[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20221024004257.18689-1-yin31149@gmail.com>
Date: Mon, 24 Oct 2022 08:42:57 +0800
From: Hawkins Jiawei <yin31149@...il.com>
To: viro@...iv.linux.org.uk, raven@...maw.net
Cc: 18801353760@....com, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, yin31149@...il.com,
akpm@...ux-foundation.org, cmaiolino@...hat.com,
dhowells@...hat.com, hughd@...gle.com, miklos@...redi.hu,
oliver.sang@...el.com, penguin-kernel@...ove.sakura.ne.jp,
siddhesh@...plt.org,
syzbot+db1d2ea936378be0e4ea@...kaller.appspotmail.com,
syzkaller-bugs@...glegroups.com, tytso@....edu, smfrench@...il.com,
pc@....nz, lsahlber@...hat.com, sprasad@...rosoft.com,
tom@...pey.com
Subject: Re: [PATCH -next 0/5] fs: fix possible null-ptr-deref when parsing param
On Mon, 24 Oct 2022 at 00:48, Al Viro <viro@...iv.linux.org.uk> wrote:
>
> On Mon, Oct 24, 2022 at 12:39:41AM +0800, Hawkins Jiawei wrote:
> > According to commit "vfs: parse: deal with zero length string value",
> > kernel will set the param->string to null pointer in vfs_parse_fs_string()
> > if fs string has zero length.
> >
> > Yet the problem is that, when fs parses its mount parameters, it will
> > dereferences the param->string, without checking whether it is a
> > null pointer, which may trigger a null-ptr-deref bug.
> >
> > So this patchset reviews all functions for fs to parse parameters,
> > by using `git grep -n "\.parse_param" fs/*`, and adds sanity check
> > on param->string if its function will dereference param->string
> > without check.
>
> How about reverting the commit in question instead? Or dropping it
> from patch series, depending upon the way akpm handles the pile
> these days...
I think both are OK.
On one hand, commit "vfs: parse: deal with zero length string value"
seems just want to make output more informattive, which probably is not
the one which must be applied immediately to fix the
panic.
On the other hand, commit "vfs: parse: deal with zero length string value"
affects so many file systems, so there are probably some deeper
null-ptr-deref bugs I ignore, which may take time to review.
Powered by blists - more mailing lists