diff options
author | David Howells <dhowells@redhat.com> | 2010-04-30 14:32:08 +0100 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-05-05 11:38:52 +1000 |
commit | d9a9b4aeea334e7912ce3d878d7f5cc6fdf1ffe4 (patch) | |
tree | cf822ea9020aec6bd54d986231097983680c8ede /security/keys | |
parent | a66f6375bdeb64d7a56c532bda7c006358845820 (diff) | |
download | kernel_samsung_smdk4412-d9a9b4aeea334e7912ce3d878d7f5cc6fdf1ffe4.tar.gz kernel_samsung_smdk4412-d9a9b4aeea334e7912ce3d878d7f5cc6fdf1ffe4.tar.bz2 kernel_samsung_smdk4412-d9a9b4aeea334e7912ce3d878d7f5cc6fdf1ffe4.zip |
KEYS: Fix an RCU warning in the reading of user keys
Fix an RCU warning in the reading of user keys:
===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
security/keys/user_defined.c:202 invoked rcu_dereference_check() without protection!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
1 lock held by keyctl/3637:
#0: (&key->sem){+++++.}, at: [<ffffffff811a80ae>] keyctl_read_key+0x9c/0xcf
stack backtrace:
Pid: 3637, comm: keyctl Not tainted 2.6.34-rc5-cachefs #18
Call Trace:
[<ffffffff81051f6c>] lockdep_rcu_dereference+0xaa/0xb2
[<ffffffff811aa55f>] user_read+0x47/0x91
[<ffffffff811a80be>] keyctl_read_key+0xac/0xcf
[<ffffffff811a8a06>] sys_keyctl+0x75/0xb7
[<ffffffff81001eeb>] system_call_fastpath+0x16/0x1b
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/keys')
-rw-r--r-- | security/keys/user_defined.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c index 7c687d56822..e9aa0792965 100644 --- a/security/keys/user_defined.c +++ b/security/keys/user_defined.c @@ -199,7 +199,8 @@ long user_read(const struct key *key, char __user *buffer, size_t buflen) struct user_key_payload *upayload; long ret; - upayload = rcu_dereference(key->payload.data); + upayload = rcu_dereference_protected( + key->payload.data, rwsem_is_locked(&((struct key *)key)->sem)); ret = upayload->datalen; /* we can return the data as is */ |