[linux-yocto] [PATCH 11/15] security/keys: fixed crash in keyring_destroy

Daniel Dragomir daniel.dragomir at windriver.com
Tue Jun 27 08:41:11 PDT 2017

From: Charlie Paul <cpaul.windriver at gmail.com>

When the ltp add_key01 was run the kernel was crashing,
the list_del initializes the next pointer to LIST_POISON1.
When subsequent keyring destroy events happened, the system would
check for NULL and it would be false and try to call list_del
with the pointer pointing to LIST_POISON1 causing the
memory fault. This patch adds checking for LIST_POISON1
instead of NULL.

Signed-off-by: Charlie Paul <cpaul.windriver at gmail.com>
 security/keys/keyring.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index d334370..dad648b 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -387,8 +387,8 @@ static void keyring_destroy(struct key *keyring)
 	if (keyring->description) {
-		if (keyring->type_data.link.next != NULL &&
-		    !list_empty(&keyring->type_data.link))
+		if (keyring->type_data.link.next != LIST_POISON1 &&
+				!list_empty(&keyring->type_data.link))

More information about the linux-yocto mailing list