redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/security
History
Yang Xu 4b67e5afc2 KEYS: reaching the keys quotas correctly 
commit 2e356101e7 upstream.

Currently, when we add a new user key, the calltrace as below:

add_key()
  key_create_or_update()
    key_alloc()
    __key_instantiate_and_link
      generic_key_instantiate
        key_payload_reserve
          ......

Since commit a08bf91ce2 ("KEYS: allow reaching the keys quotas exactly"),
we can reach max bytes/keys in key_alloc, but we forget to remove this
limit when we reserver space for payload in key_payload_reserve. So we
can only reach max keys but not max bytes when having delta between plen
and type->def_datalen. Remove this limit when instantiating the key, so we
can keep consistent with key_alloc.

Also, fix the similar problem in keyctl_chown_key().

Fixes: 0b77f5bfb4 ("keys: make the keyring quotas controllable through /proc/sys")
Fixes: a08bf91ce2 ("KEYS: allow reaching the keys quotas exactly")
Cc: stable@vger.kernel.org # 5.0.x
Cc: Eric Biggers <ebiggers@google.com>
Signed-off-by: Yang Xu <xuyang2018.jy@cn.fujitsu.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-04-17 10:50:11 +02:00
..
apparmor apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock 2020-01-09 10:20:00 +01:00
integrity efi: Only print errors about failing to get certs if EFI vars are found 2020-03-12 13:00:14 +01:00
keys KEYS: reaching the keys quotas correctly 2020-04-17 10:50:11 +02:00
loadpin proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
lockdown efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN 2019-10-31 09:40:21 +01:00
safesetid LSM: SafeSetID: Stop releasing uninitialized ruleset 2019-09-17 11:27:05 -07:00
selinux selinux: ensure we cleanup the internal AVC counters on error in avc_update() 2020-02-24 08:36:39 +01:00
smack broken ping to ipv6 linklocal addresses on debian buster 2020-02-11 04:35:43 -08:00
tomoyo tomoyo: Use atomic_t for statistics counter 2020-02-05 21:22:41 +00:00
yama proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
Kconfig Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
Kconfig.hardening meminit fix 2019-07-28 12:33:15 -07:00
Makefile security: Add a static lockdown policy LSM 2019-08-19 21:54:15 -07:00
commoncap.c Merge branch 'next-lsm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-07-09 12:24:21 -07:00
device_cgroup.c docs: cgroup-v1: add it to the admin-guide book 2019-07-15 11:03:02 -03:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
lsm_audit.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00