diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/keys/process_keys.c | 42 | ||||
-rw-r--r-- | security/keys/request_key.c | 7 |
2 files changed, 24 insertions, 25 deletions
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 059c350cac46..972e30172687 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c | |||
@@ -1,6 +1,6 @@ | |||
1 | /* process_keys.c: management of a process's keyrings | 1 | /* process_keys.c: management of a process's keyrings |
2 | * | 2 | * |
3 | * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. | 3 | * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. |
4 | * Written by David Howells (dhowells@redhat.com) | 4 | * Written by David Howells (dhowells@redhat.com) |
5 | * | 5 | * |
6 | * This program is free software; you can redistribute it and/or | 6 | * This program is free software; you can redistribute it and/or |
@@ -181,7 +181,7 @@ static int install_process_keyring(struct task_struct *tsk) | |||
181 | goto error; | 181 | goto error; |
182 | } | 182 | } |
183 | 183 | ||
184 | /* attach or swap keyrings */ | 184 | /* attach keyring */ |
185 | spin_lock_irqsave(&tsk->sighand->siglock, flags); | 185 | spin_lock_irqsave(&tsk->sighand->siglock, flags); |
186 | if (!tsk->signal->process_keyring) { | 186 | if (!tsk->signal->process_keyring) { |
187 | tsk->signal->process_keyring = keyring; | 187 | tsk->signal->process_keyring = keyring; |
@@ -227,12 +227,14 @@ static int install_session_keyring(struct task_struct *tsk, | |||
227 | 227 | ||
228 | /* install the keyring */ | 228 | /* install the keyring */ |
229 | spin_lock_irqsave(&tsk->sighand->siglock, flags); | 229 | spin_lock_irqsave(&tsk->sighand->siglock, flags); |
230 | old = tsk->signal->session_keyring; | 230 | old = rcu_dereference(tsk->signal->session_keyring); |
231 | tsk->signal->session_keyring = keyring; | 231 | rcu_assign_pointer(tsk->signal->session_keyring, keyring); |
232 | spin_unlock_irqrestore(&tsk->sighand->siglock, flags); | 232 | spin_unlock_irqrestore(&tsk->sighand->siglock, flags); |
233 | 233 | ||
234 | ret = 0; | 234 | ret = 0; |
235 | 235 | ||
236 | /* we're using RCU on the pointer */ | ||
237 | synchronize_kernel(); | ||
236 | key_put(old); | 238 | key_put(old); |
237 | error: | 239 | error: |
238 | return ret; | 240 | return ret; |
@@ -245,8 +247,6 @@ static int install_session_keyring(struct task_struct *tsk, | |||
245 | */ | 247 | */ |
246 | int copy_thread_group_keys(struct task_struct *tsk) | 248 | int copy_thread_group_keys(struct task_struct *tsk) |
247 | { | 249 | { |
248 | unsigned long flags; | ||
249 | |||
250 | key_check(current->thread_group->session_keyring); | 250 | key_check(current->thread_group->session_keyring); |
251 | key_check(current->thread_group->process_keyring); | 251 | key_check(current->thread_group->process_keyring); |
252 | 252 | ||
@@ -254,10 +254,10 @@ int copy_thread_group_keys(struct task_struct *tsk) | |||
254 | tsk->signal->process_keyring = NULL; | 254 | tsk->signal->process_keyring = NULL; |
255 | 255 | ||
256 | /* same session keyring */ | 256 | /* same session keyring */ |
257 | spin_lock_irqsave(¤t->sighand->siglock, flags); | 257 | rcu_read_lock(); |
258 | tsk->signal->session_keyring = | 258 | tsk->signal->session_keyring = |
259 | key_get(current->signal->session_keyring); | 259 | key_get(rcu_dereference(current->signal->session_keyring)); |
260 | spin_unlock_irqrestore(¤t->sighand->siglock, flags); | 260 | rcu_read_unlock(); |
261 | 261 | ||
262 | return 0; | 262 | return 0; |
263 | 263 | ||
@@ -381,8 +381,7 @@ struct key *search_process_keyrings_aux(struct key_type *type, | |||
381 | key_match_func_t match) | 381 | key_match_func_t match) |
382 | { | 382 | { |
383 | struct task_struct *tsk = current; | 383 | struct task_struct *tsk = current; |
384 | unsigned long flags; | 384 | struct key *key, *ret, *err; |
385 | struct key *key, *ret, *err, *tmp; | ||
386 | 385 | ||
387 | /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were | 386 | /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were |
388 | * searchable, but we failed to find a key or we found a negative key; | 387 | * searchable, but we failed to find a key or we found a negative key; |
@@ -436,17 +435,18 @@ struct key *search_process_keyrings_aux(struct key_type *type, | |||
436 | } | 435 | } |
437 | 436 | ||
438 | /* search the session keyring last */ | 437 | /* search the session keyring last */ |
439 | spin_lock_irqsave(&tsk->sighand->siglock, flags); | 438 | if (tsk->signal->session_keyring) { |
440 | 439 | rcu_read_lock(); | |
441 | tmp = tsk->signal->session_keyring; | 440 | key = keyring_search_aux( |
442 | if (!tmp) | 441 | rcu_dereference(tsk->signal->session_keyring), |
443 | tmp = tsk->user->session_keyring; | 442 | type, description, match); |
444 | atomic_inc(&tmp->usage); | 443 | rcu_read_unlock(); |
445 | 444 | } | |
446 | spin_unlock_irqrestore(&tsk->sighand->siglock, flags); | 445 | else { |
446 | key = keyring_search_aux(tsk->user->session_keyring, | ||
447 | type, description, match); | ||
448 | } | ||
447 | 449 | ||
448 | key = keyring_search_aux(tmp, type, description, match); | ||
449 | key_put(tmp); | ||
450 | if (!IS_ERR(key)) | 450 | if (!IS_ERR(key)) |
451 | goto found; | 451 | goto found; |
452 | 452 | ||
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 1919540f047d..54aa7b70e63b 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
@@ -175,13 +175,12 @@ static struct key *__request_key_construction(struct key_type *type, | |||
175 | key->expiry = now.tv_sec + key_negative_timeout; | 175 | key->expiry = now.tv_sec + key_negative_timeout; |
176 | 176 | ||
177 | if (current->signal->session_keyring) { | 177 | if (current->signal->session_keyring) { |
178 | unsigned long flags; | ||
179 | struct key *keyring; | 178 | struct key *keyring; |
180 | 179 | ||
181 | spin_lock_irqsave(¤t->sighand->siglock, flags); | 180 | rcu_read_lock(); |
182 | keyring = current->signal->session_keyring; | 181 | keyring = rcu_dereference(current->signal->session_keyring); |
183 | atomic_inc(&keyring->usage); | 182 | atomic_inc(&keyring->usage); |
184 | spin_unlock_irqrestore(¤t->sighand->siglock, flags); | 183 | rcu_read_unlock(); |
185 | 184 | ||
186 | key_link(keyring, key); | 185 | key_link(keyring, key); |
187 | key_put(keyring); | 186 | key_put(keyring); |