| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <164786764630.1025645.12332376420230352947.stgit@warthog.procyon.org.uk>
Date: Mon, 21 Mar 2022 13:00:46 +0000
From: David Howells <dhowells@...hat.com>
To: torvalds@...ux-foundation.org
Cc: dhowells@...hat.com, fmdefrancesco@...il.com, jannh@...gle.com,
keyrings@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 0/2] watch_queue: A couple more fixes
Hi Linus,
Here are fixes for a couple more watch_queue bugs, both found by syzbot:
(1) Fix error cleanup in watch_queue_set_size() where it tries to clean up
all the pointers in the page list, even if they've not been allocated
yet[1]. Unfortunately, __free_page() doesn't treat a NULL pointer as
being "do nothing".
A second report[2] looks like it's probably the same bug, but on arm64
rather than x86_64, but there's no reproducer.
(2) Fix a missing kfree in free_watch() to actually free the watch[3].
Both have syzbot reproducers.
The fixes are also available through git:
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
David
Link: https://lore.kernel.org/r/000000000000b1807c05daad8f98@google.com/ [1]
Link: https://lore.kernel.org/r/000000000000035b9c05daae8a5e@google.com/ [2]
Link: https://lore.kernel.org/r/000000000000bc8eaf05dab91c63@google.com/ [3]
---
David Howells (2):
watch_queue: Fix NULL dereference in error cleanup
watch_queue: Actually free the watch
kernel/watch_queue.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Powered by blists - more mailing lists