tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'keys-misc-20190619' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
Pull misc keyring updates from David Howells:
"These are some miscellaneous keyrings fixes and improvements:
- Fix a bunch of warnings from sparse, including missing RCU bits and
kdoc-function argument mismatches
- Implement a keyctl to allow a key to be moved from one keyring to
another, with the option of prohibiting key replacement in the
destination keyring.
- Grant Link permission to possessors of request_key_auth tokens so
that upcall servicing daemons can more easily arrange things such
that only the necessary auth key is passed to the actual service
program, and not all the auth keys a daemon might possesss.
- Improvement in lookup_user_key().
- Implement a keyctl to allow keyrings subsystem capabilities to be
queried.
The keyutils next branch has commits to make available, document and
test the move-key and capabilities code:
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/log
They're currently on the 'next' branch"
* tag 'keys-misc-20190619' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
keys: Add capability-checking keyctl function
keys: Reuse keyring_index_key::desc_len in lookup_user_key()
keys: Grant Link permission to possessers of request_key auth keys
keys: Add a keyctl to move a key between keyrings
keys: Hoist locking out of __key_link_begin()
keys: Break bits out of key_unlink()
keys: Change keyring_serialise_link_sem to a mutex
keys: sparse: Fix kdoc mismatches
keys: sparse: Fix incorrect RCU accesses
keys: sparse: Fix key_fs[ug]id_changed()
+424
-90
+21
Documentation/security/keys/core.rst
+21
Documentation/security/keys/core.rst
···
577
577
added.
578
578
579
579
580
+
* Move a key from one keyring to another::
581
+
582
+
long keyctl(KEYCTL_MOVE,
583
+
key_serial_t id,
584
+
key_serial_t from_ring_id,
585
+
key_serial_t to_ring_id,
586
+
unsigned int flags);
587
+
588
+
Move the key specified by "id" from the keyring specified by
589
+
"from_ring_id" to the keyring specified by "to_ring_id". If the two
590
+
keyrings are the same, nothing is done.
591
+
592
+
"flags" can have KEYCTL_MOVE_EXCL set in it to cause the operation to fail
593
+
with EEXIST if a matching key exists in the destination keyring, otherwise
594
+
such a key will be replaced.
595
+
596
+
A process must have link permission on the key for this function to be
597
+
successful and write permission on both keyrings. Any errors that can
598
+
occur from KEYCTL_LINK also apply on the destination keyring here.
599
+
600
+
580
601
* Unlink a key or keyring from another keyring::
581
602
582
603
long keyctl(KEYCTL_UNLINK, key_serial_t keyring, key_serial_t key);
+9
-4
include/linux/key.h
+9
-4
include/linux/key.h
···
305
305
extern int key_link(struct key *keyring,
306
306
struct key *key);
307
307
308
+
extern int key_move(struct key *key,
309
+
struct key *from_keyring,
310
+
struct key *to_keyring,
311
+
unsigned int flags);
312
+
308
313
extern int key_unlink(struct key *keyring,
309
314
struct key *key);
310
315
···
402
397
* the userspace interface
403
398
*/
404
399
extern int install_thread_keyring_to_cred(struct cred *cred);
405
-
extern void key_fsuid_changed(struct task_struct *tsk);
406
-
extern void key_fsgid_changed(struct task_struct *tsk);
400
+
extern void key_fsuid_changed(struct cred *new_cred);
401
+
extern void key_fsgid_changed(struct cred *new_cred);
407
402
extern void key_init(void);
408
403
409
404
#else /* CONFIG_KEYS */
···
418
413
#define make_key_ref(k, p) NULL
419
414
#define key_ref_to_ptr(k) NULL
420
415
#define is_key_possessed(k) 0
421
-
#define key_fsuid_changed(t) do { } while(0)
422
-
#define key_fsgid_changed(t) do { } while(0)
416
+
#define key_fsuid_changed(c) do { } while(0)
417
+
#define key_fsgid_changed(c) do { } while(0)
423
418
#define key_init() do { } while(0)
424
419
425
420
#endif /* CONFIG_KEYS */
+17
include/uapi/linux/keyctl.h
+17
include/uapi/linux/keyctl.h
···
67
67
#define KEYCTL_PKEY_SIGN 27 /* Create a public key signature */
68
68
#define KEYCTL_PKEY_VERIFY 28 /* Verify a public key signature */
69
69
#define KEYCTL_RESTRICT_KEYRING 29 /* Restrict keys allowed to link to a keyring */
70
+
#define KEYCTL_MOVE 30 /* Move keys between keyrings */
71
+
#define KEYCTL_CAPABILITIES 31 /* Find capabilities of keyrings subsystem */
70
72
71
73
/* keyctl structures */
72
74
struct keyctl_dh_params {
···
113
111
};
114
112
__u32 __spare[7];
115
113
};
114
+
115
+
#define KEYCTL_MOVE_EXCL 0x00000001 /* Do not displace from the to-keyring */
116
+
117
+
/*
118
+
* Capabilities flags. The capabilities list is an array of 8-bit integers;
119
+
* each integer can carry up to 8 flags.
120
+
*/
121
+
#define KEYCTL_CAPS0_CAPABILITIES 0x01 /* KEYCTL_CAPABILITIES supported */
122
+
#define KEYCTL_CAPS0_PERSISTENT_KEYRINGS 0x02 /* Persistent keyrings enabled */
123
+
#define KEYCTL_CAPS0_DIFFIE_HELLMAN 0x04 /* Diffie-Hellman computation enabled */
124
+
#define KEYCTL_CAPS0_PUBLIC_KEY 0x08 /* Public key ops enabled */
125
+
#define KEYCTL_CAPS0_BIG_KEY 0x10 /* big_key-type enabled */
126
+
#define KEYCTL_CAPS0_INVALIDATE 0x20 /* KEYCTL_INVALIDATE supported */
127
+
#define KEYCTL_CAPS0_RESTRICT_KEYRING 0x40 /* KEYCTL_RESTRICT_KEYRING supported */
128
+
#define KEYCTL_CAPS0_MOVE 0x80 /* KEYCTL_MOVE supported */
116
129
117
130
#endif /* _LINUX_KEYCTL_H */
+2
-2
kernel/cred.c
+2
-2
kernel/cred.c
···
460
460
461
461
/* alter the thread keyring */
462
462
if (!uid_eq(new->fsuid, old->fsuid))
463
-
key_fsuid_changed(task);
463
+
key_fsuid_changed(new);
464
464
if (!gid_eq(new->fsgid, old->fsgid))
465
-
key_fsgid_changed(task);
465
+
key_fsgid_changed(new);
466
466
467
467
/* do it
468
468
* RLIMIT_NPROC limits on user->processes have already been checked
+6
security/keys/compat.c
+6
security/keys/compat.c
···
155
155
return keyctl_pkey_verify(compat_ptr(arg2), compat_ptr(arg3),
156
156
compat_ptr(arg4), compat_ptr(arg5));
157
157
158
+
case KEYCTL_MOVE:
159
+
return keyctl_keyring_move(arg2, arg3, arg4, arg5);
160
+
161
+
case KEYCTL_CAPABILITIES:
162
+
return keyctl_capabilities(compat_ptr(arg2), arg3);
163
+
158
164
default:
159
165
return -EOPNOTSUPP;
160
166
}
+7
security/keys/internal.h
+7
security/keys/internal.h
···
89
89
extern struct key_type *key_type_lookup(const char *type);
90
90
extern void key_type_put(struct key_type *ktype);
91
91
92
+
extern int __key_link_lock(struct key *keyring,
93
+
const struct keyring_index_key *index_key);
94
+
extern int __key_move_lock(struct key *l_keyring, struct key *u_keyring,
95
+
const struct keyring_index_key *index_key);
92
96
extern int __key_link_begin(struct key *keyring,
93
97
const struct keyring_index_key *index_key,
94
98
struct assoc_array_edit **_edit);
···
215
211
extern long keyctl_revoke_key(key_serial_t);
216
212
extern long keyctl_keyring_clear(key_serial_t);
217
213
extern long keyctl_keyring_link(key_serial_t, key_serial_t);
214
+
extern long keyctl_keyring_move(key_serial_t, key_serial_t, key_serial_t, unsigned int);
218
215
extern long keyctl_keyring_unlink(key_serial_t, key_serial_t);
219
216
extern long keyctl_describe_key(key_serial_t, char __user *, size_t);
220
217
extern long keyctl_keyring_search(key_serial_t, const char __user *,
···
324
319
return -EOPNOTSUPP;
325
320
}
326
321
#endif
322
+
323
+
extern long keyctl_capabilities(unsigned char __user *_buffer, size_t buflen);
327
324
328
325
/*
329
326
* Debugging key validation
+21
-6
security/keys/key.c
+21
-6
security/keys/key.c
···
496
496
struct key *authkey)
497
497
{
498
498
struct key_preparsed_payload prep;
499
-
struct assoc_array_edit *edit;
499
+
struct assoc_array_edit *edit = NULL;
500
500
int ret;
501
501
502
502
memset(&prep, 0, sizeof(prep));
···
511
511
}
512
512
513
513
if (keyring) {
514
-
ret = __key_link_begin(keyring, &key->index_key, &edit);
514
+
ret = __key_link_lock(keyring, &key->index_key);
515
515
if (ret < 0)
516
516
goto error;
517
+
518
+
ret = __key_link_begin(keyring, &key->index_key, &edit);
519
+
if (ret < 0)
520
+
goto error_link_end;
517
521
518
522
if (keyring->restrict_link && keyring->restrict_link->check) {
519
523
struct key_restriction *keyres = keyring->restrict_link;
···
570
566
struct key *keyring,
571
567
struct key *authkey)
572
568
{
573
-
struct assoc_array_edit *edit;
569
+
struct assoc_array_edit *edit = NULL;
574
570
int ret, awaken, link_ret = 0;
575
571
576
572
key_check(key);
···
583
579
if (keyring->restrict_link)
584
580
return -EPERM;
585
581
586
-
link_ret = __key_link_begin(keyring, &key->index_key, &edit);
582
+
link_ret = __key_link_lock(keyring, &key->index_key);
583
+
if (link_ret == 0) {
584
+
link_ret = __key_link_begin(keyring, &key->index_key, &edit);
585
+
if (link_ret < 0)
586
+
__key_link_end(keyring, &key->index_key, edit);
587
+
}
587
588
}
588
589
589
590
mutex_lock(&key_construction_mutex);
···
815
806
.description = description,
816
807
};
817
808
struct key_preparsed_payload prep;
818
-
struct assoc_array_edit *edit;
809
+
struct assoc_array_edit *edit = NULL;
819
810
const struct cred *cred = current_cred();
820
811
struct key *keyring, *key = NULL;
821
812
key_ref_t key_ref;
···
865
856
}
866
857
index_key.desc_len = strlen(index_key.description);
867
858
868
-
ret = __key_link_begin(keyring, &index_key, &edit);
859
+
ret = __key_link_lock(keyring, &index_key);
869
860
if (ret < 0) {
870
861
key_ref = ERR_PTR(ret);
871
862
goto error_free_prep;
863
+
}
864
+
865
+
ret = __key_link_begin(keyring, &index_key, &edit);
866
+
if (ret < 0) {
867
+
key_ref = ERR_PTR(ret);
868
+
goto error_link_end;
872
869
}
873
870
874
871
if (restrict_link && restrict_link->check) {
+89
-1
security/keys/keyctl.c
+89
-1
security/keys/keyctl.c
···
26
26
27
27
#define KEY_MAX_DESC_SIZE 4096
28
28
29
+
static const unsigned char keyrings_capabilities[1] = {
30
+
[0] = (KEYCTL_CAPS0_CAPABILITIES |
31
+
(IS_ENABLED(CONFIG_PERSISTENT_KEYRINGS) ? KEYCTL_CAPS0_PERSISTENT_KEYRINGS : 0) |
32
+
(IS_ENABLED(CONFIG_KEY_DH_OPERATIONS) ? KEYCTL_CAPS0_DIFFIE_HELLMAN : 0) |
33
+
(IS_ENABLED(CONFIG_ASYMMETRIC_KEY_TYPE) ? KEYCTL_CAPS0_PUBLIC_KEY : 0) |
34
+
(IS_ENABLED(CONFIG_BIG_KEYS) ? KEYCTL_CAPS0_BIG_KEY : 0) |
35
+
KEYCTL_CAPS0_INVALIDATE |
36
+
KEYCTL_CAPS0_RESTRICT_KEYRING |
37
+
KEYCTL_CAPS0_MOVE
38
+
),
39
+
};
40
+
29
41
static int key_get_type_from_user(char *type,
30
42
const char __user *_type,
31
43
unsigned len)
···
577
565
error2:
578
566
key_ref_put(keyring_ref);
579
567
error:
568
+
return ret;
569
+
}
570
+
571
+
/*
572
+
* Move a link to a key from one keyring to another, displacing any matching
573
+
* key from the destination keyring.
574
+
*
575
+
* The key must grant the caller Link permission and both keyrings must grant
576
+
* the caller Write permission. There must also be a link in the from keyring
577
+
* to the key. If both keyrings are the same, nothing is done.
578
+
*
579
+
* If successful, 0 will be returned.
580
+
*/
581
+
long keyctl_keyring_move(key_serial_t id, key_serial_t from_ringid,
582
+
key_serial_t to_ringid, unsigned int flags)
583
+
{
584
+
key_ref_t key_ref, from_ref, to_ref;
585
+
long ret;
586
+
587
+
if (flags & ~KEYCTL_MOVE_EXCL)
588
+
return -EINVAL;
589
+
590
+
key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_NEED_LINK);
591
+
if (IS_ERR(key_ref))
592
+
return PTR_ERR(key_ref);
593
+
594
+
from_ref = lookup_user_key(from_ringid, 0, KEY_NEED_WRITE);
595
+
if (IS_ERR(from_ref)) {
596
+
ret = PTR_ERR(from_ref);
597
+
goto error2;
598
+
}
599
+
600
+
to_ref = lookup_user_key(to_ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
601
+
if (IS_ERR(to_ref)) {
602
+
ret = PTR_ERR(to_ref);
603
+
goto error3;
604
+
}
605
+
606
+
ret = key_move(key_ref_to_ptr(key_ref), key_ref_to_ptr(from_ref),
607
+
key_ref_to_ptr(to_ref), flags);
608
+
609
+
key_ref_put(to_ref);
610
+
error3:
611
+
key_ref_put(from_ref);
612
+
error2:
613
+
key_ref_put(key_ref);
580
614
return ret;
581
615
}
582
616
···
1578
1520
1579
1521
ret = -EPERM;
1580
1522
oldwork = NULL;
1581
-
parent = me->real_parent;
1523
+
parent = rcu_dereference_protected(me->real_parent,
1524
+
lockdep_is_held(&tasklist_lock));
1582
1525
1583
1526
/* the parent mustn't be init and mustn't be a kernel thread */
1584
1527
if (parent->pid <= 1 || !parent->mm)
···
1684
1625
error:
1685
1626
key_ref_put(key_ref);
1686
1627
return ret;
1628
+
}
1629
+
1630
+
/*
1631
+
* Get keyrings subsystem capabilities.
1632
+
*/
1633
+
long keyctl_capabilities(unsigned char __user *_buffer, size_t buflen)
1634
+
{
1635
+
size_t size = buflen;
1636
+
1637
+
if (size > 0) {
1638
+
if (size > sizeof(keyrings_capabilities))
1639
+
size = sizeof(keyrings_capabilities);
1640
+
if (copy_to_user(_buffer, keyrings_capabilities, size) != 0)
1641
+
return -EFAULT;
1642
+
if (size < buflen &&
1643
+
clear_user(_buffer + size, buflen - size) != 0)
1644
+
return -EFAULT;
1645
+
}
1646
+
1647
+
return sizeof(keyrings_capabilities);
1687
1648
}
1688
1649
1689
1650
/*
···
1845
1766
(const char __user *)arg3,
1846
1767
(const void __user *)arg4,
1847
1768
(const void __user *)arg5);
1769
+
1770
+
case KEYCTL_MOVE:
1771
+
return keyctl_keyring_move((key_serial_t)arg2,
1772
+
(key_serial_t)arg3,
1773
+
(key_serial_t)arg4,
1774
+
(unsigned int)arg5);
1775
+
1776
+
case KEYCTL_CAPABILITIES:
1777
+
return keyctl_capabilities((unsigned char __user *)arg2, (size_t)arg3);
1848
1778
1849
1779
default:
1850
1780
return -EOPNOTSUPP;
+232
-58
security/keys/keyring.c
+232
-58
security/keys/keyring.c
···
96
96
* Semaphore to serialise link/link calls to prevent two link calls in parallel
97
97
* introducing a cycle.
98
98
*/
99
-
static DECLARE_RWSEM(keyring_serialise_link_sem);
99
+
static DEFINE_MUTEX(keyring_serialise_link_lock);
100
100
101
101
/*
102
102
* Publish the name of a keyring so that it can be found by name (if it has
···
516
516
* @keyring: The keyring being added to.
517
517
* @type: The type of key being added.
518
518
* @payload: The payload of the key intended to be added.
519
-
* @data: Additional data for evaluating restriction.
519
+
* @restriction_key: Keys providing additional data for evaluating restriction.
520
520
*
521
521
* Reject the addition of any links to a keyring. It can be overridden by
522
522
* passing KEY_ALLOC_BYPASS_RESTRICTION to key_instantiate_and_link() when
···
972
972
973
973
/**
974
974
* keyring_restrict - Look up and apply a restriction to a keyring
975
-
*
976
-
* @keyring: The keyring to be restricted
975
+
* @keyring_ref: The keyring to be restricted
976
+
* @type: The key type that will provide the restriction checker.
977
977
* @restriction: The restriction options to apply to the keyring
978
+
*
979
+
* Look up a keyring and apply a restriction to it. The restriction is managed
980
+
* by the specific key type, but can be configured by the options specified in
981
+
* the restriction string.
978
982
*/
979
983
int keyring_restrict(key_ref_t keyring_ref, const char *type,
980
984
const char *restriction)
···
1196
1192
}
1197
1193
1198
1194
/*
1195
+
* Lock keyring for link.
1196
+
*/
1197
+
int __key_link_lock(struct key *keyring,
1198
+
const struct keyring_index_key *index_key)
1199
+
__acquires(&keyring->sem)
1200
+
__acquires(&keyring_serialise_link_lock)
1201
+
{
1202
+
if (keyring->type != &key_type_keyring)
1203
+
return -ENOTDIR;
1204
+
1205
+
down_write(&keyring->sem);
1206
+
1207
+
/* Serialise link/link calls to prevent parallel calls causing a cycle
1208
+
* when linking two keyring in opposite orders.
1209
+
*/
1210
+
if (index_key->type == &key_type_keyring)
1211
+
mutex_lock(&keyring_serialise_link_lock);
1212
+
1213
+
return 0;
1214
+
}
1215
+
1216
+
/*
1217
+
* Lock keyrings for move (link/unlink combination).
1218
+
*/
1219
+
int __key_move_lock(struct key *l_keyring, struct key *u_keyring,
1220
+
const struct keyring_index_key *index_key)
1221
+
__acquires(&l_keyring->sem)
1222
+
__acquires(&u_keyring->sem)
1223
+
__acquires(&keyring_serialise_link_lock)
1224
+
{
1225
+
if (l_keyring->type != &key_type_keyring ||
1226
+
u_keyring->type != &key_type_keyring)
1227
+
return -ENOTDIR;
1228
+
1229
+
/* We have to be very careful here to take the keyring locks in the
1230
+
* right order, lest we open ourselves to deadlocking against another
1231
+
* move operation.
1232
+
*/
1233
+
if (l_keyring < u_keyring) {
1234
+
down_write(&l_keyring->sem);
1235
+
down_write_nested(&u_keyring->sem, 1);
1236
+
} else {
1237
+
down_write(&u_keyring->sem);
1238
+
down_write_nested(&l_keyring->sem, 1);
1239
+
}
1240
+
1241
+
/* Serialise link/link calls to prevent parallel calls causing a cycle
1242
+
* when linking two keyring in opposite orders.
1243
+
*/
1244
+
if (index_key->type == &key_type_keyring)
1245
+
mutex_lock(&keyring_serialise_link_lock);
1246
+
1247
+
return 0;
1248
+
}
1249
+
1250
+
/*
1199
1251
* Preallocate memory so that a key can be linked into to a keyring.
1200
1252
*/
1201
1253
int __key_link_begin(struct key *keyring,
1202
1254
const struct keyring_index_key *index_key,
1203
1255
struct assoc_array_edit **_edit)
1204
-
__acquires(&keyring->sem)
1205
-
__acquires(&keyring_serialise_link_sem)
1206
1256
{
1207
1257
struct assoc_array_edit *edit;
1208
1258
int ret;
···
1265
1207
keyring->serial, index_key->type->name, index_key->description);
1266
1208
1267
1209
BUG_ON(index_key->desc_len == 0);
1210
+
BUG_ON(*_edit != NULL);
1268
1211
1269
-
if (keyring->type != &key_type_keyring)
1270
-
return -ENOTDIR;
1271
-
1272
-
down_write(&keyring->sem);
1212
+
*_edit = NULL;
1273
1213
1274
1214
ret = -EKEYREVOKED;
1275
1215
if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
1276
-
goto error_krsem;
1277
-
1278
-
/* serialise link/link calls to prevent parallel calls causing a cycle
1279
-
* when linking two keyring in opposite orders */
1280
-
if (index_key->type == &key_type_keyring)
1281
-
down_write(&keyring_serialise_link_sem);
1216
+
goto error;
1282
1217
1283
1218
/* Create an edit script that will insert/replace the key in the
1284
1219
* keyring tree.
···
1282
1231
NULL);
1283
1232
if (IS_ERR(edit)) {
1284
1233
ret = PTR_ERR(edit);
1285
-
goto error_sem;
1234
+
goto error;
1286
1235
}
1287
1236
1288
1237
/* If we're not replacing a link in-place then we're going to need some
···
1301
1250
1302
1251
error_cancel:
1303
1252
assoc_array_cancel_edit(edit);
1304
-
error_sem:
1305
-
if (index_key->type == &key_type_keyring)
1306
-
up_write(&keyring_serialise_link_sem);
1307
-
error_krsem:
1308
-
up_write(&keyring->sem);
1253
+
error:
1309
1254
kleave(" = %d", ret);
1310
1255
return ret;
1311
1256
}
···
1346
1299
const struct keyring_index_key *index_key,
1347
1300
struct assoc_array_edit *edit)
1348
1301
__releases(&keyring->sem)
1349
-
__releases(&keyring_serialise_link_sem)
1302
+
__releases(&keyring_serialise_link_lock)
1350
1303
{
1351
1304
BUG_ON(index_key->type == NULL);
1352
1305
kenter("%d,%s,", keyring->serial, index_key->type->name);
1353
-
1354
-
if (index_key->type == &key_type_keyring)
1355
-
up_write(&keyring_serialise_link_sem);
1356
1306
1357
1307
if (edit) {
1358
1308
if (!edit->dead_leaf) {
···
1359
1315
assoc_array_cancel_edit(edit);
1360
1316
}
1361
1317
up_write(&keyring->sem);
1318
+
1319
+
if (index_key->type == &key_type_keyring)
1320
+
mutex_unlock(&keyring_serialise_link_lock);
1362
1321
}
1363
1322
1364
1323
/*
···
1397
1350
*/
1398
1351
int key_link(struct key *keyring, struct key *key)
1399
1352
{
1400
-
struct assoc_array_edit *edit;
1353
+
struct assoc_array_edit *edit = NULL;
1401
1354
int ret;
1402
1355
1403
1356
kenter("{%d,%d}", keyring->serial, refcount_read(&keyring->usage));
···
1405
1358
key_check(keyring);
1406
1359
key_check(key);
1407
1360
1408
-
ret = __key_link_begin(keyring, &key->index_key, &edit);
1409
-
if (ret == 0) {
1410
-
kdebug("begun {%d,%d}", keyring->serial, refcount_read(&keyring->usage));
1411
-
ret = __key_link_check_restriction(keyring, key);
1412
-
if (ret == 0)
1413
-
ret = __key_link_check_live_key(keyring, key);
1414
-
if (ret == 0)
1415
-
__key_link(key, &edit);
1416
-
__key_link_end(keyring, &key->index_key, edit);
1417
-
}
1361
+
ret = __key_link_lock(keyring, &key->index_key);
1362
+
if (ret < 0)
1363
+
goto error;
1418
1364
1365
+
ret = __key_link_begin(keyring, &key->index_key, &edit);
1366
+
if (ret < 0)
1367
+
goto error_end;
1368
+
1369
+
kdebug("begun {%d,%d}", keyring->serial, refcount_read(&keyring->usage));
1370
+
ret = __key_link_check_restriction(keyring, key);
1371
+
if (ret == 0)
1372
+
ret = __key_link_check_live_key(keyring, key);
1373
+
if (ret == 0)
1374
+
__key_link(key, &edit);
1375
+
1376
+
error_end:
1377
+
__key_link_end(keyring, &key->index_key, edit);
1378
+
error:
1419
1379
kleave(" = %d {%d,%d}", ret, keyring->serial, refcount_read(&keyring->usage));
1420
1380
return ret;
1421
1381
}
1422
1382
EXPORT_SYMBOL(key_link);
1383
+
1384
+
/*
1385
+
* Lock a keyring for unlink.
1386
+
*/
1387
+
static int __key_unlink_lock(struct key *keyring)
1388
+
__acquires(&keyring->sem)
1389
+
{
1390
+
if (keyring->type != &key_type_keyring)
1391
+
return -ENOTDIR;
1392
+
1393
+
down_write(&keyring->sem);
1394
+
return 0;
1395
+
}
1396
+
1397
+
/*
1398
+
* Begin the process of unlinking a key from a keyring.
1399
+
*/
1400
+
static int __key_unlink_begin(struct key *keyring, struct key *key,
1401
+
struct assoc_array_edit **_edit)
1402
+
{
1403
+
struct assoc_array_edit *edit;
1404
+
1405
+
BUG_ON(*_edit != NULL);
1406
+
1407
+
edit = assoc_array_delete(&keyring->keys, &keyring_assoc_array_ops,
1408
+
&key->index_key);
1409
+
if (IS_ERR(edit))
1410
+
return PTR_ERR(edit);
1411
+
1412
+
if (!edit)
1413
+
return -ENOENT;
1414
+
1415
+
*_edit = edit;
1416
+
return 0;
1417
+
}
1418
+
1419
+
/*
1420
+
* Apply an unlink change.
1421
+
*/
1422
+
static void __key_unlink(struct key *keyring, struct key *key,
1423
+
struct assoc_array_edit **_edit)
1424
+
{
1425
+
assoc_array_apply_edit(*_edit);
1426
+
*_edit = NULL;
1427
+
key_payload_reserve(keyring, keyring->datalen - KEYQUOTA_LINK_BYTES);
1428
+
}
1429
+
1430
+
/*
1431
+
* Finish unlinking a key from to a keyring.
1432
+
*/
1433
+
static void __key_unlink_end(struct key *keyring,
1434
+
struct key *key,
1435
+
struct assoc_array_edit *edit)
1436
+
__releases(&keyring->sem)
1437
+
{
1438
+
if (edit)
1439
+
assoc_array_cancel_edit(edit);
1440
+
up_write(&keyring->sem);
1441
+
}
1423
1442
1424
1443
/**
1425
1444
* key_unlink - Unlink the first link to a key from a keyring.
···
1506
1393
*/
1507
1394
int key_unlink(struct key *keyring, struct key *key)
1508
1395
{
1509
-
struct assoc_array_edit *edit;
1396
+
struct assoc_array_edit *edit = NULL;
1510
1397
int ret;
1511
1398
1512
1399
key_check(keyring);
1513
1400
key_check(key);
1514
1401
1515
-
if (keyring->type != &key_type_keyring)
1516
-
return -ENOTDIR;
1402
+
ret = __key_unlink_lock(keyring);
1403
+
if (ret < 0)
1404
+
return ret;
1517
1405
1518
-
down_write(&keyring->sem);
1519
-
1520
-
edit = assoc_array_delete(&keyring->keys, &keyring_assoc_array_ops,
1521
-
&key->index_key);
1522
-
if (IS_ERR(edit)) {
1523
-
ret = PTR_ERR(edit);
1524
-
goto error;
1525
-
}
1526
-
ret = -ENOENT;
1527
-
if (edit == NULL)
1528
-
goto error;
1529
-
1530
-
assoc_array_apply_edit(edit);
1531
-
key_payload_reserve(keyring, keyring->datalen - KEYQUOTA_LINK_BYTES);
1532
-
ret = 0;
1533
-
1534
-
error:
1535
-
up_write(&keyring->sem);
1406
+
ret = __key_unlink_begin(keyring, key, &edit);
1407
+
if (ret == 0)
1408
+
__key_unlink(keyring, key, &edit);
1409
+
__key_unlink_end(keyring, key, edit);
1536
1410
return ret;
1537
1411
}
1538
1412
EXPORT_SYMBOL(key_unlink);
1413
+
1414
+
/**
1415
+
* key_move - Move a key from one keyring to another
1416
+
* @key: The key to move
1417
+
* @from_keyring: The keyring to remove the link from.
1418
+
* @to_keyring: The keyring to make the link in.
1419
+
* @flags: Qualifying flags, such as KEYCTL_MOVE_EXCL.
1420
+
*
1421
+
* Make a link in @to_keyring to a key, such that the keyring holds a reference
1422
+
* on that key and the key can potentially be found by searching that keyring
1423
+
* whilst simultaneously removing a link to the key from @from_keyring.
1424
+
*
1425
+
* This function will write-lock both keyring's semaphores and will consume
1426
+
* some of the user's key data quota to hold the link on @to_keyring.
1427
+
*
1428
+
* Returns 0 if successful, -ENOTDIR if either keyring isn't a keyring,
1429
+
* -EKEYREVOKED if either keyring has been revoked, -ENFILE if the second
1430
+
* keyring is full, -EDQUOT if there is insufficient key data quota remaining
1431
+
* to add another link or -ENOMEM if there's insufficient memory. If
1432
+
* KEYCTL_MOVE_EXCL is set, then -EEXIST will be returned if there's already a
1433
+
* matching key in @to_keyring.
1434
+
*
1435
+
* It is assumed that the caller has checked that it is permitted for a link to
1436
+
* be made (the keyring should have Write permission and the key Link
1437
+
* permission).
1438
+
*/
1439
+
int key_move(struct key *key,
1440
+
struct key *from_keyring,
1441
+
struct key *to_keyring,
1442
+
unsigned int flags)
1443
+
{
1444
+
struct assoc_array_edit *from_edit = NULL, *to_edit = NULL;
1445
+
int ret;
1446
+
1447
+
kenter("%d,%d,%d", key->serial, from_keyring->serial, to_keyring->serial);
1448
+
1449
+
if (from_keyring == to_keyring)
1450
+
return 0;
1451
+
1452
+
key_check(key);
1453
+
key_check(from_keyring);
1454
+
key_check(to_keyring);
1455
+
1456
+
ret = __key_move_lock(from_keyring, to_keyring, &key->index_key);
1457
+
if (ret < 0)
1458
+
goto out;
1459
+
ret = __key_unlink_begin(from_keyring, key, &from_edit);
1460
+
if (ret < 0)
1461
+
goto error;
1462
+
ret = __key_link_begin(to_keyring, &key->index_key, &to_edit);
1463
+
if (ret < 0)
1464
+
goto error;
1465
+
1466
+
ret = -EEXIST;
1467
+
if (to_edit->dead_leaf && (flags & KEYCTL_MOVE_EXCL))
1468
+
goto error;
1469
+
1470
+
ret = __key_link_check_restriction(to_keyring, key);
1471
+
if (ret < 0)
1472
+
goto error;
1473
+
ret = __key_link_check_live_key(to_keyring, key);
1474
+
if (ret < 0)
1475
+
goto error;
1476
+
1477
+
__key_unlink(from_keyring, key, &from_edit);
1478
+
__key_link(key, &to_edit);
1479
+
error:
1480
+
__key_link_end(to_keyring, &key->index_key, to_edit);
1481
+
__key_unlink_end(from_keyring, key, from_edit);
1482
+
out:
1483
+
kleave(" = %d", ret);
1484
+
return ret;
1485
+
}
1486
+
EXPORT_SYMBOL(key_move);
1539
1487
1540
1488
/**
1541
1489
* keyring_clear - Clear a keyring
+11
-15
security/keys/process_keys.c
+11
-15
security/keys/process_keys.c
···
289
289
/*
290
290
* Handle the fsuid changing.
291
291
*/
292
-
void key_fsuid_changed(struct task_struct *tsk)
292
+
void key_fsuid_changed(struct cred *new_cred)
293
293
{
294
294
/* update the ownership of the thread keyring */
295
-
BUG_ON(!tsk->cred);
296
-
if (tsk->cred->thread_keyring) {
297
-
down_write(&tsk->cred->thread_keyring->sem);
298
-
tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
299
-
up_write(&tsk->cred->thread_keyring->sem);
295
+
if (new_cred->thread_keyring) {
296
+
down_write(&new_cred->thread_keyring->sem);
297
+
new_cred->thread_keyring->uid = new_cred->fsuid;
298
+
up_write(&new_cred->thread_keyring->sem);
300
299
}
301
300
}
302
301
303
302
/*
304
303
* Handle the fsgid changing.
305
304
*/
306
-
void key_fsgid_changed(struct task_struct *tsk)
305
+
void key_fsgid_changed(struct cred *new_cred)
307
306
{
308
307
/* update the ownership of the thread keyring */
309
-
BUG_ON(!tsk->cred);
310
-
if (tsk->cred->thread_keyring) {
311
-
down_write(&tsk->cred->thread_keyring->sem);
312
-
tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
313
-
up_write(&tsk->cred->thread_keyring->sem);
308
+
if (new_cred->thread_keyring) {
309
+
down_write(&new_cred->thread_keyring->sem);
310
+
new_cred->thread_keyring->gid = new_cred->fsgid;
311
+
up_write(&new_cred->thread_keyring->sem);
314
312
}
315
313
}
316
314
···
684
686
key_ref = make_key_ref(key, 0);
685
687
686
688
/* check to see if we possess the key */
687
-
ctx.index_key.type = key->type;
688
-
ctx.index_key.description = key->description;
689
-
ctx.index_key.desc_len = strlen(key->description);
689
+
ctx.index_key = key->index_key;
690
690
ctx.match_data.raw_data = key;
691
691
kdebug("check possessed");
692
692
skey_ref = search_process_keyrings(&ctx);
+7
-2
security/keys/request_key.c
+7
-2
security/keys/request_key.c
···
20
20
21
21
/**
22
22
* complete_request_key - Complete the construction of a key.
23
-
* @auth_key: The authorisation key.
23
+
* @authkey: The authorisation key.
24
24
* @error: The success or failute of the construction.
25
25
*
26
26
* Complete the attempt to construct a key. The key will be negated
···
339
339
struct key_user *user,
340
340
struct key **_key)
341
341
{
342
-
struct assoc_array_edit *edit;
342
+
struct assoc_array_edit *edit = NULL;
343
343
struct key *key;
344
344
key_perm_t perm;
345
345
key_ref_t key_ref;
···
368
368
set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
369
369
370
370
if (dest_keyring) {
371
+
ret = __key_link_lock(dest_keyring, &ctx->index_key);
372
+
if (ret < 0)
373
+
goto link_lock_failed;
371
374
ret = __key_link_begin(dest_keyring, &ctx->index_key, &edit);
372
375
if (ret < 0)
373
376
goto link_prealloc_failed;
···
422
419
return ret;
423
420
424
421
link_prealloc_failed:
422
+
__key_link_end(dest_keyring, &ctx->index_key, edit);
423
+
link_lock_failed:
425
424
mutex_unlock(&user->cons_lock);
426
425
key_put(key);
427
426
kleave(" = %d [prelink]", ret);
+2
-2
security/keys/request_key_auth.c
+2
-2
security/keys/request_key_auth.c
···
148
148
struct key *dest_keyring)
149
149
{
150
150
struct request_key_auth *rka, *irka;
151
-
const struct cred *cred = current->cred;
151
+
const struct cred *cred = current_cred();
152
152
struct key *authkey = NULL;
153
153
char desc[20];
154
154
int ret = -ENOMEM;
···
200
200
201
201
authkey = key_alloc(&key_type_request_key_auth, desc,
202
202
cred->fsuid, cred->fsgid, cred,
203
-
KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH |
203
+
KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | KEY_POS_LINK |
204
204
KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA, NULL);
205
205
if (IS_ERR(authkey)) {
206
206
ret = PTR_ERR(authkey);