diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2026-05-28 21:45:41 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2026-06-01 18:54:54 +0300 |
| commit | 66288dcadf80974436250e9f70ed848836b835b5 (patch) | |
| tree | c3047468c14c3cf26ca704971b534039ab90556c /tools/lib/python/kdoc/python_version.py | |
| parent | 277b03a518bd83684a0513f7ca96e5ee2f197536 (diff) | |
| download | linux-66288dcadf80974436250e9f70ed848836b835b5.tar.xz | |
security/keys: fix missed RCU read section on lookup
commit 43a1e3744548e6fd85873e6fb43e293eb4010694 upstream.
Nicholas Carlini reports that the keyring code calls assoc_array_find()
in find_key_to_update() without holding the RCU read lock, while the
assoc_array_gc() code really is designed around removing the node from
the tree and then freeing it after an RCU grace-period.
The regular key handling doesn't see this because holding the keyring
semaphore hides any lifetime issues, but the persistent key handling
uses a different model.
Instead of extending the keyring locking, just do the simple RCU locking
that the assoc_array was designed for.
Reported-by: Nicholas Carlini <npc@anthropic.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Paul Moore <paul@paul-moore.com>
Cc: James Morris James Morris <jmorris@namei.org>
Cc: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'tools/lib/python/kdoc/python_version.py')
0 files changed, 0 insertions, 0 deletions