KEYS: Add missing smp_rmb() primitives to the keyring search code

Add missing smp_rmb() primitives to the keyring search code. When keyring payloads are appended to without replacement (thus using up spare slots in the key pointer array), an smp_wmb() is issued between the pointer assignment and the increment of the key count (nkeys). There should be corresponding read barriers between the read of nkeys and dereferences of keys[n] when n is dependent on the value of nkeys. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
author: David Howells <dhowells@redhat.com> 2012-01-17 15:39:40 -0500
committer: James Morris <jmorris@namei.org> 2012-01-17 18:41:27 -0500
commit: efde8b6e16f11e7d1681c68d86c7fd51053cada7 (patch)
tree: 4fb5e80428c4f36c5da35ff3319cd71c1771451c /security/keys/gc.c
parent: 25add8cf99c9ec8b8dc0acd8b9241e963fc0d29c (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/security/keys/gc.c b/security/keys/gc.c
index bf4d8da5a79..a42b45531aa 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -145,7 +145,9 @@ static void key_gc_keyring(struct key *keyring, time_t limit)
        if (!klist)
                goto unlock_dont_gc;
-        for (loop = klist->nkeys - 1; loop >= 0; loop--) {
+        loop = klist->nkeys;
+        smp_rmb();
+        for (loop--; loop >= 0; loop--) {
                key = klist->keys[loop];
                if (test_bit(KEY_FLAG_DEAD, &key->flags) ||
                    (key->expiry > 0 && key->expiry <= limit))
author	David Howells <dhowells@redhat.com>	2012-01-17 15:39:40 -0500
committer	James Morris <jmorris@namei.org>	2012-01-17 18:41:27 -0500
commit	efde8b6e16f11e7d1681c68d86c7fd51053cada7 (patch)
tree	4fb5e80428c4f36c5da35ff3319cd71c1771451c /security/keys/gc.c
parent	25add8cf99c9ec8b8dc0acd8b9241e963fc0d29c (diff)