Re: [PATCH] KEYS: put keyring if install_session_keyring_to_cred() fails

From: Eric Biggers
Date: Mon Apr 03 2017 - 13:49:10 EST


Hi David,

On Mon, Apr 03, 2017 at 04:42:05PM +0100, David Howells wrote:
> Eric Biggers <ebiggers3@xxxxxxxxx> wrote:
>
> > +error3:
> > + key_put(keyring);
> > error2:
> > mutex_unlock(&key_session_mutex);
>
> I would prefer the put to be outside of the locked section. How about the
> attached instead?

[...]

> diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
> index 44451af828c0..8e98e5d1b5fb 100644
> --- a/security/keys/process_keys.c
> +++ b/security/keys/process_keys.c
> @@ -793,21 +793,20 @@ long join_session_keyring(const char *name)
> KEY_ALLOC_IN_QUOTA, NULL, NULL);
> if (IS_ERR(keyring)) {
> ret = PTR_ERR(keyring);
> - goto error2;
> + goto error_unlock_no_keyring;
> }
> } else if (IS_ERR(keyring)) {
> ret = PTR_ERR(keyring);
> - goto error2;
> + goto error_unlock_no_keyring;
> } else if (keyring == new->session_keyring) {
> - key_put(keyring);
> ret = 0;
> - goto error2;
> + goto error_unlock;
> }
>
> /* we've got a keyring - now to install it */
> ret = install_session_keyring_to_cred(new, keyring);
> if (ret < 0)
> - goto error2;
> + goto error_unlock;
>
> commit_creds(new);
> mutex_unlock(&key_session_mutex);
> @@ -817,8 +816,11 @@ long join_session_keyring(const char *name)
> okay:
> return ret;
>
> -error2:
> +error_unlock_no_keyring:
> + keyring = NULL;
> +error_unlock:
> mutex_unlock(&key_session_mutex);
> + key_put(keyring);
> error:
> abort_creds(new);
> return ret;

I guess I'm okay with either patch, but I think jumping to the error labels in
the way I proposed is more straightforward since it keeps things in the logical
order. And I doubt there's much advantage in moving key_put() outside of the
mutex, given that key_session_mutex is only used for joining session keyrings so
shouldn't be contended, and key_put() hardly does any work anyway.

- Eric