lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 28 Apr 2010 14:04:37 +0200
From:	Vegard Nossum <vegard.nossum@...il.com>
To:	David Howells <dhowells@...hat.com>
Cc:	torvalds@...l.org, akpm@...ux-foundation.org,
	keyrings@...ux-nfs.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KEYS: The request_key() syscall should link an existing 
	key to the dest keyring

On 26 April 2010 16:59, David Howells <dhowells@...hat.com> wrote:
> The request_key() system call and request_key_and_link() should make a link
> from an existing key to the destination keyring (if supplied), not just from a
> new key to the destination keyring.
>
> This can be tested by:
>
>        ring=`keyctl newring fred @s`
>        keyctl request2 user debug:a a
>        keyctl request user debug:a $ring
>        keyctl list $ring
>
> If it says:
>
>        keyring is empty
>
> then it didn't work.  If it shows something like:
>
>        1 key in keyring:
>        1070462727: --alswrv     0     0 user: debug:a
>
> then it did.
>
> Signed-off-by: David Howells <dhowells@...hat.com>
> ---
>
>  security/keys/request_key.c |    9 ++++++++-
>  1 files changed, 8 insertions(+), 1 deletions(-)
>
> diff --git a/security/keys/request_key.c b/security/keys/request_key.c
> index ea97c31..d737cea 100644
> --- a/security/keys/request_key.c
> +++ b/security/keys/request_key.c
> @@ -339,8 +339,10 @@ static int construct_alloc_key(struct key_type *type,
>
>  key_already_present:
>        mutex_unlock(&key_construction_mutex);
> -       if (dest_keyring)
> +       if (dest_keyring) {
> +               __key_link(dest_keyring, key_ref_to_ptr(key_ref));
>                up_write(&dest_keyring->sem);
> +       }
>        mutex_unlock(&user->cons_lock);
>        key_put(key);
>        *_key = key = key_ref_to_ptr(key_ref);

Hi,

Just a few questions (if you don't mind).

1. Is it correct to return -EINPROGRESS in this case?

2. (Why) Shouldn't the return value of __key_link() be checked?

3. In __key_link(), shouldn't rcu_dereference() be used when accessing
keyring->payload.subscriptions?

Thanks,


Vegard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ