• Mark Rutland's avatar
    KEYS: fix refcount_inc() on zero · 92347cfd
    Mark Rutland authored
    If a key's refcount is dropped to zero between key_lookup() peeking at
    the refcount and subsequently attempting to increment it, refcount_inc()
    will see a zero refcount.  Here, refcount_inc() will WARN_ONCE(), and
    will *not* increment the refcount, which will remain zero.
    
    Once key_lookup() drops key_serial_lock, it is possible for the key to
    be freed behind our back.
    
    This patch uses refcount_inc_not_zero() to perform the peek and increment
    atomically.
    
    Fixes: fff29291 ("security, keys: convert key.usage from atomic_t to refcount_t")
    Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Cc: David Windsor <dwindsor@gmail.com>
    Cc: Elena Reshetova <elena.reshetova@intel.com>
    Cc: Hans Liljestrand <ishkamiel@gmail.com>
    Cc: James Morris <james.l.morris@oracle.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
    92347cfd
Name
Last commit
Last update
..
apparmor Loading commit data...
integrity Loading commit data...
keys Loading commit data...
loadpin Loading commit data...
selinux Loading commit data...
smack Loading commit data...
tomoyo Loading commit data...
yama Loading commit data...
Kconfig Loading commit data...
Makefile Loading commit data...
commoncap.c Loading commit data...
device_cgroup.c Loading commit data...
inode.c Loading commit data...
lsm_audit.c Loading commit data...
min_addr.c Loading commit data...
security.c Loading commit data...