Merge 4.9.59 into android-4.9

author Greg Kroah-Hartman <gregkh@google.com>

Mon, 30 Oct 2017 08:27:09 +0000 (09:27 +0100)

committer Greg Kroah-Hartman <gregkh@google.com>

Mon, 30 Oct 2017 08:27:09 +0000 (09:27 +0100)
author Greg Kroah-Hartman <gregkh@google.com>
Mon, 30 Oct 2017 08:27:09 +0000 (09:27 +0100)
committer Greg Kroah-Hartman <gregkh@google.com>
Mon, 30 Oct 2017 08:27:09 +0000 (09:27 +0100)
diff --cc Makefile
Simple merge
diff --cc fs/crypto/keyinfo.c

index 018c588,a755fa1..8e704d1
--- 1/fs/crypto/keyinfo.c
--- 2/fs/crypto/keyinfo.c
+++ b/fs/crypto/keyinfo.c
@@@ -108,7 -107,12 +108,12 @@@ static int validate_user_key(struct fsc
                 res = -ENOKEY;
                 goto out;
         }
- -      ukp = user_key_payload(keyring_key);
+ +      ukp = user_key_payload_locked(keyring_key);
+       if (!ukp) {
+               /* key was revoked before we acquired its semaphore */
+               res = -EKEYREVOKED;
+               goto out;
+       }
         if (ukp->datalen != sizeof(struct fscrypt_key)) {
                 res = -EINVAL;
                 goto out;
diff --cc fs/fscache/object-list.c

index 67f9408,37e0c31..5eb2e24
--- 1/fs/fscache/object-list.c
--- 2/fs/fscache/object-list.c
+++ b/fs/fscache/object-list.c
@@@ -329,7 -329,14 +329,14 @@@ static void fscache_objlist_config(stru
         config = 0;
         rcu_read_lock();
   
- -      confkey = user_key_payload(key);
+ +      confkey = user_key_payload_rcu(key);
+       if (!confkey) {
+               /* key was revoked */
+               rcu_read_unlock();
+               key_put(key);
+               goto no_config;
+       }
+ 
         buf = confkey->data;
   
         for (len = confkey->datalen - 1; len >= 0; len--) {
diff --cc include/linux/key.h

index 2de88a3,ed9b44f..7e2d143
--- 1/include/linux/key.h
--- 2/include/linux/key.h
+++ b/include/linux/key.h
@@@ -350,16 -359,17 +359,20 @@@ static inline short key_read_state(cons
    * Return true if the specified key has been positively instantiated, false
    * otherwise.
    */
- static inline bool key_is_instantiated(const struct key *key)
+ static inline bool key_is_positive(const struct key *key)
+ {
+       return key_read_state(key) == KEY_IS_POSITIVE;
+ }
+ 
+ static inline bool key_is_negative(const struct key *key)
   {
-       return test_bit(KEY_FLAG_INSTANTIATED, &key->flags) &&
-               !test_bit(KEY_FLAG_NEGATIVE, &key->flags);
+       return key_read_state(key) < 0;
   }
   
- -#define rcu_dereference_key(KEY)                                      \
+ +#define dereference_key_rcu(KEY)                                      \
+ +      (rcu_dereference((KEY)->payload.rcu_data0))
+ +
+ +#define dereference_key_locked(KEY)                                   \
         (rcu_dereference_protected((KEY)->payload.rcu_data0,            \
                                    rwsem_is_locked(&((struct key *)(KEY))->sem)))
   
diff --cc lib/digsig.c

index 03d7c63,a876156..6ba6fcd
--- 1/lib/digsig.c
--- 2/lib/digsig.c
+++ b/lib/digsig.c
@@@ -85,8 -85,14 +85,14 @@@ static int digsig_verify_rsa(struct ke
         struct pubkey_hdr *pkh;
   
         down_read(&key->sem);
- -      ukp = user_key_payload(key);
+ +      ukp = user_key_payload_locked(key);
   
+       if (!ukp) {
+               /* key was revoked before we acquired its semaphore */
+               err = -EKEYREVOKED;
+               goto err1;
+       }
+ 
         if (ukp->datalen < sizeof(*pkh))
                 goto err1;
   
diff --cc security/keys/encrypted-keys/encrypted.c

index a62eba2,a871159..ae70e82
--- 1/security/keys/encrypted-keys/encrypted.c
--- 2/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@@ -314,7 -314,14 +314,14 @@@ static struct key *request_user_key(con
                 goto error;
   
         down_read(&ukey->sem);
- -      upayload = user_key_payload(ukey);
+ +      upayload = user_key_payload_locked(ukey);
+       if (!upayload) {
+               /* key was revoked before we acquired its semaphore */
+               up_read(&ukey->sem);
+               key_put(ukey);
+               ukey = ERR_PTR(-EKEYREVOKED);
+               goto error;
+       }
         *master_key = upayload->data;
         *master_keylen = upayload->datalen;
   error:
diff --cc security/keys/trusted.c
Simple merge
diff --cc security/keys/user_defined.c

index fa880f6,3dc2607..b4c170a
--- 1/security/keys/user_defined.c
--- 2/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@@ -106,8 -106,8 +106,8 @@@ int user_update(struct key *key, struc
   
         /* attach the new data, displacing the old */
         key->expiry = prep->expiry;
-       if (!test_bit(KEY_FLAG_NEGATIVE, &key->flags))
+       if (key_is_positive(key))
- -              zap = rcu_dereference_key(key);
+ +              zap = dereference_key_locked(key);
         rcu_assign_keypointer(key, prep->payload.data[0]);
         prep->payload.data[0] = NULL;
author	Greg Kroah-Hartman <gregkh@google.com>
	Mon, 30 Oct 2017 08:27:09 +0000 (09:27 +0100)
committer	Greg Kroah-Hartman <gregkh@google.com>
	Mon, 30 Oct 2017 08:27:09 +0000 (09:27 +0100)
		1	2
Makefile	patch \|	diff1 \|	diff2 \|	blob \| history
fs/crypto/keyinfo.c	patch \|	diff1 \|	diff2 \|	blob \| history
fs/fscache/object-list.c	patch \|	diff1 \|	diff2 \|	blob \| history
include/linux/key.h	patch \|	diff1 \|	diff2 \|	blob \| history
lib/digsig.c	patch \|	diff1 \|	diff2 \|	blob \| history
security/keys/encrypted-keys/encrypted.c	patch \|	diff1 \|	diff2 \|	blob \| history
security/keys/trusted.c	patch \|	diff1 \|	diff2 \|	blob \| history
security/keys/user_defined.c	patch \|	diff1 \|	diff2 \|	blob \| history