+++ /dev/null
-From d3600bcf9d64d88dc1d189a754dcfab960ce751f Mon Sep 17 00:00:00 2001
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Date: Tue, 10 Nov 2015 08:34:46 -0500
-Subject: KEYS: prevent keys from being removed from specified keyrings
-
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-
-commit d3600bcf9d64d88dc1d189a754dcfab960ce751f upstream.
-
-Userspace should not be allowed to remove keys from certain keyrings
-(eg. blacklist), though the keys themselves can expire.
-
-This patch defines a new key flag named KEY_FLAG_KEEP to prevent
-userspace from being able to unlink, revoke, invalidate or timed
-out a key on a keyring. When this flag is set on the keyring, all
-keys subsequently added are flagged.
-
-In addition, when this flag is set, the keyring itself can not be
-cleared.
-
-Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Cc: David Howells <dhowells@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- include/linux/key.h | 1
- security/keys/key.c | 6 ++++-
- security/keys/keyctl.c | 56 ++++++++++++++++++++++++++++++++++++++++---------
- 3 files changed, 52 insertions(+), 11 deletions(-)
-
---- a/include/linux/key.h
-+++ b/include/linux/key.h
-@@ -162,6 +162,7 @@ struct key {
- #define KEY_FLAG_NEGATIVE 5 /* set if key is negative */
- #define KEY_FLAG_ROOT_CAN_CLEAR 6 /* set if key can be cleared by root without permission */
- #define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */
-+#define KEY_FLAG_KEEP 12 /* set if key should not be removed */
-
- /* the description string
- * - this is used to match a key against search criteria
---- a/security/keys/key.c
-+++ b/security/keys/key.c
-@@ -434,8 +434,12 @@ static int __key_instantiate_and_link(st
- awaken = 1;
-
- /* and link it into the destination keyring */
-- if (keyring)
-+ if (keyring) {
-+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-+ set_bit(KEY_FLAG_KEEP, &key->flags);
-+
- __key_link(keyring, key, _prealloc);
-+ }
-
- /* disable the authorisation key */
- if (authkey)
---- a/security/keys/keyctl.c
-+++ b/security/keys/keyctl.c
-@@ -358,11 +358,14 @@ error:
- * and any links to the key will be automatically garbage collected after a
- * certain amount of time (/proc/sys/kernel/keys/gc_delay).
- *
-+ * Keys with KEY_FLAG_KEEP set should not be revoked.
-+ *
- * If successful, 0 is returned.
- */
- long keyctl_revoke_key(key_serial_t id)
- {
- key_ref_t key_ref;
-+ struct key *key;
- long ret;
-
- key_ref = lookup_user_key(id, 0, KEY_WRITE);
-@@ -377,8 +380,13 @@ long keyctl_revoke_key(key_serial_t id)
- }
- }
-
-- key_revoke(key_ref_to_ptr(key_ref));
-- ret = 0;
-+ key = key_ref_to_ptr(key_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &key->flags))
-+ return -EPERM;
-+ else {
-+ key_revoke(key);
-+ ret = 0;
-+ }
-
- key_ref_put(key_ref);
- error:
-@@ -392,11 +400,14 @@ error:
- * The key and any links to the key will be automatically garbage collected
- * immediately.
- *
-+ * Keys with KEY_FLAG_KEEP set should not be invalidated.
-+ *
- * If successful, 0 is returned.
- */
- long keyctl_invalidate_key(key_serial_t id)
- {
- key_ref_t key_ref;
-+ struct key *key;
- long ret;
-
- kenter("%d", id);
-@@ -407,8 +418,13 @@ long keyctl_invalidate_key(key_serial_t
- goto error;
- }
-
-- key_invalidate(key_ref_to_ptr(key_ref));
-- ret = 0;
-+ key = key_ref_to_ptr(key_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &key->flags))
-+ ret = -EPERM;
-+ else {
-+ key_invalidate(key);
-+ ret = 0;
-+ }
-
- key_ref_put(key_ref);
- error:
-@@ -420,12 +436,13 @@ error:
- * Clear the specified keyring, creating an empty process keyring if one of the
- * special keyring IDs is used.
- *
-- * The keyring must grant the caller Write permission for this to work. If
-- * successful, 0 will be returned.
-+ * The keyring must grant the caller Write permission and not have
-+ * KEY_FLAG_KEEP set for this to work. If successful, 0 will be returned.
- */
- long keyctl_keyring_clear(key_serial_t ringid)
- {
- key_ref_t keyring_ref;
-+ struct key *keyring;
- long ret;
-
- keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);
-@@ -447,7 +464,11 @@ long keyctl_keyring_clear(key_serial_t r
- }
-
- clear:
-- ret = keyring_clear(key_ref_to_ptr(keyring_ref));
-+ keyring = key_ref_to_ptr(keyring_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-+ ret = -EPERM;
-+ else
-+ ret = keyring_clear(keyring);
- error_put:
- key_ref_put(keyring_ref);
- error:
-@@ -498,11 +519,14 @@ error:
- * itself need not grant the caller anything. If the last link to a key is
- * removed then that key will be scheduled for destruction.
- *
-+ * Keys or keyrings with KEY_FLAG_KEEP set should not be unlinked.
-+ *
- * If successful, 0 will be returned.
- */
- long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
- {
- key_ref_t keyring_ref, key_ref;
-+ struct key *keyring, *key;
- long ret;
-
- keyring_ref = lookup_user_key(ringid, 0, KEY_WRITE);
-@@ -517,7 +541,13 @@ long keyctl_keyring_unlink(key_serial_t
- goto error2;
- }
-
-- ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref));
-+ keyring = key_ref_to_ptr(keyring_ref);
-+ key = key_ref_to_ptr(key_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags) &&
-+ test_bit(KEY_FLAG_KEEP, &key->flags))
-+ ret = -EPERM;
-+ else
-+ ret = key_unlink(keyring, key);
-
- key_ref_put(key_ref);
- error2:
-@@ -1306,6 +1336,8 @@ error:
- * the current time. The key and any links to the key will be automatically
- * garbage collected after the timeout expires.
- *
-+ * Keys with KEY_FLAG_KEEP set should not be timed out.
-+ *
- * If successful, 0 is returned.
- */
- long keyctl_set_timeout(key_serial_t id, unsigned timeout)
-@@ -1337,10 +1369,14 @@ long keyctl_set_timeout(key_serial_t id,
-
- okay:
- key = key_ref_to_ptr(key_ref);
-- key_set_timeout(key, timeout);
-+ if (test_bit(KEY_FLAG_KEEP, &key->flags))
-+ ret = -EPERM;
-+ else {
-+ key_set_timeout(key, timeout);
-+ ret = 0;
-+ }
- key_put(key);
-
-- ret = 0;
- error:
- return ret;
- }
+++ /dev/null
-From 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 Mon Sep 17 00:00:00 2001
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Date: Thu, 7 Jan 2016 07:46:36 -0500
-Subject: KEYS: refcount bug fix
-
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-
-commit 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 upstream.
-
-This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP
-test before setting the flag, and cleans up the if/then brackets style
-introduced in commit:
-d3600bc KEYS: prevent keys from being removed from specified keyrings
-
-Reported-by: David Howells <dhowells@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Acked-by: David Howells <dhowells@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- security/keys/key.c | 3 +--
- security/keys/keyctl.c | 17 +++++++----------
- 2 files changed, 8 insertions(+), 12 deletions(-)
-
---- a/security/keys/key.c
-+++ b/security/keys/key.c
-@@ -435,8 +435,7 @@ static int __key_instantiate_and_link(st
-
- /* and link it into the destination keyring */
- if (keyring) {
-- if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-- set_bit(KEY_FLAG_KEEP, &key->flags);
-+ set_bit(KEY_FLAG_KEEP, &key->flags);
-
- __key_link(keyring, key, _prealloc);
- }
---- a/security/keys/keyctl.c
-+++ b/security/keys/keyctl.c
-@@ -381,12 +381,11 @@ long keyctl_revoke_key(key_serial_t id)
- }
-
- key = key_ref_to_ptr(key_ref);
-+ ret = 0;
- if (test_bit(KEY_FLAG_KEEP, &key->flags))
-- return -EPERM;
-- else {
-+ ret = -EPERM;
-+ else
- key_revoke(key);
-- ret = 0;
-- }
-
- key_ref_put(key_ref);
- error:
-@@ -419,12 +418,11 @@ long keyctl_invalidate_key(key_serial_t
- }
-
- key = key_ref_to_ptr(key_ref);
-+ ret = 0;
- if (test_bit(KEY_FLAG_KEEP, &key->flags))
- ret = -EPERM;
-- else {
-+ else
- key_invalidate(key);
-- ret = 0;
-- }
-
- key_ref_put(key_ref);
- error:
-@@ -1369,12 +1367,11 @@ long keyctl_set_timeout(key_serial_t id,
-
- okay:
- key = key_ref_to_ptr(key_ref);
-+ ret = 0;
- if (test_bit(KEY_FLAG_KEEP, &key->flags))
- ret = -EPERM;
-- else {
-+ else
- key_set_timeout(key, timeout);
-- ret = 0;
-- }
- key_put(key);
-
- error:
keys-fix-race-between-key-destruction-and-finding-a-keyring-by-name.patch
keys-fix-crash-when-attempt-to-garbage-collect-an-uninstantiated-keyring.patch
keys-fix-race-between-read-and-revoke.patch
-keys-prevent-keys-from-being-removed-from-specified-keyrings.patch
-keys-refcount-bug-fix.patch
keys-fix-keyring-ref-leak-in-join_session_keyring.patch
+++ /dev/null
-From d3600bcf9d64d88dc1d189a754dcfab960ce751f Mon Sep 17 00:00:00 2001
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Date: Tue, 10 Nov 2015 08:34:46 -0500
-Subject: KEYS: prevent keys from being removed from specified keyrings
-
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-
-commit d3600bcf9d64d88dc1d189a754dcfab960ce751f upstream.
-
-Userspace should not be allowed to remove keys from certain keyrings
-(eg. blacklist), though the keys themselves can expire.
-
-This patch defines a new key flag named KEY_FLAG_KEEP to prevent
-userspace from being able to unlink, revoke, invalidate or timed
-out a key on a keyring. When this flag is set on the keyring, all
-keys subsequently added are flagged.
-
-In addition, when this flag is set, the keyring itself can not be
-cleared.
-
-Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Cc: David Howells <dhowells@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- include/linux/key.h | 1
- security/keys/key.c | 6 ++++-
- security/keys/keyctl.c | 56 ++++++++++++++++++++++++++++++++++++++++---------
- 3 files changed, 52 insertions(+), 11 deletions(-)
-
---- a/include/linux/key.h
-+++ b/include/linux/key.h
-@@ -170,6 +170,7 @@ struct key {
- #define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */
- #define KEY_FLAG_TRUSTED 8 /* set if key is trusted */
- #define KEY_FLAG_TRUSTED_ONLY 9 /* set if keyring only accepts links to trusted keys */
-+#define KEY_FLAG_KEEP 12 /* set if key should not be removed */
-
- /* the key type and key description string
- * - the desc is used to match a key against search criteria
---- a/security/keys/key.c
-+++ b/security/keys/key.c
-@@ -431,8 +431,12 @@ static int __key_instantiate_and_link(st
- awaken = 1;
-
- /* and link it into the destination keyring */
-- if (keyring)
-+ if (keyring) {
-+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-+ set_bit(KEY_FLAG_KEEP, &key->flags);
-+
- __key_link(key, _edit);
-+ }
-
- /* disable the authorisation key */
- if (authkey)
---- a/security/keys/keyctl.c
-+++ b/security/keys/keyctl.c
-@@ -358,11 +358,14 @@ error:
- * and any links to the key will be automatically garbage collected after a
- * certain amount of time (/proc/sys/kernel/keys/gc_delay).
- *
-+ * Keys with KEY_FLAG_KEEP set should not be revoked.
-+ *
- * If successful, 0 is returned.
- */
- long keyctl_revoke_key(key_serial_t id)
- {
- key_ref_t key_ref;
-+ struct key *key;
- long ret;
-
- key_ref = lookup_user_key(id, 0, KEY_WRITE);
-@@ -377,8 +380,13 @@ long keyctl_revoke_key(key_serial_t id)
- }
- }
-
-- key_revoke(key_ref_to_ptr(key_ref));
-- ret = 0;
-+ key = key_ref_to_ptr(key_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &key->flags))
-+ return -EPERM;
-+ else {
-+ key_revoke(key);
-+ ret = 0;
-+ }
-
- key_ref_put(key_ref);
- error:
-@@ -392,11 +400,14 @@ error:
- * The key and any links to the key will be automatically garbage collected
- * immediately.
- *
-+ * Keys with KEY_FLAG_KEEP set should not be invalidated.
-+ *
- * If successful, 0 is returned.
- */
- long keyctl_invalidate_key(key_serial_t id)
- {
- key_ref_t key_ref;
-+ struct key *key;
- long ret;
-
- kenter("%d", id);
-@@ -407,8 +418,13 @@ long keyctl_invalidate_key(key_serial_t
- goto error;
- }
-
-- key_invalidate(key_ref_to_ptr(key_ref));
-- ret = 0;
-+ key = key_ref_to_ptr(key_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &key->flags))
-+ ret = -EPERM;
-+ else {
-+ key_invalidate(key);
-+ ret = 0;
-+ }
-
- key_ref_put(key_ref);
- error:
-@@ -420,12 +436,13 @@ error:
- * Clear the specified keyring, creating an empty process keyring if one of the
- * special keyring IDs is used.
- *
-- * The keyring must grant the caller Write permission for this to work. If
-- * successful, 0 will be returned.
-+ * The keyring must grant the caller Write permission and not have
-+ * KEY_FLAG_KEEP set for this to work. If successful, 0 will be returned.
- */
- long keyctl_keyring_clear(key_serial_t ringid)
- {
- key_ref_t keyring_ref;
-+ struct key *keyring;
- long ret;
-
- keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);
-@@ -447,7 +464,11 @@ long keyctl_keyring_clear(key_serial_t r
- }
-
- clear:
-- ret = keyring_clear(key_ref_to_ptr(keyring_ref));
-+ keyring = key_ref_to_ptr(keyring_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-+ ret = -EPERM;
-+ else
-+ ret = keyring_clear(keyring);
- error_put:
- key_ref_put(keyring_ref);
- error:
-@@ -498,11 +519,14 @@ error:
- * itself need not grant the caller anything. If the last link to a key is
- * removed then that key will be scheduled for destruction.
- *
-+ * Keys or keyrings with KEY_FLAG_KEEP set should not be unlinked.
-+ *
- * If successful, 0 will be returned.
- */
- long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
- {
- key_ref_t keyring_ref, key_ref;
-+ struct key *keyring, *key;
- long ret;
-
- keyring_ref = lookup_user_key(ringid, 0, KEY_WRITE);
-@@ -517,7 +541,13 @@ long keyctl_keyring_unlink(key_serial_t
- goto error2;
- }
-
-- ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref));
-+ keyring = key_ref_to_ptr(keyring_ref);
-+ key = key_ref_to_ptr(key_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags) &&
-+ test_bit(KEY_FLAG_KEEP, &key->flags))
-+ ret = -EPERM;
-+ else
-+ ret = key_unlink(keyring, key);
-
- key_ref_put(key_ref);
- error2:
-@@ -1306,6 +1336,8 @@ error:
- * the current time. The key and any links to the key will be automatically
- * garbage collected after the timeout expires.
- *
-+ * Keys with KEY_FLAG_KEEP set should not be timed out.
-+ *
- * If successful, 0 is returned.
- */
- long keyctl_set_timeout(key_serial_t id, unsigned timeout)
-@@ -1337,10 +1369,14 @@ long keyctl_set_timeout(key_serial_t id,
-
- okay:
- key = key_ref_to_ptr(key_ref);
-- key_set_timeout(key, timeout);
-+ if (test_bit(KEY_FLAG_KEEP, &key->flags))
-+ ret = -EPERM;
-+ else {
-+ key_set_timeout(key, timeout);
-+ ret = 0;
-+ }
- key_put(key);
-
-- ret = 0;
- error:
- return ret;
- }
+++ /dev/null
-From 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 Mon Sep 17 00:00:00 2001
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Date: Thu, 7 Jan 2016 07:46:36 -0500
-Subject: KEYS: refcount bug fix
-
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-
-commit 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 upstream.
-
-This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP
-test before setting the flag, and cleans up the if/then brackets style
-introduced in commit:
-d3600bc KEYS: prevent keys from being removed from specified keyrings
-
-Reported-by: David Howells <dhowells@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Acked-by: David Howells <dhowells@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- security/keys/key.c | 3 +--
- security/keys/keyctl.c | 17 +++++++----------
- 2 files changed, 8 insertions(+), 12 deletions(-)
-
---- a/security/keys/key.c
-+++ b/security/keys/key.c
-@@ -432,8 +432,7 @@ static int __key_instantiate_and_link(st
-
- /* and link it into the destination keyring */
- if (keyring) {
-- if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-- set_bit(KEY_FLAG_KEEP, &key->flags);
-+ set_bit(KEY_FLAG_KEEP, &key->flags);
-
- __key_link(key, _edit);
- }
---- a/security/keys/keyctl.c
-+++ b/security/keys/keyctl.c
-@@ -381,12 +381,11 @@ long keyctl_revoke_key(key_serial_t id)
- }
-
- key = key_ref_to_ptr(key_ref);
-+ ret = 0;
- if (test_bit(KEY_FLAG_KEEP, &key->flags))
-- return -EPERM;
-- else {
-+ ret = -EPERM;
-+ else
- key_revoke(key);
-- ret = 0;
-- }
-
- key_ref_put(key_ref);
- error:
-@@ -419,12 +418,11 @@ long keyctl_invalidate_key(key_serial_t
- }
-
- key = key_ref_to_ptr(key_ref);
-+ ret = 0;
- if (test_bit(KEY_FLAG_KEEP, &key->flags))
- ret = -EPERM;
-- else {
-+ else
- key_invalidate(key);
-- ret = 0;
-- }
-
- key_ref_put(key_ref);
- error:
-@@ -1369,12 +1367,11 @@ long keyctl_set_timeout(key_serial_t id,
-
- okay:
- key = key_ref_to_ptr(key_ref);
-+ ret = 0;
- if (test_bit(KEY_FLAG_KEEP, &key->flags))
- ret = -EPERM;
-- else {
-+ else
- key_set_timeout(key, timeout);
-- ret = 0;
-- }
- key_put(key);
-
- error:
keys-fix-race-between-key-destruction-and-finding-a-keyring-by-name.patch
keys-fix-crash-when-attempt-to-garbage-collect-an-uninstantiated-keyring.patch
keys-fix-race-between-read-and-revoke.patch
-keys-prevent-keys-from-being-removed-from-specified-keyrings.patch
-keys-refcount-bug-fix.patch
keys-fix-keyring-ref-leak-in-join_session_keyring.patch
+++ /dev/null
-From d3600bcf9d64d88dc1d189a754dcfab960ce751f Mon Sep 17 00:00:00 2001
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Date: Tue, 10 Nov 2015 08:34:46 -0500
-Subject: KEYS: prevent keys from being removed from specified keyrings
-
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-
-commit d3600bcf9d64d88dc1d189a754dcfab960ce751f upstream.
-
-Userspace should not be allowed to remove keys from certain keyrings
-(eg. blacklist), though the keys themselves can expire.
-
-This patch defines a new key flag named KEY_FLAG_KEEP to prevent
-userspace from being able to unlink, revoke, invalidate or timed
-out a key on a keyring. When this flag is set on the keyring, all
-keys subsequently added are flagged.
-
-In addition, when this flag is set, the keyring itself can not be
-cleared.
-
-Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Cc: David Howells <dhowells@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- include/linux/key.h | 1
- security/keys/key.c | 6 ++++-
- security/keys/keyctl.c | 56 ++++++++++++++++++++++++++++++++++++++++---------
- 3 files changed, 52 insertions(+), 11 deletions(-)
-
---- a/include/linux/key.h
-+++ b/include/linux/key.h
-@@ -172,6 +172,7 @@ struct key {
- #define KEY_FLAG_TRUSTED_ONLY 9 /* set if keyring only accepts links to trusted keys */
- #define KEY_FLAG_BUILTIN 10 /* set if key is builtin */
- #define KEY_FLAG_ROOT_CAN_INVAL 11 /* set if key can be invalidated by root without permission */
-+#define KEY_FLAG_KEEP 12 /* set if key should not be removed */
-
- /* the key type and key description string
- * - the desc is used to match a key against search criteria
---- a/security/keys/key.c
-+++ b/security/keys/key.c
-@@ -429,8 +429,12 @@ static int __key_instantiate_and_link(st
- awaken = 1;
-
- /* and link it into the destination keyring */
-- if (keyring)
-+ if (keyring) {
-+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-+ set_bit(KEY_FLAG_KEEP, &key->flags);
-+
- __key_link(key, _edit);
-+ }
-
- /* disable the authorisation key */
- if (authkey)
---- a/security/keys/keyctl.c
-+++ b/security/keys/keyctl.c
-@@ -364,11 +364,14 @@ error:
- * and any links to the key will be automatically garbage collected after a
- * certain amount of time (/proc/sys/kernel/keys/gc_delay).
- *
-+ * Keys with KEY_FLAG_KEEP set should not be revoked.
-+ *
- * If successful, 0 is returned.
- */
- long keyctl_revoke_key(key_serial_t id)
- {
- key_ref_t key_ref;
-+ struct key *key;
- long ret;
-
- key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE);
-@@ -383,8 +386,13 @@ long keyctl_revoke_key(key_serial_t id)
- }
- }
-
-- key_revoke(key_ref_to_ptr(key_ref));
-- ret = 0;
-+ key = key_ref_to_ptr(key_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &key->flags))
-+ return -EPERM;
-+ else {
-+ key_revoke(key);
-+ ret = 0;
-+ }
-
- key_ref_put(key_ref);
- error:
-@@ -398,11 +406,14 @@ error:
- * The key and any links to the key will be automatically garbage collected
- * immediately.
- *
-+ * Keys with KEY_FLAG_KEEP set should not be invalidated.
-+ *
- * If successful, 0 is returned.
- */
- long keyctl_invalidate_key(key_serial_t id)
- {
- key_ref_t key_ref;
-+ struct key *key;
- long ret;
-
- kenter("%d", id);
-@@ -426,8 +437,13 @@ long keyctl_invalidate_key(key_serial_t
- }
-
- invalidate:
-- key_invalidate(key_ref_to_ptr(key_ref));
-- ret = 0;
-+ key = key_ref_to_ptr(key_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &key->flags))
-+ ret = -EPERM;
-+ else {
-+ key_invalidate(key);
-+ ret = 0;
-+ }
- error_put:
- key_ref_put(key_ref);
- error:
-@@ -439,12 +455,13 @@ error:
- * Clear the specified keyring, creating an empty process keyring if one of the
- * special keyring IDs is used.
- *
-- * The keyring must grant the caller Write permission for this to work. If
-- * successful, 0 will be returned.
-+ * The keyring must grant the caller Write permission and not have
-+ * KEY_FLAG_KEEP set for this to work. If successful, 0 will be returned.
- */
- long keyctl_keyring_clear(key_serial_t ringid)
- {
- key_ref_t keyring_ref;
-+ struct key *keyring;
- long ret;
-
- keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
-@@ -466,7 +483,11 @@ long keyctl_keyring_clear(key_serial_t r
- }
-
- clear:
-- ret = keyring_clear(key_ref_to_ptr(keyring_ref));
-+ keyring = key_ref_to_ptr(keyring_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-+ ret = -EPERM;
-+ else
-+ ret = keyring_clear(keyring);
- error_put:
- key_ref_put(keyring_ref);
- error:
-@@ -517,11 +538,14 @@ error:
- * itself need not grant the caller anything. If the last link to a key is
- * removed then that key will be scheduled for destruction.
- *
-+ * Keys or keyrings with KEY_FLAG_KEEP set should not be unlinked.
-+ *
- * If successful, 0 will be returned.
- */
- long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
- {
- key_ref_t keyring_ref, key_ref;
-+ struct key *keyring, *key;
- long ret;
-
- keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_WRITE);
-@@ -536,7 +560,13 @@ long keyctl_keyring_unlink(key_serial_t
- goto error2;
- }
-
-- ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref));
-+ keyring = key_ref_to_ptr(keyring_ref);
-+ key = key_ref_to_ptr(key_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags) &&
-+ test_bit(KEY_FLAG_KEEP, &key->flags))
-+ ret = -EPERM;
-+ else
-+ ret = key_unlink(keyring, key);
-
- key_ref_put(key_ref);
- error2:
-@@ -1295,6 +1325,8 @@ error:
- * the current time. The key and any links to the key will be automatically
- * garbage collected after the timeout expires.
- *
-+ * Keys with KEY_FLAG_KEEP set should not be timed out.
-+ *
- * If successful, 0 is returned.
- */
- long keyctl_set_timeout(key_serial_t id, unsigned timeout)
-@@ -1326,10 +1358,14 @@ long keyctl_set_timeout(key_serial_t id,
-
- okay:
- key = key_ref_to_ptr(key_ref);
-- key_set_timeout(key, timeout);
-+ if (test_bit(KEY_FLAG_KEEP, &key->flags))
-+ ret = -EPERM;
-+ else {
-+ key_set_timeout(key, timeout);
-+ ret = 0;
-+ }
- key_put(key);
-
-- ret = 0;
- error:
- return ret;
- }
+++ /dev/null
-From 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 Mon Sep 17 00:00:00 2001
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Date: Thu, 7 Jan 2016 07:46:36 -0500
-Subject: KEYS: refcount bug fix
-
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-
-commit 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 upstream.
-
-This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP
-test before setting the flag, and cleans up the if/then brackets style
-introduced in commit:
-d3600bc KEYS: prevent keys from being removed from specified keyrings
-
-Reported-by: David Howells <dhowells@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Acked-by: David Howells <dhowells@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- security/keys/key.c | 3 +--
- security/keys/keyctl.c | 17 +++++++----------
- 2 files changed, 8 insertions(+), 12 deletions(-)
-
---- a/security/keys/key.c
-+++ b/security/keys/key.c
-@@ -430,8 +430,7 @@ static int __key_instantiate_and_link(st
-
- /* and link it into the destination keyring */
- if (keyring) {
-- if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-- set_bit(KEY_FLAG_KEEP, &key->flags);
-+ set_bit(KEY_FLAG_KEEP, &key->flags);
-
- __key_link(key, _edit);
- }
---- a/security/keys/keyctl.c
-+++ b/security/keys/keyctl.c
-@@ -387,12 +387,11 @@ long keyctl_revoke_key(key_serial_t id)
- }
-
- key = key_ref_to_ptr(key_ref);
-+ ret = 0;
- if (test_bit(KEY_FLAG_KEEP, &key->flags))
-- return -EPERM;
-- else {
-+ ret = -EPERM;
-+ else
- key_revoke(key);
-- ret = 0;
-- }
-
- key_ref_put(key_ref);
- error:
-@@ -438,12 +437,11 @@ long keyctl_invalidate_key(key_serial_t
-
- invalidate:
- key = key_ref_to_ptr(key_ref);
-+ ret = 0;
- if (test_bit(KEY_FLAG_KEEP, &key->flags))
- ret = -EPERM;
-- else {
-+ else
- key_invalidate(key);
-- ret = 0;
-- }
- error_put:
- key_ref_put(key_ref);
- error:
-@@ -1358,12 +1356,11 @@ long keyctl_set_timeout(key_serial_t id,
-
- okay:
- key = key_ref_to_ptr(key_ref);
-+ ret = 0;
- if (test_bit(KEY_FLAG_KEEP, &key->flags))
- ret = -EPERM;
-- else {
-+ else
- key_set_timeout(key, timeout);
-- ret = 0;
-- }
- key_put(key);
-
- error:
keys-fix-race-between-key-destruction-and-finding-a-keyring-by-name.patch
keys-fix-crash-when-attempt-to-garbage-collect-an-uninstantiated-keyring.patch
keys-fix-race-between-read-and-revoke.patch
-keys-prevent-keys-from-being-removed-from-specified-keyrings.patch
-keys-refcount-bug-fix.patch
keys-fix-keyring-ref-leak-in-join_session_keyring.patch
+++ /dev/null
-From d3600bcf9d64d88dc1d189a754dcfab960ce751f Mon Sep 17 00:00:00 2001
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Date: Tue, 10 Nov 2015 08:34:46 -0500
-Subject: KEYS: prevent keys from being removed from specified keyrings
-
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-
-commit d3600bcf9d64d88dc1d189a754dcfab960ce751f upstream.
-
-Userspace should not be allowed to remove keys from certain keyrings
-(eg. blacklist), though the keys themselves can expire.
-
-This patch defines a new key flag named KEY_FLAG_KEEP to prevent
-userspace from being able to unlink, revoke, invalidate or timed
-out a key on a keyring. When this flag is set on the keyring, all
-keys subsequently added are flagged.
-
-In addition, when this flag is set, the keyring itself can not be
-cleared.
-
-Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Cc: David Howells <dhowells@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- include/linux/key.h | 1
- security/keys/key.c | 6 ++++-
- security/keys/keyctl.c | 56 ++++++++++++++++++++++++++++++++++++++++---------
- 3 files changed, 52 insertions(+), 11 deletions(-)
-
---- a/include/linux/key.h
-+++ b/include/linux/key.h
-@@ -172,6 +172,7 @@ struct key {
- #define KEY_FLAG_TRUSTED_ONLY 9 /* set if keyring only accepts links to trusted keys */
- #define KEY_FLAG_BUILTIN 10 /* set if key is builtin */
- #define KEY_FLAG_ROOT_CAN_INVAL 11 /* set if key can be invalidated by root without permission */
-+#define KEY_FLAG_KEEP 12 /* set if key should not be removed */
-
- /* the key type and key description string
- * - the desc is used to match a key against search criteria
---- a/security/keys/key.c
-+++ b/security/keys/key.c
-@@ -429,8 +429,12 @@ static int __key_instantiate_and_link(st
- awaken = 1;
-
- /* and link it into the destination keyring */
-- if (keyring)
-+ if (keyring) {
-+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-+ set_bit(KEY_FLAG_KEEP, &key->flags);
-+
- __key_link(key, _edit);
-+ }
-
- /* disable the authorisation key */
- if (authkey)
---- a/security/keys/keyctl.c
-+++ b/security/keys/keyctl.c
-@@ -364,11 +364,14 @@ error:
- * and any links to the key will be automatically garbage collected after a
- * certain amount of time (/proc/sys/kernel/keys/gc_delay).
- *
-+ * Keys with KEY_FLAG_KEEP set should not be revoked.
-+ *
- * If successful, 0 is returned.
- */
- long keyctl_revoke_key(key_serial_t id)
- {
- key_ref_t key_ref;
-+ struct key *key;
- long ret;
-
- key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE);
-@@ -383,8 +386,13 @@ long keyctl_revoke_key(key_serial_t id)
- }
- }
-
-- key_revoke(key_ref_to_ptr(key_ref));
-- ret = 0;
-+ key = key_ref_to_ptr(key_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &key->flags))
-+ return -EPERM;
-+ else {
-+ key_revoke(key);
-+ ret = 0;
-+ }
-
- key_ref_put(key_ref);
- error:
-@@ -398,11 +406,14 @@ error:
- * The key and any links to the key will be automatically garbage collected
- * immediately.
- *
-+ * Keys with KEY_FLAG_KEEP set should not be invalidated.
-+ *
- * If successful, 0 is returned.
- */
- long keyctl_invalidate_key(key_serial_t id)
- {
- key_ref_t key_ref;
-+ struct key *key;
- long ret;
-
- kenter("%d", id);
-@@ -426,8 +437,13 @@ long keyctl_invalidate_key(key_serial_t
- }
-
- invalidate:
-- key_invalidate(key_ref_to_ptr(key_ref));
-- ret = 0;
-+ key = key_ref_to_ptr(key_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &key->flags))
-+ ret = -EPERM;
-+ else {
-+ key_invalidate(key);
-+ ret = 0;
-+ }
- error_put:
- key_ref_put(key_ref);
- error:
-@@ -439,12 +455,13 @@ error:
- * Clear the specified keyring, creating an empty process keyring if one of the
- * special keyring IDs is used.
- *
-- * The keyring must grant the caller Write permission for this to work. If
-- * successful, 0 will be returned.
-+ * The keyring must grant the caller Write permission and not have
-+ * KEY_FLAG_KEEP set for this to work. If successful, 0 will be returned.
- */
- long keyctl_keyring_clear(key_serial_t ringid)
- {
- key_ref_t keyring_ref;
-+ struct key *keyring;
- long ret;
-
- keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
-@@ -466,7 +483,11 @@ long keyctl_keyring_clear(key_serial_t r
- }
-
- clear:
-- ret = keyring_clear(key_ref_to_ptr(keyring_ref));
-+ keyring = key_ref_to_ptr(keyring_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-+ ret = -EPERM;
-+ else
-+ ret = keyring_clear(keyring);
- error_put:
- key_ref_put(keyring_ref);
- error:
-@@ -517,11 +538,14 @@ error:
- * itself need not grant the caller anything. If the last link to a key is
- * removed then that key will be scheduled for destruction.
- *
-+ * Keys or keyrings with KEY_FLAG_KEEP set should not be unlinked.
-+ *
- * If successful, 0 will be returned.
- */
- long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
- {
- key_ref_t keyring_ref, key_ref;
-+ struct key *keyring, *key;
- long ret;
-
- keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_WRITE);
-@@ -536,7 +560,13 @@ long keyctl_keyring_unlink(key_serial_t
- goto error2;
- }
-
-- ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref));
-+ keyring = key_ref_to_ptr(keyring_ref);
-+ key = key_ref_to_ptr(key_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags) &&
-+ test_bit(KEY_FLAG_KEEP, &key->flags))
-+ ret = -EPERM;
-+ else
-+ ret = key_unlink(keyring, key);
-
- key_ref_put(key_ref);
- error2:
-@@ -1295,6 +1325,8 @@ error:
- * the current time. The key and any links to the key will be automatically
- * garbage collected after the timeout expires.
- *
-+ * Keys with KEY_FLAG_KEEP set should not be timed out.
-+ *
- * If successful, 0 is returned.
- */
- long keyctl_set_timeout(key_serial_t id, unsigned timeout)
-@@ -1326,10 +1358,14 @@ long keyctl_set_timeout(key_serial_t id,
-
- okay:
- key = key_ref_to_ptr(key_ref);
-- key_set_timeout(key, timeout);
-+ if (test_bit(KEY_FLAG_KEEP, &key->flags))
-+ ret = -EPERM;
-+ else {
-+ key_set_timeout(key, timeout);
-+ ret = 0;
-+ }
- key_put(key);
-
-- ret = 0;
- error:
- return ret;
- }
+++ /dev/null
-From 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 Mon Sep 17 00:00:00 2001
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Date: Thu, 7 Jan 2016 07:46:36 -0500
-Subject: KEYS: refcount bug fix
-
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-
-commit 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 upstream.
-
-This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP
-test before setting the flag, and cleans up the if/then brackets style
-introduced in commit:
-d3600bc KEYS: prevent keys from being removed from specified keyrings
-
-Reported-by: David Howells <dhowells@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Acked-by: David Howells <dhowells@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- security/keys/key.c | 3 +--
- security/keys/keyctl.c | 17 +++++++----------
- 2 files changed, 8 insertions(+), 12 deletions(-)
-
---- a/security/keys/key.c
-+++ b/security/keys/key.c
-@@ -430,8 +430,7 @@ static int __key_instantiate_and_link(st
-
- /* and link it into the destination keyring */
- if (keyring) {
-- if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-- set_bit(KEY_FLAG_KEEP, &key->flags);
-+ set_bit(KEY_FLAG_KEEP, &key->flags);
-
- __key_link(key, _edit);
- }
---- a/security/keys/keyctl.c
-+++ b/security/keys/keyctl.c
-@@ -387,12 +387,11 @@ long keyctl_revoke_key(key_serial_t id)
- }
-
- key = key_ref_to_ptr(key_ref);
-+ ret = 0;
- if (test_bit(KEY_FLAG_KEEP, &key->flags))
-- return -EPERM;
-- else {
-+ ret = -EPERM;
-+ else
- key_revoke(key);
-- ret = 0;
-- }
-
- key_ref_put(key_ref);
- error:
-@@ -438,12 +437,11 @@ long keyctl_invalidate_key(key_serial_t
-
- invalidate:
- key = key_ref_to_ptr(key_ref);
-+ ret = 0;
- if (test_bit(KEY_FLAG_KEEP, &key->flags))
- ret = -EPERM;
-- else {
-+ else
- key_invalidate(key);
-- ret = 0;
-- }
- error_put:
- key_ref_put(key_ref);
- error:
-@@ -1358,12 +1356,11 @@ long keyctl_set_timeout(key_serial_t id,
-
- okay:
- key = key_ref_to_ptr(key_ref);
-+ ret = 0;
- if (test_bit(KEY_FLAG_KEEP, &key->flags))
- ret = -EPERM;
-- else {
-+ else
- key_set_timeout(key, timeout);
-- ret = 0;
-- }
- key_put(key);
-
- error:
tcp-restore-fastopen-with-no-data-in-syn-packet.patch
rhashtable-fix-walker-list-corruption.patch
keys-fix-race-between-read-and-revoke.patch
-keys-prevent-keys-from-being-removed-from-specified-keyrings.patch
-keys-refcount-bug-fix.patch
keys-fix-keyring-ref-leak-in-join_session_keyring.patch
+++ /dev/null
-From d3600bcf9d64d88dc1d189a754dcfab960ce751f Mon Sep 17 00:00:00 2001
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Date: Tue, 10 Nov 2015 08:34:46 -0500
-Subject: KEYS: prevent keys from being removed from specified keyrings
-
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-
-commit d3600bcf9d64d88dc1d189a754dcfab960ce751f upstream.
-
-Userspace should not be allowed to remove keys from certain keyrings
-(eg. blacklist), though the keys themselves can expire.
-
-This patch defines a new key flag named KEY_FLAG_KEEP to prevent
-userspace from being able to unlink, revoke, invalidate or timed
-out a key on a keyring. When this flag is set on the keyring, all
-keys subsequently added are flagged.
-
-In addition, when this flag is set, the keyring itself can not be
-cleared.
-
-Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Cc: David Howells <dhowells@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- include/linux/key.h | 1
- security/keys/key.c | 6 ++++-
- security/keys/keyctl.c | 56 ++++++++++++++++++++++++++++++++++++++++---------
- 3 files changed, 52 insertions(+), 11 deletions(-)
-
---- a/include/linux/key.h
-+++ b/include/linux/key.h
-@@ -177,6 +177,7 @@ struct key {
- #define KEY_FLAG_TRUSTED_ONLY 9 /* set if keyring only accepts links to trusted keys */
- #define KEY_FLAG_BUILTIN 10 /* set if key is builtin */
- #define KEY_FLAG_ROOT_CAN_INVAL 11 /* set if key can be invalidated by root without permission */
-+#define KEY_FLAG_KEEP 12 /* set if key should not be removed */
-
- /* the key type and key description string
- * - the desc is used to match a key against search criteria
---- a/security/keys/key.c
-+++ b/security/keys/key.c
-@@ -429,8 +429,12 @@ static int __key_instantiate_and_link(st
- awaken = 1;
-
- /* and link it into the destination keyring */
-- if (keyring)
-+ if (keyring) {
-+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-+ set_bit(KEY_FLAG_KEEP, &key->flags);
-+
- __key_link(key, _edit);
-+ }
-
- /* disable the authorisation key */
- if (authkey)
---- a/security/keys/keyctl.c
-+++ b/security/keys/keyctl.c
-@@ -358,11 +358,14 @@ error:
- * and any links to the key will be automatically garbage collected after a
- * certain amount of time (/proc/sys/kernel/keys/gc_delay).
- *
-+ * Keys with KEY_FLAG_KEEP set should not be revoked.
-+ *
- * If successful, 0 is returned.
- */
- long keyctl_revoke_key(key_serial_t id)
- {
- key_ref_t key_ref;
-+ struct key *key;
- long ret;
-
- key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE);
-@@ -377,8 +380,13 @@ long keyctl_revoke_key(key_serial_t id)
- }
- }
-
-- key_revoke(key_ref_to_ptr(key_ref));
-- ret = 0;
-+ key = key_ref_to_ptr(key_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &key->flags))
-+ return -EPERM;
-+ else {
-+ key_revoke(key);
-+ ret = 0;
-+ }
-
- key_ref_put(key_ref);
- error:
-@@ -392,11 +400,14 @@ error:
- * The key and any links to the key will be automatically garbage collected
- * immediately.
- *
-+ * Keys with KEY_FLAG_KEEP set should not be invalidated.
-+ *
- * If successful, 0 is returned.
- */
- long keyctl_invalidate_key(key_serial_t id)
- {
- key_ref_t key_ref;
-+ struct key *key;
- long ret;
-
- kenter("%d", id);
-@@ -420,8 +431,13 @@ long keyctl_invalidate_key(key_serial_t
- }
-
- invalidate:
-- key_invalidate(key_ref_to_ptr(key_ref));
-- ret = 0;
-+ key = key_ref_to_ptr(key_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &key->flags))
-+ ret = -EPERM;
-+ else {
-+ key_invalidate(key);
-+ ret = 0;
-+ }
- error_put:
- key_ref_put(key_ref);
- error:
-@@ -433,12 +449,13 @@ error:
- * Clear the specified keyring, creating an empty process keyring if one of the
- * special keyring IDs is used.
- *
-- * The keyring must grant the caller Write permission for this to work. If
-- * successful, 0 will be returned.
-+ * The keyring must grant the caller Write permission and not have
-+ * KEY_FLAG_KEEP set for this to work. If successful, 0 will be returned.
- */
- long keyctl_keyring_clear(key_serial_t ringid)
- {
- key_ref_t keyring_ref;
-+ struct key *keyring;
- long ret;
-
- keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
-@@ -460,7 +477,11 @@ long keyctl_keyring_clear(key_serial_t r
- }
-
- clear:
-- ret = keyring_clear(key_ref_to_ptr(keyring_ref));
-+ keyring = key_ref_to_ptr(keyring_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-+ ret = -EPERM;
-+ else
-+ ret = keyring_clear(keyring);
- error_put:
- key_ref_put(keyring_ref);
- error:
-@@ -511,11 +532,14 @@ error:
- * itself need not grant the caller anything. If the last link to a key is
- * removed then that key will be scheduled for destruction.
- *
-+ * Keys or keyrings with KEY_FLAG_KEEP set should not be unlinked.
-+ *
- * If successful, 0 will be returned.
- */
- long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
- {
- key_ref_t keyring_ref, key_ref;
-+ struct key *keyring, *key;
- long ret;
-
- keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_WRITE);
-@@ -530,7 +554,13 @@ long keyctl_keyring_unlink(key_serial_t
- goto error2;
- }
-
-- ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref));
-+ keyring = key_ref_to_ptr(keyring_ref);
-+ key = key_ref_to_ptr(key_ref);
-+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags) &&
-+ test_bit(KEY_FLAG_KEEP, &key->flags))
-+ ret = -EPERM;
-+ else
-+ ret = key_unlink(keyring, key);
-
- key_ref_put(key_ref);
- error2:
-@@ -1289,6 +1319,8 @@ error:
- * the current time. The key and any links to the key will be automatically
- * garbage collected after the timeout expires.
- *
-+ * Keys with KEY_FLAG_KEEP set should not be timed out.
-+ *
- * If successful, 0 is returned.
- */
- long keyctl_set_timeout(key_serial_t id, unsigned timeout)
-@@ -1320,10 +1352,14 @@ long keyctl_set_timeout(key_serial_t id,
-
- okay:
- key = key_ref_to_ptr(key_ref);
-- key_set_timeout(key, timeout);
-+ if (test_bit(KEY_FLAG_KEEP, &key->flags))
-+ ret = -EPERM;
-+ else {
-+ key_set_timeout(key, timeout);
-+ ret = 0;
-+ }
- key_put(key);
-
-- ret = 0;
- error:
- return ret;
- }
+++ /dev/null
-From 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 Mon Sep 17 00:00:00 2001
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Date: Thu, 7 Jan 2016 07:46:36 -0500
-Subject: KEYS: refcount bug fix
-
-From: Mimi Zohar <zohar@linux.vnet.ibm.com>
-
-commit 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 upstream.
-
-This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP
-test before setting the flag, and cleans up the if/then brackets style
-introduced in commit:
-d3600bc KEYS: prevent keys from being removed from specified keyrings
-
-Reported-by: David Howells <dhowells@redhat.com>
-Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-Acked-by: David Howells <dhowells@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- security/keys/key.c | 3 +--
- security/keys/keyctl.c | 17 +++++++----------
- 2 files changed, 8 insertions(+), 12 deletions(-)
-
---- a/security/keys/key.c
-+++ b/security/keys/key.c
-@@ -430,8 +430,7 @@ static int __key_instantiate_and_link(st
-
- /* and link it into the destination keyring */
- if (keyring) {
-- if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-- set_bit(KEY_FLAG_KEEP, &key->flags);
-+ set_bit(KEY_FLAG_KEEP, &key->flags);
-
- __key_link(key, _edit);
- }
---- a/security/keys/keyctl.c
-+++ b/security/keys/keyctl.c
-@@ -381,12 +381,11 @@ long keyctl_revoke_key(key_serial_t id)
- }
-
- key = key_ref_to_ptr(key_ref);
-+ ret = 0;
- if (test_bit(KEY_FLAG_KEEP, &key->flags))
-- return -EPERM;
-- else {
-+ ret = -EPERM;
-+ else
- key_revoke(key);
-- ret = 0;
-- }
-
- key_ref_put(key_ref);
- error:
-@@ -432,12 +431,11 @@ long keyctl_invalidate_key(key_serial_t
-
- invalidate:
- key = key_ref_to_ptr(key_ref);
-+ ret = 0;
- if (test_bit(KEY_FLAG_KEEP, &key->flags))
- ret = -EPERM;
-- else {
-+ else
- key_invalidate(key);
-- ret = 0;
-- }
- error_put:
- key_ref_put(key_ref);
- error:
-@@ -1352,12 +1350,11 @@ long keyctl_set_timeout(key_serial_t id,
-
- okay:
- key = key_ref_to_ptr(key_ref);
-+ ret = 0;
- if (test_bit(KEY_FLAG_KEEP, &key->flags))
- ret = -EPERM;
-- else {
-+ else
- key_set_timeout(key, timeout);
-- ret = 0;
-- }
- key_put(key);
-
- error:
-keys-prevent-keys-from-being-removed-from-specified-keyrings.patch
-keys-refcount-bug-fix.patch
keys-fix-keyring-ref-leak-in-join_session_keyring.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
