| commit | 39cfffd774a2e8818250360a3e028b5eac9d5392 | [log] [tgz] |
|---|---|---|
| author | Manfred Spraul <[email protected]> | Tue Aug 21 22:01:29 2018 -0700 |
| committer | Linus Torvalds <[email protected]> | Wed Aug 22 10:52:51 2018 -0700 |
| tree | 6965eb7bc09fc8c58a900d0641d9ccde8752065c | |
| parent | e2652ae6bd7492cdc0436817cbcd09282eb0bb03 [diff] |
ipc/util.c: use ipc_rcu_putref() for failues in ipc_addid() ipc_addid() is impossible to use: - for certain failures, the caller must not use ipc_rcu_putref(), because the reference counter is not yet initialized. - for other failures, the caller must use ipc_rcu_putref(), because parallel operations could be ongoing already. The patch cleans that up, by initializing the refcount early, and by modifying all callers. The issues is related to the finding of [email protected]: syzbot found an issue with reading kern_ipc_perm.seq, here both read and write to already released memory could happen. Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Manfred Spraul <[email protected]> Cc: Dmitry Vyukov <[email protected]> Cc: Kees Cook <[email protected]> Cc: Davidlohr Bueso <[email protected]> Cc: Davidlohr Bueso <[email protected]> Cc: Herbert Xu <[email protected]> Cc: Michael Kerrisk <[email protected]> Cc: Michal Hocko <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>