Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1433870imm;
        Fri, 27 Jul 2018 18:00:14 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpdcwy46FeRhf9MmbB7rIjQiMnfctvnDspd7y2q1NjjbSFy7bYra7g/JQVQCyG6X+XPmKfIc
X-Received: by 2002:a17:902:8d98:: with SMTP id v24-v6mr7928866plo.250.1532739614498;
        Fri, 27 Jul 2018 18:00:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1532739614; cv=none;
        d=google.com; s=arc-20160816;
        b=COBGjB6jqS1M+5Uf6YeP5ZCrgyLdso6YCK0NHItT9hqDLLmE07vz6iip+9HV6yJX+E
         Cv4kaorbPfffm7DJF/S5zK1LhHBlc4jrTVWIi5L0i2EIBmqI75kRgBXQNZ2qJ67jaRIF
         HePaiDiKNpcYhx7isPFG9xoYkwHk27A+nh5E0JKFHpY0uwExS8OZnT+eNl1LMzAyHNHo
         65df7hEZKlp+dg7oHp+4E5fk5krpxzZqfMfq1aZkek82eFwL1MpTxLsH1swDstvRzHFT
         es/NnPLFycDHw3ZpJN5ef6nYd/rWPOQ1iiAQ2QC001svUaj5I5vws2eBxCqkJzz7bliz
         GVnQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:in-reply-to
         :mime-version:user-agent:date:message-id:from:cc:references:to
         :subject:arc-authentication-results;
        bh=nL3nHouJIdRd8byjxHq0IOtX+JNGwNOH1/pwj6Zr4VE=;
        b=MfAZHDVJhHOw2i796AQVrgkK7bg3dupmkCQtuluG4uZDHmKFlUGSK/QUty/Hzoym8i
         NKqbmNCECs2kJ0L0kQygqzVhIc3FF/RzJLzYiLLAt7sld9o76bRr6mPPuZzvIY8hiTh+
         TcBvp9xFiLqh4a/EK4D0vX04hfZqz/QgE8A7nTUD4UFL5milGGXxCHt33oOFH1tO+NH3
         CWUXstMfG8L5D6yqwNsQ6Ni2O18oO4pRC+7pB5JS3OqGfaa6Lo1URAU85RAoS0j3c7Hp
         gOr0Y/EFKA1GYUvwd0qXNqnScZYx0PGtxf+iGdAAf4eYB/oZLfQ1UWA1sVtrgZm2a+Gh
         EzaQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v84-v6si5389896pfd.71.2018.07.27.17.59.58;
        Fri, 27 Jul 2018 18:00:14 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2389228AbeG1CXe (ORCPT <rfc822;yxhlfx@gmail.com> + 99 others);
        Fri, 27 Jul 2018 22:23:34 -0400
Received: from szxga07-in.huawei.com ([45.249.212.35]:42103 "EHLO huawei.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S2388902AbeG1CXe (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 27 Jul 2018 22:23:34 -0400
Received: from DGGEMS401-HUB.china.huawei.com (unknown [172.30.72.58])
        by Forcepoint Email with ESMTP id 60618EFEBCDE6;
        Sat, 28 Jul 2018 08:59:06 +0800 (CST)
Received: from [10.177.253.249] (10.177.253.249) by smtp.huawei.com
 (10.3.19.201) with Microsoft SMTP Server id 14.3.382.0; Sat, 28 Jul 2018
 08:59:06 +0800
Subject: Re: [V9fs-developer] [PATCH] 9p: fix multiple
 NULL-pointer-dereferences
To:     Dominique Martinet <asmadeus@codewreck.org>,
        Tomas Bortoli <tomasbortoli@gmail.com>
References: <20180727110558.5479-1-tomasbortoli@gmail.com>
 <20180727153904.GA500@nautica>
CC:     <v9fs-developer@lists.sourceforge.net>,
        <syzkaller@googlegroups.com>, <davem@davemloft.net>,
        <linux-kernel@vger.kernel.org>, <netdev@vger.kernel.org>
From:   piaojun <piaojun@huawei.com>
Message-ID: <5B5BBFCE.50002@huawei.com>
Date:   Sat, 28 Jul 2018 08:58:54 +0800
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <20180727153904.GA500@nautica>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.177.253.249]
X-CFilter-Loop: Reflected
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Tomas & Dominique,

I could not recieve the original patch. Did the patch CC v9fs developer
maillist?

Thanks,
Jun

On 2018/7/27 23:39, Dominique Martinet wrote:
> Tomas Bortoli wrote on Fri, Jul 27, 2018:
>> Added checks to prevent GPFs from raising.
>>
>> Signed-off-by: Tomas Bortoli <tomasbortoli@gmail.com>
>> Reported-by: syzbot+1a262da37d3bead15c39@syzkaller.appspotmail.com
> 
> LGTM, I'll take this. Thanks!
> 
> Just a note for future patchs that have multiple versions, it's usually
> good to write in the subject [PATCH v2] (then v3 etc) so we can easily
> tell it's a new version.
> If the thread isn't too long I'd also recommend considering setting a
> reply-to to the previous patch so we can easily compare versions/write
> off old patches.
> 
>> ---
>>  net/9p/trans_fd.c     | 5 ++++-
>>  net/9p/trans_rdma.c   | 3 +++
>>  net/9p/trans_virtio.c | 3 +++
>>  net/9p/trans_xen.c    | 3 +++
>>  4 files changed, 13 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
>> index 964260265b13..e2ef3c782c53 100644
>> --- a/net/9p/trans_fd.c
>> +++ b/net/9p/trans_fd.c
>> @@ -945,7 +945,7 @@ p9_fd_create_tcp(struct p9_client *client, const char *addr, char *args)
>>  	if (err < 0)
>>  		return err;
>>  
>> -	if (valid_ipaddr4(addr) < 0)
>> +	if (addr == NULL || valid_ipaddr4(addr) < 0)
>>  		return -EINVAL;
>>  
>>  	csocket = NULL;
>> @@ -995,6 +995,9 @@ p9_fd_create_unix(struct p9_client *client, const char *addr, char *args)
>>  
>>  	csocket = NULL;
>>  
>> +	if (addr == NULL)
>> +		return -EINVAL;
>> +
>>  	if (strlen(addr) >= UNIX_PATH_MAX) {
>>  		pr_err("%s (%d): address too long: %s\n",
>>  		       __func__, task_pid_nr(current), addr);
>> diff --git a/net/9p/trans_rdma.c b/net/9p/trans_rdma.c
>> index 2649b2ebf961..2ab4574183c9 100644
>> --- a/net/9p/trans_rdma.c
>> +++ b/net/9p/trans_rdma.c
>> @@ -645,6 +645,9 @@ rdma_create_trans(struct p9_client *client, const char *addr, char *args)
>>  	struct rdma_conn_param conn_param;
>>  	struct ib_qp_init_attr qp_attr;
>>  
>> +	if (addr == NULL)
>> +		return -EINVAL;
>> +
>>  	/* Parse the transport specific mount options */
>>  	err = parse_opts(args, &opts);
>>  	if (err < 0)
>> diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c
>> index 06dcd3cc6a29..8ca356eb66bb 100644
>> --- a/net/9p/trans_virtio.c
>> +++ b/net/9p/trans_virtio.c
>> @@ -654,6 +654,9 @@ p9_virtio_create(struct p9_client *client, const char *devname, char *args)
>>  	int ret = -ENOENT;
>>  	int found = 0;
>>  
>> +	if (devname == NULL)
>> +		return -EINVAL;
>> +
>>  	mutex_lock(&virtio_9p_lock);
>>  	list_for_each_entry(chan, &virtio_chan_list, chan_list) {
>>  		if (!strncmp(devname, chan->tag, chan->tag_len) &&
>> diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c
>> index 2e2b8bca54f3..c2d54ac76bfd 100644
>> --- a/net/9p/trans_xen.c
>> +++ b/net/9p/trans_xen.c
>> @@ -94,6 +94,9 @@ static int p9_xen_create(struct p9_client *client, const char *addr, char *args)
>>  {
>>  	struct xen_9pfs_front_priv *priv;
>>  
>> +	if (addr == NULL)
>> +		return -EINVAL;
>> +
>>  	read_lock(&xen_9pfs_lock);
>>  	list_for_each_entry(priv, &xen_9pfs_devs, list) {
>>  		if (!strcmp(priv->tag, addr)) {
>