[linux-cifs-client] [patch] Attempt #2 to handle null nameidata
Jeff Layton
jlayton at samba.org
Thu Apr 29 08:29:51 MDT 2010
On Thu, 29 Apr 2010 22:12:16 +0800
Eugene Teo <eugeneteo at kernel.sg> wrote:
> On Thu, Apr 29, 2010 at 9:51 PM, Shirish Pargaonkar
> <shirishpargaonkar at gmail.com> wrote:
> > On Thu, Apr 29, 2010 at 6:16 AM, Jeff Layton <jlayton at samba.org> wrote:
> >> On Thu, 29 Apr 2010 15:56:02 +0530
> >> Suresh Jayaraman <sjayaraman at suse.de> wrote:
> >>
> >>> On 04/09/2010 01:28 AM, Jeff Layton wrote:
> >>> > On Thu, 8 Apr 2010 14:40:47 -0500
> >>> > Shirish Pargaonkar <shirishpargaonkar at gmail.com> wrote:
> >>> >
> >>> >> On Thu, Apr 8, 2010 at 2:34 PM, Jeff Layton <jlayton at samba.org> wrote:
> >>> >>> On Wed, �7 Apr 2010 11:19:10 -0500
> >>> >>> shirishpargaonkar at gmail.com wrote:
> >>> >>>
> >>> >>>> While creating a file on a server which supports unix extensions
> >>> >>>> such as Samba, if a file is being created which does not supply
> >>> >>>> nameidata (i.e. nd is null), cifs client can oops when calling
> >>> >>>> cifs_posix_open.
> >>> >>>>
> >>> >>>> Signed-off-by: Shirish Pargaonkar <shirishpargaonkar at gmail.com>
> >>> >>>> Reported-by: Eugene Teo <eugeneteo at kernel.sg>
> >>>
> >>> >
> >>> > We'll need to take this patch in the interim though to fix the
> >>> > immediate oops.
> >>> >
> >>>
> >>> Do we need to Cc -stable as well as the issue seem to be reproducible on
> >>> kernel versions > 2.6.29-rc6?
> >>>
> >>> Thanks,
> >>>
> >>
> >> Can someone clarify how to reproduce this oops? I think that the only
> >> place where this function gets called with NULL nameidata is from nfsd
> >> and the export ops for cifs are just stubs. Has this actually been seen
> >> in the field or was it just found via inspection?
> >>
> >> --
> >> Jeff Layton <jlayton at samba.org>
> >
> > As far as I know, by inspection.
> > Eugene, can you please comment on this?
>
> It was found by inspection. Did not attempt to reproduce the issue.
>
> Eugene
>
Ok. I don't think this is actually exploitable. Certainly something
that should be fixed in case CIFS ever is exportable via nfsd, but not
worthy of a CVE.
On a related note... the sb->s_export_ops ought to be NULL in all cases
until CIFS actually has export ops that are functional. The current
situation probably tricks nfsd into thinking that CIFS is exportable
when it really isn't. That's likely to be very confusing for users.
--
Jeff Layton <jlayton at samba.org>
More information about the linux-cifs-client
mailing list