From: "Serge E. Hallyn" <serue@us.ibm.com>
To: David Howells <dhowells@redhat.com>
Cc: torvalds@osdl.org, akpm@linux-foundation.org,
keyrings@linux-nfs.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/7] KEYS: Fix an RCU warning in the reading of user keys
Date: Mon, 3 May 2010 17:04:20 -0500 [thread overview]
Message-ID: <20100503220420.GA6968@us.ibm.com> (raw)
In-Reply-To: <20100430133208.2126.56765.stgit@warthog.procyon.org.uk>
Quoting David Howells (dhowells@redhat.com):
> Fix an RCU warning in the reading of user keys:
>
> ===================================================
> [ INFO: suspicious rcu_dereference_check() usage. ]
> ---------------------------------------------------
> security/keys/user_defined.c:202 invoked rcu_dereference_check() without protection!
>
> other info that might help us debug this:
>
>
> rcu_scheduler_active = 1, debug_locks = 0
> 1 lock held by keyctl/3637:
> #0: (&key->sem){+++++.}, at: [<ffffffff811a80ae>] keyctl_read_key+0x9c/0xcf
>
> stack backtrace:
> Pid: 3637, comm: keyctl Not tainted 2.6.34-rc5-cachefs #18
> Call Trace:
> [<ffffffff81051f6c>] lockdep_rcu_dereference+0xaa/0xb2
> [<ffffffff811aa55f>] user_read+0x47/0x91
> [<ffffffff811a80be>] keyctl_read_key+0xac/0xcf
> [<ffffffff811a8a06>] sys_keyctl+0x75/0xb7
> [<ffffffff81001eeb>] system_call_fastpath+0x16/0x1b
>
> Signed-off-by: David Howells <dhowells@redhat.com>
heck it also serves to document it a bit, as looking at the fn
itself it's not clear that it is called under key->sem.
Acked-by: Serge Hallyn <serue@us.ibm.com>
> ---
>
> security/keys/user_defined.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
> index 7c687d5..e9aa079 100644
> --- a/security/keys/user_defined.c
> +++ b/security/keys/user_defined.c
> @@ -199,7 +199,8 @@ long user_read(const struct key *key, char __user *buffer, size_t buflen)
> struct user_key_payload *upayload;
> long ret;
>
> - upayload = rcu_dereference(key->payload.data);
> + upayload = rcu_dereference_protected(
> + key->payload.data, rwsem_is_locked(&((struct key *)key)->sem));
> ret = upayload->datalen;
>
> /* we can return the data as is */
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2010-05-03 22:04 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-30 13:32 [PATCH 1/7] KEYS: Fix an RCU warning in the reading of user keys David Howells
2010-04-30 13:32 ` [PATCH 2/7] KEYS: find_keyring_by_name() can gain access to a freed keyring David Howells
2010-05-03 22:14 ` Serge E. Hallyn
2010-04-30 13:32 ` [PATCH 3/7] KEYS: Use RCU dereference wrappers in keyring key type code David Howells
2010-05-03 22:30 ` Serge E. Hallyn
2010-05-04 13:00 ` David Howells
2010-04-30 13:32 ` [PATCH 4/7] KEYS: call_sbin_request_key() must write lock keyrings before modifying them David Howells
2010-04-30 13:32 ` [PATCH 5/7] KEYS: keyring_serialise_link_sem is only needed for keyring->keyring links David Howells
2010-04-30 13:32 ` [PATCH 6/7] KEYS: Better handling of errors from construct_alloc_key() David Howells
2010-04-30 13:32 ` [PATCH 7/7] KEYS: Do preallocation for __key_link() David Howells
2010-05-03 22:04 ` Serge E. Hallyn [this message]
2010-05-04 12:48 ` [PATCH 1/7] KEYS: Fix an RCU warning in the reading of user keys David Howells
2010-05-06 2:45 ` James Morris
2010-05-06 10:38 ` David Howells
2010-05-06 12:25 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100503220420.GA6968@us.ibm.com \
--to=serue@us.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=dhowells@redhat.com \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.