[PATCH 0/3] ntfs: Bug fixes for attrib.c

public inbox for linux-fsdevel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH 0/3] ntfs: Bug fixes for attrib.c
@ 2026-02-26 16:09 Ethan Tidmore
  2026-02-26 16:09 ` [PATCH 1/3] ntfs: Place check before dereference Ethan Tidmore
                   ` (3 more replies)
  0 siblings, 4 replies; 8+ messages in thread
From: Ethan Tidmore @ 2026-02-26 16:09 UTC (permalink / raw)
  To: linkinjeon, hyc.lee; +Cc: linux-fsdevel, linux-kernel, Ethan Tidmore

Here are three bug fixes found with Smatch.

Ethan Tidmore (3):
  ntfs: Place check before dereference
  ntfs: Add missing error code
  ntfs: Fix possible deadlock

 fs/ntfs/attrib.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

-- 
2.53.0


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH 1/3] ntfs: Place check before dereference
  2026-02-26 16:09 [PATCH 0/3] ntfs: Bug fixes for attrib.c Ethan Tidmore
@ 2026-02-26 16:09 ` Ethan Tidmore
  2026-02-27  2:32   ` Hyunchul Lee
  2026-02-26 16:09 ` [PATCH 2/3] ntfs: Add missing error code Ethan Tidmore
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 8+ messages in thread
From: Ethan Tidmore @ 2026-02-26 16:09 UTC (permalink / raw)
  To: linkinjeon, hyc.lee; +Cc: linux-fsdevel, linux-kernel, Ethan Tidmore

The variable ni has the possiblity of being null and is checked for it
but, only after it was dereferenced in a log message.

Put check before dereference.

Detected by Smatch:
fs/ntfs/attrib.c:2115 ntfs_resident_attr_record_add() warn:
variable dereferenced before check 'ni' (see line 2111)

fs/ntfs/attrib.c:2237 ntfs_non_resident_attr_record_add() warn:
variable dereferenced before check 'ni' (see line 2232)

Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com>
---
 fs/ntfs/attrib.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c
index e8285264f619..e260540eb7c5 100644
--- a/fs/ntfs/attrib.c
+++ b/fs/ntfs/attrib.c
@@ -2108,13 +2108,13 @@ int ntfs_resident_attr_record_add(struct ntfs_inode *ni, __le32 type,
 	int err, offset;
 	struct ntfs_inode *base_ni;
 
+	if (!ni || (!name && name_len))
+		return -EINVAL;
+
 	ntfs_debug("Entering for inode 0x%llx, attr 0x%x, flags 0x%x.\n",
 			(long long) ni->mft_no, (unsigned int) le32_to_cpu(type),
 			(unsigned int) le16_to_cpu(flags));
 
-	if (!ni || (!name && name_len))
-		return -EINVAL;
-
 	err = ntfs_attr_can_be_resident(ni->vol, type);
 	if (err) {
 		if (err == -EPERM)
@@ -2229,14 +2229,14 @@ static int ntfs_non_resident_attr_record_add(struct ntfs_inode *ni, __le32 type,
 	struct ntfs_inode *base_ni;
 	int err, offset;
 
+	if (!ni || dataruns_size <= 0 || (!name && name_len))
+		return -EINVAL;
+
 	ntfs_debug("Entering for inode 0x%llx, attr 0x%x, lowest_vcn %lld, dataruns_size %d, flags 0x%x.\n",
 			(long long) ni->mft_no, (unsigned int) le32_to_cpu(type),
 			(long long) lowest_vcn, dataruns_size,
 			(unsigned int) le16_to_cpu(flags));
 
-	if (!ni || dataruns_size <= 0 || (!name && name_len))
-		return -EINVAL;
-
 	err = ntfs_attr_can_be_non_resident(ni->vol, type);
 	if (err) {
 		if (err == -EPERM)
-- 
2.53.0


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH 2/3] ntfs: Add missing error code
  2026-02-26 16:09 [PATCH 0/3] ntfs: Bug fixes for attrib.c Ethan Tidmore
  2026-02-26 16:09 ` [PATCH 1/3] ntfs: Place check before dereference Ethan Tidmore
@ 2026-02-26 16:09 ` Ethan Tidmore
  2026-02-27  2:37   ` Hyunchul Lee
  2026-02-26 16:09 ` [PATCH 3/3] ntfs: Fix possible deadlock Ethan Tidmore
  2026-02-27  9:44 ` [PATCH 0/3] ntfs: Bug fixes for attrib.c Namjae Jeon
  3 siblings, 1 reply; 8+ messages in thread
From: Ethan Tidmore @ 2026-02-26 16:09 UTC (permalink / raw)
  To: linkinjeon, hyc.lee; +Cc: linux-fsdevel, linux-kernel, Ethan Tidmore

If ntfs_attr_iget() fails no error code is assigned to be returned.

Detected by Smatch:
fs/ntfs/attrib.c:2665 ntfs_attr_add() warn:
missing error code 'err'

Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com>
---
 fs/ntfs/attrib.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c
index e260540eb7c5..71ad870eceac 100644
--- a/fs/ntfs/attrib.c
+++ b/fs/ntfs/attrib.c
@@ -2661,6 +2661,7 @@ int ntfs_attr_add(struct ntfs_inode *ni, __le32 type,
 	/* Open new attribute and resize it. */
 	attr_vi = ntfs_attr_iget(VFS_I(ni), type, name, name_len);
 	if (IS_ERR(attr_vi)) {
+		err = PTR_ERR(attr_vi);
 		ntfs_error(sb, "Failed to open just added attribute");
 		goto rm_attr_err_out;
 	}
-- 
2.53.0


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH 3/3] ntfs: Fix possible deadlock
  2026-02-26 16:09 [PATCH 0/3] ntfs: Bug fixes for attrib.c Ethan Tidmore
  2026-02-26 16:09 ` [PATCH 1/3] ntfs: Place check before dereference Ethan Tidmore
  2026-02-26 16:09 ` [PATCH 2/3] ntfs: Add missing error code Ethan Tidmore
@ 2026-02-26 16:09 ` Ethan Tidmore
  2026-02-27  2:38   ` Hyunchul Lee
  2026-02-27  9:44 ` [PATCH 0/3] ntfs: Bug fixes for attrib.c Namjae Jeon
  3 siblings, 1 reply; 8+ messages in thread
From: Ethan Tidmore @ 2026-02-26 16:09 UTC (permalink / raw)
  To: linkinjeon, hyc.lee; +Cc: linux-fsdevel, linux-kernel, Ethan Tidmore

In the error path for ntfs_attr_map_whole_runlist() the lock is not
released.

Add release for lock.

Detected by Smatch:
fs/ntfs/attrib.c:5197 ntfs_non_resident_attr_collapse_range() warn:
inconsistent returns '&ni->runlist.lock'.

Fixes: 495e90fa33482 ("ntfs: update attrib operations")
Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com>
---
 fs/ntfs/attrib.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c
index 71ad870eceac..2af45df2aab1 100644
--- a/fs/ntfs/attrib.c
+++ b/fs/ntfs/attrib.c
@@ -5124,8 +5124,10 @@ int ntfs_non_resident_attr_collapse_range(struct ntfs_inode *ni, s64 start_vcn,
 
 	down_write(&ni->runlist.lock);
 	ret = ntfs_attr_map_whole_runlist(ni);
-	if (ret)
+	if (ret) {
+		up_write(&ni->runlist.lock);
 		return ret;
+	}
 
 	len = min(len, end_vcn - start_vcn);
 	for (rl = ni->runlist.rl, dst_cnt = 0; rl && rl->length; rl++)
-- 
2.53.0


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [PATCH 1/3] ntfs: Place check before dereference
  2026-02-26 16:09 ` [PATCH 1/3] ntfs: Place check before dereference Ethan Tidmore
@ 2026-02-27  2:32   ` Hyunchul Lee
  0 siblings, 0 replies; 8+ messages in thread
From: Hyunchul Lee @ 2026-02-27  2:32 UTC (permalink / raw)
  To: Ethan Tidmore; +Cc: linkinjeon, linux-fsdevel, linux-kernel

On Thu, Feb 26, 2026 at 10:09:04AM -0600, Ethan Tidmore wrote:
> The variable ni has the possiblity of being null and is checked for it
> but, only after it was dereferenced in a log message.
> 
> Put check before dereference.
> 
> Detected by Smatch:
> fs/ntfs/attrib.c:2115 ntfs_resident_attr_record_add() warn:
> variable dereferenced before check 'ni' (see line 2111)
> 
> fs/ntfs/attrib.c:2237 ntfs_non_resident_attr_record_add() warn:
> variable dereferenced before check 'ni' (see line 2232)
> 
> Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com>

Looks good to me. Thank for the patch

Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> 
> ---
>  fs/ntfs/attrib.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c
> index e8285264f619..e260540eb7c5 100644
> --- a/fs/ntfs/attrib.c
> +++ b/fs/ntfs/attrib.c
> @@ -2108,13 +2108,13 @@ int ntfs_resident_attr_record_add(struct ntfs_inode *ni, __le32 type,
>  	int err, offset;
>  	struct ntfs_inode *base_ni;
>  
> +	if (!ni || (!name && name_len))
> +		return -EINVAL;
> +
>  	ntfs_debug("Entering for inode 0x%llx, attr 0x%x, flags 0x%x.\n",
>  			(long long) ni->mft_no, (unsigned int) le32_to_cpu(type),
>  			(unsigned int) le16_to_cpu(flags));
>  
> -	if (!ni || (!name && name_len))
> -		return -EINVAL;
> -
>  	err = ntfs_attr_can_be_resident(ni->vol, type);
>  	if (err) {
>  		if (err == -EPERM)
> @@ -2229,14 +2229,14 @@ static int ntfs_non_resident_attr_record_add(struct ntfs_inode *ni, __le32 type,
>  	struct ntfs_inode *base_ni;
>  	int err, offset;
>  
> +	if (!ni || dataruns_size <= 0 || (!name && name_len))
> +		return -EINVAL;
> +
>  	ntfs_debug("Entering for inode 0x%llx, attr 0x%x, lowest_vcn %lld, dataruns_size %d, flags 0x%x.\n",
>  			(long long) ni->mft_no, (unsigned int) le32_to_cpu(type),
>  			(long long) lowest_vcn, dataruns_size,
>  			(unsigned int) le16_to_cpu(flags));
>  
> -	if (!ni || dataruns_size <= 0 || (!name && name_len))
> -		return -EINVAL;
> -
>  	err = ntfs_attr_can_be_non_resident(ni->vol, type);
>  	if (err) {
>  		if (err == -EPERM)
> -- 
> 2.53.0
> 

-- 
Thanks,
Hyunchul

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 2/3] ntfs: Add missing error code
  2026-02-26 16:09 ` [PATCH 2/3] ntfs: Add missing error code Ethan Tidmore
@ 2026-02-27  2:37   ` Hyunchul Lee
  0 siblings, 0 replies; 8+ messages in thread
From: Hyunchul Lee @ 2026-02-27  2:37 UTC (permalink / raw)
  To: Ethan Tidmore; +Cc: linkinjeon, linux-fsdevel, linux-kernel

On Thu, Feb 26, 2026 at 10:09:05AM -0600, Ethan Tidmore wrote:
> If ntfs_attr_iget() fails no error code is assigned to be returned.
> 
> Detected by Smatch:
> fs/ntfs/attrib.c:2665 ntfs_attr_add() warn:
> missing error code 'err'
> 
> Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com>

Looks good to me. Thank for the patch

Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> 
> ---
>  fs/ntfs/attrib.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c
> index e260540eb7c5..71ad870eceac 100644
> --- a/fs/ntfs/attrib.c
> +++ b/fs/ntfs/attrib.c
> @@ -2661,6 +2661,7 @@ int ntfs_attr_add(struct ntfs_inode *ni, __le32 type,
>  	/* Open new attribute and resize it. */
>  	attr_vi = ntfs_attr_iget(VFS_I(ni), type, name, name_len);
>  	if (IS_ERR(attr_vi)) {
> +		err = PTR_ERR(attr_vi);
>  		ntfs_error(sb, "Failed to open just added attribute");
>  		goto rm_attr_err_out;
>  	}
> -- 
> 2.53.0
> 

-- 
Thanks,
Hyunchul

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 3/3] ntfs: Fix possible deadlock
  2026-02-26 16:09 ` [PATCH 3/3] ntfs: Fix possible deadlock Ethan Tidmore
@ 2026-02-27  2:38   ` Hyunchul Lee
  0 siblings, 0 replies; 8+ messages in thread
From: Hyunchul Lee @ 2026-02-27  2:38 UTC (permalink / raw)
  To: Ethan Tidmore; +Cc: linkinjeon, linux-fsdevel, linux-kernel

On Thu, Feb 26, 2026 at 10:09:06AM -0600, Ethan Tidmore wrote:
> In the error path for ntfs_attr_map_whole_runlist() the lock is not
> released.
> 
> Add release for lock.
> 
> Detected by Smatch:
> fs/ntfs/attrib.c:5197 ntfs_non_resident_attr_collapse_range() warn:
> inconsistent returns '&ni->runlist.lock'.
> 
> Fixes: 495e90fa33482 ("ntfs: update attrib operations")
> Signed-off-by: Ethan Tidmore <ethantidmore06@gmail.com>

Looks good to me. Thank for the patch

Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> 
> ---
>  fs/ntfs/attrib.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c
> index 71ad870eceac..2af45df2aab1 100644
> --- a/fs/ntfs/attrib.c
> +++ b/fs/ntfs/attrib.c
> @@ -5124,8 +5124,10 @@ int ntfs_non_resident_attr_collapse_range(struct ntfs_inode *ni, s64 start_vcn,
>  
>  	down_write(&ni->runlist.lock);
>  	ret = ntfs_attr_map_whole_runlist(ni);
> -	if (ret)
> +	if (ret) {
> +		up_write(&ni->runlist.lock);
>  		return ret;
> +	}
>  
>  	len = min(len, end_vcn - start_vcn);
>  	for (rl = ni->runlist.rl, dst_cnt = 0; rl && rl->length; rl++)
> -- 
> 2.53.0
> 

-- 
Thanks,
Hyunchul

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 0/3] ntfs: Bug fixes for attrib.c
  2026-02-26 16:09 [PATCH 0/3] ntfs: Bug fixes for attrib.c Ethan Tidmore
                   ` (2 preceding siblings ...)
  2026-02-26 16:09 ` [PATCH 3/3] ntfs: Fix possible deadlock Ethan Tidmore
@ 2026-02-27  9:44 ` Namjae Jeon
  3 siblings, 0 replies; 8+ messages in thread
From: Namjae Jeon @ 2026-02-27  9:44 UTC (permalink / raw)
  To: Ethan Tidmore; +Cc: hyc.lee, linux-fsdevel, linux-kernel

On Fri, Feb 27, 2026 at 1:09 AM Ethan Tidmore <ethantidmore06@gmail.com> wrote:
>
> Here are three bug fixes found with Smatch.
>
> Ethan Tidmore (3):
>   ntfs: Place check before dereference
>   ntfs: Add missing error code
>   ntfs: Fix possible deadlock
Applied them to #ntfs-next.
Thanks!

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2026-02-27  9:45 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-26 16:09 [PATCH 0/3] ntfs: Bug fixes for attrib.c Ethan Tidmore
2026-02-26 16:09 ` [PATCH 1/3] ntfs: Place check before dereference Ethan Tidmore
2026-02-27  2:32   ` Hyunchul Lee
2026-02-26 16:09 ` [PATCH 2/3] ntfs: Add missing error code Ethan Tidmore
2026-02-27  2:37   ` Hyunchul Lee
2026-02-26 16:09 ` [PATCH 3/3] ntfs: Fix possible deadlock Ethan Tidmore
2026-02-27  2:38   ` Hyunchul Lee
2026-02-27  9:44 ` [PATCH 0/3] ntfs: Bug fixes for attrib.c Namjae Jeon

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox