lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHC9VhRn=EGu4+0fYup1bGdgkzWvZYpMPXKoARJf2N+4sy9g2w@mail.gmail.com>
Date: Tue, 10 Jun 2025 20:22:59 -0400
From: Paul Moore <paul@...l-moore.com>
To: David Howells <dhowells@...hat.com>
Cc: torvalds@...ux-foundation.org, Herbert Xu <herbert@...dor.apana.org.au>, 
	Jarkko Sakkinen <jarkko@...nel.org>, keyrings@...r.kernel.org, 
	linux-security-module@...r.kernel.org, linux-crypto@...r.kernel.org, 
	linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KEYS: Invert FINAL_PUT bit

On Wed, May 28, 2025 at 8:19 AM David Howells <dhowells@...hat.com> wrote:
>
> Hi Linus,
>
> Could you apply this, please?  There shouldn't be any functional change,
> rather it's a switch to using combined bit-barrier ops and lesser barriers.
> A better way to do this might be to provide set_bit_release(), but the end
> result would be much the same.
>
> Thanks,
> David
> ---
> From: Herbert Xu <herbert@...dor.apana.org.au>
>
> KEYS: Invert FINAL_PUT bit
>
> Invert the FINAL_PUT bit so that test_bit_acquire and clear_bit_unlock
> can be used instead of smp_mb.
>
> Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>
> Signed-off-by: David Howells <dhowells@...hat.com>
> Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org>
> cc: keyrings@...r.kernel.org
> cc: linux-security-module@...r.kernel.org
> cc: linux-crypto@...r.kernel.org
> cc: linux-integrity@...r.kernel.org
> ---
>  include/linux/key.h |    2 +-
>  security/keys/gc.c  |    4 ++--
>  security/keys/key.c |    5 +++--
>  3 files changed, 6 insertions(+), 5 deletions(-)

It doesn't look like this has made its way to Linus.  David or Jarkko,
do one of you want to pick this up into a tree and send this to Linus
properly?

> diff --git a/include/linux/key.h b/include/linux/key.h
> index ba05de8579ec..81b8f05c6898 100644
> --- a/include/linux/key.h
> +++ b/include/linux/key.h
> @@ -236,7 +236,7 @@ struct key {
>  #define KEY_FLAG_ROOT_CAN_INVAL        7       /* set if key can be invalidated by root without permission */
>  #define KEY_FLAG_KEEP          8       /* set if key should not be removed */
>  #define KEY_FLAG_UID_KEYRING   9       /* set if key is a user or user session keyring */
> -#define KEY_FLAG_FINAL_PUT     10      /* set if final put has happened on key */
> +#define KEY_FLAG_USER_ALIVE    10      /* set if final put has not happened on key yet */
>
>         /* the key type and key description string
>          * - the desc is used to match a key against search criteria
> diff --git a/security/keys/gc.c b/security/keys/gc.c
> index f27223ea4578..748e83818a76 100644
> --- a/security/keys/gc.c
> +++ b/security/keys/gc.c
> @@ -218,8 +218,8 @@ static void key_garbage_collector(struct work_struct *work)
>                 key = rb_entry(cursor, struct key, serial_node);
>                 cursor = rb_next(cursor);
>
> -               if (test_bit(KEY_FLAG_FINAL_PUT, &key->flags)) {
> -                       smp_mb(); /* Clobber key->user after FINAL_PUT seen. */
> +               if (!test_bit_acquire(KEY_FLAG_USER_ALIVE, &key->flags)) {
> +                       /* Clobber key->user after final put seen. */
>                         goto found_unreferenced_key;
>                 }
>
> diff --git a/security/keys/key.c b/security/keys/key.c
> index 7198cd2ac3a3..3bbdde778631 100644
> --- a/security/keys/key.c
> +++ b/security/keys/key.c
> @@ -298,6 +298,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
>         key->restrict_link = restrict_link;
>         key->last_used_at = ktime_get_real_seconds();
>
> +       key->flags |= 1 << KEY_FLAG_USER_ALIVE;
>         if (!(flags & KEY_ALLOC_NOT_IN_QUOTA))
>                 key->flags |= 1 << KEY_FLAG_IN_QUOTA;
>         if (flags & KEY_ALLOC_BUILT_IN)
> @@ -658,8 +659,8 @@ void key_put(struct key *key)
>                                 key->user->qnbytes -= key->quotalen;
>                                 spin_unlock_irqrestore(&key->user->lock, flags);
>                         }
> -                       smp_mb(); /* key->user before FINAL_PUT set. */
> -                       set_bit(KEY_FLAG_FINAL_PUT, &key->flags);
> +                       /* Mark key as safe for GC after key->user done. */
> +                       clear_bit_unlock(KEY_FLAG_USER_ALIVE, &key->flags);
>                         schedule_work(&key_gc_work);
>                 }
>         }
>
>

-- 
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ