forked from luck/tmp_suning_uos_patched
KEYS: reaching the keys quotas correctly
Currently, when we add a new user key, the calltrace as below: add_key() key_create_or_update() key_alloc() __key_instantiate_and_link generic_key_instantiate key_payload_reserve ...... Since commita08bf91ce2
("KEYS: allow reaching the keys quotas exactly"), we can reach max bytes/keys in key_alloc, but we forget to remove this limit when we reserver space for payload in key_payload_reserve. So we can only reach max keys but not max bytes when having delta between plen and type->def_datalen. Remove this limit when instantiating the key, so we can keep consistent with key_alloc. Also, fix the similar problem in keyctl_chown_key(). Fixes:0b77f5bfb4
("keys: make the keyring quotas controllable through /proc/sys") Fixes:a08bf91ce2
("KEYS: allow reaching the keys quotas exactly") Cc: stable@vger.kernel.org # 5.0.x Cc: Eric Biggers <ebiggers@google.com> Signed-off-by: Yang Xu <xuyang2018.jy@cn.fujitsu.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
This commit is contained in:
parent
18b3670d79
commit
2e356101e7
|
@ -382,7 +382,7 @@ int key_payload_reserve(struct key *key, size_t datalen)
|
|||
spin_lock(&key->user->lock);
|
||||
|
||||
if (delta > 0 &&
|
||||
(key->user->qnbytes + delta >= maxbytes ||
|
||||
(key->user->qnbytes + delta > maxbytes ||
|
||||
key->user->qnbytes + delta < key->user->qnbytes)) {
|
||||
ret = -EDQUOT;
|
||||
}
|
||||
|
|
|
@ -937,8 +937,8 @@ long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group)
|
|||
key_quota_root_maxbytes : key_quota_maxbytes;
|
||||
|
||||
spin_lock(&newowner->lock);
|
||||
if (newowner->qnkeys + 1 >= maxkeys ||
|
||||
newowner->qnbytes + key->quotalen >= maxbytes ||
|
||||
if (newowner->qnkeys + 1 > maxkeys ||
|
||||
newowner->qnbytes + key->quotalen > maxbytes ||
|
||||
newowner->qnbytes + key->quotalen <
|
||||
newowner->qnbytes)
|
||||
goto quota_overrun;
|
||||
|
|
Loading…
Reference in New Issue
Block a user