path: root/security/keys/gc.c
diff options
authorDavid Howells <>2010-05-04 14:16:10 +0100
committerJames Morris <>2010-05-05 11:39:23 +1000
commitcf8304e8f380903de3a15dc6ebd551c9e6cf1a21 (patch)
treefe94f3ebb044b5026b1062631b2d89e77c8b674e /security/keys/gc.c
parentd9a9b4aeea334e7912ce3d878d7f5cc6fdf1ffe4 (diff)
KEYS: Fix RCU handling in key_gc_keyring()
key_gc_keyring() needs to either hold the RCU read lock or hold the keyring semaphore if it's going to scan the keyring's list. Given that it only needs to read the key list, and it's doing so under a spinlock, the RCU read lock is the thing to use. Furthermore, the RCU check added in e7b0a61b7929632d36cf052d9e2820ef0a9c1bfe is incorrect as holding the spinlock on key_serial_lock is not grounds for assuming a keyring's pointer list can be read safely. Instead, a simple rcu_dereference() inside of the previously mentioned RCU read lock is what we want. Reported-by: Serge E. Hallyn <> Signed-off-by: David Howells <> Acked-by: Serge Hallyn <> Acked-by: "Paul E. McKenney" <> Signed-off-by: James Morris <>
Diffstat (limited to 'security/keys/gc.c')
1 files changed, 6 insertions, 3 deletions
diff --git a/security/keys/gc.c b/security/keys/gc.c
index 19902319d097..a46e825cbf02 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -77,10 +77,10 @@ static bool key_gc_keyring(struct key *keyring, time_t limit)
goto dont_gc;
/* scan the keyring looking for dead keys */
- klist = rcu_dereference_check(keyring->payload.subscriptions,
- lockdep_is_held(&key_serial_lock));
+ rcu_read_lock();
+ klist = rcu_dereference(keyring->payload.subscriptions);
if (!klist)
- goto dont_gc;
+ goto unlock_dont_gc;
for (loop = klist->nkeys - 1; loop >= 0; loop--) {
key = klist->keys[loop];
@@ -89,11 +89,14 @@ static bool key_gc_keyring(struct key *keyring, time_t limit)
goto do_gc;
+ rcu_read_unlock();
kleave(" = false");
return false;
+ rcu_read_unlock();
key_gc_cursor = keyring->serial;