Received: by 10.223.185.116 with SMTP id b49csp5554232wrg; Tue, 27 Feb 2018 15:46:55 -0800 (PST) X-Google-Smtp-Source: AH8x227ool26vDiTGO+OT1L13LiHZDfW9B9Fvfhpndp6+Mt8hYOkt3AHkoW0CA19sj32Dx2CZSVa X-Received: by 10.98.166.85 with SMTP id t82mr15605053pfe.237.1519775214971; Tue, 27 Feb 2018 15:46:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519775214; cv=none; d=google.com; s=arc-20160816; b=ZcDMiyAl/yN/bTiYzrBkCdQry/wF88EJVnDTDH3AFChhxBf382PZ74v4cmNigpkdai V2ILlPtjRPTSWb/v0Ut+IOdbMPwf9BZSQSS1LotakTD74jQb9K/3AWlqTfJ6bnvnbXjA kGAR2o8aXtbL06xNs97C6JvRmgoTSiQZLhbG9b/h4KYOIH4k8iSeGe8Kt2/ltb7i38uf R576xGi1bUxAEMmECG+0uMBm7JXNVsfl43kWBWhE9N5gYSXBC13KeNobi+lZsJU7IZBn BSNnGhAOYQQYZHrB0ivKy3Stz1A/Vpj/vFYwSAPeiT1mElKc+8d9A+DCa84Lx/rZnYu1 vt/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=YYL2/Ud0aKS7Ws0tbakjLSDk0uCidSYs1Nk6RzntITw=; b=WYQallrkjVOoo8YabEKEELv3iUr/Bsa2V3Kex6nC6WD/GWyl3LVYyO/ac59VIL7kYc cJXZk8+EixFRcaKY6WsHuqFODr/tbz/gan5xKuQ04XdJRGSQBIqnsP7uG1p1OCbm9d10 qKheAexYY8bByhVd0uoE3T+whZxNnWyTvnA2iZ+PVqz1AfFUqZh25xZ3U2ViFxkPIzKe 6QHsLjVtLGI+yPMSGPxRbO50NxKdUn2yLV/b95HJUpgxNyXdMk9/n+glZJrYY+SZ80lX vZe172mYV314Y7yJCXpbVHGa+PKnGy6G3VVSgfRY3WU15AD0hjP3Ph+cRcxuUJDJ2dBl hmMw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=aCOLtKJg; dkim=fail header.i=@chromium.org header.s=google header.b=aGJUDmWE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f5si129468pgv.476.2018.02.27.15.46.39; Tue, 27 Feb 2018 15:46:54 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=aCOLtKJg; dkim=fail header.i=@chromium.org header.s=google header.b=aGJUDmWE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751587AbeB0XjZ (ORCPT + 99 others); Tue, 27 Feb 2018 18:39:25 -0500 Received: from mail-ua0-f196.google.com ([209.85.217.196]:35076 "EHLO mail-ua0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751117AbeB0XjY (ORCPT ); Tue, 27 Feb 2018 18:39:24 -0500 Received: by mail-ua0-f196.google.com with SMTP id n1so402848uaa.2 for ; Tue, 27 Feb 2018 15:39:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=YYL2/Ud0aKS7Ws0tbakjLSDk0uCidSYs1Nk6RzntITw=; b=aCOLtKJgbG5wiPdz0gs4hCaO3VfWACp7xerJ2isyfqboJUERq4qr7R1P3pSrEDsds4 BBCtQveX8dZIGRMVJYEp5B421mgs+NtObT8mInEZMTd5cGTowPSIYTiE9ezwHukmaDRH BzL5s+KY695rusqzG+jC+d4cQneSWzrIpP7aFJl5otD0YY8Kl5vsC3Q14D28O5YYK/e4 wumETl0UfrNFQNru9aBnzewSgtkLTCbL12ILT0jr8PVNPPE7MCqfgygE3juWEqSVR0SC yROxYGVMjv7u7wZSpyqvUsdyq0ipKqFesophi9pX3UzNWkPrACaf84QhU3muKfAHbJer 61/A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=YYL2/Ud0aKS7Ws0tbakjLSDk0uCidSYs1Nk6RzntITw=; b=aGJUDmWEO408+HII9gYqVRjGheJ4ITJuUdLPLqq+NBKzJyU3ih++zd8EkYueOaFv2j v7q4KAaxxxMtdve7kTQUar+D5j95ynPFNdmfYKfxXdYKMJjNbgcaG5aVMpRIG8x3Lk91 MGF9u4w8lfTZ4IK2pYMiQEmO/ntB0j6f8KH8o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=YYL2/Ud0aKS7Ws0tbakjLSDk0uCidSYs1Nk6RzntITw=; b=D3JZXJomrMLF/VYMmvSGP3AEN7RtfcEcMkJWbOQcaAww1iX7liQ7e1cEjQYxAMM+MA xG03AqCH4zgveQkOBvkx091HiFnV4mhE/ePNcrlTBm+0HOWV+9giGISEb15Rr6QIpfoW Dv4KTlES933ntNtjfzdlsKgeuN255fHaXDPa2SLaCr+9vT/foXQuDxyuSbSItigVdDvN GGEEt/kAgg6tPUmjcKZGIpUO7zzBlsLpzPzI8GJuubvaTN59iZMLy337ZkE21+n29cl6 2IWV+R3pG2Y3UqUov1y+jTHFBGar720v8+oiro5pNwhNLUImLQRo1X7OtbPtu9xnhGcQ 8c+A== X-Gm-Message-State: APf1xPBdjFeB5Gi0GWVsqwtWUr7GKog99YzKtW/92xEGqYt/FEydpm12 JwdyEGFBdX0cbhv+CeWWd9t4XImz+thVE0ma17ZM4g== X-Received: by 10.159.36.243 with SMTP id 106mr5158844uar.83.1519774763330; Tue, 27 Feb 2018 15:39:23 -0800 (PST) MIME-Version: 1.0 Received: by 10.31.242.140 with HTTP; Tue, 27 Feb 2018 15:39:22 -0800 (PST) In-Reply-To: <20180227233156.29826-1-danilokrummrich@dk-develop.de> References: <20180227233156.29826-1-danilokrummrich@dk-develop.de> From: Kees Cook Date: Tue, 27 Feb 2018 15:39:22 -0800 X-Google-Sender-Auth: F7EXXKBvnoxIJtY47cpHDsPUL1U Message-ID: Subject: Re: [PATCH v2 1/2] fs/sysctl: fix potential page fault while unregistering sysctl table To: Danilo Krummrich Cc: "Luis R. Rodriguez" , LKML , "linux-fsdevel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 27, 2018 at 3:31 PM, Danilo Krummrich wrote: > proc_sys_link_fill_cache() does not take currently unregistering > sysctl tables into account, which might result into a page fault in > sysctl_follow_link() - add a check to fix it. > > Signed-off-by: Danilo Krummrich Acked-by: Kees Cook > --- > v2: removed empty line between between sysctl_head_grab and IS_ERR Thanks! -Kees > --- > fs/proc/proc_sysctl.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c > index c5cbbdff3c3d..82ac5f682b73 100644 > --- a/fs/proc/proc_sysctl.c > +++ b/fs/proc/proc_sysctl.c > @@ -707,7 +707,10 @@ static bool proc_sys_link_fill_cache(struct file *file, > struct ctl_table *table) > { > bool ret = true; > + > head = sysctl_head_grab(head); > + if (IS_ERR(head)) > + return false; > > if (S_ISLNK(table->mode)) { > /* It is not an error if we can not follow the link ignore it */ > -- > 2.14.1 > -- Kees Cook Pixel Security