Re: [PATCH] keys: safe concurrent user->{session,uid}_keyring access

From: James Morris
Date: Wed Apr 10 2019 - 13:31:07 EST

Next message: Kees Cook: "Re: [PATCH] lib/Kconfig.debug: Fix build error without CONFIG_BLOCK"
Previous message: James Morris: "Re: [PATCH] security: don't use RCU accessors for cred->session_keyring"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 27 Mar 2019, Jann Horn wrote:

> The current code can perform concurrent updates and reads on
> user->session_keyring and user->uid_keyring. Add a comment to
> struct user_struct to document the nontrivial locking semantics, and use
> READ_ONCE() for unlocked readers and smp_store_release() for writers to
> prevent memory ordering issues.
>
> Fixes: 69664cf16af4 ("keys: don't generate user and user session keyrings unless they're accessed")
> Signed-off-by: Jann Horn <jannh@xxxxxxxxxx>

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-general

--
James Morris
<jmorris@xxxxxxxxx>

Next message: Kees Cook: "Re: [PATCH] lib/Kconfig.debug: Fix build error without CONFIG_BLOCK"
Previous message: James Morris: "Re: [PATCH] security: don't use RCU accessors for cred->session_keyring"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]