From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:52550 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934737AbcATQ7M (ORCPT ); Wed, 20 Jan 2016 11:59:12 -0500 Subject: Patch "KEYS: refcount bug fix" has been added to the 3.14-stable tree To: zohar@linux.vnet.ibm.com, dhowells@redhat.com, gregkh@linuxfoundation.org Cc: , From: Date: Wed, 20 Jan 2016 08:59:11 -0800 Message-ID: <145330915166208@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled KEYS: refcount bug fix to the 3.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: keys-refcount-bug-fix.patch and it can be found in the queue-3.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 Mon Sep 17 00:00:00 2001 From: Mimi Zohar Date: Thu, 7 Jan 2016 07:46:36 -0500 Subject: KEYS: refcount bug fix From: Mimi Zohar commit 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 upstream. This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP test before setting the flag, and cleans up the if/then brackets style introduced in commit: d3600bc KEYS: prevent keys from being removed from specified keyrings Reported-by: David Howells Signed-off-by: Mimi Zohar Acked-by: David Howells Signed-off-by: Greg Kroah-Hartman --- security/keys/key.c | 3 +-- security/keys/keyctl.c | 17 +++++++---------- 2 files changed, 8 insertions(+), 12 deletions(-) --- a/security/keys/key.c +++ b/security/keys/key.c @@ -432,8 +432,7 @@ static int __key_instantiate_and_link(st /* and link it into the destination keyring */ if (keyring) { - if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) - set_bit(KEY_FLAG_KEEP, &key->flags); + set_bit(KEY_FLAG_KEEP, &key->flags); __key_link(key, _edit); } --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -381,12 +381,11 @@ long keyctl_revoke_key(key_serial_t id) } key = key_ref_to_ptr(key_ref); + ret = 0; if (test_bit(KEY_FLAG_KEEP, &key->flags)) - return -EPERM; - else { + ret = -EPERM; + else key_revoke(key); - ret = 0; - } key_ref_put(key_ref); error: @@ -419,12 +418,11 @@ long keyctl_invalidate_key(key_serial_t } key = key_ref_to_ptr(key_ref); + ret = 0; if (test_bit(KEY_FLAG_KEEP, &key->flags)) ret = -EPERM; - else { + else key_invalidate(key); - ret = 0; - } key_ref_put(key_ref); error: @@ -1369,12 +1367,11 @@ long keyctl_set_timeout(key_serial_t id, okay: key = key_ref_to_ptr(key_ref); + ret = 0; if (test_bit(KEY_FLAG_KEEP, &key->flags)) ret = -EPERM; - else { + else key_set_timeout(key, timeout); - ret = 0; - } key_put(key); error: Patches currently in stable-queue which might be from zohar@linux.vnet.ibm.com are queue-3.14/keys-refcount-bug-fix.patch queue-3.14/keys-prevent-keys-from-being-removed-from-specified-keyrings.patch