On Wed, Jun 1, 2022 at 8:55 AM David Howells <dhowells@xxxxxxxxxx> wrote:
>
> The recent patch to make afs_getattr consult the server didn't account for
> the pseudo-inodes employed by the dynamic root-type afs superblock not
> having a volume or a server to access, and thus an oops occurs if such a
> directory is stat'd.
>
> Fix this by checking to see if the vnode->volume pointer actually points
> anywhere before following it in afs_getattr().
>
> This can be tested by stat'ing a directory in /afs. It may be sufficient
> just to do "ls /afs" and the oops looks something like:
>
> BUG: kernel NULL pointer dereference, address: 0000000000000020
> ...
> RIP: 0010:afs_getattr+0x8b/0x14b
> ...
> Call Trace:
> <TASK>
> vfs_statx+0x79/0xf5
> vfs_fstatat+0x49/0x62
>
> Fixes: 2aeb8c86d499 ("afs: Fix afs_getattr() to refetch file status if callback break occurred")
> Reported-by: Marc Dionne <marc.dionne@xxxxxxxxxxxx>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
> cc: linux-afs@xxxxxxxxxxxxxxxxxxx
> ---
>
> fs/afs/inode.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/afs/inode.c b/fs/afs/inode.c
> index 30b066299d39..33ecbfea0199 100644
> --- a/fs/afs/inode.c
> +++ b/fs/afs/inode.c
> @@ -745,7 +745,8 @@ int afs_getattr(struct user_namespace *mnt_userns, const struct path *path,
>
> _enter("{ ino=%lu v=%u }", inode->i_ino, inode->i_generation);
>
> - if (!(query_flags & AT_STATX_DONT_SYNC) &&
> + if (vnode->volume &&
> + !(query_flags & AT_STATX_DONT_SYNC) &&
> !test_bit(AFS_VNODE_CB_PROMISED, &vnode->flags)) {
> key = afs_request_key(vnode->volume->cell);
> if (IS_ERR(key))
Reviewed-by: Marc Dionne <marc.dionne@xxxxxxxxxxxx>
Tested-by: Marc Dionne <marc.dionne@xxxxxxxxxxxx>
Marc
