From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=//YW=BW=lists.linuxfoundation.org=linux-kernel-mentees-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7A741C433E1
	for <linux-kernel-mentees@archiver.kernel.org>; Wed, 12 Aug 2020 17:23:41 +0000 (UTC)
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 459F7207DA
	for <linux-kernel-mentees@archiver.kernel.org>; Wed, 12 Aug 2020 17:23:41 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="dFJ4Hzkp"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 459F7207DA
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-kernel-mentees-bounces@lists.linuxfoundation.org
Received: from localhost (localhost [127.0.0.1])
	by fraxinus.osuosl.org (Postfix) with ESMTP id 1B0118545F;
	Wed, 12 Aug 2020 17:23:41 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id JsHV8DPkT5pa; Wed, 12 Aug 2020 17:23:40 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by fraxinus.osuosl.org (Postfix) with ESMTP id 955AC85321;
	Wed, 12 Aug 2020 17:23:40 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 89F35C07FF;
	Wed, 12 Aug 2020 17:23:40 +0000 (UTC)
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
 by lists.linuxfoundation.org (Postfix) with ESMTP id C74C9C004D
 for <linux-kernel-mentees@lists.linuxfoundation.org>;
 Wed, 12 Aug 2020 17:23:39 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by hemlock.osuosl.org (Postfix) with ESMTP id C0D1888442
 for <linux-kernel-mentees@lists.linuxfoundation.org>;
 Wed, 12 Aug 2020 17:23:39 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Jl2fUzqo+7Lm
 for <linux-kernel-mentees@lists.linuxfoundation.org>;
 Wed, 12 Aug 2020 17:23:38 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-qt1-f194.google.com (mail-qt1-f194.google.com
 [209.85.160.194])
 by hemlock.osuosl.org (Postfix) with ESMTPS id 841F58843B
 for <linux-kernel-mentees@lists.linuxfoundation.org>;
 Wed, 12 Aug 2020 17:23:38 +0000 (UTC)
Received: by mail-qt1-f194.google.com with SMTP id h21so2051495qtp.11
 for <linux-kernel-mentees@lists.linuxfoundation.org>;
 Wed, 12 Aug 2020 10:23:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to;
 bh=b1/lSRDVVen4Akj0ArLSHpTeWWjBzyPT/lPcsGI8nVw=;
 b=dFJ4Hzkpz3+oD1F3BYZ++5nv2ELEguPwduttYcpO1TmDrzJuM9Ax88Q79LrVI8bY5T
 ztlS80pGOR3RNeVGI+aJwJVw/s6i3L7vzx2gpE8EqA0TBKcfIwNMlH7RgMxGbN9W7+kl
 0YiS7cWhlEEfudI/HDdLT8nnRL7SdDmV2bhMP2cDGc3UKjou0/0dfmbqmgdibZaO3wU0
 9jMJ/97QpQJURODplJipq3Oo6vOsr5Fv8Sj9yJtLoTXX2i2PNpzJrU+gDXxm9o/drWMZ
 XcVA0E1RwH8ce3jYImuE6NWeigHLURnv7ZdNqGUMQdyWYQ5Jxqkf5lil3GiOvTVlsSLA
 kIUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to;
 bh=b1/lSRDVVen4Akj0ArLSHpTeWWjBzyPT/lPcsGI8nVw=;
 b=jSqJP0gm2VXBYduq9aMt4WhQFxuQvsglU2u5sEDsgfzU4bLOfpWvZhDG+1ZhyL4mpo
 o96bINPS/L26eUwvXNiwPh9JjUKafgUp6GLs5XtzoTr+t852bnE5O2gwAZrbuhjDl2ut
 /SPnp4I5XZA7/1CzbVRDUmFAcxH6aaYJ7h77Zaogi6xiNY8cyoLIqxoEZhy0llDVt5s/
 JswIdnz0g5rbM/nK66eMgb/4TmEYTz/SiM5v481FMtdJtXAIUg15AM43HdVQaFF2TyzY
 K2ijotvbEt0P5eDJCtEgP1aa4uq8geQ4HlYZUOBi95kW6WJmityL7Eeq7qn0IF/pAOnz
 ARGA==
X-Gm-Message-State: AOAM533ris2m0IVW6jqmJ4JEtrwyc6P0EHbHuRqr2PknxlZ9g5ynZ0hV
 pWH4Z2hotntABOeaOn7T0Q==
X-Google-Smtp-Source: ABdhPJwBXCZnKid7yfKC88qAPcPezTXpTDi6LExmqjV/8+GD1684vmXYr/g16EHecwgYqZTah22aFA==
X-Received: by 2002:ac8:7152:: with SMTP id h18mr756292qtp.44.1597253017585;
 Wed, 12 Aug 2020 10:23:37 -0700 (PDT)
Received: from PWN
 (146-115-88-66.s3894.c3-0.sbo-ubr1.sbo.ma.cable.rcncustomer.com.
 [146.115.88.66])
 by smtp.gmail.com with ESMTPSA id i14sm3140849qtq.33.2020.08.12.10.23.36
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 12 Aug 2020 10:23:37 -0700 (PDT)
Date: Wed, 12 Aug 2020 13:23:35 -0400
From: Peilin Ye <yepeilin.cs@gmail.com>
To: Dan Carpenter <dan.carpenter@oracle.com>
Message-ID: <20200812172335.GA897567@PWN>
References: <20200812065556.869508-1-yepeilin.cs@gmail.com>
 <20200812070827.GA1304640@kroah.com> <20200812071306.GA869606@PWN>
 <20200812085904.GA16441@kadam>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20200812085904.GA16441@kadam>
Cc: linux-fsdevel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
 linux-kernel-mentees@lists.linuxfoundation.org, linux-kernel@vger.kernel.org
Subject: Re: [Linux-kernel-mentees] [PATCH] hfs,
 hfsplus: Fix NULL pointer dereference in hfs_find_init()
X-BeenThere: linux-kernel-mentees@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <linux-kernel-mentees.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/linux-kernel-mentees>, 
 <mailto:linux-kernel-mentees-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/linux-kernel-mentees/>
List-Post: <mailto:linux-kernel-mentees@lists.linuxfoundation.org>
List-Help: <mailto:linux-kernel-mentees-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees>, 
 <mailto:linux-kernel-mentees-request@lists.linuxfoundation.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: linux-kernel-mentees-bounces@lists.linuxfoundation.org
Sender: "Linux-kernel-mentees"
 <linux-kernel-mentees-bounces@lists.linuxfoundation.org>

On Wed, Aug 12, 2020 at 11:59:04AM +0300, Dan Carpenter wrote:
> Yeah, the patch doesn't work at all.  I looked at one call tree and it
> is:
> 
> hfs_mdb_get() tries to allocate HFS_SB(sb)->ext_tree.
> 
> 	HFS_SB(sb)->ext_tree = hfs_btree_open(sb, HFS_EXT_CNID, hfs_ext_keycmp);
>                     ^^^^^^^^
> 
> hfs_btree_open() calls page = read_mapping_page(mapping, 0, NULL);
> read_mapping_page() calls mapping->a_ops->readpage() which leads to
> hfs_readpage() which leads to hfs_ext_read_extent() which calls
> res = hfs_find_init(HFS_SB(inode->i_sb)->ext_tree, &fd);
>                                          ^^^^^^^^

Thank you for pointing this out! I will try to come up with a better way
to fix it.

Peilin Ye

> So we need ->ext_tree to be non-NULL before we can set ->ext_tree to be
> non-NULL...  :/
> 
> I wonder how long this has been broken and if we should just delete the
> AFS file system.
> 
> regards,
> dan carpenter
> 
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees