All of lore.kernel.org
 help / color / mirror / Atom feed
From: Edward Adam Davis <eadavis@qq.com>
To: raven@themaw.net
Cc: autofs@vger.kernel.org, eadavis@qq.com,
	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+662f87a8ef490f45fa64@syzkaller.appspotmail.com,
	syzkaller-bugs@googlegroups.com
Subject: [PATCH V2] autofs: fix null ptr deref in autofs_fill_super
Date: Tue, 14 Nov 2023 13:48:59 +0800	[thread overview]
Message-ID: <tencent_A9BA25BB3A335C9EEB1B224B691B4B254708@qq.com> (raw)
In-Reply-To: <4fcf49456c32087f5306e84c4a8df5b2bd9f4146.camel@themaw.net>

[Syz logs]
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 5098 Comm: syz-executor.0 Not tainted 6.6.0-syzkaller-15601-g4bbdb725a36b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
RIP: 0010:autofs_fill_super+0x47d/0xb50 fs/autofs/inode.c:334

[pid  5095] mount(NULL, "./file1", "autofs", 0, "fd=0x0000000000000000") = -1 ENOMEM (Cannot allocate memory)

[Analysis]
autofs_get_inode() will return null, when memory cannot be allocated.

[Fix]
Confirm that root_inode is not null before using it.

Reported-and-tested-by: syzbot+662f87a8ef490f45fa64@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
---
 fs/autofs/inode.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/autofs/inode.c b/fs/autofs/inode.c
index a5083d447a62..f2e89a444edf 100644
--- a/fs/autofs/inode.c
+++ b/fs/autofs/inode.c
@@ -331,6 +331,9 @@ static int autofs_fill_super(struct super_block *s, struct fs_context *fc)
 		goto fail;
 
 	root_inode = autofs_get_inode(s, S_IFDIR | 0755);
+	if (!root_inode)
+		goto fail_ino;
+
 	root_inode->i_uid = ctx->uid;
 	root_inode->i_gid = ctx->gid;
 
-- 
2.25.1


  parent reply	other threads:[~2023-11-14  5:49 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-11-14  1:02 [syzbot] [autofs?] general protection fault in autofs_fill_super syzbot
2023-11-14  2:17 ` [syzbot] [PATCH] Test np " syzbot
2023-11-14  3:52 ` [PATCH] autofs: fix null deref " Edward Adam Davis
2023-11-14  4:25   ` Ian Kent
2023-11-14  4:41     ` Al Viro
2023-11-14  8:30       ` Ian Kent
2023-11-14 15:26         ` Al Viro
2023-11-15  0:18           ` Ian Kent
2023-11-15  0:35             ` Al Viro
2023-11-15  1:06               ` Ian Kent
2023-11-14  5:48     ` Edward Adam Davis [this message]
2023-11-16  9:51 ` [syzbot] [autofs?] general protection fault " syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=tencent_A9BA25BB3A335C9EEB1B224B691B4B254708@qq.com \
    --to=eadavis@qq.com \
    --cc=autofs@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=raven@themaw.net \
    --cc=syzbot+662f87a8ef490f45fa64@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.