MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-08-22 00:42:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
v6.12.39
linux-yocto/security/keys
History
David Howells 6afe2ea2da keys: Fix UAF in key_put() 
commit 75845c6c1a upstream.

Once a key's reference count has been reduced to 0, the garbage collector
thread may destroy it at any time and so key_put() is not allowed to touch
the key after that point.  The most key_put() is normally allowed to do is
to touch key_gc_work as that's a static global variable.

However, in an effort to speed up the reclamation of quota, this is now
done in key_put() once the key's usage is reduced to 0 - but now the code
is looking at the key after the deadline, which is forbidden.

Fix this by using a flag to indicate that a key can be gc'd now rather than
looking at the key's refcount in the garbage collector.

Fixes: 9578e327b2 ("keys: update key quotas in key_put()")
Reported-by: syzbot+6105ffc1ded71d194d6d@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/673b6aec.050a0220.87769.004a.GAE@google.com/
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: syzbot+6105ffc1ded71d194d6d@syzkaller.appspotmail.com
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-03-28 22:03:30 +01:00
..
encrypted-keys KEYS: encrypted: add missing MODULE_DESCRIPTION() 2024-07-01 14:16:54 +00:00
trusted-keys KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y 2025-02-17 10:05:09 +01:00
big_key.c
compat_dh.c
compat.c
dh.c KEYS: DH: Use crypto_wait_req 2023-02-13 18:34:48 +08:00
gc.c keys: Fix UAF in key_put() 2025-03-28 22:03:30 +01:00
internal.h keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry 2023-12-21 13:47:38 +00:00
Kconfig
key.c keys: Fix UAF in key_put() 2025-03-28 22:03:30 +01:00
keyctl_pkey.c
keyctl.c task_work: s/task_work_cancel()/task_work_cancel_func()/ 2024-07-09 13:26:31 +02:00
keyring.c security/keys: fix slab-out-of-bounds in key_task_permission 2024-11-04 21:24:24 +02:00
Makefile
permission.c
persistent.c
proc.c keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry 2023-12-21 13:47:38 +00:00
process_keys.c
request_key_auth.c KEYS: Replace all non-returning strlcpy with strscpy 2023-08-17 20:12:35 +00:00
request_key.c keys: Fix linking a duplicate key to a keyring's assoc_array 2023-07-17 19:32:30 +00:00
sysctl.c lsm: remove the now superfluous sentinel element from ctl_table array 2024-04-15 15:00:00 -04:00
user_defined.c