[PATCH v2 0/2] virtiofsd: fix some accessing NULL pointer problem

[PATCH v2 0/2] virtiofsd: fix some accessing NULL pointer problem

[Haotian Li]

Haotian Li (2):
  tools/virtiofsd/buffer.c: check whether buf is NULL in
    fuse_bufvec_advance func
  virtiofsd/passthrough_ll.c: check whether lo_map_reserve returns NULL
    in main func

 tools/virtiofsd/buffer.c         |  4 ++++
 tools/virtiofsd/passthrough_ll.c | 10 +++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

-- 

[PATCH 1/2] tools/virtiofsd/buffer.c: check whether buf is NULL in fuse_bufvec_advance func

[Haotian Li]

In fuse_bufvec_advance func, calling fuse_bufvec_current func
may return NULL, so we should check whether buf is NULL before
using it.

Signed-off-by: Haotian Li <lihaotian9@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
---
 tools/virtiofsd/buffer.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tools/virtiofsd/buffer.c b/tools/virtiofsd/buffer.c
index 27c1377f22..bdc608c221 100644
--- a/tools/virtiofsd/buffer.c
+++ b/tools/virtiofsd/buffer.c
@@ -246,6 +246,10 @@ static int fuse_bufvec_advance(struct fuse_bufvec *bufv, size_t len)
 {
     const struct fuse_buf *buf = fuse_bufvec_current(bufv);

+    if (!buf) {
+        return 0;
+    }
+
     bufv->off += len;
     assert(bufv->off <= buf->size);
     if (bufv->off == buf->size) {
-- 

[PATCH 2/2] virtiofsd: check whether lo_map_reserve returns NULL in main func

[Haotian Li]

In main func, func lo_map_reserve is called without NULL check.
If reallocing new_elems fails in func lo_map_grow, the func
lo_map_reserve may return NULL. We should check whether
lo_map_reserve returns NULL before using it.

Signed-off-by: Haotian Li <lihaotian9@huawei.com>
Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
---
 tools/virtiofsd/passthrough_ll.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index ec1008bceb..0c279ff9fb 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -3433,6 +3433,7 @@ int main(int argc, char *argv[])
         .proc_self_fd = -1,
     };
     struct lo_map_elem *root_elem;
+    struct lo_map_elem *reserve_elem;
     int ret = -1;

     /* Don't mask creation mode, kernel already did that */
@@ -3452,8 +3453,15 @@ int main(int argc, char *argv[])
      * [1] Root inode
      */
     lo_map_init(&lo.ino_map);
-    lo_map_reserve(&lo.ino_map, 0)->in_use = false;
+    reserve_elem = lo_map_reserve(&lo.ino_map, 0);
+    if (!reserve_elem) {
+        goto err_out1;
+    }
+    reserve_elem->in_use = false;
     root_elem = lo_map_reserve(&lo.ino_map, lo.root.fuse_ino);
+    if (!root_elem) {
+        goto err_out1;
+    }
     root_elem->inode = &lo.root;

     lo_map_init(&lo.dirp_map);
-- 

Re: [Virtio-fs] [PATCH v2 0/2] virtiofsd: fix some accessing NULL pointer problem

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 599 bytes --]

On Tue, Nov 10, 2020 at 02:32:17PM +0800, Haotian Li wrote:
> Haotian Li (2):
>   tools/virtiofsd/buffer.c: check whether buf is NULL in
>     fuse_bufvec_advance func
>   virtiofsd/passthrough_ll.c: check whether lo_map_reserve returns NULL
>     in main func
> 
>  tools/virtiofsd/buffer.c         |  4 ++++
>  tools/virtiofsd/passthrough_ll.c | 10 +++++++++-
>  2 files changed, 13 insertions(+), 1 deletion(-)

Please consider printing an error message in Patch 2 so that users can
easily tell why the program refused to start.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [Virtio-fs] [PATCH v2 0/2] virtiofsd: fix some accessing NULL pointer problem

[Zhiqiang Liu]

On 2020/11/10 19:45, Stefan Hajnoczi wrote:
> On Tue, Nov 10, 2020 at 02:32:17PM +0800, Haotian Li wrote:
>> Haotian Li (2):
>>   tools/virtiofsd/buffer.c: check whether buf is NULL in
>>     fuse_bufvec_advance func
>>   virtiofsd/passthrough_ll.c: check whether lo_map_reserve returns NULL
>>     in main func
>>
>>  tools/virtiofsd/buffer.c         |  4 ++++
>>  tools/virtiofsd/passthrough_ll.c | 10 +++++++++-
>>  2 files changed, 13 insertions(+), 1 deletion(-)
> 
> Please consider printing an error message in Patch 2 so that users can
> easily tell why the program refused to start.
> 
> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
> 
Thanks for your review.
We will add error message in Patch2, and then send the v3-patch series.

Regards
Zhiqiang Liu.
> 
> _______________________________________________
> Virtio-fs mailing list
> Virtio-fs@redhat.com
> https://www.redhat.com/mailman/listinfo/virtio-fs
> 

Re: [Virtio-fs] [PATCH v2 0/2] virtiofsd: fix some accessing NULL pointer problem

[Haotian Li]

Thanks for your suggestion. New patches will be resent.

> On Tue, Nov 10, 2020 at 02:32:17PM +0800, Haotian Li wrote:
>> Haotian Li (2):
>>   tools/virtiofsd/buffer.c: check whether buf is NULL in
>>     fuse_bufvec_advance func
>>   virtiofsd/passthrough_ll.c: check whether lo_map_reserve returns NULL
>>     in main func
>>
>>  tools/virtiofsd/buffer.c         |  4 ++++
>>  tools/virtiofsd/passthrough_ll.c | 10 +++++++++-
>>  2 files changed, 13 insertions(+), 1 deletion(-)
> 
> Please consider printing an error message in Patch 2 so that users can
> easily tell why the program refused to start.
> 
> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
>