The quilt patch titled
Subject: ext4: fix possible null pointer dereference
has been removed from the -mm tree. Its filename was
ext4-fix-possible-null-pointer-dereference.patch
This patch was dropped because an updated version will be merged
------------------------------------------------------
From: Ian Kent <raven@xxxxxxxxxx>
Subject: ext4: fix possible null pointer dereference
Date: Tue, 20 Sep 2022 15:26:23 +0800
Patch series "vfs: fix a mount table handling problem", v3.
Whenever a mount has an empty "source" (aka mnt_fsname), the glibc
function getmntent incorrectly parses its input, resulting in reporting
incorrect data to the caller.
The problem is that the get_mnt_entry() function in glibc's
misc/mntent_r.c assumes that leading whitespace on a line can always be
discarded because it will always be followed by a # for the case of a
comment or a non-whitespace character that's part of the value of the
first field. However, this assumption is violated when the value of the
first field is an empty string.
This is fixed in the mount API code by simply checking for a pointer that
contains a NULL and treating it as a NULL pointer.
This patch (of 2):
It could be the case that the file system parameter ->string value is NULL
rather than a zero length string.
Guard against this possibility in ext4_parse_param().
Link: https://lkml.kernel.org/r/166365872189.39016.10771273319597352356.stgit@xxxxxxxxxxxxxxxxx
Link: https://lkml.kernel.org/r/166365878336.39016.10934709128005232231.stgit@xxxxxxxxxxxxxxxxx
Signed-off-by: Ian Kent <raven@xxxxxxxxxx>
Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: Carlos Maiolino <cmaiolino@xxxxxxxxxx>
Cc: David Howells <dhowells@xxxxxxxxxx>
Cc: Miklos Szeredi <miklos@xxxxxxxxxx>
Cc: Siddhesh Poyarekar <siddhesh@xxxxxxxxxx>
Cc: Theodore Ts'o <tytso@xxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
fs/ext4/super.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/ext4/super.c~ext4-fix-possible-null-pointer-dereference
+++ a/fs/ext4/super.c
@@ -2099,12 +2099,12 @@ static int ext4_parse_param(struct fs_co
switch (token) {
#ifdef CONFIG_QUOTA
case Opt_usrjquota:
- if (!*param->string)
+ if (!param->string || !*param->string)
return unnote_qf_name(fc, USRQUOTA);
else
return note_qf_name(fc, USRQUOTA, param);
case Opt_grpjquota:
- if (!*param->string)
+ if (!param->string || !*param->string)
return unnote_qf_name(fc, GRPQUOTA);
else
return note_qf_name(fc, GRPQUOTA, param);
_
Patches currently in -mm which might be from raven@xxxxxxxxxx are
vfs-parse-deal-with-zero-length-string-value.patch
