keys: Enforce keep guard when moving keys

[PATCH v2 0/2] keys: Enforce keep guard when moving keys

Liu Mingyu posted 2 patches 1 week ago

Download series mbox

Documentation/security/keys/core.rst |   1 +
security/keys/Kconfig                |  13 +++
security/keys/Makefile               |   1 +
security/keys/keyctl.c               |   2 +
security/keys/keyring.c              |   7 +-
security/keys/keyring_test.c         | 121 +++++++++++++++++++++++++++
6 files changed, 144 insertions(+), 1 deletion(-)
create mode 100644 security/keys/keyring_test.c

Expand all Fold all

[PATCH v2 0/2] keys: Enforce keep guard when moving keys

Posted by Liu Mingyu 1 week ago

Split the KEYCTL_MOVE fix from its KUnit coverage so the fix can be
backported without pulling in the test module.

Patch 1 enforces the KEEP removal guard in key_move() and documents the
new -EPERM return path. Patch 2 adds KUnit coverage for the normal move,
protected rejection and same-keyring no-op paths.

Changes in v2:
- Split KUnit coverage into a separate patch as requested by Jarkko.
- Keep the fix patch limited to code and documentation for backporting.
- Add a stable Cc trailer to the fix patch.

Mingyu Liu (2):
  keys: Enforce keep guard when moving keys
  keys: Add KUnit coverage for KEYCTL_MOVE keep guard

 Documentation/security/keys/core.rst |   1 +
 security/keys/Kconfig                |  13 +++
 security/keys/Makefile               |   1 +
 security/keys/keyctl.c               |   2 +
 security/keys/keyring.c              |   7 +-
 security/keys/keyring_test.c         | 121 +++++++++++++++++++++++++++
 6 files changed, 144 insertions(+), 1 deletion(-)
 create mode 100644 security/keys/keyring_test.c


base-commit: 8fde5d1d47f69db6082dfa34500c27f8485389a5
-- 
2.51.2.windows.1