According to commit "vfs: parse: deal with zero length string value", kernel will set the param->string to null pointer in vfs_parse_fs_string() if fs string has zero length. Yet the problem is that, when fs parses its mount parameters, it will dereferences the param->string, without checking whether it is a null pointer, which may trigger a null-ptr-deref bug. So this patchset reviews all functions for fs to parse parameters, by using `git grep -n "\.parse_param" fs/*`, and adds sanity check on param->string if its function will dereference param->string without check. Hawkins Jiawei (5): smb3: fix possible null-ptr-deref when parsing param nfs: fix possible null-ptr-deref when parsing param ceph: fix possible null-ptr-deref when parsing param gfs2: fix possible null-ptr-deref when parsing param proc: fix possible null-ptr-deref when parsing param fs/ceph/super.c | 3 +++ fs/cifs/fs_context.c | 58 +++++++++++++++++++++++++++++++++++++++++++- fs/gfs2/ops_fstype.c | 10 ++++++++ fs/nfs/fs_context.c | 6 +++++ fs/proc/root.c | 3 +++ 5 files changed, 79 insertions(+), 1 deletion(-) -- 2.25.1
