Linux: Don't panic when keys aren't found
authorSimon Wilkinson <sxw@inf.ed.ac.uk>
Sat, 19 Dec 2009 15:40:49 +0000 (15:40 +0000)
committerDerrick Brashear <shadow|account-1000005@unknown>
Sat, 19 Dec 2009 16:36:25 +0000 (08:36 -0800)
This fixes two potential problems in our session keyring lookup code,
which can lead to panics in situations where we're using the new struct
cred based code.

The first is that if there is no session kerying installed for the
current task, we'll attempt to do a lookup on a NULL kerying and oops.

The second is that if the keyring_search returns EPERM, then we can end
up unmasking that error code, and return NULL, rather than an error.

Change-Id: If0e2804408ec17b00f352980cee6a8e56704d93f
Reviewed-on: http://gerrit.openafs.org/1004
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Tested-by: Marc Dionne <marc.c.dionne@gmail.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>

src/afs/LINUX/osi_groups.c

index 8c86eef..891cf07 100644 (file)
@@ -562,8 +562,19 @@ osi_get_keyring_pag(afs_ucred_t *cred)
 
 #if defined(STRUCT_TASK_HAS_CRED)
        /* If we have a kernel cred, search the passed credentials */
-       key = key_ref_to_ptr(keyring_search(make_key_ref(cred->tgcred->session_keyring, 1),
-               &key_type_afs_pag, "_pag"));
+       if (cred->tgcred->session_keyring) {
+           key_ref_t key_ref;
+
+           key_ref = keyring_search(
+                         make_key_ref(cred->tgcred->session_keyring, 1),
+                         &key_type_afs_pag, "_pag");
+           if (IS_ERR(key_ref))
+               key = ERR_CAST(key_ref);
+           else
+               key = key_ref_to_ptr(key_ref);
+       } else {
+           key = ERR_PTR(-ENOKEY);
+       }
 #else
        /* Search the keyrings of the current process */
        key = request_key(&key_type_afs_pag, "_pag", NULL);