Eric Lee / smarc-fsl-linux-kernel

16 Nov, 2011

1 commit

  • 9f35a33b8   KEYS: Fix a NULL pointer deref in the user-defined key type ... Browse Code »
    1

    Fix a NULL pointer deref in the user-defined key type whereby updating a
    negative key into a fully instantiated key will cause an oops to occur
    when the code attempts to free the non-existent old payload.

    This results in an oops that looks something like the following:

    BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
    IP: [] __call_rcu+0x11/0x13e
    PGD 3391d067 PUD 3894a067 PMD 0
    Oops: 0002 [#1] SMP
    CPU 1
    Pid: 4354, comm: keyctl Not tainted 3.1.0-fsdevel+ #1140 /DG965RY
    RIP: 0010:[] [] __call_rcu+0x11/0x13e
    RSP: 0018:ffff88003d591df8 EFLAGS: 00010246
    RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000006e
    RDX: ffffffff8161d0c0 RSI: 0000000000000000 RDI: 0000000000000000
    RBP: ffff88003d591e18 R08: 0000000000000000 R09: ffffffff8152fa6c
    R10: 0000000000000000 R11: 0000000000000300 R12: ffff88003b8f9538
    R13: ffffffff8161d0c0 R14: ffff88003b8f9d50 R15: ffff88003c69f908
    FS: 00007f97eb18c720(0000) GS:ffff88003bd00000(0000) knlGS:0000000000000000
    CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 0000000000000008 CR3: 000000003d47a000 CR4: 00000000000006e0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
    Process keyctl (pid: 4354, threadinfo ffff88003d590000, task ffff88003c78a040)
    Stack:
    ffff88003e0ffde0 ffff88003b8f9538 0000000000000001 ffff88003b8f9d50
    ffff88003d591e28 ffffffff810860f0 ffff88003d591e68 ffffffff8117bfea
    ffff88003d591e68 ffffffff00000000 ffff88003e0ffde1 ffff88003e0ffde0
    Call Trace:
    [] call_rcu_sched+0x10/0x12
    [] user_update+0x8d/0xa2
    [] key_create_or_update+0x236/0x270
    [] sys_add_key+0x123/0x17e
    [] system_call_fastpath+0x16/0x1b

    Signed-off-by: David Howells
    Acked-by: Jeff Layton
    Acked-by: Neil Horman
    Acked-by: Steve Dickson
    Acked-by: James Morris
    Cc: stable@kernel.org
    Signed-off-by: Linus Torvalds

    David Howells
     

24 May, 2011

1 commit

08 May, 2011

1 commit

17 Mar, 2011

1 commit

  • 78b7280cc   KEYS: Improve /proc/keys ... Browse Code »

    Improve /proc/keys by:

    (1) Don't attempt to summarise the payload of a negated key. It won't have
    one. To this end, a helper function - key_is_instantiated() has been
    added that allows the caller to find out whether the key is positively
    instantiated (as opposed to being uninstantiated or negatively
    instantiated).

    (2) Do show keys that are negative, expired or revoked rather than hiding
    them. This requires an override flag (no_state_check) to be passed to
    search_my_process_keyrings() and keyring_search_aux() to suppress this
    check.

    Without this, keys that are possessed by the caller, but only grant
    permissions to the caller if possessed are skipped as the possession check
    fails.

    Keys that are visible due to user, group or other checks are visible with
    or without this patch.

    Signed-off-by: David Howells
    Signed-off-by: James Morris

    David Howells
     

08 Mar, 2011

1 commit

22 Jan, 2011

1 commit

  • a8b17ed01   KEYS: Do some style cleanup in the key management code. ... Browse Code »

    Do a bit of a style clean up in the key management code. No functional
    changes.

    Done using:

    perl -p -i -e 's!^/[*]*/\n!!' security/keys/*.c
    perl -p -i -e 's!} /[*] end [a-z0-9_]*[(][)] [*]/\n!}\n!' security/keys/*.c
    sed -i -s -e ": next" -e N -e 's/^\n[}]$/}/' -e t -e P -e 's/^.*\n//' -e "b next" security/keys/*.c

    To remove /*****/ lines, remove comments on the closing brace of a
    function to name the function and remove blank lines before the closing
    brace of a function.

    Signed-off-by: David Howells
    Signed-off-by: Linus Torvalds

    David Howells
     

05 May, 2010

1 commit

  • d9a9b4aee   KEYS: Fix an RCU warning in the reading of user keys ... Browse Code »

    Fix an RCU warning in the reading of user keys:

    ===================================================
    [ INFO: suspicious rcu_dereference_check() usage. ]
    ---------------------------------------------------
    security/keys/user_defined.c:202 invoked rcu_dereference_check() without protection!

    other info that might help us debug this:

    rcu_scheduler_active = 1, debug_locks = 0
    1 lock held by keyctl/3637:
    #0: (&key->sem){+++++.}, at: [] keyctl_read_key+0x9c/0xcf

    stack backtrace:
    Pid: 3637, comm: keyctl Not tainted 2.6.34-rc5-cachefs #18
    Call Trace:
    [] lockdep_rcu_dereference+0xaa/0xb2
    [] user_read+0x47/0x91
    [] keyctl_read_key+0xac/0xcf
    [] sys_keyctl+0x75/0xb7
    [] system_call_fastpath+0x16/0x1b

    Signed-off-by: David Howells
    Acked-by: Serge Hallyn
    Signed-off-by: James Morris

    David Howells
     

15 Feb, 2007

1 commit

  • cd354f1ae   [PATCH] remove many unneeded #includes of sched.h ... Browse Code »

    After Al Viro (finally) succeeded in removing the sched.h #include in module.h
    recently, it makes sense again to remove other superfluous sched.h includes.
    There are quite a lot of files which include it but don't actually need
    anything defined in there. Presumably these includes were once needed for
    macros that used to live in sched.h, but moved to other header files in the
    course of cleaning it up.

    To ease the pain, this time I did not fiddle with any header files and only
    removed #includes from .c-files, which tend to cause less trouble.

    Compile tested against 2.6.20-rc2 and 2.6.20-rc2-mm2 (with offsets) on alpha,
    arm, i386, ia64, mips, powerpc, and x86_64 with allnoconfig, defconfig,
    allmodconfig, and allyesconfig as well as a few randconfigs on x86_64 and all
    configs in arch/arm/configs on arm. I also checked that no new warnings were
    introduced by the patch (actually, some warnings are removed that were emitted
    by unnecessarily included header files).

    Signed-off-by: Tim Schmielau
    Acked-by: Russell King
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Tim Schmielau
     

27 Jun, 2006

1 commit

  • 31204ed92   [PATCH] keys: discard the contents of a key on revocation ... Browse Code »

    Cause the keys linked to a keyring to be unlinked from it when revoked and it
    causes the data attached to a user-defined key to be discarded when revoked.

    This frees up most of the quota a key occupied at that point, rather than
    waiting for the key to actually be destroyed.

    Signed-off-by: David Howells
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    David Howells
     

07 Jan, 2006

1 commit

31 Oct, 2005

1 commit

  • 2aa349f6e   [PATCH] Keys: Export user-defined keyring operations ... Browse Code »

    Export user-defined key operations so that those who wish to define their
    own key type based on the user-defined key operations may do so (as has
    been requested).

    The header file created has been placed into include/keys/user-type.h, thus
    creating a directory where other key types may also be placed. Any
    objections to doing this?

    Signed-Off-By: David Howells
    Signed-Off-By: Arjan van de Ven
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    David Howells
     

24 Jun, 2005

2 commits

  • 16c29b67f   [PATCH] eCryptfs: export user key type ... Browse Code »

    Export this symbol to GPL modules for eCryptfs: an out-of-tree GPL'ed
    filesystem.

    Signed off by: Michael Halcrow

    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Michael Halcrow
     
  • 76d8aeabf   [PATCH] keys: Discard key spinlock and use RCU for key payload ... Browse Code »

    The attached patch changes the key implementation in a number of ways:

    (1) It removes the spinlock from the key structure.

    (2) The key flags are now accessed using atomic bitops instead of
    write-locking the key spinlock and using C bitwise operators.

    The three instantiation flags are dealt with with the construction
    semaphore held during the request_key/instantiate/negate sequence, thus
    rendering the spinlock superfluous.

    The key flags are also now bit numbers not bit masks.

    (3) The key payload is now accessed using RCU. This permits the recursive
    keyring search algorithm to be simplified greatly since no locks need be
    taken other than the usual RCU preemption disablement. Searching now does
    not require any locks or semaphores to be held; merely that the starting
    keyring be pinned.

    (4) The keyring payload now includes an RCU head so that it can be disposed
    of by call_rcu(). This requires that the payload be copied on unlink to
    prevent introducing races in copy-down vs search-up.

    (5) The user key payload is now a structure with the data following it. It
    includes an RCU head like the keyring payload and for the same reason. It
    also contains a data length because the data length in the key may be
    changed on another CPU whilst an RCU protected read is in progress on the
    payload. This would then see the supposed RCU payload and the on-key data
    length getting out of sync.

    I'm tempted to drop the key's datalen entirely, except that it's used in
    conjunction with quota management and so is a little tricky to get rid
    of.

    (6) Update the keys documentation.

    Signed-Off-By: David Howells
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    David Howells
     

17 Apr, 2005

1 commit

  • 1da177e4c   Linux-2.6.12-rc2 ... Browse Code »

    Initial git repository build. I'm not bothering with the full history,
    even though we have it. We can create a separate "historical" git
    archive of that later if we want to, and in the meantime it's about
    3.2GB when imported into git - space that would just make the early
    git days unnecessarily complicated, when we don't have a lot of good
    infrastructure for it.

    Let it rip!

    Linus Torvalds