1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
From b610206717f2191b9f90685e893ceffdfcd3405b Mon Sep 17 00:00:00 2001
From: Thomas Gleixner <tglx@linutronix.de>
Date: Thu, 10 Dec 2009 00:14:13 +0100
Subject: [PATCH] security: Fix invalid rcu assumptions in comments
commit 0fe4f5edc70f432565bfbc4bb10b1d7b2222fd48 in tip.
1) held spinlocks are not equivalent to rcu_read_lock
2) access to current_cred() is safe as only current can modify its
own credentials.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: James Morris <jmorris@namei.org>
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
---
security/keys/permission.c | 3 +--
security/keys/proc.c | 2 --
2 files changed, 1 insertions(+), 4 deletions(-)
diff --git a/security/keys/permission.c b/security/keys/permission.c
index 0ed802c..5d16a18 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -23,8 +23,7 @@
* Check to see whether permission is granted to use a key in the desired way,
* but permit the security modules to override.
*
- * The caller must hold either a ref on cred or must hold the RCU readlock or a
- * spinlock.
+ * The caller must hold either a ref on cred or must hold the RCU readlock.
*/
int key_task_permission(const key_ref_t key_ref, const struct cred *cred,
key_perm_t perm)
diff --git a/security/keys/proc.c b/security/keys/proc.c
index 706d63f..fb0a124 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -193,8 +193,6 @@ static int proc_keys_show(struct seq_file *m, void *v)
/* check whether the current task is allowed to view the key (assuming
* non-possession)
- * - the caller holds a spinlock, and thus the RCU read lock, making our
- * access to __current_cred() safe
*/
rc = key_task_permission(make_key_ref(key, 0), current_cred(),
KEY_VIEW);
--
1.7.0.4
|
