[PATCH 3/3] fscrypt: check for NULL keyring in fscrypt_put_master_key_activeref()
Eric Biggers
ebiggers at kernel.org
Mon Mar 13 22:12:31 UTC 2023
From: Eric Biggers <ebiggers at google.com>
It is a bug for fscrypt_put_master_key_activeref() to see a NULL
keyring. But it used to be possible due to the bug, now fixed, where
fscrypt_destroy_keyring() was called before security_sb_delete(). To be
consistent with how fscrypt_destroy_keyring() uses WARN_ON for the same
issue, WARN and leak the fscrypt_master_key if the keyring is NULL
instead of dereferencing the NULL pointer.
This is a robustness improvement, not a fix.
Signed-off-by: Eric Biggers <ebiggers at google.com>
---
fs/crypto/keyring.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c
index bb15709ac9a40..13d336a6cc5da 100644
--- a/fs/crypto/keyring.c
+++ b/fs/crypto/keyring.c
@@ -92,6 +92,8 @@ void fscrypt_put_master_key_activeref(struct super_block *sb,
* destroying any subkeys embedded in it.
*/
+ if (WARN_ON(!sb->s_master_keys))
+ return;
spin_lock(&sb->s_master_keys->lock);
hlist_del_rcu(&mk->mk_node);
spin_unlock(&sb->s_master_keys->lock);
--
2.39.2
More information about the Linux-security-module-archive
mailing list