On Wed 12-03-25 16:15:53, Jan Kara wrote:
> Hello Dan!
>
> On Tue 11-03-25 15:35:20, Dan Carpenter wrote:
> > Commit 02d4ca49fa22 ("udf: merge bh free") from Jan 6, 2017
> > (linux-next), leads to the following Smatch static checker warning:
>
> Thanks for the report! I think you've misidentified the commit introducing
> the problem. The problem comes from a much more recent b405c1e58b73 ("udf:
> refactor udf_next_aext() to handle error") which started to set 'ret' on
> that path. But that's just a minor issue.
>
> > fs/udf/namei.c:442 udf_mkdir()
> > warn: passing positive error code '(-117),(-28),(-22),(-12),(-5),(-1),1' to 'ERR_PTR'
> >
> > fs/udf/namei.c
> > 422 static struct dentry *udf_mkdir(struct mnt_idmap *idmap, struct inode *dir,
> > 423 struct dentry *dentry, umode_t mode)
> > 424 {
> > 425 struct inode *inode;
> > 426 struct udf_fileident_iter iter;
> > 427 int err;
> > 428 struct udf_inode_info *dinfo = UDF_I(dir);
> > 429 struct udf_inode_info *iinfo;
> > 430
> > 431 inode = udf_new_inode(dir, S_IFDIR | mode);
> > 432 if (IS_ERR(inode))
> > 433 return ERR_CAST(inode);
> > 434
> > 435 iinfo = UDF_I(inode);
> > 436 inode->i_op = &udf_dir_inode_operations;
> > 437 inode->i_fop = &udf_dir_operations;
> > 438 err = udf_fiiter_add_entry(inode, NULL, &iter);
> > 439 if (err) {
> > 440 clear_nlink(inode);
> > 441 discard_new_inode(inode);
> > --> 442 return ERR_PTR(err);
> >
> > Returning ERR_PTR(1) will lead to an Oops in the caller.
>
> Yeah, not good.
BTW, I've realized this is not really possible to hit in practice because
udf_fiiter_add_entry() calls udf_bread() (and thus inode_getblk()) for
known unallocated block and thus the path in inode_getblk() with the wrong
return value will not be executed in this case. Still this is rather
dangerous bug and better have it fixed.
Honza
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR
