diff options
author | David Howells <dhowells@redhat.com> | 2005-08-04 16:07:06 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-08-04 16:11:14 -0400 |
commit | bcf945d36fa0598f41ac4ad46a9dc43135460263 (patch) | |
tree | 7a2aa188442bf863f20055a001baf85143d7a5b9 | |
parent | 6fb0caa42308923d9e4ed7b36ec077b97c107e24 (diff) |
[PATCH] Error during attempt to join key management session can leave semaphore pinned
The attached patch prevents an error during the key session joining operation
from hanging future joins in the D state [CAN-2005-2098].
The problem is that the error handling path for the KEYCTL_JOIN_SESSION_KEYRING
operation has one error path that doesn't release the session management
semaphore. Further attempts to get the semaphore will then sleep for ever in
the D state.
This can happen in four situations, all involving an attempt to allocate a new
session keyring:
(1) ENOMEM.
(2) The users key quota being reached.
(3) A keyring name that is an empty string.
(4) A keyring name that is too long.
Any user may attempt this operation, and so any user can cause the problem to
occur.
Signed-Off-By: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | security/keys/process_keys.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 9b0369c5a223..c089f78fb94e 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c | |||
@@ -678,7 +678,7 @@ long join_session_keyring(const char *name) | |||
678 | keyring = keyring_alloc(name, tsk->uid, tsk->gid, 0, NULL); | 678 | keyring = keyring_alloc(name, tsk->uid, tsk->gid, 0, NULL); |
679 | if (IS_ERR(keyring)) { | 679 | if (IS_ERR(keyring)) { |
680 | ret = PTR_ERR(keyring); | 680 | ret = PTR_ERR(keyring); |
681 | goto error; | 681 | goto error2; |
682 | } | 682 | } |
683 | } | 683 | } |
684 | else if (IS_ERR(keyring)) { | 684 | else if (IS_ERR(keyring)) { |