Received: by 10.223.185.116 with SMTP id b49csp5554232wrg;
        Tue, 27 Feb 2018 15:46:55 -0800 (PST)
X-Google-Smtp-Source: AH8x227ool26vDiTGO+OT1L13LiHZDfW9B9Fvfhpndp6+Mt8hYOkt3AHkoW0CA19sj32Dx2CZSVa
X-Received: by 10.98.166.85 with SMTP id t82mr15605053pfe.237.1519775214971;
        Tue, 27 Feb 2018 15:46:54 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519775214; cv=none;
        d=google.com; s=arc-20160816;
        b=ZcDMiyAl/yN/bTiYzrBkCdQry/wF88EJVnDTDH3AFChhxBf382PZ74v4cmNigpkdai
         V2ILlPtjRPTSWb/v0Ut+IOdbMPwf9BZSQSS1LotakTD74jQb9K/3AWlqTfJ6bnvnbXjA
         kGAR2o8aXtbL06xNs97C6JvRmgoTSiQZLhbG9b/h4KYOIH4k8iSeGe8Kt2/ltb7i38uf
         R576xGi1bUxAEMmECG+0uMBm7JXNVsfl43kWBWhE9N5gYSXBC13KeNobi+lZsJU7IZBn
         BSNnGhAOYQQYZHrB0ivKy3Stz1A/Vpj/vFYwSAPeiT1mElKc+8d9A+DCa84Lx/rZnYu1
         vt/A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=YYL2/Ud0aKS7Ws0tbakjLSDk0uCidSYs1Nk6RzntITw=;
        b=WYQallrkjVOoo8YabEKEELv3iUr/Bsa2V3Kex6nC6WD/GWyl3LVYyO/ac59VIL7kYc
         cJXZk8+EixFRcaKY6WsHuqFODr/tbz/gan5xKuQ04XdJRGSQBIqnsP7uG1p1OCbm9d10
         qKheAexYY8bByhVd0uoE3T+whZxNnWyTvnA2iZ+PVqz1AfFUqZh25xZ3U2ViFxkPIzKe
         6QHsLjVtLGI+yPMSGPxRbO50NxKdUn2yLV/b95HJUpgxNyXdMk9/n+glZJrYY+SZ80lX
         vZe172mYV314Y7yJCXpbVHGa+PKnGy6G3VVSgfRY3WU15AD0hjP3Ph+cRcxuUJDJ2dBl
         hmMw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=aCOLtKJg;
       dkim=fail header.i=@chromium.org header.s=google header.b=aGJUDmWE;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f5si129468pgv.476.2018.02.27.15.46.39;
        Tue, 27 Feb 2018 15:46:54 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=aCOLtKJg;
       dkim=fail header.i=@chromium.org header.s=google header.b=aGJUDmWE;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751587AbeB0XjZ (ORCPT <rfc822;414256we@gmail.com> + 99 others);
        Tue, 27 Feb 2018 18:39:25 -0500
Received: from mail-ua0-f196.google.com ([209.85.217.196]:35076 "EHLO
        mail-ua0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751117AbeB0XjY (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 27 Feb 2018 18:39:24 -0500
Received: by mail-ua0-f196.google.com with SMTP id n1so402848uaa.2
        for <linux-kernel@vger.kernel.org>; Tue, 27 Feb 2018 15:39:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=YYL2/Ud0aKS7Ws0tbakjLSDk0uCidSYs1Nk6RzntITw=;
        b=aCOLtKJgbG5wiPdz0gs4hCaO3VfWACp7xerJ2isyfqboJUERq4qr7R1P3pSrEDsds4
         BBCtQveX8dZIGRMVJYEp5B421mgs+NtObT8mInEZMTd5cGTowPSIYTiE9ezwHukmaDRH
         BzL5s+KY695rusqzG+jC+d4cQneSWzrIpP7aFJl5otD0YY8Kl5vsC3Q14D28O5YYK/e4
         wumETl0UfrNFQNru9aBnzewSgtkLTCbL12ILT0jr8PVNPPE7MCqfgygE3juWEqSVR0SC
         yROxYGVMjv7u7wZSpyqvUsdyq0ipKqFesophi9pX3UzNWkPrACaf84QhU3muKfAHbJer
         61/A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=YYL2/Ud0aKS7Ws0tbakjLSDk0uCidSYs1Nk6RzntITw=;
        b=aGJUDmWEO408+HII9gYqVRjGheJ4ITJuUdLPLqq+NBKzJyU3ih++zd8EkYueOaFv2j
         v7q4KAaxxxMtdve7kTQUar+D5j95ynPFNdmfYKfxXdYKMJjNbgcaG5aVMpRIG8x3Lk91
         MGF9u4w8lfTZ4IK2pYMiQEmO/ntB0j6f8KH8o=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=YYL2/Ud0aKS7Ws0tbakjLSDk0uCidSYs1Nk6RzntITw=;
        b=D3JZXJomrMLF/VYMmvSGP3AEN7RtfcEcMkJWbOQcaAww1iX7liQ7e1cEjQYxAMM+MA
         xG03AqCH4zgveQkOBvkx091HiFnV4mhE/ePNcrlTBm+0HOWV+9giGISEb15Rr6QIpfoW
         Dv4KTlES933ntNtjfzdlsKgeuN255fHaXDPa2SLaCr+9vT/foXQuDxyuSbSItigVdDvN
         GGEEt/kAgg6tPUmjcKZGIpUO7zzBlsLpzPzI8GJuubvaTN59iZMLy337ZkE21+n29cl6
         2IWV+R3pG2Y3UqUov1y+jTHFBGar720v8+oiro5pNwhNLUImLQRo1X7OtbPtu9xnhGcQ
         8c+A==
X-Gm-Message-State: APf1xPBdjFeB5Gi0GWVsqwtWUr7GKog99YzKtW/92xEGqYt/FEydpm12
        JwdyEGFBdX0cbhv+CeWWd9t4XImz+thVE0ma17ZM4g==
X-Received: by 10.159.36.243 with SMTP id 106mr5158844uar.83.1519774763330;
 Tue, 27 Feb 2018 15:39:23 -0800 (PST)
MIME-Version: 1.0
Received: by 10.31.242.140 with HTTP; Tue, 27 Feb 2018 15:39:22 -0800 (PST)
In-Reply-To: <20180227233156.29826-1-danilokrummrich@dk-develop.de>
References: <20180227233156.29826-1-danilokrummrich@dk-develop.de>
From:   Kees Cook <keescook@chromium.org>
Date:   Tue, 27 Feb 2018 15:39:22 -0800
X-Google-Sender-Auth: F7EXXKBvnoxIJtY47cpHDsPUL1U
Message-ID: <CAGXu5jLL8GP7uVRqfnMKf5G=WYE1YZ14cdBMfqwP9+iT2A1bNw@mail.gmail.com>
Subject: Re: [PATCH v2 1/2] fs/sysctl: fix potential page fault while
 unregistering sysctl table
To:     Danilo Krummrich <danilokrummrich@dk-develop.de>
Cc:     "Luis R. Rodriguez" <mcgrof@kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        "linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Feb 27, 2018 at 3:31 PM, Danilo Krummrich
<danilokrummrich@dk-develop.de> wrote:
> proc_sys_link_fill_cache() does not take currently unregistering
> sysctl tables into account, which might result into a page fault in
> sysctl_follow_link() - add a check to fix it.
>
> Signed-off-by: Danilo Krummrich <danilokrummrich@dk-develop.de>

Acked-by: Kees Cook <keescook@chromium.org>

> ---
> v2: removed empty line between between sysctl_head_grab and IS_ERR

Thanks!

-Kees

> ---
>  fs/proc/proc_sysctl.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
> index c5cbbdff3c3d..82ac5f682b73 100644
> --- a/fs/proc/proc_sysctl.c
> +++ b/fs/proc/proc_sysctl.c
> @@ -707,7 +707,10 @@ static bool proc_sys_link_fill_cache(struct file *file,
>                                     struct ctl_table *table)
>  {
>         bool ret = true;
> +
>         head = sysctl_head_grab(head);
> +       if (IS_ERR(head))
> +               return false;
>
>         if (S_ISLNK(table->mode)) {
>                 /* It is not an error if we can not follow the link ignore it */
> --
> 2.14.1
>



-- 
Kees Cook
Pixel Security