Patch "KEYS: refcount bug fix" has been added to the 3.14-stable tree

[<gregkh@linuxfoundation.org>]

This is a note to let you know that I've just added the patch titled

    KEYS: refcount bug fix

to the 3.14-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     keys-refcount-bug-fix.patch
and it can be found in the queue-3.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 Mon Sep 17 00:00:00 2001
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
Date: Thu, 7 Jan 2016 07:46:36 -0500
Subject: KEYS: refcount bug fix

From: Mimi Zohar <zohar@linux.vnet.ibm.com>

commit 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 upstream.

This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP
test before setting the flag, and cleans up the if/then brackets style
introduced in commit:
d3600bc KEYS: prevent keys from being removed from specified keyrings

Reported-by: David Howells <dhowells@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 security/keys/key.c    |    3 +--
 security/keys/keyctl.c |   17 +++++++----------
 2 files changed, 8 insertions(+), 12 deletions(-)

--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -432,8 +432,7 @@ static int __key_instantiate_and_link(st
 
 			/* and link it into the destination keyring */
 			if (keyring) {
-				if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-					set_bit(KEY_FLAG_KEEP, &key->flags);
+				set_bit(KEY_FLAG_KEEP, &key->flags);
 
 				__key_link(key, _edit);
 			}
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -381,12 +381,11 @@ long keyctl_revoke_key(key_serial_t id)
 	}
 
 	key = key_ref_to_ptr(key_ref);
+	ret = 0;
 	if (test_bit(KEY_FLAG_KEEP, &key->flags))
-		return -EPERM;
-	else {
+		ret = -EPERM;
+	else
 		key_revoke(key);
-		ret = 0;
-	}
 
 	key_ref_put(key_ref);
 error:
@@ -419,12 +418,11 @@ long keyctl_invalidate_key(key_serial_t
 	}
 
 	key = key_ref_to_ptr(key_ref);
+	ret = 0;
 	if (test_bit(KEY_FLAG_KEEP, &key->flags))
 		ret = -EPERM;
-	else {
+	else
 		key_invalidate(key);
-		ret = 0;
-	}
 
 	key_ref_put(key_ref);
 error:
@@ -1369,12 +1367,11 @@ long keyctl_set_timeout(key_serial_t id,
 
 okay:
 	key = key_ref_to_ptr(key_ref);
+	ret = 0;
 	if (test_bit(KEY_FLAG_KEEP, &key->flags))
 		ret = -EPERM;
-	else {
+	else
 		key_set_timeout(key, timeout);
-		ret = 0;
-	}
 	key_put(key);
 
 error:


Patches currently in stable-queue which might be from zohar@linux.vnet.ibm.com are

queue-3.14/keys-refcount-bug-fix.patch
queue-3.14/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch