* [PATCH] ceph: fix potential ERR_PTR dereference in ceph_submit_write()
@ 2026-04-17 8:06 Hongling Zeng
2026-04-17 17:48 ` Viacheslav Dubeyko
0 siblings, 1 reply; 3+ messages in thread
From: Hongling Zeng @ 2026-04-17 8:06 UTC (permalink / raw)
To: idryomov, amarkuze, slava, brauner
Cc: ceph-devel, linux-kernel, zhongling0719, Hongling Zeng
Fix smatch warning:
fs/ceph/addr.c:1489 ceph_submit_write() error: 'req' dereferencing possible ERR_PTR()
Add a check to ensure req is not an ERR_PTR before calling
ceph_osdc_put_request().
Fixes: 1551ec61dc55 ("ceph: improve error handling in writeback")
Signed-off-by: Hongling Zeng <zenghongling@kylinos.cn>
---
fs/ceph/addr.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c
index fa4f25f99409..6091818674be 100644
--- a/fs/ceph/addr.c
+++ b/fs/ceph/addr.c
@@ -1468,7 +1468,8 @@ int ceph_submit_write(struct address_space *mapping,
unlock_page(page);
}
- ceph_osdc_put_request(req);
+ if (!IS_ERR(req))
+ ceph_osdc_put_request(req);
return -EIO;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] ceph: fix potential ERR_PTR dereference in ceph_submit_write()
2026-04-17 8:06 [PATCH] ceph: fix potential ERR_PTR dereference in ceph_submit_write() Hongling Zeng
@ 2026-04-17 17:48 ` Viacheslav Dubeyko
2026-04-20 6:28 ` nana
0 siblings, 1 reply; 3+ messages in thread
From: Viacheslav Dubeyko @ 2026-04-17 17:48 UTC (permalink / raw)
To: idryomov@gmail.com, zenghongling@kylinos.cn, slava@dubeyko.com,
Alex Markuze, brauner@kernel.org
Cc: ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org,
zhongling0719@126.com
On Fri, 2026-04-17 at 16:06 +0800, Hongling Zeng wrote:
> Fix smatch warning:
> fs/ceph/addr.c:1489 ceph_submit_write() error: 'req' dereferencing possible ERR_PTR()
>
> Add a check to ensure req is not an ERR_PTR before calling
> ceph_osdc_put_request().
>
> Fixes: 1551ec61dc55 ("ceph: improve error handling in writeback")
> Signed-off-by: Hongling Zeng <zenghongling@kylinos.cn>
> ---
> fs/ceph/addr.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c
> index fa4f25f99409..6091818674be 100644
> --- a/fs/ceph/addr.c
> +++ b/fs/ceph/addr.c
> @@ -1468,7 +1468,8 @@ int ceph_submit_write(struct address_space *mapping,
> unlock_page(page);
> }
>
> - ceph_osdc_put_request(req);
> + if (!IS_ERR(req))
> + ceph_osdc_put_request(req);
> return -EIO;
> }
>
I don't think that this fix makes sense. We create and check the request here
[1]:
req = ceph_osdc_new_request(&fsc->client->osdc,
&ci->i_layout, vino,
offset, &len, 0, ceph_wbc->num_ops,
CEPH_OSD_OP_WRITE, CEPH_OSD_FLAG_WRITE,
ceph_wbc->snapc, ceph_wbc->truncate_seq,
ceph_wbc->truncate_size, false);
if (IS_ERR(req)) {
req = ceph_osdc_new_request(&fsc->client->osdc,
&ci->i_layout, vino,
offset, &len, 0,
min(ceph_wbc->num_ops,
CEPH_OSD_SLAB_OPS),
CEPH_OSD_OP_WRITE,
CEPH_OSD_FLAG_WRITE,
ceph_wbc->snapc,
ceph_wbc->truncate_seq,
ceph_wbc->truncate_size,
true);
BUG_ON(IS_ERR(req));
}
So, it should be the valid request pointer when we called
ceph_osdc_put_request(). Am I missing something?
Thanks,
Slava.
[1] https://elixir.bootlin.com/linux/v7.0/source/fs/ceph/addr.c#L1421
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] ceph: fix potential ERR_PTR dereference in ceph_submit_write()
2026-04-17 17:48 ` Viacheslav Dubeyko
@ 2026-04-20 6:28 ` nana
0 siblings, 0 replies; 3+ messages in thread
From: nana @ 2026-04-20 6:28 UTC (permalink / raw)
To: Viacheslav Dubeyko, idryomov@gmail.com, zenghongling@kylinos.cn,
slava@dubeyko.com, Alex Markuze, brauner@kernel.org
Cc: ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org
Hi Slava
You're correct: the fix doesn't make sense.The
BUG_ON(IS_ERR(req)) ensures that req is a valid pointer, There is no
code path that can skip the allocation code.
Thank you for your review.
在 2026年04月18日 01:48, Viacheslav Dubeyko 写道:
> On Fri, 2026-04-17 at 16:06 +0800, Hongling Zeng wrote:
>> Fix smatch warning:
>> fs/ceph/addr.c:1489 ceph_submit_write() error: 'req' dereferencing possible ERR_PTR()
>>
>> Add a check to ensure req is not an ERR_PTR before calling
>> ceph_osdc_put_request().
>>
>> Fixes: 1551ec61dc55 ("ceph: improve error handling in writeback")
>> Signed-off-by: Hongling Zeng <zenghongling@kylinos.cn>
>> ---
>> fs/ceph/addr.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c
>> index fa4f25f99409..6091818674be 100644
>> --- a/fs/ceph/addr.c
>> +++ b/fs/ceph/addr.c
>> @@ -1468,7 +1468,8 @@ int ceph_submit_write(struct address_space *mapping,
>> unlock_page(page);
>> }
>>
>> - ceph_osdc_put_request(req);
>> + if (!IS_ERR(req))
>> + ceph_osdc_put_request(req);
>> return -EIO;
>> }
>>
> I don't think that this fix makes sense. We create and check the request here
> [1]:
>
> req = ceph_osdc_new_request(&fsc->client->osdc,
> &ci->i_layout, vino,
> offset, &len, 0, ceph_wbc->num_ops,
> CEPH_OSD_OP_WRITE, CEPH_OSD_FLAG_WRITE,
> ceph_wbc->snapc, ceph_wbc->truncate_seq,
> ceph_wbc->truncate_size, false);
> if (IS_ERR(req)) {
> req = ceph_osdc_new_request(&fsc->client->osdc,
> &ci->i_layout, vino,
> offset, &len, 0,
> min(ceph_wbc->num_ops,
> CEPH_OSD_SLAB_OPS),
> CEPH_OSD_OP_WRITE,
> CEPH_OSD_FLAG_WRITE,
> ceph_wbc->snapc,
> ceph_wbc->truncate_seq,
> ceph_wbc->truncate_size,
> true);
> BUG_ON(IS_ERR(req));
> }
>
> So, it should be the valid request pointer when we called
> ceph_osdc_put_request(). Am I missing something?
>
> Thanks,
> Slava.
>
> [1] https://elixir.bootlin.com/linux/v7.0/source/fs/ceph/addr.c#L1421
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-04-20 6:30 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-17 8:06 [PATCH] ceph: fix potential ERR_PTR dereference in ceph_submit_write() Hongling Zeng
2026-04-17 17:48 ` Viacheslav Dubeyko
2026-04-20 6:28 ` nana
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox