From: Ira Weiny <ira.weiny@intel.com>
To: Dan Williams <dan.j.williams@intel.com>
Cc: linux-nvdimm@lists.01.org, David Howells <dhowells@redhat.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] libnvdimm/security: Fix key lookup permissions
Date: Tue, 23 Jun 2020 22:15:29 -0700 [thread overview]
Message-ID: <20200624051529.GC2617015@iweiny-DESK2.sc.intel.com> (raw)
In-Reply-To: <159297332630.1304143.237026690015653759.stgit@dwillia2-desk3.amr.corp.intel.com>
On Tue, Jun 23, 2020 at 09:35:26PM -0700, Dan Williams wrote:
> As of commit 8c0637e950d6 ("keys: Make the KEY_NEED_* perms an enum rather
> than a mask") lookup_user_key() needs an explicit declaration of what it
> wants to do with the key. Add KEY_NEED_SEARCH to fix a warning with the
> below signature, and fixes the inability to retrieve a key.
>
> WARNING: CPU: 15 PID: 6276 at security/keys/permission.c:35 key_task_permission+0xd3/0x140
> [..]
> RIP: 0010:key_task_permission+0xd3/0x140
> [..]
> Call Trace:
> lookup_user_key+0xeb/0x6b0
> ? vsscanf+0x3df/0x840
> ? key_validate+0x50/0x50
> ? key_default_cmp+0x20/0x20
> nvdimm_get_user_key_payload.part.0+0x21/0x110 [libnvdimm]
> nvdimm_security_store+0x67d/0xb20 [libnvdimm]
> security_store+0x67/0x1a0 [libnvdimm]
> kernfs_fop_write+0xcf/0x1c0
> vfs_write+0xde/0x1d0
> ksys_write+0x68/0xe0
> do_syscall_64+0x5c/0xa0
> entry_SYSCALL_64_after_hwframe+0x49/0xb3
>
> Cc: Dan Williams <dan.j.williams@intel.com>
> Cc: Vishal Verma <vishal.l.verma@intel.com>
> Cc: Dave Jiang <dave.jiang@intel.com>
> Cc: Ira Weiny <ira.weiny@intel.com>
Reviewed-by: Ira Weiny <ira.weiny@intel.com>
> Suggested-by: David Howells <dhowells@redhat.com>
> Fixes: 8c0637e950d6 ("keys: Make the KEY_NEED_* perms an enum rather than a mask")
> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> ---
> drivers/nvdimm/security.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c
> index 89b85970912d..4cef69bd3c1b 100644
> --- a/drivers/nvdimm/security.c
> +++ b/drivers/nvdimm/security.c
> @@ -95,7 +95,7 @@ static struct key *nvdimm_lookup_user_key(struct nvdimm *nvdimm,
> struct encrypted_key_payload *epayload;
> struct device *dev = &nvdimm->dev;
>
> - keyref = lookup_user_key(id, 0, 0);
> + keyref = lookup_user_key(id, 0, KEY_NEED_SEARCH);
> if (IS_ERR(keyref))
> return NULL;
>
>
_______________________________________________
Linux-nvdimm mailing list -- linux-nvdimm@lists.01.org
To unsubscribe send an email to linux-nvdimm-leave@lists.01.org
next prev parent reply other threads:[~2020-06-24 5:15 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-24 4:35 [PATCH] libnvdimm/security: Fix key lookup permissions Dan Williams
2020-06-24 5:15 ` Ira Weiny [this message]
2020-07-07 18:43 ` Dave Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200624051529.GC2617015@iweiny-DESK2.sc.intel.com \
--to=ira.weiny@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dhowells@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvdimm@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox