diff options
| author | Jann Horn <jannh@google.com> | 2019-03-27 16:55:08 +0100 |
|---|---|---|
| committer | James Morris <james.morris@microsoft.com> | 2019-04-10 10:29:50 -0700 |
| commit | 0b9dc6c9f01c4a726558b82a3b6082a89d264eb5 (patch) | |
| tree | 1acfa81de568fa53ee14fac6219a140cd6560778 /include | |
| parent | 5c7e372caa35d303e414caeb64ee2243fd3cac3d (diff) | |
keys: safe concurrent user->{session,uid}_keyring access
The current code can perform concurrent updates and reads on
user->session_keyring and user->uid_keyring. Add a comment to
struct user_struct to document the nontrivial locking semantics, and use
READ_ONCE() for unlocked readers and smp_store_release() for writers to
prevent memory ordering issues.
Fixes: 69664cf16af4 ("keys: don't generate user and user session keyrings unless they're accessed")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/sched/user.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/linux/sched/user.h b/include/linux/sched/user.h index c7b5f86b91a1..468d2565a9fe 100644 --- a/include/linux/sched/user.h +++ b/include/linux/sched/user.h @@ -31,6 +31,13 @@ struct user_struct { atomic_long_t pipe_bufs; /* how many pages are allocated in pipe buffers */ #ifdef CONFIG_KEYS + /* + * These pointers can only change from NULL to a non-NULL value once. + * Writes are protected by key_user_keyring_mutex. + * Unlocked readers should use READ_ONCE() unless they know that + * install_user_keyrings() has been called successfully (which sets + * these members to non-NULL values, preventing further modifications). + */ struct key *uid_keyring; /* UID specific keyring */ struct key *session_keyring; /* UID's default session keyring */ #endif |