summaryrefslogtreecommitdiffstats
path: root/security/keys/gc.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2012-01-17 21:39:40 +0100
committerJames Morris <jmorris@namei.org>2012-01-18 00:41:27 +0100
commitefde8b6e16f11e7d1681c68d86c7fd51053cada7 (patch)
tree4fb5e80428c4f36c5da35ff3319cd71c1771451c /security/keys/gc.c
parentTOMOYO: Accept \000 as a valid character. (diff)
downloadlinux-efde8b6e16f11e7d1681c68d86c7fd51053cada7.tar.xz
linux-efde8b6e16f11e7d1681c68d86c7fd51053cada7.zip
KEYS: Add missing smp_rmb() primitives to the keyring search code
Add missing smp_rmb() primitives to the keyring search code. When keyring payloads are appended to without replacement (thus using up spare slots in the key pointer array), an smp_wmb() is issued between the pointer assignment and the increment of the key count (nkeys). There should be corresponding read barriers between the read of nkeys and dereferences of keys[n] when n is dependent on the value of nkeys. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/keys/gc.c')
-rw-r--r--security/keys/gc.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/security/keys/gc.c b/security/keys/gc.c
index bf4d8da5a795..a42b45531aac 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -145,7 +145,9 @@ static void key_gc_keyring(struct key *keyring, time_t limit)
if (!klist)
goto unlock_dont_gc;
- for (loop = klist->nkeys - 1; loop >= 0; loop--) {
+ loop = klist->nkeys;
+ smp_rmb();
+ for (loop--; loop >= 0; loop--) {
key = klist->keys[loop];
if (test_bit(KEY_FLAG_DEAD, &key->flags) ||
(key->expiry > 0 && key->expiry <= limit))