[PATCH] CAN-2005-2098 Error during attempt to join key management session can leave...

The attached patch prevents an error during the key session joining operation
from hanging future joins in the D state [CAN-2005-2098].

The problem is that the error handling path for the KEYCTL_JOIN_SESSION_KEYRING
operation has one error path that doesn't release the session management
semaphore. Further attempts to get the semaphore will then sleep for ever in
the D state.

This can happen in four situations, all involving an attempt to allocate a new
session keyring:

 (1) ENOMEM.

 (2) The users key quota being reached.

 (3) A keyring name that is an empty string.

 (4) A keyring name that is too long.

Any user may attempt this operation, and so any user can cause the problem to
occur.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 2eb0e471cd40817a4ae548188dd82be73cbaca71..54622585c2c50d4f4e6d185c701dcae596a15e83 100644 (file)
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -641,7 +641,7 @@ long join_session_keyring(const char *name)
                keyring = keyring_alloc(name, tsk->uid, tsk->gid, 0, NULL);
                if (IS_ERR(keyring)) {
                        ret = PTR_ERR(keyring);
-                       goto error;
+                       goto error2;
                }
        }
        else if (IS_ERR(keyring)) {