1. Patchew
  2. linux
  3. View series

[PATCH] kernfs: fix potential NULL dereference in __kernfs_remove

zys.zljxml@gmail.com posted 1 patch 3 years, 9 months ago
There is a newer version of this series
fs/kernfs/dir.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
[PATCH] kernfs: fix potential NULL dereference in __kernfs_remove
Posted by zys.zljxml@gmail.com 3 years, 9 months ago 
From: katrinzhou <katrinzhou@tencent.com>

When lockdep is enabled, lockdep_assert_held_write would
cause potential NULL pointer dereference.

Fix the folloeing smatch warnings:

fs/kernfs/dir.c:1353 __kernfs_remove() warn: variable dereferenced before check 'kn' (see line 1346)

Signed-off-by: katrinzhou <katrinzhou@tencent.com>
---
 fs/kernfs/dir.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c
index 6eca72cfa1f2..1cc88ba6de90 100644
--- a/fs/kernfs/dir.c
+++ b/fs/kernfs/dir.c
@@ -1343,14 +1343,17 @@ static void __kernfs_remove(struct kernfs_node *kn)
 {
 	struct kernfs_node *pos;
 
+	/* Short-circuit if non-root @kn has already finished removal. */
+	if (!kn)
+		return;
+
 	lockdep_assert_held_write(&kernfs_root(kn)->kernfs_rwsem);
 
 	/*
-	 * Short-circuit if non-root @kn has already finished removal.
 	 * This is for kernfs_remove_self() which plays with active ref
 	 * after removal.
 	 */
-	if (!kn || (kn->parent && RB_EMPTY_NODE(&kn->rb)))
+	if (kn->parent && RB_EMPTY_NODE(&kn->rb))
 		return;
 
 	pr_debug("kernfs %s: removing\n", kn->name);
-- 
2.27.0
Re: [PATCH] kernfs: fix potential NULL dereference in __kernfs_remove
Posted by Greg KH 3 years, 9 months ago 
On Thu, Jun 30, 2022 at 12:00:47PM +0800, zys.zljxml@gmail.com wrote:
> From: katrinzhou <katrinzhou@tencent.com>
> 
> When lockdep is enabled, lockdep_assert_held_write would
> cause potential NULL pointer dereference.
> 
> Fix the folloeing smatch warnings:
> 
> fs/kernfs/dir.c:1353 __kernfs_remove() warn: variable dereferenced before check 'kn' (see line 1346)
> 
> Signed-off-by: katrinzhou <katrinzhou@tencent.com>

Can you please submit this with your legal name that you use to sign
documents?

Also, what commit id does this fix?  Did you actually hit this with a
real workload?  How can this be reproduced and tested?

thanks,

greg k-h
Re: [PATCH] kernfs: fix potential NULL dereference in __kernfs_remove
Posted by Katrin Jo 3 years, 9 months ago 
On Thu, Jun 30, 2022 at 3:28 PM Greg KH <gregkh@linuxfoundation.org> wrote:
>
> On Thu, Jun 30, 2022 at 12:00:47PM +0800, zys.zljxml@gmail.com wrote:
> > From: katrinzhou <katrinzhou@tencent.com>
> >
> > When lockdep is enabled, lockdep_assert_held_write would
> > cause potential NULL pointer dereference.
> >
> > Fix the folloeing smatch warnings:
> >
> > fs/kernfs/dir.c:1353 __kernfs_remove() warn: variable dereferenced before check 'kn' (see line 1346)
> >
> > Signed-off-by: katrinzhou <katrinzhou@tencent.com>
>
> Can you please submit this with your legal name that you use to sign
> documents?
>
> Also, what commit id does this fix?  Did you actually hit this with a
> real workload?  How can this be reproduced and tested?
>
> thanks,
>
> greg k-h

Sorry for the formatting issue. I'll submit a new patch soon.
This problem is found via static code analysis, and by now
I have not reproduced / tested it.

Best regards,
Katrin

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.