[Devel] [PATCH RHEL7 COMMIT] ms/fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Jun 16 17:43:43 MSK 2020
The commit is pushed to "branch-rh7-3.10.0-1127.10.1.vz7.162.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1127.10.1.vz7.162.3
------>
commit 54985e0a2cd715d57b69289f12974484e596c8fe
Author: Danilo Krummrich <danilokrummrich at dk-develop.de>
Date: Tue Apr 10 16:31:38 2018 -0700
ms/fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table
proc_sys_link_fill_cache() does not take currently unregistering sysctl
tables into account, which might result into a page fault in
sysctl_follow_link() - add a check to fix it.
This bug has been present since v3.4.
Link: http://lkml.kernel.org/r/20180228013506.4915-1-danilokrummrich@dk-develop.de
Fixes: 0e47c99d7fe25 ("sysctl: Replace root_list with links between sysctl_table_sets")
Signed-off-by: Danilo Krummrich <danilokrummrich at dk-develop.de>
Acked-by: Kees Cook <keescook at chromium.org>
Reviewed-by: Andrew Morton <akpm at linux-foundation.org>
Cc: "Luis R . Rodriguez" <mcgrof at kernel.org>
Cc: "Eric W. Biederman" <ebiederm at xmission.com>
Cc: Alexey Dobriyan <adobriyan at gmail.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
https://jira.sw.ru/browse/PSBM-104566
Backport notes: "return false" -> "return 1".
(cherry picked from commit a0b0d1c345d0317efe594df268feb5ccc99f651e)
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
fs/proc/proc_sysctl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index 3be270f63a81d..aff3564c00b94 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -718,7 +718,10 @@ static int proc_sys_link_fill_cache(struct file *filp, void *dirent,
struct ctl_table *table)
{
int ret = 0;
+
head = sysctl_head_grab(head);
+ if (IS_ERR(head))
+ return 1;
if (S_ISLNK(table->mode)) {
/* It is not an error if we can not follow the link ignore it */
More information about the Devel
mailing list