From: Dan Carpenter <dan.carpenter@oracle.com>
To: Omar Sandoval <osandov@osandov.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch] posix_acl: cleanup posix_acl_create()
Date: Tue, 27 Jan 2015 09:45:36 +0300 [thread overview]
Message-ID: <20150127064536.GQ6456@mwanda> (raw)
In-Reply-To: <20150127045209.GA1608@mew>
On Mon, Jan 26, 2015 at 08:52:09PM -0800, Omar Sandoval wrote:
> Hi, Dan,
>
> On Sat, Jan 24, 2015 at 10:31:24PM +0300, Dan Carpenter wrote:
> > If posix_acl_create() returns an error code then "*acl" and
> > "*default_acl" can be uninitialized or point to freed memory. This
> > causes problems in some of the callers where it is expected that they
> > are NULL on error. For example, ocfs2_reflink() has a bug.
> >
> > fs/ocfs2/refcounttree.c:4329 ocfs2_reflink()
> > error: potentially using uninitialized 'default_acl'.
> >
> > I have re-written this function and re-arranged things so that they are
> > set to NULL at the start and then only set to a valid pointer at the end
> > of the function.
> >
> I'm inclined to blame ocfs2 and not posix_acl_create() here. I'd imagine
> that most C programmers' intuition is generally not to trust any return
> parameters when the return value is an error. Accordingly, a quick scan
> of the tree showed that all of the other users of posix_acl_create() are
> doing it correctly and only calling posix_acl_release() when it returns
> success.
Both ocfs2_reflink() and posix_acl_create() are ugly.
ocfs2_reflink() uses an "out:" label. Whenever you see an "out:" label
then, hopefully, people are just too lazy to name their labels but a lot
of the time an out label means the code is going to do something stupid.
In this case, it's doing "one err" style error handling where it just
has one error label that tries to free everything including the stuff
that was never allocated. One Err Bugs like this are very common in the
kernel.
Still it's bad to return freed pointers because you know that it's going
to cause double frees. And also posix_acl_create() was messy in
general.
Both functions should be cleaned up but I am too busy to clean up the
whole kernel.
regards,
dan carpenter
next prev parent reply other threads:[~2015-01-27 6:45 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-24 19:31 [patch] posix_acl: cleanup posix_acl_create() Dan Carpenter
2015-01-27 4:52 ` Omar Sandoval
2015-01-27 6:45 ` Dan Carpenter [this message]
2015-03-05 17:46 ` [patch 1/2] ocfs2: dereferencing freed pointers in ocfs2_reflink() Dan Carpenter
2015-03-09 15:02 ` Mark Fasheh
2015-03-05 17:47 ` [patch 2/2 v2] posix_acl: make posix_acl_create() safer and cleaner Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150127064536.GQ6456@mwanda \
--to=dan.carpenter@oracle.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=osandov@osandov.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).