* [PATCH 0/3] ntfs: Bug fixes for attrib.c
@ 2026-02-26 16:09 Ethan Tidmore
2026-02-26 16:09 ` [PATCH 1/3] ntfs: Place check before dereference Ethan Tidmore
` (3 more replies)
0 siblings, 4 replies; 8+ messages in thread
From: Ethan Tidmore @ 2026-02-26 16:09 UTC (permalink / raw)
To: linkinjeon, hyc.lee; +Cc: linux-fsdevel, linux-kernel, Ethan Tidmore
Here are three bug fixes found with Smatch.
Ethan Tidmore (3):
ntfs: Place check before dereference
ntfs: Add missing error code
ntfs: Fix possible deadlock
fs/ntfs/attrib.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
--
2.53.0
^ permalink raw reply [flat|nested] 8+ messages in thread* [PATCH 1/3] ntfs: Place check before dereference 2026-02-26 16:09 [PATCH 0/3] ntfs: Bug fixes for attrib.c Ethan Tidmore @ 2026-02-26 16:09 ` Ethan Tidmore 2026-02-27 2:32 ` Hyunchul Lee 2026-02-26 16:09 ` [PATCH 2/3] ntfs: Add missing error code Ethan Tidmore ` (2 subsequent siblings) 3 siblings, 1 reply; 8+ messages in thread From: Ethan Tidmore @ 2026-02-26 16:09 UTC (permalink / raw) To: linkinjeon, hyc.lee; +Cc: linux-fsdevel, linux-kernel, Ethan Tidmore The variable ni has the possiblity of being null and is checked for it but, only after it was dereferenced in a log message. Put check before dereference. Detected by Smatch: fs/ntfs/attrib.c:2115 ntfs_resident_attr_record_add() warn: variable dereferenced before check 'ni' (see line 2111) fs/ntfs/attrib.c:2237 ntfs_non_resident_attr_record_add() warn: variable dereferenced before check 'ni' (see line 2232) Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com> --- fs/ntfs/attrib.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c index e8285264f619..e260540eb7c5 100644 --- a/fs/ntfs/attrib.c +++ b/fs/ntfs/attrib.c @@ -2108,13 +2108,13 @@ int ntfs_resident_attr_record_add(struct ntfs_inode *ni, __le32 type, int err, offset; struct ntfs_inode *base_ni; + if (!ni || (!name && name_len)) + return -EINVAL; + ntfs_debug("Entering for inode 0x%llx, attr 0x%x, flags 0x%x.\n", (long long) ni->mft_no, (unsigned int) le32_to_cpu(type), (unsigned int) le16_to_cpu(flags)); - if (!ni || (!name && name_len)) - return -EINVAL; - err = ntfs_attr_can_be_resident(ni->vol, type); if (err) { if (err == -EPERM) @@ -2229,14 +2229,14 @@ static int ntfs_non_resident_attr_record_add(struct ntfs_inode *ni, __le32 type, struct ntfs_inode *base_ni; int err, offset; + if (!ni || dataruns_size <= 0 || (!name && name_len)) + return -EINVAL; + ntfs_debug("Entering for inode 0x%llx, attr 0x%x, lowest_vcn %lld, dataruns_size %d, flags 0x%x.\n", (long long) ni->mft_no, (unsigned int) le32_to_cpu(type), (long long) lowest_vcn, dataruns_size, (unsigned int) le16_to_cpu(flags)); - if (!ni || dataruns_size <= 0 || (!name && name_len)) - return -EINVAL; - err = ntfs_attr_can_be_non_resident(ni->vol, type); if (err) { if (err == -EPERM) -- 2.53.0 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 1/3] ntfs: Place check before dereference 2026-02-26 16:09 ` [PATCH 1/3] ntfs: Place check before dereference Ethan Tidmore @ 2026-02-27 2:32 ` Hyunchul Lee 0 siblings, 0 replies; 8+ messages in thread From: Hyunchul Lee @ 2026-02-27 2:32 UTC (permalink / raw) To: Ethan Tidmore; +Cc: linkinjeon, linux-fsdevel, linux-kernel On Thu, Feb 26, 2026 at 10:09:04AM -0600, Ethan Tidmore wrote: > The variable ni has the possiblity of being null and is checked for it > but, only after it was dereferenced in a log message. > > Put check before dereference. > > Detected by Smatch: > fs/ntfs/attrib.c:2115 ntfs_resident_attr_record_add() warn: > variable dereferenced before check 'ni' (see line 2111) > > fs/ntfs/attrib.c:2237 ntfs_non_resident_attr_record_add() warn: > variable dereferenced before check 'ni' (see line 2232) > > Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com> Looks good to me. Thank for the patch Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> > --- > fs/ntfs/attrib.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > > diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c > index e8285264f619..e260540eb7c5 100644 > --- a/fs/ntfs/attrib.c > +++ b/fs/ntfs/attrib.c > @@ -2108,13 +2108,13 @@ int ntfs_resident_attr_record_add(struct ntfs_inode *ni, __le32 type, > int err, offset; > struct ntfs_inode *base_ni; > > + if (!ni || (!name && name_len)) > + return -EINVAL; > + > ntfs_debug("Entering for inode 0x%llx, attr 0x%x, flags 0x%x.\n", > (long long) ni->mft_no, (unsigned int) le32_to_cpu(type), > (unsigned int) le16_to_cpu(flags)); > > - if (!ni || (!name && name_len)) > - return -EINVAL; > - > err = ntfs_attr_can_be_resident(ni->vol, type); > if (err) { > if (err == -EPERM) > @@ -2229,14 +2229,14 @@ static int ntfs_non_resident_attr_record_add(struct ntfs_inode *ni, __le32 type, > struct ntfs_inode *base_ni; > int err, offset; > > + if (!ni || dataruns_size <= 0 || (!name && name_len)) > + return -EINVAL; > + > ntfs_debug("Entering for inode 0x%llx, attr 0x%x, lowest_vcn %lld, dataruns_size %d, flags 0x%x.\n", > (long long) ni->mft_no, (unsigned int) le32_to_cpu(type), > (long long) lowest_vcn, dataruns_size, > (unsigned int) le16_to_cpu(flags)); > > - if (!ni || dataruns_size <= 0 || (!name && name_len)) > - return -EINVAL; > - > err = ntfs_attr_can_be_non_resident(ni->vol, type); > if (err) { > if (err == -EPERM) > -- > 2.53.0 > -- Thanks, Hyunchul ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 2/3] ntfs: Add missing error code 2026-02-26 16:09 [PATCH 0/3] ntfs: Bug fixes for attrib.c Ethan Tidmore 2026-02-26 16:09 ` [PATCH 1/3] ntfs: Place check before dereference Ethan Tidmore @ 2026-02-26 16:09 ` Ethan Tidmore 2026-02-27 2:37 ` Hyunchul Lee 2026-02-26 16:09 ` [PATCH 3/3] ntfs: Fix possible deadlock Ethan Tidmore 2026-02-27 9:44 ` [PATCH 0/3] ntfs: Bug fixes for attrib.c Namjae Jeon 3 siblings, 1 reply; 8+ messages in thread From: Ethan Tidmore @ 2026-02-26 16:09 UTC (permalink / raw) To: linkinjeon, hyc.lee; +Cc: linux-fsdevel, linux-kernel, Ethan Tidmore If ntfs_attr_iget() fails no error code is assigned to be returned. Detected by Smatch: fs/ntfs/attrib.c:2665 ntfs_attr_add() warn: missing error code 'err' Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com> --- fs/ntfs/attrib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c index e260540eb7c5..71ad870eceac 100644 --- a/fs/ntfs/attrib.c +++ b/fs/ntfs/attrib.c @@ -2661,6 +2661,7 @@ int ntfs_attr_add(struct ntfs_inode *ni, __le32 type, /* Open new attribute and resize it. */ attr_vi = ntfs_attr_iget(VFS_I(ni), type, name, name_len); if (IS_ERR(attr_vi)) { + err = PTR_ERR(attr_vi); ntfs_error(sb, "Failed to open just added attribute"); goto rm_attr_err_out; } -- 2.53.0 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 2/3] ntfs: Add missing error code 2026-02-26 16:09 ` [PATCH 2/3] ntfs: Add missing error code Ethan Tidmore @ 2026-02-27 2:37 ` Hyunchul Lee 0 siblings, 0 replies; 8+ messages in thread From: Hyunchul Lee @ 2026-02-27 2:37 UTC (permalink / raw) To: Ethan Tidmore; +Cc: linkinjeon, linux-fsdevel, linux-kernel On Thu, Feb 26, 2026 at 10:09:05AM -0600, Ethan Tidmore wrote: > If ntfs_attr_iget() fails no error code is assigned to be returned. > > Detected by Smatch: > fs/ntfs/attrib.c:2665 ntfs_attr_add() warn: > missing error code 'err' > > Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com> Looks good to me. Thank for the patch Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> > --- > fs/ntfs/attrib.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c > index e260540eb7c5..71ad870eceac 100644 > --- a/fs/ntfs/attrib.c > +++ b/fs/ntfs/attrib.c > @@ -2661,6 +2661,7 @@ int ntfs_attr_add(struct ntfs_inode *ni, __le32 type, > /* Open new attribute and resize it. */ > attr_vi = ntfs_attr_iget(VFS_I(ni), type, name, name_len); > if (IS_ERR(attr_vi)) { > + err = PTR_ERR(attr_vi); > ntfs_error(sb, "Failed to open just added attribute"); > goto rm_attr_err_out; > } > -- > 2.53.0 > -- Thanks, Hyunchul ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 3/3] ntfs: Fix possible deadlock 2026-02-26 16:09 [PATCH 0/3] ntfs: Bug fixes for attrib.c Ethan Tidmore 2026-02-26 16:09 ` [PATCH 1/3] ntfs: Place check before dereference Ethan Tidmore 2026-02-26 16:09 ` [PATCH 2/3] ntfs: Add missing error code Ethan Tidmore @ 2026-02-26 16:09 ` Ethan Tidmore 2026-02-27 2:38 ` Hyunchul Lee 2026-02-27 9:44 ` [PATCH 0/3] ntfs: Bug fixes for attrib.c Namjae Jeon 3 siblings, 1 reply; 8+ messages in thread From: Ethan Tidmore @ 2026-02-26 16:09 UTC (permalink / raw) To: linkinjeon, hyc.lee; +Cc: linux-fsdevel, linux-kernel, Ethan Tidmore In the error path for ntfs_attr_map_whole_runlist() the lock is not released. Add release for lock. Detected by Smatch: fs/ntfs/attrib.c:5197 ntfs_non_resident_attr_collapse_range() warn: inconsistent returns '&ni->runlist.lock'. Fixes: 495e90fa33482 ("ntfs: update attrib operations") Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com> --- fs/ntfs/attrib.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c index 71ad870eceac..2af45df2aab1 100644 --- a/fs/ntfs/attrib.c +++ b/fs/ntfs/attrib.c @@ -5124,8 +5124,10 @@ int ntfs_non_resident_attr_collapse_range(struct ntfs_inode *ni, s64 start_vcn, down_write(&ni->runlist.lock); ret = ntfs_attr_map_whole_runlist(ni); - if (ret) + if (ret) { + up_write(&ni->runlist.lock); return ret; + } len = min(len, end_vcn - start_vcn); for (rl = ni->runlist.rl, dst_cnt = 0; rl && rl->length; rl++) -- 2.53.0 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 3/3] ntfs: Fix possible deadlock 2026-02-26 16:09 ` [PATCH 3/3] ntfs: Fix possible deadlock Ethan Tidmore @ 2026-02-27 2:38 ` Hyunchul Lee 0 siblings, 0 replies; 8+ messages in thread From: Hyunchul Lee @ 2026-02-27 2:38 UTC (permalink / raw) To: Ethan Tidmore; +Cc: linkinjeon, linux-fsdevel, linux-kernel On Thu, Feb 26, 2026 at 10:09:06AM -0600, Ethan Tidmore wrote: > In the error path for ntfs_attr_map_whole_runlist() the lock is not > released. > > Add release for lock. > > Detected by Smatch: > fs/ntfs/attrib.c:5197 ntfs_non_resident_attr_collapse_range() warn: > inconsistent returns '&ni->runlist.lock'. > > Fixes: 495e90fa33482 ("ntfs: update attrib operations") > Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com> Looks good to me. Thank for the patch Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> > --- > fs/ntfs/attrib.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c > index 71ad870eceac..2af45df2aab1 100644 > --- a/fs/ntfs/attrib.c > +++ b/fs/ntfs/attrib.c > @@ -5124,8 +5124,10 @@ int ntfs_non_resident_attr_collapse_range(struct ntfs_inode *ni, s64 start_vcn, > > down_write(&ni->runlist.lock); > ret = ntfs_attr_map_whole_runlist(ni); > - if (ret) > + if (ret) { > + up_write(&ni->runlist.lock); > return ret; > + } > > len = min(len, end_vcn - start_vcn); > for (rl = ni->runlist.rl, dst_cnt = 0; rl && rl->length; rl++) > -- > 2.53.0 > -- Thanks, Hyunchul ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/3] ntfs: Bug fixes for attrib.c 2026-02-26 16:09 [PATCH 0/3] ntfs: Bug fixes for attrib.c Ethan Tidmore ` (2 preceding siblings ...) 2026-02-26 16:09 ` [PATCH 3/3] ntfs: Fix possible deadlock Ethan Tidmore @ 2026-02-27 9:44 ` Namjae Jeon 3 siblings, 0 replies; 8+ messages in thread From: Namjae Jeon @ 2026-02-27 9:44 UTC (permalink / raw) To: Ethan Tidmore; +Cc: hyc.lee, linux-fsdevel, linux-kernel On Fri, Feb 27, 2026 at 1:09 AM Ethan Tidmore <ethantidmore06@gmail.com> wrote: > > Here are three bug fixes found with Smatch. > > Ethan Tidmore (3): > ntfs: Place check before dereference > ntfs: Add missing error code > ntfs: Fix possible deadlock Applied them to #ntfs-next. Thanks! ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2026-02-27 9:45 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-02-26 16:09 [PATCH 0/3] ntfs: Bug fixes for attrib.c Ethan Tidmore 2026-02-26 16:09 ` [PATCH 1/3] ntfs: Place check before dereference Ethan Tidmore 2026-02-27 2:32 ` Hyunchul Lee 2026-02-26 16:09 ` [PATCH 2/3] ntfs: Add missing error code Ethan Tidmore 2026-02-27 2:37 ` Hyunchul Lee 2026-02-26 16:09 ` [PATCH 3/3] ntfs: Fix possible deadlock Ethan Tidmore 2026-02-27 2:38 ` Hyunchul Lee 2026-02-27 9:44 ` [PATCH 0/3] ntfs: Bug fixes for attrib.c Namjae Jeon
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox