From: linuxtestproject.agent@gmail.com
To: Sachin Sant <sachinp@linux.ibm.com>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] fs/acl: Add ACL_USER_OBJ permission test
Date: Mon, 15 Jun 2026 18:35:15 +0000 [thread overview]
Message-ID: <20260615183515.4148-1-linuxtestproject.agent@gmail.com> (raw)
In-Reply-To: <20260615151555.71638-2-sachinp@linux.ibm.com>
Hi Sachin,
On Mon, 15 Jun 2026 20:45:48 +0530, Sachin Sant wrote:
> fs/acl: Add ACL_USER_OBJ permission test
--- [PATCH 5/8] ---
> fs/acl: Add ACL symlink operations test
> + if (user_obj->perm != (ACL_READ | ACL_WRITE | ACL_EXECUTE)) {
> + acl_free(target_acl);
> + if (unlink(TESTSYMLINK) == -1)
> + tst_res(TWARN | TERRNO, "unlink symlink failed");
> + cleanup_testfile();
> + tst_res(TFAIL, "USER_OBJ has wrong permissions: %o (expected rwx)",
> + user_obj->perm);
Use-after-free: user_obj points into the target_acl->entries[]
array that was just freed by acl_free(target_acl) on the line
above. Dereferencing user_obj->perm after the free is undefined
behavior.
The same pattern repeats for group_obj->perm and other->perm in the
two blocks that follow.
One fix would be to save the perm value before freeing:
uint16_t perm = user_obj->perm;
acl_free(target_acl);
...
tst_res(TFAIL, "USER_OBJ has wrong permissions: %o ...", perm);
Or move acl_free(target_acl) after the tst_res() call in each block.
Verdict - Needs revision
---
Note:
The agent can sometimes produce false positives although often its
findings are genuine. If you find issues with the review, please
comment this email or ignore the suggestions.
Regards,
LTP AI Reviewer
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2026-06-15 18:35 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-15 15:15 [LTP] [PATCH v11 0/8] Convert shell-based ACL test (tacl_xattr.sh) to C Sachin Sant
2026-06-15 15:15 ` [LTP] [PATCH v11 1/8] fs/acl: Add ACL_USER_OBJ permission test Sachin Sant
2026-06-15 18:35 ` linuxtestproject.agent [this message]
2026-06-15 15:15 ` [LTP] [PATCH v11 2/8] fs/acl: Add ACL mask interaction tests Sachin Sant
2026-06-15 15:15 ` [LTP] [PATCH v11 3/8] fs/acl: Add ACL_OTHER permission test Sachin Sant
2026-06-15 15:15 ` [LTP] [PATCH v11 4/8] fs/acl: Add default ACL inheritance test Sachin Sant
2026-06-15 15:15 ` [LTP] [PATCH v11 5/8] fs/acl: Add chmod/chown ACL interaction tests Sachin Sant
2026-06-15 15:15 ` [LTP] [PATCH v11 6/8] fs/acl: Add ACL symlink operations test Sachin Sant
2026-06-15 15:15 ` [LTP] [PATCH v11 7/8] fs/acl: Add extended attributes test Sachin Sant
2026-06-15 15:15 ` [LTP] [PATCH v11 8/8] fs/acl: Remove old shell-based ACL test Sachin Sant
-- strict thread matches above, loose matches on Subject: below --
2026-06-16 4:54 [LTP] [PATCH v12 1/8] fs/acl: Add ACL_USER_OBJ permission test Sachin Sant
2026-06-16 8:39 ` [LTP] " linuxtestproject.agent
2026-06-15 7:25 [LTP] [PATCH v10 1/8] " Sachin Sant
2026-06-15 8:33 ` [LTP] " linuxtestproject.agent
2026-06-15 9:04 ` Andrea Cervesato via ltp
2026-06-15 9:29 ` Andrea Cervesato via ltp
2026-06-15 11:25 ` Sachin Sant
2026-06-15 12:07 ` Andrea Cervesato via ltp
2026-06-15 5:29 [LTP] [PATCH v9 1/8] " Sachin Sant
2026-06-15 6:32 ` [LTP] " linuxtestproject.agent
2026-06-13 9:05 [LTP] [PATCH v8 1/8] " Sachin Sant
2026-06-13 10:36 ` [LTP] " linuxtestproject.agent
2026-06-12 17:19 [LTP] [PATCH v7 1/8] " Sachin Sant
2026-06-12 19:13 ` [LTP] " linuxtestproject.agent
2026-06-12 10:24 [LTP] [PATCH v6 1/8] " Sachin Sant
2026-06-12 12:27 ` [LTP] " linuxtestproject.agent
2026-06-08 9:21 [LTP] [PATCH v5 1/8] " Sachin Sant
2026-06-08 11:01 ` [LTP] " linuxtestproject.agent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260615183515.4148-1-linuxtestproject.agent@gmail.com \
--to=linuxtestproject.agent@gmail.com \
--cc=ltp@lists.linux.it \
--cc=sachinp@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox