From: ronnie sahlberg <ronniesahlberg@gmail.com>
To: David Disseldorp <ddiss@suse.de>
Cc: linux-cifs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
smfrench@gmail.com
Subject: Re: [PATCH] cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
Date: Thu, 30 Mar 2023 06:29:07 +1000 [thread overview]
Message-ID: <CAN05THRvaQ_8T3aMa-MZSniANizrqtO9UMJnhzZbfc4MPV3oyA@mail.gmail.com> (raw)
In-Reply-To: <20230329202406.15762-1-ddiss@suse.de>
reviewed-by me
On Thu, 30 Mar 2023 at 06:23, David Disseldorp <ddiss@suse.de> wrote:
>
> When compiled with CONFIG_CIFS_DFS_UPCALL disabled, cifs_dfs_d_automount
> NULL. cifs.ko logic for mapping CIFS_FATTR_DFS_REFERRAL attributes to
> S_AUTOMOUNT and corresponding dentry flags is retained regardless of
> CONFIG_CIFS_DFS_UPCALL, leading to a NULL pointer dereference in
> VFS follow_automount() when traversing a DFS referral link:
> BUG: kernel NULL pointer dereference, address: 0000000000000000
> ...
> Call Trace:
> <TASK>
> __traverse_mounts+0xb5/0x220
> ? cifs_revalidate_mapping+0x65/0xc0 [cifs]
> step_into+0x195/0x610
> ? lookup_fast+0xe2/0xf0
> path_lookupat+0x64/0x140
> filename_lookup+0xc2/0x140
> ? __create_object+0x299/0x380
> ? kmem_cache_alloc+0x119/0x220
> ? user_path_at_empty+0x31/0x50
> user_path_at_empty+0x31/0x50
> __x64_sys_chdir+0x2a/0xd0
> ? exit_to_user_mode_prepare+0xca/0x100
> do_syscall_64+0x42/0x90
> entry_SYSCALL_64_after_hwframe+0x72/0xdc
>
> This fix adds an inline cifs_dfs_d_automount() {return -EREMOTE} handler
> when CONFIG_CIFS_DFS_UPCALL is disabled. An alternative would be to
> avoid flagging S_AUTOMOUNT, etc. without CONFIG_CIFS_DFS_UPCALL. This
> approach was chosen as it provides more control over the error path.
>
> Signed-off-by: David Disseldorp <ddiss@suse.de>
> ---
> fs/cifs/cifsfs.h | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/fs/cifs/cifsfs.h b/fs/cifs/cifsfs.h
> index 71fe0a0a7992..415176b2cf32 100644
> --- a/fs/cifs/cifsfs.h
> +++ b/fs/cifs/cifsfs.h
> @@ -124,7 +124,10 @@ extern const struct dentry_operations cifs_ci_dentry_ops;
> #ifdef CONFIG_CIFS_DFS_UPCALL
> extern struct vfsmount *cifs_dfs_d_automount(struct path *path);
> #else
> -#define cifs_dfs_d_automount NULL
> +static inline struct vfsmount *cifs_dfs_d_automount(struct path *path)
> +{
> + return ERR_PTR(-EREMOTE);
> +}
> #endif
>
> /* Functions related to symlinks */
> --
> 2.35.3
>
next prev parent reply other threads:[~2023-03-29 20:29 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-29 20:24 [PATCH] cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL David Disseldorp
2023-03-29 20:29 ` ronnie sahlberg [this message]
[not found] ` <CAH2r5mtEXtRWbtf9OAzwWa2Wm6fUR+fZrU=OmtiP3E0VQpn+2w@mail.gmail.com>
2023-03-29 23:21 ` Fwd: " Steve French
2023-03-30 21:19 ` David Disseldorp
2023-03-30 22:42 ` Steve French
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAN05THRvaQ_8T3aMa-MZSniANizrqtO9UMJnhzZbfc4MPV3oyA@mail.gmail.com \
--to=ronniesahlberg@gmail.com \
--cc=ddiss@suse.de \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=smfrench@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.