Commit e35ec2d2 authored by David Howells's avatar David Howells Committed by Paul E. McKenney

KEYS: Fix an RCU warning in the reading of user keys

Fix an RCU warning in the reading of user keys:

===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
security/keys/user_defined.c:202 invoked rcu_dereference_check() without protection!

other info that might help us debug this:

rcu_scheduler_active = 1, debug_locks = 0
1 lock held by keyctl/3637:
 #0:  (&key->sem){+++++.}, at: [<ffffffff811a80ae>] keyctl_read_key+0x9c/0xcf

stack backtrace:
Pid: 3637, comm: keyctl Not tainted 2.6.34-rc5-cachefs #18
Call Trace:
 [<ffffffff81051f6c>] lockdep_rcu_dereference+0xaa/0xb2
 [<ffffffff811aa55f>] user_read+0x47/0x91
 [<ffffffff811a80be>] keyctl_read_key+0xac/0xcf
 [<ffffffff811a8a06>] sys_keyctl+0x75/0xb7
 [<ffffffff81001eeb>] system_call_fastpath+0x16/0x1b
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
parent bfeb0360
...@@ -199,7 +199,8 @@ long user_read(const struct key *key, char __user *buffer, size_t buflen) ...@@ -199,7 +199,8 @@ long user_read(const struct key *key, char __user *buffer, size_t buflen)
struct user_key_payload *upayload; struct user_key_payload *upayload;
long ret; long ret;
upayload = rcu_dereference(key->payload.data); upayload = rcu_dereference_protected(
key->payload.data, rwsem_is_locked(&((struct key *)key)->sem));
ret = upayload->datalen; ret = upayload->datalen;
/* we can return the data as is */ /* we can return the data as is */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment