[PATCH] block: register_blkdev doesn't check name against NULL

[PATCH] block: register_blkdev doesn't check name against NULL

[Vaughan Cao]

register_blkdev(0, NULL) can result kernel Oops by copying from NULL
in strlcpy(). Fix it by checking NULL pointer at the beginning.

Signed-off-by: Vaughan Cao <vaughan.cao@oracle.com>
---
 block/genhd.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/block/genhd.c b/block/genhd.c
index dadf42b..9564f19 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -287,6 +287,9 @@ int register_blkdev(unsigned int major, const char *name)
 	struct blk_major_name **n, *p;
 	int index, ret = 0;
 
+	if (!name)
+		return -EINVAL;
+
 	mutex_lock(&block_class_lock);
 
 	/* temporary */
-- 
1.8.3.1

[PATCH v2] block: register_blkdev doesn't check name against NULL

[Vaughan Cao]

register_blkdev(0, NULL) can result kernel Oops by copying from NULL
in strlcpy(). Fix it by checking NULL pointer at the beginning and
WARN when encountered in unregister_blkdev.

Signed-off-by: Vaughan Cao <vaughan.cao@oracle.com>
---
 block/genhd.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/block/genhd.c b/block/genhd.c
index dadf42b..cca13e9 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -287,6 +287,9 @@ int register_blkdev(unsigned int major, const char *name)
 	struct blk_major_name **n, *p;
 	int index, ret = 0;
 
+	if (!name)
+		return -EINVAL;
+
 	mutex_lock(&block_class_lock);
 
 	/* temporary */
@@ -348,7 +351,7 @@ void unregister_blkdev(unsigned int major, const char *name)
 	for (n = &major_names[index]; *n; n = &(*n)->next)
 		if ((*n)->major == major)
 			break;
-	if (!*n || strcmp((*n)->name, name)) {
+	if (!*n || !name || strcmp((*n)->name, name)) {
 		WARN_ON(1);
 	} else {
 		p = *n;
-- 
1.8.3.1

Re: [PATCH v2] block: register_blkdev doesn't check name against NULL

[Jeff Moyer]

Vaughan Cao <vaughan.cao@oracle.com> writes:

> register_blkdev(0, NULL) can result kernel Oops by copying from NULL
> in strlcpy(). Fix it by checking NULL pointer at the beginning and
> WARN when encountered in unregister_blkdev.

Uhh, so yeah, this is an exported function, so I could see maybe wanting
to do the argument checking.  But honestly, if your driver can't even
get this right, is there any hope of it actually working?

This seems like a pointless patch to me, but ultimately it's up to Jens.

Cheers,
Jeff

p.s. the kerneldoc tells you what to put there:
 * @name: the name of the new block device as a zero terminated string

Re: [PATCH v2] block: register_blkdev doesn't check name against NULL

[vaughan]

On 09/23/2013 10:56 PM, Jeff Moyer wrote:
> Vaughan Cao <vaughan.cao@oracle.com> writes:
>
>> register_blkdev(0, NULL) can result kernel Oops by copying from NULL
>> in strlcpy(). Fix it by checking NULL pointer at the beginning and
>> WARN when encountered in unregister_blkdev.
> Uhh, so yeah, this is an exported function, so I could see maybe wanting
> to do the argument checking.  But honestly, if your driver can't even
> get this right, is there any hope of it actually working?
>
> This seems like a pointless patch to me, but ultimately it's up to Jens.
>
> Cheers,
> Jeff
>
> p.s. the kerneldoc tells you what to put there:
>  * @name: the name of the new block device as a zero terminated string
Thanks for your comment, Jeff. I have the same feeling as you, however,
shouldn't kernel do its best to provide the maximum stable working ability?
And it's test case 7 of block driver in ltp project -
http://sourceforge.net/p/ltp/git/ci/master/tree/testcases/kernel/device-drivers/block/kernel_space/test_block.c.
It seems their attitude is we should check this.

Vaughan

Re: [PATCH v2] block: register_blkdev doesn't check name against NULL

[chaiwen]

On 09/29/2013 02:55 PM, vaughan wrote:
> On 09/23/2013 10:56 PM, Jeff Moyer wrote:
>> Vaughan Cao<vaughan.cao@oracle.com>  writes:
>>
>>> register_blkdev(0, NULL) can result kernel Oops by copying from NULL
>>> in strlcpy(). Fix it by checking NULL pointer at the beginning and
>>> WARN when encountered in unregister_blkdev.
>> Uhh, so yeah, this is an exported function, so I could see maybe wanting
>> to do the argument checking.  But honestly, if your driver can't even
>> get this right, is there any hope of it actually working?
>>
>> This seems like a pointless patch to me, but ultimately it's up to Jens.
>>
>> Cheers,
>> Jeff
>>
>> p.s. the kerneldoc tells you what to put there:
>>   * @name: the name of the new block device as a zero terminated string
> Thanks for your comment, Jeff. I have the same feeling as you, however,
> shouldn't kernel do its best to provide the maximum stable working ability?
> And it's test case 7 of block driver in ltp project -
> http://sourceforge.net/p/ltp/git/ci/master/tree/testcases/kernel/device-drivers/block/kernel_space/test_block.c.
> It seems their attitude is we should check this.
I checked most of the callers of this function in current code tree.
Indeed, mostly they pass a static string as a parameter.
As jeff has said if a driver wants to get things right, it should able to
give  right parameters.
But as an acknowledge of kernel code protocol, I have a query/question of
the similar situation. if a function is a public one and called rather 
commonly.
In what cases should we have a parameter checking in it?
I think if the parameter is a rather obvious one that  even a look at it 
in the caller telling OK or not.
These parameters may not  need checking.

thanks
chai wen
>
> Vaughan
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>