Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v2.6.30 2009-04-09T17:41:19Z 2009-04-09T17:41:19Z David Howells dhowells@redhat.com 2009-04-09T16:14:05Z urn:sha1:34574dd10b6d0697b86703388d6d6af9cbf4bb48 When request_key() is called, without there being any standard process keyrings on which to fall back if a destination keyring is not specified, an oops is liable to occur when construct_alloc_key() calls down_write() on dest_keyring's semaphore. Due to function inlining this may be seen as an oops in down_write() as called from request_key_and_link(). This situation crops up during boot, where request_key() is called from within the kernel (such as in CIFS mounts) where nobody is actually logged in, and so PAM has not had a chance to create a session keyring and user keyrings to act as the fallback. To fix this, make construct_alloc_key() not attempt to cache a key if there is no fallback key if no destination keyring is given specifically. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2009-02-27T01:35:15Z Serge E. Hallyn serue@us.ibm.com 2009-02-27T00:28:04Z urn:sha1:454804ab0302b354e35d992d08e53fe03313baaf Restrict the /proc/keys and /proc/key-users output to keys belonging to the same user namespace as the reading task. We may want to make this more complicated - so that any keys in a user-namespace which is belongs to the reading task are also shown. But let's see if anyone wants that first. Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> 2009-02-27T01:35:12Z Serge E. Hallyn serue@us.ibm.com 2009-02-27T00:27:55Z urn:sha1:2ea190d0a006ce5218baa6e798512652446a605a When listing keys, do not return keys belonging to the same uid in another user namespace. Otherwise uid 500 in another user namespace will return keyrings called uid.500 for another user namespace. Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> 2009-02-27T01:35:09Z Serge E. Hallyn serue@us.ibm.com 2009-02-27T00:27:47Z urn:sha1:8ff3bc3138a400294ee9e126ac75fc9a9fae4e0b If a key is owned by another user namespace, then treat the key as though it is owned by both another uid and gid. Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> 2009-02-27T01:35:06Z Serge E. Hallyn serue@us.ibm.com 2009-02-27T00:27:38Z urn:sha1:1d1e97562e5e2ac60fb7b25437ba619f95f67fab per-uid keys were looked by uid only. Use the user namespace to distinguish the same uid in different namespaces. This does not address key_permission. So a task can for instance try to join a keyring owned by the same uid in another namespace. That will be handled by a separate patch. Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> 2009-01-17T22:24:46Z Vegard Nossum vegard.nossum@gmail.com 2009-01-17T16:45:45Z urn:sha1:0d54ee1c7850a954026deec4cd4885f331da35cc Plug this leak. Acked-by: David Howells <dhowells@redhat.com> Cc: James Morris <jmorris@namei.org> Cc: <stable@kernel.org> Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2009-01-14T13:15:30Z Heiko Carstens heiko.carstens@de.ibm.com 2009-01-14T13:14:30Z urn:sha1:938bb9f5e840eddbf54e4f62f6c5ba9b3ae12c9d Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> 2009-01-14T13:15:29Z Heiko Carstens heiko.carstens@de.ibm.com 2009-01-14T13:14:29Z urn:sha1:1e7bfb2134dfec37ce04fb3a4ca89299e892d10c Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> 2008-12-31T23:32:44Z James Morris jmorris@namei.org 2008-12-29T03:35:35Z urn:sha1:90bd49ab6649269cd10d0edc86d0e0f62864726a Fix the following sparse warning: CC security/keys/key.o security/keys/keyctl.c:1297:10: warning: incorrect type in argument 2 (different address spaces) security/keys/keyctl.c:1297:10: expected char [noderef] <asn:1>*buffer security/keys/keyctl.c:1297:10: got char *<noident> which appears to be caused by lack of __user annotation to the cast of a syscall argument. Signed-off-by: James Morris <jmorris@namei.org> Acked-by: David Howells <dhowells@redhat.com> 2008-12-29T03:24:43Z David Howells dhowells@redhat.com 2008-12-29T00:41:51Z urn:sha1:eca1bf5b4fab56d2feb1572d34d59fcd92ea7df3 Fix variable uninitialisation warnings introduced in: commit 8bbf4976b59fc9fc2861e79cab7beb3f6d647640 Author: David Howells <dhowells@redhat.com> Date: Fri Nov 14 10:39:14 2008 +1100 KEYS: Alter use of key instantiation link-to-keyring argument As: security/keys/keyctl.c: In function 'keyctl_negate_key': security/keys/keyctl.c:976: warning: 'dest_keyring' may be used uninitialized in this function security/keys/keyctl.c: In function 'keyctl_instantiate_key': security/keys/keyctl.c:898: warning: 'dest_keyring' may be used uninitialized in this function Some versions of gcc notice that get_instantiation_key() doesn't always set *_dest_keyring, but fail to observe that if this happens then *_dest_keyring will not be read by the caller. Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>