Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/security
History
David Howells 48ec02cc77 KEYS: Fix race between key destruction and finding a keyring by name 
commit 94c4554ba07adbdde396748ee7ae01e86cf2d8d7 upstream.

There appears to be a race between:

 (1) key_gc_unused_keys() which frees key->security and then calls
     keyring_destroy() to unlink the name from the name list

 (2) find_keyring_by_name() which calls key_permission(), thus accessing
     key->security, on a key before checking to see whether the key usage is 0
     (ie. the key is dead and might be cleaned up).

Fix this by calling ->destroy() before cleaning up the core key data -
including key->security.

Reported-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
[lizf: Backported to 3.4: adjust indentation]
Signed-off-by: Zefan Li <lizefan@huawei.com>
2016-03-21 09:17:55 +08:00
..
apparmor lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data' 2012-04-03 09:49:59 -07:00
integrity evm: check xattr value length and type in evm_inode_setxattr() 2015-02-02 17:05:06 +08:00
keys KEYS: Fix race between key destruction and finding a keyring by name 2016-03-21 09:17:55 +08:00
selinux selinux/nlmsg: add XFRM_MSG_MAPPING 2015-09-18 09:20:29 +08:00
smack smack: fix possible use after frees in task_security() callers 2015-06-19 11:40:11 +08:00
tomoyo usermodehelper: use UMH_WAIT_PROC consistently 2012-03-23 16:58:41 -07:00
yama Yama: handle 32-bit userspace prctl 2012-10-07 08:32:28 -07:00
capability.c security: create task_free security callback 2012-02-10 09:14:51 +11:00
commoncap.c security: fix compile error in commoncap.c 2012-04-19 12:56:39 +10:00
device_cgroup.c cgroup: remove cgroup_subsys argument from callbacks 2012-02-02 09:20:22 -08:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
Kconfig security: Yama LSM 2012-02-10 09:18:52 +11:00
lsm_audit.c lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data' 2012-04-03 09:49:59 -07:00
Makefile security: Yama LSM 2012-02-10 09:18:52 +11:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c security: trim security.h 2012-02-14 10:45:42 +11:00