From patchwork Mon Mar 21 13:00:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12787212 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CA190C433F5 for ; Mon, 21 Mar 2022 13:00:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347680AbiCUNCS (ORCPT ); Mon, 21 Mar 2022 09:02:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46906 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347670AbiCUNCR (ORCPT ); Mon, 21 Mar 2022 09:02:17 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 4A8E0554B1 for ; Mon, 21 Mar 2022 06:00:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1647867649; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+eufLnpVokFrbEaIu897l2dh/pat5lF2bZZu9LjdBSY=; b=Ku283/ZJl6giaIrGi+3/xO7gvJZLWp+v0Qnusjf7h9+xMTHDEHbBU5eYja9sYDeaqkmQpN Mm/6Mzeg2gsp0/3mIHs9WG92cQBe1PqNl5M7hphW1z9by7O4CGLRa+Qahvt6Pz0HQ+8CtR UlWTFmocYFPu9AV9GzhyVOzQaSBIysU= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-548-FmWPyz3sPZW_t3aw1n64vQ-1; Mon, 21 Mar 2022 09:00:48 -0400 X-MC-Unique: FmWPyz3sPZW_t3aw1n64vQ-1 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D21CC811E76; Mon, 21 Mar 2022 13:00:47 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.33.36.19]) by smtp.corp.redhat.com (Postfix) with ESMTP id 09BB7440EE0; Mon, 21 Mar 2022 13:00:46 +0000 (UTC) Subject: [PATCH 0/2] watch_queue: A couple more fixes From: David Howells To: torvalds@linux-foundation.org Cc: dhowells@redhat.com, fmdefrancesco@gmail.com, jannh@google.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Mon, 21 Mar 2022 13:00:46 +0000 Message-ID: <164786764630.1025645.12332376420230352947.stgit@warthog.procyon.org.uk> User-Agent: StGit/1.4 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.85 on 10.11.54.9 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org Hi Linus, Here are fixes for a couple more watch_queue bugs, both found by syzbot: (1) Fix error cleanup in watch_queue_set_size() where it tries to clean up all the pointers in the page list, even if they've not been allocated yet[1]. Unfortunately, __free_page() doesn't treat a NULL pointer as being "do nothing". A second report[2] looks like it's probably the same bug, but on arm64 rather than x86_64, but there's no reproducer. (2) Fix a missing kfree in free_watch() to actually free the watch[3]. Both have syzbot reproducers. The fixes are also available through git: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes David Link: https://lore.kernel.org/r/000000000000b1807c05daad8f98@google.com/ [1] Link: https://lore.kernel.org/r/000000000000035b9c05daae8a5e@google.com/ [2] Link: https://lore.kernel.org/r/000000000000bc8eaf05dab91c63@google.com/ [3] --- David Howells (2): watch_queue: Fix NULL dereference in error cleanup watch_queue: Actually free the watch kernel/watch_queue.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)