CC: [email protected] CC: [email protected] TO: Gabriel Krisman Bertazi <[email protected]> CC: Jan Kara <[email protected]> CC: Amir Goldstein <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 136057256686de39cc3a07c2e39ef6bc43003ff6 commit: 936d6a38be39177495af38497bf8da1c6128fa1b fanotify: Report fid info for file related file system errors date: 4 weeks ago :::::: branch date: 31 hours ago :::::: commit date: 4 weeks ago config: i386-randconfig-m021-20211116 (attached as .config) compiler: gcc-9 (Debian 9.3.0-22) 9.3.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> Reported-by: Dan Carpenter <[email protected]> New smatch warnings: fs/notify/fanotify/fanotify_user.c:374 copy_fid_info_to_user() error: we previously assumed 'fh' could be null (see line 335) Old smatch warnings: fs/notify/fanotify/fanotify_user.c:1559 do_fanotify_mark() error: we previously assumed 'mnt' could be null (see line 1540) vim +/fh +374 fs/notify/fanotify/fanotify_user.c b2d879096ac799 Eric Paris 2009-12-17 326 d3424c9bac893b Matthew Bobrowski 2021-08-08 327 static int copy_fid_info_to_user(__kernel_fsid_t *fsid, struct fanotify_fh *fh, d3424c9bac893b Matthew Bobrowski 2021-08-08 328 int info_type, const char *name, d3424c9bac893b Matthew Bobrowski 2021-08-08 329 size_t name_len, 44d705b0370b1d Amir Goldstein 2020-03-19 330 char __user *buf, size_t count) 5e469c830fdb5a Amir Goldstein 2019-01-10 331 { 5e469c830fdb5a Amir Goldstein 2019-01-10 332 struct fanotify_event_info_fid info = { }; 5e469c830fdb5a Amir Goldstein 2019-01-10 333 struct file_handle handle = { }; afc894c784c84c Jan Kara 2020-03-24 334 unsigned char bounce[FANOTIFY_INLINE_FH_LEN], *fh_buf; cacfb956d46edc Amir Goldstein 2020-03-19 @335 size_t fh_len = fh ? fh->len : 0; 44d705b0370b1d Amir Goldstein 2020-03-19 336 size_t info_len = fanotify_fid_info_len(fh_len, name_len); 44d705b0370b1d Amir Goldstein 2020-03-19 337 size_t len = info_len; 5e469c830fdb5a Amir Goldstein 2019-01-10 338 44d705b0370b1d Amir Goldstein 2020-03-19 339 pr_debug("%s: fh_len=%zu name_len=%zu, info_len=%zu, count=%zu\n", 44d705b0370b1d Amir Goldstein 2020-03-19 340 __func__, fh_len, name_len, info_len, count); 44d705b0370b1d Amir Goldstein 2020-03-19 341 44d705b0370b1d Amir Goldstein 2020-03-19 342 if (WARN_ON_ONCE(len < sizeof(info) || len > count)) 5e469c830fdb5a Amir Goldstein 2019-01-10 343 return -EFAULT; 5e469c830fdb5a Amir Goldstein 2019-01-10 344 44d705b0370b1d Amir Goldstein 2020-03-19 345 /* 44d705b0370b1d Amir Goldstein 2020-03-19 346 * Copy event info fid header followed by variable sized file handle 44d705b0370b1d Amir Goldstein 2020-03-19 347 * and optionally followed by variable sized filename. 44d705b0370b1d Amir Goldstein 2020-03-19 348 */ 83b7a59896dd24 Amir Goldstein 2020-07-16 349 switch (info_type) { 83b7a59896dd24 Amir Goldstein 2020-07-16 350 case FAN_EVENT_INFO_TYPE_FID: 83b7a59896dd24 Amir Goldstein 2020-07-16 351 case FAN_EVENT_INFO_TYPE_DFID: 83b7a59896dd24 Amir Goldstein 2020-07-16 352 if (WARN_ON_ONCE(name_len)) 83b7a59896dd24 Amir Goldstein 2020-07-16 353 return -EFAULT; 83b7a59896dd24 Amir Goldstein 2020-07-16 354 break; 83b7a59896dd24 Amir Goldstein 2020-07-16 355 case FAN_EVENT_INFO_TYPE_DFID_NAME: 83b7a59896dd24 Amir Goldstein 2020-07-16 356 if (WARN_ON_ONCE(!name || !name_len)) 83b7a59896dd24 Amir Goldstein 2020-07-16 357 return -EFAULT; 83b7a59896dd24 Amir Goldstein 2020-07-16 358 break; 83b7a59896dd24 Amir Goldstein 2020-07-16 359 default: 83b7a59896dd24 Amir Goldstein 2020-07-16 360 return -EFAULT; 83b7a59896dd24 Amir Goldstein 2020-07-16 361 } 83b7a59896dd24 Amir Goldstein 2020-07-16 362 83b7a59896dd24 Amir Goldstein 2020-07-16 363 info.hdr.info_type = info_type; 5e469c830fdb5a Amir Goldstein 2019-01-10 364 info.hdr.len = len; d766b553615ce6 Amir Goldstein 2020-03-19 365 info.fsid = *fsid; 5e469c830fdb5a Amir Goldstein 2019-01-10 366 if (copy_to_user(buf, &info, sizeof(info))) 5e469c830fdb5a Amir Goldstein 2019-01-10 367 return -EFAULT; 5e469c830fdb5a Amir Goldstein 2019-01-10 368 5e469c830fdb5a Amir Goldstein 2019-01-10 369 buf += sizeof(info); 5e469c830fdb5a Amir Goldstein 2019-01-10 370 len -= sizeof(info); 44d705b0370b1d Amir Goldstein 2020-03-19 371 if (WARN_ON_ONCE(len < sizeof(handle))) 44d705b0370b1d Amir Goldstein 2020-03-19 372 return -EFAULT; 44d705b0370b1d Amir Goldstein 2020-03-19 373 afc894c784c84c Jan Kara 2020-03-24 @374 handle.handle_type = fh->type; 5e469c830fdb5a Amir Goldstein 2019-01-10 375 handle.handle_bytes = fh_len; 936d6a38be3917 Gabriel Krisman Bertazi 2021-10-25 376 936d6a38be3917 Gabriel Krisman Bertazi 2021-10-25 377 /* Mangle handle_type for bad file_handle */ 936d6a38be3917 Gabriel Krisman Bertazi 2021-10-25 378 if (!fh_len) 936d6a38be3917 Gabriel Krisman Bertazi 2021-10-25 379 handle.handle_type = FILEID_INVALID; 936d6a38be3917 Gabriel Krisman Bertazi 2021-10-25 380 5e469c830fdb5a Amir Goldstein 2019-01-10 381 if (copy_to_user(buf, &handle, sizeof(handle))) 5e469c830fdb5a Amir Goldstein 2019-01-10 382 return -EFAULT; 5e469c830fdb5a Amir Goldstein 2019-01-10 383 5e469c830fdb5a Amir Goldstein 2019-01-10 384 buf += sizeof(handle); 5e469c830fdb5a Amir Goldstein 2019-01-10 385 len -= sizeof(handle); 44d705b0370b1d Amir Goldstein 2020-03-19 386 if (WARN_ON_ONCE(len < fh_len)) 44d705b0370b1d Amir Goldstein 2020-03-19 387 return -EFAULT; 44d705b0370b1d Amir Goldstein 2020-03-19 388 b2d22b6bb33aac Jan Kara 2019-03-12 389 /* 44d705b0370b1d Amir Goldstein 2020-03-19 390 * For an inline fh and inline file name, copy through stack to exclude 44d705b0370b1d Amir Goldstein 2020-03-19 391 * the copy from usercopy hardening protections. b2d22b6bb33aac Jan Kara 2019-03-12 392 */ afc894c784c84c Jan Kara 2020-03-24 393 fh_buf = fanotify_fh_buf(fh); b2d22b6bb33aac Jan Kara 2019-03-12 394 if (fh_len <= FANOTIFY_INLINE_FH_LEN) { afc894c784c84c Jan Kara 2020-03-24 395 memcpy(bounce, fh_buf, fh_len); afc894c784c84c Jan Kara 2020-03-24 396 fh_buf = bounce; b2d22b6bb33aac Jan Kara 2019-03-12 397 } afc894c784c84c Jan Kara 2020-03-24 398 if (copy_to_user(buf, fh_buf, fh_len)) 5e469c830fdb5a Amir Goldstein 2019-01-10 399 return -EFAULT; 5e469c830fdb5a Amir Goldstein 2019-01-10 400 5e469c830fdb5a Amir Goldstein 2019-01-10 401 buf += fh_len; 5e469c830fdb5a Amir Goldstein 2019-01-10 402 len -= fh_len; 44d705b0370b1d Amir Goldstein 2020-03-19 403 44d705b0370b1d Amir Goldstein 2020-03-19 404 if (name_len) { 44d705b0370b1d Amir Goldstein 2020-03-19 405 /* Copy the filename with terminating null */ 44d705b0370b1d Amir Goldstein 2020-03-19 406 name_len++; 44d705b0370b1d Amir Goldstein 2020-03-19 407 if (WARN_ON_ONCE(len < name_len)) 44d705b0370b1d Amir Goldstein 2020-03-19 408 return -EFAULT; 44d705b0370b1d Amir Goldstein 2020-03-19 409 44d705b0370b1d Amir Goldstein 2020-03-19 410 if (copy_to_user(buf, name, name_len)) 44d705b0370b1d Amir Goldstein 2020-03-19 411 return -EFAULT; 44d705b0370b1d Amir Goldstein 2020-03-19 412 44d705b0370b1d Amir Goldstein 2020-03-19 413 buf += name_len; 44d705b0370b1d Amir Goldstein 2020-03-19 414 len -= name_len; 44d705b0370b1d Amir Goldstein 2020-03-19 415 } 44d705b0370b1d Amir Goldstein 2020-03-19 416 44d705b0370b1d Amir Goldstein 2020-03-19 417 /* Pad with 0's */ 5e469c830fdb5a Amir Goldstein 2019-01-10 418 WARN_ON_ONCE(len < 0 || len >= FANOTIFY_EVENT_ALIGN); 5e469c830fdb5a Amir Goldstein 2019-01-10 419 if (len > 0 && clear_user(buf, len)) 5e469c830fdb5a Amir Goldstein 2019-01-10 420 return -EFAULT; 5e469c830fdb5a Amir Goldstein 2019-01-10 421 44d705b0370b1d Amir Goldstein 2020-03-19 422 return info_len; 5e469c830fdb5a Amir Goldstein 2019-01-10 423 } 5e469c830fdb5a Amir Goldstein 2019-01-10 424 :::::: The code at line 374 was first introduced by commit :::::: afc894c784c84cb3bb85a235feca2cb278f7b023 fanotify: Store fanotify handles differently :::::: TO: Jan Kara <[email protected]> :::::: CC: Jan Kara <[email protected]> --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected]
.config.gz
Description: application/gzip
_______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
