On Thu, Jan 31, 2019 at 11:51 PM Greg KH <gre...@linuxfoundation.org> wrote:
> Can you test the patch below?
>
> thanks,
>
> greg k-h
>
> --------------
>
> diff --git a/kernel/relay.c b/kernel/relay.c
> index 04f248644e06..9e0f52375487 100644
> --- a/kernel/relay.c
> +++ b/kernel/relay.c
> @@ -428,6 +428,8 @@ static struct dentry *relay_create_buf_file(struct rchan
> *chan,
> dentry = chan->cb->create_buf_file(tmpname, chan->parent,
> S_IRUSR, buf,
> &chan->is_global);
> + if (IS_ERR(dentry))
> + dentry = NULL;
>
> kfree(tmpname);
>
> @@ -461,7 +463,7 @@ static struct rchan_buf *relay_open_buf(struct rchan
> *chan, unsigned int cpu)
> dentry = chan->cb->create_buf_file(NULL, NULL,
> S_IRUSR, buf,
> &chan->is_global);
> - if (WARN_ON(dentry))
> + if (IS_ERR_OR_NULL(dentry))
> goto free_buf;
> }
>
Thanks! (Can we find other cases of this with static analysis?)
Fixes: ff9fb72bc077 ("debugfs: return error values, not NULL")
Reported-by: syzbot+16c3a70e1e9b29346...@syzkaller.appspotmail.com
Tested-by: Kees Cook <keesc...@chromium.org>
--
Kees Cook
