Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp601435ybg; Wed, 3 Jun 2020 08:50:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxtPnjFegBf72AIEi6B6/y4VKp4lcWHz1fO+5CDdJ3fcN8FAXZmZE9u7auMwLCqx7FpzBhV X-Received: by 2002:a17:906:a88a:: with SMTP id ha10mr217430ejb.353.1591199408718; Wed, 03 Jun 2020 08:50:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591199408; cv=none; d=google.com; s=arc-20160816; b=0BP7EUAuHo8Q1R1QkIVBkNTHQ25VLuW8Z1KTiC8XbCSxosR04RWaOslFGcAcU5JpaB Qwg+3ec5HK5Wr5bRww6RmBTbgcPxMMlV0c+UeWgvlv5Ne8Am7CkEw65ZQHo175GELvoW 8ZrD+x8MywyxypQs30aWP1soy77ISCz6iPdSmZrP8KFP0VQDvNayu0wH+IAc3eFoZ1qt vxwxNMz5K3lHqn6XHBGVe00BWxwDtECBj9K9AchAYdGsNwY31PUxFWbrwj1MhBUu+h+d ZCodOypRAhAYuRP+Tc58ICNNNYfG3c0nyEg2/6bZ1317hLYLbCAv5tdVKJvahJKLysR9 oaxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=+A1m7KEsxTDs0CcZYirM72Nvt9zxwgfIwdQ/+5ndJFM=; b=anORoWw3ecglMyQvmlFxeX4qKRkIdF4Yi4EOXTuzSoCi9PMRIpJQYeqAx55BKBuxvj YT/N5QGLEof4+DUqHdjN0McGNsNWu3HmZLJOnxIYJTrvzKkrwVPIHf/bmUjO9EhW/cga PTMxLOqQHG4nzx2iTg2i5c2n4v3bcsZMVM9z/BfYRrbbv50b2eYU1pTxkbWG7TzEFhZ5 z8HPmtMQ4bnDOnNVPHm/gZXYPiLjuVIYRGQx+OD74KhdkewN7AOD2Cr8WD+WhBlZRY8l XgiytjGb+FhRQL5njHVBuwiJD/ISXiOYmfEiEIClyhOppdIblxztaADl43lC73oV6yVO +wvg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j26si1276402edf.489.2020.06.03.08.49.45; Wed, 03 Jun 2020 08:50:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726264AbgFCPqB (ORCPT + 99 others); Wed, 3 Jun 2020 11:46:01 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:56894 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725884AbgFCPqB (ORCPT ); Wed, 3 Jun 2020 11:46:01 -0400 Received: from 1.general.cking.uk.vpn ([10.172.193.212] helo=localhost) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jgVaZ-00052R-Na; Wed, 03 Jun 2020 15:45:59 +0000 From: Colin King To: Miklos Szeredi , linux-unionfs@vger.kernel.org Cc: kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH][next] ovl: fix null pointer dereference on null stack pointer on error return Date: Wed, 3 Jun 2020 16:45:59 +0100 Message-Id: <20200603154559.140418-1-colin.king@canonical.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Colin Ian King There are two error return paths where the call to path_put is dereferencing the null pointer 'stack'. Fix this by avoiding the error exit path via label 'out_err' that will lead to the path_put calls and instead just return the error code directly. Addresses-Coverity: ("Dereference after null check)" Fixes: 4155c10a0309 ("ovl: clean up getting lower layers") Signed-off-by: Colin Ian King --- fs/overlayfs/super.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index 1094836f7e31..4be1b041b32c 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -1594,20 +1594,18 @@ static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb, unsigned int i; struct ovl_entry *oe; - err = -EINVAL; if (!ofs->config.upperdir && numlower == 1) { pr_err("at least 2 lowerdir are needed while upperdir nonexistent\n"); - goto out_err; + return ERR_PTR(-EINVAL); } else if (!ofs->config.upperdir && ofs->config.nfs_export && ofs->config.redirect_follow) { pr_warn("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n"); ofs->config.nfs_export = false; } - err = -ENOMEM; stack = kcalloc(numlower, sizeof(struct path), GFP_KERNEL); if (!stack) - goto out_err; + return ERR_PTR(-ENOMEM); err = -EINVAL; for (i = 0; i < numlower; i++) { -- 2.25.1