On Thu, Jan 31, 2019 at 11:51 PM Greg KH <gre...@linuxfoundation.org> wrote: > Can you test the patch below? > > thanks, > > greg k-h > > -------------- > > diff --git a/kernel/relay.c b/kernel/relay.c > index 04f248644e06..9e0f52375487 100644 > --- a/kernel/relay.c > +++ b/kernel/relay.c > @@ -428,6 +428,8 @@ static struct dentry *relay_create_buf_file(struct rchan > *chan, > dentry = chan->cb->create_buf_file(tmpname, chan->parent, > S_IRUSR, buf, > &chan->is_global); > + if (IS_ERR(dentry)) > + dentry = NULL; > > kfree(tmpname); > > @@ -461,7 +463,7 @@ static struct rchan_buf *relay_open_buf(struct rchan > *chan, unsigned int cpu) > dentry = chan->cb->create_buf_file(NULL, NULL, > S_IRUSR, buf, > &chan->is_global); > - if (WARN_ON(dentry)) > + if (IS_ERR_OR_NULL(dentry)) > goto free_buf; > } >
Thanks! (Can we find other cases of this with static analysis?) Fixes: ff9fb72bc077 ("debugfs: return error values, not NULL") Reported-by: syzbot+16c3a70e1e9b29346...@syzkaller.appspotmail.com Tested-by: Kees Cook <keesc...@chromium.org> -- Kees Cook