diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-03-02 13:22:18 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-03-02 13:22:18 -0800 |
commit | 0f221a3102bba2d982d01bad38eb68507c343830 (patch) | |
tree | e46abcc1e415b912fadecc2cfc71db814e97894d /Documentation | |
parent | 4f1f2b8f0818af9b0e21ba4b17ab615e29b4650d (diff) | |
parent | 2651225b5ebcdde60f684c4db8ec7e9e3800a74f (diff) | |
download | linux-0f221a3102bba2d982d01bad38eb68507c343830.tar.gz linux-0f221a3102bba2d982d01bad38eb68507c343830.tar.bz2 linux-0f221a3102bba2d982d01bad38eb68507c343830.zip |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem fixes from James Morris:
"Two fixes for the security subsystem:
- keys: split both rcu_dereference_key() and user_key_payload() into
versions which can be called with or without holding the key
semaphore.
- SELinux: fix Android init(8) breakage due to new cgroup security
labeling support when using older policy"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
selinux: wrap cgroup seclabel support with its own policy capability
KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload()
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/security/keys.txt | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt index 3849814bfe6d..0e03baf271bd 100644 --- a/Documentation/security/keys.txt +++ b/Documentation/security/keys.txt @@ -1151,8 +1151,21 @@ access the data: usage. This is called key->payload.rcu_data0. The following accessors wrap the RCU calls to this element: - rcu_assign_keypointer(struct key *key, void *data); - void *rcu_dereference_key(struct key *key); + (a) Set or change the first payload pointer: + + rcu_assign_keypointer(struct key *key, void *data); + + (b) Read the first payload pointer with the key semaphore held: + + [const] void *dereference_key_locked([const] struct key *key); + + Note that the return value will inherit its constness from the key + parameter. Static analysis will give an error if it things the lock + isn't held. + + (c) Read the first payload pointer with the RCU read lock held: + + const void *dereference_key_rcu(const struct key *key); =================== |