Keyrings fixes

-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIVAwUAVK1agvu3V2unywtrAQLBEg/9FfHWzF0CcjPeYRaHgpmf28F+VjbYCu3R
 GoUHGhugEwkXOs0jIEBSLxpMjKLC6EhbypjFyQpKpvKUKxa2gwqc8NopFaeN8rhP
 pCwyCTgVVmKmhpEct73jp0B7rw7HGQ9v87oLTBgdaDKy2RQkLLhgJZVC4SAr0/sn
 NXXA/An+xrWyzrisT085Pb7Cklj27k44lbeJfgKBDNqXrAOYG5LiomZmWPphHxq8
 6bvgQulZZQiHEsASRC2JNly6Ijh6HW5OWtSqKIxo904HDaU5DnZsWopaCdcAl3le
 auLE9MRDdhG8oOuOrMqcj9hSieSe1fCAG7fFNqGLHwcXitxvNO/A6W2psCfe9/4N
 umHEjs6F9OBqAnu0AsbAO+K1NgJAikUy56wxpucRK6lfcJ6/xDCKFN3xLoKP+d2J
 AzhNRB7qMah9deVVudU+XuipYuv5F397XIRBJTbR0cvpNO6K71OS4YCaf+q8r5Ex
 gFtwLWlcY5XEqVPSiARaQiNmlx1kpRQzhnu2soMl+Bd0l0lYaI99Xig/z04ay4L+
 Ed+BYWZfu2T/ueDm/INA40b5ZF2y9Qt0RN1CzUyqras+ZIwGhGOeRJfsEvO33sx9
 W8gnjnMDLynarwmajmfaJfvTaj1iyT6omQiYgsjT0fe/JDgnEgKri/XJqxRtcPy5
 nmMN9CdT+hw=
 =CGYU
 -----END PGP SIGNATURE-----

Merge tag 'keys-fixes-20150107' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs

Pull keyrings fixes from David Howells:
 "Two fixes:

   - Fix for the order in which things are done during key garbage
     collection to prevent named keyrings causing a crash
     [CVE-2014-9529].

   - Fix assoc_array to explicitly #include rcupdate.h to prevent
     compilation errors under certain circumstances"

* tag 'keys-fixes-20150107' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
  assoc_array: Include rcupdate.h for call_rcu() definition
  KEYS: close race between key lookup and freeing
This commit is contained in:
Linus Torvalds 2015-01-08 13:52:16 -08:00
commit 086b2a942e
2 changed files with 3 additions and 2 deletions

View file

@ -11,6 +11,7 @@
* 2 of the Licence, or (at your option) any later version.
*/
//#define DEBUG
#include <linux/rcupdate.h>
#include <linux/slab.h>
#include <linux/err.h>
#include <linux/assoc_array_priv.h>

View file

@ -148,12 +148,12 @@ static noinline void key_gc_unused_keys(struct list_head *keys)
if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
atomic_dec(&key->user->nikeys);
key_user_put(key->user);
/* now throw away the key memory */
if (key->type->destroy)
key->type->destroy(key);
key_user_put(key->user);
kfree(key->description);
#ifdef KEY_DEBUGGING