On Fri, Jan 18, 2019 at 03:53:39PM +0100, Christian Brauner wrote:
> Hey everyone,
>
> Al gave me a really helpful review of binderfs and pointed out a range
> of bugs. The most obvious and serious ones have fortunately already been
> taken care of by patches sitting in Greg's char-misc-linus tree. The
> others are hopefully all covered in this patchset.
BTW, binderfs_binder_device_create() looks rather odd - it would be easier
to do this:
inode_lock(d_inode(root));
/* look it up */
dentry = lookup_one_len(name, root, strlen(name));
if (IS_ERR(dentry)) {
/* some kind of error (ENOMEM, permissions) - report */
inode_unlock(d_inode(root));
ret = PTR_ERR(dentry);
goto err;
}
if (d_really_is_positive(dentry)) {
/* already exists */
dput(dentry);
inode_unlock(d_inode(root));
ret = -EEXIST;
goto err;
}
inode->i_private = device;
... and from that point on - as in your variant. Another thing in there:
name = kmalloc(name_len, GFP_KERNEL);
if (!name)
goto err;
strscpy(name, req->name, name_len);
is an odd way to go; more straightforward would be
req->name[BINDERFS_MAX_NAME] = '\0'; /* NUL-terminate */
name = kmemdup(req->name, sizeof(req->name), GEP_KERNEL);
if (!name)
....
