| Message ID | 164786764630.1025645.12332376420230352947.stgit@warthog.procyon.org.uk (mailing list archive) |
|---|---|
| Headers | show |
| Series | watch_queue: A couple more fixes | expand |
On Mon, Mar 21, 2022 at 6:01 AM David Howells <dhowells@redhat.com> wrote: > > The fixes are also available through git: > > https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes You have the dubious distinction of being the second pull today that didn't use a signed tag. Of 46 pulls today, only two were untagged branches, with the rest using signed tags. Linus
Linus Torvalds <torvalds@linux-foundation.org> wrote: > You have the dubious distinction of being the second pull today that > didn't use a signed tag. It wasn't my intention to ask you to pull it at this time, but rather put it up for review. With hindsight, I should probably have stuck an "RFC" flag on the cover. David
Hi Linus, Here are fixes for a couple more watch_queue bugs, both found by syzbot: (1) Fix error cleanup in watch_queue_set_size() where it tries to clean up all the pointers in the page list, even if they've not been allocated yet[1]. Unfortunately, __free_page() doesn't treat a NULL pointer as being "do nothing". A second report[2] looks like it's probably the same bug, but on arm64 rather than x86_64, but there's no reproducer. (2) Fix a missing kfree in free_watch() to actually free the watch[3]. Both have syzbot reproducers. The fixes are also available through git: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes David Link: https://lore.kernel.org/r/000000000000b1807c05daad8f98@google.com/ [1] Link: https://lore.kernel.org/r/000000000000035b9c05daae8a5e@google.com/ [2] Link: https://lore.kernel.org/r/000000000000bc8eaf05dab91c63@google.com/ [3] --- David Howells (2): watch_queue: Fix NULL dereference in error cleanup watch_queue: Actually free the watch kernel/watch_queue.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)