android_kernel_samsung_msm8976/security
Eric Biggers 6ecf74942f KEYS: allow reaching the keys quotas exactly
commit a08bf91ce28ed3ae7b6fef35d843fef8dc8c2cd9 upstream.

If the sysctl 'kernel.keys.maxkeys' is set to some number n, then
actually users can only add up to 'n - 1' keys.  Likewise for
'kernel.keys.maxbytes' and the root_* versions of these sysctls.  But
these sysctls are apparently supposed to be *maximums*, as per their
names and all documentation I could find -- the keyrings(7) man page,
Documentation/security/keys/core.rst, and all the mentions of EDQUOT
meaning that the key quota was *exceeded* (as opposed to reached).

Thus, fix the code to allow reaching the quotas exactly.

Fixes: 0b77f5bfb4 ("keys: make the keyring quotas controllable through /proc/sys")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-07-27 22:08:29 +02:00
..
apparmor
integrity
keys KEYS: allow reaching the keys quotas exactly 2019-07-27 22:08:29 +02:00
mstdrv Import latest Samsung release 2017-04-18 03:43:52 +02:00
sdp security: sdp: Missing line return 2019-07-27 21:45:57 +02:00
selinux selinux: fix GPF on invalid policy 2019-07-27 21:53:36 +02:00
smack
tima_uevent Import latest Samsung release 2017-04-18 03:43:52 +02:00
tomoyo
tz_iccc Import latest Samsung release 2017-04-18 03:43:52 +02:00
yama
capability.c Add security hooks to binder and implement the hooks for SELinux. 2018-02-06 13:12:15 +01:00
commoncap.c BACKPORT: commoncap: don't alloc the credential unless needed in cap_task_prctl 2018-02-06 13:12:16 +01:00
device_cgroup.c
inode.c vfs: Add permission2 for filesystems with per mount permissions 2018-02-06 13:12:19 +01:00
Kconfig Import latest Samsung release 2017-04-18 03:43:52 +02:00
lsm_audit.c BACKPORT: audit: consistently record PIDs with task_tgid_nr() 2019-07-27 21:50:56 +02:00
Makefile Import latest Samsung release 2017-04-18 03:43:52 +02:00
min_addr.c
security.c Add security hooks to binder and implement the hooks for SELinux. 2018-02-06 13:12:15 +01:00