summaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-03-02 13:22:18 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2017-03-02 13:22:18 -0800
commit0f221a3102bba2d982d01bad38eb68507c343830 (patch)
treee46abcc1e415b912fadecc2cfc71db814e97894d /Documentation
parent4f1f2b8f0818af9b0e21ba4b17ab615e29b4650d (diff)
parent2651225b5ebcdde60f684c4db8ec7e9e3800a74f (diff)
downloadlinux-0f221a3102bba2d982d01bad38eb68507c343830.tar.gz
linux-0f221a3102bba2d982d01bad38eb68507c343830.tar.bz2
linux-0f221a3102bba2d982d01bad38eb68507c343830.zip
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem fixes from James Morris: "Two fixes for the security subsystem: - keys: split both rcu_dereference_key() and user_key_payload() into versions which can be called with or without holding the key semaphore. - SELinux: fix Android init(8) breakage due to new cgroup security labeling support when using older policy" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: selinux: wrap cgroup seclabel support with its own policy capability KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload()
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/security/keys.txt17
1 files changed, 15 insertions, 2 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index 3849814bfe6d..0e03baf271bd 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -1151,8 +1151,21 @@ access the data:
usage. This is called key->payload.rcu_data0. The following accessors
wrap the RCU calls to this element:
- rcu_assign_keypointer(struct key *key, void *data);
- void *rcu_dereference_key(struct key *key);
+ (a) Set or change the first payload pointer:
+
+ rcu_assign_keypointer(struct key *key, void *data);
+
+ (b) Read the first payload pointer with the key semaphore held:
+
+ [const] void *dereference_key_locked([const] struct key *key);
+
+ Note that the return value will inherit its constness from the key
+ parameter. Static analysis will give an error if it things the lock
+ isn't held.
+
+ (c) Read the first payload pointer with the RCU read lock held:
+
+ const void *dereference_key_rcu(const struct key *key);
===================