From: Charlie Paul <[email protected]> *For 3.14 standard/(preempt-rt)/axxia/base branches.
When the ltp add_key01 was run the kernel was crashing, the list_del initializes the next pointer to LIST_POISON1. When subsequent keyring destroy events happened, the system would check for NULL and it would be false and try to call list_del with the pointer pointing to LIST_POISON1 causing the memory fault. This patch adds checking for LIST_POISON1 instead of NULL. Signed-off-by: Charlie Paul <[email protected]> --- security/keys/keyring.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/keys/keyring.c b/security/keys/keyring.c index 04d0d7c..57ec130 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -376,8 +376,8 @@ static void keyring_destroy(struct key *keyring) if (keyring->description) { write_lock(&keyring_name_lock); - if (keyring->type_data.link.next != NULL && - !list_empty(&keyring->type_data.link)) + if (keyring->type_data.link.next != LIST_POISON1 && + !list_empty(&keyring->type_data.link)) list_del(&keyring->type_data.link); write_unlock(&keyring_name_lock); -- 2.7.4 -- _______________________________________________ linux-yocto mailing list [email protected] https://lists.yoctoproject.org/listinfo/linux-yocto
