Merge tag 'keys-namespace-20190627' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull keyring namespacing from David Howells:
"These patches help make keys and keyrings more namespace aware.

Firstly some miscellaneous patches to make the process easier:

- Simplify key index_key handling so that the word-sized chunks
assoc_array requires don't have to be shifted about, making it
easier to add more bits into the key.

- Cache the hash value in the key so that we don't have to calculate
on every key we examine during a search (it involves a bunch of
multiplications).

- Allow keying_search() to search non-recursively.

Then the main patches:

- Make it so that keyring names are per-user_namespace from the point
of view of KEYCTL_JOIN_SESSION_KEYRING so that they're not
accessible cross-user_namespace.

keyctl_capabilities() shows KEYCTL_CAPS1_NS_KEYRING_NAME for this.

- Move the user and user-session keyrings to the user_namespace
rather than the user_struct. This prevents them propagating
directly across user_namespaces boundaries (ie. the KEY_SPEC_*
flags will only pick from the current user_namespace).

- Make it possible to include the target namespace in which the key
shall operate in the index_key. This will allow the possibility of
multiple keys with the same description, but different target
domains to be held in the same keyring.

keyctl_capabilities() shows KEYCTL_CAPS1_NS_KEY_TAG for this.

- Make it so that keys are implicitly invalidated by removal of a
domain tag, causing them to be garbage collected.

- Institute a network namespace domain tag that allows keys to be
differentiated by the network namespace in which they operate. New
keys that are of a type marked 'KEY_TYPE_NET_DOMAIN' are assigned
the network domain in force when they are created.

- Make it so that the desired network namespace can be handed down
into the request_key() mechanism. This allows AFS, NFS, etc. to
request keys specific to the network namespace of the superblock.

This also means that the keys in the DNS record cache are
thenceforth namespaced, provided network filesystems pass the
appropriate network namespace down into dns_query().

For DNS, AFS and NFS are good, whilst CIFS and Ceph are not. Other
cache keyrings, such as idmapper keyrings, also need to set the
domain tag - for which they need access to the network namespace of
the superblock"

* tag 'keys-namespace-20190627' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
keys: Pass the network namespace into request_key mechanism
keys: Network namespace domain tag
keys: Garbage collect keys for which the domain has been removed
keys: Include target namespace in match criteria
keys: Move the user and user-session keyrings to the user_namespace
keys: Namespace keyring names
keys: Add a 'recurse' flag for keyring searches
keys: Cache the hash value to avoid lots of recalculation
keys: Simplify key description management

Linus Torvalds 6 years ago c84ca912 c236b6dd

+594 -315

36 changed files

expand all

Documentation

security

keys

core.rst

request-key.rst

certs

blacklist.c

crypto

asymmetric_keys

asymmetric_type.c

afs

addr_list.c

dynroot.c

cifs

dns_resolve.c

nfs

dns_resolve.c

nfs4idmap.c

include

linux

dns_resolver.h

key-type.h

key.h

sched

user.h

user_namespace.h

net

net_namespace.h

uapi

linux

keyctl.h

kernel

user.c

user_namespace.c

lib

digsig.c

net

ceph

messenger.c

core

net_namespace.c

dns_resolver

dns_key.c

dns_query.c

rxrpc

key.c

security.c

security

integrity

digsig_asymmetric.c

keys

gc.c

internal.h

key.c

keyctl.c

keyring.c

persistent.c

proc.c

process_keys.c

request_key.c

request_key_auth.c

+28 -10

Documentation/security/keys/core.rst

··· 1102 1102 See also Documentation/security/keys/request-key.rst. 1103 1103 1104 1104 1105 + * To search for a key in a specific domain, call: 1106 + 1107 + struct key *request_key_tag(const struct key_type *type, 1108 + const char *description, 1109 + struct key_tag *domain_tag, 1110 + const char *callout_info); 1111 + 1112 + This is identical to request_key(), except that a domain tag may be 1113 + specifies that causes search algorithm to only match keys matching that 1114 + tag. The domain_tag may be NULL, specifying a global domain that is 1115 + separate from any nominated domain. 1116 + 1117 + 1105 1118 * To search for a key, passing auxiliary data to the upcaller, call:: 1106 1119 1107 1120 struct key *request_key_with_auxdata(const struct key_type *type, 1108 1121 const char *description, 1122 + struct key_tag *domain_tag, 1109 1123 const void *callout_info, 1110 1124 size_t callout_len, 1111 1125 void *aux); 1112 1126 1113 - This is identical to request_key(), except that the auxiliary data is 1114 - passed to the key_type->request_key() op if it exists, and the callout_info 1115 - is a blob of length callout_len, if given (the length may be 0). 1127 + This is identical to request_key_tag(), except that the auxiliary data is 1128 + passed to the key_type->request_key() op if it exists, and the 1129 + callout_info is a blob of length callout_len, if given (the length may be 1130 + 0). 1116 1131 1117 1132 1118 1133 * To search for a key under RCU conditions, call:: 1119 1134 1120 1135 struct key *request_key_rcu(const struct key_type *type, 1121 - const char *description); 1136 + const char *description, 1137 + struct key_tag *domain_tag); 1122 1138 1123 - which is similar to request_key() except that it does not check for keys 1124 - that are under construction and it will not call out to userspace to 1139 + which is similar to request_key_tag() except that it does not check for 1140 + keys that are under construction and it will not call out to userspace to 1125 1141 construct a key if it can't find a match. 1126 1142 1127 1143 ··· 1178 1162 1179 1163 key_ref_t keyring_search(key_ref_t keyring_ref, 1180 1164 const struct key_type *type, 1181 - const char *description) 1165 + const char *description, 1166 + bool recurse) 1182 1167 1183 - This searches the keyring tree specified for a matching key. Error ENOKEY 1184 - is returned upon failure (use IS_ERR/PTR_ERR to determine). If successful, 1185 - the returned key will need to be released. 1168 + This searches the specified keyring only (recurse == false) or keyring tree 1169 + (recurse == true) specified for a matching key. Error ENOKEY is returned 1170 + upon failure (use IS_ERR/PTR_ERR to determine). If successful, the returned 1171 + key will need to be released. 1186 1172 1187 1173 The possession attribute from the keyring reference is used to control 1188 1174 access through the permissions mask and is propagated to the returned key

+21 -8

Documentation/security/keys/request-key.rst

··· 15 15 16 16 or:: 17 17 18 + struct key *request_key_tag(const struct key_type *type, 19 + const char *description, 20 + const struct key_tag *domain_tag, 21 + const char *callout_info); 22 + 23 + or:: 24 + 18 25 struct key *request_key_with_auxdata(const struct key_type *type, 19 26 const char *description, 27 + const struct key_tag *domain_tag, 20 28 const char *callout_info, 21 29 size_t callout_len, 22 30 void *aux); ··· 32 24 or:: 33 25 34 26 struct key *request_key_rcu(const struct key_type *type, 35 - const char *description); 27 + const char *description, 28 + const struct key_tag *domain_tag); 36 29 37 30 Or by userspace invoking the request_key system call:: 38 31 ··· 47 38 destroyed. The kernel interface returns a pointer directly to the key, and 48 39 it's up to the caller to destroy the key. 49 40 50 - The request_key_with_auxdata() calls is like the in-kernel request_key() call, 51 - except that they permit auxiliary data to be passed to the upcaller (the 52 - default is NULL). This is only useful for those key types that define their 53 - own upcall mechanism rather than using /sbin/request-key. 41 + The request_key_tag() call is like the in-kernel request_key(), except that it 42 + also takes a domain tag that allows keys to be separated by namespace and 43 + killed off as a group. 54 44 55 - The request_key_rcu() call is like the in-kernel request_key() call, except 56 - that it doesn't check for keys that are under construction and doesn't attempt 57 - to construct missing keys. 45 + The request_key_with_auxdata() calls is like the request_key_tag() call, except 46 + that they permit auxiliary data to be passed to the upcaller (the default is 47 + NULL). This is only useful for those key types that define their own upcall 48 + mechanism rather than using /sbin/request-key. 49 + 50 + The request_key_rcu() call is like the request_key_tag() call, except that it 51 + doesn't check for keys that are under construction and doesn't attempt to 52 + construct missing keys. 58 53 59 54 The userspace interface links the key to a keyring associated with the process 60 55 to prevent the key from going away, and returns the serial number of the key to

+1 -1

certs/blacklist.c

··· 124 124 *p = 0; 125 125 126 126 kref = keyring_search(make_key_ref(blacklist_keyring, true), 127 - &key_type_blacklist, buffer); 127 + &key_type_blacklist, buffer, false); 128 128 if (!IS_ERR(kref)) { 129 129 key_ref_put(kref); 130 130 ret = -EKEYREJECTED;

+1 -1

crypto/asymmetric_keys/asymmetric_type.c

··· 83 83 pr_debug("Look up: \"%s\"\n", req); 84 84 85 85 ref = keyring_search(make_key_ref(keyring, 1), 86 - &key_type_asymmetric, req); 86 + &key_type_asymmetric, req, true); 87 87 if (IS_ERR(ref)) 88 88 pr_debug("Request for key '%s' err %ld\n", req, PTR_ERR(ref)); 89 89 kfree(req);

+2 -2

fs/afs/addr_list.c

··· 246 246 247 247 _enter("%s", cell->name); 248 248 249 - ret = dns_query("afsdb", cell->name, cell->name_len, "srv=1", 250 - &result, _expiry, true); 249 + ret = dns_query(cell->net->net, "afsdb", cell->name, cell->name_len, 250 + "srv=1", &result, _expiry, true); 251 251 if (ret < 0) { 252 252 _leave(" = %d [dns]", ret); 253 253 return ERR_PTR(ret);

+5 -3

fs/afs/dynroot.c

··· 24 24 static int afs_probe_cell_name(struct dentry *dentry) 25 25 { 26 26 struct afs_cell *cell; 27 + struct afs_net *net = afs_d2net(dentry); 27 28 const char *name = dentry->d_name.name; 28 29 size_t len = dentry->d_name.len; 29 30 int ret; ··· 37 36 len--; 38 37 } 39 38 40 - cell = afs_lookup_cell_rcu(afs_d2net(dentry), name, len); 39 + cell = afs_lookup_cell_rcu(net, name, len); 41 40 if (!IS_ERR(cell)) { 42 - afs_put_cell(afs_d2net(dentry), cell); 41 + afs_put_cell(net, cell); 43 42 return 0; 44 43 } 45 44 46 - ret = dns_query("afsdb", name, len, "srv=1", NULL, NULL, false); 45 + ret = dns_query(net->net, "afsdb", name, len, "srv=1", 46 + NULL, NULL, false); 47 47 if (ret == -ENODATA) 48 48 ret = -EDESTADDRREQ; 49 49 return ret;

+2 -1

fs/cifs/dns_resolve.c

··· 77 77 goto name_is_IP_address; 78 78 79 79 /* Perform the upcall */ 80 - rc = dns_query(NULL, hostname, len, NULL, ip_addr, NULL, false); 80 + rc = dns_query(current->nsproxy->net_ns, NULL, hostname, len, 81 + NULL, ip_addr, NULL, false); 81 82 if (rc < 0) 82 83 cifs_dbg(FYI, "%s: unable to resolve: %*.*s\n", 83 84 __func__, len, len, hostname);

+2 -1

fs/nfs/dns_resolve.c

··· 22 22 char *ip_addr = NULL; 23 23 int ip_len; 24 24 25 - ip_len = dns_query(NULL, name, namelen, NULL, &ip_addr, NULL, false); 25 + ip_len = dns_query(net, NULL, name, namelen, NULL, &ip_addr, NULL, 26 + false); 26 27 if (ip_len > 0) 27 28 ret = rpc_pton(net, ip_addr, ip_len, sa, salen); 28 29 else

+1 -1

fs/nfs/nfs4idmap.c

··· 291 291 if (IS_ERR(rkey)) { 292 292 mutex_lock(&idmap->idmap_mutex); 293 293 rkey = request_key_with_auxdata(&key_type_id_resolver_legacy, 294 - desc, "", 0, idmap); 294 + desc, NULL, "", 0, idmap); 295 295 mutex_unlock(&idmap->idmap_mutex); 296 296 } 297 297 if (!IS_ERR(rkey))

+2 -1

include/linux/dns_resolver.h

··· 26 26 27 27 #include <uapi/linux/dns_resolver.h> 28 28 29 - extern int dns_query(const char *type, const char *name, size_t namelen, 29 + struct net; 30 + extern int dns_query(struct net *net, const char *type, const char *name, size_t namelen, 30 31 const char *options, char **_result, time64_t *_expiry, 31 32 bool invalidate); 32 33

include/linux/key-type.h

··· 70 70 */ 71 71 size_t def_datalen; 72 72 73 + unsigned int flags; 74 + #define KEY_TYPE_NET_DOMAIN 0x00000001 /* Keys of this type have a net namespace domain */ 75 + 73 76 /* vet a description */ 74 77 int (*vet_description)(const char *description); 75 78

+75 -6

include/linux/key.h

··· 31 31 typedef uint32_t key_perm_t; 32 32 33 33 struct key; 34 + struct net; 34 35 35 36 #ifdef CONFIG_KEYS 36 37 ··· 78 77 79 78 struct key_type; 80 79 struct key_owner; 80 + struct key_tag; 81 81 struct keyring_list; 82 82 struct keyring_name; 83 83 84 + struct key_tag { 85 + struct rcu_head rcu; 86 + refcount_t usage; 87 + bool removed; /* T when subject removed */ 88 + }; 89 + 84 90 struct keyring_index_key { 91 + /* [!] If this structure is altered, the union in struct key must change too! */ 92 + unsigned long hash; /* Hash value */ 93 + union { 94 + struct { 95 + #ifdef __LITTLE_ENDIAN /* Put desc_len at the LSB of x */ 96 + u8 desc_len; 97 + char desc[sizeof(long) - 1]; /* First few chars of description */ 98 + #else 99 + char desc[sizeof(long) - 1]; /* First few chars of description */ 100 + u8 desc_len; 101 + #endif 102 + }; 103 + unsigned long x; 104 + }; 85 105 struct key_type *type; 106 + struct key_tag *domain_tag; /* Domain of operation */ 86 107 const char *description; 87 - size_t desc_len; 88 108 }; 89 109 90 110 union key_payload { ··· 219 197 union { 220 198 struct keyring_index_key index_key; 221 199 struct { 200 + unsigned long hash; 201 + unsigned long len_desc; 222 202 struct key_type *type; /* type of key */ 203 + struct key_tag *domain_tag; /* Domain of operation */ 223 204 char *description; 224 205 }; 225 206 }; ··· 273 248 extern void key_revoke(struct key *key); 274 249 extern void key_invalidate(struct key *key); 275 250 extern void key_put(struct key *key); 251 + extern bool key_put_tag(struct key_tag *tag); 252 + extern void key_remove_domain(struct key_tag *domain_tag); 276 253 277 254 static inline struct key *__key_get(struct key *key) 278 255 { ··· 292 265 key_put(key_ref_to_ptr(key_ref)); 293 266 } 294 267 295 - extern struct key *request_key(struct key_type *type, 296 - const char *description, 297 - const char *callout_info); 268 + extern struct key *request_key_tag(struct key_type *type, 269 + const char *description, 270 + struct key_tag *domain_tag, 271 + const char *callout_info); 298 272 299 273 extern struct key *request_key_rcu(struct key_type *type, 300 - const char *description); 274 + const char *description, 275 + struct key_tag *domain_tag); 301 276 302 277 extern struct key *request_key_with_auxdata(struct key_type *type, 303 278 const char *description, 279 + struct key_tag *domain_tag, 304 280 const void *callout_info, 305 281 size_t callout_len, 306 282 void *aux); 283 + 284 + /** 285 + * request_key - Request a key and wait for construction 286 + * @type: Type of key. 287 + * @description: The searchable description of the key. 288 + * @callout_info: The data to pass to the instantiation upcall (or NULL). 289 + * 290 + * As for request_key_tag(), but with the default global domain tag. 291 + */ 292 + static inline struct key *request_key(struct key_type *type, 293 + const char *description, 294 + const char *callout_info) 295 + { 296 + return request_key_tag(type, description, NULL, callout_info); 297 + } 298 + 299 + #ifdef CONFIG_NET 300 + /* 301 + * request_key_net - Request a key for a net namespace and wait for construction 302 + * @type: Type of key. 303 + * @description: The searchable description of the key. 304 + * @net: The network namespace that is the key's domain of operation. 305 + * @callout_info: The data to pass to the instantiation upcall (or NULL). 306 + * 307 + * As for request_key() except that it does not add the returned key to a 308 + * keyring if found, new keys are always allocated in the user's quota, the 309 + * callout_info must be a NUL-terminated string and no auxiliary data can be 310 + * passed. Only keys that operate the specified network namespace are used. 311 + * 312 + * Furthermore, it then works as wait_for_key_construction() to wait for the 313 + * completion of keys undergoing construction with a non-interruptible wait. 314 + */ 315 + #define request_key_net(type, description, net, callout_info) \ 316 + request_key_tag(type, description, net->key_domain, callout_info); 317 + #endif /* CONFIG_NET */ 307 318 308 319 extern int wait_for_key_construction(struct key *key, bool intr); 309 320 ··· 386 321 387 322 extern key_ref_t keyring_search(key_ref_t keyring, 388 323 struct key_type *type, 389 - const char *description); 324 + const char *description, 325 + bool recurse); 390 326 391 327 extern int keyring_add_key(struct key *keyring, 392 328 struct key *key); ··· 406 340 407 341 extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags, 408 342 key_perm_t perm); 343 + extern void key_free_user_ns(struct user_namespace *); 409 344 410 345 /* 411 346 * The permissions required on a key that we're looking up. ··· 480 413 #define key_fsuid_changed(c) do { } while(0) 481 414 #define key_fsgid_changed(c) do { } while(0) 482 415 #define key_init() do { } while(0) 416 + #define key_free_user_ns(ns) do { } while(0) 417 + #define key_remove_domain(d) do { } while(0) 483 418 484 419 #endif /* CONFIG_KEYS */ 485 420 #endif /* __KERNEL__ */

-14

include/linux/sched/user.h

··· 7 7 #include <linux/refcount.h> 8 8 #include <linux/ratelimit.h> 9 9 10 - struct key; 11 - 12 10 /* 13 11 * Some day this will be a full-fledged user tracking system.. 14 12 */ ··· 27 29 unsigned long locked_shm; /* How many pages of mlocked shm ? */ 28 30 unsigned long unix_inflight; /* How many files in flight in unix sockets */ 29 31 atomic_long_t pipe_bufs; /* how many pages are allocated in pipe buffers */ 30 - 31 - #ifdef CONFIG_KEYS 32 - /* 33 - * These pointers can only change from NULL to a non-NULL value once. 34 - * Writes are protected by key_user_keyring_mutex. 35 - * Unlocked readers should use READ_ONCE() unless they know that 36 - * install_user_keyrings() has been called successfully (which sets 37 - * these members to non-NULL values, preventing further modifications). 38 - */ 39 - struct key *uid_keyring; /* UID specific keyring */ 40 - struct key *session_keyring; /* UID's default session keyring */ 41 - #endif 42 32 43 33 /* Hash table maintenance information */ 44 34 struct hlist_node uidhash_node;

+11 -1

include/linux/user_namespace.h

··· 64 64 struct ns_common ns; 65 65 unsigned long flags; 66 66 67 + #ifdef CONFIG_KEYS 68 + /* List of joinable keyrings in this namespace. Modification access of 69 + * these pointers is controlled by keyring_sem. Once 70 + * user_keyring_register is set, it won't be changed, so it can be 71 + * accessed directly with READ_ONCE(). 72 + */ 73 + struct list_head keyring_name_list; 74 + struct key *user_keyring_register; 75 + struct rw_semaphore keyring_sem; 76 + #endif 77 + 67 78 /* Register of per-UID persistent keyrings for this namespace */ 68 79 #ifdef CONFIG_PERSISTENT_KEYRINGS 69 80 struct key *persistent_keyring_register; 70 - struct rw_semaphore persistent_keyring_register_sem; 71 81 #endif 72 82 struct work_struct work; 73 83 #ifdef CONFIG_SYSCTL

include/net/net_namespace.h

··· 71 71 */ 72 72 struct llist_node cleanup_list; /* namespaces on death row */ 73 73 74 + #ifdef CONFIG_KEYS 75 + struct key_tag *key_domain; /* Key domain of operation tag */ 76 + #endif 74 77 struct user_namespace *user_ns; /* Owning user namespace */ 75 78 struct ucounts *ucounts; 76 79 spinlock_t nsid_lock;

include/uapi/linux/keyctl.h

··· 128 128 #define KEYCTL_CAPS0_INVALIDATE 0x20 /* KEYCTL_INVALIDATE supported */ 129 129 #define KEYCTL_CAPS0_RESTRICT_KEYRING 0x40 /* KEYCTL_RESTRICT_KEYRING supported */ 130 130 #define KEYCTL_CAPS0_MOVE 0x80 /* KEYCTL_MOVE supported */ 131 + #define KEYCTL_CAPS1_NS_KEYRING_NAME 0x01 /* Keyring names are per-user_namespace */ 132 + #define KEYCTL_CAPS1_NS_KEY_TAG 0x02 /* Key indexing can include a namespace tag */ 131 133 132 134 #endif /* _LINUX_KEYCTL_H */

+3 -5

kernel/user.c

··· 63 63 .ns.ops = &userns_operations, 64 64 #endif 65 65 .flags = USERNS_INIT_FLAGS, 66 - #ifdef CONFIG_PERSISTENT_KEYRINGS 67 - .persistent_keyring_register_sem = 68 - __RWSEM_INITIALIZER(init_user_ns.persistent_keyring_register_sem), 66 + #ifdef CONFIG_KEYS 67 + .keyring_name_list = LIST_HEAD_INIT(init_user_ns.keyring_name_list), 68 + .keyring_sem = __RWSEM_INITIALIZER(init_user_ns.keyring_sem), 69 69 #endif 70 70 }; 71 71 EXPORT_SYMBOL_GPL(init_user_ns); ··· 141 141 { 142 142 uid_hash_remove(up); 143 143 spin_unlock_irqrestore(&uidhash_lock, flags); 144 - key_put(up->uid_keyring); 145 - key_put(up->session_keyring); 146 144 kmem_cache_free(uid_cachep, up); 147 145 } 148 146

+4 -5

kernel/user_namespace.c

··· 128 128 ns->flags = parent_ns->flags; 129 129 mutex_unlock(&userns_state_mutex); 130 130 131 - #ifdef CONFIG_PERSISTENT_KEYRINGS 132 - init_rwsem(&ns->persistent_keyring_register_sem); 131 + #ifdef CONFIG_KEYS 132 + INIT_LIST_HEAD(&ns->keyring_name_list); 133 + init_rwsem(&ns->keyring_sem); 133 134 #endif 134 135 ret = -ENOMEM; 135 136 if (!setup_userns_sysctls(ns)) ··· 192 191 kfree(ns->projid_map.reverse); 193 192 } 194 193 retire_userns_sysctls(ns); 195 - #ifdef CONFIG_PERSISTENT_KEYRINGS 196 - key_put(ns->persistent_keyring_register); 197 - #endif 194 + key_free_user_ns(ns); 198 195 ns_free_inum(&ns->ns); 199 196 kmem_cache_free(user_ns_cachep, ns); 200 197 dec_user_namespaces(ucounts);

+1 -1

lib/digsig.c

··· 218 218 /* search in specific keyring */ 219 219 key_ref_t kref; 220 220 kref = keyring_search(make_key_ref(keyring, 1UL), 221 - &key_type_user, name); 221 + &key_type_user, name, true); 222 222 if (IS_ERR(kref)) 223 223 key = ERR_CAST(kref); 224 224 else

+2 -1

net/ceph/messenger.c

··· 1887 1887 return -EINVAL; 1888 1888 1889 1889 /* do dns_resolve upcall */ 1890 - ip_len = dns_query(NULL, name, end - name, NULL, &ip_addr, NULL, false); 1890 + ip_len = dns_query(current->nsproxy->net_ns, 1891 + NULL, name, end - name, NULL, &ip_addr, NULL, false); 1891 1892 if (ip_len > 0) 1892 1893 ret = ceph_pton(ip_addr, ip_len, addr, -1, NULL); 1893 1894 else

+20

net/core/net_namespace.c

··· 39 39 DECLARE_RWSEM(net_rwsem); 40 40 EXPORT_SYMBOL_GPL(net_rwsem); 41 41 42 + #ifdef CONFIG_KEYS 43 + static struct key_tag init_net_key_domain = { .usage = REFCOUNT_INIT(1) }; 44 + #endif 45 + 42 46 struct net init_net = { 43 47 .count = REFCOUNT_INIT(1), 44 48 .dev_base_head = LIST_HEAD_INIT(init_net.dev_base_head), 49 + #ifdef CONFIG_KEYS 50 + .key_domain = &init_net_key_domain, 51 + #endif 45 52 }; 46 53 EXPORT_SYMBOL(init_net); 47 54 ··· 394 387 if (!net) 395 388 goto out_free; 396 389 390 + #ifdef CONFIG_KEYS 391 + net->key_domain = kzalloc(sizeof(struct key_tag), GFP_KERNEL); 392 + if (!net->key_domain) 393 + goto out_free_2; 394 + refcount_set(&net->key_domain->usage, 1); 395 + #endif 396 + 397 397 rcu_assign_pointer(net->gen, ng); 398 398 out: 399 399 return net; 400 400 401 + #ifdef CONFIG_KEYS 402 + out_free_2: 403 + kmem_cache_free(net_cachep, net); 404 + net = NULL; 405 + #endif 401 406 out_free: 402 407 kfree(ng); 403 408 goto out; ··· 586 567 list_for_each_entry_safe(net, tmp, &net_exit_list, exit_list) { 587 568 list_del_init(&net->exit_list); 588 569 dec_net_namespaces(net->ucounts); 570 + key_remove_domain(net->key_domain); 589 571 put_user_ns(net->user_ns); 590 572 net_drop_ns(net); 591 573 }

net/dns_resolver/dns_key.c

··· 314 314 315 315 struct key_type key_type_dns_resolver = { 316 316 .name = "dns_resolver", 317 + .flags = KEY_TYPE_NET_DOMAIN, 317 318 .preparse = dns_resolver_preparse, 318 319 .free_preparse = dns_resolver_free_preparse, 319 320 .instantiate = generic_key_instantiate,

+5 -2

net/dns_resolver/dns_query.c

··· 40 40 #include <linux/cred.h> 41 41 #include <linux/dns_resolver.h> 42 42 #include <linux/err.h> 43 + #include <net/net_namespace.h> 43 44 44 45 #include <keys/dns_resolver-type.h> 45 46 #include <keys/user-type.h> ··· 49 48 50 49 /** 51 50 * dns_query - Query the DNS 51 + * @net: The network namespace to operate in. 52 52 * @type: Query type (or NULL for straight host->IP lookup) 53 53 * @name: Name to look up 54 54 * @namelen: Length of name ··· 71 69 * 72 70 * Returns the size of the result on success, -ve error code otherwise. 73 71 */ 74 - int dns_query(const char *type, const char *name, size_t namelen, 72 + int dns_query(struct net *net, 73 + const char *type, const char *name, size_t namelen, 75 74 const char *options, char **_result, time64_t *_expiry, 76 75 bool invalidate) 77 76 { ··· 125 122 * add_key() to preinstall malicious redirections 126 123 */ 127 124 saved_cred = override_creds(dns_resolver_cache); 128 - rkey = request_key(&key_type_dns_resolver, desc, options); 125 + rkey = request_key_net(&key_type_dns_resolver, desc, net, options); 129 126 revert_creds(saved_cred); 130 127 kfree(desc); 131 128 if (IS_ERR(rkey)) {

+4 -2

net/rxrpc/key.c

··· 39 39 */ 40 40 struct key_type key_type_rxrpc = { 41 41 .name = "rxrpc", 42 + .flags = KEY_TYPE_NET_DOMAIN, 42 43 .preparse = rxrpc_preparse, 43 44 .free_preparse = rxrpc_free_preparse, 44 45 .instantiate = generic_key_instantiate, ··· 55 54 */ 56 55 struct key_type key_type_rxrpc_s = { 57 56 .name = "rxrpc_s", 57 + .flags = KEY_TYPE_NET_DOMAIN, 58 58 .vet_description = rxrpc_vet_description_s, 59 59 .preparse = rxrpc_preparse_s, 60 60 .free_preparse = rxrpc_free_preparse_s, ··· 910 908 if (IS_ERR(description)) 911 909 return PTR_ERR(description); 912 910 913 - key = request_key(&key_type_rxrpc, description, NULL); 911 + key = request_key_net(&key_type_rxrpc, description, sock_net(&rx->sk), NULL); 914 912 if (IS_ERR(key)) { 915 913 kfree(description); 916 914 _leave(" = %ld", PTR_ERR(key)); ··· 941 939 if (IS_ERR(description)) 942 940 return PTR_ERR(description); 943 941 944 - key = request_key(&key_type_keyring, description, NULL); 942 + key = request_key_net(&key_type_keyring, description, sock_net(&rx->sk), NULL); 945 943 if (IS_ERR(key)) { 946 944 kfree(description); 947 945 _leave(" = %ld", PTR_ERR(key));

+1 -1

net/rxrpc/security.c

··· 144 144 145 145 /* look through the service's keyring */ 146 146 kref = keyring_search(make_key_ref(rx->securities, 1UL), 147 - &key_type_rxrpc_s, kdesc); 147 + &key_type_rxrpc_s, kdesc, true); 148 148 if (IS_ERR(kref)) { 149 149 read_unlock(&local->services_lock); 150 150 _leave(" = %ld [search]", PTR_ERR(kref));

+2 -2

security/integrity/digsig_asymmetric.c

··· 35 35 key_ref_t kref; 36 36 37 37 kref = keyring_search(make_key_ref(key, 1), 38 - &key_type_asymmetric, name); 38 + &key_type_asymmetric, name, true); 39 39 if (!IS_ERR(kref)) { 40 40 pr_err("Key '%s' is in ima_blacklist_keyring\n", name); 41 41 return ERR_PTR(-EKEYREJECTED); ··· 47 47 key_ref_t kref; 48 48 49 49 kref = keyring_search(make_key_ref(keyring, 1), 50 - &key_type_asymmetric, name); 50 + &key_type_asymmetric, name, true); 51 51 if (IS_ERR(kref)) 52 52 key = ERR_CAST(kref); 53 53 else

+1 -1

security/keys/gc.c

··· 150 150 atomic_dec(&key->user->nikeys); 151 151 152 152 key_user_put(key->user); 153 - 153 + key_put_tag(key->domain_tag); 154 154 kfree(key->description); 155 155 156 156 memzero_explicit(key, sizeof(*key));

+7 -3

security/keys/internal.h

··· 85 85 extern struct mutex key_construction_mutex; 86 86 extern wait_queue_head_t request_key_conswq; 87 87 88 - 88 + extern void key_set_index_key(struct keyring_index_key *index_key); 89 89 extern struct key_type *key_type_lookup(const char *type); 90 90 extern void key_type_put(struct key_type *ktype); 91 91 ··· 123 123 #define KEYRING_SEARCH_NO_CHECK_PERM 0x0008 /* Don't check permissions */ 124 124 #define KEYRING_SEARCH_DETECT_TOO_DEEP 0x0010 /* Give an error on excessive depth */ 125 125 #define KEYRING_SEARCH_SKIP_EXPIRED 0x0020 /* Ignore expired keys (intention to replace) */ 126 + #define KEYRING_SEARCH_RECURSE 0x0040 /* Search child keyrings also */ 126 127 127 128 int (*iterator)(const void *object, void *iterator_data); 128 129 ··· 144 143 145 144 extern struct key *find_keyring_by_name(const char *name, bool uid_keyring); 146 145 147 - extern int install_user_keyrings(void); 146 + extern int look_up_user_keyrings(struct key **, struct key **); 147 + extern struct key *get_user_session_keyring_rcu(const struct cred *); 148 148 extern int install_thread_keyring_to_cred(struct cred *); 149 149 extern int install_process_keyring_to_cred(struct cred *); 150 150 extern int install_session_keyring_to_cred(struct cred *, struct key *); 151 151 152 152 extern struct key *request_key_and_link(struct key_type *type, 153 153 const char *description, 154 + struct key_tag *domain_tag, 154 155 const void *callout_info, 155 156 size_t callout_len, 156 157 void *aux, ··· 206 203 return 207 204 key->flags & ((1 << KEY_FLAG_DEAD) | 208 205 (1 << KEY_FLAG_INVALIDATED)) || 209 - (key->expiry > 0 && key->expiry <= limit); 206 + (key->expiry > 0 && key->expiry <= limit) || 207 + key->domain_tag->removed; 210 208 } 211 209 212 210 /*

+4 -1

security/keys/key.c

··· 281 281 key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL); 282 282 if (!key->index_key.description) 283 283 goto no_memory_3; 284 + key->index_key.type = type; 285 + key_set_index_key(&key->index_key); 284 286 285 287 refcount_set(&key->usage, 1); 286 288 init_rwsem(&key->sem); 287 289 lockdep_set_class(&key->sem, &type->lock_class); 288 - key->index_key.type = type; 289 290 key->user = user; 290 291 key->quotalen = quotalen; 291 292 key->datalen = type->def_datalen; ··· 313 312 goto security_error; 314 313 315 314 /* publish the key by giving it a serial number */ 315 + refcount_inc(&key->domain_tag->usage); 316 316 atomic_inc(&user->nkeys); 317 317 key_alloc_serial(key); 318 318 ··· 866 864 goto error_free_prep; 867 865 } 868 866 index_key.desc_len = strlen(index_key.description); 867 + key_set_index_key(&index_key); 869 868 870 869 ret = __key_link_lock(keyring, &index_key); 871 870 if (ret < 0) {

+5 -3

security/keys/keyctl.c

··· 26 26 27 27 #define KEY_MAX_DESC_SIZE 4096 28 28 29 - static const unsigned char keyrings_capabilities[1] = { 29 + static const unsigned char keyrings_capabilities[2] = { 30 30 [0] = (KEYCTL_CAPS0_CAPABILITIES | 31 31 (IS_ENABLED(CONFIG_PERSISTENT_KEYRINGS) ? KEYCTL_CAPS0_PERSISTENT_KEYRINGS : 0) | 32 32 (IS_ENABLED(CONFIG_KEY_DH_OPERATIONS) ? KEYCTL_CAPS0_DIFFIE_HELLMAN : 0) | ··· 36 36 KEYCTL_CAPS0_RESTRICT_KEYRING | 37 37 KEYCTL_CAPS0_MOVE 38 38 ), 39 + [1] = (KEYCTL_CAPS1_NS_KEYRING_NAME | 40 + KEYCTL_CAPS1_NS_KEY_TAG), 39 41 }; 40 42 41 43 static int key_get_type_from_user(char *type, ··· 220 218 } 221 219 222 220 /* do the search */ 223 - key = request_key_and_link(ktype, description, callout_info, 221 + key = request_key_and_link(ktype, description, NULL, callout_info, 224 222 callout_len, NULL, key_ref_to_ptr(dest_ref), 225 223 KEY_ALLOC_IN_QUOTA); 226 224 if (IS_ERR(key)) { ··· 760 758 } 761 759 762 760 /* do the search */ 763 - key_ref = keyring_search(keyring_ref, ktype, description); 761 + key_ref = keyring_search(keyring_ref, ktype, description, true); 764 762 if (IS_ERR(key_ref)) { 765 763 ret = PTR_ERR(key_ref); 766 764

+150 -115

security/keys/keyring.c

··· 12 12 #include <linux/security.h> 13 13 #include <linux/seq_file.h> 14 14 #include <linux/err.h> 15 + #include <linux/user_namespace.h> 16 + #include <linux/nsproxy.h> 15 17 #include <keys/keyring-type.h> 16 18 #include <keys/user-type.h> 17 19 #include <linux/assoc_array_priv.h> 18 20 #include <linux/uaccess.h> 21 + #include <net/net_namespace.h> 19 22 #include "internal.h" 20 23 21 24 /* ··· 26 23 * set on how deep we're willing to go. 27 24 */ 28 25 #define KEYRING_SEARCH_MAX_DEPTH 6 29 - 30 - /* 31 - * We keep all named keyrings in a hash to speed looking them up. 32 - */ 33 - #define KEYRING_NAME_HASH_SIZE (1 << 5) 34 26 35 27 /* 36 28 * We mark pointers we pass to the associative array with bit 1 set if ··· 49 51 return key; 50 52 } 51 53 52 - static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE]; 53 54 static DEFINE_RWLOCK(keyring_name_lock); 54 55 55 - static inline unsigned keyring_hash(const char *desc) 56 + /* 57 + * Clean up the bits of user_namespace that belong to us. 58 + */ 59 + void key_free_user_ns(struct user_namespace *ns) 56 60 { 57 - unsigned bucket = 0; 61 + write_lock(&keyring_name_lock); 62 + list_del_init(&ns->keyring_name_list); 63 + write_unlock(&keyring_name_lock); 58 64 59 - for (; *desc; desc++) 60 - bucket += (unsigned char)*desc; 61 - 62 - return bucket & (KEYRING_NAME_HASH_SIZE - 1); 65 + key_put(ns->user_keyring_register); 66 + #ifdef CONFIG_PERSISTENT_KEYRINGS 67 + key_put(ns->persistent_keyring_register); 68 + #endif 63 69 } 64 70 65 71 /* ··· 102 100 103 101 /* 104 102 * Publish the name of a keyring so that it can be found by name (if it has 105 - * one). 103 + * one and it doesn't begin with a dot). 106 104 */ 107 105 static void keyring_publish_name(struct key *keyring) 108 106 { 109 - int bucket; 107 + struct user_namespace *ns = current_user_ns(); 110 108 111 - if (keyring->description) { 112 - bucket = keyring_hash(keyring->description); 113 - 109 + if (keyring->description && 110 + keyring->description[0] && 111 + keyring->description[0] != '.') { 114 112 write_lock(&keyring_name_lock); 115 - 116 - if (!keyring_name_hash[bucket].next) 117 - INIT_LIST_HEAD(&keyring_name_hash[bucket]); 118 - 119 - list_add_tail(&keyring->name_link, 120 - &keyring_name_hash[bucket]); 121 - 113 + list_add_tail(&keyring->name_link, &ns->keyring_name_list); 122 114 write_unlock(&keyring_name_lock); 123 115 } 124 116 } ··· 160 164 /* 161 165 * Hash a key type and description. 162 166 */ 163 - static unsigned long hash_key_type_and_desc(const struct keyring_index_key *index_key) 167 + static void hash_key_type_and_desc(struct keyring_index_key *index_key) 164 168 { 165 169 const unsigned level_shift = ASSOC_ARRAY_LEVEL_STEP; 166 170 const unsigned long fan_mask = ASSOC_ARRAY_FAN_MASK; ··· 171 175 int n, desc_len = index_key->desc_len; 172 176 173 177 type = (unsigned long)index_key->type; 174 - 175 178 acc = mult_64x32_and_fold(type, desc_len + 13); 176 179 acc = mult_64x32_and_fold(acc, 9207); 180 + piece = (unsigned long)index_key->domain_tag; 181 + acc = mult_64x32_and_fold(acc, piece); 182 + acc = mult_64x32_and_fold(acc, 9207); 183 + 177 184 for (;;) { 178 185 n = desc_len; 179 186 if (n <= 0) ··· 201 202 * zero for keyrings and non-zero otherwise. 202 203 */ 203 204 if (index_key->type != &key_type_keyring && (hash & fan_mask) == 0) 204 - return hash | (hash >> (ASSOC_ARRAY_KEY_CHUNK_SIZE - level_shift)) | 1; 205 - if (index_key->type == &key_type_keyring && (hash & fan_mask) != 0) 206 - return (hash + (hash << level_shift)) & ~fan_mask; 207 - return hash; 205 + hash |= (hash >> (ASSOC_ARRAY_KEY_CHUNK_SIZE - level_shift)) | 1; 206 + else if (index_key->type == &key_type_keyring && (hash & fan_mask) != 0) 207 + hash = (hash + (hash << level_shift)) & ~fan_mask; 208 + index_key->hash = hash; 209 + } 210 + 211 + /* 212 + * Finalise an index key to include a part of the description actually in the 213 + * index key, to set the domain tag and to calculate the hash. 214 + */ 215 + void key_set_index_key(struct keyring_index_key *index_key) 216 + { 217 + static struct key_tag default_domain_tag = { .usage = REFCOUNT_INIT(1), }; 218 + size_t n = min_t(size_t, index_key->desc_len, sizeof(index_key->desc)); 219 + 220 + memcpy(index_key->desc, index_key->description, n); 221 + 222 + if (!index_key->domain_tag) { 223 + if (index_key->type->flags & KEY_TYPE_NET_DOMAIN) 224 + index_key->domain_tag = current->nsproxy->net_ns->key_domain; 225 + else 226 + index_key->domain_tag = &default_domain_tag; 227 + } 228 + 229 + hash_key_type_and_desc(index_key); 230 + } 231 + 232 + /** 233 + * key_put_tag - Release a ref on a tag. 234 + * @tag: The tag to release. 235 + * 236 + * This releases a reference the given tag and returns true if that ref was the 237 + * last one. 238 + */ 239 + bool key_put_tag(struct key_tag *tag) 240 + { 241 + if (refcount_dec_and_test(&tag->usage)) { 242 + kfree_rcu(tag, rcu); 243 + return true; 244 + } 245 + 246 + return false; 247 + } 248 + 249 + /** 250 + * key_remove_domain - Kill off a key domain and gc its keys 251 + * @domain_tag: The domain tag to release. 252 + * 253 + * This marks a domain tag as being dead and releases a ref on it. If that 254 + * wasn't the last reference, the garbage collector is poked to try and delete 255 + * all keys that were in the domain. 256 + */ 257 + void key_remove_domain(struct key_tag *domain_tag) 258 + { 259 + domain_tag->removed = true; 260 + if (!key_put_tag(domain_tag)) 261 + key_schedule_gc_links(); 208 262 } 209 263 210 264 /* 211 265 * Build the next index key chunk. 212 - * 213 - * On 32-bit systems the index key is laid out as: 214 - * 215 - * 0 4 5 9... 216 - * hash desclen typeptr desc[] 217 - * 218 - * On 64-bit systems: 219 - * 220 - * 0 8 9 17... 221 - * hash desclen typeptr desc[] 222 266 * 223 267 * We return it one word-sized chunk at a time. 224 268 */ ··· 269 227 { 270 228 const struct keyring_index_key *index_key = data; 271 229 unsigned long chunk = 0; 272 - long offset = 0; 230 + const u8 *d; 273 231 int desc_len = index_key->desc_len, n = sizeof(chunk); 274 232 275 233 level /= ASSOC_ARRAY_KEY_CHUNK_SIZE; 276 234 switch (level) { 277 235 case 0: 278 - return hash_key_type_and_desc(index_key); 236 + return index_key->hash; 279 237 case 1: 280 - return ((unsigned long)index_key->type << 8) | desc_len; 238 + return index_key->x; 281 239 case 2: 282 - if (desc_len == 0) 283 - return (u8)((unsigned long)index_key->type >> 284 - (ASSOC_ARRAY_KEY_CHUNK_SIZE - 8)); 285 - n--; 286 - offset = 1; 287 - /* fall through */ 240 + return (unsigned long)index_key->type; 241 + case 3: 242 + return (unsigned long)index_key->domain_tag; 288 243 default: 289 - offset += sizeof(chunk) - 1; 290 - offset += (level - 3) * sizeof(chunk); 291 - if (offset >= desc_len) 244 + level -= 4; 245 + if (desc_len <= sizeof(index_key->desc)) 292 246 return 0; 293 - desc_len -= offset; 247 + 248 + d = index_key->description + sizeof(index_key->desc); 249 + d += level * sizeof(long); 250 + desc_len -= sizeof(index_key->desc); 294 251 if (desc_len > n) 295 252 desc_len = n; 296 - offset += desc_len; 297 253 do { 298 254 chunk <<= 8; 299 - chunk |= ((u8*)index_key->description)[--offset]; 255 + chunk |= *d++; 300 256 } while (--desc_len > 0); 301 - 302 - if (level == 2) { 303 - chunk <<= 8; 304 - chunk |= (u8)((unsigned long)index_key->type >> 305 - (ASSOC_ARRAY_KEY_CHUNK_SIZE - 8)); 306 - } 307 257 return chunk; 308 258 } 309 259 } ··· 312 278 const struct key *key = keyring_ptr_to_key(object); 313 279 314 280 return key->index_key.type == index_key->type && 281 + key->index_key.domain_tag == index_key->domain_tag && 315 282 key->index_key.desc_len == index_key->desc_len && 316 283 memcmp(key->index_key.description, index_key->description, 317 284 index_key->desc_len) == 0; ··· 331 296 int level, i; 332 297 333 298 level = 0; 334 - seg_a = hash_key_type_and_desc(a); 335 - seg_b = hash_key_type_and_desc(b); 299 + seg_a = a->hash; 300 + seg_b = b->hash; 336 301 if ((seg_a ^ seg_b) != 0) 337 302 goto differ; 303 + level += ASSOC_ARRAY_KEY_CHUNK_SIZE / 8; 338 304 339 305 /* The number of bits contributed by the hash is controlled by a 340 306 * constant in the assoc_array headers. Everything else thereafter we 341 307 * can deal with as being machine word-size dependent. 342 308 */ 343 - level += ASSOC_ARRAY_KEY_CHUNK_SIZE / 8; 344 - seg_a = a->desc_len; 345 - seg_b = b->desc_len; 309 + seg_a = a->x; 310 + seg_b = b->x; 346 311 if ((seg_a ^ seg_b) != 0) 347 312 goto differ; 313 + level += sizeof(unsigned long); 348 314 349 315 /* The next bit may not work on big endian */ 350 - level++; 351 316 seg_a = (unsigned long)a->type; 352 317 seg_b = (unsigned long)b->type; 353 318 if ((seg_a ^ seg_b) != 0) 354 319 goto differ; 355 - 356 320 level += sizeof(unsigned long); 357 - if (a->desc_len == 0) 358 - goto same; 359 321 360 - i = 0; 361 - if (((unsigned long)a->description | (unsigned long)b->description) & 362 - (sizeof(unsigned long) - 1)) { 363 - do { 364 - seg_a = *(unsigned long *)(a->description + i); 365 - seg_b = *(unsigned long *)(b->description + i); 366 - if ((seg_a ^ seg_b) != 0) 367 - goto differ_plus_i; 368 - i += sizeof(unsigned long); 369 - } while (i < (a->desc_len & (sizeof(unsigned long) - 1))); 370 - } 322 + seg_a = (unsigned long)a->domain_tag; 323 + seg_b = (unsigned long)b->domain_tag; 324 + if ((seg_a ^ seg_b) != 0) 325 + goto differ; 326 + level += sizeof(unsigned long); 327 + 328 + i = sizeof(a->desc); 329 + if (a->desc_len <= i) 330 + goto same; 371 331 372 332 for (; i < a->desc_len; i++) { 373 333 seg_a = *(unsigned char *)(a->description + i); ··· 688 658 BUG_ON((ctx->flags & STATE_CHECKS) == 0 || 689 659 (ctx->flags & STATE_CHECKS) == STATE_CHECKS); 690 660 661 + if (ctx->index_key.description) 662 + key_set_index_key(&ctx->index_key); 663 + 691 664 /* Check to see if this top-level keyring is what we are looking for 692 665 * and whether it is valid or not. 693 666 */ ··· 730 697 * Non-keyrings avoid the leftmost branch of the root entirely (root 731 698 * slots 1-15). 732 699 */ 700 + if (!(ctx->flags & KEYRING_SEARCH_RECURSE)) 701 + goto not_this_keyring; 702 + 733 703 ptr = READ_ONCE(keyring->keys.root); 734 704 if (!ptr) 735 705 goto not_this_keyring; ··· 933 897 * @keyring: The root of the keyring tree to be searched. 934 898 * @type: The type of keyring we want to find. 935 899 * @description: The name of the keyring we want to find. 900 + * @recurse: True to search the children of @keyring also 936 901 * 937 902 * As keyring_search_rcu() above, but using the current task's credentials and 938 903 * type's default matching function and preferred search method. 939 904 */ 940 905 key_ref_t keyring_search(key_ref_t keyring, 941 906 struct key_type *type, 942 - const char *description) 907 + const char *description, 908 + bool recurse) 943 909 { 944 910 struct keyring_search_context ctx = { 945 911 .index_key.type = type, ··· 956 918 key_ref_t key; 957 919 int ret; 958 920 921 + if (recurse) 922 + ctx.flags |= KEYRING_SEARCH_RECURSE; 959 923 if (type->match_preparse) { 960 924 ret = type->match_preparse(&ctx.match_data); 961 925 if (ret < 0) ··· 1142 1102 */ 1143 1103 struct key *find_keyring_by_name(const char *name, bool uid_keyring) 1144 1104 { 1105 + struct user_namespace *ns = current_user_ns(); 1145 1106 struct key *keyring; 1146 - int bucket; 1147 1107 1148 1108 if (!name) 1149 1109 return ERR_PTR(-EINVAL); 1150 1110 1151 - bucket = keyring_hash(name); 1152 - 1153 1111 read_lock(&keyring_name_lock); 1154 1112 1155 - if (keyring_name_hash[bucket].next) { 1156 - /* search this hash bucket for a keyring with a matching name 1157 - * that's readable and that hasn't been revoked */ 1158 - list_for_each_entry(keyring, 1159 - &keyring_name_hash[bucket], 1160 - name_link 1161 - ) { 1162 - if (!kuid_has_mapping(current_user_ns(), keyring->user->uid)) 1163 - continue; 1113 + /* Search this hash bucket for a keyring with a matching name that 1114 + * grants Search permission and that hasn't been revoked 1115 + */ 1116 + list_for_each_entry(keyring, &ns->keyring_name_list, name_link) { 1117 + if (!kuid_has_mapping(ns, keyring->user->uid)) 1118 + continue; 1164 1119 1165 - if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) 1166 - continue; 1120 + if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) 1121 + continue; 1167 1122 1168 - if (strcmp(keyring->description, name) != 0) 1169 - continue; 1123 + if (strcmp(keyring->description, name) != 0) 1124 + continue; 1170 1125 1171 - if (uid_keyring) { 1172 - if (!test_bit(KEY_FLAG_UID_KEYRING, 1173 - &keyring->flags)) 1174 - continue; 1175 - } else { 1176 - if (key_permission(make_key_ref(keyring, 0), 1177 - KEY_NEED_SEARCH) < 0) 1178 - continue; 1179 - } 1180 - 1181 - /* we've got a match but we might end up racing with 1182 - * key_cleanup() if the keyring is currently 'dead' 1183 - * (ie. it has a zero usage count) */ 1184 - if (!refcount_inc_not_zero(&keyring->usage)) 1126 + if (uid_keyring) { 1127 + if (!test_bit(KEY_FLAG_UID_KEYRING, 1128 + &keyring->flags)) 1185 1129 continue; 1186 - keyring->last_used_at = ktime_get_real_seconds(); 1187 - goto out; 1130 + } else { 1131 + if (key_permission(make_key_ref(keyring, 0), 1132 + KEY_NEED_SEARCH) < 0) 1133 + continue; 1188 1134 } 1135 + 1136 + /* we've got a match but we might end up racing with 1137 + * key_cleanup() if the keyring is currently 'dead' 1138 + * (ie. it has a zero usage count) */ 1139 + if (!refcount_inc_not_zero(&keyring->usage)) 1140 + continue; 1141 + keyring->last_used_at = ktime_get_real_seconds(); 1142 + goto out; 1189 1143 } 1190 1144 1191 1145 keyring = ERR_PTR(-ENOKEY); ··· 1222 1188 .flags = (KEYRING_SEARCH_NO_STATE_CHECK | 1223 1189 KEYRING_SEARCH_NO_UPDATE_TIME | 1224 1190 KEYRING_SEARCH_NO_CHECK_PERM | 1225 - KEYRING_SEARCH_DETECT_TOO_DEEP), 1191 + KEYRING_SEARCH_DETECT_TOO_DEEP | 1192 + KEYRING_SEARCH_RECURSE), 1226 1193 }; 1227 1194 1228 1195 rcu_read_lock();

+6 -4

security/keys/persistent.c

··· 80 80 long ret; 81 81 82 82 /* Look in the register if it exists */ 83 + memset(&index_key, 0, sizeof(index_key)); 83 84 index_key.type = &key_type_keyring; 84 85 index_key.description = buf; 85 86 index_key.desc_len = sprintf(buf, "_persistent.%u", from_kuid(ns, uid)); 87 + key_set_index_key(&index_key); 86 88 87 89 if (ns->persistent_keyring_register) { 88 90 reg_ref = make_key_ref(ns->persistent_keyring_register, true); 89 - down_read(&ns->persistent_keyring_register_sem); 91 + down_read(&ns->keyring_sem); 90 92 persistent_ref = find_key_to_update(reg_ref, &index_key); 91 - up_read(&ns->persistent_keyring_register_sem); 93 + up_read(&ns->keyring_sem); 92 94 93 95 if (persistent_ref) 94 96 goto found; ··· 99 97 /* It wasn't in the register, so we'll need to create it. We might 100 98 * also need to create the register. 101 99 */ 102 - down_write(&ns->persistent_keyring_register_sem); 100 + down_write(&ns->keyring_sem); 103 101 persistent_ref = key_create_persistent(ns, uid, &index_key); 104 - up_write(&ns->persistent_keyring_register_sem); 102 + up_write(&ns->keyring_sem); 105 103 if (!IS_ERR(persistent_ref)) 106 104 goto found; 107 105

+2 -1

security/keys/proc.c

··· 166 166 .match_data.cmp = lookup_user_key_possessed, 167 167 .match_data.raw_data = key, 168 168 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, 169 - .flags = KEYRING_SEARCH_NO_STATE_CHECK, 169 + .flags = (KEYRING_SEARCH_NO_STATE_CHECK | 170 + KEYRING_SEARCH_RECURSE), 170 171 }; 171 172 172 173 key_ref = make_key_ref(key, 0);

+174 -96

security/keys/process_keys.c

··· 15 15 #include <linux/security.h> 16 16 #include <linux/user_namespace.h> 17 17 #include <linux/uaccess.h> 18 + #include <linux/init_task.h> 18 19 #include <keys/request_key_auth-type.h> 19 20 #include "internal.h" 20 21 21 22 /* Session keyring create vs join semaphore */ 22 23 static DEFINE_MUTEX(key_session_mutex); 23 - 24 - /* User keyring creation semaphore */ 25 - static DEFINE_MUTEX(key_user_keyring_mutex); 26 24 27 25 /* The root user's tracking struct */ 28 26 struct key_user root_key_user = { ··· 33 35 }; 34 36 35 37 /* 36 - * Install the user and user session keyrings for the current process's UID. 38 + * Get or create a user register keyring. 37 39 */ 38 - int install_user_keyrings(void) 40 + static struct key *get_user_register(struct user_namespace *user_ns) 39 41 { 40 - struct user_struct *user; 41 - const struct cred *cred; 42 - struct key *uid_keyring, *session_keyring; 42 + struct key *reg_keyring = READ_ONCE(user_ns->user_keyring_register); 43 + 44 + if (reg_keyring) 45 + return reg_keyring; 46 + 47 + down_write(&user_ns->keyring_sem); 48 + 49 + /* Make sure there's a register keyring. It gets owned by the 50 + * user_namespace's owner. 51 + */ 52 + reg_keyring = user_ns->user_keyring_register; 53 + if (!reg_keyring) { 54 + reg_keyring = keyring_alloc(".user_reg", 55 + user_ns->owner, INVALID_GID, 56 + &init_cred, 57 + KEY_POS_WRITE | KEY_POS_SEARCH | 58 + KEY_USR_VIEW | KEY_USR_READ, 59 + 0, 60 + NULL, NULL); 61 + if (!IS_ERR(reg_keyring)) 62 + smp_store_release(&user_ns->user_keyring_register, 63 + reg_keyring); 64 + } 65 + 66 + up_write(&user_ns->keyring_sem); 67 + 68 + /* We don't return a ref since the keyring is pinned by the user_ns */ 69 + return reg_keyring; 70 + } 71 + 72 + /* 73 + * Look up the user and user session keyrings for the current process's UID, 74 + * creating them if they don't exist. 75 + */ 76 + int look_up_user_keyrings(struct key **_user_keyring, 77 + struct key **_user_session_keyring) 78 + { 79 + const struct cred *cred = current_cred(); 80 + struct user_namespace *user_ns = current_user_ns(); 81 + struct key *reg_keyring, *uid_keyring, *session_keyring; 43 82 key_perm_t user_keyring_perm; 83 + key_ref_t uid_keyring_r, session_keyring_r; 84 + uid_t uid = from_kuid(user_ns, cred->user->uid); 44 85 char buf[20]; 45 86 int ret; 46 - uid_t uid; 47 87 48 88 user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL; 49 - cred = current_cred(); 50 - user = cred->user; 51 - uid = from_kuid(cred->user_ns, user->uid); 52 89 53 - kenter("%p{%u}", user, uid); 90 + kenter("%u", uid); 54 91 55 - if (READ_ONCE(user->uid_keyring) && READ_ONCE(user->session_keyring)) { 56 - kleave(" = 0 [exist]"); 57 - return 0; 58 - } 92 + reg_keyring = get_user_register(user_ns); 93 + if (IS_ERR(reg_keyring)) 94 + return PTR_ERR(reg_keyring); 59 95 60 - mutex_lock(&key_user_keyring_mutex); 96 + down_write(&user_ns->keyring_sem); 61 97 ret = 0; 62 98 63 - if (!user->uid_keyring) { 64 - /* get the UID-specific keyring 65 - * - there may be one in existence already as it may have been 66 - * pinned by a session, but the user_struct pointing to it 67 - * may have been destroyed by setuid */ 68 - sprintf(buf, "_uid.%u", uid); 69 - 70 - uid_keyring = find_keyring_by_name(buf, true); 99 + /* Get the user keyring. Note that there may be one in existence 100 + * already as it may have been pinned by a session, but the user_struct 101 + * pointing to it may have been destroyed by setuid. 102 + */ 103 + snprintf(buf, sizeof(buf), "_uid.%u", uid); 104 + uid_keyring_r = keyring_search(make_key_ref(reg_keyring, true), 105 + &key_type_keyring, buf, false); 106 + kdebug("_uid %p", uid_keyring_r); 107 + if (uid_keyring_r == ERR_PTR(-EAGAIN)) { 108 + uid_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID, 109 + cred, user_keyring_perm, 110 + KEY_ALLOC_UID_KEYRING | 111 + KEY_ALLOC_IN_QUOTA, 112 + NULL, reg_keyring); 71 113 if (IS_ERR(uid_keyring)) { 72 - uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID, 73 - cred, user_keyring_perm, 74 - KEY_ALLOC_UID_KEYRING | 75 - KEY_ALLOC_IN_QUOTA, 76 - NULL, NULL); 77 - if (IS_ERR(uid_keyring)) { 78 - ret = PTR_ERR(uid_keyring); 79 - goto error; 80 - } 114 + ret = PTR_ERR(uid_keyring); 115 + goto error; 81 116 } 82 - 83 - /* get a default session keyring (which might also exist 84 - * already) */ 85 - sprintf(buf, "_uid_ses.%u", uid); 86 - 87 - session_keyring = find_keyring_by_name(buf, true); 88 - if (IS_ERR(session_keyring)) { 89 - session_keyring = 90 - keyring_alloc(buf, user->uid, INVALID_GID, 91 - cred, user_keyring_perm, 92 - KEY_ALLOC_UID_KEYRING | 93 - KEY_ALLOC_IN_QUOTA, 94 - NULL, NULL); 95 - if (IS_ERR(session_keyring)) { 96 - ret = PTR_ERR(session_keyring); 97 - goto error_release; 98 - } 99 - 100 - /* we install a link from the user session keyring to 101 - * the user keyring */ 102 - ret = key_link(session_keyring, uid_keyring); 103 - if (ret < 0) 104 - goto error_release_both; 105 - } 106 - 107 - /* install the keyrings */ 108 - /* paired with READ_ONCE() */ 109 - smp_store_release(&user->uid_keyring, uid_keyring); 110 - /* paired with READ_ONCE() */ 111 - smp_store_release(&user->session_keyring, session_keyring); 117 + } else if (IS_ERR(uid_keyring_r)) { 118 + ret = PTR_ERR(uid_keyring_r); 119 + goto error; 120 + } else { 121 + uid_keyring = key_ref_to_ptr(uid_keyring_r); 112 122 } 113 123 114 - mutex_unlock(&key_user_keyring_mutex); 124 + /* Get a default session keyring (which might also exist already) */ 125 + snprintf(buf, sizeof(buf), "_uid_ses.%u", uid); 126 + session_keyring_r = keyring_search(make_key_ref(reg_keyring, true), 127 + &key_type_keyring, buf, false); 128 + kdebug("_uid_ses %p", session_keyring_r); 129 + if (session_keyring_r == ERR_PTR(-EAGAIN)) { 130 + session_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID, 131 + cred, user_keyring_perm, 132 + KEY_ALLOC_UID_KEYRING | 133 + KEY_ALLOC_IN_QUOTA, 134 + NULL, NULL); 135 + if (IS_ERR(session_keyring)) { 136 + ret = PTR_ERR(session_keyring); 137 + goto error_release; 138 + } 139 + 140 + /* We install a link from the user session keyring to 141 + * the user keyring. 142 + */ 143 + ret = key_link(session_keyring, uid_keyring); 144 + if (ret < 0) 145 + goto error_release_session; 146 + 147 + /* And only then link the user-session keyring to the 148 + * register. 149 + */ 150 + ret = key_link(reg_keyring, session_keyring); 151 + if (ret < 0) 152 + goto error_release_session; 153 + } else if (IS_ERR(session_keyring_r)) { 154 + ret = PTR_ERR(session_keyring_r); 155 + goto error_release; 156 + } else { 157 + session_keyring = key_ref_to_ptr(session_keyring_r); 158 + } 159 + 160 + up_write(&user_ns->keyring_sem); 161 + 162 + if (_user_session_keyring) 163 + *_user_session_keyring = session_keyring; 164 + else 165 + key_put(session_keyring); 166 + if (_user_keyring) 167 + *_user_keyring = uid_keyring; 168 + else 169 + key_put(uid_keyring); 115 170 kleave(" = 0"); 116 171 return 0; 117 172 118 - error_release_both: 173 + error_release_session: 119 174 key_put(session_keyring); 120 175 error_release: 121 176 key_put(uid_keyring); 122 177 error: 123 - mutex_unlock(&key_user_keyring_mutex); 178 + up_write(&user_ns->keyring_sem); 124 179 kleave(" = %d", ret); 125 180 return ret; 181 + } 182 + 183 + /* 184 + * Get the user session keyring if it exists, but don't create it if it 185 + * doesn't. 186 + */ 187 + struct key *get_user_session_keyring_rcu(const struct cred *cred) 188 + { 189 + struct key *reg_keyring = READ_ONCE(cred->user_ns->user_keyring_register); 190 + key_ref_t session_keyring_r; 191 + char buf[20]; 192 + 193 + struct keyring_search_context ctx = { 194 + .index_key.type = &key_type_keyring, 195 + .index_key.description = buf, 196 + .cred = cred, 197 + .match_data.cmp = key_default_cmp, 198 + .match_data.raw_data = buf, 199 + .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, 200 + .flags = KEYRING_SEARCH_DO_STATE_CHECK, 201 + }; 202 + 203 + if (!reg_keyring) 204 + return NULL; 205 + 206 + ctx.index_key.desc_len = snprintf(buf, sizeof(buf), "_uid_ses.%u", 207 + from_kuid(cred->user_ns, 208 + cred->user->uid)); 209 + 210 + session_keyring_r = keyring_search_rcu(make_key_ref(reg_keyring, true), 211 + &ctx); 212 + if (IS_ERR(session_keyring_r)) 213 + return NULL; 214 + return key_ref_to_ptr(session_keyring_r); 126 215 } 127 216 128 217 /* ··· 421 336 */ 422 337 key_ref_t search_cred_keyrings_rcu(struct keyring_search_context *ctx) 423 338 { 339 + struct key *user_session; 424 340 key_ref_t key_ref, ret, err; 425 341 const struct cred *cred = ctx->cred; 426 342 ··· 497 411 } 498 412 } 499 413 /* or search the user-session keyring */ 500 - else if (READ_ONCE(cred->user->session_keyring)) { 501 - key_ref = keyring_search_rcu( 502 - make_key_ref(READ_ONCE(cred->user->session_keyring), 1), 503 - ctx); 414 + else if ((user_session = get_user_session_keyring_rcu(cred))) { 415 + key_ref = keyring_search_rcu(make_key_ref(user_session, 1), 416 + ctx); 417 + key_put(user_session); 418 + 504 419 if (!IS_ERR(key_ref)) 505 420 goto found; 506 421 ··· 614 527 struct keyring_search_context ctx = { 615 528 .match_data.cmp = lookup_user_key_possessed, 616 529 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, 617 - .flags = KEYRING_SEARCH_NO_STATE_CHECK, 530 + .flags = (KEYRING_SEARCH_NO_STATE_CHECK | 531 + KEYRING_SEARCH_RECURSE), 618 532 }; 619 533 struct request_key_auth *rka; 620 - struct key *key; 534 + struct key *key, *user_session; 621 535 key_ref_t key_ref, skey_ref; 622 536 int ret; 623 537 ··· 667 579 if (!ctx.cred->session_keyring) { 668 580 /* always install a session keyring upon access if one 669 581 * doesn't exist yet */ 670 - ret = install_user_keyrings(); 582 + ret = look_up_user_keyrings(NULL, &user_session); 671 583 if (ret < 0) 672 584 goto error; 673 585 if (lflags & KEY_LOOKUP_CREATE) 674 586 ret = join_session_keyring(NULL); 675 587 else 676 - ret = install_session_keyring( 677 - ctx.cred->user->session_keyring); 588 + ret = install_session_keyring(user_session); 678 589 590 + key_put(user_session); 679 591 if (ret < 0) 680 592 goto error; 681 593 goto reget_creds; 682 - } else if (ctx.cred->session_keyring == 683 - READ_ONCE(ctx.cred->user->session_keyring) && 594 + } else if (test_bit(KEY_FLAG_UID_KEYRING, 595 + &ctx.cred->session_keyring->flags) && 684 596 lflags & KEY_LOOKUP_CREATE) { 685 597 ret = join_session_keyring(NULL); 686 598 if (ret < 0) ··· 694 606 break; 695 607 696 608 case KEY_SPEC_USER_KEYRING: 697 - if (!READ_ONCE(ctx.cred->user->uid_keyring)) { 698 - ret = install_user_keyrings(); 699 - if (ret < 0) 700 - goto error; 701 - } 702 - 703 - key = ctx.cred->user->uid_keyring; 704 - __key_get(key); 609 + ret = look_up_user_keyrings(&key, NULL); 610 + if (ret < 0) 611 + goto error; 705 612 key_ref = make_key_ref(key, 1); 706 613 break; 707 614 708 615 case KEY_SPEC_USER_SESSION_KEYRING: 709 - if (!READ_ONCE(ctx.cred->user->session_keyring)) { 710 - ret = install_user_keyrings(); 711 - if (ret < 0) 712 - goto error; 713 - } 714 - 715 - key = ctx.cred->user->session_keyring; 716 - __key_get(key); 616 + ret = look_up_user_keyrings(NULL, &key); 617 + if (ret < 0) 618 + goto error; 717 619 key_ref = make_key_ref(key, 1); 718 620 break; 719 621 ··· 952 874 */ 953 875 static int __init init_root_keyring(void) 954 876 { 955 - return install_user_keyrings(); 877 + return look_up_user_keyrings(NULL, NULL); 956 878 } 957 879 958 880 late_initcall(init_root_keyring);

+41 -21

security/keys/request_key.c

··· 13 13 #include <linux/err.h> 14 14 #include <linux/keyctl.h> 15 15 #include <linux/slab.h> 16 + #include <net/net_namespace.h> 16 17 #include "internal.h" 17 18 #include <keys/request_key_auth-type.h> 18 19 ··· 118 117 struct request_key_auth *rka = get_request_key_auth(authkey); 119 118 const struct cred *cred = current_cred(); 120 119 key_serial_t prkey, sskey; 121 - struct key *key = rka->target_key, *keyring, *session; 120 + struct key *key = rka->target_key, *keyring, *session, *user_session; 122 121 char *argv[9], *envp[3], uid_str[12], gid_str[12]; 123 122 char key_str[12], keyring_str[3][12]; 124 123 char desc[20]; ··· 126 125 127 126 kenter("{%d},{%d},%s", key->serial, authkey->serial, rka->op); 128 127 129 - ret = install_user_keyrings(); 128 + ret = look_up_user_keyrings(NULL, &user_session); 130 129 if (ret < 0) 131 - goto error_alloc; 130 + goto error_us; 132 131 133 132 /* allocate a new session keyring */ 134 133 sprintf(desc, "_req.%u", key->serial); ··· 166 165 167 166 session = cred->session_keyring; 168 167 if (!session) 169 - session = cred->user->session_keyring; 168 + session = user_session; 170 169 sskey = session->serial; 171 170 172 171 sprintf(keyring_str[2], "%d", sskey); ··· 208 207 key_put(keyring); 209 208 210 209 error_alloc: 210 + key_put(user_session); 211 + error_us: 211 212 complete_request_key(authkey, ret); 212 213 kleave(" = %d", ret); 213 214 return ret; ··· 316 313 317 314 /* fall through */ 318 315 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 319 - dest_keyring = 320 - key_get(READ_ONCE(cred->user->session_keyring)); 316 + ret = look_up_user_keyrings(NULL, &dest_keyring); 317 + if (ret < 0) 318 + return ret; 321 319 break; 322 320 323 321 case KEY_REQKEY_DEFL_USER_KEYRING: 324 - dest_keyring = 325 - key_get(READ_ONCE(cred->user->uid_keyring)); 322 + ret = look_up_user_keyrings(&dest_keyring, NULL); 323 + if (ret < 0) 324 + return ret; 326 325 break; 327 326 328 327 case KEY_REQKEY_DEFL_GROUP_KEYRING: ··· 530 525 * request_key_and_link - Request a key and cache it in a keyring. 531 526 * @type: The type of key we want. 532 527 * @description: The searchable description of the key. 528 + * @domain_tag: The domain in which the key operates. 533 529 * @callout_info: The data to pass to the instantiation upcall (or NULL). 534 530 * @callout_len: The length of callout_info. 535 531 * @aux: Auxiliary data for the upcall. 536 532 * @dest_keyring: Where to cache the key. 537 533 * @flags: Flags to key_alloc(). 538 534 * 539 - * A key matching the specified criteria is searched for in the process's 540 - * keyrings and returned with its usage count incremented if found. Otherwise, 541 - * if callout_info is not NULL, a key will be allocated and some service 542 - * (probably in userspace) will be asked to instantiate it. 535 + * A key matching the specified criteria (type, description, domain_tag) is 536 + * searched for in the process's keyrings and returned with its usage count 537 + * incremented if found. Otherwise, if callout_info is not NULL, a key will be 538 + * allocated and some service (probably in userspace) will be asked to 539 + * instantiate it. 543 540 * 544 541 * If successfully found or created, the key will be linked to the destination 545 542 * keyring if one is provided. ··· 557 550 */ 558 551 struct key *request_key_and_link(struct key_type *type, 559 552 const char *description, 553 + struct key_tag *domain_tag, 560 554 const void *callout_info, 561 555 size_t callout_len, 562 556 void *aux, ··· 566 558 { 567 559 struct keyring_search_context ctx = { 568 560 .index_key.type = type, 561 + .index_key.domain_tag = domain_tag, 569 562 .index_key.description = description, 570 563 .index_key.desc_len = strlen(description), 571 564 .cred = current_cred(), ··· 574 565 .match_data.raw_data = description, 575 566 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, 576 567 .flags = (KEYRING_SEARCH_DO_STATE_CHECK | 577 - KEYRING_SEARCH_SKIP_EXPIRED), 568 + KEYRING_SEARCH_SKIP_EXPIRED | 569 + KEYRING_SEARCH_RECURSE), 578 570 }; 579 571 struct key *key; 580 572 key_ref_t key_ref; ··· 673 663 EXPORT_SYMBOL(wait_for_key_construction); 674 664 675 665 /** 676 - * request_key - Request a key and wait for construction 666 + * request_key_tag - Request a key and wait for construction 677 667 * @type: Type of key. 678 668 * @description: The searchable description of the key. 669 + * @domain_tag: The domain in which the key operates. 679 670 * @callout_info: The data to pass to the instantiation upcall (or NULL). 680 671 * 681 672 * As for request_key_and_link() except that it does not add the returned key ··· 687 676 * Furthermore, it then works as wait_for_key_construction() to wait for the 688 677 * completion of keys undergoing construction with a non-interruptible wait. 689 678 */ 690 - struct key *request_key(struct key_type *type, 691 - const char *description, 692 - const char *callout_info) 679 + struct key *request_key_tag(struct key_type *type, 680 + const char *description, 681 + struct key_tag *domain_tag, 682 + const char *callout_info) 693 683 { 694 684 struct key *key; 695 685 size_t callout_len = 0; ··· 698 686 699 687 if (callout_info) 700 688 callout_len = strlen(callout_info); 701 - key = request_key_and_link(type, description, callout_info, callout_len, 689 + key = request_key_and_link(type, description, domain_tag, 690 + callout_info, callout_len, 702 691 NULL, NULL, KEY_ALLOC_IN_QUOTA); 703 692 if (!IS_ERR(key)) { 704 693 ret = wait_for_key_construction(key, false); ··· 710 697 } 711 698 return key; 712 699 } 713 - EXPORT_SYMBOL(request_key); 700 + EXPORT_SYMBOL(request_key_tag); 714 701 715 702 /** 716 703 * request_key_with_auxdata - Request a key with auxiliary data for the upcaller 717 704 * @type: The type of key we want. 718 705 * @description: The searchable description of the key. 706 + * @domain_tag: The domain in which the key operates. 719 707 * @callout_info: The data to pass to the instantiation upcall (or NULL). 720 708 * @callout_len: The length of callout_info. 721 709 * @aux: Auxiliary data for the upcall. ··· 729 715 */ 730 716 struct key *request_key_with_auxdata(struct key_type *type, 731 717 const char *description, 718 + struct key_tag *domain_tag, 732 719 const void *callout_info, 733 720 size_t callout_len, 734 721 void *aux) ··· 737 722 struct key *key; 738 723 int ret; 739 724 740 - key = request_key_and_link(type, description, callout_info, callout_len, 725 + key = request_key_and_link(type, description, domain_tag, 726 + callout_info, callout_len, 741 727 aux, NULL, KEY_ALLOC_IN_QUOTA); 742 728 if (!IS_ERR(key)) { 743 729 ret = wait_for_key_construction(key, false); ··· 755 739 * request_key_rcu - Request key from RCU-read-locked context 756 740 * @type: The type of key we want. 757 741 * @description: The name of the key we want. 742 + * @domain_tag: The domain in which the key operates. 758 743 * 759 744 * Request a key from a context that we may not sleep in (such as RCU-mode 760 745 * pathwalk). Keys under construction are ignored. ··· 763 746 * Return a pointer to the found key if successful, -ENOKEY if we couldn't find 764 747 * a key or some other error if the key found was unsuitable or inaccessible. 765 748 */ 766 - struct key *request_key_rcu(struct key_type *type, const char *description) 749 + struct key *request_key_rcu(struct key_type *type, 750 + const char *description, 751 + struct key_tag *domain_tag) 767 752 { 768 753 struct keyring_search_context ctx = { 769 754 .index_key.type = type, 755 + .index_key.domain_tag = domain_tag, 770 756 .index_key.description = description, 771 757 .index_key.desc_len = strlen(description), 772 758 .cred = current_cred(),

+2 -1

security/keys/request_key_auth.c

··· 248 248 .match_data.cmp = key_default_cmp, 249 249 .match_data.raw_data = description, 250 250 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, 251 - .flags = KEYRING_SEARCH_DO_STATE_CHECK, 251 + .flags = (KEYRING_SEARCH_DO_STATE_CHECK | 252 + KEYRING_SEARCH_RECURSE), 252 253 }; 253 254 struct key *authkey; 254 255 key_ref_t authkey_ref;