+++ This bug was initially created as a clone of Bug #164979 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.4; Linux) KHTML/3.4.0 (like Gecko)

Description of problem:
If a request is made to join a named session keyring, but that keyring does 
not exist, then if the syscall fails to allocate a keyring it'll return an 
error without dropping the semaphore it was holding. 
 
This can only be encountered in a few ways: ENOMEM, key quota full, empty 
keyring name or keyring name too long; most of which are unlikely, 

Version-Release number of selected component (if applicable):
kernel-2.6.9-11.38.EL

How reproducible:
Always

Steps to Reproduce:
1. keyctl session "" /bin/true   
2. Any valid keyctl session command 
   

Actual Results:  Command (2) hangs in the D state. 

Expected Results:  Command (2) should exit with an error or go into the new session as 
appropriate. 

Additional info:

Any user can use this command. Whilst the keyctl program could be made to 
validate the argument to prevent accidental incurment, it's still possible to 
suffer from ENOMEM and EDQUOT errors, and it's possible to bypass keyctl 
entirely and invoke the keyctl() system call directly.