| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Jan 2017 19:56:49 +0800
From: Hanjun Guo <guohanjun@...wei.com>
To: Zhou Chengming <zhouchengming1@...wei.com>,
<linux-kernel@...r.kernel.org>, <viro@...iv.linux.org.uk>,
<ebiederm@...ssion.com>, <balbi@...nel.org>
CC: <konishi.ryusuke@....ntt.co.jp>, <jack@...e.cz>,
<dmitry.torokhov@...il.com>, <caiqian@...hat.com>,
<yangshukui@...wei.com>, <dingtianhong@...wei.com>,
<lizefan@...wei.com>
Subject: Re: [PATCH] Drop reference added by grab_header
On 2017/1/5 19:33, Zhou Chengming wrote:
> Fixes CVE-2016-9191.
CVE-2016-9191 says that it's cgroup bug but turns out it's
not, I think you need to add more commit message to
explain it? For example, we got different calltrace stack
but all of them point to drop_sysctl_table() and it turns out
a reference count bug.
Thanks
Hanjun
>
> Reported-by: CAI Qian <caiqian@...hat.com>
> Tested-by: Yang Shukui <yangshukui@...wei.com>
> Signed-off-by: Zhou Chengming <zhouchengming1@...wei.com>
> ---
> fs/proc/proc_sysctl.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
> index 5d931bf..c4c90bd 100644
> --- a/fs/proc/proc_sysctl.c
> +++ b/fs/proc/proc_sysctl.c
> @@ -718,7 +718,7 @@ static int proc_sys_readdir(struct file *file, struct dir_context *ctx)
> ctl_dir = container_of(head, struct ctl_dir, header);
>
> if (!dir_emit_dots(file, ctx))
> - return 0;
> + goto out;
>
> pos = 2;
>
> @@ -728,6 +728,7 @@ static int proc_sys_readdir(struct file *file, struct dir_context *ctx)
> break;
> }
> }
> +out:
> sysctl_head_finish(head);
> return 0;
> }
Powered by blists - more mailing lists