Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp653463ybg; Wed, 3 Jun 2020 10:02:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz2sSUXtgRodL5DvPtREIWr+6z3I8aNwploO3Ic1MaF+nBzYN79mYOD6g9zV5+UQO7Pixjq X-Received: by 2002:a17:907:441c:: with SMTP id om20mr270020ejb.62.1591203721959; Wed, 03 Jun 2020 10:02:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591203721; cv=none; d=google.com; s=arc-20160816; b=TF6HaOyB6Z3jTvi4ehVI4kFisolE9O5ee18GVVafdT4NT36ziSGrLOt0PGAnFiBw7Y Fb3+hzw6nQVYZMgJzL9jYNe5ixRfnw1ZVjgU/LFD2++V+2WRnm6h7DoSvJym76L6Gt2u BlU5S8Z1JicoJ7HRHNiJ+YLFaUSljDUYllNzHx+yii+ptoV4dmMHDTS7OXLq4DBPUEB/ k0TXzExWxBh7JOVI1gniK9BmbU2LCpsr3l14fWw/45bkcmMoZxN43waso5i/qgGFhI0j DCSwIoc57GNSuelA2GAOJTdLRfd5VOI+GtpkF4GZc7AzXQcW3VS/pno/ieUGEww/u9DF Bh6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:from:references:cc:to:subject; bh=EVqJEsuwjNqQirF0KMUPSuKG7OJaZH/mSD3gmxN65UQ=; b=nHwjwIsfTrNtT3bqqZboUNKatEAORZJ3sPNL5DuLB8GiYFXk9mEHXDiGaY9p9Q6HVA PBivWcO1qAn7dfuki7avxSGnfv33a9ajgf1CJ8m36HJAYAHplsxQMeN7GX+RkryBW3Fl hlQL0Y/RUD571YErcDTwh+NdXTR67AYtC62ngWSP5/udrx7q59FJF9q2OBjYiqyHR6un 5Y2NPH+1LR1BR2RKfZDrlX9cXu3aYQ9+iX376s1y9uXghHhx2M6NTcJ7XFrbEqgzta9y mvbDD5TxOkF3JB2je/aABMaol3rufsiElQA3VQQufsWhnOK5K/92eM/DvSVW0wIg17+i ORnA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n4si69320ejz.569.2020.06.03.10.01.37; Wed, 03 Jun 2020 10:02:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726050AbgFCQPe (ORCPT + 99 others); Wed, 3 Jun 2020 12:15:34 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:58271 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725854AbgFCQPe (ORCPT ); Wed, 3 Jun 2020 12:15:34 -0400 Received: from 1.general.cking.uk.vpn ([10.172.193.212]) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jgW39-0007KL-Bj; Wed, 03 Jun 2020 16:15:31 +0000 Subject: Re: [PATCH][next] ovl: fix null pointer dereference on null stack pointer on error return To: Amir Goldstein Cc: Miklos Szeredi , overlayfs , kernel-janitors@vger.kernel.org, linux-kernel References: <20200603154559.140418-1-colin.king@canonical.com> From: Colin Ian King Autocrypt: addr=colin.king@canonical.com; prefer-encrypt=mutual; keydata= mQINBE6TJCgBEACo6nMNvy06zNKj5tiwDsXXS+LhT+LwtEsy9EnraKYXAf2xwazcICSjX06e fanlyhB0figzQO0n/tP7BcfMVNG7n1+DC71mSyRK1ZERcG1523ajvdZOxbBCTvTitYOy3bjs +LXKqeVMhK3mRvdTjjmVpWnWqJ1LL+Hn12ysDVVfkbtuIm2NoaSEC8Ae8LSSyCMecd22d9Pn LR4UeFgrWEkQsqROq6ZDJT9pBLGe1ZS0pVGhkRyBP9GP65oPev39SmfAx9R92SYJygCy0pPv BMWKvEZS/7bpetPNx6l2xu9UvwoeEbpzUvH26PHO3DDAv0ynJugPCoxlGPVf3zcfGQxy3oty dNTWkP6Wh3Q85m+AlifgKZudjZLrO6c+fAw/jFu1UMjNuyhgShtFU7NvEzL3RqzFf9O1qM2m uj83IeFQ1FZ65QAiCdTa3npz1vHc7N4uEQBUxyXgXfCI+A5yDnjHwzU0Y3RYS52TA3nfa08y LGPLTf5wyAREkFYou20vh5vRvPASoXx6auVf1MuxokDShVhxLpryBnlKCobs4voxN54BUO7m zuERXN8kadsxGFzItAyfKYzEiJrpUB1yhm78AecDyiPlMjl99xXk0zs9lcKriaByVUv/NsyJ FQj/kmdxox3XHi9K29kopFszm1tFiDwCFr/xumbZcMY17Yi2bQARAQABtCVDb2xpbiBLaW5n IDxjb2xpbi5raW5nQGNhbm9uaWNhbC5jb20+iQI2BBMBCAAhBQJOkyQoAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEGjCh9/GqAImsBcP9i6C/qLewfi7iVcOwqF9avfGzOPf7CVr n8CayQnlWQPchmGKk6W2qgnWI2YLIkADh53TS0VeSQ7Tetj8f1gV75eP0Sr/oT/9ovn38QZ2 vN8hpZp0GxOUrzkvvPjpH+zdmKSaUsHGp8idfPpZX7XeBO0yojAs669+3BrnBcU5wW45SjSV nfmVj1ZZj3/yBunb+hgNH1QRcm8ZPICpjvSsGFClTdB4xu2AR28eMiL/TTg9k8Gt72mOvhf0 fS0/BUwcP8qp1TdgOFyiYpI8CGyzbfwwuGANPSupGaqtIRVf+/KaOdYUM3dx/wFozZb93Kws gXR4z6tyvYCkEg3x0Xl9BoUUyn9Jp5e6FOph2t7TgUvv9dgQOsZ+V9jFJplMhN1HPhuSnkvP 5/PrX8hNOIYuT/o1AC7K5KXQmr6hkkxasjx16PnCPLpbCF5pFwcXc907eQ4+b/42k+7E3fDA Erm9blEPINtt2yG2UeqEkL+qoebjFJxY9d4r8PFbEUWMT+t3+dmhr/62NfZxrB0nTHxDVIia u8xM+23iDRsymnI1w0R78yaa0Eea3+f79QsoRW27Kvu191cU7QdW1eZm05wO8QUvdFagVVdW Zg2DE63Fiin1AkGpaeZG9Dw8HL3pJAJiDe0KOpuq9lndHoGHs3MSa3iyQqpQKzxM6sBXWGfk EkK5Ag0ETpMkKAEQAMX6HP5zSoXRHnwPCIzwz8+inMW7mJ60GmXSNTOCVoqExkopbuUCvinN 4Tg+AnhnBB3R1KTHreFGoz3rcV7fmJeut6CWnBnGBtsaW5Emmh6gZbO5SlcTpl7QDacgIUuT v1pgewVHCcrKiX0zQDJkcK8FeLUcB2PXuJd6sJg39kgsPlI7R0OJCXnvT/VGnd3XPSXXoO4K cr5fcjsZPxn0HdYCvooJGI/Qau+imPHCSPhnX3WY/9q5/WqlY9cQA8tUC+7mgzt2VMjFft1h rp/CVybW6htm+a1d4MS4cndORsWBEetnC6HnQYwuC4bVCOEg9eXMTv88FCzOHnMbE+PxxHzW 3Gzor/QYZGcis+EIiU6hNTwv4F6fFkXfW6611JwfDUQCAHoCxF3B13xr0BH5d2EcbNB6XyQb IGngwDvnTyKHQv34wE+4KtKxxyPBX36Z+xOzOttmiwiFWkFp4c2tQymHAV70dsZTBB5Lq06v 6nJs601Qd6InlpTc2mjd5mRZUZ48/Y7i+vyuNVDXFkwhYDXzFRotO9VJqtXv8iqMtvS4xPPo 2DtJx6qOyDE7gnfmk84IbyDLzlOZ3k0p7jorXEaw0bbPN9dDpw2Sh9TJAUZVssK119DJZXv5 2BSc6c+GtMqkV8nmWdakunN7Qt/JbTcKlbH3HjIyXBy8gXDaEto5ABEBAAGJAh8EGAEIAAkF Ak6TJCgCGwwACgkQaMKH38aoAiZ4lg/+N2mkx5vsBmcsZVd3ys3sIsG18w6RcJZo5SGMxEBj t1UgyIXWI9lzpKCKIxKx0bskmEyMy4tPEDSRfZno/T7p1mU7hsM4owi/ic0aGBKP025Iok9G LKJcooP/A2c9dUV0FmygecRcbIAUaeJ27gotQkiJKbi0cl2gyTRlolKbC3R23K24LUhYfx4h pWj8CHoXEJrOdHO8Y0XH7059xzv5oxnXl2SD1dqA66INnX+vpW4TD2i+eQNPgfkECzKzGj+r KRfhdDZFBJj8/e131Y0t5cu+3Vok1FzBwgQqBnkA7dhBsQm3V0R8JTtMAqJGmyOcL+JCJAca 3Yi81yLyhmYzcRASLvJmoPTsDp2kZOdGr05Dt8aGPRJL33Jm+igfd8EgcDYtG6+F8MCBOult TTAu+QAijRPZv1KhEJXwUSke9HZvzo1tNTlY3h6plBsBufELu0mnqQvHZmfa5Ay99dF+dL1H WNp62+mTeHsX6v9EACH4S+Cw9Q1qJElFEu9/1vFNBmGY2vDv14gU2xEiS2eIvKiYl/b5Y85Q QLOHWV8up73KK5Qq/6bm4BqVd1rKGI9un8kezUQNGBKre2KKs6wquH8oynDP/baoYxEGMXBg GF/qjOC6OY+U7kNUW3N/A7J3M2VdOTLu3hVTzJMZdlMmmsg74azvZDV75dUigqXcwjE= Message-ID: <1edc291d-6e63-89d8-d48c-443908ddc0e8@canonical.com> Date: Wed, 3 Jun 2020 17:15:30 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/06/2020 17:11, Amir Goldstein wrote: > On Wed, Jun 3, 2020 at 6:46 PM Colin King wrote: >> >> From: Colin Ian King >> >> There are two error return paths where the call to path_put is >> dereferencing the null pointer 'stack'. Fix this by avoiding the >> error exit path via label 'out_err' that will lead to the path_put >> calls and instead just return the error code directly. >> >> Addresses-Coverity: ("Dereference after null check)" >> Fixes: 4155c10a0309 ("ovl: clean up getting lower layers") >> Signed-off-by: Colin Ian King > > > Which branch is that based on? > Doesn't seem to apply to master nor next It was based on today's linux-next > >> --- >> fs/overlayfs/super.c | 6 ++---- >> 1 file changed, 2 insertions(+), 4 deletions(-) >> >> diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c >> index 1094836f7e31..4be1b041b32c 100644 >> --- a/fs/overlayfs/super.c >> +++ b/fs/overlayfs/super.c >> @@ -1594,20 +1594,18 @@ static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb, >> unsigned int i; >> struct ovl_entry *oe; >> >> - err = -EINVAL; >> if (!ofs->config.upperdir && numlower == 1) { >> pr_err("at least 2 lowerdir are needed while upperdir nonexistent\n"); >> - goto out_err; >> + return ERR_PTR(-EINVAL); >> } else if (!ofs->config.upperdir && ofs->config.nfs_export && >> ofs->config.redirect_follow) { >> pr_warn("NFS export requires \"redirect_dir=nofollow\" on non-upper mount, falling back to nfs_export=off.\n"); >> ofs->config.nfs_export = false; >> } >> >> - err = -ENOMEM; >> stack = kcalloc(numlower, sizeof(struct path), GFP_KERNEL); >> if (!stack) >> - goto out_err; >> + return ERR_PTR(-ENOMEM); >> >> err = -EINVAL; >> for (i = 0; i < numlower; i++) { >> -- >> 2.25.1 >>