On Thu, Feb 28, 2019 at 10:07:34AM -0500, Sasha Levin wrote:
> From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
>
> [ Upstream commit 2c1cf00eeacb784781cf1c9896b8af001246d339 ]
>
> If create_buf_file() returns an error, don't try to reference it later
> as a valid dentry pointer.
>
> This problem was exposed when debugfs started to return errors instead
> of just NULL for some calls when they do not succeed properly.
>
> Also, the check for WARN_ON(dentry) was just wrong :)
>
> Reported-by: Kees Cook <keescook@xxxxxxxxxxxx>
> Reported-and-tested-by: syzbot+16c3a70e1e9b29346c43@xxxxxxxxxxxxxxxxxxxxxxxxx
> Reported-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> Cc: David Rientjes <rientjes@xxxxxxxxxx>
> Fixes: ff9fb72bc077 ("debugfs: return error values, not NULL")
> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
> ---
> kernel/relay.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
Same here as well, please drop this from all queues.
greg k-h
