aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
authorGui-Dong Han <hanguidong02@gmail.com>2026-05-29 11:34:06 +0800
committerJarkko Sakkinen <jarkko@kernel.org>2026-06-15 15:19:12 +0300
commitc1201b37f666f6466ab1fd3a381c2b7a4b7e9fee (patch)
tree1f4e30cb2a6eb11e5890547ca0ebdf275a62a106 /security
parentcc99abbe2aa7aed48fc7d8d21514240e063ea732 (diff)
downloadath-c1201b37f666f6466ab1fd3a381c2b7a4b7e9fee.tar.gz
KEYS: Use acquire when reading state in keyring search
The negative-key race fix added release/acquire ordering for key use. Publish payload before state; read state before payload. keyring_search_iterator() still uses READ_ONCE() before match callbacks. An asymmetric match callback calls asymmetric_key_ids(), which reads key->payload.data[asym_key_ids]. Use key_read_state() there to complete that ordering. Fixes: 363b02dab09b ("KEYS: Fix race between updating and finding a negative key") Signed-off-by: Gui-Dong Han <hanguidong02@gmail.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Link: https://lore.kernel.org/r/20260529033406.20673-1-hanguidong02@gmail.com Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'security')
-rw-r--r--security/keys/keyring.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 5a9887d6b7be3..7a2ee0ded7c93 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -576,7 +576,7 @@ static int keyring_search_iterator(const void *object, void *iterator_data)
struct keyring_search_context *ctx = iterator_data;
const struct key *key = keyring_ptr_to_key(object);
unsigned long kflags = READ_ONCE(key->flags);
- short state = READ_ONCE(key->state);
+ short state = key_read_state(key);
kenter("{%d}", key->serial);