From patchwork Mon Feb 20 11:38:49 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Reshetova, Elena" X-Patchwork-Id: 9582643 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D320E604A0 for ; Mon, 20 Feb 2017 11:43:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C5D1E28803 for ; Mon, 20 Feb 2017 11:43:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BA93E2880A; Mon, 20 Feb 2017 11:43:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5B4A428803 for ; Mon, 20 Feb 2017 11:43:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752942AbdBTLnG (ORCPT ); Mon, 20 Feb 2017 06:43:06 -0500 Received: from mga03.intel.com ([134.134.136.65]:6903 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752871AbdBTLnD (ORCPT ); Mon, 20 Feb 2017 06:43:03 -0500 Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Feb 2017 03:43:02 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,186,1484035200"; d="scan'208";a="50236599" Received: from elena-thinkpad-x230.fi.intel.com ([10.237.72.69]) by orsmga002.jf.intel.com with ESMTP; 20 Feb 2017 03:42:59 -0800 From: Elena Reshetova To: linux-security-module@vger.kernel.org Cc: keyrings@vger.kernel.org, peterz@infradead.org, gregkh@linuxfoundation.org, james.l.morris@oracle.com, dhowells@redhat.com, takedakn@nttdata.co.jp, penguin-kernel@I-love.SAKURA.ne.jp, Elena Reshetova , Hans Liljestrand , Kees Cook , David Windsor Subject: [PATCH 2/3] security, keys: convert key_user.usage from atomic_t to refcount_t Date: Mon, 20 Feb 2017 13:38:49 +0200 Message-Id: <1487590730-18352-3-git-send-email-elena.reshetova@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1487590730-18352-1-git-send-email-elena.reshetova@intel.com> References: <1487590730-18352-1-git-send-email-elena.reshetova@intel.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova Signed-off-by: Hans Liljestrand Signed-off-by: Kees Cook Signed-off-by: David Windsor --- security/keys/internal.h | 3 ++- security/keys/key.c | 6 +++--- security/keys/proc.c | 2 +- security/keys/process_keys.c | 2 +- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/security/keys/internal.h b/security/keys/internal.h index 7c34fab..ee35499 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h @@ -16,6 +16,7 @@ #include #include #include +#include struct iovec; @@ -52,7 +53,7 @@ struct key_user { struct rb_node node; struct mutex cons_lock; /* construction initiation lock */ spinlock_t lock; - atomic_t usage; /* for accessing qnkeys & qnbytes */ + refcount_t usage; /* for accessing qnkeys & qnbytes */ atomic_t nkeys; /* number of keys */ atomic_t nikeys; /* number of instantiated keys */ kuid_t uid; diff --git a/security/keys/key.c b/security/keys/key.c index ff92443..b4958b3 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -93,7 +93,7 @@ struct key_user *key_user_lookup(kuid_t uid) /* if we get here, then the user record still hadn't appeared on the * second pass - so we use the candidate record */ - atomic_set(&candidate->usage, 1); + refcount_set(&candidate->usage, 1); atomic_set(&candidate->nkeys, 0); atomic_set(&candidate->nikeys, 0); candidate->uid = uid; @@ -110,7 +110,7 @@ struct key_user *key_user_lookup(kuid_t uid) /* okay - we found a user record for this UID */ found: - atomic_inc(&user->usage); + refcount_inc(&user->usage); spin_unlock(&key_user_lock); kfree(candidate); out: @@ -122,7 +122,7 @@ struct key_user *key_user_lookup(kuid_t uid) */ void key_user_put(struct key_user *user) { - if (atomic_dec_and_lock(&user->usage, &key_user_lock)) { + if (refcount_dec_and_lock(&user->usage, &key_user_lock)) { rb_erase(&user->node, &key_user_tree); spin_unlock(&key_user_lock); diff --git a/security/keys/proc.c b/security/keys/proc.c index 69199f1..bf08d02 100644 --- a/security/keys/proc.c +++ b/security/keys/proc.c @@ -340,7 +340,7 @@ static int proc_key_users_show(struct seq_file *m, void *v) seq_printf(m, "%5u: %5d %d/%d %d/%d %d/%d\n", from_kuid_munged(seq_user_ns(m), user->uid), - atomic_read(&user->usage), + refcount_read(&user->usage), atomic_read(&user->nkeys), atomic_read(&user->nikeys), user->qnkeys, diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 918cddc..16877c5 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -29,7 +29,7 @@ static DEFINE_MUTEX(key_user_keyring_mutex); /* The root user's tracking struct */ struct key_user root_key_user = { - .usage = ATOMIC_INIT(3), + .usage = REFCOUNT_INIT(3), .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), .nkeys = ATOMIC_INIT(2),