From: David Howells Date: Thu, 4 Aug 2005 20:07:06 +0000 (-0700) Subject: [PATCH] Error during attempt to join key management session can leave semaphore pinned X-Git-Tag: v2.6.13-rc6~52 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bcf945d36fa0598f41ac4ad46a9dc43135460263;p=linux-2.6 [PATCH] Error during attempt to join key management session can leave semaphore pinned The attached patch prevents an error during the key session joining operation from hanging future joins in the D state [CAN-2005-2098]. The problem is that the error handling path for the KEYCTL_JOIN_SESSION_KEYRING operation has one error path that doesn't release the session management semaphore. Further attempts to get the semaphore will then sleep for ever in the D state. This can happen in four situations, all involving an attempt to allocate a new session keyring: (1) ENOMEM. (2) The users key quota being reached. (3) A keyring name that is an empty string. (4) A keyring name that is too long. Any user may attempt this operation, and so any user can cause the problem to occur. Signed-Off-By: David Howells Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 9b0369c5a2..c089f78fb9 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -678,7 +678,7 @@ long join_session_keyring(const char *name) keyring = keyring_alloc(name, tsk->uid, tsk->gid, 0, NULL); if (IS_ERR(keyring)) { ret = PTR_ERR(keyring); - goto error; + goto error2; } } else if (IS_ERR(keyring)) {