* [PATCH]:Return proper error value on failure of dentry_open
@ 2009-06-01 6:11 vibi sreenivasan
2009-06-01 7:41 ` Jiri Slaby
2009-06-01 20:37 ` [PATCH]:Return " Jon Masters
0 siblings, 2 replies; 8+ messages in thread
From: vibi sreenivasan @ 2009-06-01 6:11 UTC (permalink / raw)
To: Mimi Zohar; +Cc: Kylene Hall, Serge Hallyn, Reiner Sailer, linux-kernel
dentry_open can return error value on error.
Check that value before calling fput & return proper error value
Signed-off-by: vibi sreenivasan <vibi_sreenivasan@cms.com>
---
security/integrity/ima/ima_main.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index f4e7266..c58158b 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -201,10 +201,10 @@ int ima_path_check(struct path *path, int mask)
}
out:
mutex_unlock(&iint->mutex);
- if (file)
+ if (IS_ERR(file))
fput(file);
kref_put(&iint->refcount, iint_free);
- return 0;
+ return rc;
}
static int process_measurement(struct file *file, const unsigned char *filename,
--
1.6.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH]:Return proper error value on failure of dentry_open
2009-06-01 6:11 [PATCH]:Return proper error value on failure of dentry_open vibi sreenivasan
@ 2009-06-01 7:41 ` Jiri Slaby
2009-06-01 8:10 ` vibi sreenivasan
2009-06-01 8:27 ` [PATCH]:RESEND : Return " vibi sreenivasan
2009-06-01 20:37 ` [PATCH]:Return " Jon Masters
1 sibling, 2 replies; 8+ messages in thread
From: Jiri Slaby @ 2009-06-01 7:41 UTC (permalink / raw)
To: vibi_sreenivasan
Cc: Mimi Zohar, Kylene Hall, Serge Hallyn, Reiner Sailer, linux-kernel
On 06/01/2009 08:11 AM, vibi sreenivasan wrote:
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -201,10 +201,10 @@ int ima_path_check(struct path *path, int mask)
> }
> out:
> mutex_unlock(&iint->mutex);
> - if (file)
> + if (IS_ERR(file))
> fput(file);
This makes no sense at all. If it is IS_ERR, i.e. some negative value,
you don't want to pass it to fput. 'if (file)' was perfectly correct.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH]:Return proper error value on failure of dentry_open
2009-06-01 7:41 ` Jiri Slaby
@ 2009-06-01 8:10 ` vibi sreenivasan
2009-06-01 8:27 ` [PATCH]:RESEND : Return " vibi sreenivasan
1 sibling, 0 replies; 8+ messages in thread
From: vibi sreenivasan @ 2009-06-01 8:10 UTC (permalink / raw)
To: Jiri Slaby
Cc: Mimi Zohar, Kylene Hall, Serge Hallyn, Reiner Sailer, linux-kernel
hi,
thanks for pointing that out.
> > out:
> > mutex_unlock(&iint->mutex);
> > - if (file)
> > + if (IS_ERR(file))
> > fput(file);
extremely sorry it was
if(!IS_ERR(file))
fput(file);
i will send that patch again
>
> This makes no sense at all. If it is IS_ERR, i.e. some negative value,
> you don't want to pass it to fput. 'if (file)' was perfectly correct.
if(file) is true for file != 0 , ie even if file is a -ve error
value.
so while fput dereference file ,this can cause a bug to be
triggered.
I actually had one.
Thanks & regards
vibi sreenivasan
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH]:RESEND : Return proper error value on failure of dentry_open
2009-06-01 7:41 ` Jiri Slaby
2009-06-01 8:10 ` vibi sreenivasan
@ 2009-06-01 8:27 ` vibi sreenivasan
2009-06-01 8:39 ` Jiri Slaby
1 sibling, 1 reply; 8+ messages in thread
From: vibi sreenivasan @ 2009-06-01 8:27 UTC (permalink / raw)
To: Jiri Slaby
Cc: Mimi Zohar, Kylene Hall, Serge Hallyn, Reiner Sailer, linux-kernel
dentry_open can return error value on error.
Check that value before calling fput & return proper error value
Signed-off-by: vibi sreenivasan <vibi_sreenivasan@cms.com>
---
security/integrity/ima/ima_main.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index f4e7266..c58158b 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -201,10 +201,10 @@ int ima_path_check(struct path *path, int mask)
}
out:
mutex_unlock(&iint->mutex);
- if (file)
+ if (!IS_ERR(file))
fput(file);
kref_put(&iint->refcount, iint_free);
- return 0;
+ return rc;
}
static int process_measurement(struct file *file, const unsigned char *filename,
--
1.6.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH]:RESEND : Return proper error value on failure of dentry_open
2009-06-01 8:27 ` [PATCH]:RESEND : Return " vibi sreenivasan
@ 2009-06-01 8:39 ` Jiri Slaby
2009-06-02 5:21 ` Andrew Morton
0 siblings, 1 reply; 8+ messages in thread
From: Jiri Slaby @ 2009-06-01 8:39 UTC (permalink / raw)
To: vibi_sreenivasan
Cc: Mimi Zohar, Kylene Hall, Serge Hallyn, Reiner Sailer, linux-kernel
On 06/01/2009 10:27 AM, vibi sreenivasan wrote:
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -201,10 +201,10 @@ int ima_path_check(struct path *path, int mask)
> }
> out:
> mutex_unlock(&iint->mutex);
> - if (file)
> + if (!IS_ERR(file))
> fput(file);
No, IS_ERR won't catch NULL and there is 'file = NULL' on the
dentry_open fail path. I still think 'if (file)' is proper condition.
What bug did you hit?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH]:Return proper error value on failure of dentry_open
2009-06-01 6:11 [PATCH]:Return proper error value on failure of dentry_open vibi sreenivasan
2009-06-01 7:41 ` Jiri Slaby
@ 2009-06-01 20:37 ` Jon Masters
1 sibling, 0 replies; 8+ messages in thread
From: Jon Masters @ 2009-06-01 20:37 UTC (permalink / raw)
To: vibi_sreenivasan
Cc: Mimi Zohar, Kylene Hall, Serge Hallyn, Reiner Sailer, linux-kernel
On Mon, 2009-06-01 at 11:41 +0530, vibi sreenivasan wrote:
> dentry_open can return error value on error.
> Check that value before calling fput & return proper error value
I know you're going to redo this patch. Could you please also post with
a better subject next time? :)
Jon.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH]:RESEND : Return proper error value on failure of dentry_open
2009-06-01 8:39 ` Jiri Slaby
@ 2009-06-02 5:21 ` Andrew Morton
2009-06-02 5:35 ` vibi sreenivasan
0 siblings, 1 reply; 8+ messages in thread
From: Andrew Morton @ 2009-06-02 5:21 UTC (permalink / raw)
To: Jiri Slaby
Cc: vibi_sreenivasan, Mimi Zohar, Kylene Hall, Serge Hallyn,
Reiner Sailer, linux-kernel, James Morris
On Mon, 01 Jun 2009 10:39:58 +0200 Jiri Slaby <jirislaby@gmail.com> wrote:
> On 06/01/2009 10:27 AM, vibi sreenivasan wrote:
> > --- a/security/integrity/ima/ima_main.c
> > +++ b/security/integrity/ima/ima_main.c
> > @@ -201,10 +201,10 @@ int ima_path_check(struct path *path, int mask)
> > }
> > out:
> > mutex_unlock(&iint->mutex);
> > - if (file)
> > + if (!IS_ERR(file))
> > fput(file);
>
> No, IS_ERR won't catch NULL and there is 'file = NULL' on the
> dentry_open fail path. I still think 'if (file)' is proper condition.
>
> What bug did you hit?
if (!(iint->flags & IMA_MEASURED)) {
struct dentry *dentry = dget(path->dentry);
struct vfsmount *mnt = mntget(path->mnt);
file = dentry_open(dentry, mnt, O_RDONLY | O_LARGEFILE,
current_cred());
if (IS_ERR(file)) {
pr_info("%s dentry_open failed\n", dentry->d_name.name);
rc = PTR_ERR(file);
file = NULL;
goto out;
}
rc = get_path_measurement(iint, file, dentry->d_name.name);
}
out:
mutex_unlock(&iint->mutex);
if (file)
fput(file);
kref_put(&iint->refcount, iint_free);
return 0;
}
The handling of `file' looks OK to me.
otoh the function just drops the error code on the floor. Shouldn't it
return `rc'?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH]:RESEND : Return proper error value on failure of dentry_open
2009-06-02 5:21 ` Andrew Morton
@ 2009-06-02 5:35 ` vibi sreenivasan
0 siblings, 0 replies; 8+ messages in thread
From: vibi sreenivasan @ 2009-06-02 5:35 UTC (permalink / raw)
To: Andrew Morton
Cc: Jiri Slaby, Mimi Zohar, Kylene Hall, Serge Hallyn, Reiner Sailer,
linux-kernel, James Morris
hi,
Thanks for spending your time on my patch.
> > What bug did you hit?
i was using linus tree & not linux-next.
in that the code fragment was different
it was
file = dentry_open(dentry, mnt, O_RDONLY, current->cred);
rc = get_path_measurement(iint, file, dentry->d_name.name);
}
out:
mutex_unlock(&iint->mutex);
if (file)
fput(file);
kref_put(&iint->refcount, iint_free);
return 0;
So i hit a bug in fput.
My sincere apologies for taking all of yours valuable time.
I will take care that any of my future contributions will be
based on linux-next.
Thanks & Regards
vibi sreenivasan
> if (!(iint->flags & IMA_MEASURED)) {
> struct dentry *dentry = dget(path->dentry);
> struct vfsmount *mnt = mntget(path->mnt);
>
> file = dentry_open(dentry, mnt, O_RDONLY | O_LARGEFILE,
> current_cred());
> if (IS_ERR(file)) {
> pr_info("%s dentry_open failed\n", dentry->d_name.name);
> rc = PTR_ERR(file);
> file = NULL;
> goto out;
> }
> rc = get_path_measurement(iint, file, dentry->d_name.name);
> }
> out:
> mutex_unlock(&iint->mutex);
> if (file)
> fput(file);
> kref_put(&iint->refcount, iint_free);
> return 0;
> }
>
> The handling of `file' looks OK to me.
>
> otoh the function just drops the error code on the floor. Shouldn't it
> return `rc'?
>
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2009-06-02 5:34 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-06-01 6:11 [PATCH]:Return proper error value on failure of dentry_open vibi sreenivasan
2009-06-01 7:41 ` Jiri Slaby
2009-06-01 8:10 ` vibi sreenivasan
2009-06-01 8:27 ` [PATCH]:RESEND : Return " vibi sreenivasan
2009-06-01 8:39 ` Jiri Slaby
2009-06-02 5:21 ` Andrew Morton
2009-06-02 5:35 ` vibi sreenivasan
2009-06-01 20:37 ` [PATCH]:Return " Jon Masters
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.