android_kernel_google_msm

mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00

History

Sasha Levin c030f48a9d KEYS: close race between key lookup and freeing When a key is being garbage collected, it's key->user would get put before the ->destroy() callback is called, where the key is removed from it's respective tracking structures. This leaves a key hanging in a semi-invalid state which leaves a window open for a different task to try an access key->user. An example is find_keyring_by_name() which would dereference key->user for a key that is in the process of being garbage collected (where key->user was freed but ->destroy() wasn't called yet - so it's still present in the linked list). This would cause either a panic, or corrupt memory. Change-Id: Ic74246dc2dcc593f04f71063e3301e7356d588b7 Signed-off-by: Sasha Levin <sasha.levin@oracle.com>		2016-10-29 23:12:10 +08:00
..
apparmor	nick kvfree() from apparmor	2014-11-18 15:13:23 -08:00
integrity
keys	KEYS: close race between key lookup and freeing	2016-10-29 23:12:10 +08:00
selinux	consitify do_mount() arguments	2015-07-13 11:17:52 -07:00
smack	consitify do_mount() arguments	2015-07-13 11:17:52 -07:00
tomoyo	consitify do_mount() arguments	2015-07-13 11:17:52 -07:00
yama
capability.c	consitify do_mount() arguments	2015-07-13 11:17:52 -07:00
commoncap.c	Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs	2014-10-31 19:46:07 -07:00
device_cgroup.c
inode.c
Kconfig	FROMLIST: security,perf: Allow further restriction of perf_event_open	2016-06-20 19:00:29 +00:00
lsm_audit.c	security: lsm_audit: add ioctl specific auditing	2015-04-20 09:42:31 -07:00
Makefile
min_addr.c
security.c	consitify do_mount() arguments	2015-07-13 11:17:52 -07:00