<feed xmlns='http://www.w3.org/2005/Atom'>
<title>kernel/linux.git/security/keys/keyctl.c, branch v6.18.38</title>
<subtitle>Linux kernel stable tree (mirror)</subtitle>
<id>https://git.radix-linux.su/kernel/linux.git/atom?h=v6.18.38</id>
<link rel='self' href='https://git.radix-linux.su/kernel/linux.git/atom?h=v6.18.38'/>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/'/>
<updated>2026-07-04T11:44:17+00:00</updated>
<entry>
<title>keys: Pin request_key_auth payload in instantiate paths</title>
<updated>2026-07-04T11:44:17+00:00</updated>
<author>
<name>Shaomin Chen</name>
<email>eeesssooo020@gmail.com</email>
</author>
<published>2026-06-10T10:10:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=7216ce8cb12fee44e309503955bb83806b106129'/>
<id>urn:sha1:7216ce8cb12fee44e309503955bb83806b106129</id>
<content type='text'>
commit fd15b457a86939c38aa12116adabd8ff686c5e51 upstream.

A: request_key()       B: KEYCTL_INSTANTIATE_IOV
================       =========================

create auth key
store rka in auth key
wait for helper
                       get auth key
                       load rka from auth key
                       copy user payload
                       sleep on #PF

helper completed
detach and free rka
destroy auth key
                       wake up
                       use rka-&gt;target_key
                       **USE-AFTER-FREE**

Give request_key_auth payloads a refcount.  Take a payload reference while
authkey-&gt;sem stabilizes the payload and revocation state.  Hold that
reference across the instantiate and reject paths.  Drop the auth key
owning reference from revoke and destroy.

[jarkko: Replaced the first two paragraphs of text with an actual
 concurrency scenario.]
Cc: stable@vger.kernel.org # v5.10+
Fixes: b5f545c880a2 ("[PATCH] keys: Permit running process to instantiate keys")
Reported-by: Shaomin Chen &lt;eeesssooo020@gmail.com&gt;
Closes: https://lore.kernel.org/r/20260519144403.436694-1-eeesssooo020@gmail.com
Signed-off-by: Shaomin Chen &lt;eeesssooo020@gmail.com&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>task_work: s/task_work_cancel()/task_work_cancel_func()/</title>
<updated>2024-07-09T11:26:31+00:00</updated>
<author>
<name>Frederic Weisbecker</name>
<email>frederic@kernel.org</email>
</author>
<published>2024-06-21T09:15:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=68cbd415dd4b9c5b9df69f0f091879e56bf5907a'/>
<id>urn:sha1:68cbd415dd4b9c5b9df69f0f091879e56bf5907a</id>
<content type='text'>
A proper task_work_cancel() API that actually cancels a callback and not
*any* callback pointing to a given function is going to be needed for
perf events event freeing. Do the appropriate rename to prepare for
that.

Signed-off-by: Frederic Weisbecker &lt;frederic@kernel.org&gt;
Signed-off-by: Peter Zijlstra (Intel) &lt;peterz@infradead.org&gt;
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240621091601.18227-2-frederic@kernel.org
</content>
</entry>
<entry>
<title>keys: update key quotas in key_put()</title>
<updated>2024-05-09T13:28:58+00:00</updated>
<author>
<name>Luis Henriques</name>
<email>lhenriques@suse.de</email>
</author>
<published>2024-01-30T10:13:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=9578e327b2b4935a25d49e3891b8fcca9b6c10c6'/>
<id>urn:sha1:9578e327b2b4935a25d49e3891b8fcca9b6c10c6</id>
<content type='text'>
Delaying key quotas update when key's refcount reaches 0 in key_put() has
been causing some issues in fscrypt testing, specifically in fstest
generic/581.  This commit fixes this test flakiness by dealing with the
quotas immediately, and leaving all the other clean-ups to the key garbage
collector.

This is done by moving the updates to the qnkeys and qnbytes fields in
struct key_user from key_gc_unused_keys() into key_put().  Unfortunately,
this also means that we need to switch to the irq-version of the spinlock
that protects these fields and use spin_lock_{irqsave,irqrestore} in all
the code that touches these fields.

Signed-off-by: Luis Henriques &lt;lhenriques@suse.de&gt;
Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
Acked-by: David Howells &lt;dhowells@redhat.com&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko.sakkinen@kernel.org&gt;
</content>
</entry>
<entry>
<title>iov_iter: replace import_single_range() with import_ubuf()</title>
<updated>2023-12-05T10:57:37+00:00</updated>
<author>
<name>Jens Axboe</name>
<email>axboe@kernel.dk</email>
</author>
<published>2023-12-04T17:47:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=9fd7874c0e5c89d7da0b4442271696ec0f8edcba'/>
<id>urn:sha1:9fd7874c0e5c89d7da0b4442271696ec0f8edcba</id>
<content type='text'>
With the removal of the 'iov' argument to import_single_range(), the two
functions are now fully identical. Convert the import_single_range()
callers to import_ubuf(), and remove the former fully.

Signed-off-by: Jens Axboe &lt;axboe@kernel.dk&gt;
Link: https://lore.kernel.org/r/20231204174827.1258875-3-axboe@kernel.dk
Signed-off-by: Christian Brauner &lt;brauner@kernel.org&gt;
</content>
</entry>
<entry>
<title>iov_iter: remove unused 'iov' argument from import_single_range()</title>
<updated>2023-12-05T10:57:34+00:00</updated>
<author>
<name>Jens Axboe</name>
<email>axboe@kernel.dk</email>
</author>
<published>2023-12-04T17:47:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=6ac805d13870925c787a28e3fe5cc73610cacd03'/>
<id>urn:sha1:6ac805d13870925c787a28e3fe5cc73610cacd03</id>
<content type='text'>
It is entirely unused, just get rid of it.

Signed-off-by: Jens Axboe &lt;axboe@kernel.dk&gt;
Link: https://lore.kernel.org/r/20231204174827.1258875-2-axboe@kernel.dk
Signed-off-by: Christian Brauner &lt;brauner@kernel.org&gt;
</content>
</entry>
<entry>
<title>security: keys: perform capable check only on privileged operations</title>
<updated>2023-07-28T18:07:41+00:00</updated>
<author>
<name>Christian Göttsche</name>
<email>cgzones@googlemail.com</email>
</author>
<published>2023-05-11T12:32:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=2d7f105edbb3b2be5ffa4d833abbf9b6965e9ce7'/>
<id>urn:sha1:2d7f105edbb3b2be5ffa4d833abbf9b6965e9ce7</id>
<content type='text'>
If the current task fails the check for the queried capability via
`capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message.
Issuing such denial messages unnecessarily can lead to a policy author
granting more privileges to a subject than needed to silence them.

Reorder CAP_SYS_ADMIN checks after the check whether the operation is
actually privileged.

Signed-off-by: Christian Göttsche &lt;cgzones@googlemail.com&gt;
Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</content>
</entry>
<entry>
<title>use less confusing names for iov_iter direction initializers</title>
<updated>2022-11-25T18:01:55+00:00</updated>
<author>
<name>Al Viro</name>
<email>viro@zeniv.linux.org.uk</email>
</author>
<published>2022-09-16T00:25:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=de4eda9de2d957ef2d6a8365a01e26a435e958cb'/>
<id>urn:sha1:de4eda9de2d957ef2d6a8365a01e26a435e958cb</id>
<content type='text'>
READ/WRITE proved to be actively confusing - the meanings are
"data destination, as used with read(2)" and "data source, as
used with write(2)", but people keep interpreting those as
"we read data from it" and "we write data to it", i.e. exactly
the wrong way.

Call them ITER_DEST and ITER_SOURCE - at least that is harder
to misinterpret...

Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
</content>
</entry>
<entry>
<title>security: keys: delete repeated words in comments</title>
<updated>2021-01-21T16:16:09+00:00</updated>
<author>
<name>Randy Dunlap</name>
<email>rdunlap@infradead.org</email>
</author>
<published>2020-08-07T16:51:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=328c95db01df9d8875f77e49ee4322e60e1337cd'/>
<id>urn:sha1:328c95db01df9d8875f77e49ee4322e60e1337cd</id>
<content type='text'>
Drop repeated words in comments.
{to, will, the}

Signed-off-by: Randy Dunlap &lt;rdunlap@infradead.org&gt;
Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
Reviewed-by: Jarkko Sakkinen &lt;jarkko.sakkinen@linux.intel.com&gt;
Reviewed-by: Ben Boeckel &lt;mathstuf@gmail.com&gt;
Cc: keyrings@vger.kernel.org
Cc: James Morris &lt;jmorris@namei.org&gt;
Cc: "Serge E. Hallyn" &lt;serge@hallyn.com&gt;
Cc: linux-security-module@vger.kernel.org
</content>
</entry>
<entry>
<title>task_work: cleanup notification modes</title>
<updated>2020-10-17T21:05:30+00:00</updated>
<author>
<name>Jens Axboe</name>
<email>axboe@kernel.dk</email>
</author>
<published>2020-10-16T15:02:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=91989c707884ecc7cd537281ab1a4b8fb7219da3'/>
<id>urn:sha1:91989c707884ecc7cd537281ab1a4b8fb7219da3</id>
<content type='text'>
A previous commit changed the notification mode from true/false to an
int, allowing notify-no, notify-yes, or signal-notify. This was
backwards compatible in the sense that any existing true/false user
would translate to either 0 (on notification sent) or 1, the latter
which mapped to TWA_RESUME. TWA_SIGNAL was assigned a value of 2.

Clean this up properly, and define a proper enum for the notification
mode. Now we have:

- TWA_NONE. This is 0, same as before the original change, meaning no
  notification requested.
- TWA_RESUME. This is 1, same as before the original change, meaning
  that we use TIF_NOTIFY_RESUME.
- TWA_SIGNAL. This uses TIF_SIGPENDING/JOBCTL_TASK_WORK for the
  notification.

Clean up all the callers, switching their 0/1/false/true to using the
appropriate TWA_* mode for notifications.

Fixes: e91b48162332 ("task_work: teach task_work_add() to do signal_wake_up()")
Reviewed-by: Thomas Gleixner &lt;tglx@linutronix.de&gt;
Signed-off-by: Jens Axboe &lt;axboe@kernel.dk&gt;
</content>
</entry>
<entry>
<title>security/keys: remove compat_keyctl_instantiate_key_iov</title>
<updated>2020-10-03T04:02:16+00:00</updated>
<author>
<name>Christoph Hellwig</name>
<email>hch@lst.de</email>
</author>
<published>2020-09-25T04:51:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=5d47b394794d3086c1c338cc014011a9ee34005c'/>
<id>urn:sha1:5d47b394794d3086c1c338cc014011a9ee34005c</id>
<content type='text'>
Now that import_iovec handles compat iovecs, the native version of
keyctl_instantiate_key_iov can be used for the compat case as well.

Signed-off-by: Christoph Hellwig &lt;hch@lst.de&gt;
Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
</content>
</entry>
</feed>
