Re: [PATCH v2 1/2] KEYS: use synchronous task work for changing parent credentials

[PATCH v2 0/2] get rid of cred_transfer · Jann Horn <jannh@google.com> · 2024-08-05
[PATCH v2 1/2] KEYS: use synchronous task work for changing parent credentials · Jann Horn <jannh@google.com> · 2024-08-05
Re: [PATCH v2 1/2] KEYS: use synchronous task work for changing parent credentials · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-08-15
Can KEYCTL_SESSION_TO_PARENT be dropped entirely? -- was Re: [PATCH v2 1/2] KEYS: use synchronous task work for changing parent credentials · David Howells <dhowells@redhat.com> · 2024-08-15
Re: Can KEYCTL_SESSION_TO_PARENT be dropped entirely? -- was Re: [PATCH v2 1/2] KEYS: use synchronous task work for changing parent credentials · Jann Horn <jannh@google.com> · 2024-08-15
Re: Can KEYCTL_SESSION_TO_PARENT be dropped entirely? -- was Re: [PATCH v2 1/2] KEYS: use synchronous task work for changing parent credentials · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-08-16
Re: Can KEYCTL_SESSION_TO_PARENT be dropped entirely? -- was Re: [PATCH v2 1/2] KEYS: use synchronous task work for changing parent credentials · Paul Moore <paul@paul-moore.com> · 2024-09-10
Re: Can KEYCTL_SESSION_TO_PARENT be dropped entirely? -- was Re: [PATCH v2 1/2] KEYS: use synchronous task work for changing parent credentials · Paul Moore <paul@paul-moore.com> · 2024-09-16
Re: Can KEYCTL_SESSION_TO_PARENT be dropped entirely? -- was Re: [PATCH v2 1/2] KEYS: use synchronous task work for changing parent credentials · Jann Horn <jannh@google.com> · 2024-09-16
Re: [PATCH v2 1/2] KEYS: use synchronous task work for changing parent credentials · Paul Moore <paul@paul-moore.com> · 2024-09-10
Re: [PATCH v2 1/2] KEYS: use synchronous task work for changing parent credentials · Jann Horn <jannh@google.com> · 2024-09-10
[PATCH v2 2/2] security: remove unused cred_alloc_blank/cred_transfer helpers · Jann Horn <jannh@google.com> · 2024-08-05
Re: [PATCH v2 2/2] security: remove unused cred_alloc_blank/cred_transfer helpers · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-08-15

From: "Jarkko Sakkinen" <jarkko@kernel.org>
Date: 2024-08-15 18:10:29
Also in: keyrings, lkml, selinux

On Mon Aug 5, 2024 at 2:54 PM EEST, Jann Horn wrote:

keyctl_session_to_parent() involves posting task work to the parent task,
with work function key_change_session_keyring.
Because the task work in the parent runs asynchronously, no errors can be
returned back to the caller of keyctl_session_to_parent(), and therefore
the work function key_change_session_keyring() can't be allowed to fail due
to things like memory allocation failure or permission checks - all
allocations and checks have to happen in the child.

This is annoying for two reasons:

 - It is the only reason why cred_alloc_blank() and
   security_transfer_creds() are necessary.
 - It means we can't do synchronous permission checks.

I agree with this premise. Also I think the code change is reasonable.

I'd like to see a comment from David tho.

BR, Jarkko

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help