Commit 2c7143d4 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull key handling bugfix from James Morris:
 "Fix a race between keyctl_read() and keyctl_revoke()"

* 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  KEYS: Fix race between read and revoke
parents 74bf8efb b4a1b4f5
...@@ -751,16 +751,16 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) ...@@ -751,16 +751,16 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
/* the key is probably readable - now try to read it */ /* the key is probably readable - now try to read it */
can_read_key: can_read_key:
ret = key_validate(key); ret = -EOPNOTSUPP;
if (ret == 0) { if (key->type->read) {
ret = -EOPNOTSUPP; /* Read the data with the semaphore held (since we might sleep)
if (key->type->read) { * to protect against the key being updated or revoked.
/* read the data with the semaphore held (since we */
* might sleep) */ down_read(&key->sem);
down_read(&key->sem); ret = key_validate(key);
if (ret == 0)
ret = key->type->read(key, buffer, buflen); ret = key->type->read(key, buffer, buflen);
up_read(&key->sem); up_read(&key->sem);
}
} }
error2: error2:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment