)]}'
{
  "log": [
    {
      "commit": "cf8304e8f380903de3a15dc6ebd551c9e6cf1a21",
      "tree": "fe94f3ebb044b5026b1062631b2d89e77c8b674e",
      "parents": [
        "d9a9b4aeea334e7912ce3d878d7f5cc6fdf1ffe4"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Tue May 04 14:16:10 2010 +0100"
      },
      "committer": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Wed May 05 11:39:23 2010 +1000"
      },
      "message": "KEYS: Fix RCU handling in key_gc_keyring()\n\nkey_gc_keyring() needs to either hold the RCU read lock or hold the keyring\nsemaphore if it\u0027s going to scan the keyring\u0027s list.  Given that it only needs\nto read the key list, and it\u0027s doing so under a spinlock, the RCU read lock is\nthe thing to use.\n\nFurthermore, the RCU check added in e7b0a61b7929632d36cf052d9e2820ef0a9c1bfe is\nincorrect as holding the spinlock on key_serial_lock is not grounds for\nassuming a keyring\u0027s pointer list can be read safely.  Instead, a simple\nrcu_dereference() inside of the previously mentioned RCU read lock is what we\nwant.\n\nReported-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: \"Paul E. McKenney\" \u003cpaulmck@linux.vnet.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "e7b0a61b7929632d36cf052d9e2820ef0a9c1bfe",
      "tree": "69dbe6f03abc5a9ef0dea3a2c28921cebcc59a08",
      "parents": [
        "96be753af91fc9d582450a84722f6a6721d218ad"
      ],
      "author": {
        "name": "Paul E. McKenney",
        "email": "paulmck@linux.vnet.ibm.com",
        "time": "Mon Feb 22 17:04:56 2010 -0800"
      },
      "committer": {
        "name": "Ingo Molnar",
        "email": "mingo@elte.hu",
        "time": "Thu Feb 25 10:34:52 2010 +0100"
      },
      "message": "security: Apply lockdep-based checking to rcu_dereference() uses\n\nApply lockdep-ified RCU primitives to key_gc_keyring() and\nkeyring_destroy().\n\nCc: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nCc: laijs@cn.fujitsu.com\nCc: dipankar@in.ibm.com\nCc: mathieu.desnoyers@polymtl.ca\nCc: josh@joshtriplett.org\nCc: dvhltc@us.ibm.com\nCc: niv@us.ibm.com\nCc: peterz@infradead.org\nCc: rostedt@goodmis.org\nCc: Valdis.Kletnieks@vt.edu\nCc: dhowells@redhat.com\nLKML-Reference: \u003c1266887105-1528-12-git-send-email-paulmck@linux.vnet.ibm.com\u003e\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\n"
    },
    {
      "commit": "606531c316d30e9639473a6da09ee917125ab467",
      "tree": "b83f3d8d82597401bdee6a451facaa5c2de006d1",
      "parents": [
        "0afd9056f1b43c9fcbfdf933b263d72023d382fe"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Wed Sep 16 15:54:14 2009 +0100"
      },
      "committer": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Wed Sep 23 11:03:47 2009 -0700"
      },
      "message": "KEYS: Have the garbage collector set its timer for live expired keys\n\nThe key garbage collector sets a timer to start a new collection cycle at the\npoint the earliest key to expire should be considered garbage.  However, it\ncurrently only does this if the key it is considering hasn\u0027t yet expired.\n\nIf the key being considering has expired, but hasn\u0027t yet reached the collection\ntime then it is ignored, and won\u0027t be collected until some other key provokes a\nround of collection.\n\nMake the garbage collector set the timer for the earliest key that hasn\u0027t yet\npassed its collection time, rather than the earliest key that hasn\u0027t yet\nexpired.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "c08ef808ef24df32e25fbd949fe5310172f3c408",
      "tree": "12bae6fd48e1cdcc1b792c221376c727d9472cc6",
      "parents": [
        "5c84342a3e147a23752276650340801c237d0e56"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Mon Sep 14 17:26:13 2009 +0100"
      },
      "committer": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Tue Sep 15 09:11:02 2009 +1000"
      },
      "message": "KEYS: Fix garbage collector\n\nFix a number of problems with the new key garbage collector:\n\n (1) A rogue semicolon in keyring_gc() was causing the initial count of dead\n     keys to be miscalculated.\n\n (2) A missing return in keyring_gc() meant that under certain circumstances,\n     the keyring semaphore would be unlocked twice.\n\n (3) The key serial tree iterator (key_garbage_collector()) part of the garbage\n     collector has been modified to:\n\n     (a) Complete each scan of the keyrings before setting the new timer.\n\n     (b) Only set the new timer for keys that have yet to expire.  This means\n         that the new timer is now calculated correctly, and the gc doesn\u0027t\n         get into a loop continually scanning for keys that have expired, and\n         preventing other things from happening, like RCU cleaning up the old\n         keyring contents.\n\n     (c) Perform an extra scan if any keys were garbage collected in this one\n     \t as a key might become garbage during a scan, and (b) could mean we\n     \t don\u0027t set the timer again.\n\n (4) Made key_schedule_gc() take the time at which to do a collection run,\n     rather than the time at which the key expires.  This means the collection\n     of dead keys (key type unregistered) can happen immediately.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "ee18d64c1f632043a02e6f5ba5e045bb26a5465f",
      "tree": "80b5a4d530ec7d5fd69799920f0db7b78aba6b9d",
      "parents": [
        "d0420c83f39f79afb82010c2d2cafd150eef651b"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Wed Sep 02 09:14:21 2009 +0100"
      },
      "committer": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Wed Sep 02 21:29:22 2009 +1000"
      },
      "message": "KEYS: Add a keyctl to install a process\u0027s session keyring on its parent [try #6]\n\nAdd a keyctl to install a process\u0027s session keyring onto its parent.  This\nreplaces the parent\u0027s session keyring.  Because the COW credential code does\nnot permit one process to change another process\u0027s credentials directly, the\nchange is deferred until userspace next starts executing again.  Normally this\nwill be after a wait*() syscall.\n\nTo support this, three new security hooks have been provided:\ncred_alloc_blank() to allocate unset security creds, cred_transfer() to fill in\nthe blank security creds and key_session_to_parent() - which asks the LSM if\nthe process may replace its parent\u0027s session keyring.\n\nThe replacement may only happen if the process has the same ownership details\nas its parent, and the process has LINK permission on the session keyring, and\nthe session keyring is owned by the process, and the LSM permits it.\n\nNote that this requires alteration to each architecture\u0027s notify_resume path.\nThis has been done for all arches barring blackfin, m68k* and xtensa, all of\nwhich need assembly alteration to support TIF_NOTIFY_RESUME.  This allows the\nreplacement to be performed at the point the parent process resumes userspace\nexecution.\n\nThis allows the userspace AFS pioctl emulation to fully emulate newpag() and\nthe VIOCSETTOK and VIOCSETTOK2 pioctls, all of which require the ability to\nalter the parent process\u0027s PAG membership.  However, since kAFS doesn\u0027t use\nPAGs per se, but rather dumps the keys into the session keyring, the session\nkeyring of the parent must be replaced if, for example, VIOCSETTOK is passed\nthe newpag flag.\n\nThis can be tested with the following program:\n\n\t#include \u003cstdio.h\u003e\n\t#include \u003cstdlib.h\u003e\n\t#include \u003ckeyutils.h\u003e\n\n\t#define KEYCTL_SESSION_TO_PARENT\t18\n\n\t#define OSERROR(X, S) do { if ((long)(X) \u003d\u003d -1) { perror(S); exit(1); } } while(0)\n\n\tint main(int argc, char **argv)\n\t{\n\t\tkey_serial_t keyring, key;\n\t\tlong ret;\n\n\t\tkeyring \u003d keyctl_join_session_keyring(argv[1]);\n\t\tOSERROR(keyring, \"keyctl_join_session_keyring\");\n\n\t\tkey \u003d add_key(\"user\", \"a\", \"b\", 1, keyring);\n\t\tOSERROR(key, \"add_key\");\n\n\t\tret \u003d keyctl(KEYCTL_SESSION_TO_PARENT);\n\t\tOSERROR(ret, \"KEYCTL_SESSION_TO_PARENT\");\n\n\t\treturn 0;\n\t}\n\nCompiled and linked with -lkeyutils, you should see something like:\n\n\t[dhowells@andromeda ~]$ keyctl show\n\tSession Keyring\n\t       -3 --alswrv   4043  4043  keyring: _ses\n\t355907932 --alswrv   4043    -1   \\_ keyring: _uid.4043\n\t[dhowells@andromeda ~]$ /tmp/newpag\n\t[dhowells@andromeda ~]$ keyctl show\n\tSession Keyring\n\t       -3 --alswrv   4043  4043  keyring: _ses\n\t1055658746 --alswrv   4043  4043   \\_ user: a\n\t[dhowells@andromeda ~]$ /tmp/newpag hello\n\t[dhowells@andromeda ~]$ keyctl show\n\tSession Keyring\n\t       -3 --alswrv   4043  4043  keyring: hello\n\t340417692 --alswrv   4043  4043   \\_ user: a\n\nWhere the test program creates a new session keyring, sticks a user key named\n\u0027a\u0027 into it and then installs it on its parent.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    },
    {
      "commit": "5d135440faf7db8d566de0c6fab36b16cf9cfc3b",
      "tree": "d9c022e73ed51dfe5729fde9a97150cb64b68196",
      "parents": [
        "f041ae2f99d49adc914153a34a2d0e14e4389d90"
      ],
      "author": {
        "name": "David Howells",
        "email": "dhowells@redhat.com",
        "time": "Wed Sep 02 09:14:00 2009 +0100"
      },
      "committer": {
        "name": "James Morris",
        "email": "jmorris@namei.org",
        "time": "Wed Sep 02 21:29:11 2009 +1000"
      },
      "message": "KEYS: Add garbage collection for dead, revoked and expired keys. [try #6]\n\nAdd garbage collection for dead, revoked and expired keys.  This involved\nerasing all links to such keys from keyrings that point to them.  At that\npoint, the key will be deleted in the normal manner.\n\nKeyrings from which garbage collection occurs are shrunk and their quota\nconsumption reduced as appropriate.\n\nDead keys (for which the key type has been removed) will be garbage collected\nimmediately.\n\nRevoked and expired keys will hang around for a number of seconds, as set in\n/proc/sys/kernel/keys/gc_delay before being automatically removed.  The default\nis 5 minutes.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n"
    }
  ]
}