From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 44FCE1422D9; Wed, 19 Jun 2024 13:35:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718804137; cv=none; b=JBnt9pPJrVgkVtKAv3D8gBEk92XcJajM9BH6uDkqYiA7qV+USxBi0UWtG0DwMw290VfOoRsZGE3Hl80M/MRw2vbW0eUPevGPM3s2mFV8OGWfCKMb+EhQhsXlLVB2+6XX7bKzeY0PjQgb+QPqAS9QXMtSnxe8wTMduYoMdnioHOI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718804137; c=relaxed/simple; bh=/hcqL9FwP19LMfUqAroGcHsNZE8fztLdGrWqB+2MuU0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cgPpdLzSyN3AdpfsF1du7VeNzPoRpPHp2Ld9FBBTVTXR9JEl9raFkYpxQzEHmopkVShFoKkzjw7kXIxw5yMle+Ii2Pnk18GJN9IYna6fmf/n74yhQ0tQK5PmV2z4NviRtZTOqZIFYOrv1vGnZlrN+ROlqdB/oQ/VJHtN747lms0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=0n8cAb8m; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="0n8cAb8m" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 773E8C2BBFC; Wed, 19 Jun 2024 13:35:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1718804136; bh=/hcqL9FwP19LMfUqAroGcHsNZE8fztLdGrWqB+2MuU0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0n8cAb8mRtew+pMlgyLn4K+ZiWNMGVadm7RL3MzBDVL+uFTwMNMCljLxi3U1pshcL kcHHeFp1hDIpOzbmlaw+eSRFVUT4gD1RkNiCA+MzRcJsl/r8PUSJ+BXoz0HPfTwvvi 38QwA3i6nfKzg9Jg+u6w7TiTHGTGGHlsacr6TUEI= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Marc Dionne , David Howells , Gao Xiang , Chao Yu , Yue Hu , Jeffle Xu , linux-erofs@lists.ozlabs.org, netfs@lists.linux.dev, linux-fsdevel@vger.kernel.org Subject: [PATCH 6.1 207/217] cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode Date: Wed, 19 Jun 2024 14:57:30 +0200 Message-ID: <20240619125604.674196659@linuxfoundation.org> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240619125556.491243678@linuxfoundation.org> References: <20240619125556.491243678@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 6.1-stable review patch. If anyone has any objections, please let me know. ------------------ From: David Howells commit c3d6569a43322f371e7ba0ad386112723757ac8f upstream. cachefiles_ondemand_init_object() as called from cachefiles_open_file() and cachefiles_create_tmpfile() does not check if object->ondemand is set before dereferencing it, leading to an oops something like: RIP: 0010:cachefiles_ondemand_init_object+0x9/0x41 ... Call Trace: cachefiles_open_file+0xc9/0x187 cachefiles_lookup_cookie+0x122/0x2be fscache_cookie_state_machine+0xbe/0x32b fscache_cookie_worker+0x1f/0x2d process_one_work+0x136/0x208 process_scheduled_works+0x3a/0x41 worker_thread+0x1a2/0x1f6 kthread+0xca/0xd2 ret_from_fork+0x21/0x33 Fix this by making cachefiles_ondemand_init_object() return immediately if cachefiles->ondemand is NULL. Fixes: 3c5ecfe16e76 ("cachefiles: extract ondemand info field from cachefiles_object") Reported-by: Marc Dionne Signed-off-by: David Howells cc: Gao Xiang cc: Chao Yu cc: Yue Hu cc: Jeffle Xu cc: linux-erofs@lists.ozlabs.org cc: netfs@lists.linux.dev cc: linux-fsdevel@vger.kernel.org Signed-off-by: Greg Kroah-Hartman --- fs/cachefiles/ondemand.c | 3 +++ 1 file changed, 3 insertions(+) --- a/fs/cachefiles/ondemand.c +++ b/fs/cachefiles/ondemand.c @@ -611,6 +611,9 @@ int cachefiles_ondemand_init_object(stru struct fscache_volume *volume = object->volume->vcookie; size_t volume_key_size, cookie_key_size, data_len; + if (!object->ondemand) + return 0; + /* * CacheFiles will firstly check the cache file under the root cache * directory. If the coherency check failed, it will fallback to