* Re: [PATCH] exfat: Fix use after free in exfat_load_upcase_table() @ 2020-06-08 15:07 Markus Elfring 2020-06-08 15:52 ` Matthew Wilcox ` (2 more replies) 0 siblings, 3 replies; 8+ messages in thread From: Markus Elfring @ 2020-06-08 15:07 UTC (permalink / raw) To: Dan Carpenter, linux-fsdevel Cc: kernel-janitors, linux-kernel, Namjae Jeon, Sungjong Seo, Tetsuhiro Kohada > This code calls brelse(bh) and then dereferences "bh" on the next line > resulting in a possible use after free. There is an unfortunate function call sequence. > The brelse() should just be moved down a line. How do you think about a wording variant like the following? Thus move a call of the function “brelse” one line down. Would you like to omit a word from the patch subject so that a typo will be avoided there? Regards, Markus ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] exfat: Fix use after free in exfat_load_upcase_table() 2020-06-08 15:07 [PATCH] exfat: Fix use after free in exfat_load_upcase_table() Markus Elfring @ 2020-06-08 15:52 ` Matthew Wilcox 2020-06-08 20:07 ` Markus Elfring 2020-06-09 9:10 ` [PATCH] " Greg KH 2020-06-10 9:27 ` exfat: Improving exception handling in two functions Markus Elfring 2 siblings, 1 reply; 8+ messages in thread From: Matthew Wilcox @ 2020-06-08 15:52 UTC (permalink / raw) To: Markus Elfring Cc: Dan Carpenter, linux-fsdevel, kernel-janitors, linux-kernel, Namjae Jeon, Sungjong Seo, Tetsuhiro Kohada On Mon, Jun 08, 2020 at 05:07:33PM +0200, Markus Elfring wrote: > > This code calls brelse(bh) and then dereferences "bh" on the next line > > resulting in a possible use after free. > > There is an unfortunate function call sequence. > > > > The brelse() should just be moved down a line. > > How do you think about a wording variant like the following? > > Thus move a call of the function “brelse” one line down. > > > Would you like to omit a word from the patch subject so that > a typo will be avoided there? Markus, please go away. This comment is entirely unhelpful. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: exfat: Fix use after free in exfat_load_upcase_table() 2020-06-08 15:52 ` Matthew Wilcox @ 2020-06-08 20:07 ` Markus Elfring 0 siblings, 0 replies; 8+ messages in thread From: Markus Elfring @ 2020-06-08 20:07 UTC (permalink / raw) To: Matthew Wilcox, Dan Carpenter, linux-fsdevel Cc: kernel-janitors, linux-kernel, Namjae Jeon, Sungjong Seo, Tetsuhiro Kohada >>> The brelse() should just be moved down a line. >> >> How do you think about a wording variant like the following? >> >> Thus move a call of the function “brelse” one line down. >> >> >> Would you like to omit a word from the patch subject so that >> a typo will be avoided there? > > Markus, please go away. This comment is entirely unhelpful. I hope that other contributors can get also more positive impressions (as it happened before). Regards, Markus ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] exfat: Fix use after free in exfat_load_upcase_table() 2020-06-08 15:07 [PATCH] exfat: Fix use after free in exfat_load_upcase_table() Markus Elfring 2020-06-08 15:52 ` Matthew Wilcox @ 2020-06-09 9:10 ` Greg KH 2020-06-10 9:27 ` exfat: Improving exception handling in two functions Markus Elfring 2 siblings, 0 replies; 8+ messages in thread From: Greg KH @ 2020-06-09 9:10 UTC (permalink / raw) To: Markus Elfring Cc: Dan Carpenter, linux-fsdevel, kernel-janitors, linux-kernel, Namjae Jeon, Sungjong Seo, Tetsuhiro Kohada On Mon, Jun 08, 2020 at 05:07:33PM +0200, Markus Elfring wrote: > > This code calls brelse(bh) and then dereferences "bh" on the next line > > resulting in a possible use after free. > > There is an unfortunate function call sequence. > > > > The brelse() should just be moved down a line. > > How do you think about a wording variant like the following? > > Thus move a call of the function “brelse” one line down. > > > Would you like to omit a word from the patch subject so that > a typo will be avoided there? Hi, This is the semi-friendly patch-bot of Greg Kroah-Hartman. Markus, you seem to have sent a nonsensical or otherwise pointless review comment to a patch submission on a Linux kernel developer mailing list. I strongly suggest that you not do this anymore. Please do not bother developers who are actively working to produce patches and features with comments that, in the end, are a waste of time. Patch submitter, please ignore Markus's suggestion; you do not need to follow it at all. The person/bot/AI that sent it is being ignored by almost all Linux kernel maintainers for having a persistent pattern of behavior of producing distracting and pointless commentary, and inability to adapt to feedback. Please feel free to also ignore emails from them. thanks, greg k-h's patch email bot ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: exfat: Improving exception handling in two functions 2020-06-08 15:07 [PATCH] exfat: Fix use after free in exfat_load_upcase_table() Markus Elfring 2020-06-08 15:52 ` Matthew Wilcox 2020-06-09 9:10 ` [PATCH] " Greg KH @ 2020-06-10 9:27 ` Markus Elfring 2020-06-10 9:59 ` [PATCH] exfat: call brelse() on error path Dan Carpenter ` (2 more replies) 2 siblings, 3 replies; 8+ messages in thread From: Markus Elfring @ 2020-06-10 9:27 UTC (permalink / raw) To: linux-fsdevel, Namjae Jeon, Sungjong Seo Cc: kernel-janitors, linux-kernel, Dan Carpenter, Pali Rohár, Tetsuhiro Kohada, Wei Yongjun Hello, I have taken another look at pointer usage after calls of the function “brelse”. My source code analysis approach pointed implementation details like the following out for further software development considerations. https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/fs/exfat/namei.c?id=3d155ae4358baf4831609c2f9cd09396a2b8badf#n1078 … epold = exfat_get_dentry(sb, p_dir, oldentry + 1, &old_bh, §or_old); epnew = exfat_get_dentry(sb, p_dir, newentry + 1, &new_bh, §or_new); if (!epold || !epnew) return -EIO; … I suggest to split such an error check. How do you think about to release a buffer head object for the desired exception handling if one of these function calls succeeded? Would you like to adjust such code in the functions “exfat_rename_file” and “exfat_move_file”? Regards, Markus ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH] exfat: call brelse() on error path 2020-06-10 9:27 ` exfat: Improving exception handling in two functions Markus Elfring @ 2020-06-10 9:59 ` Dan Carpenter 2020-06-10 12:14 ` exfat: Improving exception handling in two functions Markus Elfring 2020-06-10 14:53 ` Greg KH 2 siblings, 0 replies; 8+ messages in thread From: Dan Carpenter @ 2020-06-10 9:59 UTC (permalink / raw) To: Namjae Jeon, linux-fsdevel, Sungjong Seo Cc: kernel-janitors, linux-kernel, Pali Rohár, Tetsuhiro Kohada, Wei Yongjun If the second exfat_get_dentry() call fails then we need to release "old_bh" before returning. Reported-by: Markus Elfring <Markus.Elfring@web.de> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- fs/exfat/namei.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/exfat/namei.c b/fs/exfat/namei.c index 5b0f35329d63e..fda92c824ff11 100644 --- a/fs/exfat/namei.c +++ b/fs/exfat/namei.c @@ -1077,10 +1077,14 @@ static int exfat_rename_file(struct inode *inode, struct exfat_chain *p_dir, epold = exfat_get_dentry(sb, p_dir, oldentry + 1, &old_bh, §or_old); + if (!epold) + return -EIO; epnew = exfat_get_dentry(sb, p_dir, newentry + 1, &new_bh, §or_new); - if (!epold || !epnew) + if (!epnew) { + brelse(old_bh); return -EIO; + } memcpy(epnew, epold, DENTRY_SIZE); exfat_update_bh(sb, new_bh, sync); -- 2.26.2 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: exfat: Improving exception handling in two functions 2020-06-10 9:27 ` exfat: Improving exception handling in two functions Markus Elfring 2020-06-10 9:59 ` [PATCH] exfat: call brelse() on error path Dan Carpenter @ 2020-06-10 12:14 ` Markus Elfring 2020-06-10 14:53 ` Greg KH 2 siblings, 0 replies; 8+ messages in thread From: Markus Elfring @ 2020-06-10 12:14 UTC (permalink / raw) To: linux-fsdevel, Namjae Jeon, Sungjong Seo Cc: kernel-janitors, linux-kernel, Dan Carpenter, Pali Rohár, Tetsuhiro Kohada, Wei Yongjun > My source code analysis approach pointed implementation details > like the following out for further software development considerations. The clarification of corresponding collateral evolution will be continued with the update suggestion “exfat: call brelse() on error path”. https://lore.kernel.org/linux-fsdevel/20200610095934.GA35167@mwanda/ https://lore.kernel.org/patchwork/patch/1254515/ Regards, Markus ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: exfat: Improving exception handling in two functions 2020-06-10 9:27 ` exfat: Improving exception handling in two functions Markus Elfring 2020-06-10 9:59 ` [PATCH] exfat: call brelse() on error path Dan Carpenter 2020-06-10 12:14 ` exfat: Improving exception handling in two functions Markus Elfring @ 2020-06-10 14:53 ` Greg KH 2 siblings, 0 replies; 8+ messages in thread From: Greg KH @ 2020-06-10 14:53 UTC (permalink / raw) To: Markus Elfring Cc: linux-fsdevel, Namjae Jeon, Sungjong Seo, kernel-janitors, linux-kernel, Dan Carpenter, Pali Rohár, Tetsuhiro Kohada, Wei Yongjun On Wed, Jun 10, 2020 at 11:27:58AM +0200, Markus Elfring wrote: > Hello, > > I have taken another look at pointer usage after calls of the function “brelse”. > My source code analysis approach pointed implementation details > like the following out for further software development considerations. > https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/fs/exfat/namei.c?id=3d155ae4358baf4831609c2f9cd09396a2b8badf#n1078 > > … > epold = exfat_get_dentry(sb, p_dir, oldentry + 1, &old_bh, > §or_old); > epnew = exfat_get_dentry(sb, p_dir, newentry + 1, &new_bh, > §or_new); > if (!epold || !epnew) > return -EIO; > … > > I suggest to split such an error check. > How do you think about to release a buffer head object for the desired > exception handling if one of these function calls succeeded? > > Would you like to adjust such code in the functions “exfat_rename_file” > and “exfat_move_file”? > > Regards, > Markus Hi, This is the semi-friendly patch-bot of Greg Kroah-Hartman. Markus, you seem to have sent a nonsensical or otherwise pointless review comment to a patch submission on a Linux kernel developer mailing list. I strongly suggest that you not do this anymore. Please do not bother developers who are actively working to produce patches and features with comments that, in the end, are a waste of time. Patch submitter, please ignore Markus's suggestion; you do not need to follow it at all. The person/bot/AI that sent it is being ignored by almost all Linux kernel maintainers for having a persistent pattern of behavior of producing distracting and pointless commentary, and inability to adapt to feedback. Please feel free to also ignore emails from them. thanks, greg k-h's patch email bot ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-06-10 14:53 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-06-08 15:07 [PATCH] exfat: Fix use after free in exfat_load_upcase_table() Markus Elfring 2020-06-08 15:52 ` Matthew Wilcox 2020-06-08 20:07 ` Markus Elfring 2020-06-09 9:10 ` [PATCH] " Greg KH 2020-06-10 9:27 ` exfat: Improving exception handling in two functions Markus Elfring 2020-06-10 9:59 ` [PATCH] exfat: call brelse() on error path Dan Carpenter 2020-06-10 12:14 ` exfat: Improving exception handling in two functions Markus Elfring 2020-06-10 14:53 ` Greg KH
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).