key->payload.data could be NULL BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 IP: user_destroy+0x13/0x30
Call Trace: key_gc_unused_keys.constprop.1+0xfd/0x110 key_garbage_collector+0x1d7/0x390 process_one_work+0x185/0x440 worker_thread+0x126/0x3c0 kthread+0xd1/0xe0 ret_from_fork_nospec_begin+0x7/0x21 Add the necessary check to fix this. https://jira.sw.ru/browse/PSBM-108198 Fixes: 499126f3b029 ("keys, user: Fix high order allocation in user_instantiate()") Signed-off-by: Andrey Ryabinin <aryabi...@virtuozzo.com> --- security/keys/user_defined.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c index b13d70b69069..c3196db50e30 100644 --- a/security/keys/user_defined.c +++ b/security/keys/user_defined.c @@ -184,8 +184,10 @@ void user_destroy(struct key *key) { struct user_key_payload *upayload = key->payload.data; - memset(upayload, 0, sizeof(*upayload) + upayload->datalen); - kvfree(upayload); + if (upayload) { + memset(upayload, 0, sizeof(*upayload) + upayload->datalen); + kvfree(upayload); + } } EXPORT_SYMBOL_GPL(user_destroy); -- 2.26.2 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel