The patch titled
Subject: ext4: fix possible null pointer dereference
has been added to the -mm mm-nonmm-unstable branch. Its filename is
ext4-fix-possible-null-pointer-dereference.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/ext4-fix-possible-null-pointer-dereference.patch
This patch will later appear in the mm-nonmm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Ian Kent <raven@xxxxxxxxxx>
Subject: ext4: fix possible null pointer dereference
Date: Tue, 20 Sep 2022 15:26:23 +0800
Patch series "vfs: fix a mount table handling problem", v3.
Whenever a mount has an empty "source" (aka mnt_fsname), the glibc
function getmntent incorrectly parses its input, resulting in reporting
incorrect data to the caller.
The problem is that the get_mnt_entry() function in glibc's
misc/mntent_r.c assumes that leading whitespace on a line can always be
discarded because it will always be followed by a # for the case of a
comment or a non-whitespace character that's part of the value of the
first field. However, this assumption is violated when the value of the
first field is an empty string.
This is fixed in the mount API code by simply checking for a pointer that
contains a NULL and treating it as a NULL pointer.
This patch (of 2):
It could be the case that the file system parameter ->string value is NULL
rather than a zero length string.
Guard against this possibility in ext4_parse_param().
Link: https://lkml.kernel.org/r/166365872189.39016.10771273319597352356.stgit@xxxxxxxxxxxxxxxxx
Link: https://lkml.kernel.org/r/166365878336.39016.10934709128005232231.stgit@xxxxxxxxxxxxxxxxx
Signed-off-by: Ian Kent <raven@xxxxxxxxxx>
Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: Carlos Maiolino <cmaiolino@xxxxxxxxxx>
Cc: David Howells <dhowells@xxxxxxxxxx>
Cc: Miklos Szeredi <miklos@xxxxxxxxxx>
Cc: Siddhesh Poyarekar <siddhesh@xxxxxxxxxx>
Cc: Theodore Ts'o <tytso@xxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
fs/ext4/super.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/ext4/super.c~ext4-fix-possible-null-pointer-dereference
+++ a/fs/ext4/super.c
@@ -2099,12 +2099,12 @@ static int ext4_parse_param(struct fs_co
switch (token) {
#ifdef CONFIG_QUOTA
case Opt_usrjquota:
- if (!*param->string)
+ if (!param->string || !*param->string)
return unnote_qf_name(fc, USRQUOTA);
else
return note_qf_name(fc, USRQUOTA, param);
case Opt_grpjquota:
- if (!*param->string)
+ if (!param->string || !*param->string)
return unnote_qf_name(fc, GRPQUOTA);
else
return note_qf_name(fc, GRPQUOTA, param);
_
Patches currently in -mm which might be from raven@xxxxxxxxxx are
ext4-fix-possible-null-pointer-dereference.patch
vfs-parse-deal-with-zero-length-string-value.patch
