The patch titled
keys: sort out key quota system
has been added to the -mm tree. Its filename is
keys-sort-out-key-quota-system.patch
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: keys: sort out key quota system
From: David Howells <dhowells@xxxxxxxxxx>
Add the ability for key creation to overrun the user's quota in some
circumstances - notably when a session keyring is created and assigned to a
process that didn't previously have one.
This means it's still possible to log in, should PAM require the creation of a
new session keyring, and fix an overburdened key quota.
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
include/linux/key.h | 13 ++++++++--
include/linux/security.h | 11 +++++---
security/dummy.c | 3 +-
security/keys/internal.h | 3 +-
security/keys/key.c | 26 +++++++++++---------
security/keys/keyctl.c | 5 ++--
security/keys/keyring.c | 4 +--
security/keys/process_keys.c | 24 +++++++++++++------
security/keys/request_key.c | 36 ++++++++++++++++-------------
security/keys/request_key_auth.c | 2 -
security/selinux/hooks.c | 9 ++++---
11 files changed, 85 insertions(+), 51 deletions(-)
diff -puN include/linux/key.h~keys-sort-out-key-quota-system include/linux/key.h
--- 25/include/linux/key.h~keys-sort-out-key-quota-system Tue Jun 20 17:00:20 2006
+++ 25-akpm/include/linux/key.h Tue Jun 20 17:00:20 2006
@@ -248,7 +248,14 @@ extern struct key *key_alloc(struct key_
const char *desc,
uid_t uid, gid_t gid,
struct task_struct *ctx,
- key_perm_t perm, int not_in_quota);
+ key_perm_t perm,
+ unsigned long flags);
+
+
+#define KEY_ALLOC_IN_QUOTA 0x0000 /* add to quota, reject if would overrun */
+#define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */
+#define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */
+
extern int key_payload_reserve(struct key *key, size_t datalen);
extern int key_instantiate_and_link(struct key *key,
const void *data,
@@ -285,7 +292,7 @@ extern key_ref_t key_create_or_update(ke
const char *description,
const void *payload,
size_t plen,
- int not_in_quota);
+ unsigned long flags);
extern int key_update(key_ref_t key,
const void *payload,
@@ -299,7 +306,7 @@ extern int key_unlink(struct key *keyrin
extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
struct task_struct *ctx,
- int not_in_quota,
+ unsigned long flags,
struct key *dest);
extern int keyring_clear(struct key *keyring);
diff -puN include/linux/security.h~keys-sort-out-key-quota-system include/linux/security.h
--- 25/include/linux/security.h~keys-sort-out-key-quota-system Tue Jun 20 17:00:20 2006
+++ 25-akpm/include/linux/security.h Tue Jun 20 17:00:20 2006
@@ -858,6 +858,7 @@ struct swap_info_struct;
* Permit allocation of a key and assign security data. Note that key does
* not have a serial number assigned at this point.
* @key points to the key.
+ * @flags is the allocation flags
* Return 0 if permission is granted, -ve error otherwise.
* @key_free:
* Notification of destruction; free security data.
@@ -1319,7 +1320,7 @@ struct security_operations {
/* key management security hooks */
#ifdef CONFIG_KEYS
- int (*key_alloc)(struct key *key, struct task_struct *tsk);
+ int (*key_alloc)(struct key *key, struct task_struct *tsk, unsigned long flags);
void (*key_free)(struct key *key);
int (*key_permission)(key_ref_t key_ref,
struct task_struct *context,
@@ -3025,9 +3026,10 @@ static inline int security_xfrm_policy_l
#ifdef CONFIG_KEYS
#ifdef CONFIG_SECURITY
static inline int security_key_alloc(struct key *key,
- struct task_struct *tsk)
+ struct task_struct *tsk,
+ unsigned long flags)
{
- return security_ops->key_alloc(key, tsk);
+ return security_ops->key_alloc(key, tsk, flags);
}
static inline void security_key_free(struct key *key)
@@ -3045,7 +3047,8 @@ static inline int security_key_permissio
#else
static inline int security_key_alloc(struct key *key,
- struct task_struct *tsk)
+ struct task_struct *tsk,
+ unsigned long flags)
{
return 0;
}
diff -puN security/dummy.c~keys-sort-out-key-quota-system security/dummy.c
--- 25/security/dummy.c~keys-sort-out-key-quota-system Tue Jun 20 17:00:20 2006
+++ 25-akpm/security/dummy.c Tue Jun 20 17:00:20 2006
@@ -865,7 +865,8 @@ static int dummy_setprocattr(struct task
}
#ifdef CONFIG_KEYS
-static inline int dummy_key_alloc(struct key *key, struct task_struct *ctx)
+static inline int dummy_key_alloc(struct key *key, struct task_struct *ctx,
+ unsigned long flags)
{
return 0;
}
diff -puN security/keys/internal.h~keys-sort-out-key-quota-system security/keys/internal.h
--- 25/security/keys/internal.h~keys-sort-out-key-quota-system Tue Jun 20 17:00:20 2006
+++ 25-akpm/security/keys/internal.h Tue Jun 20 17:00:20 2006
@@ -99,7 +99,8 @@ extern int install_process_keyring(struc
extern struct key *request_key_and_link(struct key_type *type,
const char *description,
const char *callout_info,
- struct key *dest_keyring);
+ struct key *dest_keyring,
+ unsigned long flags);
/*
* request_key authorisation
diff -puN security/keys/key.c~keys-sort-out-key-quota-system security/keys/key.c
--- 25/security/keys/key.c~keys-sort-out-key-quota-system Tue Jun 20 17:00:20 2006
+++ 25-akpm/security/keys/key.c Tue Jun 20 17:00:20 2006
@@ -249,7 +249,7 @@ static inline void key_alloc_serial(stru
*/
struct key *key_alloc(struct key_type *type, const char *desc,
uid_t uid, gid_t gid, struct task_struct *ctx,
- key_perm_t perm, int not_in_quota)
+ key_perm_t perm, unsigned long flags)
{
struct key_user *user = NULL;
struct key *key;
@@ -270,12 +270,14 @@ struct key *key_alloc(struct key_type *t
/* check that the user's quota permits allocation of another key and
* its description */
- if (!not_in_quota) {
+ if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
spin_lock(&user->lock);
- if (user->qnkeys + 1 >= KEYQUOTA_MAX_KEYS ||
- user->qnbytes + quotalen >= KEYQUOTA_MAX_BYTES
- )
- goto no_quota;
+ if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) {
+ if (user->qnkeys + 1 >= KEYQUOTA_MAX_KEYS ||
+ user->qnbytes + quotalen >= KEYQUOTA_MAX_BYTES
+ )
+ goto no_quota;
+ }
user->qnkeys++;
user->qnbytes += quotalen;
@@ -309,7 +311,7 @@ struct key *key_alloc(struct key_type *t
key->payload.data = NULL;
key->security = NULL;
- if (!not_in_quota)
+ if (!(flags & KEY_ALLOC_NOT_IN_QUOTA))
key->flags |= 1 << KEY_FLAG_IN_QUOTA;
memset(&key->type_data, 0, sizeof(key->type_data));
@@ -319,7 +321,7 @@ struct key *key_alloc(struct key_type *t
#endif
/* let the security module know about the key */
- ret = security_key_alloc(key, ctx);
+ ret = security_key_alloc(key, ctx, flags);
if (ret < 0)
goto security_error;
@@ -333,7 +335,7 @@ error:
security_error:
kfree(key->description);
kmem_cache_free(key_jar, key);
- if (!not_in_quota) {
+ if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
spin_lock(&user->lock);
user->qnkeys--;
user->qnbytes -= quotalen;
@@ -346,7 +348,7 @@ security_error:
no_memory_3:
kmem_cache_free(key_jar, key);
no_memory_2:
- if (!not_in_quota) {
+ if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
spin_lock(&user->lock);
user->qnkeys--;
user->qnbytes -= quotalen;
@@ -762,7 +764,7 @@ key_ref_t key_create_or_update(key_ref_t
const char *description,
const void *payload,
size_t plen,
- int not_in_quota)
+ unsigned long flags)
{
struct key_type *ktype;
struct key *keyring, *key = NULL;
@@ -823,7 +825,7 @@ key_ref_t key_create_or_update(key_ref_t
/* allocate a new key */
key = key_alloc(ktype, description, current->fsuid, current->fsgid,
- current, perm, not_in_quota);
+ current, perm, flags);
if (IS_ERR(key)) {
key_ref = ERR_PTR(PTR_ERR(key));
goto error_3;
diff -puN security/keys/keyctl.c~keys-sort-out-key-quota-system security/keys/keyctl.c
--- 25/security/keys/keyctl.c~keys-sort-out-key-quota-system Tue Jun 20 17:00:20 2006
+++ 25-akpm/security/keys/keyctl.c Tue Jun 20 17:00:20 2006
@@ -102,7 +102,7 @@ asmlinkage long sys_add_key(const char _
/* create or update the requested key and add it to the target
* keyring */
key_ref = key_create_or_update(keyring_ref, type, description,
- payload, plen, 0);
+ payload, plen, KEY_ALLOC_IN_QUOTA);
if (!IS_ERR(key_ref)) {
ret = key_ref_to_ptr(key_ref)->serial;
key_ref_put(key_ref);
@@ -184,7 +184,8 @@ asmlinkage long sys_request_key(const ch
/* do the search */
key = request_key_and_link(ktype, description, callout_info,
- key_ref_to_ptr(dest_ref));
+ key_ref_to_ptr(dest_ref),
+ KEY_ALLOC_IN_QUOTA);
if (IS_ERR(key)) {
ret = PTR_ERR(key);
goto error5;
diff -puN security/keys/keyring.c~keys-sort-out-key-quota-system security/keys/keyring.c
--- 25/security/keys/keyring.c~keys-sort-out-key-quota-system Tue Jun 20 17:00:20 2006
+++ 25-akpm/security/keys/keyring.c Tue Jun 20 17:00:20 2006
@@ -240,7 +240,7 @@ static long keyring_read(const struct ke
* allocate a keyring and link into the destination keyring
*/
struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
- struct task_struct *ctx, int not_in_quota,
+ struct task_struct *ctx, unsigned long flags,
struct key *dest)
{
struct key *keyring;
@@ -249,7 +249,7 @@ struct key *keyring_alloc(const char *de
keyring = key_alloc(&key_type_keyring, description,
uid, gid, ctx,
(KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL,
- not_in_quota);
+ flags);
if (!IS_ERR(keyring)) {
ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);
diff -puN security/keys/process_keys.c~keys-sort-out-key-quota-system security/keys/process_keys.c
--- 25/security/keys/process_keys.c~keys-sort-out-key-quota-system Tue Jun 20 17:00:20 2006
+++ 25-akpm/security/keys/process_keys.c Tue Jun 20 17:00:20 2006
@@ -77,7 +77,8 @@ int alloc_uid_keyring(struct user_struct
/* concoct a default session keyring */
sprintf(buf, "_uid_ses.%u", user->uid);
- session_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, ctx, 0, NULL);
+ session_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, ctx,
+ KEY_ALLOC_IN_QUOTA, NULL);
if (IS_ERR(session_keyring)) {
ret = PTR_ERR(session_keyring);
goto error;
@@ -87,8 +88,8 @@ int alloc_uid_keyring(struct user_struct
* keyring */
sprintf(buf, "_uid.%u", user->uid);
- uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, ctx, 0,
- session_keyring);
+ uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, ctx,
+ KEY_ALLOC_IN_QUOTA, session_keyring);
if (IS_ERR(uid_keyring)) {
key_put(session_keyring);
ret = PTR_ERR(uid_keyring);
@@ -144,7 +145,8 @@ int install_thread_keyring(struct task_s
sprintf(buf, "_tid.%u", tsk->pid);
- keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk, 1, NULL);
+ keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk,
+ KEY_ALLOC_QUOTA_OVERRUN, NULL);
if (IS_ERR(keyring)) {
ret = PTR_ERR(keyring);
goto error;
@@ -178,7 +180,8 @@ int install_process_keyring(struct task_
if (!tsk->signal->process_keyring) {
sprintf(buf, "_pid.%u", tsk->tgid);
- keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk, 1, NULL);
+ keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk,
+ KEY_ALLOC_QUOTA_OVERRUN, NULL);
if (IS_ERR(keyring)) {
ret = PTR_ERR(keyring);
goto error;
@@ -209,6 +212,7 @@ error:
static int install_session_keyring(struct task_struct *tsk,
struct key *keyring)
{
+ unsigned long flags;
struct key *old;
char buf[20];
@@ -218,7 +222,12 @@ static int install_session_keyring(struc
if (!keyring) {
sprintf(buf, "_ses.%u", tsk->tgid);
- keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk, 1, NULL);
+ flags = KEY_ALLOC_QUOTA_OVERRUN;
+ if (tsk->signal->session_keyring)
+ flags = KEY_ALLOC_IN_QUOTA;
+
+ keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk,
+ flags, NULL);
if (IS_ERR(keyring))
return PTR_ERR(keyring);
}
@@ -728,7 +737,8 @@ long join_session_keyring(const char *na
keyring = find_keyring_by_name(name, 0);
if (PTR_ERR(keyring) == -ENOKEY) {
/* not found - try and create a new one */
- keyring = keyring_alloc(name, tsk->uid, tsk->gid, tsk, 0, NULL);
+ keyring = keyring_alloc(name, tsk->uid, tsk->gid, tsk,
+ KEY_ALLOC_IN_QUOTA, NULL);
if (IS_ERR(keyring)) {
ret = PTR_ERR(keyring);
goto error2;
diff -puN security/keys/request_key_auth.c~keys-sort-out-key-quota-system security/keys/request_key_auth.c
--- 25/security/keys/request_key_auth.c~keys-sort-out-key-quota-system Tue Jun 20 17:00:20 2006
+++ 25-akpm/security/keys/request_key_auth.c Tue Jun 20 17:00:20 2006
@@ -187,7 +187,7 @@ struct key *request_key_auth_new(struct
authkey = key_alloc(&key_type_request_key_auth, desc,
current->fsuid, current->fsgid, current,
KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH |
- KEY_USR_VIEW, 1);
+ KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA);
if (IS_ERR(authkey)) {
ret = PTR_ERR(authkey);
goto error_alloc;
diff -puN security/keys/request_key.c~keys-sort-out-key-quota-system security/keys/request_key.c
--- 25/security/keys/request_key.c~keys-sort-out-key-quota-system Tue Jun 20 17:00:20 2006
+++ 25-akpm/security/keys/request_key.c Tue Jun 20 17:00:20 2006
@@ -48,8 +48,8 @@ static int call_sbin_request_key(struct
/* allocate a new session keyring */
sprintf(desc, "_req.%u", key->serial);
- keyring = keyring_alloc(desc, current->fsuid, current->fsgid,
- current, 1, NULL);
+ keyring = keyring_alloc(desc, current->fsuid, current->fsgid, current,
+ KEY_ALLOC_QUOTA_OVERRUN, NULL);
if (IS_ERR(keyring)) {
ret = PTR_ERR(keyring);
goto error_alloc;
@@ -126,7 +126,8 @@ error_alloc:
*/
static struct key *__request_key_construction(struct key_type *type,
const char *description,
- const char *callout_info)
+ const char *callout_info,
+ unsigned long flags)
{
request_key_actor_t actor;
struct key_construction cons;
@@ -134,12 +135,12 @@ static struct key *__request_key_constru
struct key *key, *authkey;
int ret, negated;
- kenter("%s,%s,%s", type->name, description, callout_info);
+ kenter("%s,%s,%s,%lx", type->name, description, callout_info, flags);
/* create a key and add it to the queue */
key = key_alloc(type, description,
- current->fsuid, current->fsgid,
- current, KEY_POS_ALL, 0);
+ current->fsuid, current->fsgid, current, KEY_POS_ALL,
+ flags);
if (IS_ERR(key))
goto alloc_failed;
@@ -258,15 +259,16 @@ alloc_failed:
static struct key *request_key_construction(struct key_type *type,
const char *description,
struct key_user *user,
- const char *callout_info)
+ const char *callout_info,
+ unsigned long flags)
{
struct key_construction *pcons;
struct key *key, *ckey;
DECLARE_WAITQUEUE(myself, current);
- kenter("%s,%s,{%d},%s",
- type->name, description, user->uid, callout_info);
+ kenter("%s,%s,{%d},%s,%lx",
+ type->name, description, user->uid, callout_info, flags);
/* see if there's such a key under construction already */
down_write(&key_construction_sem);
@@ -282,7 +284,8 @@ static struct key *request_key_construct
}
/* see about getting userspace to construct the key */
- key = __request_key_construction(type, description, callout_info);
+ key = __request_key_construction(type, description, callout_info,
+ flags);
error:
kleave(" = %p", key);
return key;
@@ -389,14 +392,15 @@ static void request_key_link(struct key
struct key *request_key_and_link(struct key_type *type,
const char *description,
const char *callout_info,
- struct key *dest_keyring)
+ struct key *dest_keyring,
+ unsigned long flags)
{
struct key_user *user;
struct key *key;
key_ref_t key_ref;
- kenter("%s,%s,%s,%p",
- type->name, description, callout_info, dest_keyring);
+ kenter("%s,%s,%s,%p,%lx",
+ type->name, description, callout_info, dest_keyring, flags);
/* search all the process keyrings for a key */
key_ref = search_process_keyrings(type, description, type->match,
@@ -429,7 +433,8 @@ struct key *request_key_and_link(struct
/* ask userspace (returns NULL if it waited on a key
* being constructed) */
key = request_key_construction(type, description,
- user, callout_info);
+ user, callout_info,
+ flags);
if (key)
break;
@@ -485,7 +490,8 @@ struct key *request_key(struct key_type
const char *description,
const char *callout_info)
{
- return request_key_and_link(type, description, callout_info, NULL);
+ return request_key_and_link(type, description, callout_info, NULL,
+ KEY_ALLOC_IN_QUOTA);
} /* end request_key() */
diff -puN security/selinux/hooks.c~keys-sort-out-key-quota-system security/selinux/hooks.c
--- 25/security/selinux/hooks.c~keys-sort-out-key-quota-system Tue Jun 20 17:00:20 2006
+++ 25-akpm/security/selinux/hooks.c Tue Jun 20 17:00:20 2006
@@ -4259,7 +4259,8 @@ static int selinux_setprocattr(struct ta
#ifdef CONFIG_KEYS
-static int selinux_key_alloc(struct key *k, struct task_struct *tsk)
+static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
+ unsigned long flags)
{
struct task_security_struct *tsec = tsk->security;
struct key_security_struct *ksec;
@@ -4507,8 +4508,10 @@ static __init int selinux_init(void)
#ifdef CONFIG_KEYS
/* Add security information to initial keyrings */
- security_key_alloc(&root_user_keyring, current);
- security_key_alloc(&root_session_keyring, current);
+ security_key_alloc(&root_user_keyring, current,
+ KEY_ALLOC_NOT_IN_QUOTA);
+ security_key_alloc(&root_session_keyring, current,
+ KEY_ALLOC_NOT_IN_QUOTA);
#endif
return 0;
_
Patches currently in -mm which might be from dhowells@xxxxxxxxxx are
selinux-add-hooks-for-key-subsystem.patch
keys-fix-race-between-two-instantiators-of-a-key.patch
git-nfs.patch
add-page_mkwrite-vm_operations-method.patch
add-page_mkwrite-vm_operations-method-fix.patch
frv-__user-infrastructure.patch
frv-basic-__iomem-annotations.patch
frv-signal-annotations.patch
frv-sysctl-__user-annotations.patch
frv-binfmt_elf_fdpic-__user-annotations.patch
frv-misc-__user-annotations.patch
frv-misc-sparse-annotations.patch
frv-wrong-syscall.patch
ext2-xip-wont-build-without-mmu.patch
frv-initrd-is-grossly-broken-on-frv-never-built.patch
frv-null-noise-removal-in-frv-xchg.patch
frv-ieee1394-is-borken-on-frv.patch
frv-add-missing-qualifier-to-memcpy_fromio-prototype.patch
frv-trivial-cleanups-in-frv_ksymsc.patch
frv-clean-frv-unistdh.patch
fix-incorrect-sa_onstack-behaviour-for-64-bit-processes.patch
prepare-for-__copy_from_user_inatomic-to-not-zero-missed-bytes.patch
another-couple-of-alterations-to-the-memory-barrier-doc.patch
net-rxrpc-use-list_move.patch
fs-use-list_move.patch
keys-sort-out-key-quota-system.patch
keys-discard-the-contents-of-a-key-on-revocation.patch
keys-let-keyctl_chown-change-a-keys-owner.patch
keys-allocate-key-serial-numbers-randomly.patch
keys-restrict-contents-of-proc-keys-to-viewable-keys.patch
keys-add-a-way-to-store-the-appropriate-context-for-newly-created-keys.patch
mutex-subsystem-synchro-test-module.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
