[PATCH 0/2] watch_queue: A couple more fixes

From: David Howells
Date: Mon Mar 21 2022 - 09:00:55 EST

Next message: David Howells: "[PATCH 1/2] watch_queue: Fix NULL dereference in error cleanup"
Previous message: Stefan Berger: "Re: [PATCH v6 3/5] ima: permit fsverity's file digests in the IMA measurement list"
Next in thread: David Howells: "[PATCH 1/2] watch_queue: Fix NULL dereference in error cleanup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Linus,

Here are fixes for a couple more watch_queue bugs, both found by syzbot:

(1) Fix error cleanup in watch_queue_set_size() where it tries to clean up
all the pointers in the page list, even if they've not been allocated
yet[1]. Unfortunately, __free_page() doesn't treat a NULL pointer as
being "do nothing".

A second report[2] looks like it's probably the same bug, but on arm64
rather than x86_64, but there's no reproducer.

(2) Fix a missing kfree in free_watch() to actually free the watch[3].

Both have syzbot reproducers.

The fixes are also available through git:

https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes

David

Link: https://lore.kernel.org/r/000000000000b1807c05daad8f98@xxxxxxxxxx/ [1]
Link: https://lore.kernel.org/r/000000000000035b9c05daae8a5e@xxxxxxxxxx/ [2]
Link: https://lore.kernel.org/r/000000000000bc8eaf05dab91c63@xxxxxxxxxx/ [3]
---
David Howells (2):
watch_queue: Fix NULL dereference in error cleanup
watch_queue: Actually free the watch

kernel/watch_queue.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Next message: David Howells: "[PATCH 1/2] watch_queue: Fix NULL dereference in error cleanup"
Previous message: Stefan Berger: "Re: [PATCH v6 3/5] ima: permit fsverity's file digests in the IMA measurement list"
Next in thread: David Howells: "[PATCH 1/2] watch_queue: Fix NULL dereference in error cleanup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]