From: tcs.kernel@gmail.com
To: christian.brauner@ubuntu.com, mszeredi@redhat.com,
jamorris@linux.microsoft.com, gustavoars@kernel.org,
reiserfs-devel@vger.kernel.org
Cc: Haimin Zhang <tcs_kernel@tencent.com>
Subject: [PATCH] fs: reiserfs: fix NULL pointer dereference in
Date: Wed, 18 Aug 2021 16:01:07 +0800 [thread overview]
Message-ID: <1629273667-7687-1-git-send-email-tcs_kernel@tencent.com> (raw)
From: Haimin Zhang <tcs_kernel@tencent.com>
If root_inode->i_op is reiserfs_special_inode_operations
reiserfs_special_inode_operations doesn't implement the lookup callback
function,resulting an NULL pointer when the reiserfs_lookup_privroot()
function was called.
Call Trace:
__lookup_slow+0x267/0x490 build/../fs/namei.c:1646
lookup_one_len+0x163/0x190 build/../fs/namei.c:2663
reiserfs_lookup_privroot+0x92/0x290 build/../fs/reiserfs/xattr.c:980
reiserfs_fill_super+0x1f2a/0x2d80 build/../fs/reiserfs/super.c:2176
mount_bdev+0x33d/0x410 build/../fs/super.c:1368
legacy_get_tree+0x103/0x210 build/../fs/fs_context.c:610
vfs_get_tree+0x86/0x2f0 build/../fs/super.c:1498
do_new_mount build/../fs/namespace.c:2905 [inline]
path_mount+0x688/0x1d10 build/../fs/namespace.c:3235
do_mount+0xf1/0x110 build/../fs/namespace.c:3248
__do_sys_mount build/../fs/namespace.c:3456 [inline]
__se_sys_mount build/../fs/namespace.c:3433 [inline]
__x64_sys_mount+0x1d5/0x220 build/../fs/namespace.c:3433
do_syscall_x64 build/../arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x34/0xb0 build/../arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
Reported-by: syzbot+11c49c...@syzkaller.appspotmail.com
Signed-off-by: Haimin Zhang <tcs_kernel@tencent.com>
---
fs/reiserfs/namei.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/fs/reiserfs/namei.c b/fs/reiserfs/namei.c
index 3d7a35d..947b51b 100644
--- a/fs/reiserfs/namei.c
+++ b/fs/reiserfs/namei.c
@@ -350,6 +350,12 @@ static int reiserfs_find_entry(struct inode *dir, const char *name, int namelen,
} /* while (1) */
}
+static struct dentry *reiserfs_noop_lookup(struct inode *dir, struct dentry *dentry,
+ unsigned int flags)
+{
+ return ERR_PTR(-ENOENT);
+}
+
static struct dentry *reiserfs_lookup(struct inode *dir, struct dentry *dentry,
unsigned int flags)
{
@@ -1680,6 +1686,7 @@ static int reiserfs_rename(struct user_namespace *mnt_userns,
* special file operations.. just xattr/acl stuff
*/
const struct inode_operations reiserfs_special_inode_operations = {
+ .lookup = reiserfs_noop_lookup,
.setattr = reiserfs_setattr,
.listxattr = reiserfs_listxattr,
.permission = reiserfs_permission,
--
1.8.3.1
next reply other threads:[~2021-08-18 8:01 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-18 8:01 tcs.kernel [this message]
2021-08-18 8:39 ` [PATCH] fs: reiserfs: fix NULL pointer dereference in Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1629273667-7687-1-git-send-email-tcs_kernel@tencent.com \
--to=tcs.kernel@gmail.com \
--cc=christian.brauner@ubuntu.com \
--cc=gustavoars@kernel.org \
--cc=jamorris@linux.microsoft.com \
--cc=mszeredi@redhat.com \
--cc=reiserfs-devel@vger.kernel.org \
--cc=tcs_kernel@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.