Re: [PATCH 3/7] KEYS: Use RCU dereference wrappers in keyring key type code

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Serge E. Hallyn" <serue@us.ibm.com>
To: David Howells <dhowells@redhat.com>
Cc: torvalds@osdl.org, akpm@linux-foundation.org,
	keyrings@linux-nfs.org, linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/7] KEYS: Use RCU dereference wrappers in keyring key type code
Date: Mon, 3 May 2010 17:30:23 -0500	[thread overview]
Message-ID: <20100503223023.GC6968@us.ibm.com> (raw)
In-Reply-To: <20100430133218.2126.28129.stgit@warthog.procyon.org.uk>

Quoting David Howells (dhowells@redhat.com):
> The keyring key type code should use RCU dereference wrappers, even when it
> holds the keyring's key semaphore.
> 
> Reported-by: Vegard Nossum <vegard.nossum@gmail.com>
> Signed-off-by: David Howells <dhowells@redhat.com>

Acked-by: Serge Hallyn <serue@us.ibm.com>


<shrug> does this mean that the
        klist = rcu_dereference_check(keyring->payload.subscriptions,
				      lockdep_is_held(&key_serial_lock));
in security/keys/gc.c:key_gc_keyring() should become a
rcu_dereference_protected() to avoid the rcu_dereference_raw() and for
consistency?

> ---
> 
>  security/keys/keyring.c |   23 +++++++++++++----------
>  1 files changed, 13 insertions(+), 10 deletions(-)
> 
> diff --git a/security/keys/keyring.c b/security/keys/keyring.c
> index d570824..63385af 100644
> --- a/security/keys/keyring.c
> +++ b/security/keys/keyring.c
> @@ -20,6 +20,11 @@
>  #include <linux/uaccess.h>
>  #include "internal.h"
> 
> +#define rcu_dereference_locked_keyring(keyring)				\
> +	(rcu_dereference_protected(					\
> +		(keyring)->payload.subscriptions,			\
> +		rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))
> +
>  /*
>   * when plumbing the depths of the key tree, this sets a hard limit set on how
>   * deep we're willing to go
> @@ -201,8 +206,7 @@ static long keyring_read(const struct key *keyring,
>  	int loop, ret;
> 
>  	ret = 0;
> -	klist = keyring->payload.subscriptions;
> -
> +	klist = rcu_dereference_locked_keyring(keyring);

Weird, this was a straight rcu_dereference in my tree (which would
still deserve a switch for the same reason as patch 1 of course)

>  	if (klist) {
>  		/* calculate how much data we could return */
>  		qty = klist->nkeys * sizeof(key_serial_t);
> @@ -720,8 +724,7 @@ int __key_link(struct key *keyring, struct key *key)
>  	}
> 
>  	/* see if there's a matching key we can displace */
> -	klist = keyring->payload.subscriptions;
> -
> +	klist = rcu_dereference_locked_keyring(keyring);
>  	if (klist && klist->nkeys > 0) {
>  		struct key_type *type = key->type;
> 
> @@ -765,8 +768,6 @@ int __key_link(struct key *keyring, struct key *key)
>  	if (ret < 0)
>  		goto error2;
> 
> -	klist = keyring->payload.subscriptions;
> -

huh, yeah, seems to have been there and unneeded since at least 2007.

-serge

next prev parent reply	other threads:[~2010-05-03 22:30 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-04-30 13:32 [PATCH 1/7] KEYS: Fix an RCU warning in the reading of user keys David Howells
2010-04-30 13:32 ` [PATCH 2/7] KEYS: find_keyring_by_name() can gain access to a freed keyring David Howells
2010-05-03 22:14   ` Serge E. Hallyn
2010-04-30 13:32 ` [PATCH 3/7] KEYS: Use RCU dereference wrappers in keyring key type code David Howells
2010-05-03 22:30   ` Serge E. Hallyn [this message]
2010-05-04 13:00     ` David Howells
2010-04-30 13:32 ` [PATCH 4/7] KEYS: call_sbin_request_key() must write lock keyrings before modifying them David Howells
2010-04-30 13:32 ` [PATCH 5/7] KEYS: keyring_serialise_link_sem is only needed for keyring->keyring links David Howells
2010-04-30 13:32 ` [PATCH 6/7] KEYS: Better handling of errors from construct_alloc_key() David Howells
2010-04-30 13:32 ` [PATCH 7/7] KEYS: Do preallocation for __key_link() David Howells
2010-05-03 22:04 ` [PATCH 1/7] KEYS: Fix an RCU warning in the reading of user keys Serge E. Hallyn
2010-05-04 12:48   ` David Howells
2010-05-06  2:45 ` James Morris
2010-05-06 10:38   ` David Howells
2010-05-06 12:25     ` James Morris

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100503223023.GC6968@us.ibm.com \
    --to=serue@us.ibm.com \
    --cc=akpm@linux-foundation.org \
    --cc=dhowells@redhat.com \
    --cc=keyrings@linux-nfs.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=torvalds@osdl.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.