request_key improvements
-----BEGIN PGP SIGNATURE----- iQIVAwUAXRPObfu3V2unywtrAQJLKA//WENO5pZDHe49T+4GCY0ZmnGHKBUnU7g9 DUjxSNS8a/nwCyEdApZk9uHp2xsOedP6pjQ4VRWMQfrIPx0Yh9o3J+BQxvyP7PDf jEH+5CYC8dZnJJjjteWCcPEGrUoNb1YKfDRBU745YY+rLdHWvhHc27B6SYBg5BGT OwW3qyHvp0WMp7TehMALdnkqGph5gR5QMr45tOrH6DkGAhN8mAIKD699d3MqZG73 +S5KlQOlDlEVrxbD/BgzlzEJQUBQyq8hd61taBFT7LXBNlLJJOnMhd7UJY5IJE7J Vi9NpcLj4Emwv4wvZ2xneV0rMbsCbxRMKZLDRuqQ6Tm17xjpjro4n1ujneTAqmmy d+XlrVQ2ZMciMNmGleezOoBib9QbY5NWdilc2ls5ydFGiBVL73bIOYtEQNai8lWd LBBIIrxOmLO7bnipgqVKRnqeMdMkpWaLISoRfSeJbRt4lGxmka9bDBrSgONnxzJK JG+sB8ahSVZaBbhERW8DKnBz61Yf8ka7ijVvjH3zCXu0rbLTy+LLUz5kbzbBP9Fc LiUapLV/v420gD2ZRCgPQwtQui4TpBkSGJKS1Ippyn7LGBNCZLM4Y8vOoo4nqr7z RhpEKbKeOdVjORaYjO8Zttj8gN9rT6WnPcyCTHdNEnyjotU1ykyVBkzexj+VYvjM C3eIdjG7Jk0= =c2FO -----END PGP SIGNATURE----- Merge tag 'keys-request-20190626' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs Pull request_key improvements from David Howells: "These are all request_key()-related, including a fix and some improvements: - Fix the lack of a Link permission check on a key found by request_key(), thereby enabling request_key() to link keys that don't grant this permission to the target keyring (which must still grant Write permission). Note that the key must be in the caller's keyrings already to be found. - Invalidate used request_key authentication keys rather than revoking them, so that they get cleaned up immediately rather than hanging around till the expiry time is passed. - Move the RCU locks outwards from the keyring search functions so that a request_key_rcu() can be provided. This can be called in RCU mode, so it can't sleep and can't upcall - but it can be called from LOOKUP_RCU pathwalk mode. - Cache the latest positive result of request_key*() temporarily in task_struct so that filesystems that make a lot of request_key() calls during pathwalk can take advantage of it to avoid having to redo the searching. This requires CONFIG_KEYS_REQUEST_CACHE=y. It is assumed that the key just found is likely to be used multiple times in each step in an RCU pathwalk, and is likely to be reused for the next step too. Note that the cleanup of the cache is done on TIF_NOTIFY_RESUME, just before userspace resumes, and on exit" * tag 'keys-request-20190626' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: keys: Kill off request_key_async{,_with_auxdata} keys: Cache result of request_key*() temporarily in task_struct keys: Provide request_key_rcu() keys: Move the RCU locks outwards from the keyring search functions keys: Invalidate used request_key authentication keys keys: Fix request_key() lack of Link perm check on found key
This commit is contained in:
commit
c236b6dd48
|
@ -433,6 +433,10 @@ The main syscalls are:
|
||||||
/sbin/request-key will be invoked in an attempt to obtain a key. The
|
/sbin/request-key will be invoked in an attempt to obtain a key. The
|
||||||
callout_info string will be passed as an argument to the program.
|
callout_info string will be passed as an argument to the program.
|
||||||
|
|
||||||
|
To link a key into the destination keyring the key must grant link
|
||||||
|
permission on the key to the caller and the keyring must grant write
|
||||||
|
permission.
|
||||||
|
|
||||||
See also Documentation/security/keys/request-key.rst.
|
See also Documentation/security/keys/request-key.rst.
|
||||||
|
|
||||||
|
|
||||||
|
@ -1111,36 +1115,14 @@ payload contents" for more information.
|
||||||
is a blob of length callout_len, if given (the length may be 0).
|
is a blob of length callout_len, if given (the length may be 0).
|
||||||
|
|
||||||
|
|
||||||
* A key can be requested asynchronously by calling one of::
|
* To search for a key under RCU conditions, call::
|
||||||
|
|
||||||
struct key *request_key_async(const struct key_type *type,
|
struct key *request_key_rcu(const struct key_type *type,
|
||||||
const char *description,
|
const char *description);
|
||||||
const void *callout_info,
|
|
||||||
size_t callout_len);
|
|
||||||
|
|
||||||
or::
|
which is similar to request_key() except that it does not check for keys
|
||||||
|
that are under construction and it will not call out to userspace to
|
||||||
struct key *request_key_async_with_auxdata(const struct key_type *type,
|
construct a key if it can't find a match.
|
||||||
const char *description,
|
|
||||||
const char *callout_info,
|
|
||||||
size_t callout_len,
|
|
||||||
void *aux);
|
|
||||||
|
|
||||||
which are asynchronous equivalents of request_key() and
|
|
||||||
request_key_with_auxdata() respectively.
|
|
||||||
|
|
||||||
These two functions return with the key potentially still under
|
|
||||||
construction. To wait for construction completion, the following should be
|
|
||||||
called::
|
|
||||||
|
|
||||||
int wait_for_key_construction(struct key *key, bool intr);
|
|
||||||
|
|
||||||
The function will wait for the key to finish being constructed and then
|
|
||||||
invokes key_validate() to return an appropriate value to indicate the state
|
|
||||||
of the key (0 indicates the key is usable).
|
|
||||||
|
|
||||||
If intr is true, then the wait can be interrupted by a signal, in which
|
|
||||||
case error ERESTARTSYS will be returned.
|
|
||||||
|
|
||||||
|
|
||||||
* When it is no longer required, the key should be released using::
|
* When it is no longer required, the key should be released using::
|
||||||
|
|
|
@ -23,18 +23,8 @@ or::
|
||||||
|
|
||||||
or::
|
or::
|
||||||
|
|
||||||
struct key *request_key_async(const struct key_type *type,
|
struct key *request_key_rcu(const struct key_type *type,
|
||||||
const char *description,
|
const char *description);
|
||||||
const char *callout_info,
|
|
||||||
size_t callout_len);
|
|
||||||
|
|
||||||
or::
|
|
||||||
|
|
||||||
struct key *request_key_async_with_auxdata(const struct key_type *type,
|
|
||||||
const char *description,
|
|
||||||
const char *callout_info,
|
|
||||||
size_t callout_len,
|
|
||||||
void *aux);
|
|
||||||
|
|
||||||
Or by userspace invoking the request_key system call::
|
Or by userspace invoking the request_key system call::
|
||||||
|
|
||||||
|
@ -48,14 +38,14 @@ does not need to link the key to a keyring to prevent it from being immediately
|
||||||
destroyed. The kernel interface returns a pointer directly to the key, and
|
destroyed. The kernel interface returns a pointer directly to the key, and
|
||||||
it's up to the caller to destroy the key.
|
it's up to the caller to destroy the key.
|
||||||
|
|
||||||
The request_key*_with_auxdata() calls are like the in-kernel request_key*()
|
The request_key_with_auxdata() calls is like the in-kernel request_key() call,
|
||||||
calls, except that they permit auxiliary data to be passed to the upcaller (the
|
except that they permit auxiliary data to be passed to the upcaller (the
|
||||||
default is NULL). This is only useful for those key types that define their
|
default is NULL). This is only useful for those key types that define their
|
||||||
own upcall mechanism rather than using /sbin/request-key.
|
own upcall mechanism rather than using /sbin/request-key.
|
||||||
|
|
||||||
The two async in-kernel calls may return keys that are still in the process of
|
The request_key_rcu() call is like the in-kernel request_key() call, except
|
||||||
being constructed. The two non-async ones will wait for construction to
|
that it doesn't check for keys that are under construction and doesn't attempt
|
||||||
complete first.
|
to construct missing keys.
|
||||||
|
|
||||||
The userspace interface links the key to a keyring associated with the process
|
The userspace interface links the key to a keyring associated with the process
|
||||||
to prevent the key from going away, and returns the serial number of the key to
|
to prevent the key from going away, and returns the serial number of the key to
|
||||||
|
@ -148,7 +138,7 @@ The Search Algorithm
|
||||||
|
|
||||||
A search of any particular keyring proceeds in the following fashion:
|
A search of any particular keyring proceeds in the following fashion:
|
||||||
|
|
||||||
1) When the key management code searches for a key (keyring_search_aux) it
|
1) When the key management code searches for a key (keyring_search_rcu) it
|
||||||
firstly calls key_permission(SEARCH) on the keyring it's starting with,
|
firstly calls key_permission(SEARCH) on the keyring it's starting with,
|
||||||
if this denies permission, it doesn't search further.
|
if this denies permission, it doesn't search further.
|
||||||
|
|
||||||
|
@ -167,6 +157,9 @@ The process stops immediately a valid key is found with permission granted to
|
||||||
use it. Any error from a previous match attempt is discarded and the key is
|
use it. Any error from a previous match attempt is discarded and the key is
|
||||||
returned.
|
returned.
|
||||||
|
|
||||||
|
When request_key() is invoked, if CONFIG_KEYS_REQUEST_CACHE=y, a per-task
|
||||||
|
one-key cache is first checked for a match.
|
||||||
|
|
||||||
When search_process_keyrings() is invoked, it performs the following searches
|
When search_process_keyrings() is invoked, it performs the following searches
|
||||||
until one succeeds:
|
until one succeeds:
|
||||||
|
|
||||||
|
@ -186,7 +179,9 @@ until one succeeds:
|
||||||
c) The calling process's session keyring is searched.
|
c) The calling process's session keyring is searched.
|
||||||
|
|
||||||
The moment one succeeds, all pending errors are discarded and the found key is
|
The moment one succeeds, all pending errors are discarded and the found key is
|
||||||
returned.
|
returned. If CONFIG_KEYS_REQUEST_CACHE=y, then that key is placed in the
|
||||||
|
per-task cache, displacing the previous key. The cache is cleared on exit or
|
||||||
|
just prior to resumption of userspace.
|
||||||
|
|
||||||
Only if all these fail does the whole thing fail with the highest priority
|
Only if all these fail does the whole thing fail with the highest priority
|
||||||
error. Note that several errors may have come from LSM.
|
error. Note that several errors may have come from LSM.
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
* Authorisation record for request_key().
|
* Authorisation record for request_key().
|
||||||
*/
|
*/
|
||||||
struct request_key_auth {
|
struct request_key_auth {
|
||||||
|
struct rcu_head rcu;
|
||||||
struct key *target_key;
|
struct key *target_key;
|
||||||
struct key *dest_keyring;
|
struct key *dest_keyring;
|
||||||
const struct cred *cred;
|
const struct cred *cred;
|
||||||
|
|
|
@ -269,23 +269,15 @@ extern struct key *request_key(struct key_type *type,
|
||||||
const char *description,
|
const char *description,
|
||||||
const char *callout_info);
|
const char *callout_info);
|
||||||
|
|
||||||
|
extern struct key *request_key_rcu(struct key_type *type,
|
||||||
|
const char *description);
|
||||||
|
|
||||||
extern struct key *request_key_with_auxdata(struct key_type *type,
|
extern struct key *request_key_with_auxdata(struct key_type *type,
|
||||||
const char *description,
|
const char *description,
|
||||||
const void *callout_info,
|
const void *callout_info,
|
||||||
size_t callout_len,
|
size_t callout_len,
|
||||||
void *aux);
|
void *aux);
|
||||||
|
|
||||||
extern struct key *request_key_async(struct key_type *type,
|
|
||||||
const char *description,
|
|
||||||
const void *callout_info,
|
|
||||||
size_t callout_len);
|
|
||||||
|
|
||||||
extern struct key *request_key_async_with_auxdata(struct key_type *type,
|
|
||||||
const char *description,
|
|
||||||
const void *callout_info,
|
|
||||||
size_t callout_len,
|
|
||||||
void *aux);
|
|
||||||
|
|
||||||
extern int wait_for_key_construction(struct key *key, bool intr);
|
extern int wait_for_key_construction(struct key *key, bool intr);
|
||||||
|
|
||||||
extern int key_validate(const struct key *key);
|
extern int key_validate(const struct key *key);
|
||||||
|
|
|
@ -892,6 +892,11 @@ struct task_struct {
|
||||||
/* Effective (overridable) subjective task credentials (COW): */
|
/* Effective (overridable) subjective task credentials (COW): */
|
||||||
const struct cred __rcu *cred;
|
const struct cred __rcu *cred;
|
||||||
|
|
||||||
|
#ifdef CONFIG_KEYS
|
||||||
|
/* Cached requested key. */
|
||||||
|
struct key *cached_requested_key;
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* executable name, excluding path.
|
* executable name, excluding path.
|
||||||
*
|
*
|
||||||
|
|
|
@ -184,6 +184,13 @@ static inline void tracehook_notify_resume(struct pt_regs *regs)
|
||||||
if (unlikely(current->task_works))
|
if (unlikely(current->task_works))
|
||||||
task_work_run();
|
task_work_run();
|
||||||
|
|
||||||
|
#ifdef CONFIG_KEYS_REQUEST_CACHE
|
||||||
|
if (unlikely(current->cached_requested_key)) {
|
||||||
|
key_put(current->cached_requested_key);
|
||||||
|
current->cached_requested_key = NULL;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
mem_cgroup_handle_over_high();
|
mem_cgroup_handle_over_high();
|
||||||
blkcg_maybe_throttle_current();
|
blkcg_maybe_throttle_current();
|
||||||
}
|
}
|
||||||
|
|
|
@ -170,6 +170,11 @@ void exit_creds(struct task_struct *tsk)
|
||||||
validate_creds(cred);
|
validate_creds(cred);
|
||||||
alter_cred_subscribers(cred, -1);
|
alter_cred_subscribers(cred, -1);
|
||||||
put_cred(cred);
|
put_cred(cred);
|
||||||
|
|
||||||
|
#ifdef CONFIG_KEYS_REQUEST_CACHE
|
||||||
|
key_put(current->cached_requested_key);
|
||||||
|
current->cached_requested_key = NULL;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -323,6 +328,10 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags)
|
||||||
struct cred *new;
|
struct cred *new;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
|
#ifdef CONFIG_KEYS_REQUEST_CACHE
|
||||||
|
p->cached_requested_key = NULL;
|
||||||
|
#endif
|
||||||
|
|
||||||
if (
|
if (
|
||||||
#ifdef CONFIG_KEYS
|
#ifdef CONFIG_KEYS
|
||||||
!p->cred->thread_keyring &&
|
!p->cred->thread_keyring &&
|
||||||
|
|
|
@ -25,6 +25,24 @@ config KEYS_COMPAT
|
||||||
def_bool y
|
def_bool y
|
||||||
depends on COMPAT && KEYS
|
depends on COMPAT && KEYS
|
||||||
|
|
||||||
|
config KEYS_REQUEST_CACHE
|
||||||
|
bool "Enable temporary caching of the last request_key() result"
|
||||||
|
depends on KEYS
|
||||||
|
help
|
||||||
|
This option causes the result of the last successful request_key()
|
||||||
|
call that didn't upcall to the kernel to be cached temporarily in the
|
||||||
|
task_struct. The cache is cleared by exit and just prior to the
|
||||||
|
resumption of userspace.
|
||||||
|
|
||||||
|
This allows the key used for multiple step processes where each step
|
||||||
|
wants to request a key that is likely the same as the one requested
|
||||||
|
by the last step to save on the searching.
|
||||||
|
|
||||||
|
An example of such a process is a pathwalk through a network
|
||||||
|
filesystem in which each method needs to request an authentication
|
||||||
|
key. Pathwalk will call multiple methods for each dentry traversed
|
||||||
|
(permission, d_revalidate, lookup, getxattr, getacl, ...).
|
||||||
|
|
||||||
config PERSISTENT_KEYRINGS
|
config PERSISTENT_KEYRINGS
|
||||||
bool "Enable register of persistent per-UID keyrings"
|
bool "Enable register of persistent per-UID keyrings"
|
||||||
depends on KEYS
|
depends on KEYS
|
||||||
|
|
|
@ -135,11 +135,11 @@ struct keyring_search_context {
|
||||||
|
|
||||||
extern bool key_default_cmp(const struct key *key,
|
extern bool key_default_cmp(const struct key *key,
|
||||||
const struct key_match_data *match_data);
|
const struct key_match_data *match_data);
|
||||||
extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
|
extern key_ref_t keyring_search_rcu(key_ref_t keyring_ref,
|
||||||
struct keyring_search_context *ctx);
|
struct keyring_search_context *ctx);
|
||||||
|
|
||||||
extern key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx);
|
extern key_ref_t search_cred_keyrings_rcu(struct keyring_search_context *ctx);
|
||||||
extern key_ref_t search_process_keyrings(struct keyring_search_context *ctx);
|
extern key_ref_t search_process_keyrings_rcu(struct keyring_search_context *ctx);
|
||||||
|
|
||||||
extern struct key *find_keyring_by_name(const char *name, bool uid_keyring);
|
extern struct key *find_keyring_by_name(const char *name, bool uid_keyring);
|
||||||
|
|
||||||
|
|
|
@ -455,7 +455,7 @@ static int __key_instantiate_and_link(struct key *key,
|
||||||
|
|
||||||
/* disable the authorisation key */
|
/* disable the authorisation key */
|
||||||
if (authkey)
|
if (authkey)
|
||||||
key_revoke(authkey);
|
key_invalidate(authkey);
|
||||||
|
|
||||||
if (prep->expiry != TIME64_MAX) {
|
if (prep->expiry != TIME64_MAX) {
|
||||||
key->expiry = prep->expiry;
|
key->expiry = prep->expiry;
|
||||||
|
@ -612,7 +612,7 @@ int key_reject_and_link(struct key *key,
|
||||||
|
|
||||||
/* disable the authorisation key */
|
/* disable the authorisation key */
|
||||||
if (authkey)
|
if (authkey)
|
||||||
key_revoke(authkey);
|
key_invalidate(authkey);
|
||||||
}
|
}
|
||||||
|
|
||||||
mutex_unlock(&key_construction_mutex);
|
mutex_unlock(&key_construction_mutex);
|
||||||
|
|
|
@ -831,7 +831,7 @@ found:
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* keyring_search_aux - Search a keyring tree for a key matching some criteria
|
* keyring_search_rcu - Search a keyring tree for a matching key under RCU
|
||||||
* @keyring_ref: A pointer to the keyring with possession indicator.
|
* @keyring_ref: A pointer to the keyring with possession indicator.
|
||||||
* @ctx: The keyring search context.
|
* @ctx: The keyring search context.
|
||||||
*
|
*
|
||||||
|
@ -843,7 +843,9 @@ found:
|
||||||
* addition, the LSM gets to forbid keyring searches and key matches.
|
* addition, the LSM gets to forbid keyring searches and key matches.
|
||||||
*
|
*
|
||||||
* The search is performed as a breadth-then-depth search up to the prescribed
|
* The search is performed as a breadth-then-depth search up to the prescribed
|
||||||
* limit (KEYRING_SEARCH_MAX_DEPTH).
|
* limit (KEYRING_SEARCH_MAX_DEPTH). The caller must hold the RCU read lock to
|
||||||
|
* prevent keyrings from being destroyed or rearranged whilst they are being
|
||||||
|
* searched.
|
||||||
*
|
*
|
||||||
* Keys are matched to the type provided and are then filtered by the match
|
* Keys are matched to the type provided and are then filtered by the match
|
||||||
* function, which is given the description to use in any way it sees fit. The
|
* function, which is given the description to use in any way it sees fit. The
|
||||||
|
@ -862,7 +864,7 @@ found:
|
||||||
* In the case of a successful return, the possession attribute from
|
* In the case of a successful return, the possession attribute from
|
||||||
* @keyring_ref is propagated to the returned key reference.
|
* @keyring_ref is propagated to the returned key reference.
|
||||||
*/
|
*/
|
||||||
key_ref_t keyring_search_aux(key_ref_t keyring_ref,
|
key_ref_t keyring_search_rcu(key_ref_t keyring_ref,
|
||||||
struct keyring_search_context *ctx)
|
struct keyring_search_context *ctx)
|
||||||
{
|
{
|
||||||
struct key *keyring;
|
struct key *keyring;
|
||||||
|
@ -884,11 +886,9 @@ key_ref_t keyring_search_aux(key_ref_t keyring_ref,
|
||||||
return ERR_PTR(err);
|
return ERR_PTR(err);
|
||||||
}
|
}
|
||||||
|
|
||||||
rcu_read_lock();
|
|
||||||
ctx->now = ktime_get_real_seconds();
|
ctx->now = ktime_get_real_seconds();
|
||||||
if (search_nested_keyrings(keyring, ctx))
|
if (search_nested_keyrings(keyring, ctx))
|
||||||
__key_get(key_ref_to_ptr(ctx->result));
|
__key_get(key_ref_to_ptr(ctx->result));
|
||||||
rcu_read_unlock();
|
|
||||||
return ctx->result;
|
return ctx->result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -898,7 +898,7 @@ key_ref_t keyring_search_aux(key_ref_t keyring_ref,
|
||||||
* @type: The type of keyring we want to find.
|
* @type: The type of keyring we want to find.
|
||||||
* @description: The name of the keyring we want to find.
|
* @description: The name of the keyring we want to find.
|
||||||
*
|
*
|
||||||
* As keyring_search_aux() above, but using the current task's credentials and
|
* As keyring_search_rcu() above, but using the current task's credentials and
|
||||||
* type's default matching function and preferred search method.
|
* type's default matching function and preferred search method.
|
||||||
*/
|
*/
|
||||||
key_ref_t keyring_search(key_ref_t keyring,
|
key_ref_t keyring_search(key_ref_t keyring,
|
||||||
|
@ -924,7 +924,9 @@ key_ref_t keyring_search(key_ref_t keyring,
|
||||||
return ERR_PTR(ret);
|
return ERR_PTR(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
key = keyring_search_aux(keyring, &ctx);
|
rcu_read_lock();
|
||||||
|
key = keyring_search_rcu(keyring, &ctx);
|
||||||
|
rcu_read_unlock();
|
||||||
|
|
||||||
if (type->match_free)
|
if (type->match_free)
|
||||||
type->match_free(&ctx.match_data);
|
type->match_free(&ctx.match_data);
|
||||||
|
|
|
@ -175,7 +175,9 @@ static int proc_keys_show(struct seq_file *m, void *v)
|
||||||
* skip if the key does not indicate the possessor can view it
|
* skip if the key does not indicate the possessor can view it
|
||||||
*/
|
*/
|
||||||
if (key->perm & KEY_POS_VIEW) {
|
if (key->perm & KEY_POS_VIEW) {
|
||||||
skey_ref = search_my_process_keyrings(&ctx);
|
rcu_read_lock();
|
||||||
|
skey_ref = search_cred_keyrings_rcu(&ctx);
|
||||||
|
rcu_read_unlock();
|
||||||
if (!IS_ERR(skey_ref)) {
|
if (!IS_ERR(skey_ref)) {
|
||||||
key_ref_put(skey_ref);
|
key_ref_put(skey_ref);
|
||||||
key_ref = make_key_ref(key, 1);
|
key_ref = make_key_ref(key, 1);
|
||||||
|
|
|
@ -314,7 +314,8 @@ void key_fsgid_changed(struct cred *new_cred)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Search the process keyrings attached to the supplied cred for the first
|
* Search the process keyrings attached to the supplied cred for the first
|
||||||
* matching key.
|
* matching key under RCU conditions (the caller must be holding the RCU read
|
||||||
|
* lock).
|
||||||
*
|
*
|
||||||
* The search criteria are the type and the match function. The description is
|
* The search criteria are the type and the match function. The description is
|
||||||
* given to the match function as a parameter, but doesn't otherwise influence
|
* given to the match function as a parameter, but doesn't otherwise influence
|
||||||
|
@ -333,7 +334,7 @@ void key_fsgid_changed(struct cred *new_cred)
|
||||||
* In the case of a successful return, the possession attribute is set on the
|
* In the case of a successful return, the possession attribute is set on the
|
||||||
* returned key reference.
|
* returned key reference.
|
||||||
*/
|
*/
|
||||||
key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
|
key_ref_t search_cred_keyrings_rcu(struct keyring_search_context *ctx)
|
||||||
{
|
{
|
||||||
key_ref_t key_ref, ret, err;
|
key_ref_t key_ref, ret, err;
|
||||||
const struct cred *cred = ctx->cred;
|
const struct cred *cred = ctx->cred;
|
||||||
|
@ -351,7 +352,7 @@ key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
|
||||||
|
|
||||||
/* search the thread keyring first */
|
/* search the thread keyring first */
|
||||||
if (cred->thread_keyring) {
|
if (cred->thread_keyring) {
|
||||||
key_ref = keyring_search_aux(
|
key_ref = keyring_search_rcu(
|
||||||
make_key_ref(cred->thread_keyring, 1), ctx);
|
make_key_ref(cred->thread_keyring, 1), ctx);
|
||||||
if (!IS_ERR(key_ref))
|
if (!IS_ERR(key_ref))
|
||||||
goto found;
|
goto found;
|
||||||
|
@ -369,7 +370,7 @@ key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
|
||||||
|
|
||||||
/* search the process keyring second */
|
/* search the process keyring second */
|
||||||
if (cred->process_keyring) {
|
if (cred->process_keyring) {
|
||||||
key_ref = keyring_search_aux(
|
key_ref = keyring_search_rcu(
|
||||||
make_key_ref(cred->process_keyring, 1), ctx);
|
make_key_ref(cred->process_keyring, 1), ctx);
|
||||||
if (!IS_ERR(key_ref))
|
if (!IS_ERR(key_ref))
|
||||||
goto found;
|
goto found;
|
||||||
|
@ -390,7 +391,7 @@ key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
|
||||||
|
|
||||||
/* search the session keyring */
|
/* search the session keyring */
|
||||||
if (cred->session_keyring) {
|
if (cred->session_keyring) {
|
||||||
key_ref = keyring_search_aux(
|
key_ref = keyring_search_rcu(
|
||||||
make_key_ref(cred->session_keyring, 1), ctx);
|
make_key_ref(cred->session_keyring, 1), ctx);
|
||||||
|
|
||||||
if (!IS_ERR(key_ref))
|
if (!IS_ERR(key_ref))
|
||||||
|
@ -411,7 +412,7 @@ key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
|
||||||
}
|
}
|
||||||
/* or search the user-session keyring */
|
/* or search the user-session keyring */
|
||||||
else if (READ_ONCE(cred->user->session_keyring)) {
|
else if (READ_ONCE(cred->user->session_keyring)) {
|
||||||
key_ref = keyring_search_aux(
|
key_ref = keyring_search_rcu(
|
||||||
make_key_ref(READ_ONCE(cred->user->session_keyring), 1),
|
make_key_ref(READ_ONCE(cred->user->session_keyring), 1),
|
||||||
ctx);
|
ctx);
|
||||||
if (!IS_ERR(key_ref))
|
if (!IS_ERR(key_ref))
|
||||||
|
@ -444,16 +445,16 @@ found:
|
||||||
* the keys attached to the assumed authorisation key using its credentials if
|
* the keys attached to the assumed authorisation key using its credentials if
|
||||||
* one is available.
|
* one is available.
|
||||||
*
|
*
|
||||||
* Return same as search_my_process_keyrings().
|
* The caller must be holding the RCU read lock.
|
||||||
|
*
|
||||||
|
* Return same as search_cred_keyrings_rcu().
|
||||||
*/
|
*/
|
||||||
key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
|
key_ref_t search_process_keyrings_rcu(struct keyring_search_context *ctx)
|
||||||
{
|
{
|
||||||
struct request_key_auth *rka;
|
struct request_key_auth *rka;
|
||||||
key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
|
key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
|
||||||
|
|
||||||
might_sleep();
|
key_ref = search_cred_keyrings_rcu(ctx);
|
||||||
|
|
||||||
key_ref = search_my_process_keyrings(ctx);
|
|
||||||
if (!IS_ERR(key_ref))
|
if (!IS_ERR(key_ref))
|
||||||
goto found;
|
goto found;
|
||||||
err = key_ref;
|
err = key_ref;
|
||||||
|
@ -468,24 +469,17 @@ key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
|
||||||
) {
|
) {
|
||||||
const struct cred *cred = ctx->cred;
|
const struct cred *cred = ctx->cred;
|
||||||
|
|
||||||
/* defend against the auth key being revoked */
|
if (key_validate(cred->request_key_auth) == 0) {
|
||||||
down_read(&cred->request_key_auth->sem);
|
|
||||||
|
|
||||||
if (key_validate(ctx->cred->request_key_auth) == 0) {
|
|
||||||
rka = ctx->cred->request_key_auth->payload.data[0];
|
rka = ctx->cred->request_key_auth->payload.data[0];
|
||||||
|
|
||||||
|
//// was search_process_keyrings() [ie. recursive]
|
||||||
ctx->cred = rka->cred;
|
ctx->cred = rka->cred;
|
||||||
key_ref = search_process_keyrings(ctx);
|
key_ref = search_cred_keyrings_rcu(ctx);
|
||||||
ctx->cred = cred;
|
ctx->cred = cred;
|
||||||
|
|
||||||
up_read(&cred->request_key_auth->sem);
|
|
||||||
|
|
||||||
if (!IS_ERR(key_ref))
|
if (!IS_ERR(key_ref))
|
||||||
goto found;
|
goto found;
|
||||||
|
|
||||||
ret = key_ref;
|
ret = key_ref;
|
||||||
} else {
|
|
||||||
up_read(&cred->request_key_auth->sem);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -500,7 +494,6 @@ key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
|
||||||
found:
|
found:
|
||||||
return key_ref;
|
return key_ref;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* See if the key we're looking at is the target key.
|
* See if the key we're looking at is the target key.
|
||||||
*/
|
*/
|
||||||
|
@ -687,7 +680,9 @@ try_again:
|
||||||
ctx.index_key = key->index_key;
|
ctx.index_key = key->index_key;
|
||||||
ctx.match_data.raw_data = key;
|
ctx.match_data.raw_data = key;
|
||||||
kdebug("check possessed");
|
kdebug("check possessed");
|
||||||
skey_ref = search_process_keyrings(&ctx);
|
rcu_read_lock();
|
||||||
|
skey_ref = search_process_keyrings_rcu(&ctx);
|
||||||
|
rcu_read_unlock();
|
||||||
kdebug("possessed=%p", skey_ref);
|
kdebug("possessed=%p", skey_ref);
|
||||||
|
|
||||||
if (!IS_ERR(skey_ref)) {
|
if (!IS_ERR(skey_ref)) {
|
||||||
|
|
|
@ -18,6 +18,31 @@
|
||||||
|
|
||||||
#define key_negative_timeout 60 /* default timeout on a negative key's existence */
|
#define key_negative_timeout 60 /* default timeout on a negative key's existence */
|
||||||
|
|
||||||
|
static struct key *check_cached_key(struct keyring_search_context *ctx)
|
||||||
|
{
|
||||||
|
#ifdef CONFIG_KEYS_REQUEST_CACHE
|
||||||
|
struct key *key = current->cached_requested_key;
|
||||||
|
|
||||||
|
if (key &&
|
||||||
|
ctx->match_data.cmp(key, &ctx->match_data) &&
|
||||||
|
!(key->flags & ((1 << KEY_FLAG_INVALIDATED) |
|
||||||
|
(1 << KEY_FLAG_REVOKED))))
|
||||||
|
return key_get(key);
|
||||||
|
#endif
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void cache_requested_key(struct key *key)
|
||||||
|
{
|
||||||
|
#ifdef CONFIG_KEYS_REQUEST_CACHE
|
||||||
|
struct task_struct *t = current;
|
||||||
|
|
||||||
|
key_put(t->cached_requested_key);
|
||||||
|
t->cached_requested_key = key_get(key);
|
||||||
|
set_tsk_thread_flag(t, TIF_NOTIFY_RESUME);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* complete_request_key - Complete the construction of a key.
|
* complete_request_key - Complete the construction of a key.
|
||||||
* @authkey: The authorisation key.
|
* @authkey: The authorisation key.
|
||||||
|
@ -218,7 +243,7 @@ static int construct_key(struct key *key, const void *callout_info,
|
||||||
/* check that the actor called complete_request_key() prior to
|
/* check that the actor called complete_request_key() prior to
|
||||||
* returning an error */
|
* returning an error */
|
||||||
WARN_ON(ret < 0 &&
|
WARN_ON(ret < 0 &&
|
||||||
!test_bit(KEY_FLAG_REVOKED, &authkey->flags));
|
!test_bit(KEY_FLAG_INVALIDATED, &authkey->flags));
|
||||||
|
|
||||||
key_put(authkey);
|
key_put(authkey);
|
||||||
kleave(" = %d", ret);
|
kleave(" = %d", ret);
|
||||||
|
@ -381,7 +406,9 @@ static int construct_alloc_key(struct keyring_search_context *ctx,
|
||||||
* waited for locks */
|
* waited for locks */
|
||||||
mutex_lock(&key_construction_mutex);
|
mutex_lock(&key_construction_mutex);
|
||||||
|
|
||||||
key_ref = search_process_keyrings(ctx);
|
rcu_read_lock();
|
||||||
|
key_ref = search_process_keyrings_rcu(ctx);
|
||||||
|
rcu_read_unlock();
|
||||||
if (!IS_ERR(key_ref))
|
if (!IS_ERR(key_ref))
|
||||||
goto key_already_present;
|
goto key_already_present;
|
||||||
|
|
||||||
|
@ -556,10 +583,26 @@ struct key *request_key_and_link(struct key_type *type,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
key = check_cached_key(&ctx);
|
||||||
|
if (key)
|
||||||
|
return key;
|
||||||
|
|
||||||
/* search all the process keyrings for a key */
|
/* search all the process keyrings for a key */
|
||||||
key_ref = search_process_keyrings(&ctx);
|
rcu_read_lock();
|
||||||
|
key_ref = search_process_keyrings_rcu(&ctx);
|
||||||
|
rcu_read_unlock();
|
||||||
|
|
||||||
if (!IS_ERR(key_ref)) {
|
if (!IS_ERR(key_ref)) {
|
||||||
|
if (dest_keyring) {
|
||||||
|
ret = key_task_permission(key_ref, current_cred(),
|
||||||
|
KEY_NEED_LINK);
|
||||||
|
if (ret < 0) {
|
||||||
|
key_ref_put(key_ref);
|
||||||
|
key = ERR_PTR(ret);
|
||||||
|
goto error_free;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
key = key_ref_to_ptr(key_ref);
|
key = key_ref_to_ptr(key_ref);
|
||||||
if (dest_keyring) {
|
if (dest_keyring) {
|
||||||
ret = key_link(dest_keyring, key);
|
ret = key_link(dest_keyring, key);
|
||||||
|
@ -569,6 +612,9 @@ struct key *request_key_and_link(struct key_type *type,
|
||||||
goto error_free;
|
goto error_free;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Only cache the key on immediate success */
|
||||||
|
cache_requested_key(key);
|
||||||
} else if (PTR_ERR(key_ref) != -EAGAIN) {
|
} else if (PTR_ERR(key_ref) != -EAGAIN) {
|
||||||
key = ERR_CAST(key_ref);
|
key = ERR_CAST(key_ref);
|
||||||
} else {
|
} else {
|
||||||
|
@ -689,52 +735,51 @@ struct key *request_key_with_auxdata(struct key_type *type,
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(request_key_with_auxdata);
|
EXPORT_SYMBOL(request_key_with_auxdata);
|
||||||
|
|
||||||
/*
|
/**
|
||||||
* request_key_async - Request a key (allow async construction)
|
* request_key_rcu - Request key from RCU-read-locked context
|
||||||
* @type: Type of key.
|
* @type: The type of key we want.
|
||||||
* @description: The searchable description of the key.
|
* @description: The name of the key we want.
|
||||||
* @callout_info: The data to pass to the instantiation upcall (or NULL).
|
|
||||||
* @callout_len: The length of callout_info.
|
|
||||||
*
|
*
|
||||||
* As for request_key_and_link() except that it does not add the returned key
|
* Request a key from a context that we may not sleep in (such as RCU-mode
|
||||||
* to a keyring if found, new keys are always allocated in the user's quota and
|
* pathwalk). Keys under construction are ignored.
|
||||||
* no auxiliary data can be passed.
|
|
||||||
*
|
*
|
||||||
* The caller should call wait_for_key_construction() to wait for the
|
* Return a pointer to the found key if successful, -ENOKEY if we couldn't find
|
||||||
* completion of the returned key if it is still undergoing construction.
|
* a key or some other error if the key found was unsuitable or inaccessible.
|
||||||
*/
|
*/
|
||||||
struct key *request_key_async(struct key_type *type,
|
struct key *request_key_rcu(struct key_type *type, const char *description)
|
||||||
const char *description,
|
|
||||||
const void *callout_info,
|
|
||||||
size_t callout_len)
|
|
||||||
{
|
{
|
||||||
return request_key_and_link(type, description, callout_info,
|
struct keyring_search_context ctx = {
|
||||||
callout_len, NULL, NULL,
|
.index_key.type = type,
|
||||||
KEY_ALLOC_IN_QUOTA);
|
.index_key.description = description,
|
||||||
}
|
.index_key.desc_len = strlen(description),
|
||||||
EXPORT_SYMBOL(request_key_async);
|
.cred = current_cred(),
|
||||||
|
.match_data.cmp = key_default_cmp,
|
||||||
|
.match_data.raw_data = description,
|
||||||
|
.match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
|
||||||
|
.flags = (KEYRING_SEARCH_DO_STATE_CHECK |
|
||||||
|
KEYRING_SEARCH_SKIP_EXPIRED),
|
||||||
|
};
|
||||||
|
struct key *key;
|
||||||
|
key_ref_t key_ref;
|
||||||
|
|
||||||
/*
|
kenter("%s,%s", type->name, description);
|
||||||
* request a key with auxiliary data for the upcaller (allow async construction)
|
|
||||||
* @type: Type of key.
|
key = check_cached_key(&ctx);
|
||||||
* @description: The searchable description of the key.
|
if (key)
|
||||||
* @callout_info: The data to pass to the instantiation upcall (or NULL).
|
return key;
|
||||||
* @callout_len: The length of callout_info.
|
|
||||||
* @aux: Auxiliary data for the upcall.
|
/* search all the process keyrings for a key */
|
||||||
*
|
key_ref = search_process_keyrings_rcu(&ctx);
|
||||||
* As for request_key_and_link() except that it does not add the returned key
|
if (IS_ERR(key_ref)) {
|
||||||
* to a keyring if found and new keys are always allocated in the user's quota.
|
key = ERR_CAST(key_ref);
|
||||||
*
|
if (PTR_ERR(key_ref) == -EAGAIN)
|
||||||
* The caller should call wait_for_key_construction() to wait for the
|
key = ERR_PTR(-ENOKEY);
|
||||||
* completion of the returned key if it is still undergoing construction.
|
} else {
|
||||||
*/
|
key = key_ref_to_ptr(key_ref);
|
||||||
struct key *request_key_async_with_auxdata(struct key_type *type,
|
cache_requested_key(key);
|
||||||
const char *description,
|
}
|
||||||
const void *callout_info,
|
|
||||||
size_t callout_len,
|
kleave(" = %p", key);
|
||||||
void *aux)
|
return key;
|
||||||
{
|
|
||||||
return request_key_and_link(type, description, callout_info,
|
|
||||||
callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA);
|
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(request_key_async_with_auxdata);
|
EXPORT_SYMBOL(request_key_rcu);
|
||||||
|
|
|
@ -54,7 +54,7 @@ static void request_key_auth_free_preparse(struct key_preparsed_payload *prep)
|
||||||
static int request_key_auth_instantiate(struct key *key,
|
static int request_key_auth_instantiate(struct key *key,
|
||||||
struct key_preparsed_payload *prep)
|
struct key_preparsed_payload *prep)
|
||||||
{
|
{
|
||||||
key->payload.data[0] = (struct request_key_auth *)prep->data;
|
rcu_assign_keypointer(key, (struct request_key_auth *)prep->data);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -64,7 +64,7 @@ static int request_key_auth_instantiate(struct key *key,
|
||||||
static void request_key_auth_describe(const struct key *key,
|
static void request_key_auth_describe(const struct key *key,
|
||||||
struct seq_file *m)
|
struct seq_file *m)
|
||||||
{
|
{
|
||||||
struct request_key_auth *rka = get_request_key_auth(key);
|
struct request_key_auth *rka = dereference_key_rcu(key);
|
||||||
|
|
||||||
seq_puts(m, "key:");
|
seq_puts(m, "key:");
|
||||||
seq_puts(m, key->description);
|
seq_puts(m, key->description);
|
||||||
|
@ -79,7 +79,7 @@ static void request_key_auth_describe(const struct key *key,
|
||||||
static long request_key_auth_read(const struct key *key,
|
static long request_key_auth_read(const struct key *key,
|
||||||
char __user *buffer, size_t buflen)
|
char __user *buffer, size_t buflen)
|
||||||
{
|
{
|
||||||
struct request_key_auth *rka = get_request_key_auth(key);
|
struct request_key_auth *rka = dereference_key_locked(key);
|
||||||
size_t datalen;
|
size_t datalen;
|
||||||
long ret;
|
long ret;
|
||||||
|
|
||||||
|
@ -98,23 +98,6 @@ static long request_key_auth_read(const struct key *key,
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
* Handle revocation of an authorisation token key.
|
|
||||||
*
|
|
||||||
* Called with the key sem write-locked.
|
|
||||||
*/
|
|
||||||
static void request_key_auth_revoke(struct key *key)
|
|
||||||
{
|
|
||||||
struct request_key_auth *rka = get_request_key_auth(key);
|
|
||||||
|
|
||||||
kenter("{%d}", key->serial);
|
|
||||||
|
|
||||||
if (rka->cred) {
|
|
||||||
put_cred(rka->cred);
|
|
||||||
rka->cred = NULL;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static void free_request_key_auth(struct request_key_auth *rka)
|
static void free_request_key_auth(struct request_key_auth *rka)
|
||||||
{
|
{
|
||||||
if (!rka)
|
if (!rka)
|
||||||
|
@ -127,16 +110,43 @@ static void free_request_key_auth(struct request_key_auth *rka)
|
||||||
kfree(rka);
|
kfree(rka);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Dispose of the request_key_auth record under RCU conditions
|
||||||
|
*/
|
||||||
|
static void request_key_auth_rcu_disposal(struct rcu_head *rcu)
|
||||||
|
{
|
||||||
|
struct request_key_auth *rka =
|
||||||
|
container_of(rcu, struct request_key_auth, rcu);
|
||||||
|
|
||||||
|
free_request_key_auth(rka);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Handle revocation of an authorisation token key.
|
||||||
|
*
|
||||||
|
* Called with the key sem write-locked.
|
||||||
|
*/
|
||||||
|
static void request_key_auth_revoke(struct key *key)
|
||||||
|
{
|
||||||
|
struct request_key_auth *rka = dereference_key_locked(key);
|
||||||
|
|
||||||
|
kenter("{%d}", key->serial);
|
||||||
|
rcu_assign_keypointer(key, NULL);
|
||||||
|
call_rcu(&rka->rcu, request_key_auth_rcu_disposal);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Destroy an instantiation authorisation token key.
|
* Destroy an instantiation authorisation token key.
|
||||||
*/
|
*/
|
||||||
static void request_key_auth_destroy(struct key *key)
|
static void request_key_auth_destroy(struct key *key)
|
||||||
{
|
{
|
||||||
struct request_key_auth *rka = get_request_key_auth(key);
|
struct request_key_auth *rka = rcu_access_pointer(key->payload.rcu_data0);
|
||||||
|
|
||||||
kenter("{%d}", key->serial);
|
kenter("{%d}", key->serial);
|
||||||
|
if (rka) {
|
||||||
free_request_key_auth(rka);
|
rcu_assign_keypointer(key, NULL);
|
||||||
|
call_rcu(&rka->rcu, request_key_auth_rcu_disposal);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -245,7 +255,9 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id)
|
||||||
|
|
||||||
ctx.index_key.desc_len = sprintf(description, "%x", target_id);
|
ctx.index_key.desc_len = sprintf(description, "%x", target_id);
|
||||||
|
|
||||||
authkey_ref = search_process_keyrings(&ctx);
|
rcu_read_lock();
|
||||||
|
authkey_ref = search_process_keyrings_rcu(&ctx);
|
||||||
|
rcu_read_unlock();
|
||||||
|
|
||||||
if (IS_ERR(authkey_ref)) {
|
if (IS_ERR(authkey_ref)) {
|
||||||
authkey = ERR_CAST(authkey_ref);
|
authkey = ERR_CAST(authkey_ref);
|
||||||
|
|
Loading…
Reference in New Issue