security/keys/process_keys.c at v5.0-rc3

tjh.dev / kernel
fork atom
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / security / keys / process_keys.c
at v5.0-rc3 890 lines 22 kB view raw
wrap content
  1/* Manage a process's keyrings
  2 *
  3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
  4 * Written by David Howells (dhowells@redhat.com)
  5 *
  6 * This program is free software; you can redistribute it and/or
  7 * modify it under the terms of the GNU General Public License
  8 * as published by the Free Software Foundation; either version
  9 * 2 of the License, or (at your option) any later version.
 10 */
 11
 12#include <linux/init.h>
 13#include <linux/sched.h>
 14#include <linux/sched/user.h>
 15#include <linux/keyctl.h>
 16#include <linux/fs.h>
 17#include <linux/err.h>
 18#include <linux/mutex.h>
 19#include <linux/security.h>
 20#include <linux/user_namespace.h>
 21#include <linux/uaccess.h>
 22#include "internal.h"
 23
 24/* Session keyring create vs join semaphore */
 25static DEFINE_MUTEX(key_session_mutex);
 26
 27/* User keyring creation semaphore */
 28static DEFINE_MUTEX(key_user_keyring_mutex);
 29
 30/* The root user's tracking struct */
 31struct key_user root_key_user = {
 32	.usage		= REFCOUNT_INIT(3),
 33	.cons_lock	= __MUTEX_INITIALIZER(root_key_user.cons_lock),
 34	.lock		= __SPIN_LOCK_UNLOCKED(root_key_user.lock),
 35	.nkeys		= ATOMIC_INIT(2),
 36	.nikeys		= ATOMIC_INIT(2),
 37	.uid		= GLOBAL_ROOT_UID,
 38};
 39
 40/*
 41 * Install the user and user session keyrings for the current process's UID.
 42 */
 43int install_user_keyrings(void)
 44{
 45	struct user_struct *user;
 46	const struct cred *cred;
 47	struct key *uid_keyring, *session_keyring;
 48	key_perm_t user_keyring_perm;
 49	char buf[20];
 50	int ret;
 51	uid_t uid;
 52
 53	user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
 54	cred = current_cred();
 55	user = cred->user;
 56	uid = from_kuid(cred->user_ns, user->uid);
 57
 58	kenter("%p{%u}", user, uid);
 59
 60	if (user->uid_keyring && user->session_keyring) {
 61		kleave(" = 0 [exist]");
 62		return 0;
 63	}
 64
 65	mutex_lock(&key_user_keyring_mutex);
 66	ret = 0;
 67
 68	if (!user->uid_keyring) {
 69		/* get the UID-specific keyring
 70		 * - there may be one in existence already as it may have been
 71		 *   pinned by a session, but the user_struct pointing to it
 72		 *   may have been destroyed by setuid */
 73		sprintf(buf, "_uid.%u", uid);
 74
 75		uid_keyring = find_keyring_by_name(buf, true);
 76		if (IS_ERR(uid_keyring)) {
 77			uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID,
 78						    cred, user_keyring_perm,
 79						    KEY_ALLOC_UID_KEYRING |
 80							KEY_ALLOC_IN_QUOTA,
 81						    NULL, NULL);
 82			if (IS_ERR(uid_keyring)) {
 83				ret = PTR_ERR(uid_keyring);
 84				goto error;
 85			}
 86		}
 87
 88		/* get a default session keyring (which might also exist
 89		 * already) */
 90		sprintf(buf, "_uid_ses.%u", uid);
 91
 92		session_keyring = find_keyring_by_name(buf, true);
 93		if (IS_ERR(session_keyring)) {
 94			session_keyring =
 95				keyring_alloc(buf, user->uid, INVALID_GID,
 96					      cred, user_keyring_perm,
 97					      KEY_ALLOC_UID_KEYRING |
 98						  KEY_ALLOC_IN_QUOTA,
 99					      NULL, NULL);
100			if (IS_ERR(session_keyring)) {
101				ret = PTR_ERR(session_keyring);
102				goto error_release;
103			}
104
105			/* we install a link from the user session keyring to
106			 * the user keyring */
107			ret = key_link(session_keyring, uid_keyring);
108			if (ret < 0)
109				goto error_release_both;
110		}
111
112		/* install the keyrings */
113		user->uid_keyring = uid_keyring;
114		user->session_keyring = session_keyring;
115	}
116
117	mutex_unlock(&key_user_keyring_mutex);
118	kleave(" = 0");
119	return 0;
120
121error_release_both:
122	key_put(session_keyring);
123error_release:
124	key_put(uid_keyring);
125error:
126	mutex_unlock(&key_user_keyring_mutex);
127	kleave(" = %d", ret);
128	return ret;
129}
130
131/*
132 * Install a thread keyring to the given credentials struct if it didn't have
133 * one already.  This is allowed to overrun the quota.
134 *
135 * Return: 0 if a thread keyring is now present; -errno on failure.
136 */
137int install_thread_keyring_to_cred(struct cred *new)
138{
139	struct key *keyring;
140
141	if (new->thread_keyring)
142		return 0;
143
144	keyring = keyring_alloc("_tid", new->uid, new->gid, new,
145				KEY_POS_ALL | KEY_USR_VIEW,
146				KEY_ALLOC_QUOTA_OVERRUN,
147				NULL, NULL);
148	if (IS_ERR(keyring))
149		return PTR_ERR(keyring);
150
151	new->thread_keyring = keyring;
152	return 0;
153}
154
155/*
156 * Install a thread keyring to the current task if it didn't have one already.
157 *
158 * Return: 0 if a thread keyring is now present; -errno on failure.
159 */
160static int install_thread_keyring(void)
161{
162	struct cred *new;
163	int ret;
164
165	new = prepare_creds();
166	if (!new)
167		return -ENOMEM;
168
169	ret = install_thread_keyring_to_cred(new);
170	if (ret < 0) {
171		abort_creds(new);
172		return ret;
173	}
174
175	return commit_creds(new);
176}
177
178/*
179 * Install a process keyring to the given credentials struct if it didn't have
180 * one already.  This is allowed to overrun the quota.
181 *
182 * Return: 0 if a process keyring is now present; -errno on failure.
183 */
184int install_process_keyring_to_cred(struct cred *new)
185{
186	struct key *keyring;
187
188	if (new->process_keyring)
189		return 0;
190
191	keyring = keyring_alloc("_pid", new->uid, new->gid, new,
192				KEY_POS_ALL | KEY_USR_VIEW,
193				KEY_ALLOC_QUOTA_OVERRUN,
194				NULL, NULL);
195	if (IS_ERR(keyring))
196		return PTR_ERR(keyring);
197
198	new->process_keyring = keyring;
199	return 0;
200}
201
202/*
203 * Install a process keyring to the current task if it didn't have one already.
204 *
205 * Return: 0 if a process keyring is now present; -errno on failure.
206 */
207static int install_process_keyring(void)
208{
209	struct cred *new;
210	int ret;
211
212	new = prepare_creds();
213	if (!new)
214		return -ENOMEM;
215
216	ret = install_process_keyring_to_cred(new);
217	if (ret < 0) {
218		abort_creds(new);
219		return ret;
220	}
221
222	return commit_creds(new);
223}
224
225/*
226 * Install the given keyring as the session keyring of the given credentials
227 * struct, replacing the existing one if any.  If the given keyring is NULL,
228 * then install a new anonymous session keyring.
229 *
230 * Return: 0 on success; -errno on failure.
231 */
232int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
233{
234	unsigned long flags;
235	struct key *old;
236
237	might_sleep();
238
239	/* create an empty session keyring */
240	if (!keyring) {
241		flags = KEY_ALLOC_QUOTA_OVERRUN;
242		if (cred->session_keyring)
243			flags = KEY_ALLOC_IN_QUOTA;
244
245		keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
246					KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
247					flags, NULL, NULL);
248		if (IS_ERR(keyring))
249			return PTR_ERR(keyring);
250	} else {
251		__key_get(keyring);
252	}
253
254	/* install the keyring */
255	old = cred->session_keyring;
256	rcu_assign_pointer(cred->session_keyring, keyring);
257
258	if (old)
259		key_put(old);
260
261	return 0;
262}
263
264/*
265 * Install the given keyring as the session keyring of the current task,
266 * replacing the existing one if any.  If the given keyring is NULL, then
267 * install a new anonymous session keyring.
268 *
269 * Return: 0 on success; -errno on failure.
270 */
271static int install_session_keyring(struct key *keyring)
272{
273	struct cred *new;
274	int ret;
275
276	new = prepare_creds();
277	if (!new)
278		return -ENOMEM;
279
280	ret = install_session_keyring_to_cred(new, keyring);
281	if (ret < 0) {
282		abort_creds(new);
283		return ret;
284	}
285
286	return commit_creds(new);
287}
288
289/*
290 * Handle the fsuid changing.
291 */
292void key_fsuid_changed(struct task_struct *tsk)
293{
294	/* update the ownership of the thread keyring */
295	BUG_ON(!tsk->cred);
296	if (tsk->cred->thread_keyring) {
297		down_write(&tsk->cred->thread_keyring->sem);
298		tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
299		up_write(&tsk->cred->thread_keyring->sem);
300	}
301}
302
303/*
304 * Handle the fsgid changing.
305 */
306void key_fsgid_changed(struct task_struct *tsk)
307{
308	/* update the ownership of the thread keyring */
309	BUG_ON(!tsk->cred);
310	if (tsk->cred->thread_keyring) {
311		down_write(&tsk->cred->thread_keyring->sem);
312		tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
313		up_write(&tsk->cred->thread_keyring->sem);
314	}
315}
316
317/*
318 * Search the process keyrings attached to the supplied cred for the first
319 * matching key.
320 *
321 * The search criteria are the type and the match function.  The description is
322 * given to the match function as a parameter, but doesn't otherwise influence
323 * the search.  Typically the match function will compare the description
324 * parameter to the key's description.
325 *
326 * This can only search keyrings that grant Search permission to the supplied
327 * credentials.  Keyrings linked to searched keyrings will also be searched if
328 * they grant Search permission too.  Keys can only be found if they grant
329 * Search permission to the credentials.
330 *
331 * Returns a pointer to the key with the key usage count incremented if
332 * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
333 * matched negative keys.
334 *
335 * In the case of a successful return, the possession attribute is set on the
336 * returned key reference.
337 */
338key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
339{
340	key_ref_t key_ref, ret, err;
341
342	/* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
343	 * searchable, but we failed to find a key or we found a negative key;
344	 * otherwise we want to return a sample error (probably -EACCES) if
345	 * none of the keyrings were searchable
346	 *
347	 * in terms of priority: success > -ENOKEY > -EAGAIN > other error
348	 */
349	key_ref = NULL;
350	ret = NULL;
351	err = ERR_PTR(-EAGAIN);
352
353	/* search the thread keyring first */
354	if (ctx->cred->thread_keyring) {
355		key_ref = keyring_search_aux(
356			make_key_ref(ctx->cred->thread_keyring, 1), ctx);
357		if (!IS_ERR(key_ref))
358			goto found;
359
360		switch (PTR_ERR(key_ref)) {
361		case -EAGAIN: /* no key */
362		case -ENOKEY: /* negative key */
363			ret = key_ref;
364			break;
365		default:
366			err = key_ref;
367			break;
368		}
369	}
370
371	/* search the process keyring second */
372	if (ctx->cred->process_keyring) {
373		key_ref = keyring_search_aux(
374			make_key_ref(ctx->cred->process_keyring, 1), ctx);
375		if (!IS_ERR(key_ref))
376			goto found;
377
378		switch (PTR_ERR(key_ref)) {
379		case -EAGAIN: /* no key */
380			if (ret)
381				break;
382		case -ENOKEY: /* negative key */
383			ret = key_ref;
384			break;
385		default:
386			err = key_ref;
387			break;
388		}
389	}
390
391	/* search the session keyring */
392	if (ctx->cred->session_keyring) {
393		rcu_read_lock();
394		key_ref = keyring_search_aux(
395			make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1),
396			ctx);
397		rcu_read_unlock();
398
399		if (!IS_ERR(key_ref))
400			goto found;
401
402		switch (PTR_ERR(key_ref)) {
403		case -EAGAIN: /* no key */
404			if (ret)
405				break;
406		case -ENOKEY: /* negative key */
407			ret = key_ref;
408			break;
409		default:
410			err = key_ref;
411			break;
412		}
413	}
414	/* or search the user-session keyring */
415	else if (ctx->cred->user->session_keyring) {
416		key_ref = keyring_search_aux(
417			make_key_ref(ctx->cred->user->session_keyring, 1),
418			ctx);
419		if (!IS_ERR(key_ref))
420			goto found;
421
422		switch (PTR_ERR(key_ref)) {
423		case -EAGAIN: /* no key */
424			if (ret)
425				break;
426		case -ENOKEY: /* negative key */
427			ret = key_ref;
428			break;
429		default:
430			err = key_ref;
431			break;
432		}
433	}
434
435	/* no key - decide on the error we're going to go for */
436	key_ref = ret ? ret : err;
437
438found:
439	return key_ref;
440}
441
442/*
443 * Search the process keyrings attached to the supplied cred for the first
444 * matching key in the manner of search_my_process_keyrings(), but also search
445 * the keys attached to the assumed authorisation key using its credentials if
446 * one is available.
447 *
448 * Return same as search_my_process_keyrings().
449 */
450key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
451{
452	struct request_key_auth *rka;
453	key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
454
455	might_sleep();
456
457	key_ref = search_my_process_keyrings(ctx);
458	if (!IS_ERR(key_ref))
459		goto found;
460	err = key_ref;
461
462	/* if this process has an instantiation authorisation key, then we also
463	 * search the keyrings of the process mentioned there
464	 * - we don't permit access to request_key auth keys via this method
465	 */
466	if (ctx->cred->request_key_auth &&
467	    ctx->cred == current_cred() &&
468	    ctx->index_key.type != &key_type_request_key_auth
469	    ) {
470		const struct cred *cred = ctx->cred;
471
472		/* defend against the auth key being revoked */
473		down_read(&cred->request_key_auth->sem);
474
475		if (key_validate(ctx->cred->request_key_auth) == 0) {
476			rka = ctx->cred->request_key_auth->payload.data[0];
477
478			ctx->cred = rka->cred;
479			key_ref = search_process_keyrings(ctx);
480			ctx->cred = cred;
481
482			up_read(&cred->request_key_auth->sem);
483
484			if (!IS_ERR(key_ref))
485				goto found;
486
487			ret = key_ref;
488		} else {
489			up_read(&cred->request_key_auth->sem);
490		}
491	}
492
493	/* no key - decide on the error we're going to go for */
494	if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
495		key_ref = ERR_PTR(-ENOKEY);
496	else if (err == ERR_PTR(-EACCES))
497		key_ref = ret;
498	else
499		key_ref = err;
500
501found:
502	return key_ref;
503}
504
505/*
506 * See if the key we're looking at is the target key.
507 */
508bool lookup_user_key_possessed(const struct key *key,
509			       const struct key_match_data *match_data)
510{
511	return key == match_data->raw_data;
512}
513
514/*
515 * Look up a key ID given us by userspace with a given permissions mask to get
516 * the key it refers to.
517 *
518 * Flags can be passed to request that special keyrings be created if referred
519 * to directly, to permit partially constructed keys to be found and to skip
520 * validity and permission checks on the found key.
521 *
522 * Returns a pointer to the key with an incremented usage count if successful;
523 * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
524 * to a key or the best found key was a negative key; -EKEYREVOKED or
525 * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
526 * found key doesn't grant the requested permit or the LSM denied access to it;
527 * or -ENOMEM if a special keyring couldn't be created.
528 *
529 * In the case of a successful return, the possession attribute is set on the
530 * returned key reference.
531 */
532key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
533			  key_perm_t perm)
534{
535	struct keyring_search_context ctx = {
536		.match_data.cmp		= lookup_user_key_possessed,
537		.match_data.lookup_type	= KEYRING_SEARCH_LOOKUP_DIRECT,
538		.flags			= KEYRING_SEARCH_NO_STATE_CHECK,
539	};
540	struct request_key_auth *rka;
541	struct key *key;
542	key_ref_t key_ref, skey_ref;
543	int ret;
544
545try_again:
546	ctx.cred = get_current_cred();
547	key_ref = ERR_PTR(-ENOKEY);
548
549	switch (id) {
550	case KEY_SPEC_THREAD_KEYRING:
551		if (!ctx.cred->thread_keyring) {
552			if (!(lflags & KEY_LOOKUP_CREATE))
553				goto error;
554
555			ret = install_thread_keyring();
556			if (ret < 0) {
557				key_ref = ERR_PTR(ret);
558				goto error;
559			}
560			goto reget_creds;
561		}
562
563		key = ctx.cred->thread_keyring;
564		__key_get(key);
565		key_ref = make_key_ref(key, 1);
566		break;
567
568	case KEY_SPEC_PROCESS_KEYRING:
569		if (!ctx.cred->process_keyring) {
570			if (!(lflags & KEY_LOOKUP_CREATE))
571				goto error;
572
573			ret = install_process_keyring();
574			if (ret < 0) {
575				key_ref = ERR_PTR(ret);
576				goto error;
577			}
578			goto reget_creds;
579		}
580
581		key = ctx.cred->process_keyring;
582		__key_get(key);
583		key_ref = make_key_ref(key, 1);
584		break;
585
586	case KEY_SPEC_SESSION_KEYRING:
587		if (!ctx.cred->session_keyring) {
588			/* always install a session keyring upon access if one
589			 * doesn't exist yet */
590			ret = install_user_keyrings();
591			if (ret < 0)
592				goto error;
593			if (lflags & KEY_LOOKUP_CREATE)
594				ret = join_session_keyring(NULL);
595			else
596				ret = install_session_keyring(
597					ctx.cred->user->session_keyring);
598
599			if (ret < 0)
600				goto error;
601			goto reget_creds;
602		} else if (ctx.cred->session_keyring ==
603			   ctx.cred->user->session_keyring &&
604			   lflags & KEY_LOOKUP_CREATE) {
605			ret = join_session_keyring(NULL);
606			if (ret < 0)
607				goto error;
608			goto reget_creds;
609		}
610
611		rcu_read_lock();
612		key = rcu_dereference(ctx.cred->session_keyring);
613		__key_get(key);
614		rcu_read_unlock();
615		key_ref = make_key_ref(key, 1);
616		break;
617
618	case KEY_SPEC_USER_KEYRING:
619		if (!ctx.cred->user->uid_keyring) {
620			ret = install_user_keyrings();
621			if (ret < 0)
622				goto error;
623		}
624
625		key = ctx.cred->user->uid_keyring;
626		__key_get(key);
627		key_ref = make_key_ref(key, 1);
628		break;
629
630	case KEY_SPEC_USER_SESSION_KEYRING:
631		if (!ctx.cred->user->session_keyring) {
632			ret = install_user_keyrings();
633			if (ret < 0)
634				goto error;
635		}
636
637		key = ctx.cred->user->session_keyring;
638		__key_get(key);
639		key_ref = make_key_ref(key, 1);
640		break;
641
642	case KEY_SPEC_GROUP_KEYRING:
643		/* group keyrings are not yet supported */
644		key_ref = ERR_PTR(-EINVAL);
645		goto error;
646
647	case KEY_SPEC_REQKEY_AUTH_KEY:
648		key = ctx.cred->request_key_auth;
649		if (!key)
650			goto error;
651
652		__key_get(key);
653		key_ref = make_key_ref(key, 1);
654		break;
655
656	case KEY_SPEC_REQUESTOR_KEYRING:
657		if (!ctx.cred->request_key_auth)
658			goto error;
659
660		down_read(&ctx.cred->request_key_auth->sem);
661		if (test_bit(KEY_FLAG_REVOKED,
662			     &ctx.cred->request_key_auth->flags)) {
663			key_ref = ERR_PTR(-EKEYREVOKED);
664			key = NULL;
665		} else {
666			rka = ctx.cred->request_key_auth->payload.data[0];
667			key = rka->dest_keyring;
668			__key_get(key);
669		}
670		up_read(&ctx.cred->request_key_auth->sem);
671		if (!key)
672			goto error;
673		key_ref = make_key_ref(key, 1);
674		break;
675
676	default:
677		key_ref = ERR_PTR(-EINVAL);
678		if (id < 1)
679			goto error;
680
681		key = key_lookup(id);
682		if (IS_ERR(key)) {
683			key_ref = ERR_CAST(key);
684			goto error;
685		}
686
687		key_ref = make_key_ref(key, 0);
688
689		/* check to see if we possess the key */
690		ctx.index_key.type		= key->type;
691		ctx.index_key.description	= key->description;
692		ctx.index_key.desc_len		= strlen(key->description);
693		ctx.match_data.raw_data		= key;
694		kdebug("check possessed");
695		skey_ref = search_process_keyrings(&ctx);
696		kdebug("possessed=%p", skey_ref);
697
698		if (!IS_ERR(skey_ref)) {
699			key_put(key);
700			key_ref = skey_ref;
701		}
702
703		break;
704	}
705
706	/* unlink does not use the nominated key in any way, so can skip all
707	 * the permission checks as it is only concerned with the keyring */
708	if (lflags & KEY_LOOKUP_FOR_UNLINK) {
709		ret = 0;
710		goto error;
711	}
712
713	if (!(lflags & KEY_LOOKUP_PARTIAL)) {
714		ret = wait_for_key_construction(key, true);
715		switch (ret) {
716		case -ERESTARTSYS:
717			goto invalid_key;
718		default:
719			if (perm)
720				goto invalid_key;
721		case 0:
722			break;
723		}
724	} else if (perm) {
725		ret = key_validate(key);
726		if (ret < 0)
727			goto invalid_key;
728	}
729
730	ret = -EIO;
731	if (!(lflags & KEY_LOOKUP_PARTIAL) &&
732	    key_read_state(key) == KEY_IS_UNINSTANTIATED)
733		goto invalid_key;
734
735	/* check the permissions */
736	ret = key_task_permission(key_ref, ctx.cred, perm);
737	if (ret < 0)
738		goto invalid_key;
739
740	key->last_used_at = ktime_get_real_seconds();
741
742error:
743	put_cred(ctx.cred);
744	return key_ref;
745
746invalid_key:
747	key_ref_put(key_ref);
748	key_ref = ERR_PTR(ret);
749	goto error;
750
751	/* if we attempted to install a keyring, then it may have caused new
752	 * creds to be installed */
753reget_creds:
754	put_cred(ctx.cred);
755	goto try_again;
756}
757EXPORT_SYMBOL(lookup_user_key);
758
759/*
760 * Join the named keyring as the session keyring if possible else attempt to
761 * create a new one of that name and join that.
762 *
763 * If the name is NULL, an empty anonymous keyring will be installed as the
764 * session keyring.
765 *
766 * Named session keyrings are joined with a semaphore held to prevent the
767 * keyrings from going away whilst the attempt is made to going them and also
768 * to prevent a race in creating compatible session keyrings.
769 */
770long join_session_keyring(const char *name)
771{
772	const struct cred *old;
773	struct cred *new;
774	struct key *keyring;
775	long ret, serial;
776
777	new = prepare_creds();
778	if (!new)
779		return -ENOMEM;
780	old = current_cred();
781
782	/* if no name is provided, install an anonymous keyring */
783	if (!name) {
784		ret = install_session_keyring_to_cred(new, NULL);
785		if (ret < 0)
786			goto error;
787
788		serial = new->session_keyring->serial;
789		ret = commit_creds(new);
790		if (ret == 0)
791			ret = serial;
792		goto okay;
793	}
794
795	/* allow the user to join or create a named keyring */
796	mutex_lock(&key_session_mutex);
797
798	/* look for an existing keyring of this name */
799	keyring = find_keyring_by_name(name, false);
800	if (PTR_ERR(keyring) == -ENOKEY) {
801		/* not found - try and create a new one */
802		keyring = keyring_alloc(
803			name, old->uid, old->gid, old,
804			KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
805			KEY_ALLOC_IN_QUOTA, NULL, NULL);
806		if (IS_ERR(keyring)) {
807			ret = PTR_ERR(keyring);
808			goto error2;
809		}
810	} else if (IS_ERR(keyring)) {
811		ret = PTR_ERR(keyring);
812		goto error2;
813	} else if (keyring == new->session_keyring) {
814		ret = 0;
815		goto error3;
816	}
817
818	/* we've got a keyring - now to install it */
819	ret = install_session_keyring_to_cred(new, keyring);
820	if (ret < 0)
821		goto error3;
822
823	commit_creds(new);
824	mutex_unlock(&key_session_mutex);
825
826	ret = keyring->serial;
827	key_put(keyring);
828okay:
829	return ret;
830
831error3:
832	key_put(keyring);
833error2:
834	mutex_unlock(&key_session_mutex);
835error:
836	abort_creds(new);
837	return ret;
838}
839
840/*
841 * Replace a process's session keyring on behalf of one of its children when
842 * the target  process is about to resume userspace execution.
843 */
844void key_change_session_keyring(struct callback_head *twork)
845{
846	const struct cred *old = current_cred();
847	struct cred *new = container_of(twork, struct cred, rcu);
848
849	if (unlikely(current->flags & PF_EXITING)) {
850		put_cred(new);
851		return;
852	}
853
854	new->  uid	= old->  uid;
855	new-> euid	= old-> euid;
856	new-> suid	= old-> suid;
857	new->fsuid	= old->fsuid;
858	new->  gid	= old->  gid;
859	new-> egid	= old-> egid;
860	new-> sgid	= old-> sgid;
861	new->fsgid	= old->fsgid;
862	new->user	= get_uid(old->user);
863	new->user_ns	= get_user_ns(old->user_ns);
864	new->group_info	= get_group_info(old->group_info);
865
866	new->securebits	= old->securebits;
867	new->cap_inheritable	= old->cap_inheritable;
868	new->cap_permitted	= old->cap_permitted;
869	new->cap_effective	= old->cap_effective;
870	new->cap_ambient	= old->cap_ambient;
871	new->cap_bset		= old->cap_bset;
872
873	new->jit_keyring	= old->jit_keyring;
874	new->thread_keyring	= key_get(old->thread_keyring);
875	new->process_keyring	= key_get(old->process_keyring);
876
877	security_transfer_creds(new, old);
878
879	commit_creds(new);
880}
881
882/*
883 * Make sure that root's user and user-session keyrings exist.
884 */
885static int __init init_root_keyring(void)
886{
887	return install_user_keyrings();
888}
889
890late_initcall(init_root_keyring);