CRED: Separate per-task-group keyrings from signal_struct

Separate per-task-group keyrings from signal_struct and dangle their anchor from the cred struct rather than the signal_struct. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: James Morris <jmorris@namei.org> Signed-off-by: James Morris <jmorris@namei.org>
author: David Howells <dhowells@redhat.com> 2008-11-13 18:39:20 -0500
committer: James Morris <jmorris@namei.org> 2008-11-13 18:39:20 -0500
commit: bb952bb98a7e479262c7eb25d5592545a3af147d (patch)
tree: 9a2158c07a22a5fbddcec412944d2e7534eecc8f /security/keys/request_key.c
parent: 275bb41e9d058fbb327e7642f077e1beaeac162e (diff)
1 files changed, 14 insertions, 20 deletions
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 0488b0af5bd6..3d12558362df 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -66,7 +66,6 @@ static int call_sbin_request_key(struct key_construction *cons,
                                 const char *op,
                                 void *aux)
 {
-        struct task_struct *tsk = current;
        const struct cred *cred = current_cred();
        key_serial_t prkey, sskey;
        struct key *key = cons->key, *authkey = cons->authkey, *keyring;
@@ -109,18 +108,13 @@ static int call_sbin_request_key(struct key_construction *cons,
                cred->thread_keyring->serial : 0);
        prkey = 0;
-        if (tsk->signal->process_keyring)
+        if (cred->tgcred->process_keyring)
-                prkey = tsk->signal->process_keyring->serial;
+                prkey = cred->tgcred->process_keyring->serial;
-        sprintf(keyring_str[1], "%d", prkey);
+        if (cred->tgcred->session_keyring)
+                sskey = rcu_dereference(cred->tgcred->session_keyring)->serial;
-        if (tsk->signal->session_keyring) {
+        else
-                rcu_read_lock();
-                sskey = rcu_dereference(tsk->signal->session_keyring)->serial;
-                rcu_read_unlock();
-        } else {
                sskey = cred->user->session_keyring->serial;
-        }
        sprintf(keyring_str[2], "%d", sskey);
@@ -222,7 +216,7 @@ static int construct_key(struct key *key, const void *callout_info,
 static void construct_get_dest_keyring(struct key **_dest_keyring)
 {
        struct request_key_auth *rka;
-        struct task_struct *tsk = current;
+        const struct cred *cred = current_cred();
        struct key *dest_keyring = *_dest_keyring, *authkey;
        kenter("%p", dest_keyring);
@@ -234,11 +228,11 @@ static void construct_get_dest_keyring(struct key **_dest_keyring)
        } else {
                /* use a default keyring; falling through the cases until we
                 * find one that we actually have */
-                switch (tsk->cred->jit_keyring) {
+                switch (cred->jit_keyring) {
                case KEY_REQKEY_DEFL_DEFAULT:
                case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
-                        if (tsk->cred->request_key_auth) {
+                        if (cred->request_key_auth) {
-                                authkey = tsk->cred->request_key_auth;
+                                authkey = cred->request_key_auth;
                                down_read(&authkey->sem);
                                rka = authkey->payload.data;
                                if (!test_bit(KEY_FLAG_REVOKED,
@@ -251,19 +245,19 @@ static void construct_get_dest_keyring(struct key **_dest_keyring)
                        }
                case KEY_REQKEY_DEFL_THREAD_KEYRING:
-                        dest_keyring = key_get(tsk->cred->thread_keyring);
+                        dest_keyring = key_get(cred->thread_keyring);
                        if (dest_keyring)
                                break;
                case KEY_REQKEY_DEFL_PROCESS_KEYRING:
-                        dest_keyring = key_get(tsk->signal->process_keyring);
+                        dest_keyring = key_get(cred->tgcred->process_keyring);
                        if (dest_keyring)
                                break;
                case KEY_REQKEY_DEFL_SESSION_KEYRING:
                        rcu_read_lock();
                        dest_keyring = key_get(
-                                rcu_dereference(tsk->signal->session_keyring));
+                                rcu_dereference(cred->tgcred->session_keyring));
                        rcu_read_unlock();
                        if (dest_keyring)
@@ -271,11 +265,11 @@ static void construct_get_dest_keyring(struct key **_dest_keyring)
                case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
                        dest_keyring =
-                                key_get(tsk->cred->user->session_keyring);
+                                key_get(cred->user->session_keyring);
                        break;
                case KEY_REQKEY_DEFL_USER_KEYRING:
-                        dest_keyring = key_get(tsk->cred->user->uid_keyring);
+                        dest_keyring = key_get(cred->user->uid_keyring);
                        break;
                case KEY_REQKEY_DEFL_GROUP_KEYRING:
author	David Howells <dhowells@redhat.com>	2008-11-13 18:39:20 -0500
committer	James Morris <jmorris@namei.org>	2008-11-13 18:39:20 -0500
commit	bb952bb98a7e479262c7eb25d5592545a3af147d (patch)
tree	9a2158c07a22a5fbddcec412944d2e7534eecc8f /security/keys/request_key.c
parent	275bb41e9d058fbb327e7642f077e1beaeac162e (diff)

diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 0488b0af5bd6..3d12558362df 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c
@@ -66,7 +66,6 @@ static int call_sbin_request_key(struct key_construction *cons,
66	const char *op,	66	const char *op,
67	void *aux)	67	void *aux)
68	{	68	{
69	struct task_struct *tsk = current;
70	const struct cred *cred = current_cred();	69	const struct cred *cred = current_cred();
71	key_serial_t prkey, sskey;	70	key_serial_t prkey, sskey;
72	struct key key = cons->key, authkey = cons->authkey, *keyring;	71	struct key key = cons->key, authkey = cons->authkey, *keyring;
@@ -109,18 +108,13 @@ static int call_sbin_request_key(struct key_construction *cons,
109	cred->thread_keyring->serial : 0);	108	cred->thread_keyring->serial : 0);
110		109
111	prkey = 0;	110	prkey = 0;
112	if (tsk->signal->process_keyring)	111	if (cred->tgcred->process_keyring)
113	prkey = tsk->signal->process_keyring->serial;	112	prkey = cred->tgcred->process_keyring->serial;
114		113
115	sprintf(keyring_str[1], "%d", prkey);	114	if (cred->tgcred->session_keyring)
116		115	sskey = rcu_dereference(cred->tgcred->session_keyring)->serial;
117	if (tsk->signal->session_keyring) {	116	else
118	rcu_read_lock();
119	sskey = rcu_dereference(tsk->signal->session_keyring)->serial;
120	rcu_read_unlock();
121	} else {
122	sskey = cred->user->session_keyring->serial;	117	sskey = cred->user->session_keyring->serial;
123	}
124		118
125	sprintf(keyring_str[2], "%d", sskey);	119	sprintf(keyring_str[2], "%d", sskey);
126		120
@@ -222,7 +216,7 @@ static int construct_key(struct key key, const void callout_info,
222	static void construct_get_dest_keyring(struct key **_dest_keyring)	216	static void construct_get_dest_keyring(struct key **_dest_keyring)
223	{	217	{
224	struct request_key_auth *rka;	218	struct request_key_auth *rka;
225	struct task_struct *tsk = current;	219	const struct cred *cred = current_cred();
226	struct key dest_keyring = _dest_keyring, *authkey;	220	struct key dest_keyring = _dest_keyring, *authkey;
227		221
228	kenter("%p", dest_keyring);	222	kenter("%p", dest_keyring);
@@ -234,11 +228,11 @@ static void construct_get_dest_keyring(struct key **_dest_keyring)
234	} else {	228	} else {
235	/* use a default keyring; falling through the cases until we	229	/* use a default keyring; falling through the cases until we
236	* find one that we actually have */	230	* find one that we actually have */
237	switch (tsk->cred->jit_keyring) {	231	switch (cred->jit_keyring) {
238	case KEY_REQKEY_DEFL_DEFAULT:	232	case KEY_REQKEY_DEFL_DEFAULT:
239	case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:	233	case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
240	if (tsk->cred->request_key_auth) {	234	if (cred->request_key_auth) {
241	authkey = tsk->cred->request_key_auth;	235	authkey = cred->request_key_auth;
242	down_read(&authkey->sem);	236	down_read(&authkey->sem);
243	rka = authkey->payload.data;	237	rka = authkey->payload.data;
244	if (!test_bit(KEY_FLAG_REVOKED,	238	if (!test_bit(KEY_FLAG_REVOKED,
@@ -251,19 +245,19 @@ static void construct_get_dest_keyring(struct key **_dest_keyring)
251	}	245	}
252		246
253	case KEY_REQKEY_DEFL_THREAD_KEYRING:	247	case KEY_REQKEY_DEFL_THREAD_KEYRING:
254	dest_keyring = key_get(tsk->cred->thread_keyring);	248	dest_keyring = key_get(cred->thread_keyring);
255	if (dest_keyring)	249	if (dest_keyring)
256	break;	250	break;
257		251
258	case KEY_REQKEY_DEFL_PROCESS_KEYRING:	252	case KEY_REQKEY_DEFL_PROCESS_KEYRING:
259	dest_keyring = key_get(tsk->signal->process_keyring);	253	dest_keyring = key_get(cred->tgcred->process_keyring);
260	if (dest_keyring)	254	if (dest_keyring)
261	break;	255	break;
262		256
263	case KEY_REQKEY_DEFL_SESSION_KEYRING:	257	case KEY_REQKEY_DEFL_SESSION_KEYRING:
264	rcu_read_lock();	258	rcu_read_lock();
265	dest_keyring = key_get(	259	dest_keyring = key_get(
266	rcu_dereference(tsk->signal->session_keyring));	260	rcu_dereference(cred->tgcred->session_keyring));
267	rcu_read_unlock();	261	rcu_read_unlock();
268		262
269	if (dest_keyring)	263	if (dest_keyring)
@@ -271,11 +265,11 @@ static void construct_get_dest_keyring(struct key **_dest_keyring)
271		265
272	case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:	266	case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
273	dest_keyring =	267	dest_keyring =
274	key_get(tsk->cred->user->session_keyring);	268	key_get(cred->user->session_keyring);
275	break;	269	break;
276		270
277	case KEY_REQKEY_DEFL_USER_KEYRING:	271	case KEY_REQKEY_DEFL_USER_KEYRING:
278	dest_keyring = key_get(tsk->cred->user->uid_keyring);	272	dest_keyring = key_get(cred->user->uid_keyring);
279	break;	273	break;
280		274
281	case KEY_REQKEY_DEFL_GROUP_KEYRING:	275	case KEY_REQKEY_DEFL_GROUP_KEYRING: