On Tue, Feb 11, 2025 at 10:52 AM <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > The patch below does not apply to the 6.12-stable tree. > If someone wants it applied there, or to any other stable or longterm > tree, then please email the backport, including the original git commit > id to <stable@xxxxxxxxxxxxxxx>. Attaching the backport. Thanks, Miklos
From 217e8215b874ffa5cced0922291e3c04a6fddf55 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi <mszeredi@xxxxxxxxxx> Date: Thu, 30 Jan 2025 13:15:00 +0100 Subject: [PATCH] statmount: let unset strings be empty Just like it's normal for unset values to be zero, unset strings should be empty instead of containing random values. It seems to be a typical mistake that the mask returned by statmount is not checked, which can result in various bugs. With this fix, these bugs are prevented, since it is highly likely that userspace would just want to turn the missing mask case into an empty string anyway (most of the recently found cases are of this type). Link: https://lore.kernel.org/all/CAJfpegsVCPfCn2DpM8iiYSS5DpMsLB8QBUCHecoj6s0Vxf4jzg@xxxxxxxxxxxxxx/ Fixes: 68385d77c05b ("statmount: simplify string option retrieval") Fixes: 46eae99ef733 ("add statmount(2) syscall") Cc: stable@xxxxxxxxxxxxxxx # v6.8 Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxxxxx> Link: https://lore.kernel.org/r/20250130121500.113446-1-mszeredi@xxxxxxxxxx Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx> Signed-off-by: Christian Brauner <brauner@xxxxxxxxxx> (cherry picked from commit e52e97f09fb66fd868260d05bd6b74a9a3db39ee) --- fs/namespace.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index 5ea644b679ad..e9c9f2195fef 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -5050,22 +5050,29 @@ static int statmount_string(struct kstatmount *s, u64 flag) size_t kbufsize; struct seq_file *seq = &s->seq; struct statmount *sm = &s->sm; + u32 start, *offp; + + /* Reserve an empty string at the beginning for any unset offsets */ + if (!seq->count) + seq_putc(seq, 0); + + start = seq->count; switch (flag) { case STATMOUNT_FS_TYPE: - sm->fs_type = seq->count; + offp = &sm->fs_type; ret = statmount_fs_type(s, seq); break; case STATMOUNT_MNT_ROOT: - sm->mnt_root = seq->count; + offp = &sm->mnt_root; ret = statmount_mnt_root(s, seq); break; case STATMOUNT_MNT_POINT: - sm->mnt_point = seq->count; + offp = &sm->mnt_point; ret = statmount_mnt_point(s, seq); break; case STATMOUNT_MNT_OPTS: - sm->mnt_opts = seq->count; + offp = &sm->mnt_opts; ret = statmount_mnt_opts(s, seq); break; default: @@ -5087,6 +5094,7 @@ static int statmount_string(struct kstatmount *s, u64 flag) seq->buf[seq->count++] = '\0'; sm->mask |= flag; + *offp = start; return 0; } -- 2.48.1
