On Thu, Feb 28, 2019 at 10:07:34AM -0500, Sasha Levin wrote:
From: Greg Kroah-Hartman gregkh@linuxfoundation.org
[ Upstream commit 2c1cf00eeacb784781cf1c9896b8af001246d339 ]
If create_buf_file() returns an error, don't try to reference it later as a valid dentry pointer.
This problem was exposed when debugfs started to return errors instead of just NULL for some calls when they do not succeed properly.
Also, the check for WARN_ON(dentry) was just wrong :)
Reported-by: Kees Cook keescook@chromium.org Reported-and-tested-by: syzbot+16c3a70e1e9b29346c43@syzkaller.appspotmail.com Reported-by: Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp Cc: Andrew Morton akpm@linux-foundation.org Cc: David Rientjes rientjes@google.com Fixes: ff9fb72bc077 ("debugfs: return error values, not NULL") Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Sasha Levin sashal@kernel.org
kernel/relay.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
Same here as well, please drop this from all queues.
greg k-h