summaryrefslogtreecommitdiff
path: root/security/keys/gc.c
diff options
context:
space:
mode:
authorElena Reshetova <elena.reshetova@intel.com>2017-03-31 15:20:48 +0300
committerJames Morris <james.l.morris@oracle.com>2017-04-03 10:49:05 +1000
commitfff292914d3a2f1efd05ca71c2ba72a3c663201e (patch)
tree627f9870ad82da8f6f06cca86a73e3b7e2fc97d5 /security/keys/gc.c
parent8291798dcf059cdc5e55a59b2c4ad70ae14508c2 (diff)
security, keys: convert key.usage from atomic_t to refcount_t
refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Windsor <dwindsor@gmail.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security/keys/gc.c')
-rw-r--r--security/keys/gc.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/keys/gc.c b/security/keys/gc.c
index addf060399e0..44789256c88c 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -220,7 +220,7 @@ continue_scanning:
key = rb_entry(cursor, struct key, serial_node);
cursor = rb_next(cursor);
- if (atomic_read(&key->usage) == 0)
+ if (refcount_read(&key->usage) == 0)
goto found_unreferenced_key;
if (unlikely(gc_state & KEY_GC_REAPING_DEAD_1)) {