tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
KEYS: Merge the type-specific data with the payload data
Merge the type-specific data with the payload data into one four-word chunk
as it seems pointless to keep them separate.
Use user_key_payload() for accessing the payloads of overloaded
user-defined keys.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: linux-cifs@vger.kernel.org
cc: ecryptfs@vger.kernel.org
cc: linux-ext4@vger.kernel.org
cc: linux-f2fs-devel@lists.sourceforge.net
cc: linux-nfs@vger.kernel.org
cc: ceph-devel@vger.kernel.org
cc: linux-ima-devel@lists.sourceforge.net
+286
-230
+13
-12
Documentation/crypto/asymmetric-keys.txt
+13
-12
Documentation/crypto/asymmetric-keys.txt
···
186
186
const struct public_key_signature *sig);
187
187
};
188
188
189
-
Asymmetric keys point to this with their type_data[0] member.
189
+
Asymmetric keys point to this with their payload[asym_subtype] member.
190
190
191
191
The owner and name fields should be set to the owning module and the name of
192
192
the subtype. Currently, the name is only used for print statements.
···
269
269
270
270
struct key_preparsed_payload {
271
271
char *description;
272
-
void *type_data[2];
273
-
void *payload;
272
+
void *payload[4];
274
273
const void *data;
275
274
size_t datalen;
276
275
size_t quotalen;
···
282
283
not theirs.
283
284
284
285
If the parser is happy with the blob, it should propose a description for
285
-
the key and attach it to ->description, ->type_data[0] should be set to
286
-
point to the subtype to be used, ->payload should be set to point to the
287
-
initialised data for that subtype, ->type_data[1] should point to a hex
288
-
fingerprint and quotalen should be updated to indicate how much quota this
289
-
key should account for.
286
+
the key and attach it to ->description, ->payload[asym_subtype] should be
287
+
set to point to the subtype to be used, ->payload[asym_crypto] should be
288
+
set to point to the initialised data for that subtype,
289
+
->payload[asym_key_ids] should point to one or more hex fingerprints and
290
+
quotalen should be updated to indicate how much quota this key should
291
+
account for.
290
292
291
-
When clearing up, the data attached to ->type_data[1] and ->description
292
-
will be kfree()'d and the data attached to ->payload will be passed to the
293
-
subtype's ->destroy() method to be disposed of. A module reference for
294
-
the subtype pointed to by ->type_data[0] will be put.
293
+
When clearing up, the data attached to ->payload[asym_key_ids] and
294
+
->description will be kfree()'d and the data attached to
295
+
->payload[asm_crypto] will be passed to the subtype's ->destroy() method
296
+
to be disposed of. A module reference for the subtype pointed to by
297
+
->payload[asym_subtype] will be put.
295
298
296
299
297
300
If the data format is not recognised, -EBADMSG should be returned. If it
+25
-16
Documentation/security/keys.txt
+25
-16
Documentation/security/keys.txt
···
1049
1049
NOTES ON ACCESSING PAYLOAD CONTENTS
1050
1050
===================================
1051
1051
1052
-
The simplest payload is just a number in key->payload.value. In this case,
1053
-
there's no need to indulge in RCU or locking when accessing the payload.
1052
+
The simplest payload is just data stored in key->payload directly. In this
1053
+
case, there's no need to indulge in RCU or locking when accessing the payload.
1054
1054
1055
-
More complex payload contents must be allocated and a pointer to them set in
1056
-
key->payload.data. One of the following ways must be selected to access the
1057
-
data:
1055
+
More complex payload contents must be allocated and pointers to them set in the
1056
+
key->payload.data[] array. One of the following ways must be selected to
1057
+
access the data:
1058
1058
1059
1059
(1) Unmodifiable key type.
1060
1060
···
1091
1091
use of call_rcu() and, if the payload is of variable size, the length of
1092
1092
the payload. key->datalen cannot be relied upon to be consistent with the
1093
1093
payload just dereferenced if the key's semaphore is not held.
1094
+
1095
+
Note that key->payload.data[0] has a shadow that is marked for __rcu
1096
+
usage. This is called key->payload.rcu_data0. The following accessors
1097
+
wrap the RCU calls to this element:
1098
+
1099
+
rcu_assign_keypointer(struct key *key, void *data);
1100
+
void *rcu_dereference_key(struct key *key);
1094
1101
1095
1102
1096
1103
===================
···
1150
1143
1151
1144
struct key_preparsed_payload {
1152
1145
char *description;
1153
-
void *type_data[2];
1154
-
void *payload;
1146
+
union key_payload payload;
1155
1147
const void *data;
1156
1148
size_t datalen;
1157
1149
size_t quotalen;
···
1166
1160
attached as a string to the description field. This will be used for the
1167
1161
key description if the caller of add_key() passes NULL or "".
1168
1162
1169
-
The method can attach anything it likes to type_data[] and payload. These
1170
-
are merely passed along to the instantiate() or update() operations. If
1171
-
set, the expiry time will be applied to the key if it is instantiated from
1172
-
this data.
1163
+
The method can attach anything it likes to payload. This is merely passed
1164
+
along to the instantiate() or update() operations. If set, the expiry
1165
+
time will be applied to the key if it is instantiated from this data.
1173
1166
1174
1167
The method should return 0 if successful or a negative error code
1175
1168
otherwise.
···
1177
1172
(*) void (*free_preparse)(struct key_preparsed_payload *prep);
1178
1173
1179
1174
This method is only required if the preparse() method is provided,
1180
-
otherwise it is unused. It cleans up anything attached to the
1181
-
description, type_data and payload fields of the key_preparsed_payload
1182
-
struct as filled in by the preparse() method. It will always be called
1183
-
after preparse() returns successfully, even if instantiate() or update()
1184
-
succeed.
1175
+
otherwise it is unused. It cleans up anything attached to the description
1176
+
and payload fields of the key_preparsed_payload struct as filled in by the
1177
+
preparse() method. It will always be called after preparse() returns
1178
+
successfully, even if instantiate() or update() succeed.
1185
1179
1186
1180
1187
1181
(*) int (*instantiate)(struct key *key, struct key_preparsed_payload *prep);
···
1200
1196
anything else from gaining access to the key.
1201
1197
1202
1198
It is safe to sleep in this method.
1199
+
1200
+
generic_key_instantiate() is provided to simply copy the data from
1201
+
prep->payload.data[] to key->payload.data[], with RCU-safe assignment on
1202
+
the first element. It will then clear prep->payload.data[] so that the
1203
+
free_preparse method doesn't release the data.
1203
1204
1204
1205
1205
1206
(*) int (*update)(struct key *key, const void *data, size_t datalen);
-5
crypto/asymmetric_keys/asymmetric_keys.h
-5
crypto/asymmetric_keys/asymmetric_keys.h
+27
-19
crypto/asymmetric_keys/asymmetric_type.c
+27
-19
crypto/asymmetric_keys/asymmetric_type.c
···
307
307
}
308
308
309
309
/*
310
-
* Clean up the preparse data
310
+
* Clean up the key ID list
311
311
*/
312
-
static void asymmetric_key_free_preparse(struct key_preparsed_payload *prep)
312
+
static void asymmetric_key_free_kids(struct asymmetric_key_ids *kids)
313
313
{
314
-
struct asymmetric_key_subtype *subtype = prep->type_data[0];
315
-
struct asymmetric_key_ids *kids = prep->type_data[1];
316
314
int i;
317
315
318
-
pr_devel("==>%s()\n", __func__);
319
-
320
-
if (subtype) {
321
-
subtype->destroy(prep->payload[0]);
322
-
module_put(subtype->owner);
323
-
}
324
316
if (kids) {
325
317
for (i = 0; i < ARRAY_SIZE(kids->id); i++)
326
318
kfree(kids->id[i]);
327
319
kfree(kids);
328
320
}
321
+
}
322
+
323
+
/*
324
+
* Clean up the preparse data
325
+
*/
326
+
static void asymmetric_key_free_preparse(struct key_preparsed_payload *prep)
327
+
{
328
+
struct asymmetric_key_subtype *subtype = prep->payload.data[asym_subtype];
329
+
struct asymmetric_key_ids *kids = prep->payload.data[asym_key_ids];
330
+
331
+
pr_devel("==>%s()\n", __func__);
332
+
333
+
if (subtype) {
334
+
subtype->destroy(prep->payload.data[asym_crypto]);
335
+
module_put(subtype->owner);
336
+
}
337
+
asymmetric_key_free_kids(kids);
329
338
kfree(prep->description);
330
339
}
331
340
···
344
335
static void asymmetric_key_destroy(struct key *key)
345
336
{
346
337
struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key);
347
-
struct asymmetric_key_ids *kids = key->type_data.p[1];
338
+
struct asymmetric_key_ids *kids = key->payload.data[asym_key_ids];
339
+
void *data = key->payload.data[asym_crypto];
340
+
341
+
key->payload.data[asym_crypto] = NULL;
342
+
key->payload.data[asym_subtype] = NULL;
343
+
key->payload.data[asym_key_ids] = NULL;
348
344
349
345
if (subtype) {
350
-
subtype->destroy(key->payload.data);
346
+
subtype->destroy(data);
351
347
module_put(subtype->owner);
352
-
key->type_data.p[0] = NULL;
353
348
}
354
349
355
-
if (kids) {
356
-
kfree(kids->id[0]);
357
-
kfree(kids->id[1]);
358
-
kfree(kids);
359
-
key->type_data.p[1] = NULL;
360
-
}
350
+
asymmetric_key_free_kids(kids);
361
351
}
362
352
363
353
struct key_type key_type_asymmetric = {
+2
-2
crypto/asymmetric_keys/public_key.c
+2
-2
crypto/asymmetric_keys/public_key.c
···
49
49
static void public_key_describe(const struct key *asymmetric_key,
50
50
struct seq_file *m)
51
51
{
52
-
struct public_key *key = asymmetric_key->payload.data;
52
+
struct public_key *key = asymmetric_key->payload.data[asym_crypto];
53
53
54
54
if (key)
55
55
seq_printf(m, "%s.%s",
···
112
112
static int public_key_verify_signature_2(const struct key *key,
113
113
const struct public_key_signature *sig)
114
114
{
115
-
const struct public_key *pk = key->payload.data;
115
+
const struct public_key *pk = key->payload.data[asym_crypto];
116
116
return public_key_verify_signature(pk, sig);
117
117
}
118
118
+1
-1
crypto/asymmetric_keys/signature.c
+1
-1
crypto/asymmetric_keys/signature.c
+1
crypto/asymmetric_keys/x509_parser.h
+1
crypto/asymmetric_keys/x509_parser.h
+5
-4
crypto/asymmetric_keys/x509_public_key.c
+5
-4
crypto/asymmetric_keys/x509_public_key.c
···
266
266
if (!IS_ERR(key)) {
267
267
if (!use_builtin_keys
268
268
|| test_bit(KEY_FLAG_BUILTIN, &key->flags))
269
-
ret = x509_check_signature(key->payload.data, cert);
269
+
ret = x509_check_signature(key->payload.data[asym_crypto],
270
+
cert);
270
271
key_put(key);
271
272
}
272
273
return ret;
···
353
352
354
353
/* We're pinning the module by being linked against it */
355
354
__module_get(public_key_subtype.owner);
356
-
prep->type_data[0] = &public_key_subtype;
357
-
prep->type_data[1] = kids;
358
-
prep->payload[0] = cert->pub;
355
+
prep->payload.data[asym_subtype] = &public_key_subtype;
356
+
prep->payload.data[asym_key_ids] = kids;
357
+
prep->payload.data[asym_crypto] = cert->pub;
359
358
prep->description = desc;
360
359
prep->quotalen = 100;
361
360
+3
-3
fs/cifs/cifs_spnego.c
+3
-3
fs/cifs/cifs_spnego.c
···
42
42
goto error;
43
43
44
44
/* attach the data */
45
-
key->payload.data = payload;
45
+
key->payload.data[0] = payload;
46
46
ret = 0;
47
47
48
48
error:
···
52
52
static void
53
53
cifs_spnego_key_destroy(struct key *key)
54
54
{
55
-
kfree(key->payload.data);
55
+
kfree(key->payload.data[0]);
56
56
}
57
57
58
58
···
167
167
168
168
#ifdef CONFIG_CIFS_DEBUG2
169
169
if (cifsFYI && !IS_ERR(spnego_key)) {
170
-
struct cifs_spnego_msg *msg = spnego_key->payload.data;
170
+
struct cifs_spnego_msg *msg = spnego_key->payload.data[0];
171
171
cifs_dump_mem("SPNEGO reply blob:", msg->data, min(1024U,
172
172
msg->secblob_len + msg->sesskey_len));
173
173
}
+12
-13
fs/cifs/cifsacl.c
+12
-13
fs/cifs/cifsacl.c
···
58
58
* dereference payload.data!
59
59
*/
60
60
if (prep->datalen <= sizeof(key->payload)) {
61
-
key->payload.value = 0;
62
-
memcpy(&key->payload.value, prep->data, prep->datalen);
63
-
key->datalen = prep->datalen;
64
-
return 0;
61
+
key->payload.data[0] = NULL;
62
+
memcpy(&key->payload, prep->data, prep->datalen);
63
+
} else {
64
+
payload = kmemdup(prep->data, prep->datalen, GFP_KERNEL);
65
+
if (!payload)
66
+
return -ENOMEM;
67
+
key->payload.data[0] = payload;
65
68
}
66
-
payload = kmemdup(prep->data, prep->datalen, GFP_KERNEL);
67
-
if (!payload)
68
-
return -ENOMEM;
69
69
70
-
key->payload.data = payload;
71
70
key->datalen = prep->datalen;
72
71
return 0;
73
72
}
···
75
76
cifs_idmap_key_destroy(struct key *key)
76
77
{
77
78
if (key->datalen > sizeof(key->payload))
78
-
kfree(key->payload.data);
79
+
kfree(key->payload.data[0]);
79
80
}
80
81
81
82
static struct key_type cifs_idmap_key_type = {
···
232
233
* it could be.
233
234
*/
234
235
ksid = sidkey->datalen <= sizeof(sidkey->payload) ?
235
-
(struct cifs_sid *)&sidkey->payload.value :
236
-
(struct cifs_sid *)sidkey->payload.data;
236
+
(struct cifs_sid *)&sidkey->payload :
237
+
(struct cifs_sid *)sidkey->payload.data[0];
237
238
238
239
ksid_size = CIFS_SID_BASE_SIZE + (ksid->num_subauth * sizeof(__le32));
239
240
if (ksid_size > sidkey->datalen) {
···
306
307
if (sidtype == SIDOWNER) {
307
308
kuid_t uid;
308
309
uid_t id;
309
-
memcpy(&id, &sidkey->payload.value, sizeof(uid_t));
310
+
memcpy(&id, &sidkey->payload.data[0], sizeof(uid_t));
310
311
uid = make_kuid(&init_user_ns, id);
311
312
if (uid_valid(uid))
312
313
fuid = uid;
313
314
} else {
314
315
kgid_t gid;
315
316
gid_t id;
316
-
memcpy(&id, &sidkey->payload.value, sizeof(gid_t));
317
+
memcpy(&id, &sidkey->payload.data[0], sizeof(gid_t));
317
318
gid = make_kgid(&init_user_ns, id);
318
319
if (gid_valid(gid))
319
320
fgid = gid;
+5
-4
fs/cifs/connect.c
+5
-4
fs/cifs/connect.c
···
2325
2325
cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses)
2326
2326
{
2327
2327
int rc = 0;
2328
-
char *desc, *delim, *payload;
2328
+
const char *delim, *payload;
2329
+
char *desc;
2329
2330
ssize_t len;
2330
2331
struct key *key;
2331
2332
struct TCP_Server_Info *server = ses->server;
2332
2333
struct sockaddr_in *sa;
2333
2334
struct sockaddr_in6 *sa6;
2334
-
struct user_key_payload *upayload;
2335
+
const struct user_key_payload *upayload;
2335
2336
2336
2337
desc = kmalloc(CIFSCREDS_DESC_SIZE, GFP_KERNEL);
2337
2338
if (!desc)
···
2375
2374
}
2376
2375
2377
2376
down_read(&key->sem);
2378
-
upayload = key->payload.data;
2377
+
upayload = user_key_payload(key);
2379
2378
if (IS_ERR_OR_NULL(upayload)) {
2380
2379
rc = upayload ? PTR_ERR(upayload) : -EINVAL;
2381
2380
goto out_key_put;
2382
2381
}
2383
2382
2384
2383
/* find first : in payload */
2385
-
payload = (char *)upayload->data;
2384
+
payload = upayload->data;
2386
2385
delim = strnchr(payload, upayload->datalen, ':');
2387
2386
cifs_dbg(FYI, "payload=%s\n", payload);
2388
2387
if (!delim) {
+1
-1
fs/cifs/sess.c
+1
-1
fs/cifs/sess.c
+1
-1
fs/cifs/smb2pdu.c
+1
-1
fs/cifs/smb2pdu.c
+2
-3
fs/ecryptfs/ecryptfs_kernel.h
+2
-3
fs/ecryptfs/ecryptfs_kernel.h
···
86
86
{
87
87
if (key->type == &key_type_encrypted)
88
88
return (struct ecryptfs_auth_tok *)
89
-
(&((struct encrypted_key_payload *)key->payload.data)->payload_data);
89
+
(&((struct encrypted_key_payload *)key->payload.data[0])->payload_data);
90
90
else
91
91
return NULL;
92
92
}
···
117
117
118
118
auth_tok = ecryptfs_get_encrypted_key_payload_data(key);
119
119
if (!auth_tok)
120
-
return (struct ecryptfs_auth_tok *)
121
-
(((struct user_key_payload *)key->payload.data)->data);
120
+
return (struct ecryptfs_auth_tok *)user_key_payload(key)->data;
122
121
else
123
122
return auth_tok;
124
123
}
+2
-2
fs/ext4/crypto_key.c
+2
-2
fs/ext4/crypto_key.c
···
121
121
struct key *keyring_key = NULL;
122
122
struct ext4_encryption_key *master_key;
123
123
struct ext4_encryption_context ctx;
124
-
struct user_key_payload *ukp;
124
+
const struct user_key_payload *ukp;
125
125
struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
126
126
struct crypto_ablkcipher *ctfm;
127
127
const char *cipher_str;
···
209
209
}
210
210
crypt_info->ci_keyring_key = keyring_key;
211
211
BUG_ON(keyring_key->type != &key_type_logon);
212
-
ukp = ((struct user_key_payload *)keyring_key->payload.data);
212
+
ukp = user_key_payload(keyring_key);
213
213
if (ukp->datalen != sizeof(struct ext4_encryption_key)) {
214
214
res = -EINVAL;
215
215
goto out;
+2
-2
fs/f2fs/crypto_key.c
+2
-2
fs/f2fs/crypto_key.c
···
122
122
struct key *keyring_key = NULL;
123
123
struct f2fs_encryption_key *master_key;
124
124
struct f2fs_encryption_context ctx;
125
-
struct user_key_payload *ukp;
125
+
const struct user_key_payload *ukp;
126
126
struct crypto_ablkcipher *ctfm;
127
127
const char *cipher_str;
128
128
char raw_key[F2FS_MAX_KEY_SIZE];
···
199
199
}
200
200
crypt_info->ci_keyring_key = keyring_key;
201
201
BUG_ON(keyring_key->type != &key_type_logon);
202
-
ukp = ((struct user_key_payload *)keyring_key->payload.data);
202
+
ukp = user_key_payload(keyring_key);
203
203
if (ukp->datalen != sizeof(struct f2fs_encryption_key)) {
204
204
res = -EINVAL;
205
205
goto out;
+2
-2
fs/fscache/object-list.c
+2
-2
fs/fscache/object-list.c
···
316
316
static void fscache_objlist_config(struct fscache_objlist_data *data)
317
317
{
318
318
#ifdef CONFIG_KEYS
319
-
struct user_key_payload *confkey;
319
+
const struct user_key_payload *confkey;
320
320
unsigned long config;
321
321
struct key *key;
322
322
const char *buf;
···
329
329
config = 0;
330
330
rcu_read_lock();
331
331
332
-
confkey = key->payload.data;
332
+
confkey = user_key_payload(key);
333
333
buf = confkey->data;
334
334
335
335
for (len = confkey->datalen - 1; len >= 0; len--) {
+2
-2
fs/nfs/nfs4idmap.c
+2
-2
fs/nfs/nfs4idmap.c
···
297
297
{
298
298
const struct cred *saved_cred;
299
299
struct key *rkey;
300
-
struct user_key_payload *payload;
300
+
const struct user_key_payload *payload;
301
301
ssize_t ret;
302
302
303
303
saved_cred = override_creds(id_resolver_cache);
···
316
316
if (ret < 0)
317
317
goto out_up;
318
318
319
-
payload = rcu_dereference(rkey->payload.rcudata);
319
+
payload = user_key_payload(rkey);
320
320
if (IS_ERR_OR_NULL(payload)) {
321
321
ret = PTR_ERR(payload);
322
322
goto out_up;
-1
include/crypto/public_key.h
-1
include/crypto/public_key.h
+1
-1
include/keys/asymmetric-subtype.h
+1
-1
include/keys/asymmetric-subtype.h
+15
include/keys/asymmetric-type.h
+15
include/keys/asymmetric-type.h
···
19
19
extern struct key_type key_type_asymmetric;
20
20
21
21
/*
22
+
* The key payload is four words. The asymmetric-type key uses them as
23
+
* follows:
24
+
*/
25
+
enum asymmetric_payload_bits {
26
+
asym_crypto,
27
+
asym_subtype,
28
+
asym_key_ids,
29
+
};
30
+
31
+
/*
22
32
* Identifiers for an asymmetric key ID. We have three ways of looking up a
23
33
* key derived from an X.509 certificate:
24
34
*
···
68
58
size_t len_1,
69
59
const void *val_2,
70
60
size_t len_2);
61
+
static inline
62
+
const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
63
+
{
64
+
return key->payload.data[asym_key_ids];
65
+
}
71
66
72
67
/*
73
68
* The payload is at the discretion of the subtype.
+8
include/keys/user-type.h
+8
include/keys/user-type.h
···
15
15
#include <linux/key.h>
16
16
#include <linux/rcupdate.h>
17
17
18
+
#ifdef CONFIG_KEYS
19
+
18
20
/*****************************************************************************/
19
21
/*
20
22
* the payload for a key of type "user" or "logon"
···
48
46
extern long user_read(const struct key *key,
49
47
char __user *buffer, size_t buflen);
50
48
49
+
static inline const struct user_key_payload *user_key_payload(const struct key *key)
50
+
{
51
+
return (struct user_key_payload *)rcu_dereference_key(key);
52
+
}
53
+
54
+
#endif /* CONFIG_KEYS */
51
55
52
56
#endif /* _KEYS_USER_TYPE_H */
+1
-2
include/linux/key-type.h
+1
-2
include/linux/key-type.h
···
40
40
*/
41
41
struct key_preparsed_payload {
42
42
char *description; /* Proposed key description (or NULL) */
43
-
void *type_data[2]; /* Private key-type data */
44
-
void *payload[2]; /* Proposed payload */
43
+
union key_payload payload; /* Proposed payload */
45
44
const void *data; /* Raw data */
46
45
size_t datalen; /* Raw datalen */
47
46
size_t quotalen; /* Quota length for proposed payload */
+14
-19
include/linux/key.h
+14
-19
include/linux/key.h
···
89
89
size_t desc_len;
90
90
};
91
91
92
+
union key_payload {
93
+
void __rcu *rcu_data0;
94
+
void *data[4];
95
+
};
96
+
92
97
/*****************************************************************************/
93
98
/*
94
99
* key reference with possession attribute handling
···
191
186
};
192
187
};
193
188
194
-
/* type specific data
195
-
* - this is used by the keyring type to index the name
196
-
*/
197
-
union {
198
-
struct list_head link;
199
-
unsigned long x[2];
200
-
void *p[2];
201
-
int reject_error;
202
-
} type_data;
203
-
204
189
/* key data
205
190
* - this is used to hold the data actually used in cryptography or
206
191
* whatever
207
192
*/
208
193
union {
209
-
union {
210
-
unsigned long value;
211
-
void __rcu *rcudata;
212
-
void *data;
213
-
void *data2[2];
214
-
} payload;
215
-
struct assoc_array keys;
194
+
union key_payload payload;
195
+
struct {
196
+
/* Keyring bits */
197
+
struct list_head name_link;
198
+
struct assoc_array keys;
199
+
};
200
+
int reject_error;
216
201
};
217
202
};
218
203
···
331
336
}
332
337
333
338
#define rcu_dereference_key(KEY) \
334
-
(rcu_dereference_protected((KEY)->payload.rcudata, \
339
+
(rcu_dereference_protected((KEY)->payload.rcu_data0, \
335
340
rwsem_is_locked(&((struct key *)(KEY))->sem)))
336
341
337
342
#define rcu_assign_keypointer(KEY, PAYLOAD) \
338
343
do { \
339
-
rcu_assign_pointer((KEY)->payload.rcudata, (PAYLOAD)); \
344
+
rcu_assign_pointer((KEY)->payload.rcu_data0, (PAYLOAD)); \
340
345
} while (0)
341
346
342
347
#ifdef CONFIG_SYSCTL
+1
kernel/module_signing.c
+1
kernel/module_signing.c
+4
-3
lib/digsig.c
+4
-3
lib/digsig.c
···
79
79
unsigned char *out1 = NULL;
80
80
const char *m;
81
81
MPI in = NULL, res = NULL, pkey[2];
82
-
uint8_t *p, *datap, *endp;
83
-
struct user_key_payload *ukp;
82
+
uint8_t *p, *datap;
83
+
const uint8_t *endp;
84
+
const struct user_key_payload *ukp;
84
85
struct pubkey_hdr *pkh;
85
86
86
87
down_read(&key->sem);
87
-
ukp = key->payload.data;
88
+
ukp = user_key_payload(key);
88
89
89
90
if (ukp->datalen < sizeof(*pkh))
90
91
goto err1;
+1
-1
net/ceph/ceph_common.c
+1
-1
net/ceph/ceph_common.c
+3
-3
net/ceph/crypto.c
+3
-3
net/ceph/crypto.c
···
537
537
if (ret < 0)
538
538
goto err_ckey;
539
539
540
-
prep->payload[0] = ckey;
540
+
prep->payload.data[0] = ckey;
541
541
prep->quotalen = datalen;
542
542
return 0;
543
543
···
549
549
550
550
static void ceph_key_free_preparse(struct key_preparsed_payload *prep)
551
551
{
552
-
struct ceph_crypto_key *ckey = prep->payload[0];
552
+
struct ceph_crypto_key *ckey = prep->payload.data[0];
553
553
ceph_crypto_key_destroy(ckey);
554
554
kfree(ckey);
555
555
}
556
556
557
557
static void ceph_key_destroy(struct key *key)
558
558
{
559
-
struct ceph_crypto_key *ckey = key->payload.data;
559
+
struct ceph_crypto_key *ckey = key->payload.data[0];
560
560
561
561
ceph_crypto_key_destroy(ckey);
562
562
kfree(ckey);
+11
-9
net/dns_resolver/dns_key.c
+11
-9
net/dns_resolver/dns_key.c
···
122
122
goto bad_option_value;
123
123
124
124
kdebug("dns error no. = %lu", derrno);
125
-
prep->type_data[0] = ERR_PTR(-derrno);
125
+
prep->payload.data[dns_key_error] = ERR_PTR(-derrno);
126
126
continue;
127
127
}
128
128
···
137
137
138
138
/* don't cache the result if we're caching an error saying there's no
139
139
* result */
140
-
if (prep->type_data[0]) {
141
-
kleave(" = 0 [h_error %ld]", PTR_ERR(prep->type_data[0]));
140
+
if (prep->payload.data[dns_key_error]) {
141
+
kleave(" = 0 [h_error %ld]", PTR_ERR(prep->payload.data[dns_key_error]));
142
142
return 0;
143
143
}
144
144
···
155
155
memcpy(upayload->data, data, result_len);
156
156
upayload->data[result_len] = '\0';
157
157
158
-
prep->payload[0] = upayload;
158
+
prep->payload.data[dns_key_data] = upayload;
159
159
kleave(" = 0");
160
160
return 0;
161
161
}
···
167
167
{
168
168
pr_devel("==>%s()\n", __func__);
169
169
170
-
kfree(prep->payload[0]);
170
+
kfree(prep->payload.data[dns_key_data]);
171
171
}
172
172
173
173
/*
···
223
223
*/
224
224
static void dns_resolver_describe(const struct key *key, struct seq_file *m)
225
225
{
226
-
int err = key->type_data.x[0];
227
-
228
226
seq_puts(m, key->description);
229
227
if (key_is_instantiated(key)) {
228
+
int err = PTR_ERR(key->payload.data[dns_key_error]);
229
+
230
230
if (err)
231
231
seq_printf(m, ": %d", err);
232
232
else
···
241
241
static long dns_resolver_read(const struct key *key,
242
242
char __user *buffer, size_t buflen)
243
243
{
244
-
if (key->type_data.x[0])
245
-
return key->type_data.x[0];
244
+
int err = PTR_ERR(key->payload.data[dns_key_error]);
245
+
246
+
if (err)
247
+
return err;
246
248
247
249
return user_read(key, buffer, buflen);
248
250
}
+3
-4
net/dns_resolver/dns_query.c
+3
-4
net/dns_resolver/dns_query.c
···
70
70
const char *options, char **_result, time_t *_expiry)
71
71
{
72
72
struct key *rkey;
73
-
struct user_key_payload *upayload;
73
+
const struct user_key_payload *upayload;
74
74
const struct cred *saved_cred;
75
75
size_t typelen, desclen;
76
76
char *desc, *cp;
···
137
137
goto put;
138
138
139
139
/* If the DNS server gave an error, return that to the caller */
140
-
ret = rkey->type_data.x[0];
140
+
ret = PTR_ERR(rkey->payload.data[dns_key_error]);
141
141
if (ret)
142
142
goto put;
143
143
144
-
upayload = rcu_dereference_protected(rkey->payload.data,
145
-
lockdep_is_held(&rkey->sem));
144
+
upayload = user_key_payload(rkey);
146
145
len = upayload->datalen;
147
146
148
147
ret = -ENOMEM;
+8
net/dns_resolver/internal.h
+8
net/dns_resolver/internal.h
+1
-1
net/rxrpc/af_rxrpc.c
+1
-1
net/rxrpc/af_rxrpc.c
+16
-16
net/rxrpc/ar-key.c
+16
-16
net/rxrpc/ar-key.c
···
148
148
token->kad->ticket[6], token->kad->ticket[7]);
149
149
150
150
/* count the number of tokens attached */
151
-
prep->type_data[0] = (void *)((unsigned long)prep->type_data[0] + 1);
151
+
prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1);
152
152
153
153
/* attach the data */
154
-
for (pptoken = (struct rxrpc_key_token **)&prep->payload[0];
154
+
for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0];
155
155
*pptoken;
156
156
pptoken = &(*pptoken)->next)
157
157
continue;
···
522
522
goto inval;
523
523
524
524
/* attach the payload */
525
-
for (pptoken = (struct rxrpc_key_token **)&prep->payload[0];
525
+
for (pptoken = (struct rxrpc_key_token **)&prep->payload.data[0];
526
526
*pptoken;
527
527
pptoken = &(*pptoken)->next)
528
528
continue;
···
764
764
memcpy(&token->kad->ticket, v1->ticket, v1->ticket_length);
765
765
766
766
/* count the number of tokens attached */
767
-
prep->type_data[0] = (void *)((unsigned long)prep->type_data[0] + 1);
767
+
prep->payload.data[1] = (void *)((unsigned long)prep->payload.data[1] + 1);
768
768
769
769
/* attach the data */
770
-
pp = (struct rxrpc_key_token **)&prep->payload[0];
770
+
pp = (struct rxrpc_key_token **)&prep->payload.data[0];
771
771
while (*pp)
772
772
pp = &(*pp)->next;
773
773
*pp = token;
···
814
814
*/
815
815
static void rxrpc_free_preparse(struct key_preparsed_payload *prep)
816
816
{
817
-
rxrpc_free_token_list(prep->payload[0]);
817
+
rxrpc_free_token_list(prep->payload.data[0]);
818
818
}
819
819
820
820
/*
···
831
831
if (prep->datalen != 8)
832
832
return -EINVAL;
833
833
834
-
memcpy(&prep->type_data, prep->data, 8);
834
+
memcpy(&prep->payload.data[2], prep->data, 8);
835
835
836
836
ci = crypto_alloc_blkcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC);
837
837
if (IS_ERR(ci)) {
···
842
842
if (crypto_blkcipher_setkey(ci, prep->data, 8) < 0)
843
843
BUG();
844
844
845
-
prep->payload[0] = ci;
845
+
prep->payload.data[0] = ci;
846
846
_leave(" = 0");
847
847
return 0;
848
848
}
···
852
852
*/
853
853
static void rxrpc_free_preparse_s(struct key_preparsed_payload *prep)
854
854
{
855
-
if (prep->payload[0])
856
-
crypto_free_blkcipher(prep->payload[0]);
855
+
if (prep->payload.data[0])
856
+
crypto_free_blkcipher(prep->payload.data[0]);
857
857
}
858
858
859
859
/*
···
861
861
*/
862
862
static void rxrpc_destroy(struct key *key)
863
863
{
864
-
rxrpc_free_token_list(key->payload.data);
864
+
rxrpc_free_token_list(key->payload.data[0]);
865
865
}
866
866
867
867
/*
···
869
869
*/
870
870
static void rxrpc_destroy_s(struct key *key)
871
871
{
872
-
if (key->payload.data) {
873
-
crypto_free_blkcipher(key->payload.data);
874
-
key->payload.data = NULL;
872
+
if (key->payload.data[0]) {
873
+
crypto_free_blkcipher(key->payload.data[0]);
874
+
key->payload.data[0] = NULL;
875
875
}
876
876
}
877
877
···
1070
1070
size += 1 * 4; /* token count */
1071
1071
1072
1072
ntoks = 0;
1073
-
for (token = key->payload.data; token; token = token->next) {
1073
+
for (token = key->payload.data[0]; token; token = token->next) {
1074
1074
toksize = 4; /* sec index */
1075
1075
1076
1076
switch (token->security_index) {
···
1163
1163
ENCODE(ntoks);
1164
1164
1165
1165
tok = 0;
1166
-
for (token = key->payload.data; token; token = token->next) {
1166
+
for (token = key->payload.data[0]; token; token = token->next) {
1167
1167
toksize = toksizes[tok++];
1168
1168
ENCODE(toksize);
1169
1169
oldxdr = xdr;
+1
-1
net/rxrpc/ar-output.c
+1
-1
net/rxrpc/ar-output.c
+2
-2
net/rxrpc/ar-security.c
+2
-2
net/rxrpc/ar-security.c
+8
-8
net/rxrpc/rxkad.c
+8
-8
net/rxrpc/rxkad.c
···
67
67
68
68
_enter("{%d},{%x}", conn->debug_id, key_serial(conn->key));
69
69
70
-
token = conn->key->payload.data;
70
+
token = conn->key->payload.data[0];
71
71
conn->security_ix = token->security_index;
72
72
73
73
ci = crypto_alloc_blkcipher("pcbc(fcrypt)", 0, CRYPTO_ALG_ASYNC);
···
125
125
if (!conn->key)
126
126
return;
127
127
128
-
token = conn->key->payload.data;
128
+
token = conn->key->payload.data[0];
129
129
memcpy(&iv, token->kad->session_key, sizeof(iv));
130
130
131
131
desc.tfm = conn->cipher;
···
221
221
rxkhdr.checksum = 0;
222
222
223
223
/* encrypt from the session key */
224
-
token = call->conn->key->payload.data;
224
+
token = call->conn->key->payload.data[0];
225
225
memcpy(&iv, token->kad->session_key, sizeof(iv));
226
226
desc.tfm = call->conn->cipher;
227
227
desc.info = iv.x;
···
433
433
skb_to_sgvec(skb, sg, 0, skb->len);
434
434
435
435
/* decrypt from the session key */
436
-
token = call->conn->key->payload.data;
436
+
token = call->conn->key->payload.data[0];
437
437
memcpy(&iv, token->kad->session_key, sizeof(iv));
438
438
desc.tfm = call->conn->cipher;
439
439
desc.info = iv.x;
···
780
780
if (conn->security_level < min_level)
781
781
goto protocol_error;
782
782
783
-
token = conn->key->payload.data;
783
+
token = conn->key->payload.data[0];
784
784
785
785
/* build the response packet */
786
786
memset(&resp, 0, sizeof(resp));
···
848
848
}
849
849
}
850
850
851
-
ASSERT(conn->server_key->payload.data != NULL);
851
+
ASSERT(conn->server_key->payload.data[0] != NULL);
852
852
ASSERTCMP((unsigned long) ticket & 7UL, ==, 0);
853
853
854
-
memcpy(&iv, &conn->server_key->type_data, sizeof(iv));
854
+
memcpy(&iv, &conn->server_key->payload.data[2], sizeof(iv));
855
855
856
-
desc.tfm = conn->server_key->payload.data;
856
+
desc.tfm = conn->server_key->payload.data[0];
857
857
desc.info = iv.x;
858
858
desc.flags = 0;
859
859
+1
-1
security/integrity/evm/evm_crypto.c
+1
-1
security/integrity/evm/evm_crypto.c
+31
-16
security/keys/big_key.c
+31
-16
security/keys/big_key.c
···
21
21
MODULE_LICENSE("GPL");
22
22
23
23
/*
24
+
* Layout of key payload words.
25
+
*/
26
+
enum {
27
+
big_key_data,
28
+
big_key_path,
29
+
big_key_path_2nd_part,
30
+
big_key_len,
31
+
};
32
+
33
+
/*
24
34
* If the data is under this limit, there's no point creating a shm file to
25
35
* hold it as the permanently resident metadata for the shmem fs will be at
26
36
* least as large as the data.
···
57
47
*/
58
48
int big_key_preparse(struct key_preparsed_payload *prep)
59
49
{
60
-
struct path *path = (struct path *)&prep->payload;
50
+
struct path *path = (struct path *)&prep->payload.data[big_key_path];
61
51
struct file *file;
62
52
ssize_t written;
63
53
size_t datalen = prep->datalen;
···
70
60
/* Set an arbitrary quota */
71
61
prep->quotalen = 16;
72
62
73
-
prep->type_data[1] = (void *)(unsigned long)datalen;
63
+
prep->payload.data[big_key_len] = (void *)(unsigned long)datalen;
74
64
75
65
if (datalen > BIG_KEY_FILE_THRESHOLD) {
76
66
/* Create a shmem file to store the data in. This will permit the data
···
104
94
if (!data)
105
95
return -ENOMEM;
106
96
107
-
prep->payload[0] = memcpy(data, prep->data, prep->datalen);
97
+
prep->payload.data[big_key_data] = data;
98
+
memcpy(data, prep->data, prep->datalen);
108
99
}
109
100
return 0;
110
101
···
121
110
void big_key_free_preparse(struct key_preparsed_payload *prep)
122
111
{
123
112
if (prep->datalen > BIG_KEY_FILE_THRESHOLD) {
124
-
struct path *path = (struct path *)&prep->payload;
113
+
struct path *path = (struct path *)&prep->payload.data[big_key_path];
125
114
path_put(path);
126
115
} else {
127
-
kfree(prep->payload[0]);
116
+
kfree(prep->payload.data[big_key_data]);
128
117
}
129
118
}
130
119
···
134
123
*/
135
124
void big_key_revoke(struct key *key)
136
125
{
137
-
struct path *path = (struct path *)&key->payload.data2;
126
+
struct path *path = (struct path *)&key->payload.data[big_key_path];
138
127
139
128
/* clear the quota */
140
129
key_payload_reserve(key, 0);
141
-
if (key_is_instantiated(key) && key->type_data.x[1] > BIG_KEY_FILE_THRESHOLD)
130
+
if (key_is_instantiated(key) &&
131
+
(size_t)key->payload.data[big_key_len] > BIG_KEY_FILE_THRESHOLD)
142
132
vfs_truncate(path, 0);
143
133
}
144
134
···
148
136
*/
149
137
void big_key_destroy(struct key *key)
150
138
{
151
-
if (key->type_data.x[1] > BIG_KEY_FILE_THRESHOLD) {
152
-
struct path *path = (struct path *)&key->payload.data2;
139
+
size_t datalen = (size_t)key->payload.data[big_key_len];
140
+
141
+
if (datalen) {
142
+
struct path *path = (struct path *)&key->payload.data[big_key_path];
153
143
path_put(path);
154
144
path->mnt = NULL;
155
145
path->dentry = NULL;
156
146
} else {
157
-
kfree(key->payload.data);
158
-
key->payload.data = NULL;
147
+
kfree(key->payload.data[big_key_data]);
148
+
key->payload.data[big_key_data] = NULL;
159
149
}
160
150
}
161
151
···
166
152
*/
167
153
void big_key_describe(const struct key *key, struct seq_file *m)
168
154
{
169
-
unsigned long datalen = key->type_data.x[1];
155
+
size_t datalen = (size_t)key->payload.data[big_key_len];
170
156
171
157
seq_puts(m, key->description);
172
158
173
159
if (key_is_instantiated(key))
174
-
seq_printf(m, ": %lu [%s]",
160
+
seq_printf(m, ": %zu [%s]",
175
161
datalen,
176
162
datalen > BIG_KEY_FILE_THRESHOLD ? "file" : "buff");
177
163
}
···
182
168
*/
183
169
long big_key_read(const struct key *key, char __user *buffer, size_t buflen)
184
170
{
185
-
unsigned long datalen = key->type_data.x[1];
171
+
size_t datalen = (size_t)key->payload.data[big_key_len];
186
172
long ret;
187
173
188
174
if (!buffer || buflen < datalen)
189
175
return datalen;
190
176
191
177
if (datalen > BIG_KEY_FILE_THRESHOLD) {
192
-
struct path *path = (struct path *)&key->payload.data2;
178
+
struct path *path = (struct path *)&key->payload.data[big_key_path];
193
179
struct file *file;
194
180
loff_t pos;
195
181
···
204
190
ret = -EIO;
205
191
} else {
206
192
ret = datalen;
207
-
if (copy_to_user(buffer, key->payload.data, datalen) != 0)
193
+
if (copy_to_user(buffer, key->payload.data[big_key_data],
194
+
datalen) != 0)
208
195
ret = -EFAULT;
209
196
}
210
197
+9
-9
security/keys/encrypted-keys/encrypted.c
+9
-9
security/keys/encrypted-keys/encrypted.c
···
303
303
*
304
304
* Use a user provided key to encrypt/decrypt an encrypted-key.
305
305
*/
306
-
static struct key *request_user_key(const char *master_desc, u8 **master_key,
306
+
static struct key *request_user_key(const char *master_desc, const u8 **master_key,
307
307
size_t *master_keylen)
308
308
{
309
-
struct user_key_payload *upayload;
309
+
const struct user_key_payload *upayload;
310
310
struct key *ukey;
311
311
312
312
ukey = request_key(&key_type_user, master_desc, NULL);
···
314
314
goto error;
315
315
316
316
down_read(&ukey->sem);
317
-
upayload = ukey->payload.data;
317
+
upayload = user_key_payload(ukey);
318
318
*master_key = upayload->data;
319
319
*master_keylen = upayload->datalen;
320
320
error:
···
426
426
}
427
427
428
428
static struct key *request_master_key(struct encrypted_key_payload *epayload,
429
-
u8 **master_key, size_t *master_keylen)
429
+
const u8 **master_key, size_t *master_keylen)
430
430
{
431
431
struct key *mkey = NULL;
432
432
···
653
653
{
654
654
struct key *mkey;
655
655
u8 derived_key[HASH_SIZE];
656
-
u8 *master_key;
656
+
const u8 *master_key;
657
657
u8 *hmac;
658
658
const char *hex_encoded_data;
659
659
unsigned int encrypted_datalen;
···
837
837
*/
838
838
static int encrypted_update(struct key *key, struct key_preparsed_payload *prep)
839
839
{
840
-
struct encrypted_key_payload *epayload = key->payload.data;
840
+
struct encrypted_key_payload *epayload = key->payload.data[0];
841
841
struct encrypted_key_payload *new_epayload;
842
842
char *buf;
843
843
char *new_master_desc = NULL;
···
896
896
{
897
897
struct encrypted_key_payload *epayload;
898
898
struct key *mkey;
899
-
u8 *master_key;
899
+
const u8 *master_key;
900
900
size_t master_keylen;
901
901
char derived_key[HASH_SIZE];
902
902
char *ascii_buf;
···
957
957
*/
958
958
static void encrypted_destroy(struct key *key)
959
959
{
960
-
struct encrypted_key_payload *epayload = key->payload.data;
960
+
struct encrypted_key_payload *epayload = key->payload.data[0];
961
961
962
962
if (!epayload)
963
963
return;
964
964
965
965
memset(epayload->decrypted_data, 0, epayload->decrypted_datalen);
966
-
kfree(key->payload.data);
966
+
kfree(key->payload.data[0]);
967
967
}
968
968
969
969
struct key_type key_type_encrypted = {
+2
-2
security/keys/encrypted-keys/encrypted.h
+2
-2
security/keys/encrypted-keys/encrypted.h
···
5
5
#if defined(CONFIG_TRUSTED_KEYS) || \
6
6
(defined(CONFIG_TRUSTED_KEYS_MODULE) && defined(CONFIG_ENCRYPTED_KEYS_MODULE))
7
7
extern struct key *request_trusted_key(const char *trusted_desc,
8
-
u8 **master_key, size_t *master_keylen);
8
+
const u8 **master_key, size_t *master_keylen);
9
9
#else
10
10
static inline struct key *request_trusted_key(const char *trusted_desc,
11
-
u8 **master_key,
11
+
const u8 **master_key,
12
12
size_t *master_keylen)
13
13
{
14
14
return ERR_PTR(-EOPNOTSUPP);
+2
-2
security/keys/encrypted-keys/masterkey_trusted.c
+2
-2
security/keys/encrypted-keys/masterkey_trusted.c
···
29
29
* data, trusted key type data is not visible decrypted from userspace.
30
30
*/
31
31
struct key *request_trusted_key(const char *trusted_desc,
32
-
u8 **master_key, size_t *master_keylen)
32
+
const u8 **master_key, size_t *master_keylen)
33
33
{
34
34
struct trusted_key_payload *tpayload;
35
35
struct key *tkey;
···
39
39
goto error;
40
40
41
41
down_read(&tkey->sem);
42
-
tpayload = tkey->payload.data;
42
+
tpayload = tkey->payload.data[0];
43
43
*master_key = tpayload->key;
44
44
*master_keylen = tpayload->key_len;
45
45
error:
+9
-9
security/keys/key.c
+9
-9
security/keys/key.c
···
554
554
if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
555
555
/* mark the key as being negatively instantiated */
556
556
atomic_inc(&key->user->nikeys);
557
-
key->type_data.reject_error = -error;
557
+
key->reject_error = -error;
558
558
smp_wmb();
559
559
set_bit(KEY_FLAG_NEGATIVE, &key->flags);
560
560
set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
···
1046
1046
1047
1047
ret = key_payload_reserve(key, prep->quotalen);
1048
1048
if (ret == 0) {
1049
-
key->type_data.p[0] = prep->type_data[0];
1050
-
key->type_data.p[1] = prep->type_data[1];
1051
-
rcu_assign_keypointer(key, prep->payload[0]);
1052
-
key->payload.data2[1] = prep->payload[1];
1053
-
prep->type_data[0] = NULL;
1054
-
prep->type_data[1] = NULL;
1055
-
prep->payload[0] = NULL;
1056
-
prep->payload[1] = NULL;
1049
+
rcu_assign_keypointer(key, prep->payload.data[0]);
1050
+
key->payload.data[1] = prep->payload.data[1];
1051
+
key->payload.data[2] = prep->payload.data[2];
1052
+
key->payload.data[3] = prep->payload.data[3];
1053
+
prep->payload.data[0] = NULL;
1054
+
prep->payload.data[1] = NULL;
1055
+
prep->payload.data[2] = NULL;
1056
+
prep->payload.data[3] = NULL;
1057
1057
}
1058
1058
pr_devel("<==%s() = %d\n", __func__, ret);
1059
1059
return ret;
+2
-2
security/keys/keyctl.c
+2
-2
security/keys/keyctl.c
···
1027
1027
if (!instkey)
1028
1028
goto error;
1029
1029
1030
-
rka = instkey->payload.data;
1030
+
rka = instkey->payload.data[0];
1031
1031
if (rka->target_key->serial != id)
1032
1032
goto error;
1033
1033
···
1194
1194
if (!instkey)
1195
1195
goto error;
1196
1196
1197
-
rka = instkey->payload.data;
1197
+
rka = instkey->payload.data[0];
1198
1198
if (rka->target_key->serial != id)
1199
1199
goto error;
1200
1200
+6
-6
security/keys/keyring.c
+6
-6
security/keys/keyring.c
···
118
118
if (!keyring_name_hash[bucket].next)
119
119
INIT_LIST_HEAD(&keyring_name_hash[bucket]);
120
120
121
-
list_add_tail(&keyring->type_data.link,
121
+
list_add_tail(&keyring->name_link,
122
122
&keyring_name_hash[bucket]);
123
123
124
124
write_unlock(&keyring_name_lock);
···
387
387
if (keyring->description) {
388
388
write_lock(&keyring_name_lock);
389
389
390
-
if (keyring->type_data.link.next != NULL &&
391
-
!list_empty(&keyring->type_data.link))
392
-
list_del(&keyring->type_data.link);
390
+
if (keyring->name_link.next != NULL &&
391
+
!list_empty(&keyring->name_link))
392
+
list_del(&keyring->name_link);
393
393
394
394
write_unlock(&keyring_name_lock);
395
395
}
···
572
572
/* we set a different error code if we pass a negative key */
573
573
if (kflags & (1 << KEY_FLAG_NEGATIVE)) {
574
574
smp_rmb();
575
-
ctx->result = ERR_PTR(key->type_data.reject_error);
575
+
ctx->result = ERR_PTR(key->reject_error);
576
576
kleave(" = %d [neg]", ctx->skipped_ret);
577
577
goto skipped;
578
578
}
···
990
990
* that's readable and that hasn't been revoked */
991
991
list_for_each_entry(keyring,
992
992
&keyring_name_hash[bucket],
993
-
type_data.link
993
+
name_link
994
994
) {
995
995
if (!kuid_has_mapping(current_user_ns(), keyring->user->uid))
996
996
continue;
+2
-2
security/keys/process_keys.c
+2
-2
security/keys/process_keys.c
···
457
457
down_read(&cred->request_key_auth->sem);
458
458
459
459
if (key_validate(ctx->cred->request_key_auth) == 0) {
460
-
rka = ctx->cred->request_key_auth->payload.data;
460
+
rka = ctx->cred->request_key_auth->payload.data[0];
461
461
462
462
ctx->cred = rka->cred;
463
463
key_ref = search_process_keyrings(ctx);
···
647
647
key_ref = ERR_PTR(-EKEYREVOKED);
648
648
key = NULL;
649
649
} else {
650
-
rka = ctx.cred->request_key_auth->payload.data;
650
+
rka = ctx.cred->request_key_auth->payload.data[0];
651
651
key = rka->dest_keyring;
652
652
__key_get(key);
653
653
}
+2
-2
security/keys/request_key.c
+2
-2
security/keys/request_key.c
···
271
271
if (cred->request_key_auth) {
272
272
authkey = cred->request_key_auth;
273
273
down_read(&authkey->sem);
274
-
rka = authkey->payload.data;
274
+
rka = authkey->payload.data[0];
275
275
if (!test_bit(KEY_FLAG_REVOKED,
276
276
&authkey->flags))
277
277
dest_keyring =
···
593
593
return -ERESTARTSYS;
594
594
if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
595
595
smp_rmb();
596
-
return key->type_data.reject_error;
596
+
return key->reject_error;
597
597
}
598
598
return key_validate(key);
599
599
}
+6
-6
security/keys/request_key_auth.c
+6
-6
security/keys/request_key_auth.c
···
59
59
static int request_key_auth_instantiate(struct key *key,
60
60
struct key_preparsed_payload *prep)
61
61
{
62
-
key->payload.data = (struct request_key_auth *)prep->data;
62
+
key->payload.data[0] = (struct request_key_auth *)prep->data;
63
63
return 0;
64
64
}
65
65
···
69
69
static void request_key_auth_describe(const struct key *key,
70
70
struct seq_file *m)
71
71
{
72
-
struct request_key_auth *rka = key->payload.data;
72
+
struct request_key_auth *rka = key->payload.data[0];
73
73
74
74
seq_puts(m, "key:");
75
75
seq_puts(m, key->description);
···
84
84
static long request_key_auth_read(const struct key *key,
85
85
char __user *buffer, size_t buflen)
86
86
{
87
-
struct request_key_auth *rka = key->payload.data;
87
+
struct request_key_auth *rka = key->payload.data[0];
88
88
size_t datalen;
89
89
long ret;
90
90
···
110
110
*/
111
111
static void request_key_auth_revoke(struct key *key)
112
112
{
113
-
struct request_key_auth *rka = key->payload.data;
113
+
struct request_key_auth *rka = key->payload.data[0];
114
114
115
115
kenter("{%d}", key->serial);
116
116
···
125
125
*/
126
126
static void request_key_auth_destroy(struct key *key)
127
127
{
128
-
struct request_key_auth *rka = key->payload.data;
128
+
struct request_key_auth *rka = key->payload.data[0];
129
129
130
130
kenter("{%d}", key->serial);
131
131
···
179
179
if (test_bit(KEY_FLAG_REVOKED, &cred->request_key_auth->flags))
180
180
goto auth_key_revoked;
181
181
182
-
irka = cred->request_key_auth->payload.data;
182
+
irka = cred->request_key_auth->payload.data[0];
183
183
rka->cred = get_cred(irka->cred);
184
184
rka->pid = irka->pid;
185
185
+3
-3
security/keys/trusted.c
+3
-3
security/keys/trusted.c
···
1007
1007
*/
1008
1008
static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
1009
1009
{
1010
-
struct trusted_key_payload *p = key->payload.data;
1010
+
struct trusted_key_payload *p = key->payload.data[0];
1011
1011
struct trusted_key_payload *new_p;
1012
1012
struct trusted_key_options *new_o;
1013
1013
size_t datalen = prep->datalen;
···
1114
1114
*/
1115
1115
static void trusted_destroy(struct key *key)
1116
1116
{
1117
-
struct trusted_key_payload *p = key->payload.data;
1117
+
struct trusted_key_payload *p = key->payload.data[0];
1118
1118
1119
1119
if (!p)
1120
1120
return;
1121
1121
memset(p->key, 0, p->key_len);
1122
-
kfree(key->payload.data);
1122
+
kfree(key->payload.data[0]);
1123
1123
}
1124
1124
1125
1125
struct key_type key_type_trusted = {
+7
-7
security/keys/user_defined.c
+7
-7
security/keys/user_defined.c
···
74
74
75
75
/* attach the data */
76
76
prep->quotalen = datalen;
77
-
prep->payload[0] = upayload;
77
+
prep->payload.data[0] = upayload;
78
78
upayload->datalen = datalen;
79
79
memcpy(upayload->data, prep->data, datalen);
80
80
return 0;
···
86
86
*/
87
87
void user_free_preparse(struct key_preparsed_payload *prep)
88
88
{
89
-
kfree(prep->payload[0]);
89
+
kfree(prep->payload.data[0]);
90
90
}
91
91
EXPORT_SYMBOL_GPL(user_free_preparse);
92
92
···
120
120
121
121
if (ret == 0) {
122
122
/* attach the new data, displacing the old */
123
-
zap = key->payload.data;
123
+
zap = key->payload.data[0];
124
124
rcu_assign_keypointer(key, upayload);
125
125
key->expiry = 0;
126
126
}
···
140
140
*/
141
141
void user_revoke(struct key *key)
142
142
{
143
-
struct user_key_payload *upayload = key->payload.data;
143
+
struct user_key_payload *upayload = key->payload.data[0];
144
144
145
145
/* clear the quota */
146
146
key_payload_reserve(key, 0);
···
158
158
*/
159
159
void user_destroy(struct key *key)
160
160
{
161
-
struct user_key_payload *upayload = key->payload.data;
161
+
struct user_key_payload *upayload = key->payload.data[0];
162
162
163
163
kfree(upayload);
164
164
}
···
183
183
*/
184
184
long user_read(const struct key *key, char __user *buffer, size_t buflen)
185
185
{
186
-
struct user_key_payload *upayload;
186
+
const struct user_key_payload *upayload;
187
187
long ret;
188
188
189
-
upayload = rcu_dereference_key(key);
189
+
upayload = user_key_payload(key);
190
190
ret = upayload->datalen;
191
191
192
192
/* we can return the data as is */