[PATCH] erofs: fix use-after-free of fsid and domain_id string
Chao Yu
chao at kernel.org
Thu Nov 10 01:04:59 AEDT 2022
On 2022/10/21 10:31, Jingbo Xu wrote:
> When erofs instance is remounted with fsid or domain_id mount option
> specified, the original fsid and domain_id string pointer in sbi->opt
> is directly overridden with the fsid and domain_id string in the new
> fs_context, without freeing the original fsid and domain_id string.
> What's worse, when the new fsid and domain_id string is transferred to
> sbi, they are not reset to NULL in fs_context, and thus they are freed
> when remount finishes, while sbi is still referring to these strings.
>
> Reconfiguration for fsid and domain_id seems unusual. Thus clarify this
> restriction explicitly and dump a warning when users are attempting to
> do this.
>
> Besides, to fix the use-after-free issue, move fsid and domain_id from
> erofs_mount_opts to outside.
>
> Fixes: c6be2bd0a5dd ("erofs: register fscache volume")
> Fixes: 8b7adf1dff3d ("erofs: introduce fscache-based domain")
> Signed-off-by: Jingbo Xu <jefflexu at linux.alibaba.com>
Reviewed-by: Chao Yu <chao at kernel.org>
Thanks,
More information about the Linux-erofs
mailing list