In the big_key_instantiate() function we return 0 if kernel_write() returns us
an error rather than returning an error. This can potentially lead to
dentry_open() giving a BUG when called from big_key_read() with an unset
tmpfile path.
------------[ cut here ]------------
kernel BUG at fs/open.c:798!
...
RIP: 0010:[<
ffffffff8119bbd1>] dentry_open+0xd1/0xe0
...
Call Trace:
[<
ffffffff812350c5>] big_key_read+0x55/0x100
[<
ffffffff81231084>] keyctl_read_key+0xb4/0xe0
[<
ffffffff81231e58>] SyS_keyctl+0xf8/0x1d0
[<
ffffffff815bb799>] system_call_fastpath+0x16/0x1b
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
written = kernel_write(file, prep->data, prep->datalen, 0);
if (written != datalen) {
+ ret = written;
if (written >= 0)
ret = -ENOMEM;
goto err_fput;
projects / firefly-linux-kernel-4.4.55.git / commitdiff