Re: f2fs: avoid abnormal behavior on broken symlink

Re: f2fs: avoid abnormal behavior on broken symlink

[Dan Carpenter]

Hello Jaegeuk Kim,

The patch feb7cbb079e6: "f2fs: avoid abnormal behavior on broken
symlink" from Apr 15, 2015, leads to the following static checker
warning:

	fs/f2fs/namei.c:304 f2fs_follow_link()
	warn: 'page' isn't an ERR_PTR

fs/f2fs/namei.c
   299  static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
   300  {
   301          struct page *page;
   302  
   303          page = page_follow_link_light(dentry, nd);
   304          if (IS_ERR(page))
                           ^^^^
The code in page_follow_link_light() is a bit hard to follow but it
returns NULL on error.

   305                  return page;
   306  
   307          /* this is broken symlink case */
   308          if (*nd_get_link(nd) == 0) {
   309                  kunmap(page);
                        ^^^^^^^^^^^^
Potential NULL deref.

   310                  page_cache_release(page);
   311                  return ERR_PTR(-ENOENT);
   312          }
   313          return page;
   314  }

regards,
dan carpenter

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF

Re: f2fs: avoid abnormal behavior on broken symlink

[Jaegeuk Kim]

Hi Dan,

Thank you for letting me know.
I wrote a patch for this below.

Thanks,

On Mon, Apr 20, 2015 at 05:49:47PM +0300, Dan Carpenter wrote:
> Hello Jaegeuk Kim,
> 
> The patch feb7cbb079e6: "f2fs: avoid abnormal behavior on broken
> symlink" from Apr 15, 2015, leads to the following static checker
> warning:
> 
> 	fs/f2fs/namei.c:304 f2fs_follow_link()
> 	warn: 'page' isn't an ERR_PTR
> 
> fs/f2fs/namei.c
>    299  static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
>    300  {
>    301          struct page *page;
>    302  
>    303          page = page_follow_link_light(dentry, nd);
>    304          if (IS_ERR(page))
>                            ^^^^
> The code in page_follow_link_light() is a bit hard to follow but it
> returns NULL on error.
> 
>    305                  return page;
>    306  
>    307          /* this is broken symlink case */
>    308          if (*nd_get_link(nd) == 0) {
>    309                  kunmap(page);
>                         ^^^^^^^^^^^^
> Potential NULL deref.
> 
>    310                  page_cache_release(page);
>    311                  return ERR_PTR(-ENOENT);
>    312          }
>    313          return page;
>    314  }
> 
> regards,
> dan carpenter

>From 52889398489d4edc0cb016ae24036b994e3d9ccd Mon Sep 17 00:00:00 2001
From: Jaegeuk Kim <jaegeuk@kernel.org>
Date: Mon, 20 Apr 2015 16:30:14 -0700
Subject: [PATCH] f2fs: fix wrong error hanlder in f2fs_follow_link

The page_follow_link_light returns NULL and its error pointer was remained
in nd->path.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
---
 fs/f2fs/namei.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
index 407dde3..678b6dd 100644
--- a/fs/f2fs/namei.c
+++ b/fs/f2fs/namei.c
@@ -301,8 +301,8 @@ static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
 	struct page *page;
 
 	page = page_follow_link_light(dentry, nd);
-	if (IS_ERR(page))
-		return page;
+	if (!page)
+		return NULL;
 
 	/* this is broken symlink case */
 	if (*nd_get_link(nd) == 0) {
-- 
2.1.1

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF

Re: f2fs: avoid abnormal behavior on broken symlink

[Chao Yu]

Hi all,

> -----Original Message-----
> From: Jaegeuk Kim [mailto:jaegeuk@kernel.org]
> Sent: Wednesday, April 22, 2015 2:21 AM
> To: Dan Carpenter
> Cc: linux-f2fs-devel@lists.sourceforge.net
> Subject: Re: [f2fs-dev] f2fs: avoid abnormal behavior on broken symlink
> 
> Hi Dan,
> 
> Thank you for letting me know.
> I wrote a patch for this below.
> 
> Thanks,
> 
> On Mon, Apr 20, 2015 at 05:49:47PM +0300, Dan Carpenter wrote:
> > Hello Jaegeuk Kim,
> >
> > The patch feb7cbb079e6: "f2fs: avoid abnormal behavior on broken
> > symlink" from Apr 15, 2015, leads to the following static checker
> > warning:
> >
> > 	fs/f2fs/namei.c:304 f2fs_follow_link()
> > 	warn: 'page' isn't an ERR_PTR
> >
> > fs/f2fs/namei.c
> >    299  static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> >    300  {
> >    301          struct page *page;
> >    302
> >    303          page = page_follow_link_light(dentry, nd);
> >    304          if (IS_ERR(page))
> >                            ^^^^
> > The code in page_follow_link_light() is a bit hard to follow but it
> > returns NULL on error.

I try to find out the other callers' error handling method for
page_follow_link_light, and it shows all of them use the "IS_ERR" one.

In page_follow_link_light I also can't find a path which will return a NULL value.

So, Dan, is that report from smatch not true? or I made a mistake? If so, please
correct me.

Thanks,

> >
> >    305                  return page;
> >    306
> >    307          /* this is broken symlink case */
> >    308          if (*nd_get_link(nd) == 0) {
> >    309                  kunmap(page);
> >                         ^^^^^^^^^^^^
> > Potential NULL deref.
> >
> >    310                  page_cache_release(page);
> >    311                  return ERR_PTR(-ENOENT);
> >    312          }
> >    313          return page;
> >    314  }
> >
> > regards,
> > dan carpenter
> 
> >From 52889398489d4edc0cb016ae24036b994e3d9ccd Mon Sep 17 00:00:00 2001
> From: Jaegeuk Kim <jaegeuk@kernel.org>
> Date: Mon, 20 Apr 2015 16:30:14 -0700
> Subject: [PATCH] f2fs: fix wrong error hanlder in f2fs_follow_link
> 
> The page_follow_link_light returns NULL and its error pointer was remained
> in nd->path.
> 
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
> ---
>  fs/f2fs/namei.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
> index 407dde3..678b6dd 100644
> --- a/fs/f2fs/namei.c
> +++ b/fs/f2fs/namei.c
> @@ -301,8 +301,8 @@ static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
>  	struct page *page;
> 
>  	page = page_follow_link_light(dentry, nd);
> -	if (IS_ERR(page))
> -		return page;
> +	if (!page)
> +		return NULL;
> 
>  	/* this is broken symlink case */
>  	if (*nd_get_link(nd) == 0) {
> --
> 2.1.1
> 
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> Linux-f2fs-devel mailing list
> Linux-f2fs-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel


------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF

Re: f2fs: avoid abnormal behavior on broken symlink

[Jaegeuk Kim]

Hi Chao,

On Wed, Apr 22, 2015 at 02:28:22PM +0800, Chao Yu wrote:
> Hi all,
> 
> > -----Original Message-----
> > From: Jaegeuk Kim [mailto:jaegeuk@kernel.org]
> > Sent: Wednesday, April 22, 2015 2:21 AM
> > To: Dan Carpenter
> > Cc: linux-f2fs-devel@lists.sourceforge.net
> > Subject: Re: [f2fs-dev] f2fs: avoid abnormal behavior on broken symlink
> > 
> > Hi Dan,
> > 
> > Thank you for letting me know.
> > I wrote a patch for this below.
> > 
> > Thanks,
> > 
> > On Mon, Apr 20, 2015 at 05:49:47PM +0300, Dan Carpenter wrote:
> > > Hello Jaegeuk Kim,
> > >
> > > The patch feb7cbb079e6: "f2fs: avoid abnormal behavior on broken
> > > symlink" from Apr 15, 2015, leads to the following static checker
> > > warning:
> > >
> > > 	fs/f2fs/namei.c:304 f2fs_follow_link()
> > > 	warn: 'page' isn't an ERR_PTR
> > >
> > > fs/f2fs/namei.c
> > >    299  static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> > >    300  {
> > >    301          struct page *page;
> > >    302
> > >    303          page = page_follow_link_light(dentry, nd);
> > >    304          if (IS_ERR(page))
> > >                            ^^^^
> > > The code in page_follow_link_light() is a bit hard to follow but it
> > > returns NULL on error.
> 
> I try to find out the other callers' error handling method for
> page_follow_link_light, and it shows all of them use the "IS_ERR" one.
> 
> In page_follow_link_light I also can't find a path which will return a NULL value.
> 
> So, Dan, is that report from smatch not true? or I made a mistake? If so, please
> correct me.

The page_getlink returns ERR_PTR(page) without setting *ppage.
So, page_follow_link_light returns NULL and nd->saved_names[nd->depth] has
error pointer by nd_set_link().

Thanks,

> 
> Thanks,
> 
> > >
> > >    305                  return page;
> > >    306
> > >    307          /* this is broken symlink case */
> > >    308          if (*nd_get_link(nd) == 0) {
> > >    309                  kunmap(page);
> > >                         ^^^^^^^^^^^^
> > > Potential NULL deref.
> > >
> > >    310                  page_cache_release(page);
> > >    311                  return ERR_PTR(-ENOENT);
> > >    312          }
> > >    313          return page;
> > >    314  }
> > >
> > > regards,
> > > dan carpenter
> > 
> > >From 52889398489d4edc0cb016ae24036b994e3d9ccd Mon Sep 17 00:00:00 2001
> > From: Jaegeuk Kim <jaegeuk@kernel.org>
> > Date: Mon, 20 Apr 2015 16:30:14 -0700
> > Subject: [PATCH] f2fs: fix wrong error hanlder in f2fs_follow_link
> > 
> > The page_follow_link_light returns NULL and its error pointer was remained
> > in nd->path.
> > 
> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> > Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
> > ---
> >  fs/f2fs/namei.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
> > index 407dde3..678b6dd 100644
> > --- a/fs/f2fs/namei.c
> > +++ b/fs/f2fs/namei.c
> > @@ -301,8 +301,8 @@ static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> >  	struct page *page;
> > 
> >  	page = page_follow_link_light(dentry, nd);
> > -	if (IS_ERR(page))
> > -		return page;
> > +	if (!page)
> > +		return NULL;
> > 
> >  	/* this is broken symlink case */
> >  	if (*nd_get_link(nd) == 0) {
> > --
> > 2.1.1
> > 
> > ------------------------------------------------------------------------------
> > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> > Develop your own process in accordance with the BPMN 2 standard
> > Learn Process modeling best practices with Bonita BPM through live exercises
> > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> > _______________________________________________
> > Linux-f2fs-devel mailing list
> > Linux-f2fs-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF

Re: f2fs: avoid abnormal behavior on broken symlink

[Chao Yu]

Hi Jaegeuk,

> -----Original Message-----
> From: Jaegeuk Kim [mailto:jaegeuk@kernel.org]
> Sent: Wednesday, April 22, 2015 3:49 PM
> To: Chao Yu
> Cc: 'Dan Carpenter'; linux-f2fs-devel@lists.sourceforge.net
> Subject: Re: [f2fs-dev] f2fs: avoid abnormal behavior on broken symlink
> 
> Hi Chao,
> 
> On Wed, Apr 22, 2015 at 02:28:22PM +0800, Chao Yu wrote:
> > Hi all,
> >
> > > -----Original Message-----
> > > From: Jaegeuk Kim [mailto:jaegeuk@kernel.org]
> > > Sent: Wednesday, April 22, 2015 2:21 AM
> > > To: Dan Carpenter
> > > Cc: linux-f2fs-devel@lists.sourceforge.net
> > > Subject: Re: [f2fs-dev] f2fs: avoid abnormal behavior on broken symlink
> > >
> > > Hi Dan,
> > >
> > > Thank you for letting me know.
> > > I wrote a patch for this below.
> > >
> > > Thanks,
> > >
> > > On Mon, Apr 20, 2015 at 05:49:47PM +0300, Dan Carpenter wrote:
> > > > Hello Jaegeuk Kim,
> > > >
> > > > The patch feb7cbb079e6: "f2fs: avoid abnormal behavior on broken
> > > > symlink" from Apr 15, 2015, leads to the following static checker
> > > > warning:
> > > >
> > > > 	fs/f2fs/namei.c:304 f2fs_follow_link()
> > > > 	warn: 'page' isn't an ERR_PTR
> > > >
> > > > fs/f2fs/namei.c
> > > >    299  static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> > > >    300  {
> > > >    301          struct page *page;
> > > >    302
> > > >    303          page = page_follow_link_light(dentry, nd);
> > > >    304          if (IS_ERR(page))
> > > >                            ^^^^
> > > > The code in page_follow_link_light() is a bit hard to follow but it
> > > > returns NULL on error.
> >
> > I try to find out the other callers' error handling method for
> > page_follow_link_light, and it shows all of them use the "IS_ERR" one.
> >
> > In page_follow_link_light I also can't find a path which will return a NULL value.
> >
> > So, Dan, is that report from smatch not true? or I made a mistake? If so, please
> > correct me.
> 
> The page_getlink returns ERR_PTR(page) without setting *ppage.
> So, page_follow_link_light returns NULL and nd->saved_names[nd->depth] has
> error pointer by nd_set_link().

Yes, I can see it in last linux-next repo. But in commit 093ee96e7e37
("new ->follow_link() and ->put_link() calling conventions"), it has
been refactored by Al Viro in his tree. You can see it in following link:

https://git.kernel.org/cgit/linux/kernel/git/viro/vfs.git/commit/?h=link_path_walk&id=093ee96e7e3770b7188ed8aec18378309da3fe79

If this commit is been merged into mainline, our patch could be a wrong fixing.

So how about keeping this patch and wait?

Thanks,

> 
> Thanks,
> 
> >
> > Thanks,
> >
> > > >
> > > >    305                  return page;
> > > >    306
> > > >    307          /* this is broken symlink case */
> > > >    308          if (*nd_get_link(nd) == 0) {
> > > >    309                  kunmap(page);
> > > >                         ^^^^^^^^^^^^
> > > > Potential NULL deref.
> > > >
> > > >    310                  page_cache_release(page);
> > > >    311                  return ERR_PTR(-ENOENT);
> > > >    312          }
> > > >    313          return page;
> > > >    314  }
> > > >
> > > > regards,
> > > > dan carpenter
> > >
> > > >From 52889398489d4edc0cb016ae24036b994e3d9ccd Mon Sep 17 00:00:00 2001
> > > From: Jaegeuk Kim <jaegeuk@kernel.org>
> > > Date: Mon, 20 Apr 2015 16:30:14 -0700
> > > Subject: [PATCH] f2fs: fix wrong error hanlder in f2fs_follow_link
> > >
> > > The page_follow_link_light returns NULL and its error pointer was remained
> > > in nd->path.
> > >
> > > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> > > Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
> > > ---
> > >  fs/f2fs/namei.c | 4 ++--
> > >  1 file changed, 2 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
> > > index 407dde3..678b6dd 100644
> > > --- a/fs/f2fs/namei.c
> > > +++ b/fs/f2fs/namei.c
> > > @@ -301,8 +301,8 @@ static void *f2fs_follow_link(struct dentry *dentry, struct nameidata
> *nd)
> > >  	struct page *page;
> > >
> > >  	page = page_follow_link_light(dentry, nd);
> > > -	if (IS_ERR(page))
> > > -		return page;
> > > +	if (!page)
> > > +		return NULL;
> > >
> > >  	/* this is broken symlink case */
> > >  	if (*nd_get_link(nd) == 0) {
> > > --
> > > 2.1.1
> > >
> > > ------------------------------------------------------------------------------
> > > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> > > Develop your own process in accordance with the BPMN 2 standard
> > > Learn Process modeling best practices with Bonita BPM through live exercises
> > > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> > > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> > > _______________________________________________
> > > Linux-f2fs-devel mailing list
> > > Linux-f2fs-devel@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel


------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF

Re: f2fs: avoid abnormal behavior on broken symlink

[Jaegeuk Kim]

Hi Chao,

On Wed, Apr 22, 2015 at 05:31:30PM +0800, Chao Yu wrote:
> Hi Jaegeuk,
> 
> > -----Original Message-----
> > From: Jaegeuk Kim [mailto:jaegeuk@kernel.org]
> > Sent: Wednesday, April 22, 2015 3:49 PM
> > To: Chao Yu
> > Cc: 'Dan Carpenter'; linux-f2fs-devel@lists.sourceforge.net
> > Subject: Re: [f2fs-dev] f2fs: avoid abnormal behavior on broken symlink
> > 
> > Hi Chao,
> > 
> > On Wed, Apr 22, 2015 at 02:28:22PM +0800, Chao Yu wrote:
> > > Hi all,
> > >
> > > > -----Original Message-----
> > > > From: Jaegeuk Kim [mailto:jaegeuk@kernel.org]
> > > > Sent: Wednesday, April 22, 2015 2:21 AM
> > > > To: Dan Carpenter
> > > > Cc: linux-f2fs-devel@lists.sourceforge.net
> > > > Subject: Re: [f2fs-dev] f2fs: avoid abnormal behavior on broken symlink
> > > >
> > > > Hi Dan,
> > > >
> > > > Thank you for letting me know.
> > > > I wrote a patch for this below.
> > > >
> > > > Thanks,
> > > >
> > > > On Mon, Apr 20, 2015 at 05:49:47PM +0300, Dan Carpenter wrote:
> > > > > Hello Jaegeuk Kim,
> > > > >
> > > > > The patch feb7cbb079e6: "f2fs: avoid abnormal behavior on broken
> > > > > symlink" from Apr 15, 2015, leads to the following static checker
> > > > > warning:
> > > > >
> > > > > 	fs/f2fs/namei.c:304 f2fs_follow_link()
> > > > > 	warn: 'page' isn't an ERR_PTR
> > > > >
> > > > > fs/f2fs/namei.c
> > > > >    299  static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> > > > >    300  {
> > > > >    301          struct page *page;
> > > > >    302
> > > > >    303          page = page_follow_link_light(dentry, nd);
> > > > >    304          if (IS_ERR(page))
> > > > >                            ^^^^
> > > > > The code in page_follow_link_light() is a bit hard to follow but it
> > > > > returns NULL on error.
> > >
> > > I try to find out the other callers' error handling method for
> > > page_follow_link_light, and it shows all of them use the "IS_ERR" one.
> > >
> > > In page_follow_link_light I also can't find a path which will return a NULL value.
> > >
> > > So, Dan, is that report from smatch not true? or I made a mistake? If so, please
> > > correct me.
> > 
> > The page_getlink returns ERR_PTR(page) without setting *ppage.
> > So, page_follow_link_light returns NULL and nd->saved_names[nd->depth] has
> > error pointer by nd_set_link().
> 
> Yes, I can see it in last linux-next repo. But in commit 093ee96e7e37
> ("new ->follow_link() and ->put_link() calling conventions"), it has
> been refactored by Al Viro in his tree. You can see it in following link:
> 
> https://git.kernel.org/cgit/linux/kernel/git/viro/vfs.git/commit/?h=link_path_walk&id=093ee96e7e3770b7188ed8aec18378309da3fe79
> 
> If this commit is been merged into mainline, our patch could be a wrong fixing.

AFAICT, that is not merged yet, which means Al needs to change f2fs_follow_link,
since f2fs was merged already.

> 
> So how about keeping this patch and wait?

Sure. At least, I think that can be merged after rc1.

Thanks,

> 
> Thanks,
> 
> > 
> > Thanks,
> > 
> > >
> > > Thanks,
> > >
> > > > >
> > > > >    305                  return page;
> > > > >    306
> > > > >    307          /* this is broken symlink case */
> > > > >    308          if (*nd_get_link(nd) == 0) {
> > > > >    309                  kunmap(page);
> > > > >                         ^^^^^^^^^^^^
> > > > > Potential NULL deref.
> > > > >
> > > > >    310                  page_cache_release(page);
> > > > >    311                  return ERR_PTR(-ENOENT);
> > > > >    312          }
> > > > >    313          return page;
> > > > >    314  }
> > > > >
> > > > > regards,
> > > > > dan carpenter
> > > >
> > > > >From 52889398489d4edc0cb016ae24036b994e3d9ccd Mon Sep 17 00:00:00 2001
> > > > From: Jaegeuk Kim <jaegeuk@kernel.org>
> > > > Date: Mon, 20 Apr 2015 16:30:14 -0700
> > > > Subject: [PATCH] f2fs: fix wrong error hanlder in f2fs_follow_link
> > > >
> > > > The page_follow_link_light returns NULL and its error pointer was remained
> > > > in nd->path.
> > > >
> > > > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> > > > Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
> > > > ---
> > > >  fs/f2fs/namei.c | 4 ++--
> > > >  1 file changed, 2 insertions(+), 2 deletions(-)
> > > >
> > > > diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
> > > > index 407dde3..678b6dd 100644
> > > > --- a/fs/f2fs/namei.c
> > > > +++ b/fs/f2fs/namei.c
> > > > @@ -301,8 +301,8 @@ static void *f2fs_follow_link(struct dentry *dentry, struct nameidata
> > *nd)
> > > >  	struct page *page;
> > > >
> > > >  	page = page_follow_link_light(dentry, nd);
> > > > -	if (IS_ERR(page))
> > > > -		return page;
> > > > +	if (!page)
> > > > +		return NULL;
> > > >
> > > >  	/* this is broken symlink case */
> > > >  	if (*nd_get_link(nd) == 0) {
> > > > --
> > > > 2.1.1
> > > >
> > > > ------------------------------------------------------------------------------
> > > > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> > > > Develop your own process in accordance with the BPMN 2 standard
> > > > Learn Process modeling best practices with Bonita BPM through live exercises
> > > > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> > > > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> > > > _______________________________________________
> > > > Linux-f2fs-devel mailing list
> > > > Linux-f2fs-devel@lists.sourceforge.net
> > > > https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF

Re: f2fs: avoid abnormal behavior on broken symlink

[Dan Carpenter]

On Wed, Apr 22, 2015 at 02:28:22PM +0800, Chao Yu wrote:
> > > fs/f2fs/namei.c
> > >    299  static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> > >    300  {
> > >    301          struct page *page;
> > >    302
> > >    303          page = page_follow_link_light(dentry, nd);
> > >    304          if (IS_ERR(page))
> > >                            ^^^^
> > > The code in page_follow_link_light() is a bit hard to follow but it
> > > returns NULL on error.
> 
> I try to find out the other callers' error handling method for
> page_follow_link_light, and it shows all of them use the "IS_ERR" one.
> 
> In page_follow_link_light I also can't find a path which will return a NULL value.
> 
> So, Dan, is that report from smatch not true? or I made a mistake? If so, please
> correct me.

Smatch is correct, it returns NULL on error.  However, I agree that it
looks like it is supposed to return an ERR_PTR.  Every caller seems to
expect that.

I suspect the right fix is to change page_follow_link_light().  But I
don't know this code very well so I just sent the bug report instead of
fixing it myself.  :)

regards,
dan carpenter

diff --git a/fs/namei.c b/fs/namei.c
index ffab2e0..5ca251e 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -4473,7 +4473,12 @@ EXPORT_SYMBOL(page_readlink);
 void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd)
 {
 	struct page *page = NULL;
-	nd_set_link(nd, page_getlink(dentry, &page));
+	char *link;
+
+	link = page_getlink(dentry, &page);
+	if (IS_ERR(link))
+		return link;
+	nd_set_link(nd, link);
 	return page;
 }
 EXPORT_SYMBOL(page_follow_link_light);

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF

Re: f2fs: avoid abnormal behavior on broken symlink

[Jaegeuk Kim]

On Wed, Apr 22, 2015 at 01:27:22PM +0300, Dan Carpenter wrote:
> On Wed, Apr 22, 2015 at 02:28:22PM +0800, Chao Yu wrote:
> > > > fs/f2fs/namei.c
> > > >    299  static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> > > >    300  {
> > > >    301          struct page *page;
> > > >    302
> > > >    303          page = page_follow_link_light(dentry, nd);
> > > >    304          if (IS_ERR(page))
> > > >                            ^^^^
> > > > The code in page_follow_link_light() is a bit hard to follow but it
> > > > returns NULL on error.
> > 
> > I try to find out the other callers' error handling method for
> > page_follow_link_light, and it shows all of them use the "IS_ERR" one.
> > 
> > In page_follow_link_light I also can't find a path which will return a NULL value.
> > 
> > So, Dan, is that report from smatch not true? or I made a mistake? If so, please
> > correct me.
> 
> Smatch is correct, it returns NULL on error.  However, I agree that it
> looks like it is supposed to return an ERR_PTR.  Every caller seems to
> expect that.

Well, at least, it seems vfs handles the error correctly.
The page_follow_link_light is used only by several filesystems.

And, follow_link is called by:

1. fs/namei.c <<follow_link>>
 -> No problem. It checks the error with nd->saved_names.

2. fs/namei.c <<generic_readlink>>
 -> No problem. The error is checked by readlink_copy.

Whatever it is expected or not, the fact is that there is no bug in vfs.
So at this moment, IMO, it needs to fix f2fs_follow_link by adding
IS_ERR_OR_NULL() to avoid all the cases (including the backporting effort).

As Chao mentioned, it seems that Al is going to fix that with new convention,
though. :)

Thanks,

> 
> I suspect the right fix is to change page_follow_link_light().  But I
> don't know this code very well so I just sent the bug report instead of
> fixing it myself.  :)
> 
> regards,
> dan carpenter
> 
> diff --git a/fs/namei.c b/fs/namei.c
> index ffab2e0..5ca251e 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -4473,7 +4473,12 @@ EXPORT_SYMBOL(page_readlink);
>  void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd)
>  {
>  	struct page *page = NULL;
> -	nd_set_link(nd, page_getlink(dentry, &page));
> +	char *link;
> +
> +	link = page_getlink(dentry, &page);
> +	if (IS_ERR(link))
> +		return link;
> +	nd_set_link(nd, link);
>  	return page;
>  }
>  EXPORT_SYMBOL(page_follow_link_light);

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF

Re: f2fs: avoid abnormal behavior on broken symlink

[Dan Carpenter]

On Wed, Apr 22, 2015 at 11:13:36AM -0700, Jaegeuk Kim wrote:
> On Wed, Apr 22, 2015 at 01:27:22PM +0300, Dan Carpenter wrote:
> > On Wed, Apr 22, 2015 at 02:28:22PM +0800, Chao Yu wrote:
> > > > > fs/f2fs/namei.c
> > > > >    299  static void *f2fs_follow_link(struct dentry *dentry, struct nameidata *nd)
> > > > >    300  {
> > > > >    301          struct page *page;
> > > > >    302
> > > > >    303          page = page_follow_link_light(dentry, nd);
> > > > >    304          if (IS_ERR(page))
> > > > >                            ^^^^
> > > > > The code in page_follow_link_light() is a bit hard to follow but it
> > > > > returns NULL on error.
> > > 
> > > I try to find out the other callers' error handling method for
> > > page_follow_link_light, and it shows all of them use the "IS_ERR" one.
> > > 
> > > In page_follow_link_light I also can't find a path which will return a NULL value.
> > > 
> > > So, Dan, is that report from smatch not true? or I made a mistake? If so, please
> > > correct me.
> > 
> > Smatch is correct, it returns NULL on error.  However, I agree that it
> > looks like it is supposed to return an ERR_PTR.  Every caller seems to
> > expect that.
> 
> Well, at least, it seems vfs handles the error correctly.
> The page_follow_link_light is used only by several filesystems.
> 
> And, follow_link is called by:
> 
> 1. fs/namei.c <<follow_link>>
>  -> No problem. It checks the error with nd->saved_names.
> 
> 2. fs/namei.c <<generic_readlink>>
>  -> No problem. The error is checked by readlink_copy.

You're right.  My patch was wrong because it doesn't set
nd->saved_names.  But wow, though!  So convoluted!

  4423  /*
  4424   * A helper for ->readlink().  This should be used *ONLY* for symlinks that
  4425   * have ->follow_link() touching nd only in nd_set_link().  Using (or not
  4426   * using) it for any given inode is up to filesystem.
  4427   */
  4428  int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
  4429  {
  4430          struct nameidata nd;
  4431          void *cookie;
  4432          int res;
  4433  
  4434          nd.depth = 0;
  4435          cookie = dentry->d_inode->i_op->follow_link(dentry, &nd);
  4436          if (IS_ERR(cookie))
  4437                  return PTR_ERR(cookie);

Even though we don't return here, the rest of the function is a no-op.

  4438  
  4439          res = readlink_copy(buffer, buflen, nd_get_link(&nd));
  4440          if (dentry->d_inode->i_op->put_link)
  4441                  dentry->d_inode->i_op->put_link(dentry, &nd, cookie);
  4442          return res;
  4443  }
  4444  EXPORT_SYMBOL(generic_readlink);

> 
> Whatever it is expected or not, the fact is that there is no bug in vfs.
> So at this moment, IMO, it needs to fix f2fs_follow_link by adding
> IS_ERR_OR_NULL() to avoid all the cases (including the backporting effort).
> 

I guess that works...  The follow_link() functions often seem to return
NULL on sucess.  But the page_follow_link_light() only returns NULL on
error.  It's very strange.

regards,
dan carpenter


------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF