public inbox for netdev@vger.kernel.org
 help / color / mirror / Atom feed
From: David Howells <dhowells@redhat.com>
To: netdev@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>,
	Marc Dionne <marc.dionne@auristor.com>,
	Jakub Kicinski <kuba@kernel.org>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Paolo Abeni <pabeni@redhat.com>,
	linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org,
	Jeffrey Altman <jaltman@auristor.com>,
	Simon Horman <horms@kernel.org>,
	stable@kernel.org
Subject: [PATCH net v4 01/15] rxrpc: Fix key quota calculation for multitoken keys
Date: Wed,  1 Apr 2026 11:55:54 +0100	[thread overview]
Message-ID: <20260401105614.1696001-2-dhowells@redhat.com> (raw)
In-Reply-To: <20260401105614.1696001-1-dhowells@redhat.com>

In the rxrpc key preparsing, every token extracted sets the proposed quota
value, but for multitoken keys, this will overwrite the previous proposed
quota, losing it.

Fix this by adding to the proposed quota instead.

Fixes: 8a7a3eb4ddbe ("KEYS: RxRPC: Use key preparsing")
Closes: https://sashiko.dev/#/patchset/20260319150150.4189381-1-dhowells%40redhat.com
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: Jeffrey Altman <jaltman@auristor.com>
cc: Eric Dumazet <edumazet@google.com>
cc: "David S. Miller" <davem@davemloft.net>
cc: Jakub Kicinski <kuba@kernel.org>
cc: Paolo Abeni <pabeni@redhat.com>
cc: Simon Horman <horms@kernel.org>
cc: linux-afs@lists.infradead.org
cc: netdev@vger.kernel.org
cc: stable@kernel.org
---
 net/rxrpc/key.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/rxrpc/key.c b/net/rxrpc/key.c
index 85078114b2dd..af403f0ccab5 100644
--- a/net/rxrpc/key.c
+++ b/net/rxrpc/key.c
@@ -72,7 +72,7 @@ static int rxrpc_preparse_xdr_rxkad(struct key_preparsed_payload *prep,
 		return -EKEYREJECTED;
 
 	plen = sizeof(*token) + sizeof(*token->kad) + tktlen;
-	prep->quotalen = datalen + plen;
+	prep->quotalen += datalen + plen;
 
 	plen -= sizeof(*token);
 	token = kzalloc_obj(*token);
@@ -199,7 +199,7 @@ static int rxrpc_preparse_xdr_yfs_rxgk(struct key_preparsed_payload *prep,
 	}
 
 	plen = sizeof(*token) + sizeof(*token->rxgk) + tktlen + keylen;
-	prep->quotalen = datalen + plen;
+	prep->quotalen += datalen + plen;
 
 	plen -= sizeof(*token);
 	token = kzalloc_obj(*token);
@@ -460,6 +460,7 @@ static int rxrpc_preparse(struct key_preparsed_payload *prep)
 	memcpy(&kver, prep->data, sizeof(kver));
 	prep->data += sizeof(kver);
 	prep->datalen -= sizeof(kver);
+	prep->quotalen = 0;
 
 	_debug("KEY I/F VERSION: %u", kver);
 
@@ -497,7 +498,7 @@ static int rxrpc_preparse(struct key_preparsed_payload *prep)
 		goto error;
 
 	plen = sizeof(*token->kad) + v1->ticket_length;
-	prep->quotalen = plen + sizeof(*token);
+	prep->quotalen += plen + sizeof(*token);
 
 	ret = -ENOMEM;
 	token = kzalloc_obj(*token);


  reply	other threads:[~2026-04-01 10:56 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-01 10:55 [PATCH net v4 00/15] rxrpc: Miscellaneous fixes David Howells
2026-04-01 10:55 ` David Howells [this message]
2026-04-01 10:55 ` [PATCH net v4 02/15] rxrpc: Fix key parsing memleak David Howells
2026-04-01 10:55 ` [PATCH net v4 03/15] rxrpc: Fix anonymous key handling David Howells
2026-04-01 10:55 ` [PATCH net v4 04/15] rxrpc: Fix call removal to use RCU safe deletion David Howells
2026-04-01 12:42   ` David Howells
2026-04-01 10:55 ` [PATCH net v4 05/15] rxrpc: Fix RxGK token loading to check bounds David Howells
2026-04-01 10:55 ` [PATCH net v4 06/15] rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial David Howells
2026-04-01 10:56 ` [PATCH net v4 07/15] rxrpc: Fix rack timer warning to report unexpected mode David Howells
2026-04-01 10:56 ` [PATCH net v4 08/15] rxrpc: Fix keyring reference count leak in rxrpc_setsockopt() David Howells
2026-04-01 10:56 ` [PATCH net v4 09/15] rxrpc: Fix key reference count leak from call->key David Howells
2026-04-01 10:56 ` [PATCH net v4 10/15] rxrpc: Fix to request an ack if window is limited David Howells
2026-04-01 10:56 ` [PATCH net v4 11/15] rxrpc: Only put the call ref if one was acquired David Howells
2026-04-01 10:56 ` [PATCH net v4 12/15] rxrpc: reject undecryptable rxkad response tickets David Howells
2026-04-01 10:56 ` [PATCH net v4 13/15] rxrpc: fix RESPONSE authenticator parser OOB read David Howells
2026-04-01 10:56 ` [PATCH net v4 14/15] rxrpc: fix oversized RESPONSE authenticator length check David Howells
2026-04-01 10:56 ` [PATCH net v4 15/15] rxrpc: fix reference count leak in rxrpc_server_keyring() David Howells
2026-04-01 16:14   ` Anderson Nascimento
2026-04-01 19:32     ` David Howells
2026-04-02  2:22       ` Jakub Kicinski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260401105614.1696001-2-dhowells@redhat.com \
    --to=dhowells@redhat.com \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=horms@kernel.org \
    --cc=jaltman@auristor.com \
    --cc=kuba@kernel.org \
    --cc=linux-afs@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=marc.dionne@auristor.com \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=stable@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox