[linux-cifs-client] Re: patch keys-make-request-key-instantiate-the-per-user-keyrings.patch added to 2.6.27-stable tree

Sun Dec 7 03:00:08 GMT 2008

On Tue, Nov 11, 2008 at 3:05 PM, Steve French <smfrench at gmail.com> wrote:
> This can prevent an oops when cifs is using krb5 auth
>
>
> ---------- Forwarded message ----------
> From:  <gregkh at suse.de>
> Date: Tue, Nov 11, 2008 at 3:03 PM
> Subject: patch keys-make-request-key-instantiate-the-per-user-keyrings.patch
> added to 2.6.27-stable tree
> To: dhowells at redhat.com, gregkh at suse.de, rutger.nijlunsing at gmail.com,
> smfrench at gmail.com, torvalds at linux-foundation.org
> Cc: stable at kernel.org, stable-commits at vger.kernel.org
>
>
>
> This is a note to let you know that we have just queued up the patch titled
>
>   Subject: KEYS: Make request key instantiate the per-user keyrings
>
> to the 2.6.27-stable tree.  Its filename is
>
>   keys-make-request-key-instantiate-the-per-user-keyrings.patch
>
> A git repo of this tree can be found at
>   http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>
>
> From 1f8f5cf6e4f038552a3e47b66085452c08556d71 Mon Sep 17 00:00:00 2001
> From: David Howells <dhowells at redhat.com>
> Date: Mon, 10 Nov 2008 19:00:05 +0000
> Subject: KEYS: Make request key instantiate the per-user keyrings
>
> From: David Howells <dhowells at redhat.com>
>
> commit 1f8f5cf6e4f038552a3e47b66085452c08556d71 upstream
>
> Make request_key() instantiate the per-user keyrings so that it doesn't oops
> if it needs to get hold of the user session keyring because there isn't a
> session keyring in place.
>
> Signed-off-by: David Howells <dhowells at redhat.com>
> Tested-by: Steve French <smfrench at gmail.com>
> Tested-by: Rutger Nijlunsing <rutger.nijlunsing at gmail.com>
> Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
>
> ---
>  security/keys/internal.h     |    1 +
>  security/keys/process_keys.c |    2 +-
>  security/keys/request_key.c  |    4 ++++
>  3 files changed, 6 insertions(+), 1 deletion(-)
>
> --- a/security/keys/internal.h
> +++ b/security/keys/internal.h
> @@ -107,6 +107,7 @@ extern key_ref_t search_process_keyrings
>
>  extern struct key *find_keyring_by_name(const char *name, bool
> skip_perm_check);
>
> +extern int install_user_keyrings(struct task_struct *tsk);
>  extern int install_thread_keyring(struct task_struct *tsk);
>  extern int install_process_keyring(struct task_struct *tsk);
>
> --- a/security/keys/process_keys.c
> +++ b/security/keys/process_keys.c
> @@ -40,7 +40,7 @@ struct key_user root_key_user = {
>  /*
>  * install user and user session keyrings for a particular UID
>  */
> -static int install_user_keyrings(struct task_struct *tsk)
> +int install_user_keyrings(struct task_struct *tsk)
>  {
>       struct user_struct *user = tsk->user;
>       struct key *uid_keyring, *session_keyring;
> --- a/security/keys/request_key.c
> +++ b/security/keys/request_key.c
> @@ -74,6 +74,10 @@ static int call_sbin_request_key(struct
>
>       kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
>
> +       ret = install_user_keyrings(tsk);
> +       if (ret < 0)
> +               goto error_alloc;
> +
>       /* allocate a new session keyring */
>       sprintf(desc, "_req.%u", key->serial);
>
>
>
> Patches currently in stable-queue which might be from dhowells at redhat.com are
>
> queue-2.6.27/keys-make-request-key-instantiate-the-per-user-keyrings.patch
>
>
>
> --
> Thanks,
>
> Steve
>

USERSESSION: ffff880129892980