headers
Robin Dong | 4 Jul 2012 11:32
Picon

[PATCH] vfs: check value of varaiable 'nd' before using its member

From: Robin Dong <sanbai <at> taobao.com>

When we using lookup_one_len() to search pathname component, it will call __lookup_hash()
with variable 'nd' as NULL :

	--> __lookup_hash ( nd = NULL )
		--> lookup_dcache
			--> d_invalidate
				--> proc_sys_revalidate

the proc_sys_revalidate will use 'nd->flags' before check whether its value is NULL.
This will cause kernel panic.

Therefore, we should adding check-code for filesystems which directly use nd->flags.

Signed-off-by: Robin Dong <sanbai <at> taobao.com>
---
 fs/9p/vfs_dentry.c    |    2 +-
 fs/afs/dir.c          |    2 +-
 fs/coda/dir.c         |    2 +-
 fs/hfs/sysdep.c       |    2 +-
 fs/ncpfs/dir.c        |    2 +-
 fs/nfs/dir.c          |    2 +-
 fs/proc/proc_sysctl.c |    2 +-
 fs/sysfs/dir.c        |    2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/fs/9p/vfs_dentry.c b/fs/9p/vfs_dentry.c
index d529437..2785900 100644
--- a/fs/9p/vfs_dentry.c
(Continue reading)

Permalink | Reply |
headers
Steven Whitehouse | 4 Jul 2012 11:39
Picon
Favicon

Re: [PATCH] vfs: check value of varaiable 'nd' before using its member

Hi,

On Wed, 2012-07-04 at 17:32 +0800, Robin Dong wrote:
> From: Robin Dong <sanbai <at> taobao.com>
> 
> When we using lookup_one_len() to search pathname component, it will call __lookup_hash()
> with variable 'nd' as NULL :
> 
> 	--> __lookup_hash ( nd = NULL )
> 		--> lookup_dcache
> 			--> d_invalidate
> 				--> proc_sys_revalidate
> 
> the proc_sys_revalidate will use 'nd->flags' before check whether its value is NULL.
> This will cause kernel panic.
> 
> Therefore, we should adding check-code for filesystems which directly use nd->flags.
> 
> Signed-off-by: Robin Dong <sanbai <at> taobao.com>

nd will very shortly no longer be passed to revalidate... see this patch
in Al's vfs git tree:

http://git.kernel.org/?p=linux/kernel/git/viro/vfs.git;a=commitdiff;h=282638cce7050592b3d6267ae08ea2573908998c#patch4

Steve.

> ---
>  fs/9p/vfs_dentry.c    |    2 +-
>  fs/afs/dir.c          |    2 +-
(Continue reading)

Permalink | Reply |
headers
Al Viro | 4 Jul 2012 20:30
Picon

Re: [PATCH] vfs: check value of varaiable 'nd' before using its member

On Wed, Jul 04, 2012 at 10:39:09AM +0100, Steven Whitehouse wrote:
> Hi,
> 
> On Wed, 2012-07-04 at 17:32 +0800, Robin Dong wrote:
> > From: Robin Dong <sanbai <at> taobao.com>
> > 
> > When we using lookup_one_len() to search pathname component, it will call __lookup_hash()
> > with variable 'nd' as NULL :
> > 
> > 	--> __lookup_hash ( nd = NULL )
> > 		--> lookup_dcache
> > 			--> d_invalidate
> > 				--> proc_sys_revalidate
> > 
> > the proc_sys_revalidate will use 'nd->flags' before check whether its value is NULL.
> > This will cause kernel panic.
> > 
> > Therefore, we should adding check-code for filesystems which directly use nd->flags.
> > 
> > Signed-off-by: Robin Dong <sanbai <at> taobao.com>
> 
> nd will very shortly no longer be passed to revalidate... see this patch
> in Al's vfs git tree:
> 

Not to mention that anyone who tries to export procfs over nfs deserves Bad Things(tm)
happening to them....

IOW, what the hell is your code trying to do?
--
(Continue reading)

Permalink | Reply |
headers
Dong Robin | 5 Jul 2012 04:22
Picon

Re: [PATCH] vfs: check value of varaiable 'nd' before using its member

2012/7/5 Al Viro <viro <at> zeniv.linux.org.uk>:
> On Wed, Jul 04, 2012 at 10:39:09AM +0100, Steven Whitehouse wrote:
>> Hi,
>>
>> On Wed, 2012-07-04 at 17:32 +0800, Robin Dong wrote:
>> > From: Robin Dong <sanbai <at> taobao.com>
>> >
>> > When we using lookup_one_len() to search pathname component, it will call __lookup_hash()
>> > with variable 'nd' as NULL :
>> >
>> >     --> __lookup_hash ( nd = NULL )
>> >             --> lookup_dcache
>> >                     --> d_invalidate
>> >                             --> proc_sys_revalidate
>> >
>> > the proc_sys_revalidate will use 'nd->flags' before check whether its value is NULL.
>> > This will cause kernel panic.
>> >
>> > Therefore, we should adding check-code for filesystems which directly use nd->flags.
>> >
>> > Signed-off-by: Robin Dong <sanbai <at> taobao.com>
>>
>> nd will very shortly no longer be passed to revalidate... see this patch
>> in Al's vfs git tree:
>>
>
> Not to mention that anyone who tries to export procfs over nfs deserves Bad Things(tm)
> happening to them....
>
> IOW, what the hell is your code trying to do?
(Continue reading)

Permalink | Reply |

Gmane