Received: by 10.223.185.116 with SMTP id b49csp5613573wrg;
        Tue, 27 Feb 2018 17:10:35 -0800 (PST)
X-Google-Smtp-Source: AH8x226MWz1vrRKGLR07/V30Bi6ItgFihytrkqE/qZO2Pgk8KGd437kPQLgtGnfvNLK18FFIxDGt
X-Received: by 10.99.116.67 with SMTP id e3mr12592312pgn.265.1519780235659;
        Tue, 27 Feb 2018 17:10:35 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519780235; cv=none;
        d=google.com; s=arc-20160816;
        b=qfx3N8qWZ4BNBm+uZHtGHusA6tREKaLzs6G/VYKYZjEDGuUGttVvxnHH4uwykjVwQB
         RWk3IW6scdZk0iafiQrxHz+RbWrWDfcmuxKJn1/R2p7Xhz5aPYswMKbnDQeInDL/uQbR
         AOQQczc1iJXYeH8MfNVVQNctor6cGFkvL0PnByTIL7BzbLLXnNVh8/V/jSK9nyma1xZ3
         mm6stQzU9lZnWrTxpsHFaXJCp3fBXF4ns++sgDHyiUaS2kOeO0nnPWFdoH9blPdf6x4B
         tc5X6fe2fj8EZPf7lIkba8tRJyYvKbasseZnt2pqPqQbZGx25vlsSlKTuqSV8SHX/KSn
         BsOQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=hZ+CBDlbp93cc0A/sUF+prT6UTk0XuBdfdLtllg4+zM=;
        b=K/2MdLJAGU56L7EYQ0I1PQNRRbdPQbSxZd54E9T6P6cIfR1CQeAVwWrJEJiL2Qjg6v
         5L6pmKEAXgrurriEbNH2q1CO8FBXFIHqJSYaJMYY2c/zpmRF7UnHUa1II5YE1jIs9jS7
         uNxb5QMfPqijYk9+QNjufXkcBIBTmt22aZ+ce8iFlCngOVRxc7qG9E2k6mtJ5iIwMovH
         QRJS69bIxZ17Qf3qZEKt2X2BMoveROQtLYhW59Tg1gYZcPjoWWEY9MSyjiJaSwG7iP+d
         GXyiww6oSu1GSOPqS9/3IFfd69Jq2mUir6HUl/1X62NV41rhQuaOqMWI/QAL/9nCJ5sx
         /8xA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r22si327287pfj.140.2018.02.27.17.10.20;
        Tue, 27 Feb 2018 17:10:35 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751835AbeB1BJI (ORCPT <rfc822;414256we@gmail.com> + 99 others);
        Tue, 27 Feb 2018 20:09:08 -0500
Received: from mx2.suse.de ([195.135.220.15]:47749 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751117AbeB1BJH (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 27 Feb 2018 20:09:07 -0500
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254])
        by mx2.suse.de (Postfix) with ESMTP id 067E9AC0D;
        Wed, 28 Feb 2018 01:09:06 +0000 (UTC)
Date:   Wed, 28 Feb 2018 01:09:05 +0000
From:   "Luis R. Rodriguez" <mcgrof@kernel.org>
To:     Danilo Krummrich <danilokrummrich@dk-develop.de>
Cc:     mcgrof@kernel.org, keescook@chromium.org,
        linux-kernel@vger.kernel.org,
        Eric Biederman <ebiederm@xmission.com>,
        linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v2 1/2] fs/sysctl: fix potential page fault while
 unregistering sysctl table
Message-ID: <20180228010905.GB14069@wotan.suse.de>
References: <20180227233156.29826-1-danilokrummrich@dk-develop.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180227233156.29826-1-danilokrummrich@dk-develop.de>
User-Agent: Mutt/1.6.0 (2016-04-01)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Feb 28, 2018 at 12:31:55AM +0100, Danilo Krummrich wrote:
> proc_sys_link_fill_cache() does not take currently unregistering
> sysctl tables into account, which might result into a page fault in
> sysctl_follow_link() - add a check to fix it.
> 
> Signed-off-by: Danilo Krummrich <danilokrummrich@dk-develop.de>
> ---
> v2: removed empty line between between sysctl_head_grab and IS_ERR

Please add a respective tag:

Fixes: 0e47c99d7fe25 ("sysctl: Replace root_list with links between sysctl_table_sets")

And mention this has been present since v3.4. May be worth sending to
stable as well, so peg stable as well.

  Luis

> ---
>  fs/proc/proc_sysctl.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
> index c5cbbdff3c3d..82ac5f682b73 100644
> --- a/fs/proc/proc_sysctl.c
> +++ b/fs/proc/proc_sysctl.c
> @@ -707,7 +707,10 @@ static bool proc_sys_link_fill_cache(struct file *file,
>  				    struct ctl_table *table)
>  {
>  	bool ret = true;
> +
>  	head = sysctl_head_grab(head);
> +	if (IS_ERR(head))
> +		return false;
>  
>  	if (S_ISLNK(table->mode)) {
>  		/* It is not an error if we can not follow the link ignore it */
> -- 
> 2.14.1
> 
> 

-- 
Luis Rodriguez, SUSE LINUX GmbH
Maxfeldstrasse 5; D-90409 Nuernberg