[stable] Patch "KEYS: Fix error handling in construct_key_and_link()" has been added to the 2.6.39-stable tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    KEYS: Fix error handling in construct_key_and_link()

to the 2.6.39-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     keys-fix-error-handling-in-construct_key_and_link.patch
and it can be found in the queue-2.6.39 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <sta...@kernel.org> know about it.


>From b1d7dd80aadb9042e83f9778b484a2f92e0b04d4 Mon Sep 17 00:00:00 2001
From: David Howells <dhowe...@redhat.com>
Date: Tue, 21 Jun 2011 14:32:05 +0100
Subject: KEYS: Fix error handling in construct_key_and_link()

From: David Howells <dhowe...@redhat.com>

commit b1d7dd80aadb9042e83f9778b484a2f92e0b04d4 upstream.

Fix error handling in construct_key_and_link().

If construct_alloc_key() returns an error, it shouldn't pass out through
the normal path as the key_serial() called by the kleave() statement
will oops when it gets an error code in the pointer:

  BUG: unable to handle kernel paging request at ffffffffffffff84
  IP: [<ffffffff8120b401>] request_key_and_link+0x4d7/0x52f
  ..
  Call Trace:
   [<ffffffff8120b52c>] request_key+0x41/0x75
   [<ffffffffa00ed6e8>] cifs_get_spnego_key+0x206/0x226 [cifs]
   [<ffffffffa00eb0c9>] CIFS_SessSetup+0x511/0x1234 [cifs]
   [<ffffffffa00d9799>] cifs_setup_session+0x90/0x1ae [cifs]
   [<ffffffffa00d9c02>] cifs_get_smb_ses+0x34b/0x40f [cifs]
   [<ffffffffa00d9e05>] cifs_mount+0x13f/0x504 [cifs]
   [<ffffffffa00caabb>] cifs_do_mount+0xc4/0x672 [cifs]
   [<ffffffff8113ae8c>] mount_fs+0x69/0x155
   [<ffffffff8114ff0e>] vfs_kern_mount+0x63/0xa0
   [<ffffffff81150be2>] do_kern_mount+0x4d/0xdf
   [<ffffffff81152278>] do_mount+0x63c/0x69f
   [<ffffffff8115255c>] sys_mount+0x88/0xc2
   [<ffffffff814fbdc2>] system_call_fastpath+0x16/0x1b

Signed-off-by: David Howells <dhowe...@redhat.com>
Acked-by: Jeff Layton <jlay...@redhat.com>
Signed-off-by: Linus Torvalds <torva...@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gre...@suse.de>

---
 security/keys/request_key.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -470,7 +470,7 @@ static struct key *construct_key_and_lin
        } else if (ret == -EINPROGRESS) {
                ret = 0;
        } else {
-               key = ERR_PTR(ret);
+               goto couldnt_alloc_key;
        }
 
        key_put(dest_keyring);
@@ -480,6 +480,7 @@ static struct key *construct_key_and_lin
 construction_failed:
        key_negate_and_link(key, key_negative_timeout, NULL, NULL);
        key_put(key);
+couldnt_alloc_key:
        key_put(dest_keyring);
        kleave(" = %d", ret);
        return ERR_PTR(ret);


Patches currently in stable-queue which might be from dhowe...@redhat.com are

queue-2.6.39/keys-fix-error-handling-in-construct_key_and_link.patch
queue-2.6.39/fs-cache-add-a-helper-to-bulk-uncache-pages-on-an-inode.patch

_______________________________________________
stable mailing list
stable@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/stable