From: Charlie Paul <cpaul.windri...@gmail.com>
When the ltp add_key01 was run the kernel was crashing,
the list_del initializes the next pointer to LIST_POISON1.
When subsequent keyring destroy events happened, the system would
check for NULL and it would be false and try to call list_del
with the pointer pointing to LIST_POISON1 causing the
memory fault. This patch adds checking for LIST_POISON1
instead of NULL.
Signed-off-by: Charlie Paul <cpaul.windri...@gmail.com>
---
security/keys/keyring.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index d334370..dad648b 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -387,8 +387,8 @@ static void keyring_destroy(struct key *keyring)
if (keyring->description) {
write_lock(&keyring_name_lock);
- if (keyring->type_data.link.next != NULL &&
- !list_empty(&keyring->type_data.link))
+ if (keyring->type_data.link.next != LIST_POISON1 &&
+ !list_empty(&keyring->type_data.link))
list_del(&keyring->type_data.link);
write_unlock(&keyring_name_lock);
--
2.7.4
--
_______________________________________________
linux-yocto mailing list
linux-yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/linux-yocto
