Re: [PATCH] KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings

From: David Howells
Date: Mon Apr 03 2017 - 11:52:26 EST


Eric Biggers <ebiggers3@xxxxxxxxx> wrote:

> @@ -135,6 +135,9 @@ int install_thread_keyring_to_cred(struct cred *new)
> {
> struct key *keyring;
>
> + if (new->thread_keyring)
> + return -EEXIST;
> +
> keyring = keyring_alloc("_tid", new->uid, new->gid, new,
> KEY_POS_ALL | KEY_USR_VIEW,
> KEY_ALLOC_QUOTA_OVERRUN,

It would probably be better just to return 0 and change the comment on the
function to say that it sets a thread keyring if there isn't one already.
Same for the process keyring.

David