From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=x6D4=RR=vger.kernel.org=stable-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.5 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS,
	USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8297EC43381
	for <stable@archiver.kernel.org>; Thu, 14 Mar 2019 17:11:44 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 52D0A2186A
	for <stable@archiver.kernel.org>; Thu, 14 Mar 2019 17:11:44 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=default; t=1552583504;
	bh=0sDFJ7hzp2MVLcXgX9EjzzjfHq84iuN5O4iPHzvJ6tA=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From;
	b=oSb/kZxGUbdfK7N9NuhM6Buevzq9T9xrnSb0J+j0+WjeNFH9rsQQJSqntvuR3e/XY
	 NHe8MZ6GC2oDTbinis9ofdWekwaTGxWL2E2yE+e8l7eBuNy6a6KOBHWh1CVjZyc64w
	 X6PM0oxyGsCRkx23Q3n6qpXf/IfQUIjVOBKiEPKo=
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726424AbfCNRLn (ORCPT <rfc822;stable@archiver.kernel.org>);
        Thu, 14 Mar 2019 13:11:43 -0400
Received: from mail.kernel.org ([198.145.29.99]:49006 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726157AbfCNRLn (ORCPT <rfc822;stable@vger.kernel.org>);
        Thu, 14 Mar 2019 13:11:43 -0400
Received: from localhost (unknown [12.27.65.221])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 72CE921855;
        Thu, 14 Mar 2019 17:11:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1552583502;
        bh=0sDFJ7hzp2MVLcXgX9EjzzjfHq84iuN5O4iPHzvJ6tA=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=m0KsqZyJdzqlOos8bw8xO8koHyH5sQrlPqfMG44jncf9bTy+eK/mClZzOEoFuWhrQ
         +ScDtJ9RIO2+i7hBGjtIpxNANPhaZAZBaV6qkJZ69/N69sqOxmPLE1hIOEZ8ec4K6w
         JhIzS25EOqNCPigydES1x14jlnhaddpkvi/kgQLU=
Date:   Thu, 14 Mar 2019 10:11:42 -0700
From:   Greg KH <gregkh@linuxfoundation.org>
To:     Zubin Mithra <zsm@chromium.org>
Cc:     stable@vger.kernel.org, groeck@chromium.org, ebiggers@google.com,
        dhowells@redhat.com, jmorris@namei.org, serge@hallyn.com
Subject: Re: 4aa68e07d845 ("KEYS: restrict /proc/keys by credentials at open
 time")
Message-ID: <20190314171142.GA25362@kroah.com>
References: <20190314163040.GA36815@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190314163040.GA36815@google.com>
User-Agent: Mutt/1.11.4 (2019-03-13)
Sender: stable-owner@vger.kernel.org
Precedence: bulk
List-ID: <stable.vger.kernel.org>
X-Mailing-List: stable@vger.kernel.org

On Thu, Mar 14, 2019 at 09:30:42AM -0700, Zubin Mithra wrote:
> Hello,
> 
> Syzkaller has triggered a kernel BUG when fuzzing a 4.4 kernel with the following stacktrace.
> Call Trace:
>  [<ffffffff818568d5>] construct_alloc_key security/keys/request_key.c:388 [inline]
>  [<ffffffff818568d5>] construct_key_and_link security/keys/request_key.c:479 [inline]
>  [<ffffffff818568d5>] request_key_and_link+0x49b/0x8c5 security/keys/request_key.c:594
>  [<ffffffff8184fb08>] SYSC_request_key security/keys/keyctl.c:213 [inline]
>  [<ffffffff8184fb08>] SyS_request_key+0x1ac/0x2a2 security/keys/keyctl.c:158
>  [<ffffffff832bec3a>] entry_SYSCALL_64_fastpath+0x31/0xb3
> 
> Could the following patches be applied to v4.4.y?
> * 4aa68e07d845 ("KEYS: restrict /proc/keys by credentials at open time")
> * ede0fa98a900 ("KEYS: always initialize keyring_index_key::desc_len")
> 
> Note: queue-4.4 currently has a backport for "keys-always-initialize-keyring_index_key-desc_len.patch".

As the queue already has this second patch, no need to add it, right?

And 4aa68e07d845 doesn't apply cleanly, but your 4.9.y backport did, so
I'll take that one, is that ok?

thanks,

greg k-h