keys: Provide request_key_rcu()

Provide a request_key_rcu() function that can be used to request a key under RCU conditions. It can only search and check permissions; it cannot allocate a new key, upcall or wait for an upcall to complete. It may return a partially constructed key. Signed-off-by: David Howells <dhowells@redhat.com>
author: David Howells <dhowells@redhat.com> 2019-06-19 11:10:15 -0400
committer: David Howells <dhowells@redhat.com> 2019-06-19 11:10:15 -0400
commit: 896f1950e5944532b971d880a6bae7fba3b6a8d3 (patch)
tree: 8bf2eddc61af7f782bdd579e87fa0f7760ea5ced /Documentation/security
parent: e59428f721ee096d8a020504ea908a6f0d952735 (diff)
2 files changed, 19 insertions, 0 deletions
diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst
index 82dd457ff78d..003f1452a5b7 100644
--- a/Documentation/security/keys/core.rst
+++ b/Documentation/security/keys/core.rst
@@ -1147,6 +1147,16 @@ payload contents" for more information.
    case error ERESTARTSYS will be returned.
+ *  To search for a key under RCU conditions, call::
+        struct key *request_key_rcu(const struct key_type *type,
+                                    const char *description);
+    which is similar to request_key() except that it does not check for keys
+    that are under construction and it will not call out to userspace to
+    construct a key if it can't find a match.
 *  When it is no longer required, the key should be released using::
        void key_put(struct key *key);
diff --git a/Documentation/security/keys/request-key.rst b/Documentation/security/keys/request-key.rst
index 07af991463b5..7caedc4d29f1 100644
--- a/Documentation/security/keys/request-key.rst
+++ b/Documentation/security/keys/request-key.rst
@@ -36,6 +36,11 @@ or::
                                                   size_t callout_len,
                                                   void *aux);
+or::
+        struct key *request_key_rcu(const struct key_type *type,
+                                    const char *description);
 Or by userspace invoking the request_key system call::
        key_serial_t request_key(const char *type,
@@ -57,6 +62,10 @@ The two async in-kernel calls may return keys that are still in the process of
 being constructed.  The two non-async ones will wait for construction to
 complete first.
+The request_key_rcu() call is like the in-kernel request_key() call, except
+that it doesn't check for keys that are under construction and doesn't attempt
+to construct missing keys.
 The userspace interface links the key to a keyring associated with the process
 to prevent the key from going away, and returns the serial number of the key to
 the caller.
author	David Howells <dhowells@redhat.com>	2019-06-19 11:10:15 -0400
committer	David Howells <dhowells@redhat.com>	2019-06-19 11:10:15 -0400
commit	896f1950e5944532b971d880a6bae7fba3b6a8d3 (patch)
tree	8bf2eddc61af7f782bdd579e87fa0f7760ea5ced /Documentation/security
parent	e59428f721ee096d8a020504ea908a6f0d952735 (diff)

diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst index 82dd457ff78d..003f1452a5b7 100644 --- a/Documentation/security/keys/core.rst +++ b/Documentation/security/keys/core.rst
@@ -1147,6 +1147,16 @@ payload contents" for more information.
1147	case error ERESTARTSYS will be returned.	1147	case error ERESTARTSYS will be returned.
1148		1148
1149		1149
		1150	* To search for a key under RCU conditions, call::
		1151
		1152	struct key request_key_rcu(const struct key_type type,
		1153	const char *description);
		1154
		1155	which is similar to request_key() except that it does not check for keys
		1156	that are under construction and it will not call out to userspace to
		1157	construct a key if it can't find a match.
		1158
		1159
1150	* When it is no longer required, the key should be released using::	1160	* When it is no longer required, the key should be released using::
1151		1161
1152	void key_put(struct key *key);	1162	void key_put(struct key *key);


diff --git a/Documentation/security/keys/request-key.rst b/Documentation/security/keys/request-key.rst index 07af991463b5..7caedc4d29f1 100644 --- a/Documentation/security/keys/request-key.rst +++ b/Documentation/security/keys/request-key.rst
@@ -36,6 +36,11 @@ or::
36	size_t callout_len,	36	size_t callout_len,
37	void *aux);	37	void *aux);
38		38
		39	or::
		40
		41	struct key request_key_rcu(const struct key_type type,
		42	const char *description);
		43
39	Or by userspace invoking the request_key system call::	44	Or by userspace invoking the request_key system call::
40		45
41	key_serial_t request_key(const char *type,	46	key_serial_t request_key(const char *type,
@@ -57,6 +62,10 @@ The two async in-kernel calls may return keys that are still in the process of
57	being constructed. The two non-async ones will wait for construction to	62	being constructed. The two non-async ones will wait for construction to
58	complete first.	63	complete first.
59		64
		65	The request_key_rcu() call is like the in-kernel request_key() call, except
		66	that it doesn't check for keys that are under construction and doesn't attempt
		67	to construct missing keys.
		68
60	The userspace interface links the key to a keyring associated with the process	69	The userspace interface links the key to a keyring associated with the process
61	to prevent the key from going away, and returns the serial number of the key to	70	to prevent the key from going away, and returns the serial number of the key to
62	the caller.	71	the caller.