Re: [PATCH] erofs: include the trailing NUL in FS_IOC_GETFSLABEL

Next message: kernel test robot: "WARNING: modpost: vmlinux: section mismatch in reference: __do_trace_initcall_level+0x38 (section: .text.unlikely) -&gt; initcall_level_names (section: .init.data)"
Previous message: Masami Hiramatsu (Google): "[PATCH v10 1/3] tracing: Make the backup instance non-reusable"
In reply to: Zhan Xusheng: "[PATCH] erofs: include the trailing NUL in FS_IOC_GETFSLABEL"
Next in thread: Chunhai Guo: "Re: [PATCH] erofs: include the trailing NUL in FS_IOC_GETFSLABEL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Gao Xiang

Date: Wed Apr 01 2026 - 02:39:12 EST

On 2026/4/1 14:13, Zhan Xusheng wrote:

erofs_ioctl_get_volume_label() passes strlen(sbi->volume_name) as
the length to copy_to_user(), which copies the label string without
the trailing NUL byte. Since FS_IOC_GETFSLABEL callers expect a
NUL-terminated string in the FSLABEL_MAX-sized buffer and may not
pre-zero the buffer, this can cause userspace to read past the label
into uninitialised stack memory.

Fix this by using strlen() + 1 to include the NUL terminator,
consistent with how ext4 and xfs implement FS_IOC_GETFSLABEL.

Signed-off-by: Zhan Xusheng <zhanxusheng@xxxxxxxxxx>

Thanks,

Fixes: 1cf12c717741 ("erofs: Add support for FS_IOC_GETFSLABEL")
Reviewed-by: Gao Xiang <hsiangkao@xxxxxxxxxxxxxxxxx>

Thanks,
Gao Xiang