Keyrings fixes
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUAVK1agvu3V2unywtrAQLBEg/9FfHWzF0CcjPeYRaHgpmf28F+VjbYCu3R GoUHGhugEwkXOs0jIEBSLxpMjKLC6EhbypjFyQpKpvKUKxa2gwqc8NopFaeN8rhP pCwyCTgVVmKmhpEct73jp0B7rw7HGQ9v87oLTBgdaDKy2RQkLLhgJZVC4SAr0/sn NXXA/An+xrWyzrisT085Pb7Cklj27k44lbeJfgKBDNqXrAOYG5LiomZmWPphHxq8 6bvgQulZZQiHEsASRC2JNly6Ijh6HW5OWtSqKIxo904HDaU5DnZsWopaCdcAl3le auLE9MRDdhG8oOuOrMqcj9hSieSe1fCAG7fFNqGLHwcXitxvNO/A6W2psCfe9/4N umHEjs6F9OBqAnu0AsbAO+K1NgJAikUy56wxpucRK6lfcJ6/xDCKFN3xLoKP+d2J AzhNRB7qMah9deVVudU+XuipYuv5F397XIRBJTbR0cvpNO6K71OS4YCaf+q8r5Ex gFtwLWlcY5XEqVPSiARaQiNmlx1kpRQzhnu2soMl+Bd0l0lYaI99Xig/z04ay4L+ Ed+BYWZfu2T/ueDm/INA40b5ZF2y9Qt0RN1CzUyqras+ZIwGhGOeRJfsEvO33sx9 W8gnjnMDLynarwmajmfaJfvTaj1iyT6omQiYgsjT0fe/JDgnEgKri/XJqxRtcPy5 nmMN9CdT+hw= =CGYU -----END PGP SIGNATURE----- Merge tag 'keys-fixes-20150107' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs Pull keyrings fixes from David Howells: "Two fixes: - Fix for the order in which things are done during key garbage collection to prevent named keyrings causing a crash [CVE-2014-9529]. - Fix assoc_array to explicitly #include rcupdate.h to prevent compilation errors under certain circumstances" * tag 'keys-fixes-20150107' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: assoc_array: Include rcupdate.h for call_rcu() definition KEYS: close race between key lookup and freeing
This commit is contained in:
commit
086b2a942e
2 changed files with 3 additions and 2 deletions
|
@ -11,6 +11,7 @@
|
|||
* 2 of the Licence, or (at your option) any later version.
|
||||
*/
|
||||
//#define DEBUG
|
||||
#include <linux/rcupdate.h>
|
||||
#include <linux/slab.h>
|
||||
#include <linux/err.h>
|
||||
#include <linux/assoc_array_priv.h>
|
||||
|
|
|
@ -148,12 +148,12 @@ static noinline void key_gc_unused_keys(struct list_head *keys)
|
|||
if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
|
||||
atomic_dec(&key->user->nikeys);
|
||||
|
||||
key_user_put(key->user);
|
||||
|
||||
/* now throw away the key memory */
|
||||
if (key->type->destroy)
|
||||
key->type->destroy(key);
|
||||
|
||||
key_user_put(key->user);
|
||||
|
||||
kfree(key->description);
|
||||
|
||||
#ifdef KEY_DEBUGGING
|
||||
|
|
Loading…
Reference in a new issue