From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755971AbdJJMEF (ORCPT <rfc822;w@1wt.eu>);
        Tue, 10 Oct 2017 08:04:05 -0400
Received: from mx1.redhat.com ([209.132.183.28]:45942 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1755144AbdJJMEE (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 10 Oct 2017 08:04:04 -0400
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 6FEA781DEA
Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=oleg@redhat.com
Date: Tue, 10 Oct 2017 14:04:02 +0200
From: Oleg Nesterov <oleg@redhat.com>
To: Tycho Andersen <tycho@tycho.ws>
Cc: Kees Cook <keescook@chromium.org>, linux-kernel@vger.kernel.org
Subject: Re: null dereference in binfmt misc
Message-ID: <20171010120402.GA32446@redhat.com>
References: <20171009211940.rtgjt7zayj5kftic@smitten>
 <20171010111647.GA27310@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20171010111647.GA27310@redhat.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 10 Oct 2017 12:04:04 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 10/10, Oleg Nesterov wrote:
>
> On 10/09, Tycho Andersen wrote:
> > Hi,
> >
> > It looks like eb23aa031 ("exec: binfmt_misc: remove the confusing
> > e->interp_file != NULL checks") uncovered a bug for me (see the trace below,
> > which I'm afraid isn't very helpful).
>
> Well, I think this commit uncovered the fact I am stupid, although there is
> nothing new. I forgot about iput() in bm_register_write's error paths, it can
> be called with MISC_FMT_OPEN_FILE && interp_file == NULL.
>
> I'll try to cleanup bm_register_write() to make this impossible, or perhaps
> I will just restore the interp_file != NULL check in evict.

Yes, but...

> Before that, could you please try the debugging patch below? To ensure you
> didn't hit another problem.

please ignore. scripts/decodecode suggests you hit another problem,
inode->i_private is NULL.

I'll send the patch today, thanks.

Oleg.