aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2005-08-04 16:07:06 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2005-08-04 16:11:14 -0400
commitbcf945d36fa0598f41ac4ad46a9dc43135460263 (patch)
tree7a2aa188442bf863f20055a001baf85143d7a5b9
parent6fb0caa42308923d9e4ed7b36ec077b97c107e24 (diff)
[PATCH] Error during attempt to join key management session can leave semaphore pinned
The attached patch prevents an error during the key session joining operation from hanging future joins in the D state [CAN-2005-2098]. The problem is that the error handling path for the KEYCTL_JOIN_SESSION_KEYRING operation has one error path that doesn't release the session management semaphore. Further attempts to get the semaphore will then sleep for ever in the D state. This can happen in four situations, all involving an attempt to allocate a new session keyring: (1) ENOMEM. (2) The users key quota being reached. (3) A keyring name that is an empty string. (4) A keyring name that is too long. Any user may attempt this operation, and so any user can cause the problem to occur. Signed-Off-By: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--security/keys/process_keys.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 9b0369c5a223..c089f78fb94e 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -678,7 +678,7 @@ long join_session_keyring(const char *name)
678 keyring = keyring_alloc(name, tsk->uid, tsk->gid, 0, NULL); 678 keyring = keyring_alloc(name, tsk->uid, tsk->gid, 0, NULL);
679 if (IS_ERR(keyring)) { 679 if (IS_ERR(keyring)) {
680 ret = PTR_ERR(keyring); 680 ret = PTR_ERR(keyring);
681 goto error; 681 goto error2;
682 } 682 }
683 } 683 }
684 else if (IS_ERR(keyring)) { 684 else if (IS_ERR(keyring)) {