summaryrefslogtreecommitdiff
path: root/security/keys/permission.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/keys/permission.c')
-rw-r--r--security/keys/permission.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/security/keys/permission.c b/security/keys/permission.c
index baf3d5f31e7..13c36164f28 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -22,13 +22,16 @@ int key_task_permission(const key_ref_t key_ref,
struct task_struct *context,
key_perm_t perm)
{
- struct cred *cred = context->cred;
+ const struct cred *cred;
struct key *key;
key_perm_t kperm;
int ret;
key = key_ref_to_ptr(key_ref);
+ rcu_read_lock();
+ cred = __task_cred(context);
+
/* use the second 8-bits of permissions for keys the caller owns */
if (key->uid == cred->fsuid) {
kperm = key->perm >> 16;
@@ -43,10 +46,7 @@ int key_task_permission(const key_ref_t key_ref,
goto use_these_perms;
}
- spin_lock(&cred->lock);
ret = groups_search(cred->group_info, key->gid);
- spin_unlock(&cred->lock);
-
if (ret) {
kperm = key->perm >> 8;
goto use_these_perms;
@@ -57,6 +57,8 @@ int key_task_permission(const key_ref_t key_ref,
kperm = key->perm;
use_these_perms:
+ rcu_read_lock();
+
/* use the top 8-bits of permissions for keys the caller possesses
* - possessor permissions are additive with other permissions
*/