[PATCH 6.6/6.9] ext4: avoid ptr null pointer dereference

[PATCH 6.6/6.9] ext4: avoid ptr null pointer dereference

[libaokun]

From: Baokun Li <libaokun1@huawei.com>

When commit 13df4d44a3aa ("ext4: fix slab-out-of-bounds in
ext4_mb_find_good_group_avg_frag_lists()") was backported to stable, the
commit f536808adcc3 ("ext4: refactor out ext4_generic_attr_store()") that
uniformly determines if the ptr is null is not merged in, so it needs to
be judged whether ptr is null or not in each case of the switch, otherwise
null pointer dereferencing may occur.

Signed-off-by: Baokun Li <libaokun1@huawei.com>
---
 fs/ext4/sysfs.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
index 63cbda3700ea..d65dccb44ed5 100644
--- a/fs/ext4/sysfs.c
+++ b/fs/ext4/sysfs.c
@@ -473,6 +473,8 @@ static ssize_t ext4_attr_store(struct kobject *kobj,
 			*((unsigned int *) ptr) = t;
 		return len;
 	case attr_clusters_in_group:
+		if (!ptr)
+			return 0;
 		ret = kstrtouint(skip_spaces(buf), 0, &t);
 		if (ret)
 			return ret;
-- 
2.39.2

Patch "ext4: avoid ptr null pointer dereference" has been added to the 6.9-stable tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    ext4: avoid ptr null pointer dereference

to the 6.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ext4-avoid-ptr-null-pointer-dereference.patch
and it can be found in the queue-6.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


From libaokun@huaweicloud.com  Tue Jul 16 15:13:28 2024
From: libaokun@huaweicloud.com
Date: Tue, 16 Jul 2024 17:29:29 +0800
Subject: ext4: avoid ptr null pointer dereference
To: stable@vger.kernel.org, gregkh@linuxfoundation.org
Cc: sashal@kernel.org, tytso@mit.edu, jack@suse.cz, patches@lists.linux.dev, yi.zhang@huawei.com, yangerkun@huawei.com, libaokun@huaweicloud.com, Baokun Li <libaokun1@huawei.com>
Message-ID: <20240716092929.864207-1-libaokun@huaweicloud.com>

From: Baokun Li <libaokun1@huawei.com>

When commit 13df4d44a3aa ("ext4: fix slab-out-of-bounds in
ext4_mb_find_good_group_avg_frag_lists()") was backported to stable, the
commit f536808adcc3 ("ext4: refactor out ext4_generic_attr_store()") that
uniformly determines if the ptr is null is not merged in, so it needs to
be judged whether ptr is null or not in each case of the switch, otherwise
null pointer dereferencing may occur.

Fixes: b829687ae122 ("ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists()")
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/ext4/sysfs.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/fs/ext4/sysfs.c
+++ b/fs/ext4/sysfs.c
@@ -473,6 +473,8 @@ static ssize_t ext4_attr_store(struct ko
 			*((unsigned int *) ptr) = t;
 		return len;
 	case attr_clusters_in_group:
+		if (!ptr)
+			return 0;
 		ret = kstrtouint(skip_spaces(buf), 0, &t);
 		if (ret)
 			return ret;


Patches currently in stable-queue which might be from libaokun@huaweicloud.com are

queue-6.9/cachefiles-propagate-errors-from-vfs_getxattr-to-avo.patch
queue-6.9/cachefiles-cancel-all-requests-for-the-object-that-i.patch
queue-6.9/cachefiles-add-missing-lock-protection-when-polling.patch
queue-6.9/cachefiles-cyclic-allocation-of-msg_id-to-avoid-reus.patch
queue-6.9/cachefiles-stop-sending-new-request-when-dropping-ob.patch
queue-6.9/ext4-avoid-ptr-null-pointer-dereference.patch
queue-6.9/cachefiles-wait-for-ondemand_object_worker-to-finish.patch

Patch "ext4: avoid ptr null pointer dereference" has been added to the 5.4-stable tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    ext4: avoid ptr null pointer dereference

to the 5.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ext4-avoid-ptr-null-pointer-dereference.patch
and it can be found in the queue-5.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


From libaokun@huaweicloud.com  Tue Jul 16 15:13:28 2024
From: libaokun@huaweicloud.com
Date: Tue, 16 Jul 2024 17:29:29 +0800
Subject: ext4: avoid ptr null pointer dereference
To: stable@vger.kernel.org, gregkh@linuxfoundation.org
Cc: sashal@kernel.org, tytso@mit.edu, jack@suse.cz, patches@lists.linux.dev, yi.zhang@huawei.com, yangerkun@huawei.com, libaokun@huaweicloud.com, Baokun Li <libaokun1@huawei.com>
Message-ID: <20240716092929.864207-1-libaokun@huaweicloud.com>

From: Baokun Li <libaokun1@huawei.com>

When commit 13df4d44a3aa ("ext4: fix slab-out-of-bounds in
ext4_mb_find_good_group_avg_frag_lists()") was backported to stable, the
commit f536808adcc3 ("ext4: refactor out ext4_generic_attr_store()") that
uniformly determines if the ptr is null is not merged in, so it needs to
be judged whether ptr is null or not in each case of the switch, otherwise
null pointer dereferencing may occur.

Signed-off-by: Baokun Li <libaokun1@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/ext4/sysfs.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
index 63cbda3700ea..d65dccb44ed5 100644
--- a/fs/ext4/sysfs.c
+++ b/fs/ext4/sysfs.c
@@ -473,6 +473,8 @@ static ssize_t ext4_attr_store(struct kobject *kobj,
 			*((unsigned int *) ptr) = t;
 		return len;
 	case attr_clusters_in_group:
+		if (!ptr)
+			return 0;
 		ret = kstrtouint(skip_spaces(buf), 0, &t);
 		if (ret)
 			return ret;
-- 
2.39.2



Patches currently in stable-queue which might be from libaokun@huaweicloud.com are

queue-5.4/ext4-avoid-ptr-null-pointer-dereference.patch

Patch "ext4: avoid ptr null pointer dereference" has been added to the 6.6-stable tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    ext4: avoid ptr null pointer dereference

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ext4-avoid-ptr-null-pointer-dereference.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


From libaokun@huaweicloud.com  Tue Jul 16 15:13:28 2024
From: libaokun@huaweicloud.com
Date: Tue, 16 Jul 2024 17:29:29 +0800
Subject: ext4: avoid ptr null pointer dereference
To: stable@vger.kernel.org, gregkh@linuxfoundation.org
Cc: sashal@kernel.org, tytso@mit.edu, jack@suse.cz, patches@lists.linux.dev, yi.zhang@huawei.com, yangerkun@huawei.com, libaokun@huaweicloud.com, Baokun Li <libaokun1@huawei.com>
Message-ID: <20240716092929.864207-1-libaokun@huaweicloud.com>

From: Baokun Li <libaokun1@huawei.com>

When commit 13df4d44a3aa ("ext4: fix slab-out-of-bounds in
ext4_mb_find_good_group_avg_frag_lists()") was backported to stable, the
commit f536808adcc3 ("ext4: refactor out ext4_generic_attr_store()") that
uniformly determines if the ptr is null is not merged in, so it needs to
be judged whether ptr is null or not in each case of the switch, otherwise
null pointer dereferencing may occur.

Fixes: 677ff4589f15 ("ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists()")
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/ext4/sysfs.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/fs/ext4/sysfs.c
+++ b/fs/ext4/sysfs.c
@@ -473,6 +473,8 @@ static ssize_t ext4_attr_store(struct ko
 			*((unsigned int *) ptr) = t;
 		return len;
 	case attr_clusters_in_group:
+		if (!ptr)
+			return 0;
 		ret = kstrtouint(skip_spaces(buf), 0, &t);
 		if (ret)
 			return ret;


Patches currently in stable-queue which might be from libaokun@huaweicloud.com are

queue-6.6/cachefiles-propagate-errors-from-vfs_getxattr-to-avo.patch
queue-6.6/cachefiles-cancel-all-requests-for-the-object-that-i.patch
queue-6.6/cachefiles-add-missing-lock-protection-when-polling.patch
queue-6.6/cachefiles-cyclic-allocation-of-msg_id-to-avoid-reus.patch
queue-6.6/cachefiles-stop-sending-new-request-when-dropping-ob.patch
queue-6.6/ext4-avoid-ptr-null-pointer-dereference.patch
queue-6.6/cachefiles-wait-for-ondemand_object_worker-to-finish.patch

Re: [PATCH 6.6/6.9] ext4: avoid ptr null pointer dereference

[Greg KH]

On Tue, Jul 16, 2024 at 05:29:29PM +0800, libaokun@huaweicloud.com wrote:
> From: Baokun Li <libaokun1@huawei.com>
> 
> When commit 13df4d44a3aa ("ext4: fix slab-out-of-bounds in
> ext4_mb_find_good_group_avg_frag_lists()") was backported to stable, the
> commit f536808adcc3 ("ext4: refactor out ext4_generic_attr_store()") that
> uniformly determines if the ptr is null is not merged in, so it needs to
> be judged whether ptr is null or not in each case of the switch, otherwise
> null pointer dereferencing may occur.
> 
> Signed-off-by: Baokun Li <libaokun1@huawei.com>
> ---
>  fs/ext4/sysfs.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
> index 63cbda3700ea..d65dccb44ed5 100644
> --- a/fs/ext4/sysfs.c
> +++ b/fs/ext4/sysfs.c
> @@ -473,6 +473,8 @@ static ssize_t ext4_attr_store(struct kobject *kobj,
>  			*((unsigned int *) ptr) = t;
>  		return len;
>  	case attr_clusters_in_group:
> +		if (!ptr)
> +			return 0;
>  		ret = kstrtouint(skip_spaces(buf), 0, &t);
>  		if (ret)
>  			return ret;
> -- 
> 2.39.2
> 
> 

Now queued up, thanks for the fix!

greg k-h

Re: [PATCH 6.6/6.9] ext4: avoid ptr null pointer dereference

[Baokun Li]

On 2024/7/16 22:07, Greg KH wrote:
> On Tue, Jul 16, 2024 at 05:29:29PM +0800, libaokun@huaweicloud.com wrote:
>> From: Baokun Li <libaokun1@huawei.com>
>>
>> When commit 13df4d44a3aa ("ext4: fix slab-out-of-bounds in
>> ext4_mb_find_good_group_avg_frag_lists()") was backported to stable, the
>> commit f536808adcc3 ("ext4: refactor out ext4_generic_attr_store()") that
>> uniformly determines if the ptr is null is not merged in, so it needs to
>> be judged whether ptr is null or not in each case of the switch, otherwise
>> null pointer dereferencing may occur.
>>
>> Signed-off-by: Baokun Li <libaokun1@huawei.com>
>> ---
>>   fs/ext4/sysfs.c | 2 ++
>>   1 file changed, 2 insertions(+)
>>
>> diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
>> index 63cbda3700ea..d65dccb44ed5 100644
>> --- a/fs/ext4/sysfs.c
>> +++ b/fs/ext4/sysfs.c
>> @@ -473,6 +473,8 @@ static ssize_t ext4_attr_store(struct kobject *kobj,
>>   			*((unsigned int *) ptr) = t;
>>   		return len;
>>   	case attr_clusters_in_group:
>> +		if (!ptr)
>> +			return 0;
>>   		ret = kstrtouint(skip_spaces(buf), 0, &t);
>>   		if (ret)
>>   			return ret;
>> -- 
>> 2.39.2
>>
>>
> Now queued up, thanks for the fix!
>
> greg k-h

Thanks for your consistent work. 😄

-- 
With Best Regards,
Baokun Li