From: David Howells <dhowells@redhat.com>
To: jmorris@namei.org
Cc: David Howells <dhowells@redhat.com>,
Eric Biggers <ebiggers@google.com>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
Michael Halcrow <mhalcrow@google.com>,
keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [GIT PULL] KEYS: Fixes and crypto fixes
Date: Wed, 27 Sep 2017 22:19:24 +0100 [thread overview]
Message-ID: <28036.1506547164@warthog.procyon.org.uk> (raw)
Hi James,
Can you pull these and pass them on to Linus. There are two sets of
patches here:
(1) A bunch of core keyrings bug fixes from Eric Biggers.
(2) Fixing big_key to use safe crypto from Jason A. Donenfeld.
There are more patches to come from Eric, but I haven't reviewed at them
yet, so I haven't included them here. Thanks to Eric for reviewing the
keyrings code.
David
---
The following changes since commit ebb2c2437d8008d46796902ff390653822af6cc4:
Merge tag 'mmc-v4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc (2017-09-18 08:44:51 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-fixes-20170927
for you to fetch changes up to 428490e38b2e352812e0b765d8bceafab0ec441d:
security/keys: rewrite all of big_key crypto (2017-09-25 23:31:58 +0100)
----------------------------------------------------------------
Keyrings fixes
----------------------------------------------------------------
Eric Biggers (10):
KEYS: fix cred refcount leak in request_key_auth_new()
KEYS: don't revoke uninstantiated key in request_key_auth_new()
KEYS: fix key refcount leak in keyctl_assume_authority()
KEYS: fix key refcount leak in keyctl_read_key()
KEYS: fix writing past end of user-supplied buffer in keyring_read()
KEYS: prevent creating a different user's keyrings
KEYS: prevent KEYCTL_READ on negative key
KEYS: reset parent each time before searching key_user_tree
KEYS: restrict /proc/keys by credentials at open time
KEYS: use kmemdup() in request_key_auth_new()
Jason A. Donenfeld (2):
security/keys: properly zero out sensitive key material in big_key
security/keys: rewrite all of big_key crypto
include/linux/key.h | 2 +
security/keys/Kconfig | 4 +-
security/keys/big_key.c | 139 ++++++++++++++++++---------------------
security/keys/internal.h | 2 +-
security/keys/key.c | 6 +-
security/keys/keyctl.c | 13 ++--
security/keys/keyring.c | 37 ++++++-----
security/keys/proc.c | 8 +--
security/keys/process_keys.c | 6 +-
security/keys/request_key_auth.c | 74 ++++++++++-----------
10 files changed, 139 insertions(+), 152 deletions(-)
next reply other threads:[~2017-09-27 21:19 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-27 21:19 David Howells [this message]
2017-09-27 23:14 ` [GIT PULL] KEYS: Fixes and crypto fixes James Morris
2017-09-28 0:15 ` Eric Biggers
2017-09-28 2:08 ` James Morris
2017-09-28 10:34 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=28036.1506547164@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=Jason@zx2c4.com \
--cc=ebiggers@google.com \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mhalcrow@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox