1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * Copyright (c) 2017 Google, Inc. 4 */ 5 6/* 7 * Regression test for commit c9f838d104fe ("KEYS: fix 8 * keyctl_set_reqkey_keyring() to not leak thread keyrings"), a.k.a. 9 * CVE-2017-7472. This bug could be used to exhaust kernel memory, though it 10 * would take a while to do that and it would grind the test suite to a halt. 11 * Instead we do a quick check for whether the existing thread keyring is 12 * replaced when the default request-key destination is set to the thread 13 * keyring. It shouldn't be, but before the fix it was (and the old thread 14 * keyring was leaked). 15 */ 16 17#include <errno.h> 18 19#include "tst_test.h" 20#include "lapi/keyctl.h" 21 22static void do_test(void) 23{ 24 key_serial_t tid_keyring; 25 26 TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_THREAD_KEYRING, 1)); 27 if (TST_RET < 0) 28 tst_brk(TBROK | TTERRNO, "failed to create thread keyring"); 29 tid_keyring = TST_RET; 30 31 TEST(keyctl(KEYCTL_SET_REQKEY_KEYRING, KEY_REQKEY_DEFL_THREAD_KEYRING)); 32 if (TST_RET < 0) 33 tst_brk(TBROK | TTERRNO, "failed to set reqkey keyring"); 34 35 TEST(keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_THREAD_KEYRING, 0)); 36 if (TST_RET < 0) 37 tst_brk(TBROK | TTERRNO, "failed to get thread keyring ID"); 38 if (TST_RET == tid_keyring) 39 tst_res(TPASS, "thread keyring was not leaked"); 40 else 41 tst_res(TFAIL, "thread keyring was leaked!"); 42} 43 44static struct tst_test test = { 45 .test_all = do_test, 46 .tags = (const struct tst_tag[]) { 47 {"CVE", "2017-7472"}, 48 {"linux-git", "c9f838d104fe"}, 49 {} 50 } 51}; 52