Re: [PATCH -next v3 1/2] erofs: get rid of erofs_fs_context

[Baokun Li]

Hi Jingbo,

On 2024/4/22 18:25, Jingbo Xu wrote:
> On 4/19/24 8:36 PM, Baokun Li wrote:
>
> > @@ -761,12 +747,15 @@ static void erofs_free_dev_context(struct erofs_dev_context *devs)
> >   
> >   static void erofs_fc_free(struct fs_context *fc)
> >   {
> > -	struct erofs_fs_context *ctx = fc->fs_private;
> > +	struct erofs_sb_info *sbi = fc->s_fs_info;
> > +
> > +	if (!sbi)
> > +		return;
>
> This is the only difference comparing to the original code literally.
> Is there any chance that fc->s_fs_info can be NULL when erofs_fc_free()
> is called?
>
> Otherwise looks good to me.
When sget_fc() executes successfully, fc->s_fs_info is set to NULL,
so the following NULL pointer dereference may occur:

do_new_mount
  vfs_get_tree
    erofs_fc_get_tree
      get_tree_bdev
        sget_dev
          sget_fc
            s = alloc_super
            s->s_fs_info = fc->s_fs_info;
            fc->s_fs_info = NULL;
        fill_super
        // return error
        deactivate_locked_super
          kfree(sbi);
  put_fs_context
    sbi = fc->s_fs_info
    kfree(sbi->fsid)

Thank you very much for the review!
--
With Best Regards,
Baokun Li