diff options
author | Elena Reshetova <elena.reshetova@intel.com> | 2017-03-31 15:20:49 +0300 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2017-04-03 10:49:06 +1000 |
commit | ddb99e118e37f324a4be65a411bb60ae62795cf9 (patch) | |
tree | 9fecb40084bb937fafa04eaf57d9bc4ae3bcb6a9 /security/keys/key.c | |
parent | fff292914d3a2f1efd05ca71c2ba72a3c663201e (diff) | |
download | op-kernel-dev-ddb99e118e37f324a4be65a411bb60ae62795cf9.zip op-kernel-dev-ddb99e118e37f324a4be65a411bb60ae62795cf9.tar.gz |
security, keys: convert key_user.usage from atomic_t to refcount_t
refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security/keys/key.c')
-rw-r--r-- | security/keys/key.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/security/keys/key.c b/security/keys/key.c index ff92443..b4958b3 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -93,7 +93,7 @@ try_again: /* if we get here, then the user record still hadn't appeared on the * second pass - so we use the candidate record */ - atomic_set(&candidate->usage, 1); + refcount_set(&candidate->usage, 1); atomic_set(&candidate->nkeys, 0); atomic_set(&candidate->nikeys, 0); candidate->uid = uid; @@ -110,7 +110,7 @@ try_again: /* okay - we found a user record for this UID */ found: - atomic_inc(&user->usage); + refcount_inc(&user->usage); spin_unlock(&key_user_lock); kfree(candidate); out: @@ -122,7 +122,7 @@ out: */ void key_user_put(struct key_user *user) { - if (atomic_dec_and_lock(&user->usage, &key_user_lock)) { + if (refcount_dec_and_lock(&user->usage, &key_user_lock)) { rb_erase(&user->node, &key_user_tree); spin_unlock(&key_user_lock); |