From 4097845279bfa7bea5499003ee8d86d8b2ad32a7 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 20 Jan 2016 12:03:33 -0800 Subject: [PATCH] remove some unneeded keys patches from all trees --- ...eing-removed-from-specified-keyrings.patch | 205 ------------------ queue-3.10/keys-refcount-bug-fix.patch | 84 ------- queue-3.10/series | 2 - ...eing-removed-from-specified-keyrings.patch | 205 ------------------ queue-3.14/keys-refcount-bug-fix.patch | 84 ------- queue-3.14/series | 2 - ...eing-removed-from-specified-keyrings.patch | 205 ------------------ queue-4.1/keys-refcount-bug-fix.patch | 84 ------- queue-4.1/series | 2 - ...eing-removed-from-specified-keyrings.patch | 205 ------------------ queue-4.3/keys-refcount-bug-fix.patch | 84 ------- queue-4.3/series | 2 - ...eing-removed-from-specified-keyrings.patch | 205 ------------------ queue-4.4/keys-refcount-bug-fix.patch | 84 ------- queue-4.4/series | 2 - 15 files changed, 1455 deletions(-) delete mode 100644 queue-3.10/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch delete mode 100644 queue-3.10/keys-refcount-bug-fix.patch delete mode 100644 queue-3.14/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch delete mode 100644 queue-3.14/keys-refcount-bug-fix.patch delete mode 100644 queue-4.1/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch delete mode 100644 queue-4.1/keys-refcount-bug-fix.patch delete mode 100644 queue-4.3/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch delete mode 100644 queue-4.3/keys-refcount-bug-fix.patch delete mode 100644 queue-4.4/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch delete mode 100644 queue-4.4/keys-refcount-bug-fix.patch diff --git a/queue-3.10/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch b/queue-3.10/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch deleted file mode 100644 index 987c77641de..00000000000 --- a/queue-3.10/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch +++ /dev/null @@ -1,205 +0,0 @@ -From d3600bcf9d64d88dc1d189a754dcfab960ce751f Mon Sep 17 00:00:00 2001 -From: Mimi Zohar -Date: Tue, 10 Nov 2015 08:34:46 -0500 -Subject: KEYS: prevent keys from being removed from specified keyrings - -From: Mimi Zohar - -commit d3600bcf9d64d88dc1d189a754dcfab960ce751f upstream. - -Userspace should not be allowed to remove keys from certain keyrings -(eg. blacklist), though the keys themselves can expire. - -This patch defines a new key flag named KEY_FLAG_KEEP to prevent -userspace from being able to unlink, revoke, invalidate or timed -out a key on a keyring. When this flag is set on the keyring, all -keys subsequently added are flagged. - -In addition, when this flag is set, the keyring itself can not be -cleared. - -Signed-off-by: Mimi Zohar -Cc: David Howells -Signed-off-by: Greg Kroah-Hartman - ---- - include/linux/key.h | 1 - security/keys/key.c | 6 ++++- - security/keys/keyctl.c | 56 ++++++++++++++++++++++++++++++++++++++++--------- - 3 files changed, 52 insertions(+), 11 deletions(-) - ---- a/include/linux/key.h -+++ b/include/linux/key.h -@@ -162,6 +162,7 @@ struct key { - #define KEY_FLAG_NEGATIVE 5 /* set if key is negative */ - #define KEY_FLAG_ROOT_CAN_CLEAR 6 /* set if key can be cleared by root without permission */ - #define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */ -+#define KEY_FLAG_KEEP 12 /* set if key should not be removed */ - - /* the description string - * - this is used to match a key against search criteria ---- a/security/keys/key.c -+++ b/security/keys/key.c -@@ -434,8 +434,12 @@ static int __key_instantiate_and_link(st - awaken = 1; - - /* and link it into the destination keyring */ -- if (keyring) -+ if (keyring) { -+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) -+ set_bit(KEY_FLAG_KEEP, &key->flags); -+ - __key_link(keyring, key, _prealloc); -+ } - - /* disable the authorisation key */ - if (authkey) ---- a/security/keys/keyctl.c -+++ b/security/keys/keyctl.c -@@ -358,11 +358,14 @@ error: - * and any links to the key will be automatically garbage collected after a - * certain amount of time (/proc/sys/kernel/keys/gc_delay). - * -+ * Keys with KEY_FLAG_KEEP set should not be revoked. -+ * - * If successful, 0 is returned. - */ - long keyctl_revoke_key(key_serial_t id) - { - key_ref_t key_ref; -+ struct key *key; - long ret; - - key_ref = lookup_user_key(id, 0, KEY_WRITE); -@@ -377,8 +380,13 @@ long keyctl_revoke_key(key_serial_t id) - } - } - -- key_revoke(key_ref_to_ptr(key_ref)); -- ret = 0; -+ key = key_ref_to_ptr(key_ref); -+ if (test_bit(KEY_FLAG_KEEP, &key->flags)) -+ return -EPERM; -+ else { -+ key_revoke(key); -+ ret = 0; -+ } - - key_ref_put(key_ref); - error: -@@ -392,11 +400,14 @@ error: - * The key and any links to the key will be automatically garbage collected - * immediately. - * -+ * Keys with KEY_FLAG_KEEP set should not be invalidated. -+ * - * If successful, 0 is returned. - */ - long keyctl_invalidate_key(key_serial_t id) - { - key_ref_t key_ref; -+ struct key *key; - long ret; - - kenter("%d", id); -@@ -407,8 +418,13 @@ long keyctl_invalidate_key(key_serial_t - goto error; - } - -- key_invalidate(key_ref_to_ptr(key_ref)); -- ret = 0; -+ key = key_ref_to_ptr(key_ref); -+ if (test_bit(KEY_FLAG_KEEP, &key->flags)) -+ ret = -EPERM; -+ else { -+ key_invalidate(key); -+ ret = 0; -+ } - - key_ref_put(key_ref); - error: -@@ -420,12 +436,13 @@ error: - * Clear the specified keyring, creating an empty process keyring if one of the - * special keyring IDs is used. - * -- * The keyring must grant the caller Write permission for this to work. If -- * successful, 0 will be returned. -+ * The keyring must grant the caller Write permission and not have -+ * KEY_FLAG_KEEP set for this to work. If successful, 0 will be returned. - */ - long keyctl_keyring_clear(key_serial_t ringid) - { - key_ref_t keyring_ref; -+ struct key *keyring; - long ret; - - keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); -@@ -447,7 +464,11 @@ long keyctl_keyring_clear(key_serial_t r - } - - clear: -- ret = keyring_clear(key_ref_to_ptr(keyring_ref)); -+ keyring = key_ref_to_ptr(keyring_ref); -+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) -+ ret = -EPERM; -+ else -+ ret = keyring_clear(keyring); - error_put: - key_ref_put(keyring_ref); - error: -@@ -498,11 +519,14 @@ error: - * itself need not grant the caller anything. If the last link to a key is - * removed then that key will be scheduled for destruction. - * -+ * Keys or keyrings with KEY_FLAG_KEEP set should not be unlinked. -+ * - * If successful, 0 will be returned. - */ - long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) - { - key_ref_t keyring_ref, key_ref; -+ struct key *keyring, *key; - long ret; - - keyring_ref = lookup_user_key(ringid, 0, KEY_WRITE); -@@ -517,7 +541,13 @@ long keyctl_keyring_unlink(key_serial_t - goto error2; - } - -- ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); -+ keyring = key_ref_to_ptr(keyring_ref); -+ key = key_ref_to_ptr(key_ref); -+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags) && -+ test_bit(KEY_FLAG_KEEP, &key->flags)) -+ ret = -EPERM; -+ else -+ ret = key_unlink(keyring, key); - - key_ref_put(key_ref); - error2: -@@ -1306,6 +1336,8 @@ error: - * the current time. The key and any links to the key will be automatically - * garbage collected after the timeout expires. - * -+ * Keys with KEY_FLAG_KEEP set should not be timed out. -+ * - * If successful, 0 is returned. - */ - long keyctl_set_timeout(key_serial_t id, unsigned timeout) -@@ -1337,10 +1369,14 @@ long keyctl_set_timeout(key_serial_t id, - - okay: - key = key_ref_to_ptr(key_ref); -- key_set_timeout(key, timeout); -+ if (test_bit(KEY_FLAG_KEEP, &key->flags)) -+ ret = -EPERM; -+ else { -+ key_set_timeout(key, timeout); -+ ret = 0; -+ } - key_put(key); - -- ret = 0; - error: - return ret; - } diff --git a/queue-3.10/keys-refcount-bug-fix.patch b/queue-3.10/keys-refcount-bug-fix.patch deleted file mode 100644 index 3b7acf9c89a..00000000000 --- a/queue-3.10/keys-refcount-bug-fix.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 Mon Sep 17 00:00:00 2001 -From: Mimi Zohar -Date: Thu, 7 Jan 2016 07:46:36 -0500 -Subject: KEYS: refcount bug fix - -From: Mimi Zohar - -commit 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 upstream. - -This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP -test before setting the flag, and cleans up the if/then brackets style -introduced in commit: -d3600bc KEYS: prevent keys from being removed from specified keyrings - -Reported-by: David Howells -Signed-off-by: Mimi Zohar -Acked-by: David Howells -Signed-off-by: Greg Kroah-Hartman - ---- - security/keys/key.c | 3 +-- - security/keys/keyctl.c | 17 +++++++---------- - 2 files changed, 8 insertions(+), 12 deletions(-) - ---- a/security/keys/key.c -+++ b/security/keys/key.c -@@ -435,8 +435,7 @@ static int __key_instantiate_and_link(st - - /* and link it into the destination keyring */ - if (keyring) { -- if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) -- set_bit(KEY_FLAG_KEEP, &key->flags); -+ set_bit(KEY_FLAG_KEEP, &key->flags); - - __key_link(keyring, key, _prealloc); - } ---- a/security/keys/keyctl.c -+++ b/security/keys/keyctl.c -@@ -381,12 +381,11 @@ long keyctl_revoke_key(key_serial_t id) - } - - key = key_ref_to_ptr(key_ref); -+ ret = 0; - if (test_bit(KEY_FLAG_KEEP, &key->flags)) -- return -EPERM; -- else { -+ ret = -EPERM; -+ else - key_revoke(key); -- ret = 0; -- } - - key_ref_put(key_ref); - error: -@@ -419,12 +418,11 @@ long keyctl_invalidate_key(key_serial_t - } - - key = key_ref_to_ptr(key_ref); -+ ret = 0; - if (test_bit(KEY_FLAG_KEEP, &key->flags)) - ret = -EPERM; -- else { -+ else - key_invalidate(key); -- ret = 0; -- } - - key_ref_put(key_ref); - error: -@@ -1369,12 +1367,11 @@ long keyctl_set_timeout(key_serial_t id, - - okay: - key = key_ref_to_ptr(key_ref); -+ ret = 0; - if (test_bit(KEY_FLAG_KEEP, &key->flags)) - ret = -EPERM; -- else { -+ else - key_set_timeout(key, timeout); -- ret = 0; -- } - key_put(key); - - error: diff --git a/queue-3.10/series b/queue-3.10/series index f8ae52cdae8..9e19532945d 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -32,6 +32,4 @@ af_unix-revert-lock_interruptible-in-stream-receive-code.patch keys-fix-race-between-key-destruction-and-finding-a-keyring-by-name.patch keys-fix-crash-when-attempt-to-garbage-collect-an-uninstantiated-keyring.patch keys-fix-race-between-read-and-revoke.patch -keys-prevent-keys-from-being-removed-from-specified-keyrings.patch -keys-refcount-bug-fix.patch keys-fix-keyring-ref-leak-in-join_session_keyring.patch diff --git a/queue-3.14/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch b/queue-3.14/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch deleted file mode 100644 index cf363e9b6f5..00000000000 --- a/queue-3.14/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch +++ /dev/null @@ -1,205 +0,0 @@ -From d3600bcf9d64d88dc1d189a754dcfab960ce751f Mon Sep 17 00:00:00 2001 -From: Mimi Zohar -Date: Tue, 10 Nov 2015 08:34:46 -0500 -Subject: KEYS: prevent keys from being removed from specified keyrings - -From: Mimi Zohar - -commit d3600bcf9d64d88dc1d189a754dcfab960ce751f upstream. - -Userspace should not be allowed to remove keys from certain keyrings -(eg. blacklist), though the keys themselves can expire. - -This patch defines a new key flag named KEY_FLAG_KEEP to prevent -userspace from being able to unlink, revoke, invalidate or timed -out a key on a keyring. When this flag is set on the keyring, all -keys subsequently added are flagged. - -In addition, when this flag is set, the keyring itself can not be -cleared. - -Signed-off-by: Mimi Zohar -Cc: David Howells -Signed-off-by: Greg Kroah-Hartman - ---- - include/linux/key.h | 1 - security/keys/key.c | 6 ++++- - security/keys/keyctl.c | 56 ++++++++++++++++++++++++++++++++++++++++--------- - 3 files changed, 52 insertions(+), 11 deletions(-) - ---- a/include/linux/key.h -+++ b/include/linux/key.h -@@ -170,6 +170,7 @@ struct key { - #define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */ - #define KEY_FLAG_TRUSTED 8 /* set if key is trusted */ - #define KEY_FLAG_TRUSTED_ONLY 9 /* set if keyring only accepts links to trusted keys */ -+#define KEY_FLAG_KEEP 12 /* set if key should not be removed */ - - /* the key type and key description string - * - the desc is used to match a key against search criteria ---- a/security/keys/key.c -+++ b/security/keys/key.c -@@ -431,8 +431,12 @@ static int __key_instantiate_and_link(st - awaken = 1; - - /* and link it into the destination keyring */ -- if (keyring) -+ if (keyring) { -+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) -+ set_bit(KEY_FLAG_KEEP, &key->flags); -+ - __key_link(key, _edit); -+ } - - /* disable the authorisation key */ - if (authkey) ---- a/security/keys/keyctl.c -+++ b/security/keys/keyctl.c -@@ -358,11 +358,14 @@ error: - * and any links to the key will be automatically garbage collected after a - * certain amount of time (/proc/sys/kernel/keys/gc_delay). - * -+ * Keys with KEY_FLAG_KEEP set should not be revoked. -+ * - * If successful, 0 is returned. - */ - long keyctl_revoke_key(key_serial_t id) - { - key_ref_t key_ref; -+ struct key *key; - long ret; - - key_ref = lookup_user_key(id, 0, KEY_WRITE); -@@ -377,8 +380,13 @@ long keyctl_revoke_key(key_serial_t id) - } - } - -- key_revoke(key_ref_to_ptr(key_ref)); -- ret = 0; -+ key = key_ref_to_ptr(key_ref); -+ if (test_bit(KEY_FLAG_KEEP, &key->flags)) -+ return -EPERM; -+ else { -+ key_revoke(key); -+ ret = 0; -+ } - - key_ref_put(key_ref); - error: -@@ -392,11 +400,14 @@ error: - * The key and any links to the key will be automatically garbage collected - * immediately. - * -+ * Keys with KEY_FLAG_KEEP set should not be invalidated. -+ * - * If successful, 0 is returned. - */ - long keyctl_invalidate_key(key_serial_t id) - { - key_ref_t key_ref; -+ struct key *key; - long ret; - - kenter("%d", id); -@@ -407,8 +418,13 @@ long keyctl_invalidate_key(key_serial_t - goto error; - } - -- key_invalidate(key_ref_to_ptr(key_ref)); -- ret = 0; -+ key = key_ref_to_ptr(key_ref); -+ if (test_bit(KEY_FLAG_KEEP, &key->flags)) -+ ret = -EPERM; -+ else { -+ key_invalidate(key); -+ ret = 0; -+ } - - key_ref_put(key_ref); - error: -@@ -420,12 +436,13 @@ error: - * Clear the specified keyring, creating an empty process keyring if one of the - * special keyring IDs is used. - * -- * The keyring must grant the caller Write permission for this to work. If -- * successful, 0 will be returned. -+ * The keyring must grant the caller Write permission and not have -+ * KEY_FLAG_KEEP set for this to work. If successful, 0 will be returned. - */ - long keyctl_keyring_clear(key_serial_t ringid) - { - key_ref_t keyring_ref; -+ struct key *keyring; - long ret; - - keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); -@@ -447,7 +464,11 @@ long keyctl_keyring_clear(key_serial_t r - } - - clear: -- ret = keyring_clear(key_ref_to_ptr(keyring_ref)); -+ keyring = key_ref_to_ptr(keyring_ref); -+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) -+ ret = -EPERM; -+ else -+ ret = keyring_clear(keyring); - error_put: - key_ref_put(keyring_ref); - error: -@@ -498,11 +519,14 @@ error: - * itself need not grant the caller anything. If the last link to a key is - * removed then that key will be scheduled for destruction. - * -+ * Keys or keyrings with KEY_FLAG_KEEP set should not be unlinked. -+ * - * If successful, 0 will be returned. - */ - long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) - { - key_ref_t keyring_ref, key_ref; -+ struct key *keyring, *key; - long ret; - - keyring_ref = lookup_user_key(ringid, 0, KEY_WRITE); -@@ -517,7 +541,13 @@ long keyctl_keyring_unlink(key_serial_t - goto error2; - } - -- ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); -+ keyring = key_ref_to_ptr(keyring_ref); -+ key = key_ref_to_ptr(key_ref); -+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags) && -+ test_bit(KEY_FLAG_KEEP, &key->flags)) -+ ret = -EPERM; -+ else -+ ret = key_unlink(keyring, key); - - key_ref_put(key_ref); - error2: -@@ -1306,6 +1336,8 @@ error: - * the current time. The key and any links to the key will be automatically - * garbage collected after the timeout expires. - * -+ * Keys with KEY_FLAG_KEEP set should not be timed out. -+ * - * If successful, 0 is returned. - */ - long keyctl_set_timeout(key_serial_t id, unsigned timeout) -@@ -1337,10 +1369,14 @@ long keyctl_set_timeout(key_serial_t id, - - okay: - key = key_ref_to_ptr(key_ref); -- key_set_timeout(key, timeout); -+ if (test_bit(KEY_FLAG_KEEP, &key->flags)) -+ ret = -EPERM; -+ else { -+ key_set_timeout(key, timeout); -+ ret = 0; -+ } - key_put(key); - -- ret = 0; - error: - return ret; - } diff --git a/queue-3.14/keys-refcount-bug-fix.patch b/queue-3.14/keys-refcount-bug-fix.patch deleted file mode 100644 index 3c3cef9e3a1..00000000000 --- a/queue-3.14/keys-refcount-bug-fix.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 Mon Sep 17 00:00:00 2001 -From: Mimi Zohar -Date: Thu, 7 Jan 2016 07:46:36 -0500 -Subject: KEYS: refcount bug fix - -From: Mimi Zohar - -commit 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 upstream. - -This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP -test before setting the flag, and cleans up the if/then brackets style -introduced in commit: -d3600bc KEYS: prevent keys from being removed from specified keyrings - -Reported-by: David Howells -Signed-off-by: Mimi Zohar -Acked-by: David Howells -Signed-off-by: Greg Kroah-Hartman - ---- - security/keys/key.c | 3 +-- - security/keys/keyctl.c | 17 +++++++---------- - 2 files changed, 8 insertions(+), 12 deletions(-) - ---- a/security/keys/key.c -+++ b/security/keys/key.c -@@ -432,8 +432,7 @@ static int __key_instantiate_and_link(st - - /* and link it into the destination keyring */ - if (keyring) { -- if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) -- set_bit(KEY_FLAG_KEEP, &key->flags); -+ set_bit(KEY_FLAG_KEEP, &key->flags); - - __key_link(key, _edit); - } ---- a/security/keys/keyctl.c -+++ b/security/keys/keyctl.c -@@ -381,12 +381,11 @@ long keyctl_revoke_key(key_serial_t id) - } - - key = key_ref_to_ptr(key_ref); -+ ret = 0; - if (test_bit(KEY_FLAG_KEEP, &key->flags)) -- return -EPERM; -- else { -+ ret = -EPERM; -+ else - key_revoke(key); -- ret = 0; -- } - - key_ref_put(key_ref); - error: -@@ -419,12 +418,11 @@ long keyctl_invalidate_key(key_serial_t - } - - key = key_ref_to_ptr(key_ref); -+ ret = 0; - if (test_bit(KEY_FLAG_KEEP, &key->flags)) - ret = -EPERM; -- else { -+ else - key_invalidate(key); -- ret = 0; -- } - - key_ref_put(key_ref); - error: -@@ -1369,12 +1367,11 @@ long keyctl_set_timeout(key_serial_t id, - - okay: - key = key_ref_to_ptr(key_ref); -+ ret = 0; - if (test_bit(KEY_FLAG_KEEP, &key->flags)) - ret = -EPERM; -- else { -+ else - key_set_timeout(key, timeout); -- ret = 0; -- } - key_put(key); - - error: diff --git a/queue-3.14/series b/queue-3.14/series index 9b4f6ba01ef..0e3a7dbb4f9 100644 --- a/queue-3.14/series +++ b/queue-3.14/series @@ -44,6 +44,4 @@ af_unix-revert-lock_interruptible-in-stream-receive-code.patch keys-fix-race-between-key-destruction-and-finding-a-keyring-by-name.patch keys-fix-crash-when-attempt-to-garbage-collect-an-uninstantiated-keyring.patch keys-fix-race-between-read-and-revoke.patch -keys-prevent-keys-from-being-removed-from-specified-keyrings.patch -keys-refcount-bug-fix.patch keys-fix-keyring-ref-leak-in-join_session_keyring.patch diff --git a/queue-4.1/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch b/queue-4.1/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch deleted file mode 100644 index 4a08ceaa1d9..00000000000 --- a/queue-4.1/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch +++ /dev/null @@ -1,205 +0,0 @@ -From d3600bcf9d64d88dc1d189a754dcfab960ce751f Mon Sep 17 00:00:00 2001 -From: Mimi Zohar -Date: Tue, 10 Nov 2015 08:34:46 -0500 -Subject: KEYS: prevent keys from being removed from specified keyrings - -From: Mimi Zohar - -commit d3600bcf9d64d88dc1d189a754dcfab960ce751f upstream. - -Userspace should not be allowed to remove keys from certain keyrings -(eg. blacklist), though the keys themselves can expire. - -This patch defines a new key flag named KEY_FLAG_KEEP to prevent -userspace from being able to unlink, revoke, invalidate or timed -out a key on a keyring. When this flag is set on the keyring, all -keys subsequently added are flagged. - -In addition, when this flag is set, the keyring itself can not be -cleared. - -Signed-off-by: Mimi Zohar -Cc: David Howells -Signed-off-by: Greg Kroah-Hartman - ---- - include/linux/key.h | 1 - security/keys/key.c | 6 ++++- - security/keys/keyctl.c | 56 ++++++++++++++++++++++++++++++++++++++++--------- - 3 files changed, 52 insertions(+), 11 deletions(-) - ---- a/include/linux/key.h -+++ b/include/linux/key.h -@@ -172,6 +172,7 @@ struct key { - #define KEY_FLAG_TRUSTED_ONLY 9 /* set if keyring only accepts links to trusted keys */ - #define KEY_FLAG_BUILTIN 10 /* set if key is builtin */ - #define KEY_FLAG_ROOT_CAN_INVAL 11 /* set if key can be invalidated by root without permission */ -+#define KEY_FLAG_KEEP 12 /* set if key should not be removed */ - - /* the key type and key description string - * - the desc is used to match a key against search criteria ---- a/security/keys/key.c -+++ b/security/keys/key.c -@@ -429,8 +429,12 @@ static int __key_instantiate_and_link(st - awaken = 1; - - /* and link it into the destination keyring */ -- if (keyring) -+ if (keyring) { -+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) -+ set_bit(KEY_FLAG_KEEP, &key->flags); -+ - __key_link(key, _edit); -+ } - - /* disable the authorisation key */ - if (authkey) ---- a/security/keys/keyctl.c -+++ b/security/keys/keyctl.c -@@ -364,11 +364,14 @@ error: - * and any links to the key will be automatically garbage collected after a - * certain amount of time (/proc/sys/kernel/keys/gc_delay). - * -+ * Keys with KEY_FLAG_KEEP set should not be revoked. -+ * - * If successful, 0 is returned. - */ - long keyctl_revoke_key(key_serial_t id) - { - key_ref_t key_ref; -+ struct key *key; - long ret; - - key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE); -@@ -383,8 +386,13 @@ long keyctl_revoke_key(key_serial_t id) - } - } - -- key_revoke(key_ref_to_ptr(key_ref)); -- ret = 0; -+ key = key_ref_to_ptr(key_ref); -+ if (test_bit(KEY_FLAG_KEEP, &key->flags)) -+ return -EPERM; -+ else { -+ key_revoke(key); -+ ret = 0; -+ } - - key_ref_put(key_ref); - error: -@@ -398,11 +406,14 @@ error: - * The key and any links to the key will be automatically garbage collected - * immediately. - * -+ * Keys with KEY_FLAG_KEEP set should not be invalidated. -+ * - * If successful, 0 is returned. - */ - long keyctl_invalidate_key(key_serial_t id) - { - key_ref_t key_ref; -+ struct key *key; - long ret; - - kenter("%d", id); -@@ -426,8 +437,13 @@ long keyctl_invalidate_key(key_serial_t - } - - invalidate: -- key_invalidate(key_ref_to_ptr(key_ref)); -- ret = 0; -+ key = key_ref_to_ptr(key_ref); -+ if (test_bit(KEY_FLAG_KEEP, &key->flags)) -+ ret = -EPERM; -+ else { -+ key_invalidate(key); -+ ret = 0; -+ } - error_put: - key_ref_put(key_ref); - error: -@@ -439,12 +455,13 @@ error: - * Clear the specified keyring, creating an empty process keyring if one of the - * special keyring IDs is used. - * -- * The keyring must grant the caller Write permission for this to work. If -- * successful, 0 will be returned. -+ * The keyring must grant the caller Write permission and not have -+ * KEY_FLAG_KEEP set for this to work. If successful, 0 will be returned. - */ - long keyctl_keyring_clear(key_serial_t ringid) - { - key_ref_t keyring_ref; -+ struct key *keyring; - long ret; - - keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); -@@ -466,7 +483,11 @@ long keyctl_keyring_clear(key_serial_t r - } - - clear: -- ret = keyring_clear(key_ref_to_ptr(keyring_ref)); -+ keyring = key_ref_to_ptr(keyring_ref); -+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) -+ ret = -EPERM; -+ else -+ ret = keyring_clear(keyring); - error_put: - key_ref_put(keyring_ref); - error: -@@ -517,11 +538,14 @@ error: - * itself need not grant the caller anything. If the last link to a key is - * removed then that key will be scheduled for destruction. - * -+ * Keys or keyrings with KEY_FLAG_KEEP set should not be unlinked. -+ * - * If successful, 0 will be returned. - */ - long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) - { - key_ref_t keyring_ref, key_ref; -+ struct key *keyring, *key; - long ret; - - keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_WRITE); -@@ -536,7 +560,13 @@ long keyctl_keyring_unlink(key_serial_t - goto error2; - } - -- ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); -+ keyring = key_ref_to_ptr(keyring_ref); -+ key = key_ref_to_ptr(key_ref); -+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags) && -+ test_bit(KEY_FLAG_KEEP, &key->flags)) -+ ret = -EPERM; -+ else -+ ret = key_unlink(keyring, key); - - key_ref_put(key_ref); - error2: -@@ -1295,6 +1325,8 @@ error: - * the current time. The key and any links to the key will be automatically - * garbage collected after the timeout expires. - * -+ * Keys with KEY_FLAG_KEEP set should not be timed out. -+ * - * If successful, 0 is returned. - */ - long keyctl_set_timeout(key_serial_t id, unsigned timeout) -@@ -1326,10 +1358,14 @@ long keyctl_set_timeout(key_serial_t id, - - okay: - key = key_ref_to_ptr(key_ref); -- key_set_timeout(key, timeout); -+ if (test_bit(KEY_FLAG_KEEP, &key->flags)) -+ ret = -EPERM; -+ else { -+ key_set_timeout(key, timeout); -+ ret = 0; -+ } - key_put(key); - -- ret = 0; - error: - return ret; - } diff --git a/queue-4.1/keys-refcount-bug-fix.patch b/queue-4.1/keys-refcount-bug-fix.patch deleted file mode 100644 index c5ed3f3aac4..00000000000 --- a/queue-4.1/keys-refcount-bug-fix.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 Mon Sep 17 00:00:00 2001 -From: Mimi Zohar -Date: Thu, 7 Jan 2016 07:46:36 -0500 -Subject: KEYS: refcount bug fix - -From: Mimi Zohar - -commit 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 upstream. - -This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP -test before setting the flag, and cleans up the if/then brackets style -introduced in commit: -d3600bc KEYS: prevent keys from being removed from specified keyrings - -Reported-by: David Howells -Signed-off-by: Mimi Zohar -Acked-by: David Howells -Signed-off-by: Greg Kroah-Hartman - ---- - security/keys/key.c | 3 +-- - security/keys/keyctl.c | 17 +++++++---------- - 2 files changed, 8 insertions(+), 12 deletions(-) - ---- a/security/keys/key.c -+++ b/security/keys/key.c -@@ -430,8 +430,7 @@ static int __key_instantiate_and_link(st - - /* and link it into the destination keyring */ - if (keyring) { -- if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) -- set_bit(KEY_FLAG_KEEP, &key->flags); -+ set_bit(KEY_FLAG_KEEP, &key->flags); - - __key_link(key, _edit); - } ---- a/security/keys/keyctl.c -+++ b/security/keys/keyctl.c -@@ -387,12 +387,11 @@ long keyctl_revoke_key(key_serial_t id) - } - - key = key_ref_to_ptr(key_ref); -+ ret = 0; - if (test_bit(KEY_FLAG_KEEP, &key->flags)) -- return -EPERM; -- else { -+ ret = -EPERM; -+ else - key_revoke(key); -- ret = 0; -- } - - key_ref_put(key_ref); - error: -@@ -438,12 +437,11 @@ long keyctl_invalidate_key(key_serial_t - - invalidate: - key = key_ref_to_ptr(key_ref); -+ ret = 0; - if (test_bit(KEY_FLAG_KEEP, &key->flags)) - ret = -EPERM; -- else { -+ else - key_invalidate(key); -- ret = 0; -- } - error_put: - key_ref_put(key_ref); - error: -@@ -1358,12 +1356,11 @@ long keyctl_set_timeout(key_serial_t id, - - okay: - key = key_ref_to_ptr(key_ref); -+ ret = 0; - if (test_bit(KEY_FLAG_KEEP, &key->flags)) - ret = -EPERM; -- else { -+ else - key_set_timeout(key, timeout); -- ret = 0; -- } - key_put(key); - - error: diff --git a/queue-4.1/series b/queue-4.1/series index 37cf5d57fd2..11731a3ff57 100644 --- a/queue-4.1/series +++ b/queue-4.1/series @@ -40,6 +40,4 @@ rhashtable-fix-walker-list-corruption.patch keys-fix-race-between-key-destruction-and-finding-a-keyring-by-name.patch keys-fix-crash-when-attempt-to-garbage-collect-an-uninstantiated-keyring.patch keys-fix-race-between-read-and-revoke.patch -keys-prevent-keys-from-being-removed-from-specified-keyrings.patch -keys-refcount-bug-fix.patch keys-fix-keyring-ref-leak-in-join_session_keyring.patch diff --git a/queue-4.3/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch b/queue-4.3/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch deleted file mode 100644 index 4a08ceaa1d9..00000000000 --- a/queue-4.3/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch +++ /dev/null @@ -1,205 +0,0 @@ -From d3600bcf9d64d88dc1d189a754dcfab960ce751f Mon Sep 17 00:00:00 2001 -From: Mimi Zohar -Date: Tue, 10 Nov 2015 08:34:46 -0500 -Subject: KEYS: prevent keys from being removed from specified keyrings - -From: Mimi Zohar - -commit d3600bcf9d64d88dc1d189a754dcfab960ce751f upstream. - -Userspace should not be allowed to remove keys from certain keyrings -(eg. blacklist), though the keys themselves can expire. - -This patch defines a new key flag named KEY_FLAG_KEEP to prevent -userspace from being able to unlink, revoke, invalidate or timed -out a key on a keyring. When this flag is set on the keyring, all -keys subsequently added are flagged. - -In addition, when this flag is set, the keyring itself can not be -cleared. - -Signed-off-by: Mimi Zohar -Cc: David Howells -Signed-off-by: Greg Kroah-Hartman - ---- - include/linux/key.h | 1 - security/keys/key.c | 6 ++++- - security/keys/keyctl.c | 56 ++++++++++++++++++++++++++++++++++++++++--------- - 3 files changed, 52 insertions(+), 11 deletions(-) - ---- a/include/linux/key.h -+++ b/include/linux/key.h -@@ -172,6 +172,7 @@ struct key { - #define KEY_FLAG_TRUSTED_ONLY 9 /* set if keyring only accepts links to trusted keys */ - #define KEY_FLAG_BUILTIN 10 /* set if key is builtin */ - #define KEY_FLAG_ROOT_CAN_INVAL 11 /* set if key can be invalidated by root without permission */ -+#define KEY_FLAG_KEEP 12 /* set if key should not be removed */ - - /* the key type and key description string - * - the desc is used to match a key against search criteria ---- a/security/keys/key.c -+++ b/security/keys/key.c -@@ -429,8 +429,12 @@ static int __key_instantiate_and_link(st - awaken = 1; - - /* and link it into the destination keyring */ -- if (keyring) -+ if (keyring) { -+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) -+ set_bit(KEY_FLAG_KEEP, &key->flags); -+ - __key_link(key, _edit); -+ } - - /* disable the authorisation key */ - if (authkey) ---- a/security/keys/keyctl.c -+++ b/security/keys/keyctl.c -@@ -364,11 +364,14 @@ error: - * and any links to the key will be automatically garbage collected after a - * certain amount of time (/proc/sys/kernel/keys/gc_delay). - * -+ * Keys with KEY_FLAG_KEEP set should not be revoked. -+ * - * If successful, 0 is returned. - */ - long keyctl_revoke_key(key_serial_t id) - { - key_ref_t key_ref; -+ struct key *key; - long ret; - - key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE); -@@ -383,8 +386,13 @@ long keyctl_revoke_key(key_serial_t id) - } - } - -- key_revoke(key_ref_to_ptr(key_ref)); -- ret = 0; -+ key = key_ref_to_ptr(key_ref); -+ if (test_bit(KEY_FLAG_KEEP, &key->flags)) -+ return -EPERM; -+ else { -+ key_revoke(key); -+ ret = 0; -+ } - - key_ref_put(key_ref); - error: -@@ -398,11 +406,14 @@ error: - * The key and any links to the key will be automatically garbage collected - * immediately. - * -+ * Keys with KEY_FLAG_KEEP set should not be invalidated. -+ * - * If successful, 0 is returned. - */ - long keyctl_invalidate_key(key_serial_t id) - { - key_ref_t key_ref; -+ struct key *key; - long ret; - - kenter("%d", id); -@@ -426,8 +437,13 @@ long keyctl_invalidate_key(key_serial_t - } - - invalidate: -- key_invalidate(key_ref_to_ptr(key_ref)); -- ret = 0; -+ key = key_ref_to_ptr(key_ref); -+ if (test_bit(KEY_FLAG_KEEP, &key->flags)) -+ ret = -EPERM; -+ else { -+ key_invalidate(key); -+ ret = 0; -+ } - error_put: - key_ref_put(key_ref); - error: -@@ -439,12 +455,13 @@ error: - * Clear the specified keyring, creating an empty process keyring if one of the - * special keyring IDs is used. - * -- * The keyring must grant the caller Write permission for this to work. If -- * successful, 0 will be returned. -+ * The keyring must grant the caller Write permission and not have -+ * KEY_FLAG_KEEP set for this to work. If successful, 0 will be returned. - */ - long keyctl_keyring_clear(key_serial_t ringid) - { - key_ref_t keyring_ref; -+ struct key *keyring; - long ret; - - keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); -@@ -466,7 +483,11 @@ long keyctl_keyring_clear(key_serial_t r - } - - clear: -- ret = keyring_clear(key_ref_to_ptr(keyring_ref)); -+ keyring = key_ref_to_ptr(keyring_ref); -+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) -+ ret = -EPERM; -+ else -+ ret = keyring_clear(keyring); - error_put: - key_ref_put(keyring_ref); - error: -@@ -517,11 +538,14 @@ error: - * itself need not grant the caller anything. If the last link to a key is - * removed then that key will be scheduled for destruction. - * -+ * Keys or keyrings with KEY_FLAG_KEEP set should not be unlinked. -+ * - * If successful, 0 will be returned. - */ - long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) - { - key_ref_t keyring_ref, key_ref; -+ struct key *keyring, *key; - long ret; - - keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_WRITE); -@@ -536,7 +560,13 @@ long keyctl_keyring_unlink(key_serial_t - goto error2; - } - -- ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); -+ keyring = key_ref_to_ptr(keyring_ref); -+ key = key_ref_to_ptr(key_ref); -+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags) && -+ test_bit(KEY_FLAG_KEEP, &key->flags)) -+ ret = -EPERM; -+ else -+ ret = key_unlink(keyring, key); - - key_ref_put(key_ref); - error2: -@@ -1295,6 +1325,8 @@ error: - * the current time. The key and any links to the key will be automatically - * garbage collected after the timeout expires. - * -+ * Keys with KEY_FLAG_KEEP set should not be timed out. -+ * - * If successful, 0 is returned. - */ - long keyctl_set_timeout(key_serial_t id, unsigned timeout) -@@ -1326,10 +1358,14 @@ long keyctl_set_timeout(key_serial_t id, - - okay: - key = key_ref_to_ptr(key_ref); -- key_set_timeout(key, timeout); -+ if (test_bit(KEY_FLAG_KEEP, &key->flags)) -+ ret = -EPERM; -+ else { -+ key_set_timeout(key, timeout); -+ ret = 0; -+ } - key_put(key); - -- ret = 0; - error: - return ret; - } diff --git a/queue-4.3/keys-refcount-bug-fix.patch b/queue-4.3/keys-refcount-bug-fix.patch deleted file mode 100644 index c5ed3f3aac4..00000000000 --- a/queue-4.3/keys-refcount-bug-fix.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 Mon Sep 17 00:00:00 2001 -From: Mimi Zohar -Date: Thu, 7 Jan 2016 07:46:36 -0500 -Subject: KEYS: refcount bug fix - -From: Mimi Zohar - -commit 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 upstream. - -This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP -test before setting the flag, and cleans up the if/then brackets style -introduced in commit: -d3600bc KEYS: prevent keys from being removed from specified keyrings - -Reported-by: David Howells -Signed-off-by: Mimi Zohar -Acked-by: David Howells -Signed-off-by: Greg Kroah-Hartman - ---- - security/keys/key.c | 3 +-- - security/keys/keyctl.c | 17 +++++++---------- - 2 files changed, 8 insertions(+), 12 deletions(-) - ---- a/security/keys/key.c -+++ b/security/keys/key.c -@@ -430,8 +430,7 @@ static int __key_instantiate_and_link(st - - /* and link it into the destination keyring */ - if (keyring) { -- if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) -- set_bit(KEY_FLAG_KEEP, &key->flags); -+ set_bit(KEY_FLAG_KEEP, &key->flags); - - __key_link(key, _edit); - } ---- a/security/keys/keyctl.c -+++ b/security/keys/keyctl.c -@@ -387,12 +387,11 @@ long keyctl_revoke_key(key_serial_t id) - } - - key = key_ref_to_ptr(key_ref); -+ ret = 0; - if (test_bit(KEY_FLAG_KEEP, &key->flags)) -- return -EPERM; -- else { -+ ret = -EPERM; -+ else - key_revoke(key); -- ret = 0; -- } - - key_ref_put(key_ref); - error: -@@ -438,12 +437,11 @@ long keyctl_invalidate_key(key_serial_t - - invalidate: - key = key_ref_to_ptr(key_ref); -+ ret = 0; - if (test_bit(KEY_FLAG_KEEP, &key->flags)) - ret = -EPERM; -- else { -+ else - key_invalidate(key); -- ret = 0; -- } - error_put: - key_ref_put(key_ref); - error: -@@ -1358,12 +1356,11 @@ long keyctl_set_timeout(key_serial_t id, - - okay: - key = key_ref_to_ptr(key_ref); -+ ret = 0; - if (test_bit(KEY_FLAG_KEEP, &key->flags)) - ret = -EPERM; -- else { -+ else - key_set_timeout(key, timeout); -- ret = 0; -- } - key_put(key); - - error: diff --git a/queue-4.3/series b/queue-4.3/series index 234b2a9e6db..f3e65f3e40c 100644 --- a/queue-4.3/series +++ b/queue-4.3/series @@ -52,6 +52,4 @@ af_unix-revert-lock_interruptible-in-stream-receive-code.patch tcp-restore-fastopen-with-no-data-in-syn-packet.patch rhashtable-fix-walker-list-corruption.patch keys-fix-race-between-read-and-revoke.patch -keys-prevent-keys-from-being-removed-from-specified-keyrings.patch -keys-refcount-bug-fix.patch keys-fix-keyring-ref-leak-in-join_session_keyring.patch diff --git a/queue-4.4/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch b/queue-4.4/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch deleted file mode 100644 index ee976c67ecf..00000000000 --- a/queue-4.4/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch +++ /dev/null @@ -1,205 +0,0 @@ -From d3600bcf9d64d88dc1d189a754dcfab960ce751f Mon Sep 17 00:00:00 2001 -From: Mimi Zohar -Date: Tue, 10 Nov 2015 08:34:46 -0500 -Subject: KEYS: prevent keys from being removed from specified keyrings - -From: Mimi Zohar - -commit d3600bcf9d64d88dc1d189a754dcfab960ce751f upstream. - -Userspace should not be allowed to remove keys from certain keyrings -(eg. blacklist), though the keys themselves can expire. - -This patch defines a new key flag named KEY_FLAG_KEEP to prevent -userspace from being able to unlink, revoke, invalidate or timed -out a key on a keyring. When this flag is set on the keyring, all -keys subsequently added are flagged. - -In addition, when this flag is set, the keyring itself can not be -cleared. - -Signed-off-by: Mimi Zohar -Cc: David Howells -Signed-off-by: Greg Kroah-Hartman - ---- - include/linux/key.h | 1 - security/keys/key.c | 6 ++++- - security/keys/keyctl.c | 56 ++++++++++++++++++++++++++++++++++++++++--------- - 3 files changed, 52 insertions(+), 11 deletions(-) - ---- a/include/linux/key.h -+++ b/include/linux/key.h -@@ -177,6 +177,7 @@ struct key { - #define KEY_FLAG_TRUSTED_ONLY 9 /* set if keyring only accepts links to trusted keys */ - #define KEY_FLAG_BUILTIN 10 /* set if key is builtin */ - #define KEY_FLAG_ROOT_CAN_INVAL 11 /* set if key can be invalidated by root without permission */ -+#define KEY_FLAG_KEEP 12 /* set if key should not be removed */ - - /* the key type and key description string - * - the desc is used to match a key against search criteria ---- a/security/keys/key.c -+++ b/security/keys/key.c -@@ -429,8 +429,12 @@ static int __key_instantiate_and_link(st - awaken = 1; - - /* and link it into the destination keyring */ -- if (keyring) -+ if (keyring) { -+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) -+ set_bit(KEY_FLAG_KEEP, &key->flags); -+ - __key_link(key, _edit); -+ } - - /* disable the authorisation key */ - if (authkey) ---- a/security/keys/keyctl.c -+++ b/security/keys/keyctl.c -@@ -358,11 +358,14 @@ error: - * and any links to the key will be automatically garbage collected after a - * certain amount of time (/proc/sys/kernel/keys/gc_delay). - * -+ * Keys with KEY_FLAG_KEEP set should not be revoked. -+ * - * If successful, 0 is returned. - */ - long keyctl_revoke_key(key_serial_t id) - { - key_ref_t key_ref; -+ struct key *key; - long ret; - - key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE); -@@ -377,8 +380,13 @@ long keyctl_revoke_key(key_serial_t id) - } - } - -- key_revoke(key_ref_to_ptr(key_ref)); -- ret = 0; -+ key = key_ref_to_ptr(key_ref); -+ if (test_bit(KEY_FLAG_KEEP, &key->flags)) -+ return -EPERM; -+ else { -+ key_revoke(key); -+ ret = 0; -+ } - - key_ref_put(key_ref); - error: -@@ -392,11 +400,14 @@ error: - * The key and any links to the key will be automatically garbage collected - * immediately. - * -+ * Keys with KEY_FLAG_KEEP set should not be invalidated. -+ * - * If successful, 0 is returned. - */ - long keyctl_invalidate_key(key_serial_t id) - { - key_ref_t key_ref; -+ struct key *key; - long ret; - - kenter("%d", id); -@@ -420,8 +431,13 @@ long keyctl_invalidate_key(key_serial_t - } - - invalidate: -- key_invalidate(key_ref_to_ptr(key_ref)); -- ret = 0; -+ key = key_ref_to_ptr(key_ref); -+ if (test_bit(KEY_FLAG_KEEP, &key->flags)) -+ ret = -EPERM; -+ else { -+ key_invalidate(key); -+ ret = 0; -+ } - error_put: - key_ref_put(key_ref); - error: -@@ -433,12 +449,13 @@ error: - * Clear the specified keyring, creating an empty process keyring if one of the - * special keyring IDs is used. - * -- * The keyring must grant the caller Write permission for this to work. If -- * successful, 0 will be returned. -+ * The keyring must grant the caller Write permission and not have -+ * KEY_FLAG_KEEP set for this to work. If successful, 0 will be returned. - */ - long keyctl_keyring_clear(key_serial_t ringid) - { - key_ref_t keyring_ref; -+ struct key *keyring; - long ret; - - keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); -@@ -460,7 +477,11 @@ long keyctl_keyring_clear(key_serial_t r - } - - clear: -- ret = keyring_clear(key_ref_to_ptr(keyring_ref)); -+ keyring = key_ref_to_ptr(keyring_ref); -+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) -+ ret = -EPERM; -+ else -+ ret = keyring_clear(keyring); - error_put: - key_ref_put(keyring_ref); - error: -@@ -511,11 +532,14 @@ error: - * itself need not grant the caller anything. If the last link to a key is - * removed then that key will be scheduled for destruction. - * -+ * Keys or keyrings with KEY_FLAG_KEEP set should not be unlinked. -+ * - * If successful, 0 will be returned. - */ - long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) - { - key_ref_t keyring_ref, key_ref; -+ struct key *keyring, *key; - long ret; - - keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_WRITE); -@@ -530,7 +554,13 @@ long keyctl_keyring_unlink(key_serial_t - goto error2; - } - -- ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); -+ keyring = key_ref_to_ptr(keyring_ref); -+ key = key_ref_to_ptr(key_ref); -+ if (test_bit(KEY_FLAG_KEEP, &keyring->flags) && -+ test_bit(KEY_FLAG_KEEP, &key->flags)) -+ ret = -EPERM; -+ else -+ ret = key_unlink(keyring, key); - - key_ref_put(key_ref); - error2: -@@ -1289,6 +1319,8 @@ error: - * the current time. The key and any links to the key will be automatically - * garbage collected after the timeout expires. - * -+ * Keys with KEY_FLAG_KEEP set should not be timed out. -+ * - * If successful, 0 is returned. - */ - long keyctl_set_timeout(key_serial_t id, unsigned timeout) -@@ -1320,10 +1352,14 @@ long keyctl_set_timeout(key_serial_t id, - - okay: - key = key_ref_to_ptr(key_ref); -- key_set_timeout(key, timeout); -+ if (test_bit(KEY_FLAG_KEEP, &key->flags)) -+ ret = -EPERM; -+ else { -+ key_set_timeout(key, timeout); -+ ret = 0; -+ } - key_put(key); - -- ret = 0; - error: - return ret; - } diff --git a/queue-4.4/keys-refcount-bug-fix.patch b/queue-4.4/keys-refcount-bug-fix.patch deleted file mode 100644 index c43a567b23d..00000000000 --- a/queue-4.4/keys-refcount-bug-fix.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 Mon Sep 17 00:00:00 2001 -From: Mimi Zohar -Date: Thu, 7 Jan 2016 07:46:36 -0500 -Subject: KEYS: refcount bug fix - -From: Mimi Zohar - -commit 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 upstream. - -This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP -test before setting the flag, and cleans up the if/then brackets style -introduced in commit: -d3600bc KEYS: prevent keys from being removed from specified keyrings - -Reported-by: David Howells -Signed-off-by: Mimi Zohar -Acked-by: David Howells -Signed-off-by: Greg Kroah-Hartman - ---- - security/keys/key.c | 3 +-- - security/keys/keyctl.c | 17 +++++++---------- - 2 files changed, 8 insertions(+), 12 deletions(-) - ---- a/security/keys/key.c -+++ b/security/keys/key.c -@@ -430,8 +430,7 @@ static int __key_instantiate_and_link(st - - /* and link it into the destination keyring */ - if (keyring) { -- if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) -- set_bit(KEY_FLAG_KEEP, &key->flags); -+ set_bit(KEY_FLAG_KEEP, &key->flags); - - __key_link(key, _edit); - } ---- a/security/keys/keyctl.c -+++ b/security/keys/keyctl.c -@@ -381,12 +381,11 @@ long keyctl_revoke_key(key_serial_t id) - } - - key = key_ref_to_ptr(key_ref); -+ ret = 0; - if (test_bit(KEY_FLAG_KEEP, &key->flags)) -- return -EPERM; -- else { -+ ret = -EPERM; -+ else - key_revoke(key); -- ret = 0; -- } - - key_ref_put(key_ref); - error: -@@ -432,12 +431,11 @@ long keyctl_invalidate_key(key_serial_t - - invalidate: - key = key_ref_to_ptr(key_ref); -+ ret = 0; - if (test_bit(KEY_FLAG_KEEP, &key->flags)) - ret = -EPERM; -- else { -+ else - key_invalidate(key); -- ret = 0; -- } - error_put: - key_ref_put(key_ref); - error: -@@ -1352,12 +1350,11 @@ long keyctl_set_timeout(key_serial_t id, - - okay: - key = key_ref_to_ptr(key_ref); -+ ret = 0; - if (test_bit(KEY_FLAG_KEEP, &key->flags)) - ret = -EPERM; -- else { -+ else - key_set_timeout(key, timeout); -- ret = 0; -- } - key_put(key); - - error: diff --git a/queue-4.4/series b/queue-4.4/series index de562d94717..3e0e6c73663 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -1,3 +1 @@ -keys-prevent-keys-from-being-removed-from-specified-keyrings.patch -keys-refcount-bug-fix.patch keys-fix-keyring-ref-leak-in-join_session_keyring.patch -- 2.47.3