redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/security/keys
History
David Howells 822ad64d7e keys: Fix dependency loop between construction record and auth key 
In the request_key() upcall mechanism there's a dependency loop by which if
a key type driver overrides the ->request_key hook and the userspace side
manages to lose the authorisation key, the auth key and the internal
construction record (struct key_construction) can keep each other pinned.

Fix this by the following changes:

 (1) Killing off the construction record and using the auth key instead.

 (2) Including the operation name in the auth key payload and making the
     payload available outside of security/keys/.

 (3) The ->request_key hook is given the authkey instead of the cons
     record and operation name.

Changes (2) and (3) allow the auth key to naturally be cleaned up if the
keyring it is in is destroyed or cleared or the auth key is unlinked.

Fixes: 7ee02a316600 ("keys: Fix dependency loop between construction record and auth key")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
 		2019-02-15 14:12:09 -08:00
..
encrypted-keys libnvdimm for 4.21 2018-12-28 15:05:13 -08:00
Kconfig security/keys: BIG_KEY requires CONFIG_CRYPTO 2017-10-18 09:12:40 +01:00
Makefile KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2] 2018-10-26 09:30:46 +01:00
big_key.c big key: get rid of stack array allocation 2018-05-11 13:07:45 -07:00
compat.c KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2] 2018-10-26 09:30:46 +01:00
compat_dh.c KEYS: DH: validate __spare field 2017-07-14 11:01:38 +10:00
dh.c Revert "uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name" 2018-09-25 13:28:58 +02:00
gc.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00
internal.h keys: Fix dependency loop between construction record and auth key 2019-02-15 14:12:09 -08:00
key.c KEYS: allow reaching the keys quotas exactly 2019-02-15 14:12:08 -08:00
keyctl.c keys: Fix dependency loop between construction record and auth key 2019-02-15 14:12:09 -08:00
keyctl_pkey.c KEYS: fix parsing invalid pkey info string 2019-01-01 13:13:19 -08:00
keyring.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00
permission.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00
persistent.c sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h> 2017-03-02 08:42:31 +01:00
proc.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00
process_keys.c keys: Fix dependency loop between construction record and auth key 2019-02-15 14:12:09 -08:00
request_key.c keys: Fix dependency loop between construction record and auth key 2019-02-15 14:12:09 -08:00
request_key_auth.c keys: Fix dependency loop between construction record and auth key 2019-02-15 14:12:09 -08:00
sysctl.c security: Convert use of typedef ctl_table to struct ctl_table 2014-04-15 13:39:58 +10:00
trusted.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-12-27 13:53:32 -08:00
user_defined.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00