Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1433870imm; Fri, 27 Jul 2018 18:00:14 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdcwy46FeRhf9MmbB7rIjQiMnfctvnDspd7y2q1NjjbSFy7bYra7g/JQVQCyG6X+XPmKfIc X-Received: by 2002:a17:902:8d98:: with SMTP id v24-v6mr7928866plo.250.1532739614498; Fri, 27 Jul 2018 18:00:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532739614; cv=none; d=google.com; s=arc-20160816; b=COBGjB6jqS1M+5Uf6YeP5ZCrgyLdso6YCK0NHItT9hqDLLmE07vz6iip+9HV6yJX+E Cv4kaorbPfffm7DJF/S5zK1LhHBlc4jrTVWIi5L0i2EIBmqI75kRgBXQNZ2qJ67jaRIF HePaiDiKNpcYhx7isPFG9xoYkwHk27A+nh5E0JKFHpY0uwExS8OZnT+eNl1LMzAyHNHo 65df7hEZKlp+dg7oHp+4E5fk5krpxzZqfMfq1aZkek82eFwL1MpTxLsH1swDstvRzHFT es/NnPLFycDHw3ZpJN5ef6nYd/rWPOQ1iiAQ2QC001svUaj5I5vws2eBxCqkJzz7bliz GVnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:cc:references:to :subject:arc-authentication-results; bh=nL3nHouJIdRd8byjxHq0IOtX+JNGwNOH1/pwj6Zr4VE=; b=MfAZHDVJhHOw2i796AQVrgkK7bg3dupmkCQtuluG4uZDHmKFlUGSK/QUty/Hzoym8i NKqbmNCECs2kJ0L0kQygqzVhIc3FF/RzJLzYiLLAt7sld9o76bRr6mPPuZzvIY8hiTh+ TcBvp9xFiLqh4a/EK4D0vX04hfZqz/QgE8A7nTUD4UFL5milGGXxCHt33oOFH1tO+NH3 CWUXstMfG8L5D6yqwNsQ6Ni2O18oO4pRC+7pB5JS3OqGfaa6Lo1URAU85RAoS0j3c7Hp gOr0Y/EFKA1GYUvwd0qXNqnScZYx0PGtxf+iGdAAf4eYB/oZLfQ1UWA1sVtrgZm2a+Gh EzaQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v84-v6si5389896pfd.71.2018.07.27.17.59.58; Fri, 27 Jul 2018 18:00:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389228AbeG1CXe (ORCPT + 99 others); Fri, 27 Jul 2018 22:23:34 -0400 Received: from szxga07-in.huawei.com ([45.249.212.35]:42103 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2388902AbeG1CXe (ORCPT ); Fri, 27 Jul 2018 22:23:34 -0400 Received: from DGGEMS401-HUB.china.huawei.com (unknown [172.30.72.58]) by Forcepoint Email with ESMTP id 60618EFEBCDE6; Sat, 28 Jul 2018 08:59:06 +0800 (CST) Received: from [10.177.253.249] (10.177.253.249) by smtp.huawei.com (10.3.19.201) with Microsoft SMTP Server id 14.3.382.0; Sat, 28 Jul 2018 08:59:06 +0800 Subject: Re: [V9fs-developer] [PATCH] 9p: fix multiple NULL-pointer-dereferences To: Dominique Martinet , Tomas Bortoli References: <20180727110558.5479-1-tomasbortoli@gmail.com> <20180727153904.GA500@nautica> CC: , , , , From: piaojun Message-ID: <5B5BBFCE.50002@huawei.com> Date: Sat, 28 Jul 2018 08:58:54 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <20180727153904.GA500@nautica> Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.177.253.249] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Tomas & Dominique, I could not recieve the original patch. Did the patch CC v9fs developer maillist? Thanks, Jun On 2018/7/27 23:39, Dominique Martinet wrote: > Tomas Bortoli wrote on Fri, Jul 27, 2018: >> Added checks to prevent GPFs from raising. >> >> Signed-off-by: Tomas Bortoli >> Reported-by: syzbot+1a262da37d3bead15c39@syzkaller.appspotmail.com > > LGTM, I'll take this. Thanks! > > Just a note for future patchs that have multiple versions, it's usually > good to write in the subject [PATCH v2] (then v3 etc) so we can easily > tell it's a new version. > If the thread isn't too long I'd also recommend considering setting a > reply-to to the previous patch so we can easily compare versions/write > off old patches. > >> --- >> net/9p/trans_fd.c | 5 ++++- >> net/9p/trans_rdma.c | 3 +++ >> net/9p/trans_virtio.c | 3 +++ >> net/9p/trans_xen.c | 3 +++ >> 4 files changed, 13 insertions(+), 1 deletion(-) >> >> diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c >> index 964260265b13..e2ef3c782c53 100644 >> --- a/net/9p/trans_fd.c >> +++ b/net/9p/trans_fd.c >> @@ -945,7 +945,7 @@ p9_fd_create_tcp(struct p9_client *client, const char *addr, char *args) >> if (err < 0) >> return err; >> >> - if (valid_ipaddr4(addr) < 0) >> + if (addr == NULL || valid_ipaddr4(addr) < 0) >> return -EINVAL; >> >> csocket = NULL; >> @@ -995,6 +995,9 @@ p9_fd_create_unix(struct p9_client *client, const char *addr, char *args) >> >> csocket = NULL; >> >> + if (addr == NULL) >> + return -EINVAL; >> + >> if (strlen(addr) >= UNIX_PATH_MAX) { >> pr_err("%s (%d): address too long: %s\n", >> __func__, task_pid_nr(current), addr); >> diff --git a/net/9p/trans_rdma.c b/net/9p/trans_rdma.c >> index 2649b2ebf961..2ab4574183c9 100644 >> --- a/net/9p/trans_rdma.c >> +++ b/net/9p/trans_rdma.c >> @@ -645,6 +645,9 @@ rdma_create_trans(struct p9_client *client, const char *addr, char *args) >> struct rdma_conn_param conn_param; >> struct ib_qp_init_attr qp_attr; >> >> + if (addr == NULL) >> + return -EINVAL; >> + >> /* Parse the transport specific mount options */ >> err = parse_opts(args, &opts); >> if (err < 0) >> diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c >> index 06dcd3cc6a29..8ca356eb66bb 100644 >> --- a/net/9p/trans_virtio.c >> +++ b/net/9p/trans_virtio.c >> @@ -654,6 +654,9 @@ p9_virtio_create(struct p9_client *client, const char *devname, char *args) >> int ret = -ENOENT; >> int found = 0; >> >> + if (devname == NULL) >> + return -EINVAL; >> + >> mutex_lock(&virtio_9p_lock); >> list_for_each_entry(chan, &virtio_chan_list, chan_list) { >> if (!strncmp(devname, chan->tag, chan->tag_len) && >> diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c >> index 2e2b8bca54f3..c2d54ac76bfd 100644 >> --- a/net/9p/trans_xen.c >> +++ b/net/9p/trans_xen.c >> @@ -94,6 +94,9 @@ static int p9_xen_create(struct p9_client *client, const char *addr, char *args) >> { >> struct xen_9pfs_front_priv *priv; >> >> + if (addr == NULL) >> + return -EINVAL; >> + >> read_lock(&xen_9pfs_lock); >> list_for_each_entry(priv, &xen_9pfs_devs, list) { >> if (!strcmp(priv->tag, addr)) { >