From b610206717f2191b9f90685e893ceffdfcd3405b Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Thu, 10 Dec 2009 00:14:13 +0100 Subject: [PATCH] security: Fix invalid rcu assumptions in comments commit 0fe4f5edc70f432565bfbc4bb10b1d7b2222fd48 in tip. 1) held spinlocks are not equivalent to rcu_read_lock 2) access to current_cred() is safe as only current can modify its own credentials. Signed-off-by: Thomas Gleixner Cc: James Morris Cc: linux-security-module@vger.kernel.org Signed-off-by: Paul Gortmaker --- security/keys/permission.c | 3 +-- security/keys/proc.c | 2 -- 2 files changed, 1 insertions(+), 4 deletions(-) diff --git a/security/keys/permission.c b/security/keys/permission.c index 0ed802c..5d16a18 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c @@ -23,8 +23,7 @@ * Check to see whether permission is granted to use a key in the desired way, * but permit the security modules to override. * - * The caller must hold either a ref on cred or must hold the RCU readlock or a - * spinlock. + * The caller must hold either a ref on cred or must hold the RCU readlock. */ int key_task_permission(const key_ref_t key_ref, const struct cred *cred, key_perm_t perm) diff --git a/security/keys/proc.c b/security/keys/proc.c index 706d63f..fb0a124 100644 --- a/security/keys/proc.c +++ b/security/keys/proc.c @@ -193,8 +193,6 @@ static int proc_keys_show(struct seq_file *m, void *v) /* check whether the current task is allowed to view the key (assuming * non-possession) - * - the caller holds a spinlock, and thus the RCU read lock, making our - * access to __current_cred() safe */ rc = key_task_permission(make_key_ref(key, 0), current_cred(), KEY_VIEW); -- 1.7.0.4