Skip to content

Commit d49c64c

Browse files
Miklos Szeredigregkh
Miklos Szeredi
authored and
gregkh
committed
statmount: let unset strings be empty
commit e52e97f upstream. Just like it's normal for unset values to be zero, unset strings should be empty instead of containing random values. It seems to be a typical mistake that the mask returned by statmount is not checked, which can result in various bugs. With this fix, these bugs are prevented, since it is highly likely that userspace would just want to turn the missing mask case into an empty string anyway (most of the recently found cases are of this type). Link: https://lore.kernel.org/all/CAJfpegsVCPfCn2DpM8iiYSS5DpMsLB8QBUCHecoj6s0Vxf4jzg@mail.gmail.com/ Fixes: 68385d7 ("statmount: simplify string option retrieval") Fixes: 46eae99 ("add statmount(2) syscall") Cc: [email protected] # v6.8 Signed-off-by: Miklos Szeredi <[email protected]> Link: https://lore.kernel.org/r/[email protected] Reviewed-by: Jeff Layton <[email protected]> Signed-off-by: Christian Brauner <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
1 parent 7db0365 commit d49c64c

File tree

1 file changed

+12
-4
lines changed

1 file changed

+12
-4
lines changed

fs/namespace.c

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5053,22 +5053,29 @@ static int statmount_string(struct kstatmount *s, u64 flag)
50535053
size_t kbufsize;
50545054
struct seq_file *seq = &s->seq;
50555055
struct statmount *sm = &s->sm;
5056+
u32 start, *offp;
5057+
5058+
/* Reserve an empty string at the beginning for any unset offsets */
5059+
if (!seq->count)
5060+
seq_putc(seq, 0);
5061+
5062+
start = seq->count;
50565063

50575064
switch (flag) {
50585065
case STATMOUNT_FS_TYPE:
5059-
sm->fs_type = seq->count;
5066+
offp = &sm->fs_type;
50605067
ret = statmount_fs_type(s, seq);
50615068
break;
50625069
case STATMOUNT_MNT_ROOT:
5063-
sm->mnt_root = seq->count;
5070+
offp = &sm->mnt_root;
50645071
ret = statmount_mnt_root(s, seq);
50655072
break;
50665073
case STATMOUNT_MNT_POINT:
5067-
sm->mnt_point = seq->count;
5074+
offp = &sm->mnt_point;
50685075
ret = statmount_mnt_point(s, seq);
50695076
break;
50705077
case STATMOUNT_MNT_OPTS:
5071-
sm->mnt_opts = seq->count;
5078+
offp = &sm->mnt_opts;
50725079
ret = statmount_mnt_opts(s, seq);
50735080
break;
50745081
default:
@@ -5090,6 +5097,7 @@ static int statmount_string(struct kstatmount *s, u64 flag)
50905097

50915098
seq->buf[seq->count++] = '\0';
50925099
sm->mask |= flag;
5100+
*offp = start;
50935101
return 0;
50945102
}
50955103

0 commit comments

Comments
 (0)