[linux-yocto] [linux-yocto-3.14] [PATCH] security/keys: fixed crash in keyring_destroy
Bruce Ashfield
bruce.ashfield at windriver.com
Wed Jun 14 07:47:50 PDT 2017
merged.
Bruce
On 06/14/2017 01:09 PM, Daniel Dragomir wrote:
> From: Charlie Paul <cpaul.windriver at gmail.com>
>
> *For 3.14 standard/(preempt-rt)/axxia/base branches.
>
> When the ltp add_key01 was run the kernel was crashing,
> the list_del initializes the next pointer to LIST_POISON1.
> When subsequent keyring destroy events happened, the system would
> check for NULL and it would be false and try to call list_del
> with the pointer pointing to LIST_POISON1 causing the
> memory fault. This patch adds checking for LIST_POISON1
> instead of NULL.
>
> Signed-off-by: Charlie Paul <cpaul.windriver at gmail.com>
> ---
> security/keys/keyring.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/security/keys/keyring.c b/security/keys/keyring.c
> index 04d0d7c..57ec130 100644
> --- a/security/keys/keyring.c
> +++ b/security/keys/keyring.c
> @@ -376,8 +376,8 @@ static void keyring_destroy(struct key *keyring)
> if (keyring->description) {
> write_lock(&keyring_name_lock);
>
> - if (keyring->type_data.link.next != NULL &&
> - !list_empty(&keyring->type_data.link))
> + if (keyring->type_data.link.next != LIST_POISON1 &&
> + !list_empty(&keyring->type_data.link))
> list_del(&keyring->type_data.link);
>
> write_unlock(&keyring_name_lock);
>
More information about the linux-yocto
mailing list