From 5a0e3ad6af8660be21ca98a971cd00f331318c05 Mon Sep 17 00:00:00 2001 From: Tejun Heo Date: Wed, 24 Mar 2010 17:04:11 +0900 Subject: include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h percpu.h is included by sched.h and module.h and thus ends up being included when building most .c files. percpu.h includes slab.h which in turn includes gfp.h making everything defined by the two files universally available and complicating inclusion dependencies. percpu.h -> slab.h dependency is about to be removed. Prepare for this change by updating users of gfp and slab facilities include those headers directly instead of assuming availability. As this conversion needs to touch large number of source files, the following script is used as the basis of conversion. http://userweb.kernel.org/~tj/misc/slabh-sweep.py The script does the followings. * Scan files for gfp and slab usages and update includes such that only the necessary includes are there. ie. if only gfp is used, gfp.h, if slab is used, slab.h. * When the script inserts a new include, it looks at the include blocks and try to put the new include such that its order conforms to its surrounding. It's put in the include block which contains core kernel includes, in the same order that the rest are ordered - alphabetical, Christmas tree, rev-Xmas-tree or at the end if there doesn't seem to be any matching order. * If the script can't find a place to put a new include (mostly because the file doesn't have fitting include block), it prints out an error message indicating which .h file needs to be added to the file. The conversion was done in the following steps. 1. The initial automatic conversion of all .c files updated slightly over 4000 files, deleting around 700 includes and adding ~480 gfp.h and ~3000 slab.h inclusions. The script emitted errors for ~400 files. 2. Each error was manually checked. Some didn't need the inclusion, some needed manual addition while adding it to implementation .h or embedding .c file was more appropriate for others. This step added inclusions to around 150 files. 3. The script was run again and the output was compared to the edits from #2 to make sure no file was left behind. 4. Several build tests were done and a couple of problems were fixed. e.g. lib/decompress_*.c used malloc/free() wrappers around slab APIs requiring slab.h to be added manually. 5. The script was run on all .h files but without automatically editing them as sprinkling gfp.h and slab.h inclusions around .h files could easily lead to inclusion dependency hell. Most gfp.h inclusion directives were ignored as stuff from gfp.h was usually wildly available and often used in preprocessor macros. Each slab.h inclusion directive was examined and added manually as necessary. 6. percpu.h was updated not to include slab.h. 7. Build test were done on the following configurations and failures were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my distributed build env didn't work with gcov compiles) and a few more options had to be turned off depending on archs to make things build (like ipr on powerpc/64 which failed due to missing writeq). * x86 and x86_64 UP and SMP allmodconfig and a custom test config. * powerpc and powerpc64 SMP allmodconfig * sparc and sparc64 SMP allmodconfig * ia64 SMP allmodconfig * s390 SMP allmodconfig * alpha SMP allmodconfig * um on x86_64 SMP allmodconfig 8. percpu.h modifications were reverted so that it could be applied as a separate patch and serve as bisection point. Given the fact that I had only a couple of failures from tests on step 6, I'm fairly confident about the coverage of this conversion patch. If there is a breakage, it's likely to be something in one of the arch headers which should be easily discoverable easily on most builds of the specific arch. Signed-off-by: Tejun Heo Guess-its-ok-by: Christoph Lameter Cc: Ingo Molnar Cc: Lee Schermerhorn --- security/device_cgroup.c | 1 + security/integrity/ima/ima_api.c | 1 + security/integrity/ima/ima_audit.c | 1 + security/integrity/ima/ima_crypto.c | 1 + security/integrity/ima/ima_fs.c | 1 + security/integrity/ima/ima_iint.c | 1 + security/integrity/ima/ima_init.c | 1 + security/integrity/ima/ima_main.c | 1 + security/integrity/ima/ima_policy.c | 1 + security/integrity/ima/ima_queue.c | 1 + security/keys/proc.c | 1 - security/keys/process_keys.c | 1 - security/lsm_audit.c | 1 + security/selinux/netif.c | 1 + security/selinux/netlabel.c | 1 + security/selinux/netlink.c | 1 + security/selinux/netnode.c | 1 + security/selinux/netport.c | 1 + security/selinux/ss/symtab.c | 1 - security/selinux/xfrm.c | 1 + security/smack/smack_access.c | 1 + security/smack/smack_lsm.c | 1 + security/smack/smackfs.c | 1 + security/tomoyo/common.c | 1 + security/tomoyo/domain.c | 1 + security/tomoyo/file.c | 1 + security/tomoyo/gc.c | 1 + security/tomoyo/realpath.c | 1 + 28 files changed, 25 insertions(+), 3 deletions(-) (limited to 'security') diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 6cf8fd2..f77c604 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #include diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 2a5e0bc..52015d0 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -13,6 +13,7 @@ * and store_template. */ #include +#include #include "ima.h" static const char *IMA_TEMPLATE_NAME = "ima"; diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c index ff513ff..5af7634 100644 --- a/security/integrity/ima/ima_audit.c +++ b/security/integrity/ima/ima_audit.c @@ -11,6 +11,7 @@ */ #include +#include #include #include "ima.h" diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 46642a1..952e513 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -18,6 +18,7 @@ #include #include #include +#include #include "ima.h" static int init_desc(struct hash_desc *desc) diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index 0c72c9c..07cb9c3 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -16,6 +16,7 @@ * current measurement list and IMA statistics */ #include +#include #include #include #include diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index 2d4d05d..2c744d4 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -14,6 +14,7 @@ * - cache integrity information associated with an inode * using a radix tree. */ +#include #include #include #include diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index a40da7a..b1bcb70 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -16,6 +16,7 @@ */ #include #include +#include #include #include "ima.h" diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 294b005..b2c89d9 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -21,6 +21,7 @@ #include #include #include +#include #include "ima.h" diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 4759d0f..8643a93 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -15,6 +15,7 @@ #include #include #include +#include #include "ima.h" diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index a0880e9..46ba62b 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -20,6 +20,7 @@ */ #include #include +#include #include "ima.h" LIST_HEAD(ima_measurements); /* list of all measurements */ diff --git a/security/keys/proc.c b/security/keys/proc.c index 9d01021..706d63f 100644 --- a/security/keys/proc.c +++ b/security/keys/proc.c @@ -12,7 +12,6 @@ #include #include #include -#include #include #include #include diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 5c23afb..06c2ccf 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -12,7 +12,6 @@ #include #include #include -#include #include #include #include diff --git a/security/lsm_audit.c b/security/lsm_audit.c index acba3df..893365b 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include diff --git a/security/selinux/netif.c b/security/selinux/netif.c index b4e14bc..d6095d6 100644 --- a/security/selinux/netif.c +++ b/security/selinux/netif.c @@ -16,6 +16,7 @@ */ #include #include +#include #include #include #include diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 2534400..628da72 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -29,6 +29,7 @@ #include #include +#include #include #include #include diff --git a/security/selinux/netlink.c b/security/selinux/netlink.c index 1ae5564..0e147b6 100644 --- a/security/selinux/netlink.c +++ b/security/selinux/netlink.c @@ -11,6 +11,7 @@ */ #include #include +#include #include #include #include diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c index 7100072..dc92792 100644 --- a/security/selinux/netnode.c +++ b/security/selinux/netnode.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include diff --git a/security/selinux/netport.c b/security/selinux/netport.c index fe7fba6..cfe2d72 100644 --- a/security/selinux/netport.c +++ b/security/selinux/netport.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #include diff --git a/security/selinux/ss/symtab.c b/security/selinux/ss/symtab.c index 837658a..bcf9f62 100644 --- a/security/selinux/ss/symtab.c +++ b/security/selinux/ss/symtab.c @@ -4,7 +4,6 @@ * Author : Stephen Smalley, */ #include -#include #include #include #include "symtab.h" diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index f3cb9ed..fff78d3 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -38,6 +38,7 @@ #include #include #include +#include #include #include #include diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 0f9ac81..f4fac64 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -11,6 +11,7 @@ */ #include +#include #include #include #include "smack.h" diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 5225e66..fdfeaa2 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index aeead75..a2b72d7 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index ef89947..975c45d 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -10,6 +10,7 @@ */ #include +#include #include #include #include "common.h" diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 66caaa1..acb8c397 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -11,6 +11,7 @@ #include "common.h" #include +#include /* Variables definitions.*/ diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 1b24304..6f3fe76 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -10,6 +10,7 @@ */ #include "common.h" +#include /* Keyword array for single path operations. */ static const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = { diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index 9645525..d9ad35b 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c @@ -9,6 +9,7 @@ #include "common.h" #include +#include enum tomoyo_gc_id { TOMOYO_ID_DOMAIN_INITIALIZER, diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index cf7d61f..c225c65 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -15,6 +15,7 @@ #include #include #include +#include #include "common.h" /** -- cgit v1.1 From 6c9ff1013b7a21099da838eeef7c3f23ee347957 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Mon, 15 Mar 2010 10:42:11 -0400 Subject: SELinux: Reduce max avtab size to avoid page allocation failures Reduce MAX_AVTAB_HASH_BITS so that the avtab allocation is an order 2 allocation rather than an order 4 allocation on x86_64. This addresses reports of page allocation failures: http://marc.info/?l=selinux&m=126757230625867&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=570433 Reported-by: Russell Coker Signed-off-by: Stephen D. Smalley Acked-by: Eric Paris Signed-off-by: James Morris --- security/selinux/ss/avtab.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h index 8da6a84..cd4f734 100644 --- a/security/selinux/ss/avtab.h +++ b/security/selinux/ss/avtab.h @@ -82,7 +82,7 @@ struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified void avtab_cache_init(void); void avtab_cache_destroy(void); -#define MAX_AVTAB_HASH_BITS 13 +#define MAX_AVTAB_HASH_BITS 11 #define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS) #define MAX_AVTAB_HASH_MASK (MAX_AVTAB_HASH_BUCKETS-1) #define MAX_AVTAB_SIZE MAX_AVTAB_HASH_BUCKETS -- cgit v1.1 From b338cc8207eae46640a8d534738fda7b5e48511d Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Thu, 22 Apr 2010 12:05:35 +0200 Subject: security: testing the wrong variable in create_by_name() There is a typo here. We should be testing "*dentry" instead of "dentry". If "*dentry" is an ERR_PTR, it gets dereferenced in either mkdir() or create() which would cause an OOPs. Signed-off-by: Dan Carpenter Signed-off-by: James Morris --- security/inode.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'security') diff --git a/security/inode.c b/security/inode.c index c3a7938..1c812e8 100644 --- a/security/inode.c +++ b/security/inode.c @@ -161,13 +161,13 @@ static int create_by_name(const char *name, mode_t mode, mutex_lock(&parent->d_inode->i_mutex); *dentry = lookup_one_len(name, parent, strlen(name)); - if (!IS_ERR(dentry)) { + if (!IS_ERR(*dentry)) { if ((mode & S_IFMT) == S_IFDIR) error = mkdir(parent->d_inode, *dentry, mode); else error = create(parent->d_inode, *dentry, mode); } else - error = PTR_ERR(dentry); + error = PTR_ERR(*dentry); mutex_unlock(&parent->d_inode->i_mutex); return error; -- cgit v1.1 From 93b4a44f3ad69520d605aace3f3486b8eb754b96 Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 23 Apr 2010 13:18:00 -0400 Subject: keys: fix an RCU warning Fix the following RCU warning: =================================================== [ INFO: suspicious rcu_dereference_check() usage. ] --------------------------------------------------- security/keys/request_key.c:116 invoked rcu_dereference_check() without protection! This was caused by doing: [root@andromeda ~]# keyctl newring fred @s 539196288 [root@andromeda ~]# keyctl request2 user a a 539196288 request_key: Required key not available Signed-off-by: David Howells Acked-by: Eric Dumazet Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/keys/request_key.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'security') diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 03fe63e..ea97c31 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c @@ -68,7 +68,8 @@ static int call_sbin_request_key(struct key_construction *cons, { const struct cred *cred = current_cred(); key_serial_t prkey, sskey; - struct key *key = cons->key, *authkey = cons->authkey, *keyring; + struct key *key = cons->key, *authkey = cons->authkey, *keyring, + *session; char *argv[9], *envp[3], uid_str[12], gid_str[12]; char key_str[12], keyring_str[3][12]; char desc[20]; @@ -112,10 +113,12 @@ static int call_sbin_request_key(struct key_construction *cons, if (cred->tgcred->process_keyring) prkey = cred->tgcred->process_keyring->serial; - if (cred->tgcred->session_keyring) - sskey = rcu_dereference(cred->tgcred->session_keyring)->serial; - else - sskey = cred->user->session_keyring->serial; + rcu_read_lock(); + session = rcu_dereference(cred->tgcred->session_keyring); + if (!session) + session = cred->user->session_keyring; + sskey = session->serial; + rcu_read_unlock(); sprintf(keyring_str[2], "%d", sskey); -- cgit v1.1 From b59ec78cdcc57e02bc3dddfa7134a2f0fd15c34d Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 27 Apr 2010 14:05:11 -0700 Subject: keys: don't need to use RCU in keyring_read() as semaphore is held keyring_read() doesn't need to use rcu_dereference() to access the keyring payload as the caller holds the key semaphore to prevent modifications from happening whilst the data is read out. This should solve the following warning: =================================================== [ INFO: suspicious rcu_dereference_check() usage. ] --------------------------------------------------- security/keys/keyring.c:204 invoked rcu_dereference_check() without protection! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 0 1 lock held by keyctl/2144: #0: (&key->sem){+++++.}, at: [] keyctl_read_key+0x9c/0xcf stack backtrace: Pid: 2144, comm: keyctl Not tainted 2.6.34-rc2-cachefs #113 Call Trace: [] lockdep_rcu_dereference+0xaa/0xb2 [] keyring_read+0x4d/0xe7 [] keyctl_read_key+0xac/0xcf [] sys_keyctl+0x75/0xb9 [] system_call_fastpath+0x16/0x1b Signed-off-by: David Howells Cc: Herbert Xu Signed-off-by: Andrew Morton Signed-off-by: James Morris --- security/keys/keyring.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/keys/keyring.c b/security/keys/keyring.c index e814d21..dd7cd0f 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -201,7 +201,7 @@ static long keyring_read(const struct key *keyring, int loop, ret; ret = 0; - klist = rcu_dereference(keyring->payload.subscriptions); + klist = keyring->payload.subscriptions; if (klist) { /* calculate how much data we could return */ -- cgit v1.1 From 03449cd9eaa4fa3a7faa4a59474bafe2e90bd143 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 27 Apr 2010 13:13:08 -0700 Subject: keys: the request_key() syscall should link an existing key to the dest keyring The request_key() system call and request_key_and_link() should make a link from an existing key to the destination keyring (if supplied), not just from a new key to the destination keyring. This can be tested by: ring=`keyctl newring fred @s` keyctl request2 user debug:a a keyctl request user debug:a $ring keyctl list $ring If it says: keyring is empty then it didn't work. If it shows something like: 1 key in keyring: 1070462727: --alswrv 0 0 user: debug:a then it did. request_key() system call is meant to recursively search all your keyrings for the key you desire, and, optionally, if it doesn't exist, call out to userspace to create one for you. If request_key() finds or creates a key, it should, optionally, create a link to that key from the destination keyring specified. Therefore, if, after a successful call to request_key() with a desination keyring specified, you see the destination keyring empty, the code didn't work correctly. If you see the found key in the keyring, then it did - which is what the patch is required for. Signed-off-by: David Howells Cc: James Morris Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/keys/request_key.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'security') diff --git a/security/keys/request_key.c b/security/keys/request_key.c index ea97c31..d737cea 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c @@ -339,8 +339,10 @@ static int construct_alloc_key(struct key_type *type, key_already_present: mutex_unlock(&key_construction_mutex); - if (dest_keyring) + if (dest_keyring) { + __key_link(dest_keyring, key_ref_to_ptr(key_ref)); up_write(&dest_keyring->sem); + } mutex_unlock(&user->cons_lock); key_put(key); *_key = key = key_ref_to_ptr(key_ref); @@ -431,6 +433,11 @@ struct key *request_key_and_link(struct key_type *type, if (!IS_ERR(key_ref)) { key = key_ref_to_ptr(key_ref); + if (dest_keyring) { + construct_get_dest_keyring(&dest_keyring); + key_link(dest_keyring, key); + key_put(dest_keyring); + } } else if (PTR_ERR(key_ref) != -EAGAIN) { key = ERR_CAST(key_ref); } else { -- cgit v1.1 From d9a9b4aeea334e7912ce3d878d7f5cc6fdf1ffe4 Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 30 Apr 2010 14:32:08 +0100 Subject: KEYS: Fix an RCU warning in the reading of user keys Fix an RCU warning in the reading of user keys: =================================================== [ INFO: suspicious rcu_dereference_check() usage. ] --------------------------------------------------- security/keys/user_defined.c:202 invoked rcu_dereference_check() without protection! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 0 1 lock held by keyctl/3637: #0: (&key->sem){+++++.}, at: [] keyctl_read_key+0x9c/0xcf stack backtrace: Pid: 3637, comm: keyctl Not tainted 2.6.34-rc5-cachefs #18 Call Trace: [] lockdep_rcu_dereference+0xaa/0xb2 [] user_read+0x47/0x91 [] keyctl_read_key+0xac/0xcf [] sys_keyctl+0x75/0xb7 [] system_call_fastpath+0x16/0x1b Signed-off-by: David Howells Acked-by: Serge Hallyn Signed-off-by: James Morris --- security/keys/user_defined.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'security') diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c index 7c687d5..e9aa079 100644 --- a/security/keys/user_defined.c +++ b/security/keys/user_defined.c @@ -199,7 +199,8 @@ long user_read(const struct key *key, char __user *buffer, size_t buflen) struct user_key_payload *upayload; long ret; - upayload = rcu_dereference(key->payload.data); + upayload = rcu_dereference_protected( + key->payload.data, rwsem_is_locked(&((struct key *)key)->sem)); ret = upayload->datalen; /* we can return the data as is */ -- cgit v1.1 From cf8304e8f380903de3a15dc6ebd551c9e6cf1a21 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 4 May 2010 14:16:10 +0100 Subject: KEYS: Fix RCU handling in key_gc_keyring() key_gc_keyring() needs to either hold the RCU read lock or hold the keyring semaphore if it's going to scan the keyring's list. Given that it only needs to read the key list, and it's doing so under a spinlock, the RCU read lock is the thing to use. Furthermore, the RCU check added in e7b0a61b7929632d36cf052d9e2820ef0a9c1bfe is incorrect as holding the spinlock on key_serial_lock is not grounds for assuming a keyring's pointer list can be read safely. Instead, a simple rcu_dereference() inside of the previously mentioned RCU read lock is what we want. Reported-by: Serge E. Hallyn Signed-off-by: David Howells Acked-by: Serge Hallyn Acked-by: "Paul E. McKenney" Signed-off-by: James Morris --- security/keys/gc.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'security') diff --git a/security/keys/gc.c b/security/keys/gc.c index 1990231..a46e825 100644 --- a/security/keys/gc.c +++ b/security/keys/gc.c @@ -77,10 +77,10 @@ static bool key_gc_keyring(struct key *keyring, time_t limit) goto dont_gc; /* scan the keyring looking for dead keys */ - klist = rcu_dereference_check(keyring->payload.subscriptions, - lockdep_is_held(&key_serial_lock)); + rcu_read_lock(); + klist = rcu_dereference(keyring->payload.subscriptions); if (!klist) - goto dont_gc; + goto unlock_dont_gc; for (loop = klist->nkeys - 1; loop >= 0; loop--) { key = klist->keys[loop]; @@ -89,11 +89,14 @@ static bool key_gc_keyring(struct key *keyring, time_t limit) goto do_gc; } +unlock_dont_gc: + rcu_read_unlock(); dont_gc: kleave(" = false"); return false; do_gc: + rcu_read_unlock(); key_gc_cursor = keyring->serial; key_get(keyring); spin_unlock(&key_serial_lock); -- cgit v1.1