aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2010-04-30 09:32:08 -0400
committerJames Morris <jmorris@namei.org>2010-05-04 21:38:52 -0400
commitd9a9b4aeea334e7912ce3d878d7f5cc6fdf1ffe4 (patch)
treecf822ea9020aec6bd54d986231097983680c8ede /security
parenta66f6375bdeb64d7a56c532bda7c006358845820 (diff)
KEYS: Fix an RCU warning in the reading of user keys
Fix an RCU warning in the reading of user keys: =================================================== [ INFO: suspicious rcu_dereference_check() usage. ] --------------------------------------------------- security/keys/user_defined.c:202 invoked rcu_dereference_check() without protection! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 0 1 lock held by keyctl/3637: #0: (&key->sem){+++++.}, at: [<ffffffff811a80ae>] keyctl_read_key+0x9c/0xcf stack backtrace: Pid: 3637, comm: keyctl Not tainted 2.6.34-rc5-cachefs #18 Call Trace: [<ffffffff81051f6c>] lockdep_rcu_dereference+0xaa/0xb2 [<ffffffff811aa55f>] user_read+0x47/0x91 [<ffffffff811a80be>] keyctl_read_key+0xac/0xcf [<ffffffff811a8a06>] sys_keyctl+0x75/0xb7 [<ffffffff81001eeb>] system_call_fastpath+0x16/0x1b Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/keys/user_defined.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index 7c687d568221..e9aa07929656 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -199,7 +199,8 @@ long user_read(const struct key *key, char __user *buffer, size_t buflen)
199 struct user_key_payload *upayload; 199 struct user_key_payload *upayload;
200 long ret; 200 long ret;
201 201
202 upayload = rcu_dereference(key->payload.data); 202 upayload = rcu_dereference_protected(
203 key->payload.data, rwsem_is_locked(&((struct key *)key)->sem));
203 ret = upayload->datalen; 204 ret = upayload->datalen;
204 205
205 /* we can return the data as is */ 206 /* we can return the data as is */