From bfeb0360de7713de8240cafd7ecf6058b6dbea0b Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 20 Apr 2010 11:25:49 +0100 Subject: [PATCH] KEYS: Fix an RCU warning Fix the following RCU warning: =================================================== [ INFO: suspicious rcu_dereference_check() usage. ] --------------------------------------------------- security/keys/request_key.c:116 invoked rcu_dereference_check() without protection! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 0 1 lock held by keyctl/5372: #0: (key_types_sem){.+.+.+}, at: [] key_type_lookup+0x1c/0x70 stack backtrace: Pid: 5372, comm: keyctl Not tainted 2.6.34-rc3-cachefs #150 Call Trace: [] lockdep_rcu_dereference+0xaa/0xb2 [] call_sbin_request_key+0x156/0x2b6 [] ? __key_instantiate_and_link+0xb1/0xdc [] ? key_instantiate_and_link+0x42/0x5f [] ? request_key_auth_new+0x17b/0x1f3 [] ? request_key_and_link+0x271/0x400 [] ? kmem_cache_alloc+0xe1/0x118 [] request_key_and_link+0x38b/0x400 [] sys_request_key+0xf7/0x14a [] ? trace_hardirqs_on_caller+0x10c/0x130 [] ? trace_hardirqs_on_thunk+0x3a/0x3f [] system_call_fastpath+0x16/0x1b This was caused by doing: [root@andromeda ~]# keyctl newring fred @s 539196288 [root@andromeda ~]# keyctl request2 user a a 539196288 request_key: Required key not available Signed-off-by: David Howells Acked-by: Eric Dumazet Signed-off-by: Paul E. McKenney --- security/keys/request_key.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 03fe63e..ea97c31 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c @@ -68,7 +68,8 @@ static int call_sbin_request_key(struct key_construction *cons, { const struct cred *cred = current_cred(); key_serial_t prkey, sskey; - struct key *key = cons->key, *authkey = cons->authkey, *keyring; + struct key *key = cons->key, *authkey = cons->authkey, *keyring, + *session; char *argv[9], *envp[3], uid_str[12], gid_str[12]; char key_str[12], keyring_str[3][12]; char desc[20]; @@ -112,10 +113,12 @@ static int call_sbin_request_key(struct key_construction *cons, if (cred->tgcred->process_keyring) prkey = cred->tgcred->process_keyring->serial; - if (cred->tgcred->session_keyring) - sskey = rcu_dereference(cred->tgcred->session_keyring)->serial; - else - sskey = cred->user->session_keyring->serial; + rcu_read_lock(); + session = rcu_dereference(cred->tgcred->session_keyring); + if (!session) + session = cred->user->session_keyring; + sskey = session->serial; + rcu_read_unlock(); sprintf(keyring_str[2], "%d", sskey); -- 2.7.4