Thread (3 messages) 3 messages, 3 authors, 2023-09-08

Re: [PATCH] eventfs: Fix the NULL pointer dereference bug in eventfs_remove_rec()

From: Steven Rostedt <rostedt@goodmis.org>
Date: 2023-09-08 12:26:07 

On Fri, 8 Sep 2023 17:26:30 +0900
Masami Hiramatsu (Google) [off-list ref] wrote:
quoted hunk ↗ jump to hunk
quoted
diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c
index 237c6f370ad9..e6efa4078f48 100644
--- a/fs/tracefs/event_inode.c
+++ b/fs/tracefs/event_inode.c
@@ -693,7 +693,7 @@ static void eventfs_remove_rec(struct eventfs_file *ef, struct list_head *head,
 {
 	struct eventfs_file *ef_child;
 
-	if (!ef)
+	if (IS_ERR(ef))
 		return;  
But this is not good. Allocater side should handle the error carefully and remove it.
e.g. 

diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
index 2af92177b765..5a08db957460 100644
--- a/kernel/trace/trace_events.c
+++ b/kernel/trace/trace_events.c
@@ -2436,6 +2436,7 @@ event_create_dir(struct dentry *parent, struct trace_event_file *file)
 	file->ef = eventfs_add_dir(name, ef_subsystem);
 	if (IS_ERR(file->ef)) {
 		pr_warn("Could not create tracefs '%s' directory\n", name);
+		file->ef = NULL;
 		return -1;
 	}
 


Or at least, please use IS_ERR_OR_NULL().
quoted
 	/*
 	 * Check recursion depth. It should never be greater than 3:
@@ -730,7 +730,7 @@ void eventfs_remove(struct eventfs_file *ef)
 	struct dentry *dentry_list = NULL;
 	struct dentry *dentry;
 
-	if (!ef)
+	if (IS_ERR(ef))
 		return;  
Ditto.

Thank you,
I guess Masami said the same thing I did as my reply to the other email.

-- Steve
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help