From mboxrd@z Thu Jan 1 00:00:00 1970 From: tcs.kernel@gmail.com Subject: [PATCH] fs: reiserfs: fix NULL pointer dereference in Date: Wed, 18 Aug 2021 16:01:07 +0800 Message-ID: <1629273667-7687-1-git-send-email-tcs_kernel@tencent.com> Return-path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=RZd2EPpa+0IzGiASvV0USnaW0JFO1iWZeUGWtK85EDw=; b=VVMbXUqIgAFUxBF3iu4GRac25drCIRkTO5lr21zo8yicaEp49wRqDjQhXEbK3cSFoz ZhshX9J5AC3zP81G/r6K/f7KKTYyp0woBCuCS6g7Z8cPlv5255hpPfb2NAtpwd4ZCRkB DuZcib+DjJyfZ6EdcIUT9g10lmSPT0UtyFI38VZo5+fflexR2oXbrdN/nyMMpeaAb7Y4 kutgstIr4d+ftUutRUStnphBBRdEu5kclr83jejQANi8xrD4PviDeFOI3FhCXvhx3hom aohju0mVAPNRaoZIDjeMtU1OlZhFeeB/zCzUS1H2+dGoR537zyfRjbySdO9Dhhkl0z99 8jfA== List-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: christian.brauner@ubuntu.com, mszeredi@redhat.com, jamorris@linux.microsoft.com, gustavoars@kernel.org, reiserfs-devel@vger.kernel.org Cc: Haimin Zhang From: Haimin Zhang If root_inode->i_op is reiserfs_special_inode_operations reiserfs_special_inode_operations doesn't implement the lookup callback function,resulting an NULL pointer when the reiserfs_lookup_privroot() function was called. Call Trace: __lookup_slow+0x267/0x490 build/../fs/namei.c:1646 lookup_one_len+0x163/0x190 build/../fs/namei.c:2663 reiserfs_lookup_privroot+0x92/0x290 build/../fs/reiserfs/xattr.c:980 reiserfs_fill_super+0x1f2a/0x2d80 build/../fs/reiserfs/super.c:2176 mount_bdev+0x33d/0x410 build/../fs/super.c:1368 legacy_get_tree+0x103/0x210 build/../fs/fs_context.c:610 vfs_get_tree+0x86/0x2f0 build/../fs/super.c:1498 do_new_mount build/../fs/namespace.c:2905 [inline] path_mount+0x688/0x1d10 build/../fs/namespace.c:3235 do_mount+0xf1/0x110 build/../fs/namespace.c:3248 __do_sys_mount build/../fs/namespace.c:3456 [inline] __se_sys_mount build/../fs/namespace.c:3433 [inline] __x64_sys_mount+0x1d5/0x220 build/../fs/namespace.c:3433 do_syscall_x64 build/../arch/x86/entry/common.c:50 [inline] do_syscall_64+0x34/0xb0 build/../arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae Reported-by: syzbot+11c49c...@syzkaller.appspotmail.com Signed-off-by: Haimin Zhang --- fs/reiserfs/namei.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/reiserfs/namei.c b/fs/reiserfs/namei.c index 3d7a35d..947b51b 100644 --- a/fs/reiserfs/namei.c +++ b/fs/reiserfs/namei.c @@ -350,6 +350,12 @@ static int reiserfs_find_entry(struct inode *dir, const char *name, int namelen, } /* while (1) */ } +static struct dentry *reiserfs_noop_lookup(struct inode *dir, struct dentry *dentry, + unsigned int flags) +{ + return ERR_PTR(-ENOENT); +} + static struct dentry *reiserfs_lookup(struct inode *dir, struct dentry *dentry, unsigned int flags) { @@ -1680,6 +1686,7 @@ static int reiserfs_rename(struct user_namespace *mnt_userns, * special file operations.. just xattr/acl stuff */ const struct inode_operations reiserfs_special_inode_operations = { + .lookup = reiserfs_noop_lookup, .setattr = reiserfs_setattr, .listxattr = reiserfs_listxattr, .permission = reiserfs_permission, -- 1.8.3.1