From: Stephen Rothwell Date: Wed, 31 Oct 2012 02:20:39 +0000 (+1100) Subject: Merge remote-tracking branch 'security/next' X-Git-Tag: next-20121031~48 X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=7116da76b279f76e91b043bb290f638cd1b08853;p=karo-tx-linux.git Merge remote-tracking branch 'security/next' Conflicts: fs/cifs/cifsacl.c net/dns_resolver/dns_key.c security/keys/keyctl.c security/keys/keyring.c security/keys/process_keys.c --- 7116da76b279f76e91b043bb290f638cd1b08853 diff --cc include/linux/key.h index 2393b1c040b6,890699815212..4dfde1161c5e --- a/include/linux/key.h +++ b/include/linux/key.h @@@ -263,8 -262,9 +263,9 @@@ extern int key_link(struct key *keyring extern int key_unlink(struct key *keyring, struct key *key); -extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, +extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid, const struct cred *cred, + key_perm_t perm, unsigned long flags, struct key *dest); diff --cc net/dns_resolver/dns_key.c index 8aa4b1115384,b53bb4a41daa..0a0c71fccd0d --- a/net/dns_resolver/dns_key.c +++ b/net/dns_resolver/dns_key.c @@@ -259,11 -259,10 +259,11 @@@ static int __init init_dns_resolver(voi if (!cred) return -ENOMEM; - keyring = key_alloc(&key_type_keyring, ".dns_resolver", - keyring = keyring_alloc(".dns_resolver", 0, 0, cred, - (KEY_POS_ALL & ~KEY_POS_SETATTR) | - KEY_USR_VIEW | KEY_USR_READ, - KEY_ALLOC_NOT_IN_QUOTA, NULL); ++ keyring = keyring_alloc(".dns_resolver", + GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, + (KEY_POS_ALL & ~KEY_POS_SETATTR) | + KEY_USR_VIEW | KEY_USR_READ, - KEY_ALLOC_NOT_IN_QUOTA); ++ KEY_ALLOC_NOT_IN_QUOTA, NULL); if (IS_ERR(keyring)) { ret = PTR_ERR(keyring); goto failed_put_cred; diff --cc security/keys/keyctl.c index 5d34b4e827d6,6d9d0c747525..4b5c948eb414 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@@ -1535,9 -1527,9 +1536,9 @@@ long keyctl_session_to_parent(void goto unlock; /* the keyrings must have the same UID */ - if ((pcred->tgcred->session_keyring && - !uid_eq(pcred->tgcred->session_keyring->uid, mycred->euid)) || - !uid_eq(mycred->tgcred->session_keyring->uid, mycred->euid)) + if ((pcred->session_keyring && - pcred->session_keyring->uid != mycred->euid) || - mycred->session_keyring->uid != mycred->euid) ++ !uid_eq(pcred->session_keyring->uid, mycred->euid)) || ++ !uid_eq(mycred->session_keyring->uid, mycred->euid)) goto unlock; /* cancel an already pending keyring replacement */ diff --cc security/keys/keyring.c index 6e42df15a24c,9270ba054a1e..6ece7f2e5707 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@@ -256,9 -256,9 +256,9 @@@ error /* * Allocate a keyring and link into the destination keyring. */ -struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, +struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid, - const struct cred *cred, unsigned long flags, - struct key *dest) + const struct cred *cred, key_perm_t perm, + unsigned long flags, struct key *dest) { struct key *keyring; int ret; diff --cc security/keys/process_keys.c index a58f712605d8,b58d93892740..58dfe0890947 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@@ -45,15 -46,15 +45,17 @@@ int install_user_keyrings(void struct user_struct *user; const struct cred *cred; struct key *uid_keyring, *session_keyring; + key_perm_t user_keyring_perm; char buf[20]; int ret; + uid_t uid; + user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL; cred = current_cred(); user = cred->user; + uid = from_kuid(cred->user_ns, user->uid); - kenter("%p{%u}", user, user->uid); + kenter("%p{%u}", user, uid); if (user->uid_keyring) { kleave(" = 0 [exist]"); @@@ -72,9 -73,9 +74,9 @@@ uid_keyring = find_keyring_by_name(buf, true); if (IS_ERR(uid_keyring)) { - uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, + uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID, - cred, KEY_ALLOC_IN_QUOTA, - NULL); + cred, user_keyring_perm, + KEY_ALLOC_IN_QUOTA, NULL); if (IS_ERR(uid_keyring)) { ret = PTR_ERR(uid_keyring); goto error; @@@ -88,8 -89,9 +90,9 @@@ session_keyring = find_keyring_by_name(buf, true); if (IS_ERR(session_keyring)) { session_keyring = - keyring_alloc(buf, user->uid, (gid_t) -1, + keyring_alloc(buf, user->uid, INVALID_GID, - cred, KEY_ALLOC_IN_QUOTA, NULL); + cred, user_keyring_perm, + KEY_ALLOC_IN_QUOTA, NULL); if (IS_ERR(session_keyring)) { ret = PTR_ERR(session_keyring); goto error_release;