From: Charlie Paul <cpaul.windri...@gmail.com> When the ltp add_key01 was run the kernel was crashing, the list_del initializes the next pointer to LIST_POISON1. When subsequent keyring destroy events happened, the system would check for NULL and it would be false and try to call list_del with the pointer pointing to LIST_POISON1 causing the memory fault. This patch adds checking for LIST_POISON1 instead of NULL.
Signed-off-by: Charlie Paul <cpaul.windri...@gmail.com> --- security/keys/keyring.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/keys/keyring.c b/security/keys/keyring.c index d334370..dad648b 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -387,8 +387,8 @@ static void keyring_destroy(struct key *keyring) if (keyring->description) { write_lock(&keyring_name_lock); - if (keyring->type_data.link.next != NULL && - !list_empty(&keyring->type_data.link)) + if (keyring->type_data.link.next != LIST_POISON1 && + !list_empty(&keyring->type_data.link)) list_del(&keyring->type_data.link); write_unlock(&keyring_name_lock); -- 2.7.4 -- _______________________________________________ linux-yocto mailing list linux-yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/linux-yocto