From patchwork Wed Jun 29 08:54:23 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 9204479 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 429E0607D8 for ; Wed, 29 Jun 2016 08:54:49 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2DCBE28645 for ; Wed, 29 Jun 2016 08:54:49 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 20CD228648; Wed, 29 Jun 2016 08:54:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C401B28645 for ; Wed, 29 Jun 2016 08:54:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751527AbcF2Iya (ORCPT ); Wed, 29 Jun 2016 04:54:30 -0400 Received: from mail-wm0-f42.google.com ([74.125.82.42]:37196 "EHLO mail-wm0-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751480AbcF2Iy2 (ORCPT ); Wed, 29 Jun 2016 04:54:28 -0400 Received: by mail-wm0-f42.google.com with SMTP id a66so62703072wme.0 for ; Wed, 29 Jun 2016 01:54:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=kKjNngYficZ+FOvf85nWZec+Lzp4K5uRBxIxpWgok0Y=; b=dhdOyEGMlaGkY2vFk2kh31XZhZ7wdYTT8MhF/ZD9AVwwO7p91t7Hhsc5FD7UCzIqHW GPOLIul3MQ209VwHnQkSMh1z6KS8VT5UyhOtoFnZZFyuyjc/icqMdk7F8zCGZHD6HVmo XqcOa2Od4E/HjAczFOeyhcrrmyyH0++x5WlZ9ZIShnQheN/4iSfNsxh+mPpSSGmCd4FG ThLbJq2ZeESryWU4AK7hlfi/tJ/ejCBqEQUUTNMDzh4XbOZGfJJUle3xKgg/JjA5CNkE iK7NMrQ5JrvboAVP9uQmGaY3BaVt/QpYvmfvyHI4LFVAtQd+5z9JWhZcedE4w9zKfi4r t3jQ== X-Gm-Message-State: ALyK8tIkzAw5sanGGZpsGBMImvasj6q+OPI378E9qHb/b5GtLf+H7ZnLbNlauKGWWmXnd9fh X-Received: by 10.194.104.227 with SMTP id gh3mr7249701wjb.3.1467190466451; Wed, 29 Jun 2016 01:54:26 -0700 (PDT) Received: from veci.piliscsaba.szeredi.hu (pool-dsl-2c-0018.externet.hu. [217.173.44.24]) by smtp.gmail.com with ESMTPSA id r6sm3067463wme.14.2016.06.29.01.54.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 29 Jun 2016 01:54:25 -0700 (PDT) From: Miklos Szeredi To: Al Viro Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Alessio Igor Bogani , Eric Van Hensbergen Subject: [PATCH] 9p: use file_dentry() Date: Wed, 29 Jun 2016 10:54:23 +0200 Message-Id: <1467190463-9906-1-git-send-email-mszeredi@redhat.com> X-Mailer: git-send-email 2.5.5 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP v9fs may be used as lower layer of overlayfs and accessing f_path.dentry can lead to a crash. In this case it's a NULL pointer dereference in p9_fid_create(). Fix by replacing direct access of file->f_path.dentry with the file_dentry() accessor, which will always return a native object. Reported-by: Alessio Igor Bogani Signed-off-by: Miklos Szeredi Tested-by: Alessio Igor Bogani Fixes: 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay") Cc: --- fs/9p/vfs_file.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/9p/vfs_file.c b/fs/9p/vfs_file.c index b84c291ba1eb..d7b78d531e63 100644 --- a/fs/9p/vfs_file.c +++ b/fs/9p/vfs_file.c @@ -74,7 +74,7 @@ int v9fs_file_open(struct inode *inode, struct file *file) v9fs_proto_dotu(v9ses)); fid = file->private_data; if (!fid) { - fid = v9fs_fid_clone(file->f_path.dentry); + fid = v9fs_fid_clone(file_dentry(file)); if (IS_ERR(fid)) return PTR_ERR(fid); @@ -100,7 +100,7 @@ int v9fs_file_open(struct inode *inode, struct file *file) * because we want write after unlink usecase * to work. */ - fid = v9fs_writeback_fid(file->f_path.dentry); + fid = v9fs_writeback_fid(file_dentry(file)); if (IS_ERR(fid)) { err = PTR_ERR(fid); mutex_unlock(&v9inode->v_mutex); @@ -516,7 +516,7 @@ v9fs_mmap_file_mmap(struct file *filp, struct vm_area_struct *vma) * because we want write after unlink usecase * to work. */ - fid = v9fs_writeback_fid(filp->f_path.dentry); + fid = v9fs_writeback_fid(file_dentry(filp)); if (IS_ERR(fid)) { retval = PTR_ERR(fid); mutex_unlock(&v9inode->v_mutex);