Re: [patch 5/9] security: Use get_task_cred() inkeyctl_session_to_parent()

From: Paul E. McKenney
Date: Wed Dec 09 2009 - 21:45:35 EST

Next message: Greg KH: "Re: [PATCH 2/3] gpiolib: add support for having symlinks undergpio class directory"
Previous message: Paul E. McKenney: "Re: [patch 1/9] sys: Fix missing rcu protection for __task_cred()access"
In reply to: Thomas Gleixner: "[patch 5/9] security: Use get_task_cred() inkeyctl_session_to_parent()"
Next in thread: Thomas Gleixner: "[patch 4/9] oom: Add missing rcu protection of __task_cred() indump_tasks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 10, 2009 at 12:53:12AM -0000, Thomas Gleixner wrote:
> Strictly this is not necessary today, but according to Paul McKenney
> it's not guaranteed that irq disabled regions will prevent RCU
> progress. That's a property of the current implementation. In
> preempt-rt this assumption is not true anymore.
>
> Use get_task_cred() to make this future proof.

Acked-by: Paul E. McKenney <paulmck@xxxxxxxxxxxxxxxxxx> from RCU perspective.

> Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: James Morris <jmorris@xxxxxxxxx>
> Cc: linux-security-module@xxxxxxxxxxxxxxx
> ---
> security/keys/keyctl.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> Index: linux-2.6-tip/security/keys/keyctl.c
> ===================================================================
> --- linux-2.6-tip.orig/security/keys/keyctl.c
> +++ linux-2.6-tip/security/keys/keyctl.c
> @@ -1237,7 +1237,7 @@ long keyctl_get_security(key_serial_t ke
> long keyctl_session_to_parent(void)
> {
> struct task_struct *me, *parent;
> - const struct cred *mycred, *pcred;
> + const struct cred *mycred, *pcred = NULL;
> struct cred *cred, *oldcred;
> key_ref_t keyring_r;
> int ret;
> @@ -1274,7 +1274,7 @@ long keyctl_session_to_parent(void)
> /* the parent and the child must have different session keyrings or
> * there's no point */
> mycred = current_cred();
> - pcred = __task_cred(parent);
> + pcred = get_task_cred(parent);
> if (mycred == pcred ||
> mycred->tgcred->session_keyring == pcred->tgcred->session_keyring)
> goto already_same;
> @@ -1312,6 +1312,7 @@ long keyctl_session_to_parent(void)
> set_ti_thread_flag(task_thread_info(parent), TIF_NOTIFY_RESUME);
>
> write_unlock_irq(&tasklist_lock);
> + put_cred(pcred);
> if (oldcred)
> put_cred(oldcred);
> return 0;
> @@ -1321,6 +1322,8 @@ already_same:
> not_permitted:
> write_unlock_irq(&tasklist_lock);
> put_cred(cred);
> + if (pcred)
> + put_cred(pcred);
> return ret;
>
> error_keyring:
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "Re: [PATCH 2/3] gpiolib: add support for having symlinks undergpio class directory"
Previous message: Paul E. McKenney: "Re: [patch 1/9] sys: Fix missing rcu protection for __task_cred()access"
In reply to: Thomas Gleixner: "[patch 5/9] security: Use get_task_cred() inkeyctl_session_to_parent()"
Next in thread: Thomas Gleixner: "[patch 4/9] oom: Add missing rcu protection of __task_cred() indump_tasks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]