linux.git - Linux kernel source tree

diff options

author	Nirmoy Das <nirmoyd@nvidia.com>	2026-05-14 07:42:57 -0700
committer	Christian Brauner <brauner@kernel.org>	2026-05-18 14:56:15 +0200
commit	1711b6ed6953cee5940ca4c3a6e77f1b3798cee2 (patch)
tree	934680b1890d5648d32f66ac04a3afbde4d1f050 /drivers/clk/eswin/git@git.tavy.me:linux.git
parent	8a220d1c312c66194f4a33dd52d1fba42bc2b341 (diff)

ovl: keep err zero after successful ovl_cache_get()

ovl_iterate_merged() stores PTR_ERR(cache) in err before checking IS_ERR(cache). On success err holds the truncated cache pointer and can be returned as a bogus non-zero error. The syzbot reproducer reaches this through overlay-on-overlay readdir: getdents64 iterate_dir(outer overlay file) ovl_iterate_merged() ovl_cache_get() ovl_dir_read_merged() ovl_dir_read() iterate_dir(inner overlay file) ovl_iterate_merged() Only compute PTR_ERR(cache) on the error path. Fixes: d25e4b739f83 ("ovl: refactor ovl_iterate() and port to cred guard") Reported-by: syzbot+a16fb0cce329a320661c@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=a16fb0cce329a320661c Cc: stable@vger.kernel.org Signed-off-by: Nirmoy Das <nirmoyd@nvidia.com> Link: https://patch.msgid.link/20260514144258.3068715-1-nirmoyd@nvidia.com Signed-off-by: Christian Brauner <brauner@kernel.org>

Diffstat (limited to 'drivers/clk/eswin/git@git.tavy.me:linux.git')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: