[PATCH] kernfs: fix possibility of NULL pointer dereference. (mount.c)
From: youngjun
Date: Mon Apr 27 2020 - 13:32:13 EST
mount.c also uses "kernfs_dentry_node".
When dentry is negative, "kernfs_dentry_node" returns NULL.
In this case, "kernfs_root" dereferences NULL pointer.
Signed-off-by: youngjun <her0gyugyu@xxxxxxxxx>
---
fs/kernfs/mount.c | 25 +++++++++++++++++++++----
1 file changed, 21 insertions(+), 4 deletions(-)
diff --git a/fs/kernfs/mount.c b/fs/kernfs/mount.c
index 9dc7e7a64e10..cd49cb936681 100644
--- a/fs/kernfs/mount.c
+++ b/fs/kernfs/mount.c
@@ -23,19 +23,33 @@ struct kmem_cache *kernfs_node_cache, *kernfs_iattrs_cache;
static int kernfs_sop_show_options(struct seq_file *sf, struct dentry *dentry)
{
- struct kernfs_root *root = kernfs_root(kernfs_dentry_node(dentry));
- struct kernfs_syscall_ops *scops = root->syscall_ops;
+ struct kernfs_node *node = kernfs_dentry_node(dentry);
+ struct kernfs_root *root;
+ struct kernfs_syscall_ops *scops;
+
+ if (node) {
+ root = kernfs_root(node);
+ scops = root->syscall_ops;
+ } else
+ return 0;
if (scops && scops->show_options)
return scops->show_options(sf, root);
+
return 0;
}
static int kernfs_sop_show_path(struct seq_file *sf, struct dentry *dentry)
{
struct kernfs_node *node = kernfs_dentry_node(dentry);
- struct kernfs_root *root = kernfs_root(node);
- struct kernfs_syscall_ops *scops = root->syscall_ops;
+ struct kernfs_root *root;
+ struct kernfs_syscall_ops *scops;
+
+ if (node) {
+ root = kernfs_root(node);
+ scops = root->syscall_ops;
+ } else
+ return 0;
if (scops && scops->show_path)
return scops->show_path(sf, node, root);
@@ -138,6 +152,9 @@ static struct dentry *kernfs_get_parent_dentry(struct dentry *child)
{
struct kernfs_node *kn = kernfs_dentry_node(child);
+ if (!kn)
+ return NULL;
+
return d_obtain_alias(kernfs_get_inode(child->d_sb, kn->parent));
}
--
2.17.1