android_kernel_google_msm

mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00

History

Sasha Levin c030f48a9d KEYS: close race between key lookup and freeing When a key is being garbage collected, it's key->user would get put before the ->destroy() callback is called, where the key is removed from it's respective tracking structures. This leaves a key hanging in a semi-invalid state which leaves a window open for a different task to try an access key->user. An example is find_keyring_by_name() which would dereference key->user for a key that is in the process of being garbage collected (where key->user was freed but ->destroy() wasn't called yet - so it's still present in the linked list). This would cause either a panic, or corrupt memory. Change-Id: Ic74246dc2dcc593f04f71063e3301e7356d588b7 Signed-off-by: Sasha Levin <sasha.levin@oracle.com>		2016-10-29 23:12:10 +08:00
..
encrypted-keys
compat.c
gc.c	KEYS: close race between key lookup and freeing	2016-10-29 23:12:10 +08:00
internal.h
key.c	Created a function for setting timeouts on keys	2012-03-01 16:50:31 -05:00
keyctl.c	NFS client updates for Linux 3.4	2012-03-23 08:53:47 -07:00
keyring.c
Makefile
permission.c
proc.c
process_keys.c	KEYS: testing wrong bit for KEY_FLAG_REVOKED	2012-03-07 11:12:06 +11:00
request_key.c	usermodehelper: kill umh_wait, renumber UMH_* constants	2012-03-23 16:58:41 -07:00
request_key_auth.c
sysctl.c
trusted.c
trusted.h
user_defined.c