Commit 2e356101 authored by Yang Xu's avatar Yang Xu Committed by Jarkko Sakkinen
Browse files

KEYS: reaching the keys quotas correctly 



Currently, when we add a new user key, the calltrace as below:

add_key()
  key_create_or_update()
    key_alloc()
    __key_instantiate_and_link
      generic_key_instantiate
        key_payload_reserve
          ......

Since commit a08bf91c ("KEYS: allow reaching the keys quotas exactly"),
we can reach max bytes/keys in key_alloc, but we forget to remove this
limit when we reserver space for payload in key_payload_reserve. So we
can only reach max keys but not max bytes when having delta between plen
and type->def_datalen. Remove this limit when instantiating the key, so we
can keep consistent with key_alloc.

Also, fix the similar problem in keyctl_chown_key().

Fixes: 0b77f5bf ("keys: make the keyring quotas controllable through /proc/sys")
Fixes: a08bf91c ("KEYS: allow reaching the keys quotas exactly")
Cc: stable@vger.kernel.org # 5.0.x
Cc: Eric Biggers <ebiggers@google.com>
Signed-off-by: default avatarYang Xu <xuyang2018.jy@cn.fujitsu.com>
Reviewed-by: default avatarJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
parent 18b3670d

security/keys/key.c

+1 −1
Original line number Diff line number Diff line
@@ -382,7 +382,7 @@ int key_payload_reserve(struct key *key, size_t datalen) 
		spin_lock(&key->user->lock);



		if (delta > 0 &&

		    (key->user->qnbytes + delta >= maxbytes ||

		    (key->user->qnbytes + delta > maxbytes ||

		     key->user->qnbytes + delta < key->user->qnbytes)) {

			ret = -EDQUOT;

		}

security/keys/keyctl.c

+2 −2
Original line number Diff line number Diff line
@@ -937,8 +937,8 @@ long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group) 
				key_quota_root_maxbytes : key_quota_maxbytes;



			spin_lock(&newowner->lock);

			if (newowner->qnkeys + 1 >= maxkeys ||

			    newowner->qnbytes + key->quotalen >= maxbytes ||

			if (newowner->qnkeys + 1 > maxkeys ||

			    newowner->qnbytes + key->quotalen > maxbytes ||

			    newowner->qnbytes + key->quotalen <

			    newowner->qnbytes)

				goto quota_overrun;

CRA Git | Maintained and supported by SUSTech CRA and CCSE