projects / platform / adaptation / renesas_rcar / renesas_kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
KEYS: Move the flags representing required permission to linux/key.h
[platform/adaptation/renesas_rcar/renesas_kernel.git] / security / keys / keyring.c
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index d46cbc5..9cf2575 100644 (file)
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -541,7 +541,7 @@ static int keyring_search_iterator(const void *object, void *iterator_data)
        /* key must have search permissions */
        if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) &&
            key_task_permission(make_key_ref(key, ctx->possessed),
-                               ctx->cred, KEY_SEARCH) < 0) {
+                               ctx->cred, KEY_NEED_SEARCH) < 0) {
                ctx->result = ERR_PTR(-EACCES);
                kleave(" = %d [!perm]", ctx->skipped_ret);
                goto skipped;
@@ -721,7 +721,7 @@ ascend_to_node:
                /* Search a nested keyring */
                if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) &&
                    key_task_permission(make_key_ref(key, ctx->possessed),
-                                       ctx->cred, KEY_SEARCH) < 0)
+                                       ctx->cred, KEY_NEED_SEARCH) < 0)
                        continue;
 
                /* stack the current position */
@@ -843,7 +843,7 @@ key_ref_t keyring_search_aux(key_ref_t keyring_ref,
                return ERR_PTR(-ENOTDIR);
 
        if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM)) {
-               err = key_task_permission(keyring_ref, ctx->cred, KEY_SEARCH);
+               err = key_task_permission(keyring_ref, ctx->cred, KEY_NEED_SEARCH);
                if (err < 0)
                        return ERR_PTR(err);
        }
@@ -973,7 +973,7 @@ struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
 
                        if (!skip_perm_check &&
                            key_permission(make_key_ref(keyring, 0),
-                                          KEY_SEARCH) < 0)
+                                          KEY_NEED_SEARCH) < 0)
                                continue;
 
                        /* we've got a match but we might end up racing with
@@ -1000,7 +1000,11 @@ static int keyring_detect_cycle_iterator(const void *object,
 
        kenter("{%d}", key->serial);
 
-       BUG_ON(key != ctx->match_data);
+       /* We might get a keyring with matching index-key that is nonetheless a
+        * different keyring. */
+       if (key != ctx->match_data)
+               return 0;
+
        ctx->result = ERR_PTR(-EDEADLK);
        return 1;
 }
Domain: System / Uncategorized;