Don't count root session keyrings against quota

AFS PAM modules can call setpag() as root, regardless of the UID being authenticated. This leads to the session keyring being created using roots quota - on some systems (RHEL5) this quota is both small, and of a fixed size. Modify our keyring allocation code so that when a keyring is created by root, we don't do any quota checks. Change-Id: I2ee151ec1166a78475047bffd2c1d31f45e8dbdf Reported-by: Rainer Toebbicke <rtb@pclella.cern.ch> Reviewed-on: http://gerrit.openafs.org/1577 Tested-by: Rainer Toebbicke <rtb@pclella.cern.ch> Reviewed-by: Derrick Brashear <shadow@dementia.org>
2025-01-19 07:20:11 +00:00 · 2010-03-17 11:56:12 +00:00 · 2010-03-17 11:56:12 +00:00 · c4537f0442
commit c4537f0442
parent e2134caed1
1 changed files with 10 additions and 1 deletions
--- a/src/afs/LINUX/osi_groups.c
+++ b/src/afs/LINUX/osi_groups.c
@ -174,6 +174,7 @@ install_session_keyring(struct key *keyring)
    struct key *old;
    char desc[20];
    int code = -EINVAL;
+    int flags;

    if (!__key_type_keyring)
 	return code;
@ -183,11 +184,19 @@ install_session_keyring(struct key *keyring)
 	/* create an empty session keyring */
 	sprintf(desc, "_ses.%u", current->tgid);

+	/* if we're root, don't count the keyring against our quota. This
+	 * avoids starvation issues when dealing with PAM modules that always
+	 * setpag() as root */
+	if (current_uid() == 0)
+	    flags = KEY_ALLOC_NOT_IN_QUOTA;
+	else
+	    flags = KEY_ALLOC_IN_QUOTA;
+
 	keyring = afs_linux_key_alloc(
 			    __key_type_keyring, desc,
 			    current_uid(), current_gid(),
 			    (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL,
-			    KEY_ALLOC_IN_QUOTA);
+			    flags);

 	if (IS_ERR(keyring)) {
 	    code = PTR_ERR(keyring);