From: Ammar Faizi <ammarfaizi2@gnuweeb.org>
To: Binyi Han <dantengknight@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>
Cc: Mike Rapoport <rppt@linux.ibm.com>,
Linux Memory Management Mailing List <linux-mm@kvack.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
kernel-janitors@vger.kernel.org,
Hagen Paul Pfeifer <hagen@jauu.net>,
James Bottomley <James.Bottomley@HansenPartnership.com>
Subject: Re: [PATCH] mm: fix dereferencing possible ERR_PTR
Date: Sun, 4 Sep 2022 15:39:46 +0700 [thread overview]
Message-ID: <cbd29bbc-09d6-efb7-fa3f-88ae5e1796ef@gnuweeb.org> (raw)
In-Reply-To: <20220904074647.GA64291@cloud-MacBookPro>
On 9/4/22 2:46 PM, Binyi Han wrote:
> Smatch checker complains that 'secretmem_mnt' dereferencing possible
> ERR_PTR().
> Let the function return if 'secretmem_mnt' is ERR_PTR, to avoid
> deferencing it.
>
> Signed-off-by: Binyi Han <dantengknight@gmail.com>
> ---
Fixes: 1507f51255c9ff07d75909a84e7c0d7f3c4b2f49 ("mm: introduce memfd_secret system call to create "secret" memory areas")
> mm/secretmem.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/secretmem.c b/mm/secretmem.c
> index e3e9590c6fb3..3f7154099795 100644
> --- a/mm/secretmem.c
> +++ b/mm/secretmem.c
> @@ -285,7 +285,7 @@ static int secretmem_init(void)
>
> secretmem_mnt = kern_mount(&secretmem_fs);
> if (IS_ERR(secretmem_mnt))
> - ret = PTR_ERR(secretmem_mnt);
> + return PTR_ERR(secretmem_mnt);
>
> /* prevent secretmem mappings from ever getting PROT_EXEC */
> secretmem_mnt->mnt_flags |= MNT_NOEXEC;
I agree that doing:
secretmem_mnt->mnt_flags |= MNT_NOEXEC;
when IS_ERR(secretmem_mnt) evaluates to true is wrong. But I have
a question: what happen if you invoke memfd_secret() syscall when
@secretmem_mnt is an ERR_PTR?
Shouldn't we also guard the memfd_secret() path?
diff --git a/mm/secretmem.c b/mm/secretmem.c
index e3e9590c6fb3..2d52508d47a9 100644
--- a/mm/secretmem.c
+++ b/mm/secretmem.c
@@ -230,18 +230,21 @@ static struct file *secretmem_file_create(unsigned long flags)
SYSCALL_DEFINE1(memfd_secret, unsigned int, flags)
{
struct file *file;
int fd, err;
/* make sure local flags do not confict with global fcntl.h */
BUILD_BUG_ON(SECRETMEM_FLAGS_MASK & O_CLOEXEC);
+ if (IS_ERR(secretmem_mnt))
+ return PTR_ERR(secretmem_mnt);
+
if (!secretmem_enable)
return -ENOSYS;
if (flags & ~(SECRETMEM_FLAGS_MASK | O_CLOEXEC))
return -EINVAL;
if (atomic_read(&secretmem_users) < 0)
return -ENFILE;
fd = get_unused_fd_flags(flags & O_CLOEXEC);
--
Ammar Faizi
prev parent reply other threads:[~2022-09-04 8:39 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-04 7:46 Binyi Han
2022-09-04 8:39 ` Ammar Faizi [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cbd29bbc-09d6-efb7-fa3f-88ae5e1796ef@gnuweeb.org \
--to=ammarfaizi2@gnuweeb.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=akpm@linux-foundation.org \
--cc=dantengknight@gmail.com \
--cc=hagen@jauu.net \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=rppt@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox