linux/security
Yang Xu 2e356101e7 KEYS: reaching the keys quotas correctly
Currently, when we add a new user key, the calltrace as below:

add_key()
  key_create_or_update()
    key_alloc()
    __key_instantiate_and_link
      generic_key_instantiate
        key_payload_reserve
          ......

Since commit a08bf91ce2 ("KEYS: allow reaching the keys quotas exactly"),
we can reach max bytes/keys in key_alloc, but we forget to remove this
limit when we reserver space for payload in key_payload_reserve. So we
can only reach max keys but not max bytes when having delta between plen
and type->def_datalen. Remove this limit when instantiating the key, so we
can keep consistent with key_alloc.

Also, fix the similar problem in keyctl_chown_key().

Fixes: 0b77f5bfb4 ("keys: make the keyring quotas controllable through /proc/sys")
Fixes: a08bf91ce2 ("KEYS: allow reaching the keys quotas exactly")
Cc: stable@vger.kernel.org # 5.0.x
Cc: Eric Biggers <ebiggers@google.com>
Signed-off-by: Yang Xu <xuyang2018.jy@cn.fujitsu.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
2020-03-15 20:59:50 +02:00
..
apparmor linux-kselftest-5.6-rc1-kunit 2020-01-29 15:25:34 -08:00
integrity ima: add sm3 algorithm to hash algorithm configuration list 2020-02-18 07:35:49 -05:00
keys KEYS: reaching the keys quotas correctly 2020-03-15 20:59:50 +02:00
loadpin proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
lockdown security,lockdown,selinux: implement SELinux lockdown 2019-12-09 17:53:58 -05:00
safesetid security/safesetid: Replace rcu_swap_protected() with rcu_replace_pointer() 2019-10-30 08:45:57 -07:00
selinux selinux/stable-5.6 PR 20200210 2020-02-10 16:51:35 -08:00
smack Merge branch 'merge.nfs-fs_parse.1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-02-08 13:26:41 -08:00
tomoyo tomoyo: Use atomic_t for statistics counter 2020-01-02 12:53:49 +09:00
yama proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
Kconfig Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-09-28 08:14:15 -07:00
Kconfig.hardening meminit fix 2019-07-28 12:33:15 -07:00
Makefile security: only build lsm_audit if CONFIG_SECURITY=y 2019-12-10 13:51:42 -05:00
commoncap.c Merge branch 'next-lsm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-07-09 12:24:21 -07:00
device_cgroup.c device_cgroup: Export devcgroup_check_permission 2019-10-07 15:11:38 -05:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
lsm_audit.c security,lockdown,selinux: implement SELinux lockdown 2019-12-09 17:53:58 -05:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c Merge branch 'for-v5.6' of git://git.kernel.org:/pub/scm/linux/kernel/git/jmorris/linux-security 2020-01-28 18:55:17 -08:00