Re: [PATCH v5 68/68] sysfs(2): fs_index() argument is _not_ a pathname

David Laight Wed, 14 Jan 2026 03:28:50 -0800

On Wed, 14 Jan 2026 04:33:10 +0000
Al Viro <[email protected]> wrote:


> ... it's a filesystem type name.
> 
> Signed-off-by: Al Viro <[email protected]>
> ---
>  fs/filesystems.c | 9 +++------
>  1 file changed, 3 insertions(+), 6 deletions(-)
> 
> diff --git a/fs/filesystems.c b/fs/filesystems.c
> index 95e5256821a5..0c7d2b7ac26c 100644
> --- a/fs/filesystems.c
> +++ b/fs/filesystems.c
> @@ -132,24 +132,21 @@ EXPORT_SYMBOL(unregister_filesystem);
>  static int fs_index(const char __user * __name)
>  {
>       struct file_system_type * tmp;
> -     struct filename *name;
> +     char *name __free(kfree) = strndup_user(__name, PATH_MAX);
>       int err, index;
>  
> -     name = getname(__name);
> -     err = PTR_ERR(name);
>       if (IS_ERR(name))
> -             return err;
> +             return PTR_ERR(name);

Doesn't that end up calling kfree(name) and the check in kfree() doesn't
seem to exclude error values.

Changing:
#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) <= \
                                (unsigned long)ZERO_SIZE_PTR)
to:
#define ZERO_OR_NULL_PTR(x) (4096 + (unsigned long)(x) <= \
                                4096 + (unsigned long)ZERO_SIZE_PTR)
would fix it at minimal cost.

        David


>  
>       err = -EINVAL;
>       read_lock(&file_systems_lock);
>       for (tmp=file_systems, index=0 ; tmp ; tmp=tmp->next, index++) {
> -             if (strcmp(tmp->name, name->name) == 0) {
> +             if (strcmp(tmp->name, name) == 0) {
>                       err = index;
>                       break;
>               }
>       }
>       read_unlock(&file_systems_lock);
> -     putname(name);
>       return err;
>  }
>

Re: [PATCH v5 68/68] sysfs(2): fs_index() argument is _not_ a pathname

Reply via email to