1 files changed, 16 insertions, 0 deletions

diff --git a/kernel/user.c b/kernel/user.c
index 523175afeecd..693487dc940e 100644
--- a/kernel/user.c
+++ b/kernel/user.c
@@ -12,6 +12,7 @@
 #include <linux/sched.h>
 #include <linux/slab.h>
 #include <linux/bitops.h>
+#include <linux/key.h>
 
 /*
  * UID task count cache, to get fast user lookup in "alloc_uid"
@@ -34,6 +35,10 @@ struct user_struct root_user = {
 	.sigpending	= ATOMIC_INIT(0),
 	.mq_bytes	= 0,
 	.locked_shm     = 0,
+#ifdef CONFIG_KEYS
+	.uid_keyring	= &root_user_keyring,
+	.session_keyring = &root_session_keyring,
+#endif
 };
 
 /*
@@ -87,6 +92,8 @@ void free_uid(struct user_struct *up)
 {
 	if (up && atomic_dec_and_lock(&up->__count, &uidhash_lock)) {
 		uid_hash_remove(up);
+		key_put(up->uid_keyring);
+		key_put(up->session_keyring);
 		kmem_cache_free(uid_cachep, up);
 		spin_unlock(&uidhash_lock);
 	}
@@ -116,6 +123,11 @@ struct user_struct * alloc_uid(uid_t uid)
 		new->mq_bytes = 0;
 		new->locked_shm = 0;
 
+		if (alloc_uid_keyring(new) < 0) {
+			kmem_cache_free(uid_cachep, new);
+			return NULL;
+		}
+
 		/*
 		 * Before adding this, check whether we raced
 		 * on adding the same user already..
@@ -123,6 +135,8 @@ struct user_struct * alloc_uid(uid_t uid)
 		spin_lock(&uidhash_lock);
 		up = uid_hash_find(uid, hashent);
 		if (up) {
+			key_put(new->uid_keyring);
+			key_put(new->session_keyring);
 			kmem_cache_free(uid_cachep, new);
 		} else {
 			uid_hash_insert(new, hashent);
@@ -146,8 +160,10 @@ void switch_uid(struct user_struct *new_user)
 	old_user = current->user;
 	atomic_inc(&new_user->processes);
 	atomic_dec(&old_user->processes);
+	switch_uid_keyring(new_user);
 	current->user = new_user;
 	free_uid(old_user);
+	suid_keys(current);
 }