diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2015-12-28 10:35:19 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2015-12-28 10:35:19 -0800 |
| commit | 2c7143d4f5cd5c31c7ebe7aa57b273145cdb1808 (patch) | |
| tree | d19593b70eb85028aa244cb02675bbbf09aa16e1 | |
| parent | 74bf8efb5fa6e958d2d7c7917b8bb672085ec0c6 (diff) | |
| parent | b4a1b4f5047e4f54e194681125c74c0aa64d637d (diff) | |
| download | linux-2c7143d4f5cd5c31c7ebe7aa57b273145cdb1808.tar.gz | |
Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull key handling bugfix from James Morris:
"Fix a race between keyctl_read() and keyctl_revoke()"
* 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
KEYS: Fix race between read and revoke
| -rw-r--r-- | security/keys/keyctl.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index fb111eafcb893e..1c3872aeed14ac 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -751,16 +751,16 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) /* the key is probably readable - now try to read it */ can_read_key: - ret = key_validate(key); - if (ret == 0) { - ret = -EOPNOTSUPP; - if (key->type->read) { - /* read the data with the semaphore held (since we - * might sleep) */ - down_read(&key->sem); + ret = -EOPNOTSUPP; + if (key->type->read) { + /* Read the data with the semaphore held (since we might sleep) + * to protect against the key being updated or revoked. + */ + down_read(&key->sem); + ret = key_validate(key); + if (ret == 0) ret = key->type->read(key, buffer, buflen); - up_read(&key->sem); - } + up_read(&key->sem); } error2: |