Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752005AbdI0VTb convert rfc822-to-8bit (ORCPT ); Wed, 27 Sep 2017 17:19:31 -0400 Received: from mx1.redhat.com ([209.132.183.28]:34106 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751801AbdI0VT3 (ORCPT ); Wed, 27 Sep 2017 17:19:29 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com B2B99C0BAF43 Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=dhowells@redhat.com Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells To: jmorris@namei.org Cc: David Howells , Eric Biggers , "Jason A. Donenfeld" , Michael Halcrow , keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [GIT PULL] KEYS: Fixes and crypto fixes MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <28035.1506547164.1@warthog.procyon.org.uk> Content-Transfer-Encoding: 8BIT Date: Wed, 27 Sep 2017 22:19:24 +0100 Message-ID: <28036.1506547164@warthog.procyon.org.uk> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 27 Sep 2017 21:19:29 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2343 Lines: 58 Hi James, Can you pull these and pass them on to Linus. There are two sets of patches here: (1) A bunch of core keyrings bug fixes from Eric Biggers. (2) Fixing big_key to use safe crypto from Jason A. Donenfeld. There are more patches to come from Eric, but I haven't reviewed at them yet, so I haven't included them here. Thanks to Eric for reviewing the keyrings code. David --- The following changes since commit ebb2c2437d8008d46796902ff390653822af6cc4: Merge tag 'mmc-v4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc (2017-09-18 08:44:51 -0700) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-fixes-20170927 for you to fetch changes up to 428490e38b2e352812e0b765d8bceafab0ec441d: security/keys: rewrite all of big_key crypto (2017-09-25 23:31:58 +0100) ---------------------------------------------------------------- Keyrings fixes ---------------------------------------------------------------- Eric Biggers (10): KEYS: fix cred refcount leak in request_key_auth_new() KEYS: don't revoke uninstantiated key in request_key_auth_new() KEYS: fix key refcount leak in keyctl_assume_authority() KEYS: fix key refcount leak in keyctl_read_key() KEYS: fix writing past end of user-supplied buffer in keyring_read() KEYS: prevent creating a different user's keyrings KEYS: prevent KEYCTL_READ on negative key KEYS: reset parent each time before searching key_user_tree KEYS: restrict /proc/keys by credentials at open time KEYS: use kmemdup() in request_key_auth_new() Jason A. Donenfeld (2): security/keys: properly zero out sensitive key material in big_key security/keys: rewrite all of big_key crypto include/linux/key.h | 2 + security/keys/Kconfig | 4 +- security/keys/big_key.c | 139 ++++++++++++++++++--------------------- security/keys/internal.h | 2 +- security/keys/key.c | 6 +- security/keys/keyctl.c | 13 ++-- security/keys/keyring.c | 37 ++++++----- security/keys/proc.c | 8 +-- security/keys/process_keys.c | 6 +- security/keys/request_key_auth.c | 74 ++++++++++----------- 10 files changed, 139 insertions(+), 152 deletions(-)