Commits on Jan 19, 2016

1. KEYS: Fix keyring ref leak in join_session_keyring() …

   If a thread is asked to join as a session keyring the keyring that's already
   set as its session, we leak a keyring reference.
   
   This can be tested with the following program:
   
   	#include <stddef.h>
   	#include <stdio.h>
   	#include <sys/types.h>
   	#include <keyutils.h>
   
   	int main(int argc, const char *argv[])
   	{
   		int i = 0;
   		key_serial_t serial;
   
   		serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
   				"leaked-keyring");
   		if (serial < 0) {
   			perror("keyctl");
   			return -1;
   		}
   
   		if (keyctl(KEYCTL_SETPERM, serial,
   			   KEY_POS_ALL | KEY_USR_ALL) < 0) {
   			perror("keyctl");
   			return -1;
   		}
   
   		for (i = 0; i < 100; i++) {
   			serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
   					"leaked-keyring");
   			if (serial < 0) {
   				perror("keyctl");
   				return -1;
   			}
   		}
   
   		return 0;
   	}
   
   If, after the program has run, there something like the following line in
   /proc/keys:
   
   3f3d898f I--Q---   100 perm 3f3f0000     0     0 keyring   leaked-keyring: empty
   
   with a usage count of 100 * the number of times the program has been run,
   then the kernel is malfunctioning.  If leaked-keyring has zero usages or
   has been garbage collected, then the problem is fixed.
   
   Reported-by: Yevgeny Pats <yevgeny@perception-point.io>
   Signed-off-by: David Howells <dhowells@redhat.com>

   

   Yevgeny Pats authored and mischief committed Jan 19, 2016
   Configuration menu

   • View commit details
   • Copy full SHA for fc94e26
   • Browse repository at this point

   Copy the full SHA

   fc94e26 View commit details

   Browse the repository at this point in the history