Set cred->user_ns in key_replace_session_keyring

commit f7285b5d631fd6096b11c6af0058ed3a2b30ef4e upstream.

Since this cred was not created with copy_creds(), it needs to get
initialized.  Otherwise use of syscall(__NR_keyctl, KEYCTL_SESSION_TO_PARENT);
can lead to a NULL deref.  Thanks to Robert for finding this.

But introduced by commit 47a150edc2a ("Cache user_ns in struct cred").

Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Reported-by: Robert Święcki <robert@swiecki.net>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 930634e4514973ac0f79acc7037138acb576a2c3..7a0c5868651f35780b5f5c4632acc2f6a6bb8896 100644 (file)
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -845,6 +845,7 @@ void key_replace_session_keyring(void)
        new-> sgid      = old-> sgid;
        new->fsgid      = old->fsgid;
        new->user       = get_uid(old->user);
+       new->user_ns    = new->user->user_ns;
        new->group_info = get_group_info(old->group_info);
 
        new->securebits = old->securebits;