1) held spinlocks are not equivalent to rcu_read_lock

2) access to current_cred() is safe as only current can modify its
   own credentials.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: James Morris <jmorris@namei.org>
Cc: linux-security-module@vger.kernel.org

---
 security/keys/permission.c |    3 +--
 security/keys/proc.c       |    2 --
 2 files changed, 1 insertion(+), 4 deletions(-)

Index: linux-2.6-tip/security/keys/permission.c
===================================================================
--- linux-2.6-tip.orig/security/keys/permission.c
+++ linux-2.6-tip/security/keys/permission.c
@@ -23,8 +23,7 @@
  * Check to see whether permission is granted to use a key in the desired way,
  * but permit the security modules to override.
  *
- * The caller must hold either a ref on cred or must hold the RCU readlock or a
- * spinlock.
+ * The caller must hold either a ref on cred or must hold the RCU readlock.
  */
 int key_task_permission(const key_ref_t key_ref, const struct cred *cred,
 			key_perm_t perm)
Index: linux-2.6-tip/security/keys/proc.c
===================================================================
--- linux-2.6-tip.orig/security/keys/proc.c
+++ linux-2.6-tip/security/keys/proc.c
@@ -194,8 +194,6 @@ static int proc_keys_show(struct seq_fil
 
 	/* check whether the current task is allowed to view the key (assuming
 	 * non-possession)
-	 * - the caller holds a spinlock, and thus the RCU read lock, making our
-	 *   access to __current_cred() safe
 	 */
 	rc = key_task_permission(make_key_ref(key, 0), current_cred(),
 				 KEY_VIEW);


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/