From 5a0e3ad6af8660be21ca98a971cd00f331318c05 Mon Sep 17 00:00:00 2001 From: Tejun Heo Date: Wed, 24 Mar 2010 17:04:11 +0900 Subject: include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h percpu.h is included by sched.h and module.h and thus ends up being included when building most .c files. percpu.h includes slab.h which in turn includes gfp.h making everything defined by the two files universally available and complicating inclusion dependencies. percpu.h -> slab.h dependency is about to be removed. Prepare for this change by updating users of gfp and slab facilities include those headers directly instead of assuming availability. As this conversion needs to touch large number of source files, the following script is used as the basis of conversion. http://userweb.kernel.org/~tj/misc/slabh-sweep.py The script does the followings. * Scan files for gfp and slab usages and update includes such that only the necessary includes are there. ie. if only gfp is used, gfp.h, if slab is used, slab.h. * When the script inserts a new include, it looks at the include blocks and try to put the new include such that its order conforms to its surrounding. It's put in the include block which contains core kernel includes, in the same order that the rest are ordered - alphabetical, Christmas tree, rev-Xmas-tree or at the end if there doesn't seem to be any matching order. * If the script can't find a place to put a new include (mostly because the file doesn't have fitting include block), it prints out an error message indicating which .h file needs to be added to the file. The conversion was done in the following steps. 1. The initial automatic conversion of all .c files updated slightly over 4000 files, deleting around 700 includes and adding ~480 gfp.h and ~3000 slab.h inclusions. The script emitted errors for ~400 files. 2. Each error was manually checked. Some didn't need the inclusion, some needed manual addition while adding it to implementation .h or embedding .c file was more appropriate for others. This step added inclusions to around 150 files. 3. The script was run again and the output was compared to the edits from #2 to make sure no file was left behind. 4. Several build tests were done and a couple of problems were fixed. e.g. lib/decompress_*.c used malloc/free() wrappers around slab APIs requiring slab.h to be added manually. 5. The script was run on all .h files but without automatically editing them as sprinkling gfp.h and slab.h inclusions around .h files could easily lead to inclusion dependency hell. Most gfp.h inclusion directives were ignored as stuff from gfp.h was usually wildly available and often used in preprocessor macros. Each slab.h inclusion directive was examined and added manually as necessary. 6. percpu.h was updated not to include slab.h. 7. Build test were done on the following configurations and failures were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my distributed build env didn't work with gcov compiles) and a few more options had to be turned off depending on archs to make things build (like ipr on powerpc/64 which failed due to missing writeq). * x86 and x86_64 UP and SMP allmodconfig and a custom test config. * powerpc and powerpc64 SMP allmodconfig * sparc and sparc64 SMP allmodconfig * ia64 SMP allmodconfig * s390 SMP allmodconfig * alpha SMP allmodconfig * um on x86_64 SMP allmodconfig 8. percpu.h modifications were reverted so that it could be applied as a separate patch and serve as bisection point. Given the fact that I had only a couple of failures from tests on step 6, I'm fairly confident about the coverage of this conversion patch. If there is a breakage, it's likely to be something in one of the arch headers which should be easily discoverable easily on most builds of the specific arch. Signed-off-by: Tejun Heo Guess-its-ok-by: Christoph Lameter Cc: Ingo Molnar Cc: Lee Schermerhorn --- security/device_cgroup.c | 1 + security/integrity/ima/ima_api.c | 1 + security/integrity/ima/ima_audit.c | 1 + security/integrity/ima/ima_crypto.c | 1 + security/integrity/ima/ima_fs.c | 1 + security/integrity/ima/ima_iint.c | 1 + security/integrity/ima/ima_init.c | 1 + security/integrity/ima/ima_main.c | 1 + security/integrity/ima/ima_policy.c | 1 + security/integrity/ima/ima_queue.c | 1 + security/keys/proc.c | 1 - security/keys/process_keys.c | 1 - security/lsm_audit.c | 1 + security/selinux/netif.c | 1 + security/selinux/netlabel.c | 1 + security/selinux/netlink.c | 1 + security/selinux/netnode.c | 1 + security/selinux/netport.c | 1 + security/selinux/ss/symtab.c | 1 - security/selinux/xfrm.c | 1 + security/smack/smack_access.c | 1 + security/smack/smack_lsm.c | 1 + security/smack/smackfs.c | 1 + security/tomoyo/common.c | 1 + security/tomoyo/domain.c | 1 + security/tomoyo/file.c | 1 + security/tomoyo/gc.c | 1 + security/tomoyo/realpath.c | 1 + 28 files changed, 25 insertions(+), 3 deletions(-) (limited to 'security') diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 6cf8fd2b79e8..f77c60423992 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #include diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 2a5e0bcf3887..52015d098fdf 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -13,6 +13,7 @@ * and store_template. */ #include +#include #include "ima.h" static const char *IMA_TEMPLATE_NAME = "ima"; diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c index ff513ff737f5..5af76340470c 100644 --- a/security/integrity/ima/ima_audit.c +++ b/security/integrity/ima/ima_audit.c @@ -11,6 +11,7 @@ */ #include +#include #include #include "ima.h" diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 46642a19bc78..952e51373f58 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -18,6 +18,7 @@ #include #include #include +#include #include "ima.h" static int init_desc(struct hash_desc *desc) diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index 0c72c9c38956..07cb9c338cc4 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -16,6 +16,7 @@ * current measurement list and IMA statistics */ #include +#include #include #include #include diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index 2d4d05d92fda..2c744d488014 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -14,6 +14,7 @@ * - cache integrity information associated with an inode * using a radix tree. */ +#include #include #include #include diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index a40da7ae5900..b1bcb702a27c 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -16,6 +16,7 @@ */ #include #include +#include #include #include "ima.h" diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 294b005d6520..b2c89d9de2a4 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -21,6 +21,7 @@ #include #include #include +#include #include "ima.h" diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 4759d0f99335..8643a93c5963 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -15,6 +15,7 @@ #include #include #include +#include #include "ima.h" diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index a0880e9c8e05..46ba62b1adf5 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -20,6 +20,7 @@ */ #include #include +#include #include "ima.h" LIST_HEAD(ima_measurements); /* list of all measurements */ diff --git a/security/keys/proc.c b/security/keys/proc.c index 9d01021ca0c8..706d63f4f185 100644 --- a/security/keys/proc.c +++ b/security/keys/proc.c @@ -12,7 +12,6 @@ #include #include #include -#include #include #include #include diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 5c23afb31ece..06c2ccf26ed3 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -12,7 +12,6 @@ #include #include #include -#include #include #include #include diff --git a/security/lsm_audit.c b/security/lsm_audit.c index acba3dfc8d29..893365b79a29 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include diff --git a/security/selinux/netif.c b/security/selinux/netif.c index b4e14bc0bf32..d6095d63d831 100644 --- a/security/selinux/netif.c +++ b/security/selinux/netif.c @@ -16,6 +16,7 @@ */ #include #include +#include #include #include #include diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 2534400317c5..628da72ee763 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -29,6 +29,7 @@ #include #include +#include #include #include #include diff --git a/security/selinux/netlink.c b/security/selinux/netlink.c index 1ae556446e65..0e147b6914ad 100644 --- a/security/selinux/netlink.c +++ b/security/selinux/netlink.c @@ -11,6 +11,7 @@ */ #include #include +#include #include #include #include diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c index 7100072bb1b0..dc92792271f1 100644 --- a/security/selinux/netnode.c +++ b/security/selinux/netnode.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include diff --git a/security/selinux/netport.c b/security/selinux/netport.c index fe7fba67f19f..cfe2d72d3fb7 100644 --- a/security/selinux/netport.c +++ b/security/selinux/netport.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #include diff --git a/security/selinux/ss/symtab.c b/security/selinux/ss/symtab.c index 837658a98a54..bcf9f620426e 100644 --- a/security/selinux/ss/symtab.c +++ b/security/selinux/ss/symtab.c @@ -4,7 +4,6 @@ * Author : Stephen Smalley, */ #include -#include #include #include #include "symtab.h" diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index f3cb9ed731a9..fff78d3b51a2 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -38,6 +38,7 @@ #include #include #include +#include #include #include #include diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 0f9ac8146900..f4fac64c4da8 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -11,6 +11,7 @@ */ #include +#include #include #include #include "smack.h" diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 5225e668dbf0..fdfeaa2f28ec 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index aeead7585093..a2b72d77f926 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index ef89947a774b..975c45d88baa 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -10,6 +10,7 @@ */ #include +#include #include #include #include "common.h" diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 66caaa1b842a..acb8c397d5cf 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -11,6 +11,7 @@ #include "common.h" #include +#include /* Variables definitions.*/ diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 1b24304edb7d..6f3fe76a1fde 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -10,6 +10,7 @@ */ #include "common.h" +#include /* Keyword array for single path operations. */ static const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = { diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index 9645525ccdd4..d9ad35bc7fa8 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c @@ -9,6 +9,7 @@ #include "common.h" #include +#include enum tomoyo_gc_id { TOMOYO_ID_DOMAIN_INITIALIZER, diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index cf7d61f781b9..c225c65ce426 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -15,6 +15,7 @@ #include #include #include +#include #include "common.h" /** -- cgit v1.2.3 From 6c9ff1013b7a21099da838eeef7c3f23ee347957 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Mon, 15 Mar 2010 10:42:11 -0400 Subject: SELinux: Reduce max avtab size to avoid page allocation failures Reduce MAX_AVTAB_HASH_BITS so that the avtab allocation is an order 2 allocation rather than an order 4 allocation on x86_64. This addresses reports of page allocation failures: http://marc.info/?l=selinux&m=126757230625867&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=570433 Reported-by: Russell Coker Signed-off-by: Stephen D. Smalley Acked-by: Eric Paris Signed-off-by: James Morris --- security/selinux/ss/avtab.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h index 8da6a8428086..cd4f734e2749 100644 --- a/security/selinux/ss/avtab.h +++ b/security/selinux/ss/avtab.h @@ -82,7 +82,7 @@ struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified void avtab_cache_init(void); void avtab_cache_destroy(void); -#define MAX_AVTAB_HASH_BITS 13 +#define MAX_AVTAB_HASH_BITS 11 #define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS) #define MAX_AVTAB_HASH_MASK (MAX_AVTAB_HASH_BUCKETS-1) #define MAX_AVTAB_SIZE MAX_AVTAB_HASH_BUCKETS -- cgit v1.2.3 From b338cc8207eae46640a8d534738fda7b5e48511d Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Thu, 22 Apr 2010 12:05:35 +0200 Subject: security: testing the wrong variable in create_by_name() There is a typo here. We should be testing "*dentry" instead of "dentry". If "*dentry" is an ERR_PTR, it gets dereferenced in either mkdir() or create() which would cause an OOPs. Signed-off-by: Dan Carpenter Signed-off-by: James Morris --- security/inode.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'security') diff --git a/security/inode.c b/security/inode.c index c3a793881d04..1c812e874504 100644 --- a/security/inode.c +++ b/security/inode.c @@ -161,13 +161,13 @@ static int create_by_name(const char *name, mode_t mode, mutex_lock(&parent->d_inode->i_mutex); *dentry = lookup_one_len(name, parent, strlen(name)); - if (!IS_ERR(dentry)) { + if (!IS_ERR(*dentry)) { if ((mode & S_IFMT) == S_IFDIR) error = mkdir(parent->d_inode, *dentry, mode); else error = create(parent->d_inode, *dentry, mode); } else - error = PTR_ERR(dentry); + error = PTR_ERR(*dentry); mutex_unlock(&parent->d_inode->i_mutex); return error; -- cgit v1.2.3 From 93b4a44f3ad69520d605aace3f3486b8eb754b96 Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 23 Apr 2010 13:18:00 -0400 Subject: keys: fix an RCU warning Fix the following RCU warning: =================================================== [ INFO: suspicious rcu_dereference_check() usage. ] --------------------------------------------------- security/keys/request_key.c:116 invoked rcu_dereference_check() without protection! This was caused by doing: [root@andromeda ~]# keyctl newring fred @s 539196288 [root@andromeda ~]# keyctl request2 user a a 539196288 request_key: Required key not available Signed-off-by: David Howells Acked-by: Eric Dumazet Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/keys/request_key.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'security') diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 03fe63ed55bd..ea97c3120d66 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c @@ -68,7 +68,8 @@ static int call_sbin_request_key(struct key_construction *cons, { const struct cred *cred = current_cred(); key_serial_t prkey, sskey; - struct key *key = cons->key, *authkey = cons->authkey, *keyring; + struct key *key = cons->key, *authkey = cons->authkey, *keyring, + *session; char *argv[9], *envp[3], uid_str[12], gid_str[12]; char key_str[12], keyring_str[3][12]; char desc[20]; @@ -112,10 +113,12 @@ static int call_sbin_request_key(struct key_construction *cons, if (cred->tgcred->process_keyring) prkey = cred->tgcred->process_keyring->serial; - if (cred->tgcred->session_keyring) - sskey = rcu_dereference(cred->tgcred->session_keyring)->serial; - else - sskey = cred->user->session_keyring->serial; + rcu_read_lock(); + session = rcu_dereference(cred->tgcred->session_keyring); + if (!session) + session = cred->user->session_keyring; + sskey = session->serial; + rcu_read_unlock(); sprintf(keyring_str[2], "%d", sskey); -- cgit v1.2.3 From b59ec78cdcc57e02bc3dddfa7134a2f0fd15c34d Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 27 Apr 2010 14:05:11 -0700 Subject: keys: don't need to use RCU in keyring_read() as semaphore is held keyring_read() doesn't need to use rcu_dereference() to access the keyring payload as the caller holds the key semaphore to prevent modifications from happening whilst the data is read out. This should solve the following warning: =================================================== [ INFO: suspicious rcu_dereference_check() usage. ] --------------------------------------------------- security/keys/keyring.c:204 invoked rcu_dereference_check() without protection! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 0 1 lock held by keyctl/2144: #0: (&key->sem){+++++.}, at: [] keyctl_read_key+0x9c/0xcf stack backtrace: Pid: 2144, comm: keyctl Not tainted 2.6.34-rc2-cachefs #113 Call Trace: [] lockdep_rcu_dereference+0xaa/0xb2 [] keyring_read+0x4d/0xe7 [] keyctl_read_key+0xac/0xcf [] sys_keyctl+0x75/0xb9 [] system_call_fastpath+0x16/0x1b Signed-off-by: David Howells Cc: Herbert Xu Signed-off-by: Andrew Morton Signed-off-by: James Morris --- security/keys/keyring.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/keys/keyring.c b/security/keys/keyring.c index e814d2109f8e..dd7cd0f8e13c 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -201,7 +201,7 @@ static long keyring_read(const struct key *keyring, int loop, ret; ret = 0; - klist = rcu_dereference(keyring->payload.subscriptions); + klist = keyring->payload.subscriptions; if (klist) { /* calculate how much data we could return */ -- cgit v1.2.3 From 03449cd9eaa4fa3a7faa4a59474bafe2e90bd143 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 27 Apr 2010 13:13:08 -0700 Subject: keys: the request_key() syscall should link an existing key to the dest keyring The request_key() system call and request_key_and_link() should make a link from an existing key to the destination keyring (if supplied), not just from a new key to the destination keyring. This can be tested by: ring=`keyctl newring fred @s` keyctl request2 user debug:a a keyctl request user debug:a $ring keyctl list $ring If it says: keyring is empty then it didn't work. If it shows something like: 1 key in keyring: 1070462727: --alswrv 0 0 user: debug:a then it did. request_key() system call is meant to recursively search all your keyrings for the key you desire, and, optionally, if it doesn't exist, call out to userspace to create one for you. If request_key() finds or creates a key, it should, optionally, create a link to that key from the destination keyring specified. Therefore, if, after a successful call to request_key() with a desination keyring specified, you see the destination keyring empty, the code didn't work correctly. If you see the found key in the keyring, then it did - which is what the patch is required for. Signed-off-by: David Howells Cc: James Morris Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/keys/request_key.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'security') diff --git a/security/keys/request_key.c b/security/keys/request_key.c index ea97c3120d66..d737cea5347c 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c @@ -339,8 +339,10 @@ static int construct_alloc_key(struct key_type *type, key_already_present: mutex_unlock(&key_construction_mutex); - if (dest_keyring) + if (dest_keyring) { + __key_link(dest_keyring, key_ref_to_ptr(key_ref)); up_write(&dest_keyring->sem); + } mutex_unlock(&user->cons_lock); key_put(key); *_key = key = key_ref_to_ptr(key_ref); @@ -431,6 +433,11 @@ struct key *request_key_and_link(struct key_type *type, if (!IS_ERR(key_ref)) { key = key_ref_to_ptr(key_ref); + if (dest_keyring) { + construct_get_dest_keyring(&dest_keyring); + key_link(dest_keyring, key); + key_put(dest_keyring); + } } else if (PTR_ERR(key_ref) != -EAGAIN) { key = ERR_CAST(key_ref); } else { -- cgit v1.2.3 From d9a9b4aeea334e7912ce3d878d7f5cc6fdf1ffe4 Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 30 Apr 2010 14:32:08 +0100 Subject: KEYS: Fix an RCU warning in the reading of user keys Fix an RCU warning in the reading of user keys: =================================================== [ INFO: suspicious rcu_dereference_check() usage. ] --------------------------------------------------- security/keys/user_defined.c:202 invoked rcu_dereference_check() without protection! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 0 1 lock held by keyctl/3637: #0: (&key->sem){+++++.}, at: [] keyctl_read_key+0x9c/0xcf stack backtrace: Pid: 3637, comm: keyctl Not tainted 2.6.34-rc5-cachefs #18 Call Trace: [] lockdep_rcu_dereference+0xaa/0xb2 [] user_read+0x47/0x91 [] keyctl_read_key+0xac/0xcf [] sys_keyctl+0x75/0xb7 [] system_call_fastpath+0x16/0x1b Signed-off-by: David Howells Acked-by: Serge Hallyn Signed-off-by: James Morris --- security/keys/user_defined.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'security') diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c index 7c687d568221..e9aa07929656 100644 --- a/security/keys/user_defined.c +++ b/security/keys/user_defined.c @@ -199,7 +199,8 @@ long user_read(const struct key *key, char __user *buffer, size_t buflen) struct user_key_payload *upayload; long ret; - upayload = rcu_dereference(key->payload.data); + upayload = rcu_dereference_protected( + key->payload.data, rwsem_is_locked(&((struct key *)key)->sem)); ret = upayload->datalen; /* we can return the data as is */ -- cgit v1.2.3 From cf8304e8f380903de3a15dc6ebd551c9e6cf1a21 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 4 May 2010 14:16:10 +0100 Subject: KEYS: Fix RCU handling in key_gc_keyring() key_gc_keyring() needs to either hold the RCU read lock or hold the keyring semaphore if it's going to scan the keyring's list. Given that it only needs to read the key list, and it's doing so under a spinlock, the RCU read lock is the thing to use. Furthermore, the RCU check added in e7b0a61b7929632d36cf052d9e2820ef0a9c1bfe is incorrect as holding the spinlock on key_serial_lock is not grounds for assuming a keyring's pointer list can be read safely. Instead, a simple rcu_dereference() inside of the previously mentioned RCU read lock is what we want. Reported-by: Serge E. Hallyn Signed-off-by: David Howells Acked-by: Serge Hallyn Acked-by: "Paul E. McKenney" Signed-off-by: James Morris --- security/keys/gc.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'security') diff --git a/security/keys/gc.c b/security/keys/gc.c index 19902319d097..a46e825cbf02 100644 --- a/security/keys/gc.c +++ b/security/keys/gc.c @@ -77,10 +77,10 @@ static bool key_gc_keyring(struct key *keyring, time_t limit) goto dont_gc; /* scan the keyring looking for dead keys */ - klist = rcu_dereference_check(keyring->payload.subscriptions, - lockdep_is_held(&key_serial_lock)); + rcu_read_lock(); + klist = rcu_dereference(keyring->payload.subscriptions); if (!klist) - goto dont_gc; + goto unlock_dont_gc; for (loop = klist->nkeys - 1; loop >= 0; loop--) { key = klist->keys[loop]; @@ -89,11 +89,14 @@ static bool key_gc_keyring(struct key *keyring, time_t limit) goto do_gc; } +unlock_dont_gc: + rcu_read_unlock(); dont_gc: kleave(" = false"); return false; do_gc: + rcu_read_unlock(); key_gc_cursor = keyring->serial; key_get(keyring); spin_unlock(&key_serial_lock); -- cgit v1.2.3