From: Hanjun Guo <guohanjun@huawei.com>
To: Zhou Chengming <zhouchengming1@huawei.com>,
<linux-kernel@vger.kernel.org>, <viro@zeniv.linux.org.uk>,
<ebiederm@xmission.com>, <balbi@kernel.org>
Cc: <konishi.ryusuke@lab.ntt.co.jp>, <jack@suse.cz>,
<dmitry.torokhov@gmail.com>, <caiqian@redhat.com>,
<yangshukui@huawei.com>, <dingtianhong@huawei.com>,
<lizefan@huawei.com>
Subject: Re: [PATCH] Drop reference added by grab_header
Date: Thu, 5 Jan 2017 19:56:49 +0800 [thread overview]
Message-ID: <586E3481.409@huawei.com> (raw)
In-Reply-To: <1483616021-16958-1-git-send-email-zhouchengming1@huawei.com>
On 2017/1/5 19:33, Zhou Chengming wrote:
> Fixes CVE-2016-9191.
CVE-2016-9191 says that it's cgroup bug but turns out it's
not, I think you need to add more commit message to
explain it? For example, we got different calltrace stack
but all of them point to drop_sysctl_table() and it turns out
a reference count bug.
Thanks
Hanjun
>
> Reported-by: CAI Qian <caiqian@redhat.com>
> Tested-by: Yang Shukui <yangshukui@huawei.com>
> Signed-off-by: Zhou Chengming <zhouchengming1@huawei.com>
> ---
> fs/proc/proc_sysctl.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
> index 5d931bf..c4c90bd 100644
> --- a/fs/proc/proc_sysctl.c
> +++ b/fs/proc/proc_sysctl.c
> @@ -718,7 +718,7 @@ static int proc_sys_readdir(struct file *file, struct dir_context *ctx)
> ctl_dir = container_of(head, struct ctl_dir, header);
>
> if (!dir_emit_dots(file, ctx))
> - return 0;
> + goto out;
>
> pos = 2;
>
> @@ -728,6 +728,7 @@ static int proc_sys_readdir(struct file *file, struct dir_context *ctx)
> break;
> }
> }
> +out:
> sysctl_head_finish(head);
> return 0;
> }
next prev parent reply other threads:[~2017-01-05 11:58 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-05 11:33 [PATCH] Drop reference added by grab_header Zhou Chengming
2017-01-05 11:56 ` Hanjun Guo [this message]
2017-01-05 12:14 ` zhouchengming
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=586E3481.409@huawei.com \
--to=guohanjun@huawei.com \
--cc=balbi@kernel.org \
--cc=caiqian@redhat.com \
--cc=dingtianhong@huawei.com \
--cc=dmitry.torokhov@gmail.com \
--cc=ebiederm@xmission.com \
--cc=jack@suse.cz \
--cc=konishi.ryusuke@lab.ntt.co.jp \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=viro@zeniv.linux.org.uk \
--cc=yangshukui@huawei.com \
--cc=zhouchengming1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.