diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2015-11-05 18:32:38 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2015-11-05 18:32:38 -0500 |
| commit | 1873499e13648a2dd01a394ed3217c9290921b3d (patch) | |
| tree | 3a662aadb3c02bbce2e9231a90da6e98b54d33d4 /security/keys | |
| parent | 3460b01b12aaf0011cb30f6f502edd05752f70eb (diff) | |
| parent | ba94c3ff20c9c179f2a80f0e4c71e1571ebbf5c7 (diff) | |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem update from James Morris:
"This is mostly maintenance updates across the subsystem, with a
notable update for TPM 2.0, and addition of Jarkko Sakkinen as a
maintainer of that"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (40 commits)
apparmor: clarify CRYPTO dependency
selinux: Use a kmem_cache for allocation struct file_security_struct
selinux: ioctl_has_perm should be static
selinux: use sprintf return value
selinux: use kstrdup() in security_get_bools()
selinux: use kmemdup in security_sid_to_context_core()
selinux: remove pointless cast in selinux_inode_setsecurity()
selinux: introduce security_context_str_to_sid
selinux: do not check open perm on ftruncate call
selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default
KEYS: Merge the type-specific data with the payload data
KEYS: Provide a script to extract a module signature
KEYS: Provide a script to extract the sys cert list from a vmlinux file
keys: Be more consistent in selection of union members used
certs: add .gitignore to stop git nagging about x509_certificate_list
KEYS: use kvfree() in add_key
Smack: limited capability for changing process label
TPM: remove unnecessary little endian conversion
vTPM: support little endian guests
char: Drop owner assignment from i2c_driver
...
Diffstat (limited to 'security/keys')
| -rw-r--r-- | security/keys/big_key.c | 47 | ||||
| -rw-r--r-- | security/keys/encrypted-keys/encrypted.c | 18 | ||||
| -rw-r--r-- | security/keys/encrypted-keys/encrypted.h | 4 | ||||
| -rw-r--r-- | security/keys/encrypted-keys/masterkey_trusted.c | 4 | ||||
| -rw-r--r-- | security/keys/key.c | 20 | ||||
| -rw-r--r-- | security/keys/keyctl.c | 12 | ||||
| -rw-r--r-- | security/keys/keyring.c | 12 | ||||
| -rw-r--r-- | security/keys/process_keys.c | 4 | ||||
| -rw-r--r-- | security/keys/request_key.c | 4 | ||||
| -rw-r--r-- | security/keys/request_key_auth.c | 12 | ||||
| -rw-r--r-- | security/keys/trusted.c | 42 | ||||
| -rw-r--r-- | security/keys/trusted.h | 11 | ||||
| -rw-r--r-- | security/keys/user_defined.c | 14 |
13 files changed, 116 insertions, 88 deletions
diff --git a/security/keys/big_key.c b/security/keys/big_key.c index b6adb94f6d52..907c1522ee46 100644 --- a/security/keys/big_key.c +++ b/security/keys/big_key.c | |||
| @@ -21,6 +21,16 @@ | |||
| 21 | MODULE_LICENSE("GPL"); | 21 | MODULE_LICENSE("GPL"); |
| 22 | 22 | ||
| 23 | /* | 23 | /* |
| 24 | * Layout of key payload words. | ||
| 25 | */ | ||
| 26 | enum { | ||
| 27 | big_key_data, | ||
| 28 | big_key_path, | ||
| 29 | big_key_path_2nd_part, | ||
| 30 | big_key_len, | ||
| 31 | }; | ||
| 32 | |||
| 33 | /* | ||
| 24 | * If the data is under this limit, there's no point creating a shm file to | 34 | * If the data is under this limit, there's no point creating a shm file to |
| 25 | * hold it as the permanently resident metadata for the shmem fs will be at | 35 | * hold it as the permanently resident metadata for the shmem fs will be at |
| 26 | * least as large as the data. | 36 | * least as large as the data. |
| @@ -47,7 +57,7 @@ struct key_type key_type_big_key = { | |||
| 47 | */ | 57 | */ |
| 48 | int big_key_preparse(struct key_preparsed_payload *prep) | 58 | int big_key_preparse(struct key_preparsed_payload *prep) |
| 49 | { | 59 | { |
| 50 | struct path *path = (struct path *)&prep->payload; | 60 | struct path *path = (struct path *)&prep->payload.data[big_key_path]; |
| 51 | struct file *file; | 61 | struct file *file; |
| 52 | ssize_t written; | 62 | ssize_t written; |
| 53 | size_t datalen = prep->datalen; | 63 | size_t datalen = prep->datalen; |
| @@ -60,7 +70,7 @@ int big_key_preparse(struct key_preparsed_payload *prep) | |||
| 60 | /* Set an arbitrary quota */ | 70 | /* Set an arbitrary quota */ |
| 61 | prep->quotalen = 16; | 71 | prep->quotalen = 16; |
| 62 | 72 | ||
| 63 | prep->type_data[1] = (void *)(unsigned long)datalen; | 73 | prep->payload.data[big_key_len] = (void *)(unsigned long)datalen; |
| 64 | 74 | ||
| 65 | if (datalen > BIG_KEY_FILE_THRESHOLD) { | 75 | if (datalen > BIG_KEY_FILE_THRESHOLD) { |
| 66 | /* Create a shmem file to store the data in. This will permit the data | 76 | /* Create a shmem file to store the data in. This will permit the data |
| @@ -94,7 +104,8 @@ int big_key_preparse(struct key_preparsed_payload *prep) | |||
| 94 | if (!data) | 104 | if (!data) |
| 95 | return -ENOMEM; | 105 | return -ENOMEM; |
| 96 | 106 | ||
| 97 | prep->payload[0] = memcpy(data, prep->data, prep->datalen); | 107 | prep->payload.data[big_key_data] = data; |
| 108 | memcpy(data, prep->data, prep->datalen); | ||
| 98 | } | 109 | } |
| 99 | return 0; | 110 | return 0; |
| 100 | 111 | ||
| @@ -110,10 +121,10 @@ error: | |||
| 110 | void big_key_free_preparse(struct key_preparsed_payload *prep) | 121 | void big_key_free_preparse(struct key_preparsed_payload *prep) |
| 111 | { | 122 | { |
| 112 | if (prep->datalen > BIG_KEY_FILE_THRESHOLD) { | 123 | if (prep->datalen > BIG_KEY_FILE_THRESHOLD) { |
| 113 | struct path *path = (struct path *)&prep->payload; | 124 | struct path *path = (struct path *)&prep->payload.data[big_key_path]; |
| 114 | path_put(path); | 125 | path_put(path); |
| 115 | } else { | 126 | } else { |
| 116 | kfree(prep->payload[0]); | 127 | kfree(prep->payload.data[big_key_data]); |
| 117 | } | 128 | } |
| 118 | } | 129 | } |
| 119 | 130 | ||
| @@ -123,11 +134,12 @@ void big_key_free_preparse(struct key_preparsed_payload *prep) | |||
| 123 | */ | 134 | */ |
| 124 | void big_key_revoke(struct key *key) | 135 | void big_key_revoke(struct key *key) |
| 125 | { | 136 | { |
| 126 | struct path *path = (struct path *)&key->payload.data2; | 137 | struct path *path = (struct path *)&key->payload.data[big_key_path]; |
| 127 | 138 | ||
| 128 | /* clear the quota */ | 139 | /* clear the quota */ |
| 129 | key_payload_reserve(key, 0); | 140 | key_payload_reserve(key, 0); |
| 130 | if (key_is_instantiated(key) && key->type_data.x[1] > BIG_KEY_FILE_THRESHOLD) | 141 | if (key_is_instantiated(key) && |
| 142 | (size_t)key->payload.data[big_key_len] > BIG_KEY_FILE_THRESHOLD) | ||
| 131 | vfs_truncate(path, 0); | 143 | vfs_truncate(path, 0); |
| 132 | } | 144 | } |
| 133 | 145 | ||
| @@ -136,14 +148,16 @@ void big_key_revoke(struct key *key) | |||
| 136 | */ | 148 | */ |
| 137 | void big_key_destroy(struct key *key) | 149 | void big_key_destroy(struct key *key) |
| 138 | { | 150 | { |
| 139 | if (key->type_data.x[1] > BIG_KEY_FILE_THRESHOLD) { | 151 | size_t datalen = (size_t)key->payload.data[big_key_len]; |
| 140 | struct path *path = (struct path *)&key->payload.data2; | 152 | |
| 153 | if (datalen) { | ||
| 154 | struct path *path = (struct path *)&key->payload.data[big_key_path]; | ||
| 141 | path_put(path); | 155 | path_put(path); |
| 142 | path->mnt = NULL; | 156 | path->mnt = NULL; |
| 143 | path->dentry = NULL; | 157 | path->dentry = NULL; |
| 144 | } else { | 158 | } else { |
| 145 | kfree(key->payload.data); | 159 | kfree(key->payload.data[big_key_data]); |
| 146 | key->payload.data = NULL; | 160 | key->payload.data[big_key_data] = NULL; |
| 147 | } | 161 | } |
| 148 | } | 162 | } |
| 149 | 163 | ||
| @@ -152,12 +166,12 @@ void big_key_destroy(struct key *key) | |||
| 152 | */ | 166 | */ |
| 153 | void big_key_describe(const struct key *key, struct seq_file *m) | 167 | void big_key_describe(const struct key *key, struct seq_file *m) |
| 154 | { | 168 | { |
| 155 | unsigned long datalen = key->type_data.x[1]; | 169 | size_t datalen = (size_t)key->payload.data[big_key_len]; |
| 156 | 170 | ||
| 157 | seq_puts(m, key->description); | 171 | seq_puts(m, key->description); |
| 158 | 172 | ||
| 159 | if (key_is_instantiated(key)) | 173 | if (key_is_instantiated(key)) |
| 160 | seq_printf(m, ": %lu [%s]", | 174 | seq_printf(m, ": %zu [%s]", |
| 161 | datalen, | 175 | datalen, |
| 162 | datalen > BIG_KEY_FILE_THRESHOLD ? "file" : "buff"); | 176 | datalen > BIG_KEY_FILE_THRESHOLD ? "file" : "buff"); |
| 163 | } | 177 | } |
| @@ -168,14 +182,14 @@ void big_key_describe(const struct key *key, struct seq_file *m) | |||
| 168 | */ | 182 | */ |
| 169 | long big_key_read(const struct key *key, char __user *buffer, size_t buflen) | 183 | long big_key_read(const struct key *key, char __user *buffer, size_t buflen) |
| 170 | { | 184 | { |
| 171 | unsigned long datalen = key->type_data.x[1]; | 185 | size_t datalen = (size_t)key->payload.data[big_key_len]; |
| 172 | long ret; | 186 | long ret; |
| 173 | 187 | ||
| 174 | if (!buffer || buflen < datalen) | 188 | if (!buffer || buflen < datalen) |
| 175 | return datalen; | 189 | return datalen; |
| 176 | 190 | ||
| 177 | if (datalen > BIG_KEY_FILE_THRESHOLD) { | 191 | if (datalen > BIG_KEY_FILE_THRESHOLD) { |
| 178 | struct path *path = (struct path *)&key->payload.data2; | 192 | struct path *path = (struct path *)&key->payload.data[big_key_path]; |
| 179 | struct file *file; | 193 | struct file *file; |
| 180 | loff_t pos; | 194 | loff_t pos; |
| 181 | 195 | ||
| @@ -190,7 +204,8 @@ long big_key_read(const struct key *key, char __user *buffer, size_t buflen) | |||
| 190 | ret = -EIO; | 204 | ret = -EIO; |
| 191 | } else { | 205 | } else { |
| 192 | ret = datalen; | 206 | ret = datalen; |
| 193 | if (copy_to_user(buffer, key->payload.data, datalen) != 0) | 207 | if (copy_to_user(buffer, key->payload.data[big_key_data], |
| 208 | datalen) != 0) | ||
| 194 | ret = -EFAULT; | 209 | ret = -EFAULT; |
| 195 | } | 210 | } |
| 196 | 211 | ||
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c index 7bed4ad7cd76..927db9f35ad6 100644 --- a/security/keys/encrypted-keys/encrypted.c +++ b/security/keys/encrypted-keys/encrypted.c | |||
| @@ -303,10 +303,10 @@ out: | |||
| 303 | * | 303 | * |
| 304 | * Use a user provided key to encrypt/decrypt an encrypted-key. | 304 | * Use a user provided key to encrypt/decrypt an encrypted-key. |
| 305 | */ | 305 | */ |
| 306 | static struct key *request_user_key(const char *master_desc, u8 **master_key, | 306 | static struct key *request_user_key(const char *master_desc, const u8 **master_key, |
| 307 | size_t *master_keylen) | 307 | size_t *master_keylen) |
| 308 | { | 308 | { |
| 309 | struct user_key_payload *upayload; | 309 | const struct user_key_payload *upayload; |
| 310 | struct key *ukey; | 310 | struct key *ukey; |
| 311 | 311 | ||
| 312 | ukey = request_key(&key_type_user, master_desc, NULL); | 312 | ukey = request_key(&key_type_user, master_desc, NULL); |
| @@ -314,7 +314,7 @@ static struct key *request_user_key(const char *master_desc, u8 **master_key, | |||
| 314 | goto error; | 314 | goto error; |
| 315 | 315 | ||
| 316 | down_read(&ukey->sem); | 316 | down_read(&ukey->sem); |
| 317 | upayload = ukey->payload.data; | 317 | upayload = user_key_payload(ukey); |
| 318 | *master_key = upayload->data; | 318 | *master_key = upayload->data; |
| 319 | *master_keylen = upayload->datalen; | 319 | *master_keylen = upayload->datalen; |
| 320 | error: | 320 | error: |
| @@ -426,7 +426,7 @@ static int init_blkcipher_desc(struct blkcipher_desc *desc, const u8 *key, | |||
| 426 | } | 426 | } |
| 427 | 427 | ||
| 428 | static struct key *request_master_key(struct encrypted_key_payload *epayload, | 428 | static struct key *request_master_key(struct encrypted_key_payload *epayload, |
| 429 | u8 **master_key, size_t *master_keylen) | 429 | const u8 **master_key, size_t *master_keylen) |
| 430 | { | 430 | { |
| 431 | struct key *mkey = NULL; | 431 | struct key *mkey = NULL; |
| 432 | 432 | ||
| @@ -653,7 +653,7 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload, | |||
| 653 | { | 653 | { |
| 654 | struct key *mkey; | 654 | struct key *mkey; |
| 655 | u8 derived_key[HASH_SIZE]; | 655 | u8 derived_key[HASH_SIZE]; |
| 656 | u8 *master_key; | 656 | const u8 *master_key; |
| 657 | u8 *hmac; | 657 | u8 *hmac; |
| 658 | const char *hex_encoded_data; | 658 | const char *hex_encoded_data; |
| 659 | unsigned int encrypted_datalen; | 659 | unsigned int encrypted_datalen; |
| @@ -837,7 +837,7 @@ static void encrypted_rcu_free(struct rcu_head *rcu) | |||
| 837 | */ | 837 | */ |
| 838 | static int encrypted_update(struct key *key, struct key_preparsed_payload *prep) | 838 | static int encrypted_update(struct key *key, struct key_preparsed_payload *prep) |
| 839 | { | 839 | { |
| 840 | struct encrypted_key_payload *epayload = key->payload.data; | 840 | struct encrypted_key_payload *epayload = key->payload.data[0]; |
| 841 | struct encrypted_key_payload *new_epayload; | 841 | struct encrypted_key_payload *new_epayload; |
| 842 | char *buf; | 842 | char *buf; |
| 843 | char *new_master_desc = NULL; | 843 | char *new_master_desc = NULL; |
| @@ -896,7 +896,7 @@ static long encrypted_read(const struct key *key, char __user *buffer, | |||
| 896 | { | 896 | { |
| 897 | struct encrypted_key_payload *epayload; | 897 | struct encrypted_key_payload *epayload; |
| 898 | struct key *mkey; | 898 | struct key *mkey; |
| 899 | u8 *master_key; | 899 | const u8 *master_key; |
| 900 | size_t master_keylen; | 900 | size_t master_keylen; |
| 901 | char derived_key[HASH_SIZE]; | 901 | char derived_key[HASH_SIZE]; |
| 902 | char *ascii_buf; | 902 | char *ascii_buf; |
| @@ -957,13 +957,13 @@ out: | |||
| 957 | */ | 957 | */ |
| 958 | static void encrypted_destroy(struct key *key) | 958 | static void encrypted_destroy(struct key *key) |
| 959 | { | 959 | { |
| 960 | struct encrypted_key_payload *epayload = key->payload.data; | 960 | struct encrypted_key_payload *epayload = key->payload.data[0]; |
| 961 | 961 | ||
| 962 | if (!epayload) | 962 | if (!epayload) |
| 963 | return; | 963 | return; |
| 964 | 964 | ||
| 965 | memset(epayload->decrypted_data, 0, epayload->decrypted_datalen); | 965 | memset(epayload->decrypted_data, 0, epayload->decrypted_datalen); |
| 966 | kfree(key->payload.data); | 966 | kfree(key->payload.data[0]); |
| 967 | } | 967 | } |
| 968 | 968 | ||
| 969 | struct key_type key_type_encrypted = { | 969 | struct key_type key_type_encrypted = { |
diff --git a/security/keys/encrypted-keys/encrypted.h b/security/keys/encrypted-keys/encrypted.h index 8136a2d44c63..47802c0de735 100644 --- a/security/keys/encrypted-keys/encrypted.h +++ b/security/keys/encrypted-keys/encrypted.h | |||
| @@ -5,10 +5,10 @@ | |||
| 5 | #if defined(CONFIG_TRUSTED_KEYS) || \ | 5 | #if defined(CONFIG_TRUSTED_KEYS) || \ |
| 6 | (defined(CONFIG_TRUSTED_KEYS_MODULE) && defined(CONFIG_ENCRYPTED_KEYS_MODULE)) | 6 | (defined(CONFIG_TRUSTED_KEYS_MODULE) && defined(CONFIG_ENCRYPTED_KEYS_MODULE)) |
| 7 | extern struct key *request_trusted_key(const char *trusted_desc, | 7 | extern struct key *request_trusted_key(const char *trusted_desc, |
| 8 | u8 **master_key, size_t *master_keylen); | 8 | const u8 **master_key, size_t *master_keylen); |
| 9 | #else | 9 | #else |
| 10 | static inline struct key *request_trusted_key(const char *trusted_desc, | 10 | static inline struct key *request_trusted_key(const char *trusted_desc, |
| 11 | u8 **master_key, | 11 | const u8 **master_key, |
| 12 | size_t *master_keylen) | 12 | size_t *master_keylen) |
| 13 | { | 13 | { |
| 14 | return ERR_PTR(-EOPNOTSUPP); | 14 | return ERR_PTR(-EOPNOTSUPP); |
diff --git a/security/keys/encrypted-keys/masterkey_trusted.c b/security/keys/encrypted-keys/masterkey_trusted.c index 013f7e5d3a2f..b5b4812dbc87 100644 --- a/security/keys/encrypted-keys/masterkey_trusted.c +++ b/security/keys/encrypted-keys/masterkey_trusted.c | |||
| @@ -29,7 +29,7 @@ | |||
| 29 | * data, trusted key type data is not visible decrypted from userspace. | 29 | * data, trusted key type data is not visible decrypted from userspace. |
| 30 | */ | 30 | */ |
| 31 | struct key *request_trusted_key(const char *trusted_desc, | 31 | struct key *request_trusted_key(const char *trusted_desc, |
| 32 | u8 **master_key, size_t *master_keylen) | 32 | const u8 **master_key, size_t *master_keylen) |
| 33 | { | 33 | { |
| 34 | struct trusted_key_payload *tpayload; | 34 | struct trusted_key_payload *tpayload; |
| 35 | struct key *tkey; | 35 | struct key *tkey; |
| @@ -39,7 +39,7 @@ struct key *request_trusted_key(const char *trusted_desc, | |||
| 39 | goto error; | 39 | goto error; |
| 40 | 40 | ||
| 41 | down_read(&tkey->sem); | 41 | down_read(&tkey->sem); |
| 42 | tpayload = tkey->payload.data; | 42 | tpayload = tkey->payload.data[0]; |
| 43 | *master_key = tpayload->key; | 43 | *master_key = tpayload->key; |
| 44 | *master_keylen = tpayload->key_len; | 44 | *master_keylen = tpayload->key_len; |
| 45 | error: | 45 | error: |
diff --git a/security/keys/key.c b/security/keys/key.c index aee2ec5a18fc..ab7997ded725 100644 --- a/security/keys/key.c +++ b/security/keys/key.c | |||
| @@ -278,7 +278,7 @@ struct key *key_alloc(struct key_type *type, const char *desc, | |||
| 278 | 278 | ||
| 279 | key->index_key.desc_len = desclen; | 279 | key->index_key.desc_len = desclen; |
| 280 | key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL); | 280 | key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL); |
| 281 | if (!key->description) | 281 | if (!key->index_key.description) |
| 282 | goto no_memory_3; | 282 | goto no_memory_3; |
| 283 | 283 | ||
| 284 | atomic_set(&key->usage, 1); | 284 | atomic_set(&key->usage, 1); |
| @@ -554,7 +554,7 @@ int key_reject_and_link(struct key *key, | |||
| 554 | if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { | 554 | if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { |
| 555 | /* mark the key as being negatively instantiated */ | 555 | /* mark the key as being negatively instantiated */ |
| 556 | atomic_inc(&key->user->nikeys); | 556 | atomic_inc(&key->user->nikeys); |
| 557 | key->type_data.reject_error = -error; | 557 | key->reject_error = -error; |
| 558 | smp_wmb(); | 558 | smp_wmb(); |
| 559 | set_bit(KEY_FLAG_NEGATIVE, &key->flags); | 559 | set_bit(KEY_FLAG_NEGATIVE, &key->flags); |
| 560 | set_bit(KEY_FLAG_INSTANTIATED, &key->flags); | 560 | set_bit(KEY_FLAG_INSTANTIATED, &key->flags); |
| @@ -1046,14 +1046,14 @@ int generic_key_instantiate(struct key *key, struct key_preparsed_payload *prep) | |||
| 1046 | 1046 | ||
| 1047 | ret = key_payload_reserve(key, prep->quotalen); | 1047 | ret = key_payload_reserve(key, prep->quotalen); |
| 1048 | if (ret == 0) { | 1048 | if (ret == 0) { |
| 1049 | key->type_data.p[0] = prep->type_data[0]; | 1049 | rcu_assign_keypointer(key, prep->payload.data[0]); |
| 1050 | key->type_data.p[1] = prep->type_data[1]; | 1050 | key->payload.data[1] = prep->payload.data[1]; |
| 1051 | rcu_assign_keypointer(key, prep->payload[0]); | 1051 | key->payload.data[2] = prep->payload.data[2]; |
| 1052 | key->payload.data2[1] = prep->payload[1]; | 1052 | key->payload.data[3] = prep->payload.data[3]; |
| 1053 | prep->type_data[0] = NULL; | 1053 | prep->payload.data[0] = NULL; |
| 1054 | prep->type_data[1] = NULL; | 1054 | prep->payload.data[1] = NULL; |
| 1055 | prep->payload[0] = NULL; | 1055 | prep->payload.data[2] = NULL; |
| 1056 | prep->payload[1] = NULL; | 1056 | prep->payload.data[3] = NULL; |
| 1057 | } | 1057 | } |
| 1058 | pr_devel("<==%s() = %d\n", __func__, ret); | 1058 | pr_devel("<==%s() = %d\n", __func__, ret); |
| 1059 | return ret; | 1059 | return ret; |
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 0b9ec78a7a7a..fb111eafcb89 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c | |||
| @@ -67,7 +67,6 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type, | |||
| 67 | char type[32], *description; | 67 | char type[32], *description; |
| 68 | void *payload; | 68 | void *payload; |
| 69 | long ret; | 69 | long ret; |
| 70 | bool vm; | ||
| 71 | 70 | ||
| 72 | ret = -EINVAL; | 71 | ret = -EINVAL; |
| 73 | if (plen > 1024 * 1024 - 1) | 72 | if (plen > 1024 * 1024 - 1) |
| @@ -98,14 +97,12 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type, | |||
| 98 | /* pull the payload in if one was supplied */ | 97 | /* pull the payload in if one was supplied */ |
| 99 | payload = NULL; | 98 | payload = NULL; |
| 100 | 99 | ||
| 101 | vm = false; | ||
| 102 | if (_payload) { | 100 | if (_payload) { |
| 103 | ret = -ENOMEM; | 101 | ret = -ENOMEM; |
| 104 | payload = kmalloc(plen, GFP_KERNEL | __GFP_NOWARN); | 102 | payload = kmalloc(plen, GFP_KERNEL | __GFP_NOWARN); |
| 105 | if (!payload) { | 103 | if (!payload) { |
| 106 | if (plen <= PAGE_SIZE) | 104 | if (plen <= PAGE_SIZE) |
| 107 | goto error2; | 105 | goto error2; |
| 108 | vm = true; | ||
| 109 | payload = vmalloc(plen); | 106 | payload = vmalloc(plen); |
| 110 | if (!payload) | 107 | if (!payload) |
| 111 | goto error2; | 108 | goto error2; |
| @@ -138,10 +135,7 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type, | |||
| 138 | 135 | ||
| 139 | key_ref_put(keyring_ref); | 136 | key_ref_put(keyring_ref); |
| 140 | error3: | 137 | error3: |
| 141 | if (!vm) | 138 | kvfree(payload); |
| 142 | kfree(payload); | ||
| 143 | else | ||
| 144 | vfree(payload); | ||
| 145 | error2: | 139 | error2: |
| 146 | kfree(description); | 140 | kfree(description); |
| 147 | error: | 141 | error: |
| @@ -1033,7 +1027,7 @@ long keyctl_instantiate_key_common(key_serial_t id, | |||
| 1033 | if (!instkey) | 1027 | if (!instkey) |
| 1034 | goto error; | 1028 | goto error; |
| 1035 | 1029 | ||
| 1036 | rka = instkey->payload.data; | 1030 | rka = instkey->payload.data[0]; |
| 1037 | if (rka->target_key->serial != id) | 1031 | if (rka->target_key->serial != id) |
| 1038 | goto error; | 1032 | goto error; |
| 1039 | 1033 | ||
| @@ -1200,7 +1194,7 @@ long keyctl_reject_key(key_serial_t id, unsigned timeout, unsigned error, | |||
| 1200 | if (!instkey) | 1194 | if (!instkey) |
| 1201 | goto error; | 1195 | goto error; |
| 1202 | 1196 | ||
| 1203 | rka = instkey->payload.data; | 1197 | rka = instkey->payload.data[0]; |
| 1204 | if (rka->target_key->serial != id) | 1198 | if (rka->target_key->serial != id) |
| 1205 | goto error; | 1199 | goto error; |
| 1206 | 1200 | ||
diff --git a/security/keys/keyring.c b/security/keys/keyring.c index d33437007ad2..f931ccfeefb0 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c | |||
| @@ -118,7 +118,7 @@ static void keyring_publish_name(struct key *keyring) | |||
| 118 | if (!keyring_name_hash[bucket].next) | 118 | if (!keyring_name_hash[bucket].next) |
| 119 | INIT_LIST_HEAD(&keyring_name_hash[bucket]); | 119 | INIT_LIST_HEAD(&keyring_name_hash[bucket]); |
| 120 | 120 | ||
| 121 | list_add_tail(&keyring->type_data.link, | 121 | list_add_tail(&keyring->name_link, |
| 122 | &keyring_name_hash[bucket]); | 122 | &keyring_name_hash[bucket]); |
| 123 | 123 | ||
| 124 | write_unlock(&keyring_name_lock); | 124 | write_unlock(&keyring_name_lock); |
| @@ -387,9 +387,9 @@ static void keyring_destroy(struct key *keyring) | |||
| 387 | if (keyring->description) { | 387 | if (keyring->description) { |
| 388 | write_lock(&keyring_name_lock); | 388 | write_lock(&keyring_name_lock); |
| 389 | 389 | ||
| 390 | if (keyring->type_data.link.next != NULL && | 390 | if (keyring->name_link.next != NULL && |
| 391 | !list_empty(&keyring->type_data.link)) | 391 | !list_empty(&keyring->name_link)) |
| 392 | list_del(&keyring->type_data.link); | 392 | list_del(&keyring->name_link); |
| 393 | 393 | ||
| 394 | write_unlock(&keyring_name_lock); | 394 | write_unlock(&keyring_name_lock); |
| 395 | } | 395 | } |
| @@ -572,7 +572,7 @@ static int keyring_search_iterator(const void *object, void *iterator_data) | |||
| 572 | /* we set a different error code if we pass a negative key */ | 572 | /* we set a different error code if we pass a negative key */ |
| 573 | if (kflags & (1 << KEY_FLAG_NEGATIVE)) { | 573 | if (kflags & (1 << KEY_FLAG_NEGATIVE)) { |
| 574 | smp_rmb(); | 574 | smp_rmb(); |
| 575 | ctx->result = ERR_PTR(key->type_data.reject_error); | 575 | ctx->result = ERR_PTR(key->reject_error); |
| 576 | kleave(" = %d [neg]", ctx->skipped_ret); | 576 | kleave(" = %d [neg]", ctx->skipped_ret); |
| 577 | goto skipped; | 577 | goto skipped; |
| 578 | } | 578 | } |
| @@ -990,7 +990,7 @@ struct key *find_keyring_by_name(const char *name, bool skip_perm_check) | |||
| 990 | * that's readable and that hasn't been revoked */ | 990 | * that's readable and that hasn't been revoked */ |
| 991 | list_for_each_entry(keyring, | 991 | list_for_each_entry(keyring, |
| 992 | &keyring_name_hash[bucket], | 992 | &keyring_name_hash[bucket], |
| 993 | type_data.link | 993 | name_link |
| 994 | ) { | 994 | ) { |
| 995 | if (!kuid_has_mapping(current_user_ns(), keyring->user->uid)) | 995 | if (!kuid_has_mapping(current_user_ns(), keyring->user->uid)) |
| 996 | continue; | 996 | continue; |
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 43b4cddbf2b3..a3f85d2a00bb 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c | |||
| @@ -457,7 +457,7 @@ key_ref_t search_process_keyrings(struct keyring_search_context *ctx) | |||
| 457 | down_read(&cred->request_key_auth->sem); | 457 | down_read(&cred->request_key_auth->sem); |
| 458 | 458 | ||
| 459 | if (key_validate(ctx->cred->request_key_auth) == 0) { | 459 | if (key_validate(ctx->cred->request_key_auth) == 0) { |
| 460 | rka = ctx->cred->request_key_auth->payload.data; | 460 | rka = ctx->cred->request_key_auth->payload.data[0]; |
| 461 | 461 | ||
| 462 | ctx->cred = rka->cred; | 462 | ctx->cred = rka->cred; |
| 463 | key_ref = search_process_keyrings(ctx); | 463 | key_ref = search_process_keyrings(ctx); |
| @@ -647,7 +647,7 @@ try_again: | |||
| 647 | key_ref = ERR_PTR(-EKEYREVOKED); | 647 | key_ref = ERR_PTR(-EKEYREVOKED); |
| 648 | key = NULL; | 648 | key = NULL; |
| 649 | } else { | 649 | } else { |
| 650 | rka = ctx.cred->request_key_auth->payload.data; | 650 | rka = ctx.cred->request_key_auth->payload.data[0]; |
| 651 | key = rka->dest_keyring; | 651 | key = rka->dest_keyring; |
| 652 | __key_get(key); | 652 | __key_get(key); |
| 653 | } | 653 | } |
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 0d6253124278..c7a117c9a8f3 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
| @@ -271,7 +271,7 @@ static void construct_get_dest_keyring(struct key **_dest_keyring) | |||
| 271 | if (cred->request_key_auth) { | 271 | if (cred->request_key_auth) { |
| 272 | authkey = cred->request_key_auth; | 272 | authkey = cred->request_key_auth; |
| 273 | down_read(&authkey->sem); | 273 | down_read(&authkey->sem); |
| 274 | rka = authkey->payload.data; | 274 | rka = authkey->payload.data[0]; |
| 275 | if (!test_bit(KEY_FLAG_REVOKED, | 275 | if (!test_bit(KEY_FLAG_REVOKED, |
| 276 | &authkey->flags)) | 276 | &authkey->flags)) |
| 277 | dest_keyring = | 277 | dest_keyring = |
| @@ -596,7 +596,7 @@ int wait_for_key_construction(struct key *key, bool intr) | |||
| 596 | return -ERESTARTSYS; | 596 | return -ERESTARTSYS; |
| 597 | if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) { | 597 | if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) { |
| 598 | smp_rmb(); | 598 | smp_rmb(); |
| 599 | return key->type_data.reject_error; | 599 | return key->reject_error; |
| 600 | } | 600 | } |
| 601 | return key_validate(key); | 601 | return key_validate(key); |
| 602 | } | 602 | } |
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index 5d672f7580dd..4f0f112fe276 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c | |||
| @@ -59,7 +59,7 @@ static void request_key_auth_free_preparse(struct key_preparsed_payload *prep) | |||
| 59 | static int request_key_auth_instantiate(struct key *key, | 59 | static int request_key_auth_instantiate(struct key *key, |
| 60 | struct key_preparsed_payload *prep) | 60 | struct key_preparsed_payload *prep) |
| 61 | { | 61 | { |
| 62 | key->payload.data = (struct request_key_auth *)prep->data; | 62 | key->payload.data[0] = (struct request_key_auth *)prep->data; |
| 63 | return 0; | 63 | return 0; |
| 64 | } | 64 | } |
| 65 | 65 | ||
| @@ -69,7 +69,7 @@ static int request_key_auth_instantiate(struct key *key, | |||
| 69 | static void request_key_auth_describe(const struct key *key, | 69 | static void request_key_auth_describe(const struct key *key, |
| 70 | struct seq_file *m) | 70 | struct seq_file *m) |
| 71 | { | 71 | { |
| 72 | struct request_key_auth *rka = key->payload.data; | 72 | struct request_key_auth *rka = key->payload.data[0]; |
| 73 | 73 | ||
| 74 | seq_puts(m, "key:"); | 74 | seq_puts(m, "key:"); |
| 75 | seq_puts(m, key->description); | 75 | seq_puts(m, key->description); |
| @@ -84,7 +84,7 @@ static void request_key_auth_describe(const struct key *key, | |||
| 84 | static long request_key_auth_read(const struct key *key, | 84 | static long request_key_auth_read(const struct key *key, |
| 85 | char __user *buffer, size_t buflen) | 85 | char __user *buffer, size_t buflen) |
| 86 | { | 86 | { |
| 87 | struct request_key_auth *rka = key->payload.data; | 87 | struct request_key_auth *rka = key->payload.data[0]; |
| 88 | size_t datalen; | 88 | size_t datalen; |
| 89 | long ret; | 89 | long ret; |
| 90 | 90 | ||
| @@ -110,7 +110,7 @@ static long request_key_auth_read(const struct key *key, | |||
| 110 | */ | 110 | */ |
| 111 | static void request_key_auth_revoke(struct key *key) | 111 | static void request_key_auth_revoke(struct key *key) |
| 112 | { | 112 | { |
| 113 | struct request_key_auth *rka = key->payload.data; | 113 | struct request_key_auth *rka = key->payload.data[0]; |
| 114 | 114 | ||
| 115 | kenter("{%d}", key->serial); | 115 | kenter("{%d}", key->serial); |
| 116 | 116 | ||
| @@ -125,7 +125,7 @@ static void request_key_auth_revoke(struct key *key) | |||
| 125 | */ | 125 | */ |
| 126 | static void request_key_auth_destroy(struct key *key) | 126 | static void request_key_auth_destroy(struct key *key) |
| 127 | { | 127 | { |
| 128 | struct request_key_auth *rka = key->payload.data; | 128 | struct request_key_auth *rka = key->payload.data[0]; |
| 129 | 129 | ||
| 130 | kenter("{%d}", key->serial); | 130 | kenter("{%d}", key->serial); |
| 131 | 131 | ||
| @@ -179,7 +179,7 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info, | |||
| 179 | if (test_bit(KEY_FLAG_REVOKED, &cred->request_key_auth->flags)) | 179 | if (test_bit(KEY_FLAG_REVOKED, &cred->request_key_auth->flags)) |
| 180 | goto auth_key_revoked; | 180 | goto auth_key_revoked; |
| 181 | 181 | ||
| 182 | irka = cred->request_key_auth->payload.data; | 182 | irka = cred->request_key_auth->payload.data[0]; |
| 183 | rka->cred = get_cred(irka->cred); | 183 | rka->cred = get_cred(irka->cred); |
| 184 | rka->pid = irka->pid; | 184 | rka->pid = irka->pid; |
| 185 | 185 | ||
diff --git a/security/keys/trusted.c b/security/keys/trusted.c index c0594cb07ada..903dace648a1 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted.c | |||
| @@ -862,12 +862,19 @@ static int datablob_parse(char *datablob, struct trusted_key_payload *p, | |||
| 862 | static struct trusted_key_options *trusted_options_alloc(void) | 862 | static struct trusted_key_options *trusted_options_alloc(void) |
| 863 | { | 863 | { |
| 864 | struct trusted_key_options *options; | 864 | struct trusted_key_options *options; |
| 865 | int tpm2; | ||
| 866 | |||
| 867 | tpm2 = tpm_is_tpm2(TPM_ANY_NUM); | ||
| 868 | if (tpm2 < 0) | ||
| 869 | return NULL; | ||
| 865 | 870 | ||
| 866 | options = kzalloc(sizeof *options, GFP_KERNEL); | 871 | options = kzalloc(sizeof *options, GFP_KERNEL); |
| 867 | if (options) { | 872 | if (options) { |
| 868 | /* set any non-zero defaults */ | 873 | /* set any non-zero defaults */ |
| 869 | options->keytype = SRK_keytype; | 874 | options->keytype = SRK_keytype; |
| 870 | options->keyhandle = SRKHANDLE; | 875 | |
| 876 | if (!tpm2) | ||
| 877 | options->keyhandle = SRKHANDLE; | ||
| 871 | } | 878 | } |
| 872 | return options; | 879 | return options; |
| 873 | } | 880 | } |
| @@ -905,6 +912,11 @@ static int trusted_instantiate(struct key *key, | |||
| 905 | int ret = 0; | 912 | int ret = 0; |
| 906 | int key_cmd; | 913 | int key_cmd; |
| 907 | size_t key_len; | 914 | size_t key_len; |
| 915 | int tpm2; | ||
| 916 | |||
| 917 | tpm2 = tpm_is_tpm2(TPM_ANY_NUM); | ||
| 918 | if (tpm2 < 0) | ||
| 919 | return tpm2; | ||
| 908 | 920 | ||
| 909 | if (datalen <= 0 || datalen > 32767 || !prep->data) | 921 | if (datalen <= 0 || datalen > 32767 || !prep->data) |
| 910 | return -EINVAL; | 922 | return -EINVAL; |
| @@ -932,12 +944,20 @@ static int trusted_instantiate(struct key *key, | |||
| 932 | goto out; | 944 | goto out; |
| 933 | } | 945 | } |
| 934 | 946 | ||
| 947 | if (!options->keyhandle) { | ||
| 948 | ret = -EINVAL; | ||
| 949 | goto out; | ||
| 950 | } | ||
| 951 | |||
| 935 | dump_payload(payload); | 952 | dump_payload(payload); |
| 936 | dump_options(options); | 953 | dump_options(options); |
| 937 | 954 | ||
| 938 | switch (key_cmd) { | 955 | switch (key_cmd) { |
| 939 | case Opt_load: | 956 | case Opt_load: |
| 940 | ret = key_unseal(payload, options); | 957 | if (tpm2) |
| 958 | ret = tpm_unseal_trusted(TPM_ANY_NUM, payload, options); | ||
| 959 | else | ||
| 960 | ret = key_unseal(payload, options); | ||
| 941 | dump_payload(payload); | 961 | dump_payload(payload); |
| 942 | dump_options(options); | 962 | dump_options(options); |
| 943 | if (ret < 0) | 963 | if (ret < 0) |
| @@ -950,7 +970,10 @@ static int trusted_instantiate(struct key *key, | |||
| 950 | pr_info("trusted_key: key_create failed (%d)\n", ret); | 970 | pr_info("trusted_key: key_create failed (%d)\n", ret); |
| 951 | goto out; | 971 | goto out; |
| 952 | } | 972 | } |
| 953 | ret = key_seal(payload, options); | 973 | if (tpm2) |
| 974 | ret = tpm_seal_trusted(TPM_ANY_NUM, payload, options); | ||
| 975 | else | ||
| 976 | ret = key_seal(payload, options); | ||
| 954 | if (ret < 0) | 977 | if (ret < 0) |
| 955 | pr_info("trusted_key: key_seal failed (%d)\n", ret); | 978 | pr_info("trusted_key: key_seal failed (%d)\n", ret); |
| 956 | break; | 979 | break; |
| @@ -984,7 +1007,7 @@ static void trusted_rcu_free(struct rcu_head *rcu) | |||
| 984 | */ | 1007 | */ |
| 985 | static int trusted_update(struct key *key, struct key_preparsed_payload *prep) | 1008 | static int trusted_update(struct key *key, struct key_preparsed_payload *prep) |
| 986 | { | 1009 | { |
| 987 | struct trusted_key_payload *p = key->payload.data; | 1010 | struct trusted_key_payload *p = key->payload.data[0]; |
| 988 | struct trusted_key_payload *new_p; | 1011 | struct trusted_key_payload *new_p; |
| 989 | struct trusted_key_options *new_o; | 1012 | struct trusted_key_options *new_o; |
| 990 | size_t datalen = prep->datalen; | 1013 | size_t datalen = prep->datalen; |
| @@ -1018,6 +1041,13 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep) | |||
| 1018 | kfree(new_p); | 1041 | kfree(new_p); |
| 1019 | goto out; | 1042 | goto out; |
| 1020 | } | 1043 | } |
| 1044 | |||
| 1045 | if (!new_o->keyhandle) { | ||
| 1046 | ret = -EINVAL; | ||
| 1047 | kfree(new_p); | ||
| 1048 | goto out; | ||
| 1049 | } | ||
| 1050 | |||
| 1021 | /* copy old key values, and reseal with new pcrs */ | 1051 | /* copy old key values, and reseal with new pcrs */ |
| 1022 | new_p->migratable = p->migratable; | 1052 | new_p->migratable = p->migratable; |
| 1023 | new_p->key_len = p->key_len; | 1053 | new_p->key_len = p->key_len; |
| @@ -1084,12 +1114,12 @@ static long trusted_read(const struct key *key, char __user *buffer, | |||
| 1084 | */ | 1114 | */ |
| 1085 | static void trusted_destroy(struct key *key) | 1115 | static void trusted_destroy(struct key *key) |
| 1086 | { | 1116 | { |
| 1087 | struct trusted_key_payload *p = key->payload.data; | 1117 | struct trusted_key_payload *p = key->payload.data[0]; |
| 1088 | 1118 | ||
| 1089 | if (!p) | 1119 | if (!p) |
| 1090 | return; | 1120 | return; |
| 1091 | memset(p->key, 0, p->key_len); | 1121 | memset(p->key, 0, p->key_len); |
| 1092 | kfree(key->payload.data); | 1122 | kfree(key->payload.data[0]); |
| 1093 | } | 1123 | } |
| 1094 | 1124 | ||
| 1095 | struct key_type key_type_trusted = { | 1125 | struct key_type key_type_trusted = { |
diff --git a/security/keys/trusted.h b/security/keys/trusted.h index 3249fbd2b653..ff001a5dcb24 100644 --- a/security/keys/trusted.h +++ b/security/keys/trusted.h | |||
| @@ -2,7 +2,6 @@ | |||
| 2 | #define __TRUSTED_KEY_H | 2 | #define __TRUSTED_KEY_H |
| 3 | 3 | ||
| 4 | /* implementation specific TPM constants */ | 4 | /* implementation specific TPM constants */ |
| 5 | #define MAX_PCRINFO_SIZE 64 | ||
| 6 | #define MAX_BUF_SIZE 512 | 5 | #define MAX_BUF_SIZE 512 |
| 7 | #define TPM_GETRANDOM_SIZE 14 | 6 | #define TPM_GETRANDOM_SIZE 14 |
| 8 | #define TPM_OSAP_SIZE 36 | 7 | #define TPM_OSAP_SIZE 36 |
| @@ -36,16 +35,6 @@ enum { | |||
| 36 | SRK_keytype = 4 | 35 | SRK_keytype = 4 |
| 37 | }; | 36 | }; |
| 38 | 37 | ||
| 39 | struct trusted_key_options { | ||
| 40 | uint16_t keytype; | ||
| 41 | uint32_t keyhandle; | ||
| 42 | unsigned char keyauth[SHA1_DIGEST_SIZE]; | ||
| 43 | unsigned char blobauth[SHA1_DIGEST_SIZE]; | ||
| 44 | uint32_t pcrinfo_len; | ||
| 45 | unsigned char pcrinfo[MAX_PCRINFO_SIZE]; | ||
| 46 | int pcrlock; | ||
| 47 | }; | ||
| 48 | |||
| 49 | #define TPM_DEBUG 0 | 38 | #define TPM_DEBUG 0 |
| 50 | 39 | ||
| 51 | #if TPM_DEBUG | 40 | #if TPM_DEBUG |
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c index 36b47bbd3d8c..28cb30f80256 100644 --- a/security/keys/user_defined.c +++ b/security/keys/user_defined.c | |||
| @@ -74,7 +74,7 @@ int user_preparse(struct key_preparsed_payload *prep) | |||
| 74 | 74 | ||
| 75 | /* attach the data */ | 75 | /* attach the data */ |
| 76 | prep->quotalen = datalen; | 76 | prep->quotalen = datalen; |
| 77 | prep->payload[0] = upayload; | 77 | prep->payload.data[0] = upayload; |
| 78 | upayload->datalen = datalen; | 78 | upayload->datalen = datalen; |
| 79 | memcpy(upayload->data, prep->data, datalen); | 79 | memcpy(upayload->data, prep->data, datalen); |
| 80 | return 0; | 80 | return 0; |
| @@ -86,7 +86,7 @@ EXPORT_SYMBOL_GPL(user_preparse); | |||
| 86 | */ | 86 | */ |
| 87 | void user_free_preparse(struct key_preparsed_payload *prep) | 87 | void user_free_preparse(struct key_preparsed_payload *prep) |
| 88 | { | 88 | { |
| 89 | kfree(prep->payload[0]); | 89 | kfree(prep->payload.data[0]); |
| 90 | } | 90 | } |
| 91 | EXPORT_SYMBOL_GPL(user_free_preparse); | 91 | EXPORT_SYMBOL_GPL(user_free_preparse); |
| 92 | 92 | ||
| @@ -120,7 +120,7 @@ int user_update(struct key *key, struct key_preparsed_payload *prep) | |||
| 120 | 120 | ||
| 121 | if (ret == 0) { | 121 | if (ret == 0) { |
| 122 | /* attach the new data, displacing the old */ | 122 | /* attach the new data, displacing the old */ |
| 123 | zap = key->payload.data; | 123 | zap = key->payload.data[0]; |
| 124 | rcu_assign_keypointer(key, upayload); | 124 | rcu_assign_keypointer(key, upayload); |
| 125 | key->expiry = 0; | 125 | key->expiry = 0; |
| 126 | } | 126 | } |
| @@ -140,7 +140,7 @@ EXPORT_SYMBOL_GPL(user_update); | |||
| 140 | */ | 140 | */ |
| 141 | void user_revoke(struct key *key) | 141 | void user_revoke(struct key *key) |
| 142 | { | 142 | { |
| 143 | struct user_key_payload *upayload = key->payload.data; | 143 | struct user_key_payload *upayload = key->payload.data[0]; |
| 144 | 144 | ||
| 145 | /* clear the quota */ | 145 | /* clear the quota */ |
| 146 | key_payload_reserve(key, 0); | 146 | key_payload_reserve(key, 0); |
| @@ -158,7 +158,7 @@ EXPORT_SYMBOL(user_revoke); | |||
| 158 | */ | 158 | */ |
| 159 | void user_destroy(struct key *key) | 159 | void user_destroy(struct key *key) |
| 160 | { | 160 | { |
| 161 | struct user_key_payload *upayload = key->payload.data; | 161 | struct user_key_payload *upayload = key->payload.data[0]; |
| 162 | 162 | ||
| 163 | kfree(upayload); | 163 | kfree(upayload); |
| 164 | } | 164 | } |
| @@ -183,10 +183,10 @@ EXPORT_SYMBOL_GPL(user_describe); | |||
| 183 | */ | 183 | */ |
| 184 | long user_read(const struct key *key, char __user *buffer, size_t buflen) | 184 | long user_read(const struct key *key, char __user *buffer, size_t buflen) |
| 185 | { | 185 | { |
| 186 | struct user_key_payload *upayload; | 186 | const struct user_key_payload *upayload; |
| 187 | long ret; | 187 | long ret; |
| 188 | 188 | ||
| 189 | upayload = rcu_dereference_key(key); | 189 | upayload = user_key_payload(key); |
| 190 | ret = upayload->datalen; | 190 | ret = upayload->datalen; |
| 191 | 191 | ||
| 192 | /* we can return the data as is */ | 192 | /* we can return the data as is */ |