On 2017/1/5 19:33, Zhou Chengming wrote: > Fixes CVE-2016-9191. CVE-2016-9191 says that it's cgroup bug but turns out it's not, I think you need to add more commit message to explain it? For example, we got different calltrace stack but all of them point to drop_sysctl_table() and it turns out a reference count bug.
Thanks Hanjun > > Reported-by: CAI Qian <caiq...@redhat.com> > Tested-by: Yang Shukui <yangshu...@huawei.com> > Signed-off-by: Zhou Chengming <zhouchengmi...@huawei.com> > --- > fs/proc/proc_sysctl.c | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > > diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c > index 5d931bf..c4c90bd 100644 > --- a/fs/proc/proc_sysctl.c > +++ b/fs/proc/proc_sysctl.c > @@ -718,7 +718,7 @@ static int proc_sys_readdir(struct file *file, struct > dir_context *ctx) > ctl_dir = container_of(head, struct ctl_dir, header); > > if (!dir_emit_dots(file, ctx)) > - return 0; > + goto out; > > pos = 2; > > @@ -728,6 +728,7 @@ static int proc_sys_readdir(struct file *file, struct > dir_context *ctx) > break; > } > } > +out: > sysctl_head_finish(head); > return 0; > }
