[PATCH v8 0/2] KEYS: Read keys to internal buffer & then copy to userspace
David Miller
davem at davemloft.net
Thu Mar 26 02:30:56 UTC 2020
From: Waiman Long <longman at redhat.com>
Date: Sat, 21 Mar 2020 21:11:23 -0400
> The current security key read methods are called with the key semaphore
> held. The methods then copy out the key data to userspace which is
> subjected to page fault and may acquire the mmap semaphore. That can
> result in circular lock dependency and hence a chance to get into
> deadlock.
>
> To avoid such a deadlock, an internal buffer is now allocated for getting
> out the necessary data first. After releasing the key semaphore, the
> key data are then copied out to userspace sidestepping the circular
> lock dependency.
>
> The keyutils test suite was run and the test passed with these patchset
> applied without any falure.
Who will integrate these changes?
More information about the Linux-security-module-archive
mailing list