6.17-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells dhowells@redhat.com
[ Upstream commit 19eef1d98eeda3745df35839190b7d4a4adea656 ]
Fix an uninitialised variable (key) in afs_alloc_anon_key() by setting it to cell->anonymous_key. Without this change, the error check may return a false failure with a bad error number.
Most of the time this is unlikely to happen because the first encounter with afs_alloc_anon_key() will usually be from (auto)mount, for which all subsequent operations must wait - apart from other (auto)mounts. Once the call->anonymous_key is allocated, all further calls to afs_request_key() will skip the call to afs_alloc_anon_key() for that cell.
Fixes: d27c71257825 ("afs: Fix delayed allocation of a cell's anonymous key") Reported-by: Paulo Alcantra pc@manguebit.org Signed-off-by: David Howells dhowells@redhat.com Reviewed-by: Paulo Alcantara pc@manguebit.org cc: Marc Dionne marc.dionne@auristor.com cc: syzbot+41c68824eefb67cdf00c@syzkaller.appspotmail.com cc: linux-afs@lists.infradead.org cc: linux-fsdevel@vger.kernel.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org Signed-off-by: Sasha Levin sashal@kernel.org --- fs/afs/security.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/afs/security.c b/fs/afs/security.c index ff8830e6982fb..55ddce94af031 100644 --- a/fs/afs/security.c +++ b/fs/afs/security.c @@ -26,7 +26,8 @@ static int afs_alloc_anon_key(struct afs_cell *cell) struct key *key;
mutex_lock(&afs_key_lock); - if (!cell->anonymous_key) { + key = cell->anonymous_key; + if (!key) { key = rxrpc_get_null_key(cell->key_desc); if (!IS_ERR(key)) cell->anonymous_key = key;