aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys/key.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2006-06-22 17:47:18 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-06-22 18:05:56 -0400
commit04c567d9313e4927b9835361d8ac0318ce65af6b (patch)
treed040ef59337342603f2cc30917493fb6a74a212a /security/keys/key.c
parentd720024e94de4e8b7f10ee83c532926f3ad5d708 (diff)
[PATCH] Keys: Fix race between two instantiators of a key
Add a revocation notification method to the key type and calls it whilst the key's semaphore is still write-locked after setting the revocation flag. The patch then uses this to maintain a reference on the task_struct of the process that calls request_key() for as long as the authorisation key remains unrevoked. This fixes a potential race between two processes both of which have assumed the authority to instantiate a key (one may have forked the other for example). The problem is that there's no locking around the check for revocation of the auth key and the use of the task_struct it points to, nor does the auth key keep a reference on the task_struct. Access to the "context" pointer in the auth key must thenceforth be done with the auth key semaphore held. The revocation method is called with the target key semaphore held write-locked and the search of the context process's keyrings is done with the auth key semaphore read-locked. The check for the revocation state of the auth key just prior to searching it is done after the auth key is read-locked for the search. This ensures that the auth key can't be revoked between the check and the search. The revocation notification method is added so that the context task_struct can be released as soon as instantiation happens rather than waiting for the auth key to be destroyed, thus avoiding the unnecessary pinning of the requesting process. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/keys/key.c')
-rw-r--r--security/keys/key.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/security/keys/key.c b/security/keys/key.c
index 14a15abb7735..51f851557389 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -907,6 +907,10 @@ void key_revoke(struct key *key)
907 * it */ 907 * it */
908 down_write(&key->sem); 908 down_write(&key->sem);
909 set_bit(KEY_FLAG_REVOKED, &key->flags); 909 set_bit(KEY_FLAG_REVOKED, &key->flags);
910
911 if (key->type->revoke)
912 key->type->revoke(key);
913
910 up_write(&key->sem); 914 up_write(&key->sem);
911 915
912} /* end key_revoke() */ 916} /* end key_revoke() */