Received: by 2002:ac0:950c:0:0:0:0:0 with SMTP id f12csp2288700imc; Tue, 12 Mar 2019 10:39:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqyK9DrBTZi0CqqxX1SogVkRH3s3C8GDINhu64rZnb3dJowF3ixpAi+3oGvK1Qht/27NTmFd X-Received: by 2002:a63:68ca:: with SMTP id d193mr35804628pgc.53.1552412359755; Tue, 12 Mar 2019 10:39:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552412359; cv=none; d=google.com; s=arc-20160816; b=Cl1L30cVOYzVLNhBILXK6iR7/RZioYot8/NhO+LbiJXfm1cnWjLtyU8E/Dv7M3kP7U THIcDy2xpKSSLsGSaJZP5765WjMAqSXSdEnBe2pSP5Ja1LaO4VBPyvZNVmdCRf6pbQhl W/g8O+5ArIP3X+ON49+pTSH/y2klzIP4CGOkXFIyJqWBRxiET3OKtRSZsv10kOSy9zmh zYm8/N/BXK1Q2pckicvuNbA0tUpTTS9Qx8vJyWuUOOKo2iQKD+ZCKJv+KyKMq7/IUbBo 1yU6wvLARIq8X5mYjNT+dw1AL0f3+Bx/LfdzNWG4dy/ZWgicOdSxVtAeIkeHtMDtBUrn RvOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=GyJWI5MUbO4MnTHCbkqhGomoJFz+Dk5ioxlL1kmE+N4=; b=p8n8tcmL/P1jYnQUeOvxKc+MiR1ctVEOuOyPZlvhnSUL21EsQGIY6mN5Yomc6Zfnvr usZ05M5aQVH26r5SNBclGXQqdtu1VePXbCDwF7974A+tVBVcSFfBTaYU0tlho+hf81S4 DEiRDSQxE+7jod+rjHZHTnT9mi7PvJQtmd46VfteDfKiMmwr1C3Qk/CXiOabKNtbHmaa NXvnkGxUEPtsxBxSbavxhkPQpQHi9gqklXeBlTed9HLADdyw/caG2i9NC6+ujdy6qeyv yItPkhZf+b1t6vYE7eqM8sJO1GPXCAtH4BObVNgrufbE1oceuG64pl9AE/baAMmVwpG1 Veqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="KQ3GfW/9"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s10si7735990pgp.564.2019.03.12.10.39.04; Tue, 12 Mar 2019 10:39:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="KQ3GfW/9"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729585AbfCLRgy (ORCPT + 99 others); Tue, 12 Mar 2019 13:36:54 -0400 Received: from mail.kernel.org ([198.145.29.99]:59094 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727561AbfCLRQl (ORCPT ); Tue, 12 Mar 2019 13:16:41 -0400 Received: from localhost (unknown [104.133.8.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 23DB221850; Tue, 12 Mar 2019 17:16:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1552411000; bh=PnyJkZHFpAkVKkBVJuoEiWm+YSFTIjGbUslaJpOhQG4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KQ3GfW/9dvpe6B4IiLDyKy855khjtzedE5oyBbkyqNNYRk60yNArA1zNIY46j0G9n CSq5sGX3JVM9YRijB3m05OPm36Eqpb6WIXyamkR6wAuoIuLUzb+EanHnGcg3n1/qHW oPDW/7nMIEP9ZiJxAS62EkOyQnDxu1z3vR38zhb8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kees Cook , Tetsuo Handa , Andrew Morton , David Rientjes , Sasha Levin , syzbot+16c3a70e1e9b29346c43@syzkaller.appspotmail.com Subject: [PATCH 4.14 100/135] relay: check return of create_buf_file() properly Date: Tue, 12 Mar 2019 10:09:07 -0700 Message-Id: <20190312170350.394798703@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190312170341.127810985@linuxfoundation.org> References: <20190312170341.127810985@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit 2c1cf00eeacb784781cf1c9896b8af001246d339 ] If create_buf_file() returns an error, don't try to reference it later as a valid dentry pointer. This problem was exposed when debugfs started to return errors instead of just NULL for some calls when they do not succeed properly. Also, the check for WARN_ON(dentry) was just wrong :) Reported-by: Kees Cook Reported-and-tested-by: syzbot+16c3a70e1e9b29346c43@syzkaller.appspotmail.com Reported-by: Tetsuo Handa Cc: Andrew Morton Cc: David Rientjes Fixes: ff9fb72bc077 ("debugfs: return error values, not NULL") Signed-off-by: Greg Kroah-Hartman Signed-off-by: Sasha Levin --- kernel/relay.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kernel/relay.c b/kernel/relay.c index 1537158c67b3..61d37e6da22d 100644 --- a/kernel/relay.c +++ b/kernel/relay.c @@ -427,6 +427,8 @@ static struct dentry *relay_create_buf_file(struct rchan *chan, dentry = chan->cb->create_buf_file(tmpname, chan->parent, S_IRUSR, buf, &chan->is_global); + if (IS_ERR(dentry)) + dentry = NULL; kfree(tmpname); @@ -460,7 +462,7 @@ static struct rchan_buf *relay_open_buf(struct rchan *chan, unsigned int cpu) dentry = chan->cb->create_buf_file(NULL, NULL, S_IRUSR, buf, &chan->is_global); - if (WARN_ON(dentry)) + if (IS_ERR_OR_NULL(dentry)) goto free_buf; } -- 2.19.1