KEYS: Merge the type-specific data with the payload data

Merge the type-specific data with the payload data into one four-word chunk as it seems pointless to keep them separate. Use user_key_payload() for accessing the payloads of overloaded user-defined keys. Signed-off-by: David Howells <dhowells@redhat.com> cc: linux-cifs@vger.kernel.org cc: ecryptfs@vger.kernel.org cc: linux-ext4@vger.kernel.org cc: linux-f2fs-devel@lists.sourceforge.net cc: linux-nfs@vger.kernel.org cc: ceph-devel@vger.kernel.org cc: linux-ima-devel@lists.sourceforge.net
author: David Howells <dhowells@redhat.com> 2015-10-21 09:04:48 -0400
committer: David Howells <dhowells@redhat.com> 2015-10-21 10:18:36 -0400
commit: 146aa8b1453bd8f1ff2304ffb71b4ee0eb9acdcc (patch)
tree: a89ef2cd2e8029b0c09a58739cca0e7e2e68f4db /Documentation
parent: 4adc605edc5f744dcf432241b5996ff6a13d868c (diff)
2 files changed, 39 insertions, 29 deletions
diff --git a/Documentation/crypto/asymmetric-keys.txt b/Documentation/crypto/asymmetric-keys.txt
index b7675904a747..8c07e0ea6bc0 100644
--- a/Documentation/crypto/asymmetric-keys.txt
+++ b/Documentation/crypto/asymmetric-keys.txt
@@ -186,7 +186,7 @@ and looks like the following:
                                        const struct public_key_signature *sig);
        };
-Asymmetric keys point to this with their type_data[0] member.
+Asymmetric keys point to this with their payload[asym_subtype] member.
 The owner and name fields should be set to the owning module and the name of
 the subtype.  Currently, the name is only used for print statements.
@@ -269,8 +269,7 @@ mandatory:
        struct key_preparsed_payload {
                char            *description;
-                void            *type_data[2];
+                void            *payload[4];
-                void            *payload;
                const void      *data;
                size_t          datalen;
                size_t          quotalen;
@@ -283,16 +282,18 @@ mandatory:
     not theirs.
     If the parser is happy with the blob, it should propose a description for
-     the key and attach it to ->description, ->type_data[0] should be set to
+     the key and attach it to ->description, ->payload[asym_subtype] should be
-     point to the subtype to be used, ->payload should be set to point to the
+     set to point to the subtype to be used, ->payload[asym_crypto] should be
-     initialised data for that subtype, ->type_data[1] should point to a hex
+     set to point to the initialised data for that subtype,
-     fingerprint and quotalen should be updated to indicate how much quota this
+     ->payload[asym_key_ids] should point to one or more hex fingerprints and
-     key should account for.
+     quotalen should be updated to indicate how much quota this key should
+     account for.
-     When clearing up, the data attached to ->type_data[1] and ->description
-     will be kfree()'d and the data attached to ->payload will be passed to the
+     When clearing up, the data attached to ->payload[asym_key_ids] and
-     subtype's ->destroy() method to be disposed of.  A module reference for
+     ->description will be kfree()'d and the data attached to
-     the subtype pointed to by ->type_data[0] will be put.
+     ->payload[asm_crypto] will be passed to the subtype's ->destroy() method
+     to be disposed of.  A module reference for the subtype pointed to by
+     ->payload[asym_subtype] will be put.
     If the data format is not recognised, -EBADMSG should be returned.  If it
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index c9e7f4f223a5..8c183873b2b7 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -1049,12 +1049,12 @@ search a specific keyring, so using keyrings in this way is of limited utility.
 NOTES ON ACCESSING PAYLOAD CONTENTS
 ===================================
-The simplest payload is just a number in key->payload.value. In this case,
+The simplest payload is just data stored in key->payload directly.  In this
-there's no need to indulge in RCU or locking when accessing the payload.
+case, there's no need to indulge in RCU or locking when accessing the payload.
-More complex payload contents must be allocated and a pointer to them set in
+More complex payload contents must be allocated and pointers to them set in the
-key->payload.data. One of the following ways must be selected to access the
+key->payload.data[] array.  One of the following ways must be selected to
-data:
+access the data:
 (1) Unmodifiable key type.
@@ -1092,6 +1092,13 @@ data:
     the payload. key->datalen cannot be relied upon to be consistent with the
     payload just dereferenced if the key's semaphore is not held.
+     Note that key->payload.data[0] has a shadow that is marked for __rcu
+     usage.  This is called key->payload.rcu_data0.  The following accessors
+     wrap the RCU calls to this element:
+        rcu_assign_keypointer(struct key *key, void *data);
+        void *rcu_dereference_key(struct key *key);
 ===================
 DEFINING A KEY TYPE
@@ -1143,8 +1150,7 @@ The structure has a number of fields, some of which are mandatory:
        struct key_preparsed_payload {
                char            *description;
-                void            *type_data[2];
+                union key_payload payload;
-                void            *payload;
                const void      *data;
                size_t          datalen;
                size_t          quotalen;
@@ -1160,10 +1166,9 @@ The structure has a number of fields, some of which are mandatory:
     attached as a string to the description field.  This will be used for the
     key description if the caller of add_key() passes NULL or "".
-     The method can attach anything it likes to type_data[] and payload.  These
+     The method can attach anything it likes to payload.  This is merely passed
-     are merely passed along to the instantiate() or update() operations.  If
+     along to the instantiate() or update() operations.  If set, the expiry
-     set, the expiry time will be applied to the key if it is instantiated from
+     time will be applied to the key if it is instantiated from this data.
-     this data.
     The method should return 0 if successful or a negative error code
     otherwise.
@@ -1172,11 +1177,10 @@ The structure has a number of fields, some of which are mandatory:
 (*) void (*free_preparse)(struct key_preparsed_payload *prep);
     This method is only required if the preparse() method is provided,
-     otherwise it is unused.  It cleans up anything attached to the
+     otherwise it is unused.  It cleans up anything attached to the description
-     description, type_data and payload fields of the key_preparsed_payload
+     and payload fields of the key_preparsed_payload struct as filled in by the
-     struct as filled in by the preparse() method.  It will always be called
+     preparse() method.  It will always be called after preparse() returns
-     after preparse() returns successfully, even if instantiate() or update()
+     successfully, even if instantiate() or update() succeed.
-     succeed.
 (*) int (*instantiate)(struct key *key, struct key_preparsed_payload *prep);
@@ -1197,6 +1201,11 @@ The structure has a number of fields, some of which are mandatory:
     It is safe to sleep in this method.
+     generic_key_instantiate() is provided to simply copy the data from
+     prep->payload.data[] to key->payload.data[], with RCU-safe assignment on
+     the first element.  It will then clear prep->payload.data[] so that the
+     free_preparse method doesn't release the data.
 (*) int (*update)(struct key *key, const void *data, size_t datalen);
author	David Howells <dhowells@redhat.com>	2015-10-21 09:04:48 -0400
committer	David Howells <dhowells@redhat.com>	2015-10-21 10:18:36 -0400
commit	146aa8b1453bd8f1ff2304ffb71b4ee0eb9acdcc (patch)
tree	a89ef2cd2e8029b0c09a58739cca0e7e2e68f4db /Documentation
parent	4adc605edc5f744dcf432241b5996ff6a13d868c (diff)

diff --git a/Documentation/crypto/asymmetric-keys.txt b/Documentation/crypto/asymmetric-keys.txt index b7675904a747..8c07e0ea6bc0 100644 --- a/Documentation/crypto/asymmetric-keys.txt +++ b/Documentation/crypto/asymmetric-keys.txt
@@ -186,7 +186,7 @@ and looks like the following:
186	const struct public_key_signature *sig);	186	const struct public_key_signature *sig);
187	};	187	};
188		188
189	Asymmetric keys point to this with their type_data[0] member.	189	Asymmetric keys point to this with their payload[asym_subtype] member.
190		190
191	The owner and name fields should be set to the owning module and the name of	191	The owner and name fields should be set to the owning module and the name of
192	the subtype. Currently, the name is only used for print statements.	192	the subtype. Currently, the name is only used for print statements.
@@ -269,8 +269,7 @@ mandatory:
269		269
270	struct key_preparsed_payload {	270	struct key_preparsed_payload {
271	char *description;	271	char *description;
272	void *type_data[2];	272	void *payload[4];
273	void *payload;
274	const void *data;	273	const void *data;
275	size_t datalen;	274	size_t datalen;
276	size_t quotalen;	275	size_t quotalen;
@@ -283,16 +282,18 @@ mandatory:
283	not theirs.	282	not theirs.
284		283
285	If the parser is happy with the blob, it should propose a description for	284	If the parser is happy with the blob, it should propose a description for
286	the key and attach it to ->description, ->type_data[0] should be set to	285	the key and attach it to ->description, ->payload[asym_subtype] should be
287	point to the subtype to be used, ->payload should be set to point to the	286	set to point to the subtype to be used, ->payload[asym_crypto] should be
288	initialised data for that subtype, ->type_data[1] should point to a hex	287	set to point to the initialised data for that subtype,
289	fingerprint and quotalen should be updated to indicate how much quota this	288	->payload[asym_key_ids] should point to one or more hex fingerprints and
290	key should account for.	289	quotalen should be updated to indicate how much quota this key should
291		290	account for.
292	When clearing up, the data attached to ->type_data[1] and ->description	291
293	will be kfree()'d and the data attached to ->payload will be passed to the	292	When clearing up, the data attached to ->payload[asym_key_ids] and
294	subtype's ->destroy() method to be disposed of. A module reference for	293	->description will be kfree()'d and the data attached to
295	the subtype pointed to by ->type_data[0] will be put.	294	->payload[asm_crypto] will be passed to the subtype's ->destroy() method
		295	to be disposed of. A module reference for the subtype pointed to by
		296	->payload[asym_subtype] will be put.
296		297
297		298
298	If the data format is not recognised, -EBADMSG should be returned. If it	299	If the data format is not recognised, -EBADMSG should be returned. If it


diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt index c9e7f4f223a5..8c183873b2b7 100644 --- a/Documentation/security/keys.txt +++ b/Documentation/security/keys.txt
@@ -1049,12 +1049,12 @@ search a specific keyring, so using keyrings in this way is of limited utility.
1049	NOTES ON ACCESSING PAYLOAD CONTENTS	1049	NOTES ON ACCESSING PAYLOAD CONTENTS
1050	===================================	1050	===================================
1051		1051
1052	The simplest payload is just a number in key->payload.value. In this case,	1052	The simplest payload is just data stored in key->payload directly. In this
1053	there's no need to indulge in RCU or locking when accessing the payload.	1053	case, there's no need to indulge in RCU or locking when accessing the payload.
1054		1054
1055	More complex payload contents must be allocated and a pointer to them set in	1055	More complex payload contents must be allocated and pointers to them set in the
1056	key->payload.data. One of the following ways must be selected to access the	1056	key->payload.data[] array. One of the following ways must be selected to
1057	data:	1057	access the data:
1058		1058
1059	(1) Unmodifiable key type.	1059	(1) Unmodifiable key type.
1060		1060
@@ -1092,6 +1092,13 @@ data:
1092	the payload. key->datalen cannot be relied upon to be consistent with the	1092	the payload. key->datalen cannot be relied upon to be consistent with the
1093	payload just dereferenced if the key's semaphore is not held.	1093	payload just dereferenced if the key's semaphore is not held.
1094		1094
		1095	Note that key->payload.data[0] has a shadow that is marked for __rcu
		1096	usage. This is called key->payload.rcu_data0. The following accessors
		1097	wrap the RCU calls to this element:
		1098
		1099	rcu_assign_keypointer(struct key key, void data);
		1100	void rcu_dereference_key(struct key key);
		1101
1095		1102
1096	===================	1103	===================
1097	DEFINING A KEY TYPE	1104	DEFINING A KEY TYPE
@@ -1143,8 +1150,7 @@ The structure has a number of fields, some of which are mandatory:
1143		1150
1144	struct key_preparsed_payload {	1151	struct key_preparsed_payload {
1145	char *description;	1152	char *description;
1146	void *type_data[2];	1153	union key_payload payload;
1147	void *payload;
1148	const void *data;	1154	const void *data;
1149	size_t datalen;	1155	size_t datalen;
1150	size_t quotalen;	1156	size_t quotalen;
@@ -1160,10 +1166,9 @@ The structure has a number of fields, some of which are mandatory:
1160	attached as a string to the description field. This will be used for the	1166	attached as a string to the description field. This will be used for the
1161	key description if the caller of add_key() passes NULL or "".	1167	key description if the caller of add_key() passes NULL or "".
1162		1168
1163	The method can attach anything it likes to type_data[] and payload. These	1169	The method can attach anything it likes to payload. This is merely passed
1164	are merely passed along to the instantiate() or update() operations. If	1170	along to the instantiate() or update() operations. If set, the expiry
1165	set, the expiry time will be applied to the key if it is instantiated from	1171	time will be applied to the key if it is instantiated from this data.
1166	this data.
1167		1172
1168	The method should return 0 if successful or a negative error code	1173	The method should return 0 if successful or a negative error code
1169	otherwise.	1174	otherwise.
@@ -1172,11 +1177,10 @@ The structure has a number of fields, some of which are mandatory:
1172	() void (free_preparse)(struct key_preparsed_payload *prep);	1177	() void (free_preparse)(struct key_preparsed_payload *prep);
1173		1178
1174	This method is only required if the preparse() method is provided,	1179	This method is only required if the preparse() method is provided,
1175	otherwise it is unused. It cleans up anything attached to the	1180	otherwise it is unused. It cleans up anything attached to the description
1176	description, type_data and payload fields of the key_preparsed_payload	1181	and payload fields of the key_preparsed_payload struct as filled in by the
1177	struct as filled in by the preparse() method. It will always be called	1182	preparse() method. It will always be called after preparse() returns
1178	after preparse() returns successfully, even if instantiate() or update()	1183	successfully, even if instantiate() or update() succeed.
1179	succeed.
1180		1184
1181		1185
1182	() int (instantiate)(struct key key, struct key_preparsed_payload prep);	1186	() int (instantiate)(struct key key, struct key_preparsed_payload prep);
@@ -1197,6 +1201,11 @@ The structure has a number of fields, some of which are mandatory:
1197		1201
1198	It is safe to sleep in this method.	1202	It is safe to sleep in this method.
1199		1203
		1204	generic_key_instantiate() is provided to simply copy the data from
		1205	prep->payload.data[] to key->payload.data[], with RCU-safe assignment on
		1206	the first element. It will then clear prep->payload.data[] so that the
		1207	free_preparse method doesn't release the data.
		1208
1200		1209
1201	() int (update)(struct key key, const void data, size_t datalen);	1210	() int (update)(struct key key, const void data, size_t datalen);
1202		1211