From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C28F1ECAAD3
	for <linux-mm@archiver.kernel.org>; Sun,  4 Sep 2022 08:39:55 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 19C958D0032; Sun,  4 Sep 2022 04:39:55 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 14B6B8D0031; Sun,  4 Sep 2022 04:39:55 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 015318D0032; Sun,  4 Sep 2022 04:39:54 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id E645F8D0031
	for <linux-mm@kvack.org>; Sun,  4 Sep 2022 04:39:54 -0400 (EDT)
Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id B84CE140429
	for <linux-mm@kvack.org>; Sun,  4 Sep 2022 08:39:54 +0000 (UTC)
X-FDA: 79873755108.25.25DB12A
Received: from gnuweeb.org (gnuweeb.org [51.81.211.47])
	by imf02.hostedemail.com (Postfix) with ESMTP id 4F6C68006B
	for <linux-mm@kvack.org>; Sun,  4 Sep 2022 08:39:54 +0000 (UTC)
Received: from [192.168.230.80] (unknown [182.2.71.200])
	by gnuweeb.org (Postfix) with ESMTPSA id 2D7AB804D1;
	Sun,  4 Sep 2022 08:39:49 +0000 (UTC)
X-GW-Data: lPqxHiMPbJw1wb7CM9QUryAGzr0yq5atzVDdxTR0iA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gnuweeb.org;
	s=default; t=1662280792;
	bh=awbFdPWx5OJ12EhTNx9Kf8fsQ9KbanR2HansLBdvSz4=;
	h=Date:To:Cc:References:From:Subject:In-Reply-To:From;
	b=lZQdqIM/0i0vUqj7d4xtqKLoB0yIf+/cm23eWgvoF/Wk73YvxJR+TMtgI+oJxImGD
	 W74DTTYJHtp34cn7l5ZJAZJv3cA5UIsEzZxymJbfTDBYe8D6LaMH9EiSioSug9I5qx
	 dibMA/zIefYeTrDkC1eRVhlB1WsMC999tdBqiK1PZ034afqdoh1lgCFOd+ccx21mey
	 Sum6tZzHoVbGfKArrdF8O72Yz1UEt37E9gZrpDLYjEqiu5L1bO4DFyn2N0nN3Yhpzu
	 S/2YyhbK0/b1EWB2XLtUo1sP/CYdz6BKBX9WKX+MpmZbmC3qts5qtIh2ZptP1fGIoE
	 rMQkDzBH6LyXA==
Message-ID: <cbd29bbc-09d6-efb7-fa3f-88ae5e1796ef@gnuweeb.org>
Date: Sun, 4 Sep 2022 15:39:46 +0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.11.0
Content-Language: en-US
To: Binyi Han <dantengknight@gmail.com>,
 Andrew Morton <akpm@linux-foundation.org>
Cc: Mike Rapoport <rppt@linux.ibm.com>,
 Linux Memory Management Mailing List <linux-mm@kvack.org>,
 Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
 kernel-janitors@vger.kernel.org, Hagen Paul Pfeifer <hagen@jauu.net>,
 James Bottomley <James.Bottomley@HansenPartnership.com>
References: <20220904074647.GA64291@cloud-MacBookPro>
From: Ammar Faizi <ammarfaizi2@gnuweeb.org>
Subject: Re: [PATCH] mm: fix dereferencing possible ERR_PTR
In-Reply-To: <20220904074647.GA64291@cloud-MacBookPro>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
ARC-Authentication-Results: i=1;
	imf02.hostedemail.com;
	dkim=pass header.d=gnuweeb.org header.s=default header.b="lZQdqIM/";
	spf=pass (imf02.hostedemail.com: domain of ammarfaizi2@gnuweeb.org designates 51.81.211.47 as permitted sender) smtp.mailfrom=ammarfaizi2@gnuweeb.org;
	dmarc=pass (policy=none) header.from=gnuweeb.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1662280794; a=rsa-sha256;
	cv=none;
	b=qtZ4VXAqo0swFJE0/ilp3V+6NQhK5ZIX5jt/iMAfVlzD/OmcPa7LuAWxUHg+MfcKevdixv
	nFAymHB8kpuoo0tHa3ygJMxpLI4bAfUY3MXqF9B+mgT94SQEykCD4RjNhiUS1hvFS2jjm/
	n3l2qF1zdnfVovkzAhk8Wu9/VizxD1c=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1662280794;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=cd99UczvNgHlqrsY1XAPMFrnicIUpi/5tZAcn+8odTo=;
	b=2kizjl6jg4iCPJ5X52HXLdqUuM9AIYMcySHhXevKIvUXhDFW6KPFSf+JcLUHQbZOouCgqs
	2B3N5aUazpRlHTG7Z2nR0oEjhDpE+RKpNC9EVyUIxm2JqNyJfazycmV7YjASkt3dkesfR1
	kZ6mF1Oh1Nln0uHEM51Iswb5wnV1W1Q=
X-Rspamd-Queue-Id: 4F6C68006B
Authentication-Results: imf02.hostedemail.com;
	dkim=pass header.d=gnuweeb.org header.s=default header.b="lZQdqIM/";
	spf=pass (imf02.hostedemail.com: domain of ammarfaizi2@gnuweeb.org designates 51.81.211.47 as permitted sender) smtp.mailfrom=ammarfaizi2@gnuweeb.org;
	dmarc=pass (policy=none) header.from=gnuweeb.org
X-Rspam-User: 
X-Rspamd-Server: rspam04
X-Stat-Signature: 1xpc1z7xfctujtk3ea3te1ijcfh3tp97
X-HE-Tag: 1662280794-406539
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On 9/4/22 2:46 PM, Binyi Han wrote:
> Smatch checker complains that 'secretmem_mnt' dereferencing possible
> ERR_PTR().
> Let the function return if 'secretmem_mnt' is ERR_PTR, to avoid
> deferencing it.
> 
> Signed-off-by: Binyi Han <dantengknight@gmail.com>
> ---

Fixes: 1507f51255c9ff07d75909a84e7c0d7f3c4b2f49 ("mm: introduce memfd_secret system call to create "secret" memory areas")

>   mm/secretmem.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mm/secretmem.c b/mm/secretmem.c
> index e3e9590c6fb3..3f7154099795 100644
> --- a/mm/secretmem.c
> +++ b/mm/secretmem.c
> @@ -285,7 +285,7 @@ static int secretmem_init(void)
>   
>   	secretmem_mnt = kern_mount(&secretmem_fs);
>   	if (IS_ERR(secretmem_mnt))
> -		ret = PTR_ERR(secretmem_mnt);
> +		return PTR_ERR(secretmem_mnt);
>   
>   	/* prevent secretmem mappings from ever getting PROT_EXEC */
>   	secretmem_mnt->mnt_flags |= MNT_NOEXEC;

I agree that doing:

    secretmem_mnt->mnt_flags |= MNT_NOEXEC;

when IS_ERR(secretmem_mnt) evaluates to true is wrong. But I have
a question: what happen if you invoke memfd_secret() syscall when
@secretmem_mnt is an ERR_PTR?

Shouldn't we also guard the memfd_secret() path?

diff --git a/mm/secretmem.c b/mm/secretmem.c
index e3e9590c6fb3..2d52508d47a9 100644
--- a/mm/secretmem.c
+++ b/mm/secretmem.c
@@ -230,18 +230,21 @@ static struct file *secretmem_file_create(unsigned long flags)
  
  SYSCALL_DEFINE1(memfd_secret, unsigned int, flags)
  {
  	struct file *file;
  	int fd, err;
  
  	/* make sure local flags do not confict with global fcntl.h */
  	BUILD_BUG_ON(SECRETMEM_FLAGS_MASK & O_CLOEXEC);
  
+	if (IS_ERR(secretmem_mnt))
+		return PTR_ERR(secretmem_mnt);
+
  	if (!secretmem_enable)
  		return -ENOSYS;
  
  	if (flags & ~(SECRETMEM_FLAGS_MASK | O_CLOEXEC))
  		return -EINVAL;
  	if (atomic_read(&secretmem_users) < 0)
  		return -ENFILE;
  
  	fd = get_unused_fd_flags(flags & O_CLOEXEC);


-- 
Ammar Faizi