[linux-yocto] [PATCH 11/15] security/keys: fixed crash in keyring_destroy
Daniel Dragomir
daniel.dragomir at windriver.com
Tue Jun 27 08:41:11 PDT 2017
From: Charlie Paul <cpaul.windriver at gmail.com>
When the ltp add_key01 was run the kernel was crashing,
the list_del initializes the next pointer to LIST_POISON1.
When subsequent keyring destroy events happened, the system would
check for NULL and it would be false and try to call list_del
with the pointer pointing to LIST_POISON1 causing the
memory fault. This patch adds checking for LIST_POISON1
instead of NULL.
Signed-off-by: Charlie Paul <cpaul.windriver at gmail.com>
---
security/keys/keyring.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index d334370..dad648b 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -387,8 +387,8 @@ static void keyring_destroy(struct key *keyring)
if (keyring->description) {
write_lock(&keyring_name_lock);
- if (keyring->type_data.link.next != NULL &&
- !list_empty(&keyring->type_data.link))
+ if (keyring->type_data.link.next != LIST_POISON1 &&
+ !list_empty(&keyring->type_data.link))
list_del(&keyring->type_data.link);
write_unlock(&keyring_name_lock);
--
2.7.4
More information about the linux-yocto
mailing list