
2019-07-26  8:15       ` Naohiro Aota
2019-07-26  8:26         ` Qu Wenruo
2019-07-29  5:07         ` Qu Wenruo
2019-07-29  6:46           ` Nikolay Borisov [this message]
2019-07-29  6:54             ` Qu Wenruo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c89565ac-4a23-a1cf-a889-e3da34d877a8@suse.com \
    --to=nborisov@suse.com \
    --cc=dsterba@suse.com \
    --cc=linux-btrfs@vger.kernel.org \
    --cc=naohiro.aota@wdc.com \
    --cc=quwenruo.btrfs@gmx.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox