WSL2-Linux-Kernel/security/keys
David Howells ce19c70f30 keys: Do not cache key in task struct if key is requested from kernel thread
[ Upstream commit 47f9e4c924 ]

The key which gets cached in task structure from a kernel thread does not
get invalidated even after expiry.  Due to which, a new key request from
kernel thread will be served with the cached key if it's present in task
struct irrespective of the key validity.  The change is to not cache key in
task_struct when key requested from kernel thread so that kernel thread
gets a valid key on every key request.

The problem has been seen with the cifs module doing DNS lookups from a
kernel thread and the results getting pinned by being attached to that
kernel thread's cache - and thus not something that can be easily got rid
of.  The cache would ordinarily be cleared by notify-resume, but kernel
threads don't do that.

This isn't seen with AFS because AFS is doing request_key() within the
kernel half of a user thread - which will do notify-resume.

Fixes: 7743c48e54 ("keys: Cache result of request_key*() temporarily in task_struct")
Signed-off-by: Bharath SM <bharathsm@microsoft.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
cc: Shyam Prasad N <nspmangalore@gmail.com>
cc: Steve French <smfrench@gmail.com>
cc: keyrings@vger.kernel.org
cc: linux-cifs@vger.kernel.org
cc: linux-fsdevel@vger.kernel.org
Link: https://lore.kernel.org/r/CAGypqWw951d=zYRbdgNR4snUDvJhWL=q3=WOyh7HhSJupjz2vA@mail.gmail.com/
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-03-30 12:47:47 +02:00
..
encrypted-keys crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
trusted-keys KEYS: trusted: tpm2: Fix migratable logic 2022-06-14 18:36:25 +02:00
Kconfig security: keys: trusted: use ASN.1 TPM2 key format for the blobs 2021-04-14 16:30:30 +03:00
Makefile KEYS: remove CONFIG_KEYS_COMPAT 2019-12-12 23:41:17 +02:00
big_key.c security/keys: use kvfree_sensitive() 2021-01-21 16:16:09 +00:00
compat.c security/keys: remove compat_keyctl_instantiate_key_iov 2020-10-03 00:02:16 -04:00
compat_dh.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
dh.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
gc.c watch_queue: Add a key/keyring notification facility 2020-05-19 15:19:06 +01:00
internal.h security/keys: remove compat_keyctl_instantiate_key_iov 2020-10-03 00:02:16 -04:00
key.c certs: Fix blacklist flag type confusion 2021-01-21 16:16:10 +00:00
keyctl.c security: keys: delete repeated words in comments 2021-01-21 16:16:09 +00:00
keyctl_pkey.c KEYS: fix length validation in keyctl_pkey_params_get_2() 2022-04-08 14:22:51 +02:00
keyring.c security: keys: delete repeated words in comments 2021-01-21 16:16:09 +00:00
permission.c keys: Make the KEY_NEED_* perms an enum rather than a mask 2020-05-19 15:42:22 +01:00
persistent.c Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs" 2019-07-10 18:43:43 -07:00
proc.c keys: Fix proc_keys_next to increase position index 2020-04-16 10:10:50 -07:00
process_keys.c ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring 2021-10-20 10:34:20 -05:00
request_key.c keys: Do not cache key in task struct if key is requested from kernel thread 2023-03-30 12:47:47 +02:00
request_key_auth.c KEYS: Don't write out to userspace while holding key semaphore 2020-03-29 12:40:41 +01:00
sysctl.c proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
user_defined.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00