Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp506401imm;
        Thu, 26 Jul 2018 07:23:26 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpcgM2CfucguGaTbTDx5qukXdCXaFwOuwPdCeJaCZFRCl8rC/b/87AMk2YCYNE3LAToyXf31
X-Received: by 2002:a63:5f50:: with SMTP id t77-v6mr2070412pgb.300.1532615006410;
        Thu, 26 Jul 2018 07:23:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1532615006; cv=none;
        d=google.com; s=arc-20160816;
        b=hhgQTmHw4zhPHLpyrIZc31KZjK8rtIXzAKUFZHKDhxdQdANDGiSqVavQ1jkSR0PaMd
         XXyIcacCfHb6gQl0NqP2fAunAr5PWeshdo8gA4JaXYex714cOB2Zzyso4XYlyTEyA1hO
         l4WQUwOppDD2bxmbgRAjwr3dMCB4sKcBRdBXAtHavjII+yx9QOdnJ54h/l9eiQkqSo06
         LM+yuTvMzKdRvtPDEu3AcF3zNrxPv9zzsN7lEcgCgVnloBFCzR8unH+uaApMayPwOtIl
         xVuUfaxbkd9JwM9vuZfAOctBCrFGcf6b0EFRmgBn+3jDk0m/aWKBvn8fGruXP+c3UcCO
         VNRA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=S5ilWoaa3Ilv18XbyWTOAqrhh+fiaATHOpeCvZhn+o4=;
        b=kjlg2zHFMBlBVQspCxhhNer/8+GhngDD2NaCpu/rgJR65+6Gatv7SUAw+HOmTC8ovP
         JWyBKDmYH54V49ZJHnk5ouGCMoL3zLaoT47BWLTkE7CYtgm3jLAbWE4P/sPBYZxKPsfh
         bMmC9V+M8Gnq4SCcTvzF+i9ryDuY8Ghj4Q+UIFgr/h0CFlIshkaSWs5rFiX55zbPsC4m
         KRREs2xAOGdhl63G+gwTZdi6tOc+hN2Hbtu6XEi9JnSKDtisA13ieuc3WEnbsRVq9K1B
         vFY+o00SMLcneeO4hHK5maHwPeMflBGxj+VTWvxHYT7yUsV2Vb9YCLn9uU5oHZs+5nkz
         abqw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z4-v6si1220847pgp.580.2018.07.26.07.23.11;
        Thu, 26 Jul 2018 07:23:26 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731422AbeGZPia (ORCPT <rfc822;ttoukan.linux@gmail.com>
        + 99 others); Thu, 26 Jul 2018 11:38:30 -0400
Received: from nautica.notk.org ([91.121.71.147]:45680 "EHLO nautica.notk.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1730352AbeGZPia (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 26 Jul 2018 11:38:30 -0400
Received: by nautica.notk.org (Postfix, from userid 1001)
        id 0FB13C009; Thu, 26 Jul 2018 16:21:24 +0200 (CEST)
Date:   Thu, 26 Jul 2018 16:21:09 +0200
From:   Dominique Martinet <asmadeus@codewreck.org>
To:     Tomas Bortoli <tomasbortoli@gmail.com>
Cc:     Dmitry Vyukov <dvyukov@google.com>,
        David Miller <davem@davemloft.net>,
        v9fs-developer@lists.sourceforge.net,
        netdev <netdev@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        syzkaller <syzkaller@googlegroups.com>
Subject: Re: [PATCH] 9p: fix NULL pointer dereferences
Message-ID: <20180726142109.GA4235@nautica>
References: <20180726081049.10527-1-tomasbortoli@gmail.com>
 <20180726081727.GA6699@nautica>
 <CACT4Y+ark+0EYSZaOX-qDKpOkyfLgSO9CkidZzx=xkUuhpr65A@mail.gmail.com>
 <20180726094849.GA18334@nautica>
 <abbeafa2-9008-5749-aee5-b4a115d71af7@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <abbeafa2-9008-5749-aee5-b4a115d71af7@gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Tomas Bortoli wrote on Thu, Jul 26, 2018:
>> But I think trans=fd allows NULL addr today, no?
> 
> How ?

Just using the mount syscall with a NULL dev_name? I haven't checked
this syzcaller reproducer but it's probably what it does.

p9_fd_create doesn't use 'addr' at all so it's safe to create a 9p mount
for trans=fd with no device name, as Dmitry pointed out


> > On the other hand, virtio, rdma and xen all have the same problem, so
> > Thomas, please fix them instead :)
> 
> So just by patching v9fs_mount ?

If we want to preserve the current behaviour for trans=fd (and I don't
see why not) we just have to patch all the transports that use the
device, that is all .create functions but p9_fd_create()

Basically exactly what you did, just for a few more functions - I
apparently was a little bit too optimistic thinking we could share
this check.

-- 
Dominique