Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2c7143d4 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 

Pull key handling bugfix from James Morris:
 "Fix a race between keyctl_read() and keyctl_revoke()"

* 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  KEYS: Fix race between read and revoke
parents 74bf8efb b4a1b4f5

security/keys/keyctl.c

+9 −9
Original line number Original line Diff line number Diff line
@@ -751,17 +751,17 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) 




	/* the key is probably readable - now try to read it */

	/* the key is probably readable - now try to read it */

can_read_key:

can_read_key:

	ret = key_validate(key);

	if (ret == 0) {

	ret = -EOPNOTSUPP;

	ret = -EOPNOTSUPP;

	if (key->type->read) {

	if (key->type->read) {

			/* read the data with the semaphore held (since we

		/* Read the data with the semaphore held (since we might sleep)

			 * might sleep) */

		 * to protect against the key being updated or revoked.

		 */

		down_read(&key->sem);

		down_read(&key->sem);

		ret = key_validate(key);

		if (ret == 0)

			ret = key->type->read(key, buffer, buflen);

			ret = key->type->read(key, buffer, buflen);

		up_read(&key->sem);

		up_read(&key->sem);

	}

	}

	}





error2:

error2:

	key_put(key);

	key_put(key);