diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-11-24 01:51:27 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-11-24 01:51:27 -0500 |
| commit | dab0badc8735f4e8bf07bc56bdeefce91d413924 (patch) | |
| tree | 1b7f175d6bffe4ee6d93d1828a730daccf1d77d0 | |
| parent | 26064dea2dc65c57d44ad37e645ebe47f1c51828 (diff) | |
| parent | ce44cd8dfc55110fa7423ceb47a8a70dac65fe89 (diff) | |
Merge branch 'next-keys' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull keys update from James Morris:
"There's nothing too controversial here:
- Doc fix for keyctl_read().
- time_t -> time64_t replacement.
- Set the module licence on things to prevent tainting"
* 'next-keys' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
pkcs7: Set the module licence to prevent tainting
security: keys: Replace time_t with time64_t for struct key_preparsed_payload
security: keys: Replace time_t/timespec with time64_t
KEYS: fix in-kernel documentation for keyctl_read()
| -rw-r--r-- | Documentation/security/keys/core.rst | 10 | ||||
| -rw-r--r-- | crypto/asymmetric_keys/pkcs7_key_type.c | 1 | ||||
| -rw-r--r-- | crypto/asymmetric_keys/pkcs7_parser.c | 5 | ||||
| -rw-r--r-- | crypto/asymmetric_keys/public_key.c | 2 | ||||
| -rw-r--r-- | crypto/asymmetric_keys/x509_public_key.c | 1 | ||||
| -rw-r--r-- | include/linux/key-type.h | 2 | ||||
| -rw-r--r-- | include/linux/key.h | 7 | ||||
| -rw-r--r-- | security/keys/gc.c | 20 | ||||
| -rw-r--r-- | security/keys/internal.h | 8 | ||||
| -rw-r--r-- | security/keys/key.c | 27 | ||||
| -rw-r--r-- | security/keys/keyring.c | 20 | ||||
| -rw-r--r-- | security/keys/permission.c | 5 | ||||
| -rw-r--r-- | security/keys/proc.c | 21 | ||||
| -rw-r--r-- | security/keys/process_keys.c | 2 |
14 files changed, 66 insertions, 65 deletions
diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst index 1266eeae45f6..9ce7256c6edb 100644 --- a/Documentation/security/keys/core.rst +++ b/Documentation/security/keys/core.rst | |||
| @@ -628,12 +628,12 @@ The keyctl syscall functions are: | |||
| 628 | defined key type will return its data as is. If a key type does not | 628 | defined key type will return its data as is. If a key type does not |
| 629 | implement this function, error EOPNOTSUPP will result. | 629 | implement this function, error EOPNOTSUPP will result. |
| 630 | 630 | ||
| 631 | As much of the data as can be fitted into the buffer will be copied to | 631 | If the specified buffer is too small, then the size of the buffer required |
| 632 | userspace if the buffer pointer is not NULL. | 632 | will be returned. Note that in this case, the contents of the buffer may |
| 633 | 633 | have been overwritten in some undefined way. | |
| 634 | On a successful return, the function will always return the amount of data | ||
| 635 | available rather than the amount copied. | ||
| 636 | 634 | ||
| 635 | Otherwise, on success, the function will return the amount of data copied | ||
| 636 | into the buffer. | ||
| 637 | 637 | ||
| 638 | * Instantiate a partially constructed key:: | 638 | * Instantiate a partially constructed key:: |
| 639 | 639 | ||
diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c index 1063b644efcd..e284d9cb9237 100644 --- a/crypto/asymmetric_keys/pkcs7_key_type.c +++ b/crypto/asymmetric_keys/pkcs7_key_type.c | |||
| @@ -19,6 +19,7 @@ | |||
| 19 | 19 | ||
| 20 | MODULE_LICENSE("GPL"); | 20 | MODULE_LICENSE("GPL"); |
| 21 | MODULE_DESCRIPTION("PKCS#7 testing key type"); | 21 | MODULE_DESCRIPTION("PKCS#7 testing key type"); |
| 22 | MODULE_AUTHOR("Red Hat, Inc."); | ||
| 22 | 23 | ||
| 23 | static unsigned pkcs7_usage; | 24 | static unsigned pkcs7_usage; |
| 24 | module_param_named(usage, pkcs7_usage, uint, S_IWUSR | S_IRUGO); | 25 | module_param_named(usage, pkcs7_usage, uint, S_IWUSR | S_IRUGO); |
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c index d140d8bb2c96..c1ca1e86f5c4 100644 --- a/crypto/asymmetric_keys/pkcs7_parser.c +++ b/crypto/asymmetric_keys/pkcs7_parser.c | |||
| @@ -11,6 +11,7 @@ | |||
| 11 | 11 | ||
| 12 | #define pr_fmt(fmt) "PKCS7: "fmt | 12 | #define pr_fmt(fmt) "PKCS7: "fmt |
| 13 | #include <linux/kernel.h> | 13 | #include <linux/kernel.h> |
| 14 | #include <linux/module.h> | ||
| 14 | #include <linux/export.h> | 15 | #include <linux/export.h> |
| 15 | #include <linux/slab.h> | 16 | #include <linux/slab.h> |
| 16 | #include <linux/err.h> | 17 | #include <linux/err.h> |
| @@ -19,6 +20,10 @@ | |||
| 19 | #include "pkcs7_parser.h" | 20 | #include "pkcs7_parser.h" |
| 20 | #include "pkcs7-asn1.h" | 21 | #include "pkcs7-asn1.h" |
| 21 | 22 | ||
| 23 | MODULE_DESCRIPTION("PKCS#7 parser"); | ||
| 24 | MODULE_AUTHOR("Red Hat, Inc."); | ||
| 25 | MODULE_LICENSE("GPL"); | ||
| 26 | |||
| 22 | struct pkcs7_parse_context { | 27 | struct pkcs7_parse_context { |
| 23 | struct pkcs7_message *msg; /* Message being constructed */ | 28 | struct pkcs7_message *msg; /* Message being constructed */ |
| 24 | struct pkcs7_signed_info *sinfo; /* SignedInfo being constructed */ | 29 | struct pkcs7_signed_info *sinfo; /* SignedInfo being constructed */ |
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index d916235d6cf5..bc3035ef27a2 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c | |||
| @@ -22,6 +22,8 @@ | |||
| 22 | #include <crypto/public_key.h> | 22 | #include <crypto/public_key.h> |
| 23 | #include <crypto/akcipher.h> | 23 | #include <crypto/akcipher.h> |
| 24 | 24 | ||
| 25 | MODULE_DESCRIPTION("In-software asymmetric public-key subtype"); | ||
| 26 | MODULE_AUTHOR("Red Hat, Inc."); | ||
| 25 | MODULE_LICENSE("GPL"); | 27 | MODULE_LICENSE("GPL"); |
| 26 | 28 | ||
| 27 | /* | 29 | /* |
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index eea71dc9686c..c9013582c026 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c | |||
| @@ -275,4 +275,5 @@ module_init(x509_key_init); | |||
| 275 | module_exit(x509_key_exit); | 275 | module_exit(x509_key_exit); |
| 276 | 276 | ||
| 277 | MODULE_DESCRIPTION("X.509 certificate parser"); | 277 | MODULE_DESCRIPTION("X.509 certificate parser"); |
| 278 | MODULE_AUTHOR("Red Hat, Inc."); | ||
| 278 | MODULE_LICENSE("GPL"); | 279 | MODULE_LICENSE("GPL"); |
diff --git a/include/linux/key-type.h b/include/linux/key-type.h index 9520fc3c3b9a..05d8fb5a06c4 100644 --- a/include/linux/key-type.h +++ b/include/linux/key-type.h | |||
| @@ -44,7 +44,7 @@ struct key_preparsed_payload { | |||
| 44 | const void *data; /* Raw data */ | 44 | const void *data; /* Raw data */ |
| 45 | size_t datalen; /* Raw datalen */ | 45 | size_t datalen; /* Raw datalen */ |
| 46 | size_t quotalen; /* Quota length for proposed payload */ | 46 | size_t quotalen; /* Quota length for proposed payload */ |
| 47 | time_t expiry; /* Expiry time of key */ | 47 | time64_t expiry; /* Expiry time of key */ |
| 48 | } __randomize_layout; | 48 | } __randomize_layout; |
| 49 | 49 | ||
| 50 | typedef int (*request_key_actor_t)(struct key_construction *key, | 50 | typedef int (*request_key_actor_t)(struct key_construction *key, |
diff --git a/include/linux/key.h b/include/linux/key.h index 8a15cabe928d..e58ee10f6e58 100644 --- a/include/linux/key.h +++ b/include/linux/key.h | |||
| @@ -24,6 +24,7 @@ | |||
| 24 | #include <linux/atomic.h> | 24 | #include <linux/atomic.h> |
| 25 | #include <linux/assoc_array.h> | 25 | #include <linux/assoc_array.h> |
| 26 | #include <linux/refcount.h> | 26 | #include <linux/refcount.h> |
| 27 | #include <linux/time64.h> | ||
| 27 | 28 | ||
| 28 | #ifdef __KERNEL__ | 29 | #ifdef __KERNEL__ |
| 29 | #include <linux/uidgid.h> | 30 | #include <linux/uidgid.h> |
| @@ -162,10 +163,10 @@ struct key { | |||
| 162 | struct key_user *user; /* owner of this key */ | 163 | struct key_user *user; /* owner of this key */ |
| 163 | void *security; /* security data for this key */ | 164 | void *security; /* security data for this key */ |
| 164 | union { | 165 | union { |
| 165 | time_t expiry; /* time at which key expires (or 0) */ | 166 | time64_t expiry; /* time at which key expires (or 0) */ |
| 166 | time_t revoked_at; /* time at which key was revoked */ | 167 | time64_t revoked_at; /* time at which key was revoked */ |
| 167 | }; | 168 | }; |
| 168 | time_t last_used_at; /* last time used for LRU keyring discard */ | 169 | time64_t last_used_at; /* last time used for LRU keyring discard */ |
| 169 | kuid_t uid; | 170 | kuid_t uid; |
| 170 | kgid_t gid; | 171 | kgid_t gid; |
| 171 | key_perm_t perm; /* access permissions */ | 172 | key_perm_t perm; /* access permissions */ |
diff --git a/security/keys/gc.c b/security/keys/gc.c index afb3a9175d76..6713fee893fb 100644 --- a/security/keys/gc.c +++ b/security/keys/gc.c | |||
| @@ -32,7 +32,7 @@ DECLARE_WORK(key_gc_work, key_garbage_collector); | |||
| 32 | static void key_gc_timer_func(unsigned long); | 32 | static void key_gc_timer_func(unsigned long); |
| 33 | static DEFINE_TIMER(key_gc_timer, key_gc_timer_func); | 33 | static DEFINE_TIMER(key_gc_timer, key_gc_timer_func); |
| 34 | 34 | ||
| 35 | static time_t key_gc_next_run = LONG_MAX; | 35 | static time64_t key_gc_next_run = TIME64_MAX; |
| 36 | static struct key_type *key_gc_dead_keytype; | 36 | static struct key_type *key_gc_dead_keytype; |
| 37 | 37 | ||
| 38 | static unsigned long key_gc_flags; | 38 | static unsigned long key_gc_flags; |
| @@ -53,12 +53,12 @@ struct key_type key_type_dead = { | |||
| 53 | * Schedule a garbage collection run. | 53 | * Schedule a garbage collection run. |
| 54 | * - time precision isn't particularly important | 54 | * - time precision isn't particularly important |
| 55 | */ | 55 | */ |
| 56 | void key_schedule_gc(time_t gc_at) | 56 | void key_schedule_gc(time64_t gc_at) |
| 57 | { | 57 | { |
| 58 | unsigned long expires; | 58 | unsigned long expires; |
| 59 | time_t now = current_kernel_time().tv_sec; | 59 | time64_t now = ktime_get_real_seconds(); |
| 60 | 60 | ||
| 61 | kenter("%ld", gc_at - now); | 61 | kenter("%lld", gc_at - now); |
| 62 | 62 | ||
| 63 | if (gc_at <= now || test_bit(KEY_GC_REAP_KEYTYPE, &key_gc_flags)) { | 63 | if (gc_at <= now || test_bit(KEY_GC_REAP_KEYTYPE, &key_gc_flags)) { |
| 64 | kdebug("IMMEDIATE"); | 64 | kdebug("IMMEDIATE"); |
| @@ -87,7 +87,7 @@ void key_schedule_gc_links(void) | |||
| 87 | static void key_gc_timer_func(unsigned long data) | 87 | static void key_gc_timer_func(unsigned long data) |
| 88 | { | 88 | { |
| 89 | kenter(""); | 89 | kenter(""); |
| 90 | key_gc_next_run = LONG_MAX; | 90 | key_gc_next_run = TIME64_MAX; |
| 91 | key_schedule_gc_links(); | 91 | key_schedule_gc_links(); |
| 92 | } | 92 | } |
| 93 | 93 | ||
| @@ -184,11 +184,11 @@ static void key_garbage_collector(struct work_struct *work) | |||
| 184 | 184 | ||
| 185 | struct rb_node *cursor; | 185 | struct rb_node *cursor; |
| 186 | struct key *key; | 186 | struct key *key; |
| 187 | time_t new_timer, limit; | 187 | time64_t new_timer, limit; |
| 188 | 188 | ||
| 189 | kenter("[%lx,%x]", key_gc_flags, gc_state); | 189 | kenter("[%lx,%x]", key_gc_flags, gc_state); |
| 190 | 190 | ||
| 191 | limit = current_kernel_time().tv_sec; | 191 | limit = ktime |
