55 lines
1.8 KiB
Diff
55 lines
1.8 KiB
Diff
commit bcf945d36fa0598f41ac4ad46a9dc43135460263
|
|
tree 7a2aa188442bf863f20055a001baf85143d7a5b9
|
|
parent 6fb0caa42308923d9e4ed7b36ec077b97c107e24
|
|
author David Howells <dhowells@redhat.com> 1123186026 -0700
|
|
committer Linus Torvalds <torvalds@g5.osdl.org> 1123186274 -0700
|
|
|
|
[PATCH] Error during attempt to join key management session can leave semaphore pinned
|
|
|
|
The attached patch prevents an error during the key session joining operation
|
|
from hanging future joins in the D state [CAN-2005-2098].
|
|
|
|
The problem is that the error handling path for the KEYCTL_JOIN_SESSION_KEYRING
|
|
operation has one error path that doesn't release the session management
|
|
semaphore. Further attempts to get the semaphore will then sleep for ever in
|
|
the D state.
|
|
|
|
This can happen in four situations, all involving an attempt to allocate a new
|
|
session keyring:
|
|
|
|
(1) ENOMEM.
|
|
|
|
(2) The users key quota being reached.
|
|
|
|
(3) A keyring name that is an empty string.
|
|
|
|
(4) A keyring name that is too long.
|
|
|
|
Any user may attempt this operation, and so any user can cause the problem to
|
|
occur.
|
|
|
|
Signed-Off-By: David Howells <dhowells@redhat.com>
|
|
Signed-off-by: Andrew Morton <akpm@osdl.org>
|
|
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
|
|
|
|
I:100644 100644 9b0369c5a223acbf951178e87ebbb0789458b507 c089f78fb94ec170dbd042f08a4a61b9915c526e M security/keys/process_keys.c
|
|
|
|
Key:
|
|
S: Skipped
|
|
I: Included Included verbatim
|
|
D: Deleted Manually deleted by subsequent user edit
|
|
R: Revised Manually revised by subsequent user edit
|
|
|
|
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
|
|
--- a/security/keys/process_keys.c
|
|
+++ b/security/keys/process_keys.c
|
|
@@ -678,7 +678,7 @@ long join_session_keyring(const char *na
|
|
keyring = keyring_alloc(name, tsk->uid, tsk->gid, 0, NULL);
|
|
if (IS_ERR(keyring)) {
|
|
ret = PTR_ERR(keyring);
|
|
- goto error;
|
|
+ goto error2;
|
|
}
|
|
}
|
|
else if (IS_ERR(keyring)) {
|