[PATCH 5.10 101/589] rxrpc: Fix key quota calculation for multitoken keys
Ben Hutchings
ben at decadent.org.uk
Sun May 31 06:20:20 PDT 2026
On Sat, 2026-05-30 at 17:59 +0200, Greg Kroah-Hartman wrote:
> 5.10-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: David Howells <dhowells at redhat.com>
>
> [ Upstream commit bdbfead6d38979475df0c2f4bad2b19394fe9bdc ]
>
> In the rxrpc key preparsing, every token extracted sets the proposed quota
> value, but for multitoken keys, this will overwrite the previous proposed
> quota, losing it.
>
> Fix this by adding to the proposed quota instead.
>
> Fixes: 8a7a3eb4ddbe ("KEYS: RxRPC: Use key preparsing")
> Closes: https://sashiko.dev/#/patchset/20260319150150.4189381-1-dhowells%40redhat.com
> Signed-off-by: David Howells <dhowells at redhat.com>
> cc: Marc Dionne <marc.dionne at auristor.com>
> cc: Jeffrey Altman <jaltman at auristor.com>
> cc: Simon Horman <horms at kernel.org>
> cc: linux-afs at lists.infradead.org
> cc: stable at kernel.org
> Link: https://patch.msgid.link/20260408121252.2249051-2-dhowells@redhat.com
> Signed-off-by: Jakub Kicinski <kuba at kernel.org>
> [ dropped hunk for rxrpc_preparse_xdr_yfs_rxgk() ]
Indeed 5.10 does not have that key type, but it does have
rxrpc_preparse_xdr_rxk5() which I think also needs to be updated.
Ben.
> Signed-off-by: Sasha Levin <sashal at kernel.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
> ---
> net/rxrpc/key.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> --- a/net/rxrpc/key.c
> +++ b/net/rxrpc/key.c
> @@ -108,7 +108,7 @@ static int rxrpc_preparse_xdr_rxkad(stru
> return -EKEYREJECTED;
>
> plen = sizeof(*token) + sizeof(*token->kad) + tktlen;
> - prep->quotalen = datalen + plen;
> + prep->quotalen += datalen + plen;
>
> plen -= sizeof(*token);
> token = kzalloc(sizeof(*token), GFP_KERNEL);
> @@ -718,6 +718,7 @@ static int rxrpc_preparse(struct key_pre
> memcpy(&kver, prep->data, sizeof(kver));
> prep->data += sizeof(kver);
> prep->datalen -= sizeof(kver);
> + prep->quotalen = 0;
>
> _debug("KEY I/F VERSION: %u", kver);
>
> @@ -755,7 +756,7 @@ static int rxrpc_preparse(struct key_pre
> goto error;
>
> plen = sizeof(*token->kad) + v1->ticket_length;
> - prep->quotalen = plen + sizeof(*token);
> + prep->quotalen += plen + sizeof(*token);
>
> ret = -ENOMEM;
> token = kzalloc(sizeof(*token), GFP_KERNEL);
>
>
--
Ben Hutchings
Time is nature's way of making sure that
everything doesn't happen at once.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.infradead.org/pipermail/linux-afs/attachments/20260531/d525c0d7/attachment.sig>
More information about the linux-afs
mailing list