[<prev] [next>] [day] [month] [year] [list]
Message-ID: <11908.1567177954@warthog.procyon.org.uk>
Date: Fri, 30 Aug 2019 16:12:34 +0100
From: David Howells <dhowells@...hat.com>
To: Hillf Danton <hdanton@...a.com>
Cc: dhowells@...hat.com, Sachin Sant <sachinp@...ux.vnet.ibm.com>,
"linuxppc-dev@...abs.org" <linuxppc-dev@...abs.org>,
"keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: Oops (request_key_auth_describe) while running cve-2016-7042 from LTP
Hillf Danton <hdanton@...a.com> wrote:
> 1, callee has no pre defined duty to help caller in general; they should not
> try to do anything, however, to help their callers in principle due to
> limited info on their hands IMO.
Ah, no. It's entirely reasonable for an API to specify that one of its
methods will be called with one or more locks held - and that the method must
be aware of this and may make use of this.
> 3, no comment can be found in security/keys/request_key_auth.c about
> the rcu already documented.
There is API documentation in Documentation/security/keys/core.rst. If you
look at about line 1538 onwards:
* ``void (*describe)(const struct key *key, struct seq_file *p);``
This method is optional. It is called during /proc/keys reading to
summarise a key's description and payload in text form.
This method will be called with the RCU read lock held. rcu_dereference()
should be used to read the payload pointer if the payload is to be
accessed. key->datalen cannot be trusted to stay consistent with the
contents of the payload.
The description will not change, though the key's state may.
It is not safe to sleep in this method; the RCU read lock is held by the
caller.
David
Powered by blists - more mailing lists