Home Home > GIT Browse > SLE12-SP4-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2019-02-21 09:13:35 +0100
committerTakashi Iwai <tiwai@suse.de>2019-02-21 09:13:36 +0100
commite84e180004cdba559ceb41216ccd68f729901fd8 (patch)
tree04ef5ef68803c2bda26f975a299db9a57b073e6f
parent7b850203f429ddc8b843f07d6cbc8ac7945a2350 (diff)
KEYS: allow reaching the keys quotas exactly (bsc#1051510).
-rw-r--r--patches.fixes/KEYS-allow-reaching-the-keys-quotas-exactly.patch47
-rw-r--r--series.conf1
2 files changed, 48 insertions, 0 deletions
diff --git a/patches.fixes/KEYS-allow-reaching-the-keys-quotas-exactly.patch b/patches.fixes/KEYS-allow-reaching-the-keys-quotas-exactly.patch
new file mode 100644
index 0000000000..a7bc87e45f
--- /dev/null
+++ b/patches.fixes/KEYS-allow-reaching-the-keys-quotas-exactly.patch
@@ -0,0 +1,47 @@
+From a08bf91ce28ed3ae7b6fef35d843fef8dc8c2cd9 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Thu, 14 Feb 2019 16:20:01 +0000
+Subject: [PATCH] KEYS: allow reaching the keys quotas exactly
+Git-commit: a08bf91ce28ed3ae7b6fef35d843fef8dc8c2cd9
+Patch-mainline: v5.0
+References: bsc#1051510
+
+If the sysctl 'kernel.keys.maxkeys' is set to some number n, then
+actually users can only add up to 'n - 1' keys. Likewise for
+'kernel.keys.maxbytes' and the root_* versions of these sysctls. But
+these sysctls are apparently supposed to be *maximums*, as per their
+names and all documentation I could find -- the keyrings(7) man page,
+Documentation/security/keys/core.rst, and all the mentions of EDQUOT
+meaning that the key quota was *exceeded* (as opposed to reached).
+
+Thus, fix the code to allow reaching the quotas exactly.
+
+Fixes: 0b77f5bfb45c ("keys: make the keyring quotas controllable through /proc/sys")
+Cc: stable@vger.kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Signed-off-by: James Morris <james.morris@microsoft.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ security/keys/key.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/security/keys/key.c b/security/keys/key.c
+index 44a80d6741a1..0ec9322af4f9 100644
+--- a/security/keys/key.c
++++ b/security/keys/key.c
+@@ -265,8 +265,8 @@ struct key *key_alloc(struct key_type *type, const char *desc,
+
+ spin_lock(&user->lock);
+ if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) {
+- if (user->qnkeys + 1 >= maxkeys ||
+- user->qnbytes + quotalen >= maxbytes ||
++ if (user->qnkeys + 1 > maxkeys ||
++ user->qnbytes + quotalen > maxbytes ||
+ user->qnbytes + quotalen < user->qnbytes)
+ goto no_quota;
+ }
+--
+2.16.4
+
diff --git a/series.conf b/series.conf
index 30fd2b1914..7737fecb87 100644
--- a/series.conf
+++ b/series.conf
@@ -20397,6 +20397,7 @@
patches.drivers/i2c-cadence-Fix-the-hold-bit-setting.patch
patches.drivers/i2c-bcm2835-Clear-current-buffer-pointers-and-counts.patch
patches.fixes/mac80211-Restore-vif-beacon-interval-if-start-ap-fai.patch
+ patches.fixes/KEYS-allow-reaching-the-keys-quotas-exactly.patch
patches.fixes/assoc_array-Fix-shortcut-creation.patch
patches.drivers/ALSA-hda-realtek-Headset-microphone-and-internal-spe.patch
patches.drivers/ALSA-hda-realtek-Disable-PC-beep-in-passthrough-on-a.patch