lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20100421201219.GJ2563@linux.vnet.ibm.com>
Date:	Wed, 21 Apr 2010 13:12:19 -0700
From:	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
To:	David Howells <dhowells@...hat.com>
Cc:	torvalds@...l.org, akpm@...ux-foundation.org,
	eric.dumazet@...il.com, keyrings@...ux-nfs.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KEYS: Fix an RCU warning in the reading of user keys

On Wed, Apr 21, 2010 at 05:36:35PM +0100, David Howells wrote:
> Fix an RCU warning in the reading of user keys:
> 
> ===================================================
> [ INFO: suspicious rcu_dereference_check() usage. ]
> ---------------------------------------------------
> security/keys/user_defined.c:202 invoked rcu_dereference_check() without protection!
> 
> other info that might help us debug this:
> 
> 
> rcu_scheduler_active = 1, debug_locks = 0
> 1 lock held by keyctl/3637:
>  #0:  (&key->sem){+++++.}, at: [<ffffffff811a80ae>] keyctl_read_key+0x9c/0xcf
> 
> stack backtrace:
> Pid: 3637, comm: keyctl Not tainted 2.6.34-rc5-cachefs #18
> Call Trace:
>  [<ffffffff81051f6c>] lockdep_rcu_dereference+0xaa/0xb2
>  [<ffffffff811aa55f>] user_read+0x47/0x91
>  [<ffffffff811a80be>] keyctl_read_key+0xac/0xcf
>  [<ffffffff811a8a06>] sys_keyctl+0x75/0xb7
>  [<ffffffff81001eeb>] system_call_fastpath+0x16/0x1b

Queued for 2.6.34, thank you David!

							Thanx, Paul

> Signed-off-by: David Howells <dhowells@...hat.com>
> ---
> 
>  security/keys/user_defined.c |    3 ++-
>  1 files changed, 2 insertions(+), 1 deletions(-)
> 
> diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
> index 7c687d5..e9aa079 100644
> --- a/security/keys/user_defined.c
> +++ b/security/keys/user_defined.c
> @@ -199,7 +199,8 @@ long user_read(const struct key *key, char __user *buffer, size_t buflen)
>  	struct user_key_payload *upayload;
>  	long ret;
> 
> -	upayload = rcu_dereference(key->payload.data);
> +	upayload = rcu_dereference_protected(
> +		key->payload.data, rwsem_is_locked(&((struct key *)key)->sem));
>  	ret = upayload->datalen;
> 
>  	/* we can return the data as is */
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ