Christian Brauner <brauner@xxxxxxxxxx> writes: > On Thu, Feb 29, 2024 at 04:30:09PM +0000, Luis Henriques wrote: >> Now that parameters that have the flag 'fs_param_can_be_empty' set and >> their value is NULL are handled as 'flag' type, we need to properly check >> for empty (NULL) values. >> >> Signed-off-by: Luis Henriques <lhenriques@xxxxxxx> >> --- >> fs/ext4/super.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/fs/ext4/super.c b/fs/ext4/super.c >> index 0f931d0c227d..44ba2212dfb3 100644 >> --- a/fs/ext4/super.c >> +++ b/fs/ext4/super.c >> @@ -2183,12 +2183,12 @@ static int ext4_parse_param(struct fs_context *fc, struct fs_parameter *param) >> switch (token) { >> #ifdef CONFIG_QUOTA >> case Opt_usrjquota: >> - if (!*param->string) >> + if (!param->string) >> return unnote_qf_name(fc, USRQUOTA); > > I fail to understand how that can happen. Currently both of these > options are parsed as strings via: > > #define fsparam_string_empty(NAME, OPT) \ > __fsparam(fs_param_is_string, NAME, OPT, fs_param_can_be_empty, NULL) > > > So if someone sets fsconfig(..., FSCONFIG_SET_STRING, "usrquota", NULL, ...) > we give an immediate > > case FSCONFIG_SET_STRING: > if (!_key || !_value || aux) return -EINVAL; > > from fsconfig() so we know that param->string cannot be NULL. If that > were the case we'd NULL deref in fs_param_is_string(): > > int fs_param_is_string(struct p_log *log, const struct fs_parameter_spec *p, > struct fs_parameter *param, struct fs_parse_result *result) > { > if (param->type != fs_value_is_string || > (!*param->string && !(p->flags & fs_param_can_be_empty))) > > So you're check above seems wrong. If I'm mistaken, please explain, how > this can happen in detail. I hope my reply to the previous patch helps clarifying this issue (which is quite confusing, and I'm probably the confused one!). To summarize, fsconfig() will (or can) get this parameter as a flag, not as string. Cheers, -- Luís