commit bcf945d36fa0598f41ac4ad46a9dc43135460263 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

[PATCH] Error during attempt to join key management session can leave semaphore pinned

The attached patch prevents an error during the key session joining operation
from hanging future joins in the D state [CAN-2005-2098].

The problem is that the error handling path for the KEYCTL_JOIN_SESSION_KEYRING
operation has one error path that doesn't release the session management
semaphore. Further attempts to get the semaphore will then sleep for ever in
the D state.

This can happen in four situations, all involving an attempt to allocate a new
session keyring:

(1) ENOMEM.

(2) The users key quota being reached.

(3) A keyring name that is an empty string.

(4) A keyring name that is too long.

Any user may attempt this operation, and so any user can cause the problem to
occur.

Signed-Off-By: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

authored by David Howells and committed by Linus Torvalds 20 years ago bcf945d3 6fb0caa4

+1 -1

1 changed file

expand all

unified split

security

keys

process_keys.c

+1 -1

security/keys/process_keys.c

··· 678 678 keyring = keyring_alloc(name, tsk->uid, tsk->gid, 0, NULL); 679 679 if (IS_ERR(keyring)) { 680 680 ret = PTR_ERR(keyring); 681 - goto error; 681 + goto error2; 682 682 } 683 683 } 684 684 else if (IS_ERR(keyring)) {