Backport kernel fix from linux-yocto master.

Fix is "KEYS: reaching the keys quotas correctly" form 2020-03-15. https://git.yoctoproject.org/cgit/cgit.cgi/linux-yocto/ commit/?id=2e356101e72ab1361821b3af024d64877d9a798d Change-Id: I34a972978bc4c9b4fef496c22bdb468a099147ea Signed-off-by: Dragos Ciprian Nedelcu <Dragos.Ciprian.Nedelcu@enea.com>
author: Dragos Ciprian Nedelcu <Dragos.Ciprian.Nedelcu@enea.com> 2020-07-15 14:51:21 +0200
committer: Dragos Ciprian Nedelcu <Dragos.Ciprian.Nedelcu@enea.com> 2020-07-16 11:38:36 +0200
commit: 18a6ac2634699280676c3e85892062e873229ccf (patch)
tree: bfdf0656737ddff62aef2e361e5220ea46292019
parent: 12f0763e9384b52f8618fba5b7a70748d4a2da05 (diff)
download: enea-kernel-cache-18a6ac2634699280676c3e85892062e873229ccf.tar.gz
2 files changed, 70 insertions, 0 deletions
diff --git a/patches/security/0002-KEYS-reaching-the-keys-quotas-correctly.patch b/patches/security/0002-KEYS-reaching-the-keys-quotas-correctly.patch
new file mode 100644
index 0000000..37b06c6
--- /dev/null
+++ b/patches/security/0002-KEYS-reaching-the-keys-quotas-correctly.patch
@@ -0,0 +1,69 @@
+From 2e356101e72ab1361821b3af024d64877d9a798d Mon Sep 17 00:00:00 2001
+From: Yang Xu <xuyang2018.jy@cn.fujitsu.com>
+Date: Fri, 28 Feb 2020 12:41:51 +0800
+Subject: KEYS: reaching the keys quotas correctly
+Currently, when we add a new user key, the calltrace as below:
+add_key()
+  key_create_or_update()
+    key_alloc()
+    __key_instantiate_and_link
+      generic_key_instantiate
+        key_payload_reserve
+          ......
+Since commit a08bf91ce28e ("KEYS: allow reaching the keys quotas exactly"),
+we can reach max bytes/keys in key_alloc, but we forget to remove this
+limit when we reserver space for payload in key_payload_reserve. So we
+can only reach max keys but not max bytes when having delta between plen
+and type->def_datalen. Remove this limit when instantiating the key, so we
+can keep consistent with key_alloc.
+Also, fix the similar problem in keyctl_chown_key().
+Fixes: 0b77f5bfb45c ("keys: make the keyring quotas controllable through /proc/sys")
+Fixes: a08bf91ce28e ("KEYS: allow reaching the keys quotas exactly")
+Cc: stable@vger.kernel.org # 5.0.x
+Cc: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Yang Xu <xuyang2018.jy@cn.fujitsu.com>
+Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Reviewed-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+---
+ security/keys/key.c    | 2 +-
+ security/keys/keyctl.c | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+diff --git a/security/keys/key.c b/security/keys/key.c
+index 718bf7217420..e959b3c96b48 100644
+--- a/security/keys/key.c
+++ b/security/keys/key.c
+@@ -382,7 +382,7 @@ int key_payload_reserve(struct key *key, size_t datalen)
+                spin_lock(&key->user->lock);
+ 
+                if (delta > 0 &&
+-                   (key->user->qnbytes + delta >= maxbytes ||
+                   (key->user->qnbytes + delta > maxbytes ||
+                     key->user->qnbytes + delta < key->user->qnbytes)) {
+                        ret = -EDQUOT;
+                }
+diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
+index 9b898c969558..d1a3dea58dee 100644
+--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
+@@ -937,8 +937,8 @@ long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group)
+                                key_quota_root_maxbytes : key_quota_maxbytes;
+ 
+                        spin_lock(&newowner->lock);
+-                       if (newowner->qnkeys + 1 >= maxkeys ||
+-                           newowner->qnbytes + key->quotalen >= maxbytes ||
+                       if (newowner->qnkeys + 1 > maxkeys ||
+                           newowner->qnbytes + key->quotalen > maxbytes ||
+                            newowner->qnbytes + key->quotalen <
+                            newowner->qnbytes)
+                                goto quota_overrun;
+-- 
+cgit v1.2.2-1-g5e49
diff --git a/patches/security/keys.scc b/patches/security/keys.scc
new file mode 100644
index 0000000..0c937e0
--- /dev/null
+++ b/patches/security/keys.scc
@@ -0,0 +1 @@
+patch 0002-KEYS-reaching-the-keys-quotas-correctly.patch
author	Dragos Ciprian Nedelcu <Dragos.Ciprian.Nedelcu@enea.com>	2020-07-15 14:51:21 +0200
committer	Dragos Ciprian Nedelcu <Dragos.Ciprian.Nedelcu@enea.com>	2020-07-16 11:38:36 +0200
commit	18a6ac2634699280676c3e85892062e873229ccf (patch)
tree	bfdf0656737ddff62aef2e361e5220ea46292019
parent	12f0763e9384b52f8618fba5b7a70748d4a2da05 (diff)
download	enea-kernel-cache-18a6ac2634699280676c3e85892062e873229ccf.tar.gz

diff --git a/patches/security/0002-KEYS-reaching-the-keys-quotas-correctly.patch b/patches/security/0002-KEYS-reaching-the-keys-quotas-correctly.patch new file mode 100644 index 0000000..37b06c6 --- /dev/null +++ b/patches/security/0002-KEYS-reaching-the-keys-quotas-correctly.patch
@@ -0,0 +1,69 @@
	1	From 2e356101e72ab1361821b3af024d64877d9a798d Mon Sep 17 00:00:00 2001
	2	From: Yang Xu <xuyang2018.jy@cn.fujitsu.com>
	3	Date: Fri, 28 Feb 2020 12:41:51 +0800
	4	Subject: KEYS: reaching the keys quotas correctly
	5
	6	Currently, when we add a new user key, the calltrace as below:
	7
	8	add_key()
	9	key_create_or_update()
	10	key_alloc()
	11	__key_instantiate_and_link
	12	generic_key_instantiate
	13	key_payload_reserve
	14	......
	15
	16	Since commit a08bf91ce28e ("KEYS: allow reaching the keys quotas exactly"),
	17	we can reach max bytes/keys in key_alloc, but we forget to remove this
	18	limit when we reserver space for payload in key_payload_reserve. So we
	19	can only reach max keys but not max bytes when having delta between plen
	20	and type->def_datalen. Remove this limit when instantiating the key, so we
	21	can keep consistent with key_alloc.
	22
	23	Also, fix the similar problem in keyctl_chown_key().
	24
	25	Fixes: 0b77f5bfb45c ("keys: make the keyring quotas controllable through /proc/sys")
	26	Fixes: a08bf91ce28e ("KEYS: allow reaching the keys quotas exactly")
	27	Cc: stable@vger.kernel.org # 5.0.x
	28	Cc: Eric Biggers <ebiggers@google.com>
	29	Signed-off-by: Yang Xu <xuyang2018.jy@cn.fujitsu.com>
	30	Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
	31	Reviewed-by: Eric Biggers <ebiggers@google.com>
	32	Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
	33	---
	34	security/keys/key.c \| 2 +-
	35	security/keys/keyctl.c \| 4 ++--
	36	2 files changed, 3 insertions(+), 3 deletions(-)
	37
	38	diff --git a/security/keys/key.c b/security/keys/key.c
	39	index 718bf7217420..e959b3c96b48 100644
	40	--- a/security/keys/key.c
	41	+++ b/security/keys/key.c
	42	@@ -382,7 +382,7 @@ int key_payload_reserve(struct key *key, size_t datalen)
	43	spin_lock(&key->user->lock);
	44
	45	if (delta > 0 &&
	46	- (key->user->qnbytes + delta >= maxbytes \|\|
	47	+ (key->user->qnbytes + delta > maxbytes \|\|
	48	key->user->qnbytes + delta < key->user->qnbytes)) {
	49	ret = -EDQUOT;
	50	}
	51	diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
	52	index 9b898c969558..d1a3dea58dee 100644
	53	--- a/security/keys/keyctl.c
	54	+++ b/security/keys/keyctl.c
	55	@@ -937,8 +937,8 @@ long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group)
	56	key_quota_root_maxbytes : key_quota_maxbytes;
	57
	58	spin_lock(&newowner->lock);
	59	- if (newowner->qnkeys + 1 >= maxkeys \|\|
	60	- newowner->qnbytes + key->quotalen >= maxbytes \|\|
	61	+ if (newowner->qnkeys + 1 > maxkeys \|\|
	62	+ newowner->qnbytes + key->quotalen > maxbytes \|\|
	63	newowner->qnbytes + key->quotalen <
	64	newowner->qnbytes)
	65	goto quota_overrun;
	66	--
	67	cgit v1.2.2-1-g5e49
	68
	69


diff --git a/patches/security/keys.scc b/patches/security/keys.scc new file mode 100644 index 0000000..0c937e0 --- /dev/null +++ b/patches/security/keys.scc
@@ -0,0 +1 @@
		patch 0002-KEYS-reaching-the-keys-quotas-correctly.patch