On Wed, 2025-04-02 at 11:45 +0800, Xiaole He wrote:
> The first several lines of iterate_supers_type are below:
>
> 1 void iterate_supers_type(struct file_system_type *type,
> 2 void (*f)(struct super_block *, void *), void *arg)
> 3 {
> 4 struct super_block *sb, *p = NULL;
> 5
> 6 spin_lock(&sb_lock);
> 7 hlist_for_each_entry(sb, &type->fs_supers, s_instances) {
> 8 ...
> 9 }
>
> The iterate_super_type is a exported symbol, and if
> iterate_supers_type is called with type of NULL, then there will be a
> NULL pointer dereference of argument type in line 7.
filesystem_type is an argument to alloc_super, which the filesystems
code always fills in. If a filesystem passed a NULL type to the
context, the initialization code would crash on a NULL deref (iterating
type->fs_supers) which makes what you're checking for here an
impossible condition, doesn't it?
Regards,
James
