Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp629353imm;
        Fri, 27 Jul 2018 03:21:17 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpf0mulguKxlBGr8qOHNylKzcizZ/sybMpr/Qc+s7oaZ3H8B28WYT+NUgxtsiUrHPIEK8l3b
X-Received: by 2002:a62:fc5:: with SMTP id 66-v6mr6043281pfp.237.1532686877639;
        Fri, 27 Jul 2018 03:21:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1532686877; cv=none;
        d=google.com; s=arc-20160816;
        b=x6QXiKuy4QSkYXQVlA3fY0CDkQ5MAdyoL0t5UEA2EjVPu1oL/GNSdtFPtuRXlyFvkp
         ag0QqCCHq5Fk3uaxoHHTp2ehAPuD6FcIo+DZFHZMZWcddyXQLyGmFxt6j0bD2v7/awft
         CYV+Tj4DcKx2my7iVxPX+AkCtL5MC6vZcdl2LRxBE9of17fVqxgL9QZ8zdA65beRPHxk
         WbZy6w5A2a/H2cUmF35/fQ2Z0daFbJxH3WKY0/BFunyBfSxzIE+lMLi0Kae0/mY/B/g5
         8O4+xfqi0k27YU5+NYH9yXcUNFH6OMXUDjHQNw3+SxxV1+9PNY8urJvyaTmeg/dkRYti
         E4cQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=kqhe5/J3tTn/Za0w7kcOWAK2KSjhQ/tjb+ybn+FYwjk=;
        b=R5XZ4ZOpx1nXNzDut/AFHFe5YyFEDGTCy8nHK/e6bNfr2TF385mvIYjpPtI+961CtQ
         3DR1n7AL+mqDsTnmTCS/Ym1R8lH/8pJ09xUlfU2nVaVUcckqx9fYpBTqe28ODmWwnkSk
         0UVvgkRY26bM0Kr1bMoqBep7zpfz6U5HQdCqq3GXeVgBC65yhi62IitMgbO6ns92zNoF
         Nsa4Gg2ebt7O44FlvPUamsUvc3jC7Y4mUFkuB6gvZYiqC4cmIWek2CNn6VEFz0Esuytj
         3P447eIhrUEqh1t3PeUn/r2cwbU3CFf167e7FWJOPD5CldlTVelGP8RKJBOLXMhEros3
         PH1g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=BCVSA1jn;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e9-v6si3558360pgg.330.2018.07.27.03.21.00;
        Fri, 27 Jul 2018 03:21:17 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=BCVSA1jn;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731134AbeG0Lkj (ORCPT <rfc822;kernelgary@gmail.com>
        + 99 others); Fri, 27 Jul 2018 07:40:39 -0400
Received: from mail-lf1-f67.google.com ([209.85.167.67]:46484 "EHLO
        mail-lf1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1729547AbeG0Lkj (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 27 Jul 2018 07:40:39 -0400
Received: by mail-lf1-f67.google.com with SMTP id l16-v6so3179360lfc.13;
        Fri, 27 Jul 2018 03:19:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=kqhe5/J3tTn/Za0w7kcOWAK2KSjhQ/tjb+ybn+FYwjk=;
        b=BCVSA1jn7T0y6E4KywM9ITF3++vP1pSv6Df+b4sh3NhLm+hrELiLWltk5zmPGWEX74
         fQlWC3IlMXyfm82gd/9c9qXkUFdGP1it5V5OjwZQsnaaX44pKxyeoTIIcqvUwYy/h9z3
         5/6aThTFj+QczXQNAN/JsdfPtumi4zaC4IEv+YMwVqtnjMquF0+p+cMFyyBsO6558Ye4
         VUvR80fDqUUUA+w4qqQkuzUOZDURfzHEjKrfpZiAmGlW3Qo1Mcyy86CsIv3QZj8/Yomg
         WIkTLOBcS2btXroCHyvKzCuRsPcT5lNDLpabVdaH1nk1gTM5NZjiWcltmTgGYrI7dMWV
         qdOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=kqhe5/J3tTn/Za0w7kcOWAK2KSjhQ/tjb+ybn+FYwjk=;
        b=KRaaU9bOw8zstxFR18rznFeubVtQE9AB7EUMG08Qoe/WjshVGge2M/Ke2g2Xd815SS
         qAOYz+Ff7wIsaDT+F1nWv+hbPT/5B+q3VY/y+TRpGCaR/83xVXKpwhYUPwWXPgaYDpvl
         JRdZIFXGBg8/ysEFNNtiNFCC598+9MEKRnOiRu6p0zH11m0Z0458hahDpUgLddiE97Ja
         u5bAsu7aPGBu9/4qi3Yvfw5MiMlYrWkqf+fxo3bNBJUgzTFmq2Lwi6yOaFhZ9pucObCt
         GeEO92W0xi5Bm+ocLdJzcM6acjqlllmNeGWgduYh5NlfgslhtphP3IeW3ChnhSJ1haFp
         Wmqw==
X-Gm-Message-State: AOUpUlGgcmZAjSVuYGEghsAEvu+fCw8B3pqKCUjZaBSdQ3nHKDvYrNa2
        nwtRc7R0eAGo1e72oxsriJM=
X-Received: by 2002:a19:c954:: with SMTP id z81-v6mr3514481lff.107.1532686762365;
        Fri, 27 Jul 2018 03:19:22 -0700 (PDT)
Received: from debian-tom.lan ([2001:2012:22e:1b00:f2e2:9015:9262:3fde])
        by smtp.gmail.com with ESMTPSA id g28-v6sm494723lfh.92.2018.07.27.03.19.21
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 27 Jul 2018 03:19:21 -0700 (PDT)
From:   Tomas Bortoli <tomasbortoli@gmail.com>
To:     ericvh@gmail.com, rminnich@sandia.gov, lucho@ionkov.net
Cc:     asmadeus@codewreck.org, davem@davemloft.net,
        v9fs-developer@lists.sourceforge.net, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org, syzkaller@googlegroups.com,
        Tomas Bortoli <tomasbortoli@gmail.com>
Subject: [PATCH] 9p: fix multiple NULL-pointer-dereferences
Date:   Fri, 27 Jul 2018 12:19:15 +0200
Message-Id: <20180727101915.4191-1-tomasbortoli@gmail.com>
X-Mailer: git-send-email 2.11.0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Added checks to prevent GPFs from raising.

Signed-off-by: Tomas Bortoli <tomasbortoli@gmail.com>
---
 net/9p/trans_fd.c     | 5 ++++-
 net/9p/trans_rdma.c   | 3 +++
 net/9p/trans_virtio.c | 3 +++
 net/9p/trans_xen.c    | 3 +++
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
index 964260265b13..e2ef3c782c53 100644
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -945,7 +945,7 @@ p9_fd_create_tcp(struct p9_client *client, const char *addr, char *args)
 	if (err < 0)
 		return err;
 
-	if (valid_ipaddr4(addr) < 0)
+	if (addr == NULL || valid_ipaddr4(addr) < 0)
 		return -EINVAL;
 
 	csocket = NULL;
@@ -995,6 +995,9 @@ p9_fd_create_unix(struct p9_client *client, const char *addr, char *args)
 
 	csocket = NULL;
 
+	if (addr == NULL)
+		return -EINVAL;
+
 	if (strlen(addr) >= UNIX_PATH_MAX) {
 		pr_err("%s (%d): address too long: %s\n",
 		       __func__, task_pid_nr(current), addr);
diff --git a/net/9p/trans_rdma.c b/net/9p/trans_rdma.c
index 2649b2ebf961..2ab4574183c9 100644
--- a/net/9p/trans_rdma.c
+++ b/net/9p/trans_rdma.c
@@ -645,6 +645,9 @@ rdma_create_trans(struct p9_client *client, const char *addr, char *args)
 	struct rdma_conn_param conn_param;
 	struct ib_qp_init_attr qp_attr;
 
+	if (addr == NULL)
+		return -EINVAL;
+
 	/* Parse the transport specific mount options */
 	err = parse_opts(args, &opts);
 	if (err < 0)
diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c
index 06dcd3cc6a29..8ca356eb66bb 100644
--- a/net/9p/trans_virtio.c
+++ b/net/9p/trans_virtio.c
@@ -654,6 +654,9 @@ p9_virtio_create(struct p9_client *client, const char *devname, char *args)
 	int ret = -ENOENT;
 	int found = 0;
 
+	if (devname == NULL)
+		return -EINVAL;
+
 	mutex_lock(&virtio_9p_lock);
 	list_for_each_entry(chan, &virtio_chan_list, chan_list) {
 		if (!strncmp(devname, chan->tag, chan->tag_len) &&
diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c
index 2e2b8bca54f3..c2d54ac76bfd 100644
--- a/net/9p/trans_xen.c
+++ b/net/9p/trans_xen.c
@@ -94,6 +94,9 @@ static int p9_xen_create(struct p9_client *client, const char *addr, char *args)
 {
 	struct xen_9pfs_front_priv *priv;
 
+	if (addr == NULL)
+		return -EINVAL;
+
 	read_lock(&xen_9pfs_lock);
 	list_for_each_entry(priv, &xen_9pfs_devs, list) {
 		if (!strcmp(priv->tag, addr)) {
-- 
2.11.0