[PATCH 3/3] fscrypt: check for NULL keyring in fscrypt_put_master_key_activeref()

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers@kernel.org>
To: linux-fscrypt@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: [PATCH 3/3] fscrypt: check for NULL keyring in fscrypt_put_master_key_activeref()
Date: Mon, 13 Mar 2023 15:12:31 -0700	[thread overview]
Message-ID: <20230313221231.272498-4-ebiggers@kernel.org> (raw)
In-Reply-To: <20230313221231.272498-1-ebiggers@kernel.org>

From: Eric Biggers <ebiggers@google.com>

It is a bug for fscrypt_put_master_key_activeref() to see a NULL
keyring.  But it used to be possible due to the bug, now fixed, where
fscrypt_destroy_keyring() was called before security_sb_delete().  To be
consistent with how fscrypt_destroy_keyring() uses WARN_ON for the same
issue, WARN and leak the fscrypt_master_key if the keyring is NULL
instead of dereferencing the NULL pointer.

This is a robustness improvement, not a fix.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 fs/crypto/keyring.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c
index bb15709ac9a40..13d336a6cc5da 100644
--- a/fs/crypto/keyring.c
+++ b/fs/crypto/keyring.c
@@ -92,6 +92,8 @@ void fscrypt_put_master_key_activeref(struct super_block *sb,
 	 * destroying any subkeys embedded in it.
 	 */
 
+	if (WARN_ON(!sb->s_master_keys))
+		return;
 	spin_lock(&sb->s_master_keys->lock);
 	hlist_del_rcu(&mk->mk_node);
 	spin_unlock(&sb->s_master_keys->lock);
-- 
2.39.2

     prev parent reply	other threads:[~2023-03-13 22:15 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-13 22:12 [PATCH 0/3] Fix crash with fscrypt + Landlock Eric Biggers
2023-03-13 22:12 ` [PATCH 1/3] fscrypt: destroy keyring after security_sb_delete() Eric Biggers
2023-03-14  9:28   ` Christian Brauner
2023-03-13 22:12 ` [PATCH 2/3] fscrypt: improve fscrypt_destroy_keyring() documentation Eric Biggers
2023-03-13 22:12 ` Eric Biggers [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:bb15709ac9a4 dfblob:13d336a6cc5d )
 OR (
bs:"[PATCH 3/3] fscrypt: check for NULL keyring in fscrypt_put_master_key_activeref()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230313221231.272498-4-ebiggers@kernel.org \
    --to=ebiggers@kernel.org \
    --cc=linux-fscrypt@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).