CRED: Use RCU to access another task's creds and to release a task's own creds

[mv-sheeva.git] / security / keys / permission.c

diff --git a/security/keys/permission.c b/security/keys/permission.c
index baf3d5f31e7136c6a92f5cd73d947accc6308530..13c36164f284ce2b8e5456558535d4fb1d6fc278 100644 (file)
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -22,13 +22,16 @@ int key_task_permission(const key_ref_t key_ref,
                        struct task_struct *context,
                        key_perm_t perm)
 {
-       struct cred *cred = context->cred;
+       const struct cred *cred;
        struct key *key;
        key_perm_t kperm;
        int ret;
 
        key = key_ref_to_ptr(key_ref);
 
+       rcu_read_lock();
+       cred = __task_cred(context);
+
        /* use the second 8-bits of permissions for keys the caller owns */
        if (key->uid == cred->fsuid) {
                kperm = key->perm >> 16;
@@ -43,10 +46,7 @@ int key_task_permission(const key_ref_t key_ref,
                        goto use_these_perms;
                }
 
-               spin_lock(&cred->lock);
                ret = groups_search(cred->group_info, key->gid);
-               spin_unlock(&cred->lock);
-
                if (ret) {
                        kperm = key->perm >> 8;
                        goto use_these_perms;
@@ -57,6 +57,8 @@ int key_task_permission(const key_ref_t key_ref,
        kperm = key->perm;
 
 use_these_perms:
+       rcu_read_lock();
+
        /* use the top 8-bits of permissions for keys the caller possesses
         * - possessor permissions are additive with other permissions
         */