* [patch] KEYS: testing wrong bit for KEY_FLAG_REVOKED
@ 2012-03-05 8:29 Dan Carpenter
2012-03-06 11:22 ` David Howells
0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2012-03-05 8:29 UTC (permalink / raw)
To: kernel-janitors
The test for "if (cred->request_key_auth->flags & KEY_FLAG_REVOKED) {"
should actually be "if (test_bit(KEY_FLAG_REVOKED, &req_key->flags)) {".
The current code actually checks for KEY_FLAG_DEAD.
The patch is really a one liner but I introduced a new variable so that
I don't go over the 80 character limit.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 1068cb1..3185ec3 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -537,6 +537,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
{
struct request_key_auth *rka;
const struct cred *cred;
+ struct key *req_key;
struct key *key;
key_ref_t key_ref, skey_ref;
int ret;
@@ -653,19 +654,20 @@ try_again:
break;
case KEY_SPEC_REQUESTOR_KEYRING:
- if (!cred->request_key_auth)
+ req_key = cred->request_key_auth;
+ if (!req_key)
goto error;
- down_read(&cred->request_key_auth->sem);
- if (cred->request_key_auth->flags & KEY_FLAG_REVOKED) {
+ down_read(&req_key->sem);
+ if (test_bit(KEY_FLAG_REVOKED, &req_key->flags)) {
key_ref = ERR_PTR(-EKEYREVOKED);
key = NULL;
} else {
- rka = cred->request_key_auth->payload.data;
+ rka = req_key->payload.data;
key = rka->dest_keyring;
atomic_inc(&key->usage);
}
- up_read(&cred->request_key_auth->sem);
+ up_read(&req_key->sem);
if (!key)
goto error;
key_ref = make_key_ref(key, 1);
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [patch] KEYS: testing wrong bit for KEY_FLAG_REVOKED
2012-03-05 8:29 [patch] KEYS: testing wrong bit for KEY_FLAG_REVOKED Dan Carpenter
@ 2012-03-06 11:22 ` David Howells
0 siblings, 0 replies; 3+ messages in thread
From: David Howells @ 2012-03-06 11:22 UTC (permalink / raw)
To: kernel-janitors
Dan Carpenter <dan.carpenter@oracle.com> wrote:
> The test for "if (cred->request_key_auth->flags & KEY_FLAG_REVOKED) {"
> should actually be "if (test_bit(KEY_FLAG_REVOKED, &req_key->flags)) {".
> The current code actually checks for KEY_FLAG_DEAD.
Looks okay.
> The patch is really a one liner but I introduced a new variable so that
> I don't go over the 80 character limit.
Just split the arguments for test_bit() onto separate lines.
David
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH] KEYS: testing wrong bit for KEY_FLAG_REVOKED
@ 2012-03-06 13:32 David Howells
0 siblings, 0 replies; 3+ messages in thread
From: David Howells @ 2012-03-06 13:32 UTC (permalink / raw)
To: kernel-janitors
From: Dan Carpenter <dan.carpenter@oracle.com>
The test for "if (cred->request_key_auth->flags & KEY_FLAG_REVOKED) {"
should actually testing that the (1 << KEY_FLAG_REVOKED) bit is set.
The current code actually checks for KEY_FLAG_DEAD.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---
security/keys/process_keys.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index b1cdb56..e137fcd 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -657,7 +657,8 @@ try_again:
goto error;
down_read(&cred->request_key_auth->sem);
- if (cred->request_key_auth->flags & KEY_FLAG_REVOKED) {
+ if (test_bit(KEY_FLAG_REVOKED,
+ &cred->request_key_auth->flags)) {
key_ref = ERR_PTR(-EKEYREVOKED);
key = NULL;
} else {
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-03-06 13:32 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-03-05 8:29 [patch] KEYS: testing wrong bit for KEY_FLAG_REVOKED Dan Carpenter
2012-03-06 11:22 ` David Howells
2012-03-06 13:32 [PATCH] " David Howells
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.