diff options
| -rw-r--r-- | kvm-properly-check-debugfs-dentry-before-using-it.patch | 38 | ||||
| -rw-r--r-- | rpc-properly-check-debugfs-dentry-before-using-it.patch | 49 | ||||
| -rw-r--r-- | series | 2 |
3 files changed, 39 insertions, 50 deletions
diff --git a/kvm-properly-check-debugfs-dentry-before-using-it.patch b/kvm-properly-check-debugfs-dentry-before-using-it.patch new file mode 100644 index 00000000000000..29a8d3c9d70cf2 --- /dev/null +++ b/kvm-properly-check-debugfs-dentry-before-using-it.patch @@ -0,0 +1,38 @@ +From foo@baz Thu Feb 28 16:02:54 CET 2019 +Date: Thu, 28 Feb 2019 16:02:54 +0100 +To: Greg KH <gregkh@linuxfoundation.org> +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Subject: [PATCH] kvm: properly check debugfs dentry before using it + +debugfs can now report an error code if something went wrong instead of +just NULL. So if the return value is to be used as a "real" dentry, it +needs to be checked if it is an error before dereferencing it. + +This is now happening because of ff9fb72bc077 ("debugfs: return error +values, not NULL"). syzbot has found a way to trigger multiple debugfs +files attempting to be created, which fails, and then the error code +gets passed to dentry_path_raw() which obviously does not like it. + +Reported-by: Eric Biggers <ebiggers@kernel.org> +Reported-and-tested-by: syzbot+7857962b4d45e602b8ad@syzkaller.appspotmail.com +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: "Radim Krčmář" <rkrcmar@redhat.com> +Cc: kvm@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> + + +--- + virt/kvm/kvm_main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/virt/kvm/kvm_main.c ++++ b/virt/kvm/kvm_main.c +@@ -4044,7 +4044,7 @@ static void kvm_uevent_notify_change(uns + } + add_uevent_var(env, "PID=%d", kvm->userspace_pid); + +- if (kvm->debugfs_dentry) { ++ if (!IS_ERR_OR_NULL(kvm->debugfs_dentry)) { + char *tmp, *p = kmalloc(PATH_MAX, GFP_KERNEL); + + if (p) { diff --git a/rpc-properly-check-debugfs-dentry-before-using-it.patch b/rpc-properly-check-debugfs-dentry-before-using-it.patch deleted file mode 100644 index e97da4dcbd2307..00000000000000 --- a/rpc-properly-check-debugfs-dentry-before-using-it.patch +++ /dev/null @@ -1,49 +0,0 @@ -From foo@baz Tue Feb 12 19:21:57 CET 2019 -Date: Tue, 12 Feb 2019 19:21:57 +0100 -To: Greg KH <gregkh@linuxfoundation.org> -From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -Subject: [PATCH] rpc: properly check debugfs dentry before using it - -debugfs can now report an error code if something went wrong instead of -just NULL. So if the return value is to be used as a "real" dentry, it -needs to be checked if it is an error before dereferenceing it. - -This is now happening because of ff9fb72bc077 ("debugfs: return error values, -not NULL") - -Cc: "J. Bruce Fields" <bfields@fieldses.org> -Cc: Jeff Layton <jlayton@kernel.org> -Cc: Trond Myklebust <trond.myklebust@hammerspace.com> -Cc: Anna Schumaker <anna.schumaker@netapp.com> -Cc: linux-nfs@vger.kernel.org -Cc: netdev@vger.kernel.org -Reported-by: David Howells <dhowells@redhat.com> -Tested-by: David Howells <dhowells@redhat.com> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> - ---- - net/sunrpc/debugfs.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -I can take this through my tree if people don't object, or it can go -through the NFS tree. It does need to get merged before 5.0-final -though. - -I also have a "larger" debugfs cleanup patch for this file, but that's -not really 5.0-final material and I will send it out later. - -thanks, - -greg k-h - ---- a/net/sunrpc/debugfs.c -+++ b/net/sunrpc/debugfs.c -@@ -146,7 +146,7 @@ rpc_clnt_debugfs_register(struct rpc_cln - rcu_read_lock(); - xprt = rcu_dereference(clnt->cl_xprt); - /* no "debugfs" dentry? Don't bother with the symlink. */ -- if (!xprt->debugfs) { -+ if (IS_ERR_OR_NULL(xprt->debugfs)) { - rcu_read_unlock(); - return; - } @@ -1,6 +1,6 @@ # -rpc-properly-check-debugfs-dentry-before-using-it.patch +kvm-properly-check-debugfs-dentry-before-using-it.patch 0003-toneport-fixes.patch stable-kernel-rules.rst-add-link-to-networking-patch-queue.patch spdxcheck-print-out-files-without-any-spdx-lines.patch |