From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S968831AbdIZUOr (ORCPT ); Tue, 26 Sep 2017 16:14:47 -0400 Received: from mail-pf0-f194.google.com ([209.85.192.194]:35962 "EHLO mail-pf0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S968704AbdIZUOb (ORCPT ); Tue, 26 Sep 2017 16:14:31 -0400 X-Google-Smtp-Source: AOwi7QAQFW+ApDaLovloAPi6NnySjG92eCUOZsUtGeOuMNst7V1gvxR/OIlfBjYohIPgtqRAYNP1vw== From: Eric Biggers To: keyrings@vger.kernel.org Cc: David Howells , Michael Halcrow , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, Eric Biggers Subject: [PATCH v2 3/6] KEYS: load key flags and expiry time atomically in key_validate() Date: Tue, 26 Sep 2017 13:11:02 -0700 Message-Id: <20170926201105.126166-4-ebiggers3@gmail.com> X-Mailer: git-send-email 2.14.1.992.g2c7b836f3a-goog In-Reply-To: <20170926201105.126166-1-ebiggers3@gmail.com> References: <20170926201105.126166-1-ebiggers3@gmail.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Biggers In key_validate(), load the flags and expiry time once atomically, since these can change concurrently if key_validate() is called without the key semaphore held. And we don't want to get inconsistent results if a variable is referenced multiple times. For example, key->expiry was referenced in both 'if (key->expiry)' and in 'if (now.tv_sec >= key->expiry)', making it theoretically possible to see a spurious EKEYEXPIRED while the expiration time was being removed, i.e. set to 0. Signed-off-by: Eric Biggers --- security/keys/permission.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/security/keys/permission.c b/security/keys/permission.c index 732cc0beffdf..a72b4dd70c8a 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c @@ -88,7 +88,8 @@ EXPORT_SYMBOL(key_task_permission); */ int key_validate(const struct key *key) { - unsigned long flags = key->flags; + unsigned long flags = READ_ONCE(key->flags); + time_t expiry = READ_ONCE(key->expiry); if (flags & (1 << KEY_FLAG_INVALIDATED)) return -ENOKEY; @@ -99,9 +100,9 @@ int key_validate(const struct key *key) return -EKEYREVOKED; /* check it hasn't expired */ - if (key->expiry) { + if (expiry) { struct timespec now = current_kernel_time(); - if (now.tv_sec >= key->expiry) + if (now.tv_sec >= expiry) return -EKEYEXPIRED; } -- 2.14.1.992.g2c7b836f3a-goog