[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <524f69650808171818r781115c5w170cc58b91866b4c@mail.gmail.com>
Date: Sun, 17 Aug 2008 20:18:25 -0500
From: "Steve French" <smfrench@...il.com>
To: "Rutger Nijlunsing" <rutger.nijlunsing@...il.com>
Cc: LKML <linux-kernel@...r.kernel.org>
Subject: Re: OOPS in request_key.c bisected (and then refound)
Copying lkml on this additional feedback on the patch to fix the oops
introduced in April by the keyctl subsystem
On Sun, Aug 17, 2008 at 2:45 PM, Rutger Nijlunsing
<rutger.nijlunsing@...il.com> wrote:
> When trying to mount an CIFS share with SPGENO on Debian, I got
> nothing. Digging deeping revealing on OOPS at function
> call_sbin_request_key+0x166/0x255in 2.6.27 which was not there in
> 2.6.25. Bisecting this with the simplest command generating the OOPS,
> which was taken from 'man keyctl':
>
> keyctl request2 user debug:yyyy spoon
>
> took about 4 hours on the evolutionary dead-end Pentium 4 and returned
> commit:
>
> commit 69664cf16af4f31cd54d77948a4baf9c7e0ca7b9
> Author: David Howells <dhowells@...hat.com>
> Date: Tue Apr 29 01:01:31 2008 -0700
>
> keys: don't generate user and user session keyrings unless they're accessed
>
> ...as the culprit.
>
> Googling for this revealed that this OOPS had been reported before in
> May, that a patch was written, tested and considered OK:
> http://lists.samba.org/archive/linux-cifs-client/2008-May/003001.html
>
> Applying this patch is still the right thing to do since it made the
> OOPS disappear. Hopefully this will solve my SPNEGO problems, but
> that's a second concern. Here is the patch again, together with
> additional Tested-bys:
>
> ---
> KEYS: Make request key instantiate the per-user keyrings
>
> Make request_key() instantiate the per-user keyrings so that it doesn't oops
> if it needs to get hold of the user session keyring because there isn't a
> session keyring in place.
>
> Signed-off-by: David Howells <dhowells@...hat.com>
> Tested-by: Steve French <smfrench@...il.com>
> Tested-by: Rutger Nijlunsing <rutger.nijlunsing@...il.com>
> ---
>
> security/keys/internal.h | 1 +
> security/keys/process_keys.c | 2 +-
> security/keys/request_key.c | 4 ++++
> 3 files changed, 6 insertions(+), 1 deletions(-)
>
>
> diff --git a/security/keys/internal.h b/security/keys/internal.h
> index 8c05587..2bdfacc 100644
> --- a/security/keys/internal.h
> +++ b/security/keys/internal.h
> @@ -108,6 +108,7 @@ extern key_ref_t search_process_keyrings(struct key_type *type,
>
> extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check);
>
> +extern int install_user_keyrings(struct task_struct *tsk);
> extern int install_thread_keyring(struct task_struct *tsk);
> extern int install_process_keyring(struct task_struct *tsk);
>
> diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
> index 5be6d01..45b240a 100644
> --- a/security/keys/process_keys.c
> +++ b/security/keys/process_keys.c
> @@ -40,7 +40,7 @@ struct key_user root_key_user = {
> /*
> * install user and user session keyrings for a particular UID
> */
> -static int install_user_keyrings(struct task_struct *tsk)
> +int install_user_keyrings(struct task_struct *tsk)
> {
> struct user_struct *user = tsk->user;
> struct key *uid_keyring, *session_keyring;
> diff --git a/security/keys/request_key.c b/security/keys/request_key.c
> index ba32ca6..abea08f 100644
> --- a/security/keys/request_key.c
> +++ b/security/keys/request_key.c
> @@ -74,6 +74,10 @@ static int call_sbin_request_key(struct key_construction *cons,
>
> kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
>
> + ret = install_user_keyrings(tsk);
> + if (ret < 0)
> + goto error_alloc;
> +
> /* allocate a new session keyring */
> sprintf(desc, "_req.%u", key->serial);
>
>
>
> --
> Rutger Nijlunsing ---------------------------------- eludias ed dse.nl
> never attribute to a conspiracy which can be explained by incompetence
> ----------------------------------------------------------------------
>
--
Thanks,
Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists