Re: [PATCH 1/2] dnotify: Handle errors from fsnotify_add_mark_locked() in fcntl_dirnotify()

From: Jan Kara <jack@suse.cz>
To: Amir Goldstein <amir73il@gmail.com>
Cc: Jan Kara <jack@suse.cz>, linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [PATCH 1/2] dnotify: Handle errors from fsnotify_add_mark_locked() in fcntl_dirnotify()
Date: Tue, 31 Oct 2017 17:15:10 +0100	[thread overview]
Message-ID: <20171031161510.GE26128@quack2.suse.cz> (raw)
In-Reply-To: <20171031154557.GC26128@quack2.suse.cz>

[-- Attachment #1: Type: text/plain, Size: 1398 bytes --]

On Tue 31-10-17 16:45:57, Jan Kara wrote:
> On Tue 31-10-17 14:11:49, Amir Goldstein wrote:
> > On Tue, Oct 31, 2017 at 11:33 AM, Jan Kara <jack@suse.cz> wrote:
> > > Signed-off-by: Jan Kara <jack@suse.cz>
> > > ---
> > >  fs/notify/dnotify/dnotify.c | 5 ++++-
> > >  1 file changed, 4 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/fs/notify/dnotify/dnotify.c b/fs/notify/dnotify/dnotify.c
> > > index cba328315929..a50183bd0ab9 100644
> > > --- a/fs/notify/dnotify/dnotify.c
> > > +++ b/fs/notify/dnotify/dnotify.c
> > > @@ -319,7 +319,9 @@ int fcntl_dirnotify(int fd, struct file *filp, unsigned long arg)
> > >                 dn_mark = container_of(fsn_mark, struct dnotify_mark, fsn_mark);
> > >                 spin_lock(&fsn_mark->lock);
> > >         } else {
> > > -               fsnotify_add_mark_locked(new_fsn_mark, inode, NULL, 0);
> > > +               error = fsnotify_add_mark_locked(new_fsn_mark, inode, NULL, 0);
> > > +               if (error)
> > > +                       goto out_err;
> > 
> > out_err is not unlocking dnotify_group->mark_mutex, and probably need to
> > put fsn_mark as well?
> 
> Argh, good point about mark_mutex (I wonder how come this didn't deadlock
> when I've tested it). You don't need to put fsn_mark - that is guaranteed
> to be NULL here.

Attached is a new version of the patch.

								Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

[-- Attachment #2: 0001-dnotify-Handle-errors-from-fsnotify_add_mark_locked-.patch --]
[-- Type: text/x-patch, Size: 1713 bytes --]

>From 54abcb76cd57877794e2007ac944d8437baf49c1 Mon Sep 17 00:00:00 2001
From: Jan Kara <jack@suse.cz>
Date: Tue, 31 Oct 2017 09:53:28 +0100
Subject: [PATCH 1/2] dnotify: Handle errors from fsnotify_add_mark_locked() in
 fcntl_dirnotify()

fsnotify_add_mark_locked() can fail but we do not check its return
value. This didn't matter before commit 9dd813c15b2c "fsnotify: Move
mark list head from object into dedicated structure" as none of possible
failures could happen for dnotify but after that commit -ENOMEM can be
returned. Handle this error properly in fcntl_dirnotify() as
otherwise we just hit BUG_ON(dn_mark->dn) in dnotify_free_mark().

Reported-by: syzkaller
Fixes: 9dd813c15b2c101168808d4f5941a29985758973
Signed-off-by: Jan Kara <jack@suse.cz>
---
 fs/notify/dnotify/dnotify.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fs/notify/dnotify/dnotify.c b/fs/notify/dnotify/dnotify.c
index cba328315929..63a1ca4b9dee 100644
--- a/fs/notify/dnotify/dnotify.c
+++ b/fs/notify/dnotify/dnotify.c
@@ -319,7 +319,11 @@ int fcntl_dirnotify(int fd, struct file *filp, unsigned long arg)
 		dn_mark = container_of(fsn_mark, struct dnotify_mark, fsn_mark);
 		spin_lock(&fsn_mark->lock);
 	} else {
-		fsnotify_add_mark_locked(new_fsn_mark, inode, NULL, 0);
+		error = fsnotify_add_mark_locked(new_fsn_mark, inode, NULL, 0);
+		if (error) {
+			mutex_unlock(&dnotify_group->mark_mutex);
+			goto out_err;
+		}
 		spin_lock(&new_fsn_mark->lock);
 		fsn_mark = new_fsn_mark;
 		dn_mark = new_dn_mark;
@@ -345,6 +349,7 @@ int fcntl_dirnotify(int fd, struct file *filp, unsigned long arg)
 		 */
 		if (dn_mark == new_dn_mark)
 			destroy = 1;
+		error = 0;
 		goto out;
 	}
 
-- 
2.12.3

