lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20241226012616.2348907-1-lizhi.xu@windriver.com>
Date: Thu, 26 Dec 2024 09:26:16 +0800
From: Lizhi Xu <lizhi.xu@...driver.com>
To: <syzbot+76f33569875eb708e575@...kaller.appspotmail.com>
CC: <dhowells@...hat.com>, <linux-afs@...ts.infradead.org>,
        <linux-kernel@...r.kernel.org>, <marc.dionne@...istor.com>,
        <syzkaller-bugs@...glegroups.com>
Subject: [PATCH] afs: Merge preference rule failure condition

syzbot reported a lock held when returning to user space. [1]

If argc is less than 0 and the function returns directly, the held inode
lock is not released. Combine it with less than 2.

[1]
WARNING: lock held when returning to user space!
6.13.0-rc3-syzkaller-00209-g499551201b5f #0 Not tainted
------------------------------------------------
syz-executor133/5823 is leaving the kernel with locks still held!
1 lock held by syz-executor133/5823:
 #0: ffff888071cffc00 (&sb->s_type->i_mutex_key#9){++++}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline]
 #0: ffff888071cffc00 (&sb->s_type->i_mutex_key#9){++++}-{4:4}, at: afs_proc_addr_prefs_write+0x2bb/0x14e0 fs/afs/addr_prefs.c:388

Reported-by: syzbot+76f33569875eb708e575@...kaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=76f33569875eb708e575
Tested-by: syzbot+76f33569875eb708e575@...kaller.appspotmail.com
Signed-off-by: Lizhi Xu <lizhi.xu@...driver.com>
---
 fs/afs/addr_prefs.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/fs/afs/addr_prefs.c b/fs/afs/addr_prefs.c
index a189ff8a5034..ba391f8558d5 100644
--- a/fs/afs/addr_prefs.c
+++ b/fs/afs/addr_prefs.c
@@ -413,8 +413,6 @@ int afs_proc_addr_prefs_write(struct file *file, char *buf, size_t size)
 
 	do {
 		argc = afs_split_string(&buf, argv, ARRAY_SIZE(argv));
-		if (argc < 0)
-			return argc;
 		if (argc < 2)
 			goto inval;
 
-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ