Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-2.6.28.y 2009-01-25T00:41:33+00:00 2009-01-25T00:41:33+00:00 Vegard Nossum vegard.nossum@gmail.com 2009-01-17T16:45:45+00:00 urn:sha1:c534bf90e2075626bbf862353c112a9de2d3dd42 commit 0d54ee1c7850a954026deec4cd4885f331da35cc upstream. Plug this leak. Acked-by: David Howells <dhowells@redhat.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Vegard Nossum <vegard.nossum@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2009-01-18T18:44:00+00:00 Heiko Carstens heiko.carstens@de.ibm.com 2009-01-14T13:14:30+00:00 urn:sha1:47e059f33e324bef53aab02196595c0dd8b384fb commit 938bb9f5e840eddbf54e4f62f6c5ba9b3ae12c9d upstream. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2009-01-18T18:44:00+00:00 Heiko Carstens heiko.carstens@de.ibm.com 2009-01-14T13:14:29+00:00 urn:sha1:508d497ce4de9b7399d8662e4ef090f2567bbf19 commit 1e7bfb2134dfec37ce04fb3a4ca89299e892d10c upstream. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2008-11-10T21:20:57+00:00 David Howells dhowells@redhat.com 2008-11-10T19:00:05+00:00 urn:sha1:1f8f5cf6e4f038552a3e47b66085452c08556d71 Make request_key() instantiate the per-user keyrings so that it doesn't oops if it needs to get hold of the user session keyring because there isn't a session keyring in place. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Steve French <smfrench@gmail.com> Tested-by: Rutger Nijlunsing <rutger.nijlunsing@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2008-06-06T18:29:11+00:00 Daniel Walker dwalker@mvista.com 2008-06-06T05:46:32+00:00 urn:sha1:dba6a4d32d8677c99e73798d3375417f8a6d46de This semaphore doesn't appear to be used, so remove it. Signed-off-by: Daniel Walker <dwalker@mvista.com> Cc: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2008-04-29T15:06:17+00:00 Robert P. J. Day rpjday@crashcourse.ca 2008-04-29T08:01:32+00:00 urn:sha1:fdb89bce6c9ccb17dae13ec43a25d2fdd405233f Since these two source files invoke kmalloc(), they should explicitly include <linux/slab.h>. Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Cc: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2008-04-29T15:06:17+00:00 David Howells dhowells@redhat.com 2008-04-29T08:01:32+00:00 urn:sha1:0b77f5bfb45c13e1e5142374f9d6ca75292252a4 Make the keyring quotas controllable through /proc/sys files: (*) /proc/sys/kernel/keys/root_maxkeys /proc/sys/kernel/keys/root_maxbytes Maximum number of keys that root may have and the maximum total number of bytes of data that root may have stored in those keys. (*) /proc/sys/kernel/keys/maxkeys /proc/sys/kernel/keys/maxbytes Maximum number of keys that each non-root user may have and the maximum total number of bytes of data that each of those users may have stored in their keys. Also increase the quotas as a number of people have been complaining that it's not big enough. I'm not sure that it's big enough now either, but on the other hand, it can now be set in /etc/sysctl.conf. Signed-off-by: David Howells <dhowells@redhat.com> Cc: <kwc@citi.umich.edu> Cc: <arunsr@cse.iitk.ac.in> Cc: <dwalsh@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2008-04-29T15:06:17+00:00 David Howells dhowells@redhat.com 2008-04-29T08:01:31+00:00 urn:sha1:69664cf16af4f31cd54d77948a4baf9c7e0ca7b9 Don't generate the per-UID user and user session keyrings unless they're explicitly accessed. This solves a problem during a login process whereby set*uid() is called before the SELinux PAM module, resulting in the per-UID keyrings having the wrong security labels. This also cures the problem of multiple per-UID keyrings sometimes appearing due to PAM modules (including pam_keyinit) setuiding and causing user_structs to come into and go out of existence whilst the session keyring pins the user keyring. This is achieved by first searching for extant per-UID keyrings before inventing new ones. The serial bound argument is also dropped from find_keyring_by_name() as it's not currently made use of (setting it to 0 disables the feature). Signed-off-by: David Howells <dhowells@redhat.com> Cc: <kwc@citi.umich.edu> Cc: <arunsr@cse.iitk.ac.in> Cc: <dwalsh@redhat.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: James Morris <jmorris@namei.org> Cc: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2008-04-29T15:06:16+00:00 Arun Raghavan arunsr@cse.iitk.ac.in 2008-04-29T08:01:28+00:00 urn:sha1:6b79ccb5144f9ffb4d4596c23e7570238dd12abc The key_create_or_update() function provided by the keyring code has a default set of permissions that are always applied to the key when created. This might not be desirable to all clients. Here's a patch that adds a "perm" parameter to the function to address this, which can be set to KEY_PERM_UNDEF to revert to the current behaviour. Signed-off-by: Arun Raghavan <arunsr@cse.iitk.ac.in> Signed-off-by: David Howells <dhowells@redhat.com> Cc: Satyam Sharma <ssatyam@cse.iitk.ac.in> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2008-04-29T15:06:16+00:00 Alexey Dobriyan adobriyan@sw.ru 2008-04-29T08:01:27+00:00 urn:sha1:da91d2ef9fe4fd84cc0a8a729201d38e40ac9f2e Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Cc: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>