From: David Howells <dhowells@redhat.com>
To: chuck.lever@oracle.com
Cc: neilb@suse.de, linux-nfs@vger.kernel.org, keyrings@linux-nfs.org
Subject: [Keyrings] [PATCH 2/3] KEYS: When searching a keyring, restore KEYRING_SEARCH_DO_STATE_CHECK
Date: Fri, 14 Nov 2014 14:06:29 +0000 [thread overview]
Message-ID: <20141114140629.2927.82977.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <20141030174612.10093.61557.stgit@manet.1015granger.net>
When searching a keyring or iterating over all the contents of a keyring, we
set KEYRING_SEARCH_DO_STATE_CHECK before checking the root keyring so that the
iterator function will ensure that we have permission to search that keyring.
However, we should restore the value of the flag afterwards as it will
otherwise affect all other keys checked by the iterator.
Signed-off-by: David Howells <dhowells@redhat.com>
---
security/keys/keyring.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 8177010174f7..f44b3a8d605a 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -636,6 +636,7 @@ static bool search_nested_keyrings(struct key *keyring,
*/
if (ctx->match_data.lookup_type == KEYRING_SEARCH_LOOKUP_ITERATE ||
keyring_compare_object(keyring, &ctx->index_key)) {
+ unsigned long saved_flags = ctx->flags;
ctx->skipped_ret = 2;
ctx->flags |= KEYRING_SEARCH_DO_STATE_CHECK;
switch (ctx->iterator(keyring_key_to_ptr(keyring), ctx)) {
@@ -644,6 +645,7 @@ static bool search_nested_keyrings(struct key *keyring,
case 2:
return false;
default:
+ ctx->flags = saved_flags;
break;
}
}
_______________________________________________
Keyrings mailing list
Keyrings@linux-nfs.org
To change your subscription to this list, please see http://linux-nfs.org/cgi-bin/mailman/listinfo/keyrings
next prev parent reply other threads:[~2014-11-14 14:06 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-30 17:46 [PATCH] KEYS: Ensure expired keys are renewed Chuck Lever
2014-11-13 0:15 ` NeilBrown
2014-11-13 15:09 ` Chuck Lever
2014-11-13 15:29 ` Benjamin Coddington
2014-11-14 12:20 ` David Howells
2014-11-14 15:06 ` Chuck Lever
2014-11-14 14:06 ` [Keyrings] [PATCH 1/3] KEYS: request_key_and_link() needs to request state checks when searching David Howells
2014-11-14 14:06 ` David Howells [this message]
2014-11-14 14:06 ` [Keyrings] [PATCH 3/3] KEYS: KEYRING_SEARCH_NO_STATE_CHECK overrides KEYRING_SEARCH_DO_STATE_CHECK David Howells
2014-11-14 14:49 ` Are both DO_STATE_CHECK and NO_STATE_CHECK required? David Howells
2014-11-14 15:13 ` [Keyrings] " Chuck Lever
2014-11-14 15:18 ` [Keyrings] [PATCH] KEYS: search_nested_keyrings() should honour NO_STATE_CHECK for the root David Howells
2014-11-14 15:19 ` David Howells
2014-11-14 15:39 ` [Keyrings] [PATCH] KEYS: Simplify KEYRING_SEARCH_{NO, DO}_STATE_CHECK flags David Howells
2014-11-17 15:08 ` David Howells
2014-11-17 15:48 ` Chuck Lever
2014-11-18 15:49 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141114140629.2927.82977.stgit@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=chuck.lever@oracle.com \
--cc=keyrings@linux-nfs.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox