[2/3] ext4: fix mount parameters check for empty values

Message ID 20240229163011.16248-3-lhenriques@suse.de
State New
Headers
Series fs_parser: handle parameters that can be empty and don't have a value |

Commit Message

Luis Henriques Feb. 29, 2024, 4:30 p.m. UTC
  Now that parameters that have the flag 'fs_param_can_be_empty' set and
their value is NULL are handled as 'flag' type, we need to properly check
for empty (NULL) values.

Signed-off-by: Luis Henriques <lhenriques@suse.de>
---
 fs/ext4/super.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
  

Comments

Christian Brauner March 1, 2024, 1:36 p.m. UTC | #1
On Thu, Feb 29, 2024 at 04:30:09PM +0000, Luis Henriques wrote:
> Now that parameters that have the flag 'fs_param_can_be_empty' set and
> their value is NULL are handled as 'flag' type, we need to properly check
> for empty (NULL) values.
> 
> Signed-off-by: Luis Henriques <lhenriques@suse.de>
> ---
>  fs/ext4/super.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index 0f931d0c227d..44ba2212dfb3 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -2183,12 +2183,12 @@ static int ext4_parse_param(struct fs_context *fc, struct fs_parameter *param)
>  	switch (token) {
>  #ifdef CONFIG_QUOTA
>  	case Opt_usrjquota:
> -		if (!*param->string)
> +		if (!param->string)
>  			return unnote_qf_name(fc, USRQUOTA);

I fail to understand how that can happen. Currently both of these
options are parsed as strings via:

#define fsparam_string_empty(NAME, OPT) \
        __fsparam(fs_param_is_string, NAME, OPT, fs_param_can_be_empty, NULL)


So if someone sets fsconfig(..., FSCONFIG_SET_STRING, "usrquota", NULL, ...)
we give an immediate

        case FSCONFIG_SET_STRING:
                if (!_key || !_value || aux) return -EINVAL;

from fsconfig() so we know that param->string cannot be NULL. If that
were the case we'd NULL deref in fs_param_is_string():

int fs_param_is_string(struct p_log *log, const struct fs_parameter_spec *p,
                       struct fs_parameter *param, struct fs_parse_result *result)
{
        if (param->type != fs_value_is_string ||
            (!*param->string && !(p->flags & fs_param_can_be_empty)))

So you're check above seems wrong. If I'm mistaken, please explain, how
this can happen in detail.
  
Luis Henriques March 1, 2024, 3:47 p.m. UTC | #2
Christian Brauner <brauner@kernel.org> writes:

> On Thu, Feb 29, 2024 at 04:30:09PM +0000, Luis Henriques wrote:
>> Now that parameters that have the flag 'fs_param_can_be_empty' set and
>> their value is NULL are handled as 'flag' type, we need to properly check
>> for empty (NULL) values.
>> 
>> Signed-off-by: Luis Henriques <lhenriques@suse.de>
>> ---
>>  fs/ext4/super.c | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>> 
>> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
>> index 0f931d0c227d..44ba2212dfb3 100644
>> --- a/fs/ext4/super.c
>> +++ b/fs/ext4/super.c
>> @@ -2183,12 +2183,12 @@ static int ext4_parse_param(struct fs_context *fc, struct fs_parameter *param)
>>  	switch (token) {
>>  #ifdef CONFIG_QUOTA
>>  	case Opt_usrjquota:
>> -		if (!*param->string)
>> +		if (!param->string)
>>  			return unnote_qf_name(fc, USRQUOTA);
>
> I fail to understand how that can happen. Currently both of these
> options are parsed as strings via:
>
> #define fsparam_string_empty(NAME, OPT) \
>         __fsparam(fs_param_is_string, NAME, OPT, fs_param_can_be_empty, NULL)
>
>
> So if someone sets fsconfig(..., FSCONFIG_SET_STRING, "usrquota", NULL, ..)
> we give an immediate
>
>         case FSCONFIG_SET_STRING:
>                 if (!_key || !_value || aux) return -EINVAL;
>
> from fsconfig() so we know that param->string cannot be NULL. If that
> were the case we'd NULL deref in fs_param_is_string():
>
> int fs_param_is_string(struct p_log *log, const struct fs_parameter_spec *p,
>                        struct fs_parameter *param, struct fs_parse_result *result)
> {
>         if (param->type != fs_value_is_string ||
>             (!*param->string && !(p->flags & fs_param_can_be_empty)))
>
> So you're check above seems wrong. If I'm mistaken, please explain, how
> this can happen in detail.

I hope my reply to the previous patch helps clarifying this issue (which
is quite confusing, and I'm probably  the confused one!).  To summarize,
fsconfig() will (or can) get this parameter as a flag, not as string.

Cheers,
  

Patch

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 0f931d0c227d..44ba2212dfb3 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -2183,12 +2183,12 @@  static int ext4_parse_param(struct fs_context *fc, struct fs_parameter *param)
 	switch (token) {
 #ifdef CONFIG_QUOTA
 	case Opt_usrjquota:
-		if (!*param->string)
+		if (!param->string)
 			return unnote_qf_name(fc, USRQUOTA);
 		else
 			return note_qf_name(fc, USRQUOTA, param);
 	case Opt_grpjquota:
-		if (!*param->string)
+		if (!param->string)
 			return unnote_qf_name(fc, GRPQUOTA);
 		else
 			return note_qf_name(fc, GRPQUOTA, param);