Re: [PATCH v4.14.y] autofs: fix autofs_sbi() does not check super block type

Guenter Roeck <groeck@xxxxxxxxxx> · Thu, 30 Aug 2018 10:27:44 -0700

On Thu, Aug 30, 2018 at 10:03 AM Zubin Mithra <zsm@xxxxxxxxxxxx> wrote:
>
> From: Ian Kent <raven@xxxxxxxxxx>
>
> commit 0633da48f0793aeba27f82d30605624416723a91 upstream.
>
> autofs_sbi() does not check the superblock magic number to verify it has
> been given an autofs super block.
>
> Backport Note: autofs4 has been renamed to autofs upstream. As a result
> the upstream patch does not apply cleanly onto 4.14.y.
>
> Change-Id: I7194ca9b851fba81f0e20cc4873717ceccaa0b27

You'll have to drop the gerrit-isms ...

> Link: http://lkml.kernel.org/r/153475422934.17131.7563724552005298277.stgit@xxxxxxxxxxxxxxxx
> Reported-by: <syzbot+87c3c541582e56943277@xxxxxxxxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Ian Kent <raven@xxxxxxxxxx>
> Reviewed-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Zubin Mithra <zsm@xxxxxxxxxxxx>
> ---
>  fs/autofs4/autofs_i.h | 4 +++-
>  fs/autofs4/inode.c    | 1 -
>  2 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/fs/autofs4/autofs_i.h b/fs/autofs4/autofs_i.h
> index 4737615f0eaa..ce696d6c4641 100644
> --- a/fs/autofs4/autofs_i.h
> +++ b/fs/autofs4/autofs_i.h
> @@ -26,6 +26,7 @@
>  #include <linux/list.h>
>  #include <linux/completion.h>
>  #include <asm/current.h>
> +#include <linux/magic.h>
>
>  /* This is the range of ioctl() numbers we claim as ours */
>  #define AUTOFS_IOC_FIRST     AUTOFS_IOC_READY
> @@ -124,7 +125,8 @@ struct autofs_sb_info {
>
>  static inline struct autofs_sb_info *autofs4_sbi(struct super_block *sb)
>  {
> -       return (struct autofs_sb_info *)(sb->s_fs_info);
> +       return sb->s_magic != AUTOFS_SUPER_MAGIC ?
> +               NULL : (struct autofs_sb_info *)(sb->s_fs_info);
>  }
>
>  static inline struct autofs_info *autofs4_dentry_ino(struct dentry *dentry)
> diff --git a/fs/autofs4/inode.c b/fs/autofs4/inode.c
> index 09e7d68dff02..3c7e727612fa 100644
> --- a/fs/autofs4/inode.c
> +++ b/fs/autofs4/inode.c
> @@ -14,7 +14,6 @@
>  #include <linux/pagemap.h>
>  #include <linux/parser.h>
>  #include <linux/bitops.h>
> -#include <linux/magic.h>
>  #include "autofs_i.h"
>  #include <linux/module.h>
>
> --
> 2.19.0.rc0.228.g281dcd1b4d0-goog
>