Unverified Commit 1363c134 authored by Zijun Hu's avatar Zijun Hu Committed by Christian Brauner
Browse files

fs/filesystems: Fix potential unsigned integer underflow in fs_name() 



fs_name() has @index as unsigned int, so there is underflow risk for
operation '@index--'.

Fix by breaking the for loop when '@index == 0' which is also more proper
than '@index <= 0' for unsigned integer comparison.

Signed-off-by: default avatarZijun Hu <quic_zijuhu@quicinc.com>
Link: https://lore.kernel.org/20250410-fix_fs-v1-1-7c14ccc8ebaa@quicinc.com


Signed-off-by: default avatarChristian Brauner <brauner@kernel.org>
parent 698d1b48

fs/filesystems.c

+9 −5
Original line number Diff line number Diff line
@@ -156,15 +156,19 @@ static int fs_index(const char __user * __name) 
static int fs_name(unsigned int index, char __user * buf)

{

	struct file_system_type * tmp;

	int len, res;

	int len, res = -EINVAL;



	read_lock(&file_systems_lock);

	for (tmp = file_systems; tmp; tmp = tmp->next, index--)

		if (index <= 0 && try_module_get(tmp->owner))

	for (tmp = file_systems; tmp; tmp = tmp->next, index--) {

		if (index == 0) {

			if (try_module_get(tmp->owner))

				res = 0;

			break;

		}

	}

	read_unlock(&file_systems_lock);

	if (!tmp)

		return -EINVAL;

	if (res)

		return res;



	/* OK, we got the reference, so we can safely block */

	len = strlen(tmp->name) + 1;