aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-11-24 01:51:27 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2017-11-24 01:51:27 -0500
commitdab0badc8735f4e8bf07bc56bdeefce91d413924 (patch)
tree1b7f175d6bffe4ee6d93d1828a730daccf1d77d0
parent26064dea2dc65c57d44ad37e645ebe47f1c51828 (diff)
parentce44cd8dfc55110fa7423ceb47a8a70dac65fe89 (diff)
Merge branch 'next-keys' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull keys update from James Morris: "There's nothing too controversial here: - Doc fix for keyctl_read(). - time_t -> time64_t replacement. - Set the module licence on things to prevent tainting" * 'next-keys' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: pkcs7: Set the module licence to prevent tainting security: keys: Replace time_t with time64_t for struct key_preparsed_payload security: keys: Replace time_t/timespec with time64_t KEYS: fix in-kernel documentation for keyctl_read()
-rw-r--r--Documentation/security/keys/core.rst10
-rw-r--r--crypto/asymmetric_keys/pkcs7_key_type.c1
-rw-r--r--crypto/asymmetric_keys/pkcs7_parser.c5
-rw-r--r--crypto/asymmetric_keys/public_key.c2
-rw-r--r--crypto/asymmetric_keys/x509_public_key.c1
-rw-r--r--include/linux/key-type.h2
-rw-r--r--include/linux/key.h7
-rw-r--r--security/keys/gc.c20
-rw-r--r--security/keys/internal.h8
-rw-r--r--security/keys/key.c27
-rw-r--r--security/keys/keyring.c20
-rw-r--r--security/keys/permission.c5
-rw-r--r--security/keys/proc.c21
-rw-r--r--security/keys/process_keys.c2
14 files changed, 66 insertions, 65 deletions
diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst
index 1266eeae45f6..9ce7256c6edb 100644
--- a/Documentation/security/keys/core.rst
+++ b/Documentation/security/keys/core.rst
@@ -628,12 +628,12 @@ The keyctl syscall functions are:
628 defined key type will return its data as is. If a key type does not 628 defined key type will return its data as is. If a key type does not
629 implement this function, error EOPNOTSUPP will result. 629 implement this function, error EOPNOTSUPP will result.
630 630
631 As much of the data as can be fitted into the buffer will be copied to 631 If the specified buffer is too small, then the size of the buffer required
632 userspace if the buffer pointer is not NULL. 632 will be returned. Note that in this case, the contents of the buffer may
633 633 have been overwritten in some undefined way.
634 On a successful return, the function will always return the amount of data
635 available rather than the amount copied.
636 634
635 Otherwise, on success, the function will return the amount of data copied
636 into the buffer.
637 637
638 * Instantiate a partially constructed key:: 638 * Instantiate a partially constructed key::
639 639
diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c
index 1063b644efcd..e284d9cb9237 100644
--- a/crypto/asymmetric_keys/pkcs7_key_type.c
+++ b/crypto/asymmetric_keys/pkcs7_key_type.c
@@ -19,6 +19,7 @@
19 19
20MODULE_LICENSE("GPL"); 20MODULE_LICENSE("GPL");
21MODULE_DESCRIPTION("PKCS#7 testing key type"); 21MODULE_DESCRIPTION("PKCS#7 testing key type");
22MODULE_AUTHOR("Red Hat, Inc.");
22 23
23static unsigned pkcs7_usage; 24static unsigned pkcs7_usage;
24module_param_named(usage, pkcs7_usage, uint, S_IWUSR | S_IRUGO); 25module_param_named(usage, pkcs7_usage, uint, S_IWUSR | S_IRUGO);
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
index d140d8bb2c96..c1ca1e86f5c4 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -11,6 +11,7 @@
11 11
12#define pr_fmt(fmt) "PKCS7: "fmt 12#define pr_fmt(fmt) "PKCS7: "fmt
13#include <linux/kernel.h> 13#include <linux/kernel.h>
14#include <linux/module.h>
14#include <linux/export.h> 15#include <linux/export.h>
15#include <linux/slab.h> 16#include <linux/slab.h>
16#include <linux/err.h> 17#include <linux/err.h>
@@ -19,6 +20,10 @@
19#include "pkcs7_parser.h" 20#include "pkcs7_parser.h"
20#include "pkcs7-asn1.h" 21#include "pkcs7-asn1.h"
21 22
23MODULE_DESCRIPTION("PKCS#7 parser");
24MODULE_AUTHOR("Red Hat, Inc.");
25MODULE_LICENSE("GPL");
26
22struct pkcs7_parse_context { 27struct pkcs7_parse_context {
23 struct pkcs7_message *msg; /* Message being constructed */ 28 struct pkcs7_message *msg; /* Message being constructed */
24 struct pkcs7_signed_info *sinfo; /* SignedInfo being constructed */ 29 struct pkcs7_signed_info *sinfo; /* SignedInfo being constructed */
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index d916235d6cf5..bc3035ef27a2 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -22,6 +22,8 @@
22#include <crypto/public_key.h> 22#include <crypto/public_key.h>
23#include <crypto/akcipher.h> 23#include <crypto/akcipher.h>
24 24
25MODULE_DESCRIPTION("In-software asymmetric public-key subtype");
26MODULE_AUTHOR("Red Hat, Inc.");
25MODULE_LICENSE("GPL"); 27MODULE_LICENSE("GPL");
26 28
27/* 29/*
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index eea71dc9686c..c9013582c026 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -275,4 +275,5 @@ module_init(x509_key_init);
275module_exit(x509_key_exit); 275module_exit(x509_key_exit);
276 276
277MODULE_DESCRIPTION("X.509 certificate parser"); 277MODULE_DESCRIPTION("X.509 certificate parser");
278MODULE_AUTHOR("Red Hat, Inc.");
278MODULE_LICENSE("GPL"); 279MODULE_LICENSE("GPL");
diff --git a/include/linux/key-type.h b/include/linux/key-type.h
index 9520fc3c3b9a..05d8fb5a06c4 100644
--- a/include/linux/key-type.h
+++ b/include/linux/key-type.h
@@ -44,7 +44,7 @@ struct key_preparsed_payload {
44 const void *data; /* Raw data */ 44 const void *data; /* Raw data */
45 size_t datalen; /* Raw datalen */ 45 size_t datalen; /* Raw datalen */
46 size_t quotalen; /* Quota length for proposed payload */ 46 size_t quotalen; /* Quota length for proposed payload */
47 time_t expiry; /* Expiry time of key */ 47 time64_t expiry; /* Expiry time of key */
48} __randomize_layout; 48} __randomize_layout;
49 49
50typedef int (*request_key_actor_t)(struct key_construction *key, 50typedef int (*request_key_actor_t)(struct key_construction *key,
diff --git a/include/linux/key.h b/include/linux/key.h
index 8a15cabe928d..e58ee10f6e58 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -24,6 +24,7 @@
24#include <linux/atomic.h> 24#include <linux/atomic.h>
25#include <linux/assoc_array.h> 25#include <linux/assoc_array.h>
26#include <linux/refcount.h> 26#include <linux/refcount.h>
27#include <linux/time64.h>
27 28
28#ifdef __KERNEL__ 29#ifdef __KERNEL__
29#include <linux/uidgid.h> 30#include <linux/uidgid.h>
@@ -162,10 +163,10 @@ struct key {
162 struct key_user *user; /* owner of this key */ 163 struct key_user *user; /* owner of this key */
163 void *security; /* security data for this key */ 164 void *security; /* security data for this key */
164 union { 165 union {
165 time_t expiry; /* time at which key expires (or 0) */ 166 time64_t expiry; /* time at which key expires (or 0) */
166 time_t revoked_at; /* time at which key was revoked */ 167 time64_t revoked_at; /* time at which key was revoked */
167 }; 168 };
168 time_t last_used_at; /* last time used for LRU keyring discard */ 169 time64_t last_used_at; /* last time used for LRU keyring discard */
169 kuid_t uid; 170 kuid_t uid;
170 kgid_t gid; 171 kgid_t gid;
171 key_perm_t perm; /* access permissions */ 172 key_perm_t perm; /* access permissions */
diff --git a/security/keys/gc.c b/security/keys/gc.c
index afb3a9175d76..6713fee893fb 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -32,7 +32,7 @@ DECLARE_WORK(key_gc_work, key_garbage_collector);
32static void key_gc_timer_func(unsigned long); 32static void key_gc_timer_func(unsigned long);
33static DEFINE_TIMER(key_gc_timer, key_gc_timer_func); 33static DEFINE_TIMER(key_gc_timer, key_gc_timer_func);
34 34
35static time_t key_gc_next_run = LONG_MAX; 35static time64_t key_gc_next_run = TIME64_MAX;
36static struct key_type *key_gc_dead_keytype; 36static struct key_type *key_gc_dead_keytype;
37 37
38static unsigned long key_gc_flags; 38static unsigned long key_gc_flags;
@@ -53,12 +53,12 @@ struct key_type key_type_dead = {
53 * Schedule a garbage collection run. 53 * Schedule a garbage collection run.
54 * - time precision isn't particularly important 54 * - time precision isn't particularly important
55 */ 55 */
56void key_schedule_gc(time_t gc_at) 56void key_schedule_gc(time64_t gc_at)
57{ 57{
58 unsigned long expires; 58 unsigned long expires;
59 time_t now = current_kernel_time().tv_sec; 59 time64_t now = ktime_get_real_seconds();
60 60
61 kenter("%ld", gc_at - now); 61 kenter("%lld", gc_at - now);
62 62
63 if (gc_at <= now || test_bit(KEY_GC_REAP_KEYTYPE, &key_gc_flags)) { 63 if (gc_at <= now || test_bit(KEY_GC_REAP_KEYTYPE, &key_gc_flags)) {
64 kdebug("IMMEDIATE"); 64 kdebug("IMMEDIATE");
@@ -87,7 +87,7 @@ void key_schedule_gc_links(void)
87static void key_gc_timer_func(unsigned long data) 87static void key_gc_timer_func(unsigned long data)
88{ 88{
89 kenter(""); 89 kenter("");
90 key_gc_next_run = LONG_MAX; 90 key_gc_next_run = TIME64_MAX;
91 key_schedule_gc_links(); 91 key_schedule_gc_links();
92} 92}
93 93
@@ -184,11 +184,11 @@ static void key_garbage_collector(struct work_struct *work)
184 184
185 struct rb_node *cursor; 185 struct rb_node *cursor;
186 struct key *key; 186 struct key *key;
187 time_t new_timer, limit; 187 time64_t new_timer, limit;
188 188
189 kenter("[%lx,%x]", key_gc_flags, gc_state); 189 kenter("[%lx,%x]", key_gc_flags, gc_state);
190 190
191 limit = current_kernel_time().tv_sec; 191 limit = ktime