diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/keys/gc.c | 10 | ||||
| -rw-r--r-- | security/keys/keyctl.c | 18 | ||||
| -rw-r--r-- | security/keys/process_keys.c | 1 |
3 files changed, 16 insertions, 13 deletions
diff --git a/security/keys/gc.c b/security/keys/gc.c index 009d9370c8fd..4a780333c22c 100644 --- a/security/keys/gc.c +++ b/security/keys/gc.c @@ -143,6 +143,12 @@ static noinline void key_gc_unused_keys(struct list_head *keys) kdebug("- %u", key->serial); key_check(key); + /* Throw away the key data if the key is instantiated */ + if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags) && + !test_bit(KEY_FLAG_NEGATIVE, &key->flags) && + key->type->destroy) + key->type->destroy(key); + security_key_free(key); /* deal with the user's key tracking and quota */ @@ -157,10 +163,6 @@ static noinline void key_gc_unused_keys(struct list_head *keys) if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) atomic_dec(&key->user->nikeys); - /* now throw away the key memory */ - if (key->type->destroy) - key->type->destroy(key); - key_user_put(key->user); kfree(key->description); diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index cee72ce64222..cb1eef9ed4fd 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -744,16 +744,16 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) /* the key is probably readable - now try to read it */ can_read_key: - ret = key_validate(key); - if (ret == 0) { - ret = -EOPNOTSUPP; - if (key->type->read) { - /* read the data with the semaphore held (since we - * might sleep) */ - down_read(&key->sem); + ret = -EOPNOTSUPP; + if (key->type->read) { + /* Read the data with the semaphore held (since we might sleep) + * to protect against the key being updated or revoked. + */ + down_read(&key->sem); + ret = key_validate(key); + if (ret == 0) ret = key->type->read(key, buffer, buflen); - up_read(&key->sem); - } + up_read(&key->sem); } error2: diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 0cf8a130a267..4e56371f239f 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -793,6 +793,7 @@ long join_session_keyring(const char *name) ret = PTR_ERR(keyring); goto error2; } else if (keyring == new->session_keyring) { + key_put(keyring); ret = 0; goto error2; } |