Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp1890060rdb; Sat, 2 Dec 2023 13:42:36 -0800 (PST) X-Google-Smtp-Source: AGHT+IGxHnLakF6zI14YgGogJlO4TBLysK87gYOtaTed+n8Ye0j56Y6Ypdw2qWWUBXcwZtKBujpV X-Received: by 2002:a92:d7cd:0:b0:35d:62dc:cf85 with SMTP id g13-20020a92d7cd000000b0035d62dccf85mr1000114ilq.26.1701553356592; Sat, 02 Dec 2023 13:42:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701553356; cv=none; d=google.com; s=arc-20160816; b=L4idijCwkx/5iMOUEC4zPlOOey93QZgHFj9F4rOVEBKShBXILUMyPPRgTIoeV7W+TJ m3JWbY3WagOELIv2rQu3LzMW9TJT3+4uafURX7QjGJ9gVb+SJSbEUzXmzaCNIMeb40Rq Ikb80D5GLV5tkMzNQAMJykWeJqyfvFGmVDe9VmVJ4LDux8cevtovc7upK0YYrIAVJYwV R7IOgWNZZQ2Y1EUtYny4VP7xwZEqaCe46AT90yh0CiQr8bzNIsovHmZyBEgsngvfDuLf 1Bw5fUIivtJ9IfW8uAyUHT7rd9DUmA+hU8JtLZiE6fAQ0zjutsLz3zCEHobJOpSUNO6r Awxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=a4d9QklxmnGGroHG//jR+2ndksGsehf1JIlbPa4U3UM=; fh=FF1Fm43wjDVBknCypeo6GYbgR2lUx2vVEAg8epl3//0=; b=FUN9py5wKva1rqqWX1QoG65ZgftYPaFSYakSIBq1Y/YeNa3vnel5oyyImQoz0t/PWe D67phE6rjyT+KslGGLrQXLy3So9xSYNy+hBKrBIFEbzNqgMtB2ifwGnCN4wmv7+/OZR2 gdT72gL3H5ovKHD/Umfh4FKDQQDogyJybxRqibwQQxtjw9mn5DLoxrzX+aIBSuUu+zbW hPHiX5uH4Thn78VLr8wJ5vNiJlGyUEnxSbAc9+48JlI10VxpkGTNiygI+LYSMJ3IViQQ R5ulUOfy5d8qDN4ihGJumSxYZsOjCK/bUNFXqDmNT4pozGRcaZP47uVQpki0G1ni67mV Oerw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b="D0ukNH9/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk Return-Path: Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id e10-20020a17090301ca00b001bdd58f685fsi5495004plh.85.2023.12.02.13.42.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 02 Dec 2023 13:42:36 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b="D0ukNH9/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id B0212801B186; Sat, 2 Dec 2023 13:42:33 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229634AbjLBVmO (ORCPT + 99 others); Sat, 2 Dec 2023 16:42:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41620 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229450AbjLBVmN (ORCPT ); Sat, 2 Dec 2023 16:42:13 -0500 Received: from zeniv.linux.org.uk (zeniv.linux.org.uk [IPv6:2a03:a000:7:0:5054:ff:fe1c:15ff]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 41173E5; Sat, 2 Dec 2023 13:42:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=linux.org.uk; s=zeniv-20220401; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=a4d9QklxmnGGroHG//jR+2ndksGsehf1JIlbPa4U3UM=; b=D0ukNH9/MJN/gphDZ8G97Jjici BtO25Ui608rDQzJOweJlH+bo/VJXoixG7Vvnqn+l/3A5AxszfBcEO0MX4P4bwXXHkiz1DjN7HnAZW y+Kccv06YthbRqhrJ1ANAH+qQF30d5LHpl1s/jQs7W/q+HT99uMejhgMtjt8X1I5PNRO0g56ojKpY 9u5lJQQIlLOWZwaGEJK/DdQxV1/4I/knz5Qk877uZMN97/JONSSAiF2zYa9aaF1KCX6gSYldLrePI 15yLjJb1NQGA6dVHXjjOV+V9VkWR2WJ07tNGMgjcmUHFHSbNn+19b3QBDnOHP6Td/LrbkR+c6fkfv DoEDnrpw==; Received: from viro by zeniv.linux.org.uk with local (Exim 4.96 #2 (Red Hat Linux)) id 1r9Xka-006OCx-1s; Sat, 02 Dec 2023 21:42:12 +0000 Date: Sat, 2 Dec 2023 21:42:12 +0000 From: Al Viro To: Kees Cook Cc: "Guilherme G. Piccoli" , Christian Brauner , Peter Zijlstra , linux-fsdevel@vger.kernel.org, Tony Luck , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH 3/5] fs: Add DEFINE_FREE for struct inode Message-ID: <20231202214212.GR38156@ZenIV> References: <20231202211535.work.571-kees@kernel.org> <20231202212217.243710-3-keescook@chromium.org> <20231202212846.GQ38156@ZenIV> <202312021331.D2DFBF153@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202312021331.D2DFBF153@keescook> Sender: Al Viro X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Sat, 02 Dec 2023 13:42:34 -0800 (PST) On Sat, Dec 02, 2023 at 01:34:32PM -0800, Kees Cook wrote: > On Sat, Dec 02, 2023 at 09:28:46PM +0000, Al Viro wrote: > > On Sat, Dec 02, 2023 at 01:22:13PM -0800, Kees Cook wrote: > > > Allow __free(iput) markings for easier cleanup on inode allocations. > > > > NAK. That's a bloody awful idea for that particular data type, since > > 1) ERR_PTR(...) is not uncommon and passing it to iput() is a bug. > > Ah, sounds like instead of "if (_T)", you'd rather see > "if (!IS_ERR_OR_NULL(_T))" ? No. I would rather *not* see IS_ERR_OR_NULL anywhere, but that's a separate rant. > > 2) the common pattern is to have reference-consuming primitives, > > with failure exits normally *not* having to do iput() at all. > > This I'm not following. If I make a call to "new_inode(sb)" that I end > up not using, I need to call "iput()" in it... > > How should this patch be written to avoid the iput() on failure? > https://lore.kernel.org/all/20231202212217.243710-4-keescook@chromium.org/ I'll poke around and see what I can suggest; said that, one thing I have spotted there on the quick look is that you are exposing hashed dentry associated with your inode before you set its ->i_private. Have an open() hit just after that d_add() and this static int pstore_file_open(struct inode *inode, struct file *file) { struct pstore_private *ps = inode->i_private; struct seq_file *sf; int err; const struct seq_operations *sops = NULL; if (ps->record->type == PSTORE_TYPE_FTRACE) ... with happily oops on you.