| Message ID | 20200923114252.3098-1-aryabinin@virtuozzo.com |
|---|---|
| State | New |
| Series | "keys, user: fix NULL-ptr dereference in user_destroy() #PSBM-108198" |
| Headers | show
Delivered-To: criupatchwork@gmail.com Received: from imap.gmail.com [142.250.102.108] by patchwork.criu.org with IMAP (fetchmail-6.4.8) for <root@localhost> (single-drop); Mon, 28 Sep 2020 10:27:38 +0200 (CEST) Received: by 2002:a6b:dd16:0:0:0:0:0 with SMTP id f22csp444114ioc; Wed, 23 Sep 2020 04:43:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwG8kKkmpN4mKlt6YFmAM5GjVB5PN1QXgDTMVyEeQbwqMmO5A1jP7s7L1qrW+YRNc+3oeQO X-Received: by 2002:a2e:800e:: with SMTP id j14mr3040282ljg.145.1600861421955; Wed, 23 Sep 2020 04:43:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600861421; cv=none; d=google.com; s=arc-20160816; b=jGiqm3q2AUTELIHwhGvTHU+UcutBRDS/eT9L0cAMpULMUMWoh0D1w9dEOg51kIAy5X IXzJdTHtZnBuutzg8Tx+ioPVx8L7I+eTn+33X08GeKnnQmzUqnN+yTHaAuYDafkkoce5 PsmFJ+wNDVtkqrmLMI+TAhnQx7/aI4E3cG5OcoBPJZfNtwjOvqaspAa/C/ZqNgtWB/Ea CW+fWrNMEtLIKOCs1fA40e7/GX7E3F9Z5KT6n5415r8L0d7xA21FKKnPYTre1QkiQ+96 28CLQ1ProwuSFb0acNCgHmmzWDH5zYk6WMC91uExztRcfW+qglRpO0SHZNffhOTg+z4/ zzDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from; bh=W3x6CEw9vMHOe9UHKsF9TbIjXT31I3fuc/8gkv5PDhc=; b=ZMnQO4GJmFzSTbqunpKYMhR7UV39K1uPK/sEnKONnHCCIImxWGHbHsA00gPHo03LAW Iu69gVkOnb56forhrizE2EFbdcKeO1XHAREpskRCf5VsIV/6iQO7/2X/R2JJ/jOrym5D zyKWW25DleiMjFL26bo6y2QvdlbDAqrJA5bLO9paRTgeETZqlC39pT67+nl12q2+U4HI DSwgkTF10I9ohApPEzT5dKWHuf2WaajZKuRe9xgso95KED0Y0mL36DLIuesXxdSbrK5n JVvXLFhTBpn4NdxbeopDZNh9RZQAp7LLCAaJKc9RCNQEp2/QqP6qj/pVMws9tOm1a6IR 0T2A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of devel-bounces@openvz.org designates 185.231.241.50 as permitted sender) smtp.mailfrom=devel-bounces@openvz.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Return-Path: <devel-bounces@openvz.org> Received: from mail.openvz.org (mail.openvz.org. [185.231.241.50]) by mx.google.com with ESMTPS id s16si7448090ljg.74.2020.09.23.04.43.41 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Sep 2020 04:43:41 -0700 (PDT) Received-SPF: pass (google.com: domain of devel-bounces@openvz.org designates 185.231.241.50 as permitted sender) client-ip=185.231.241.50; Authentication-Results: mx.google.com; spf=pass (google.com: domain of devel-bounces@openvz.org designates 185.231.241.50 as permitted sender) smtp.mailfrom=devel-bounces@openvz.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Received: from localhost.localdomain (localhost [127.0.0.1]) by mail.openvz.org (8.14.4/8.14.4) with ESMTP id 08NBh5me012835; Wed, 23 Sep 2020 14:43:14 +0300 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05lp2109.outbound.protection.outlook.com [104.47.18.109]) by mail.openvz.org (8.14.4/8.14.4) with ESMTP id 08NBh2nq012832 for <devel@openvz.org>; Wed, 23 Sep 2020 14:43:02 +0300 Received: from AM6P194CA0026.EURP194.PROD.OUTLOOK.COM (2603:10a6:209:90::39) by AM7PR08MB5336.eurprd08.prod.outlook.com (2603:10a6:20b:105::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.11; Wed, 23 Sep 2020 11:43:04 +0000 Received: from VE1EUR01FT030.eop-EUR01.prod.protection.outlook.com (2603:10a6:209:90:cafe::63) by AM6P194CA0026.outlook.office365.com (2603:10a6:209:90::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.20 via Frontend Transport; Wed, 23 Sep 2020 11:43:04 +0000 Authentication-Results: spf=pass (sender IP is 185.231.240.75) smtp.mailfrom=virtuozzo.com; openvz.org; dkim=none (message not signed) header.d=none; openvz.org; dmarc=pass action=none header.from=virtuozzo.com; Received-SPF: Pass (protection.outlook.com: domain of virtuozzo.com designates 185.231.240.75 as permitted sender) receiver=protection.outlook.com; client-ip=185.231.240.75; helo=relay3.sw.ru; Received: from relay3.sw.ru (185.231.240.75) by VE1EUR01FT030.mail.protection.outlook.com (10.152.2.228) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.21 via Frontend Transport; Wed, 23 Sep 2020 11:43:04 +0000 Received: from [192.168.15.216] (helo=localhost.sw.ru) by relay3.sw.ru with esmtp (Exim 4.94) (envelope-from <aryabinin@virtuozzo.com>) id 1kL3AW-000pDV-KS; Wed, 23 Sep 2020 14:42:40 +0300 From: Andrey Ryabinin <aryabinin@virtuozzo.com> To: devel@openvz.org Date: Wed, 23 Sep 2020 14:42:52 +0300 Message-Id: <20200923114252.3098-1-aryabinin@virtuozzo.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 6664d049-d85f-4e7c-246d-08d85fb5d543 X-MS-TrafficTypeDiagnostic: AM7PR08MB5336: X-Forefront-Antispam-Report: CIP:185.231.240.75; CTRY:RU; LANG:en; SCL:-1; SRV:; IPV:CAL; SFV:SKN; H:relay3.sw.ru; PTR:relay.sw.ru; CAT:NONE; SFS:; DIR:INB; X-MS-Oob-TLC-OOBClassifiers: OLM:389; X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?6pileXnOIXYIDhM+WMevs7AudwECoA7pg1rFXOYZR5kqKvf3a926eustEqf9?= =?us-ascii?Q?YJbf/ANcf79rJGjQgA3eR5svg2n042pIZk9uCNyGE09Heooj4nQmiUpkJx5d?= =?us-ascii?Q?nm5VTBYCXtlLEPhEnlgnA1AH8tJIlvmaWYygOHONFeqGFVRvjUvP5746/2Lw?= =?us-ascii?Q?S2/u2OFts+vCNOlJmTL/3glXG38dfjQl1D9irEBe76WuvdLhQLRQyezcW4MB?= =?us-ascii?Q?hVBHFYHJI1BkAD6OcVI+e0GqbVaRWPqgPSJOlSEzSRxHbvkKMJa/Vca/GJT7?= =?us-ascii?Q?BbAiTSJwzvCr1ur1pG0UiNtGwBlUvuyS0N0ROA1BtM00en8B6OdDS3Dnj8uz?= =?us-ascii?Q?d5CURswPtkKpwqU6bOlxw0wG8KA13ODFl9PmSSPsZAT2nsQZl5quSwn3DWoM?= =?us-ascii?Q?2EXWawIyLfLJbqglzBxdBHjD0SWdocUNdNxKl27UQF/zxG6BE8Fq3TudjzUp?= =?us-ascii?Q?rTeF4989jVv+V6R4jLCos6zBWlHqZUGa/nRm0XBZ9Al34iQKudljbr2KieMh?= =?us-ascii?Q?k75UHrf+6vN/Fr1+FHi7ROZb7Jix85peFI9cD58ECReKQVLg5FC2Rlc43MU1?= =?us-ascii?Q?KysYfdZ5Ut4VwrKHvEL0QbaPK5h+IEO10DdDDrcvF4dGhfQ0kmovPiLi9noL?= =?us-ascii?Q?FD0ZZvC5pxM20ZTeGK48hXYVQ6Sea2SMlIcv4li66Qki4d7UH1dd4RTy2/0z?= =?us-ascii?Q?qj1vE+/4hJJwnzPQjbnZvHNodJrN0c4bp0b14Qf738g9+CubGsKjDAt1B0MY?= =?us-ascii?Q?s+MWcUvLesWb/fTLX+i6twGcOx90BwObw5MGwZBgtlJRaUYaAbLu1+ot9XLx?= =?us-ascii?Q?VbdHlSJvCEKh3X2RsLFIUONgk0xXensgalZCA6KSMuqJRiCthtCUKnQn7ZGE?= =?us-ascii?Q?Lg5OyYLxdNPsFM4XDc+Q5W1FQNFfSddTrrEhmXlxNMqn1qLdIfoZ+C9wCE5C?= =?us-ascii?Q?K1udCa6Wf21l8Z8VfOTDK/kL1NqoqVyyvGnUMlmeajjyJEnCLn0iM81CIKQp?= =?us-ascii?Q?icx+PJIgsRqW88IXpj2WpL6ZgMpldR/NGhFL4LhrKSk9dROC+ZnWAkaCrGUM?= =?us-ascii?Q?i1GvDAyDzUIm2kkFwfaZIBJ+g35qcOt82kHQ4FY5GNmxrFNFMtQCoU9BLItZ?= =?us-ascii?Q?BdnSnETblA1m+gAguYayg1HV4qRWro4u/cAm5XmzP6hpmXRXnzgCCS2ww87D?= =?us-ascii?Q?SV1QkPgY7WO7MQK44l9B2S0e9kpYVsWSQqMbih5eWpdou1j/iuw3NLeucYiA?= =?us-ascii?Q?lhWnAYlXx4Fmh7L84XAIIb7Y1FTGmtThcojHsGgmAEHAfx3vdGfytPZz5/xL?= =?us-ascii?Q?HsebDyD05w07LbCOrTR8jAPRlFsFm14fD9wxxuBaREJ52TTqtkZlqWFJuQjM?= =?us-ascii?Q?tPYYAqK91Y1pgRs7EoPLrTOk83Lm+CVsjzvt/DDXKMDa6ndV7g=3D=3D?= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Sep 2020 11:43:04.4511 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6664d049-d85f-4e7c-246d-08d85fb5d543 X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0bc7f26d-0264-416e-a6fc-8352af79c58f; Ip=[185.231.240.75]; Helo=[relay3.sw.ru] X-MS-Exchange-CrossTenant-AuthSource: VE1EUR01FT030.eop-EUR01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR08MB5336 X-MS-Exchange-CrossPremises-OriginalClientIPAddress: 185.231.240.75 X-MS-Exchange-CrossPremises-TransportTrafficType: Email X-MS-Exchange-CrossPremises-AuthSource: VE1EUR01FT030.eop-EUR01.prod.protection.outlook.com X-MS-Exchange-CrossPremises-AuthAs: Anonymous X-MS-Exchange-CrossPremises-SCL: -1 X-MS-Exchange-CrossPremises-Processed-By-Journaling: Journal Agent X-OrganizationHeadersPreserved: AM7PR08MB5336.eurprd08.prod.outlook.com Subject: [Devel] [PATCH rh7] keys, user: fix NULL-ptr dereference in user_destroy() #PSBM-108198 X-BeenThere: devel@openvz.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OpenVZ development <devel.openvz.org> List-Unsubscribe: <https://lists.openvz.org/mailman/options/devel>, <mailto:devel-request@openvz.org?subject=unsubscribe> List-Archive: <http://lists.openvz.org/pipermail/devel/> List-Post: <mailto:devel@openvz.org> List-Help: <mailto:devel-request@openvz.org?subject=help> List-Subscribe: <https://lists.openvz.org/mailman/listinfo/devel>, <mailto:devel-request@openvz.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: devel-bounces@openvz.org Errors-To: devel-bounces@openvz.org |
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c index b13d70b69069..c3196db50e30 100644 --- a/security/keys/user_defined.c +++ b/security/keys/user_defined.c @@ -184,8 +184,10 @@ void user_destroy(struct key *key) { struct user_key_payload *upayload = key->payload.data; - memset(upayload, 0, sizeof(*upayload) + upayload->datalen); - kvfree(upayload); + if (upayload) { + memset(upayload, 0, sizeof(*upayload) + upayload->datalen); + kvfree(upayload); + } } EXPORT_SYMBOL_GPL(user_destroy);
key->payload.data could be NULL BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 IP: user_destroy+0x13/0x30 Call Trace: key_gc_unused_keys.constprop.1+0xfd/0x110 key_garbage_collector+0x1d7/0x390 process_one_work+0x185/0x440 worker_thread+0x126/0x3c0 kthread+0xd1/0xe0 ret_from_fork_nospec_begin+0x7/0x21 Add the necessary check to fix this. https://jira.sw.ru/browse/PSBM-108198 Fixes: 499126f3b029 ("keys, user: Fix high order allocation in user_instantiate()") Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> --- security/keys/user_defined.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)