summaryrefslogtreecommitdiffstats
path: root/security/keys/big_key.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2020-04-04 12:24:47 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2020-04-04 12:24:47 -0700
commit4c205c84e249e0a91dcfabe461d77667ec9b2d05 (patch)
tree211606956d526d055ccce3f7f5cdc514d3be05fb /security/keys/big_key.c
parentea9448b254e253e4d95afaab071b341d86c11795 (diff)
parent4f0882491a148059a52480e753b7f07fc550e188 (diff)
downloadcachepc-linux-4c205c84e249e0a91dcfabe461d77667ec9b2d05.tar.gz
cachepc-linux-4c205c84e249e0a91dcfabe461d77667ec9b2d05.zip
Merge tag 'keys-fixes-20200329' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
Pull keyrings fixes from David Howells: "Here's a couple of patches that fix a circular dependency between holding key->sem and mm->mmap_sem when reading data from a key. One potential issue is that a filesystem looking to use a key inside, say, ->readpages() could deadlock if the key being read is the key that's required and the buffer the key is being read into is on a page that needs to be fetched. The case actually detected is a bit more involved - with a filesystem calling request_key() and locking the target keyring for write - which could be being read" * tag 'keys-fixes-20200329' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: KEYS: Avoid false positive ENOMEM error on key read KEYS: Don't write out to userspace while holding key semaphore
Diffstat (limited to 'security/keys/big_key.c')
-rw-r--r--security/keys/big_key.c11
1 files changed, 4 insertions, 7 deletions
diff --git a/security/keys/big_key.c b/security/keys/big_key.c
index 001abe530a0d..82008f900930 100644
--- a/security/keys/big_key.c
+++ b/security/keys/big_key.c
@@ -352,7 +352,7 @@ void big_key_describe(const struct key *key, struct seq_file *m)
* read the key data
* - the key's semaphore is read-locked
*/
-long big_key_read(const struct key *key, char __user *buffer, size_t buflen)
+long big_key_read(const struct key *key, char *buffer, size_t buflen)
{
size_t datalen = (size_t)key->payload.data[big_key_len];
long ret;
@@ -391,9 +391,8 @@ long big_key_read(const struct key *key, char __user *buffer, size_t buflen)
ret = datalen;
- /* copy decrypted data to user */
- if (copy_to_user(buffer, buf->virt, datalen) != 0)
- ret = -EFAULT;
+ /* copy out decrypted data */
+ memcpy(buffer, buf->virt, datalen);
err_fput:
fput(file);
@@ -401,9 +400,7 @@ error:
big_key_free_buffer(buf);
} else {
ret = datalen;
- if (copy_to_user(buffer, key->payload.data[big_key_data],
- datalen) != 0)
- ret = -EFAULT;
+ memcpy(buffer, key->payload.data[big_key_data], datalen);
}
return ret;
generated by cgit v1.2.3-71-gd317 (git 2.46.0) at 2025-12-18 15:03:16 +0000