diff options
Diffstat (limited to 'include/linux/key.h')
| -rw-r--r-- | include/linux/key.h | 47 |
1 files changed, 30 insertions, 17 deletions
diff --git a/include/linux/key.h b/include/linux/key.h index e315e16b6ff8..8a15cabe928d 100644 --- a/include/linux/key.h +++ b/include/linux/key.h | |||
| @@ -138,6 +138,11 @@ struct key_restriction { | |||
| 138 | struct key_type *keytype; | 138 | struct key_type *keytype; |
| 139 | }; | 139 | }; |
| 140 | 140 | ||
| 141 | enum key_state { | ||
| 142 | KEY_IS_UNINSTANTIATED, | ||
| 143 | KEY_IS_POSITIVE, /* Positively instantiated */ | ||
| 144 | }; | ||
| 145 | |||
| 141 | /*****************************************************************************/ | 146 | /*****************************************************************************/ |
| 142 | /* | 147 | /* |
| 143 | * authentication token / access credential / keyring | 148 | * authentication token / access credential / keyring |
| @@ -169,6 +174,7 @@ struct key { | |||
| 169 | * - may not match RCU dereferenced payload | 174 | * - may not match RCU dereferenced payload |
| 170 | * - payload should contain own length | 175 | * - payload should contain own length |
| 171 | */ | 176 | */ |
| 177 | short state; /* Key state (+) or rejection error (-) */ | ||
| 172 | 178 | ||
| 173 | #ifdef KEY_DEBUGGING | 179 | #ifdef KEY_DEBUGGING |
| 174 | unsigned magic; | 180 | unsigned magic; |
| @@ -176,18 +182,16 @@ struct key { | |||
| 176 | #endif | 182 | #endif |
| 177 | 183 | ||
| 178 | unsigned long flags; /* status flags (change with bitops) */ | 184 | unsigned long flags; /* status flags (change with bitops) */ |
| 179 | #define KEY_FLAG_INSTANTIATED 0 /* set if key has been instantiated */ | 185 | #define KEY_FLAG_DEAD 0 /* set if key type has been deleted */ |
| 180 | #define KEY_FLAG_DEAD 1 /* set if key type has been deleted */ | 186 | #define KEY_FLAG_REVOKED 1 /* set if key had been revoked */ |
| 181 | #define KEY_FLAG_REVOKED 2 /* set if key had been revoked */ | 187 | #define KEY_FLAG_IN_QUOTA 2 /* set if key consumes quota */ |
| 182 | #define KEY_FLAG_IN_QUOTA 3 /* set if key consumes quota */ | 188 | #define KEY_FLAG_USER_CONSTRUCT 3 /* set if key is being constructed in userspace */ |
| 183 | #define KEY_FLAG_USER_CONSTRUCT 4 /* set if key is being constructed in userspace */ | 189 | #define KEY_FLAG_ROOT_CAN_CLEAR 4 /* set if key can be cleared by root without permission */ |
| 184 | #define KEY_FLAG_NEGATIVE 5 /* set if key is negative */ | 190 | #define KEY_FLAG_INVALIDATED 5 /* set if key has been invalidated */ |
| 185 | #define KEY_FLAG_ROOT_CAN_CLEAR 6 /* set if key can be cleared by root without permission */ | 191 | #define KEY_FLAG_BUILTIN 6 /* set if key is built in to the kernel */ |
| 186 | #define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */ | 192 | #define KEY_FLAG_ROOT_CAN_INVAL 7 /* set if key can be invalidated by root without permission */ |
| 187 | #define KEY_FLAG_BUILTIN 8 /* set if key is built in to the kernel */ | 193 | #define KEY_FLAG_KEEP 8 /* set if key should not be removed */ |
| 188 | #define KEY_FLAG_ROOT_CAN_INVAL 9 /* set if key can be invalidated by root without permission */ | 194 | #define KEY_FLAG_UID_KEYRING 9 /* set if key is a user or user session keyring */ |
| 189 | #define KEY_FLAG_KEEP 10 /* set if key should not be removed */ | ||
| 190 | #define KEY_FLAG_UID_KEYRING 11 /* set if key is a user or user session keyring */ | ||
| 191 | 195 | ||
| 192 | /* the key type and key description string | 196 | /* the key type and key description string |
| 193 | * - the desc is used to match a key against search criteria | 197 | * - the desc is used to match a key against search criteria |
| @@ -213,7 +217,6 @@ struct key { | |||
| 213 | struct list_head name_link; | 217 | struct list_head name_link; |
| 214 | struct assoc_array keys; | 218 | struct assoc_array keys; |
| 215 | }; | 219 | }; |
| 216 | int reject_error; | ||
| 217 | }; | 220 | }; |
| 218 | 221 | ||
| 219 | /* This is set on a keyring to restrict the addition of a link to a key | 222 | /* This is set on a keyring to restrict the addition of a link to a key |
| @@ -353,17 +356,27 @@ extern void key_set_timeout(struct key *, unsigned); | |||
| 353 | #define KEY_NEED_SETATTR 0x20 /* Require permission to change attributes */ | 356 | #define KEY_NEED_SETATTR 0x20 /* Require permission to change attributes */ |
| 354 | #define KEY_NEED_ALL 0x3f /* All the above permissions */ | 357 | #define KEY_NEED_ALL 0x3f /* All the above permissions */ |
| 355 | 358 | ||
| 359 | static inline short key_read_state(const struct key *key) | ||
| 360 | { | ||
| 361 | /* Barrier versus mark_key_instantiated(). */ | ||
| 362 | return smp_load_acquire(&key->state); | ||
| 363 | } | ||
| 364 | |||
| 356 | /** | 365 | /** |
| 357 | * key_is_instantiated - Determine if a key has been positively instantiated | 366 | * key_is_positive - Determine if a key has been positively instantiated |
| 358 | * @key: The key to check. | 367 | * @key: The key to check. |
| 359 | * | 368 | * |
| 360 | * Return true if the specified key has been positively instantiated, false | 369 | * Return true if the specified key has been positively instantiated, false |
| 361 | * otherwise. | 370 | * otherwise. |
| 362 | */ | 371 | */ |
| 363 | static inline bool key_is_instantiated(const struct key *key) | 372 | static inline bool key_is_positive(const struct key *key) |
| 373 | { | ||
| 374 | return key_read_state(key) == KEY_IS_POSITIVE; | ||
| 375 | } | ||
| 376 | |||
| 377 | static inline bool key_is_negative(const struct key *key) | ||
| 364 | { | 378 | { |
| 365 | return test_bit(KEY_FLAG_INSTANTIATED, &key->flags) && | 379 | return key_read_state(key) < 0; |
| 366 | !test_bit(KEY_FLAG_NEGATIVE, &key->flags); | ||
| 367 | } | 380 | } |
| 368 | 381 | ||
| 369 | #define dereference_key_rcu(KEY) \ | 382 | #define dereference_key_rcu(KEY) \ |