Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
MIME-Version: 1.0
In-Reply-To: <20180726094849.GA18334@nautica>
References: <20180726081049.10527-1-tomasbortoli@gmail.com>
 <20180726081727.GA6699@nautica> <CACT4Y+ark+0EYSZaOX-qDKpOkyfLgSO9CkidZzx=xkUuhpr65A@mail.gmail.com>
 <20180726094849.GA18334@nautica>
From:   sqweek <sqweek@gmail.com>
Date:   Thu, 26 Jul 2018 22:48:50 +0800
Message-ID: <CAM104AUnMsQvH7VPMhZcGK+3UTiXT3MiahwfkGeN7Sj1CpQfCQ@mail.gmail.com>
Subject: Re: [V9fs-developer] [PATCH] 9p: fix NULL pointer dereferences
To:     Dominique Martinet <asmadeus@codewreck.org>
Cc:     Dmitry Vyukov <dvyukov@google.com>,
        netdev <netdev@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        syzkaller <syzkaller@googlegroups.com>,
        V9FS Developers <v9fs-developer@lists.sourceforge.net>,
        Tomas Bortoli <tomasbortoli@gmail.com>,
        David Miller <davem@davemloft.net>
Content-Type: multipart/alternative; boundary="000000000000e261cb0571e817f5"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

--000000000000e261cb0571e817f5
Content-Type: text/plain; charset="UTF-8"

On 26 July 2018 at 17:48, Dominique Martinet <asmadeus@codewreck.org> wrote:

> Dmitry Vyukov wrote on Thu, Jul 26, 2018:
> > > Let's refuse that at much higher level, like v9fs_mount() in
> > > fs/9p/vfs_super.c
> > >
> > > I can't think of any valid reason for dev_name to be NULL, it's the
> > > target IP or virtio handle.
> >
> > But I think trans=fd allows NULL addr today, no?
>
> Ah, right, I read the patch too fast and read unix_create as fd_create,
> I never realized there was a unix_create variant...
>
> fd legitimately doesn't need a name, you are correct.
>
> I'm really curious if anyone ever uses the unix/fd variants for "real"
> stuff though!


I definitely used the unix variant for mounting plan9port servers (which
all listen for 9p requests via unix sockets).

A long time ago I also experimented with mounting p9p servers from remote
machines and I think I might have combined socat with -o trans=fd at one
point. But I gave up on it in the end because having a process blocked in
read() was preventing my laptop from going to sleep for the duration. And
since I was trying to read /event type files the Tread could block for
quite some time if no events were posted.

I believe 9pfuse had the same issue, so the problem be deeper than v9fs.
But anyway I'm on quite a tangent already so I'll stop distracting you all
from the work at hand. It's been nice to see 9p still kicking recently! :)


> (not meaning syzbot isn't real, but I have yet to see
> anything take advantage of this, even if I could imagine some fun
> applications by piping the wmii libixp server socket..
>

Wait woahhhhh, there's another wmii user left? I thought I was the last one!
-sqweek

--000000000000e261cb0571e817f5
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On 26 July 2018 at 17:48, Dominique Martinet <span dir=3D"=
ltr">&lt;<a href=3D"mailto:asmadeus@codewreck.org" target=3D"_blank">asmade=
us@codewreck.org</a>&gt;</span> wrote:<br><div class=3D"gmail_extra"><div c=
lass=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 =
0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=3D"">Dmitry=
 Vyukov wrote on Thu, Jul 26, 2018:<br>
&gt; &gt; Let&#39;s refuse that at much higher level, like v9fs_mount() in<=
br>
&gt; &gt; fs/9p/vfs_super.c<br>
&gt; &gt;<br>
&gt; &gt; I can&#39;t think of any valid reason for dev_name to be NULL, it=
&#39;s the<br>
&gt; &gt; target IP or virtio handle.<br>
&gt; <br>
&gt; But I think trans=3Dfd allows NULL addr today, no?<br>
<br>
</span>Ah, right, I read the patch too fast and read unix_create as fd_crea=
te,<br>
I never realized there was a unix_create variant...<br>
<br>
fd legitimately doesn&#39;t need a name, you are correct.<br>
<br>
I&#39;m really curious if anyone ever uses the unix/fd variants for &quot;r=
eal&quot;<br>
stuff though! </blockquote><div><br></div><div>
<div>I definitely used the unix variant for mounting plan9port servers (whi=
ch all listen for 9p requests via unix sockets).</div><div><br></div><div>A
 long time ago I also experimented with mounting p9p servers from remote
 machines and I think I might have combined socat with -o trans=3Dfd at=20
one point. But I gave up on it in the end because having a process blocked =
in read() was preventing my laptop from going to sleep for the duration. An=
d since I was trying to read /event type files the Tread could block for qu=
ite some time if no events were posted.</div><div><br></div><div>I believe =
9pfuse had the same issue, so the problem be deeper than v9fs. But anyway I=
&#39;m on quite a tangent already so I&#39;ll stop distracting you all from=
 the work at hand. It&#39;s been nice to see 9p still kicking recently! :)<=
br></div>

=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bo=
rder-left:1px #ccc solid;padding-left:1ex">(not meaning syzbot isn&#39;t re=
al, but I have yet to see<br>
anything take advantage of this, even if I could imagine some fun<br>
applications by piping the wmii libixp server socket.. <br></blockquote><di=
v><br></div><div>Wait woahhhhh, there&#39;s another wmii user left? I thoug=
ht I was the last one!</div><div>-sqweek<br></div><div><br></div><br></div>=
</div></div>

--000000000000e261cb0571e817f5--