aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorJeff Garzik <jgarzik@pobox.com>2005-08-29 16:40:27 -0400
committerJeff Garzik <jgarzik@pobox.com>2005-08-29 16:40:27 -0400
commitc1b054d03f5b31c33eaa0b267c629b118eaf3790 (patch)
tree9333907ca767be24fcb3667877242976c3e3c8dd /security
parent559fb51ba7e66fe298b8355fabde1275b7def35f (diff)
parentbf4e70e54cf31dcca48d279c7f7e71328eebe749 (diff)
Merge /spare/repo/linux-2.6/
Diffstat (limited to 'security')
-rw-r--r--security/commoncap.c2
-rw-r--r--security/dummy.c2
-rw-r--r--security/keys/Makefile5
-rw-r--r--security/keys/compat.c7
-rw-r--r--security/keys/internal.h45
-rw-r--r--security/keys/key.c118
-rw-r--r--security/keys/keyctl.c204
-rw-r--r--security/keys/keyring.c327
-rw-r--r--security/keys/proc.c21
-rw-r--r--security/keys/process_keys.c215
-rw-r--r--security/keys/request_key.c221
-rw-r--r--security/keys/request_key_auth.c180
-rw-r--r--security/keys/user_defined.c87
-rw-r--r--security/selinux/hooks.c34
-rw-r--r--security/selinux/include/av_perm_to_string.h2
-rw-r--r--security/selinux/include/av_permissions.h2
-rw-r--r--security/selinux/include/security.h2
-rw-r--r--security/selinux/selinuxfs.c9
-rw-r--r--security/selinux/ss/conditional.c9
-rw-r--r--security/selinux/ss/mls.c71
-rw-r--r--security/selinux/ss/mls.h4
-rw-r--r--security/selinux/ss/policydb.c15
-rw-r--r--security/selinux/ss/services.c61
23 files changed, 1147 insertions, 496 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index 849b8c338ee8..04c12f58d656 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -149,7 +149,7 @@ void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
149 149
150 if (bprm->e_uid != current->uid || bprm->e_gid != current->gid || 150 if (bprm->e_uid != current->uid || bprm->e_gid != current->gid ||
151 !cap_issubset (new_permitted, current->cap_permitted)) { 151 !cap_issubset (new_permitted, current->cap_permitted)) {
152 current->mm->dumpable = 0; 152 current->mm->dumpable = suid_dumpable;
153 153
154 if (unsafe & ~LSM_UNSAFE_PTRACE_CAP) { 154 if (unsafe & ~LSM_UNSAFE_PTRACE_CAP) {
155 if (!capable(CAP_SETUID)) { 155 if (!capable(CAP_SETUID)) {
diff --git a/security/dummy.c b/security/dummy.c
index b32eff146547..6ff887586479 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -130,7 +130,7 @@ static void dummy_bprm_free_security (struct linux_binprm *bprm)
130static void dummy_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) 130static void dummy_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
131{ 131{
132 if (bprm->e_uid != current->uid || bprm->e_gid != current->gid) { 132 if (bprm->e_uid != current->uid || bprm->e_gid != current->gid) {
133 current->mm->dumpable = 0; 133 current->mm->dumpable = suid_dumpable;
134 134
135 if ((unsafe & ~LSM_UNSAFE_PTRACE_CAP) && !capable(CAP_SETUID)) { 135 if ((unsafe & ~LSM_UNSAFE_PTRACE_CAP) && !capable(CAP_SETUID)) {
136 bprm->e_uid = current->uid; 136 bprm->e_uid = current->uid;
diff --git a/security/keys/Makefile b/security/keys/Makefile
index ddb495d65062..c392d750b208 100644
--- a/security/keys/Makefile
+++ b/security/keys/Makefile
@@ -7,8 +7,9 @@ obj-y := \
7 keyring.o \ 7 keyring.o \
8 keyctl.o \ 8 keyctl.o \
9 process_keys.o \ 9 process_keys.o \
10 user_defined.o \ 10 request_key.o \
11 request_key.o 11 request_key_auth.o \
12 user_defined.o
12 13
13obj-$(CONFIG_KEYS_COMPAT) += compat.o 14obj-$(CONFIG_KEYS_COMPAT) += compat.o
14obj-$(CONFIG_PROC_FS) += proc.o 15obj-$(CONFIG_PROC_FS) += proc.o
diff --git a/security/keys/compat.c b/security/keys/compat.c
index aff8b22dcb5c..3303673c636e 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -1,6 +1,6 @@
1/* compat.c: 32-bit compatibility syscall for 64-bit systems 1/* compat.c: 32-bit compatibility syscall for 64-bit systems
2 * 2 *
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
5 * 5 *
6 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -24,7 +24,7 @@
24 * - if you can, you should call sys_keyctl directly 24 * - if you can, you should call sys_keyctl directly
25 */ 25 */
26asmlinkage long compat_sys_keyctl(u32 option, 26asmlinkage long compat_sys_keyctl(u32 option,
27 u32 arg2, u32 arg3, u32 arg4, u32 arg5) 27 u32 arg2, u32 arg3, u32 arg4, u32 arg5)
28{ 28{
29 switch (option) { 29 switch (option) {
30 case KEYCTL_GET_KEYRING_ID: 30 case KEYCTL_GET_KEYRING_ID:
@@ -71,6 +71,9 @@ asmlinkage long compat_sys_keyctl(u32 option,
71 case KEYCTL_NEGATE: 71 case KEYCTL_NEGATE:
72 return keyctl_negate_key(arg2, arg3, arg4); 72 return keyctl_negate_key(arg2, arg3, arg4);
73 73
74 case KEYCTL_SET_REQKEY_KEYRING:
75 return keyctl_set_reqkey_keyring(arg2);
76
74 default: 77 default:
75 return -EOPNOTSUPP; 78 return -EOPNOTSUPP;
76 } 79 }
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 67b2b93a7489..46c8602661c9 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -1,6 +1,6 @@
1/* internal.h: authentication token and access key management internal defs 1/* internal.h: authentication token and access key management internal defs
2 * 2 *
3 * Copyright (C) 2003 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2003-5 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
5 * 5 *
6 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -15,6 +15,16 @@
15#include <linux/key.h> 15#include <linux/key.h>
16#include <linux/key-ui.h> 16#include <linux/key-ui.h>
17 17
18#if 0
19#define kenter(FMT, a...) printk("==> %s("FMT")\n",__FUNCTION__ , ## a)
20#define kleave(FMT, a...) printk("<== %s()"FMT"\n",__FUNCTION__ , ## a)
21#define kdebug(FMT, a...) printk(FMT"\n" , ## a)
22#else
23#define kenter(FMT, a...) do {} while(0)
24#define kleave(FMT, a...) do {} while(0)
25#define kdebug(FMT, a...) do {} while(0)
26#endif
27
18extern struct key_type key_type_dead; 28extern struct key_type key_type_dead;
19extern struct key_type key_type_user; 29extern struct key_type key_type_user;
20 30
@@ -66,20 +76,46 @@ extern struct key *__keyring_search_one(struct key *keyring,
66 const char *description, 76 const char *description,
67 key_perm_t perm); 77 key_perm_t perm);
68 78
79extern struct key *keyring_search_instkey(struct key *keyring,
80 key_serial_t target_id);
81
69typedef int (*key_match_func_t)(const struct key *, const void *); 82typedef int (*key_match_func_t)(const struct key *, const void *);
70 83
71extern struct key *keyring_search_aux(struct key *keyring, 84extern struct key *keyring_search_aux(struct key *keyring,
85 struct task_struct *tsk,
72 struct key_type *type, 86 struct key_type *type,
73 const void *description, 87 const void *description,
74 key_match_func_t match); 88 key_match_func_t match);
75 89
76extern struct key *search_process_keyrings_aux(struct key_type *type, 90extern struct key *search_process_keyrings(struct key_type *type,
77 const void *description, 91 const void *description,
78 key_match_func_t match); 92 key_match_func_t match,
93 struct task_struct *tsk);
79 94
80extern struct key *find_keyring_by_name(const char *name, key_serial_t bound); 95extern struct key *find_keyring_by_name(const char *name, key_serial_t bound);
81 96
82extern int install_thread_keyring(struct task_struct *tsk); 97extern int install_thread_keyring(struct task_struct *tsk);
98extern int install_process_keyring(struct task_struct *tsk);
99
100extern struct key *request_key_and_link(struct key_type *type,
101 const char *description,
102 const char *callout_info,
103 struct key *dest_keyring);
104
105/*
106 * request_key authorisation
107 */
108struct request_key_auth {
109 struct key *target_key;
110 struct task_struct *context;
111 pid_t pid;
112};
113
114extern struct key_type key_type_request_key_auth;
115extern struct key *request_key_auth_new(struct key *target,
116 struct key **_rkakey);
117
118extern struct key *key_get_instantiation_authkey(key_serial_t target_id);
83 119
84/* 120/*
85 * keyctl functions 121 * keyctl functions
@@ -100,6 +136,7 @@ extern long keyctl_setperm_key(key_serial_t, key_perm_t);
100extern long keyctl_instantiate_key(key_serial_t, const void __user *, 136extern long keyctl_instantiate_key(key_serial_t, const void __user *,
101 size_t, key_serial_t); 137 size_t, key_serial_t);
102extern long keyctl_negate_key(key_serial_t, unsigned, key_serial_t); 138extern long keyctl_negate_key(key_serial_t, unsigned, key_serial_t);
139extern long keyctl_set_reqkey_keyring(int);
103 140
104 141
105/* 142/*
diff --git a/security/keys/key.c b/security/keys/key.c
index 59402c843203..fb89f9844465 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -1,6 +1,6 @@
1/* key.c: basic authentication token and access key management 1/* key.c: basic authentication token and access key management
2 * 2 *
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
5 * 5 *
6 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -294,7 +294,6 @@ struct key *key_alloc(struct key_type *type, const char *desc,
294 } 294 }
295 295
296 atomic_set(&key->usage, 1); 296 atomic_set(&key->usage, 1);
297 rwlock_init(&key->lock);
298 init_rwsem(&key->sem); 297 init_rwsem(&key->sem);
299 key->type = type; 298 key->type = type;
300 key->user = user; 299 key->user = user;
@@ -308,7 +307,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
308 key->payload.data = NULL; 307 key->payload.data = NULL;
309 308
310 if (!not_in_quota) 309 if (!not_in_quota)
311 key->flags |= KEY_FLAG_IN_QUOTA; 310 key->flags |= 1 << KEY_FLAG_IN_QUOTA;
312 311
313 memset(&key->type_data, 0, sizeof(key->type_data)); 312 memset(&key->type_data, 0, sizeof(key->type_data));
314 313
@@ -359,7 +358,7 @@ int key_payload_reserve(struct key *key, size_t datalen)
359 key_check(key); 358 key_check(key);
360 359
361 /* contemplate the quota adjustment */ 360 /* contemplate the quota adjustment */
362 if (delta != 0 && key->flags & KEY_FLAG_IN_QUOTA) { 361 if (delta != 0 && test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
363 spin_lock(&key->user->lock); 362 spin_lock(&key->user->lock);
364 363
365 if (delta > 0 && 364 if (delta > 0 &&
@@ -392,7 +391,8 @@ EXPORT_SYMBOL(key_payload_reserve);
392static int __key_instantiate_and_link(struct key *key, 391static int __key_instantiate_and_link(struct key *key,
393 const void *data, 392 const void *data,
394 size_t datalen, 393 size_t datalen,
395 struct key *keyring) 394 struct key *keyring,
395 struct key *instkey)
396{ 396{
397 int ret, awaken; 397 int ret, awaken;
398 398
@@ -405,27 +405,25 @@ static int __key_instantiate_and_link(struct key *key,
405 down_write(&key_construction_sem); 405 down_write(&key_construction_sem);
406 406
407 /* can't instantiate twice */ 407 /* can't instantiate twice */
408 if (!(key->flags & KEY_FLAG_INSTANTIATED)) { 408 if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
409 /* instantiate the key */ 409 /* instantiate the key */
410 ret = key->type->instantiate(key, data, datalen); 410 ret = key->type->instantiate(key, data, datalen);
411 411
412 if (ret == 0) { 412 if (ret == 0) {
413 /* mark the key as being instantiated */ 413 /* mark the key as being instantiated */
414 write_lock(&key->lock);
415
416 atomic_inc(&key->user->nikeys); 414 atomic_inc(&key->user->nikeys);
417 key->flags |= KEY_FLAG_INSTANTIATED; 415 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
418 416
419 if (key->flags & KEY_FLAG_USER_CONSTRUCT) { 417 if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
420 key->flags &= ~KEY_FLAG_USER_CONSTRUCT;
421 awaken = 1; 418 awaken = 1;
422 }
423
424 write_unlock(&key->lock);
425 419
426 /* and link it into the destination keyring */ 420 /* and link it into the destination keyring */
427 if (keyring) 421 if (keyring)
428 ret = __key_link(keyring, key); 422 ret = __key_link(keyring, key);
423
424 /* disable the authorisation key */
425 if (instkey)
426 key_revoke(instkey);
429 } 427 }
430 } 428 }
431 429
@@ -446,19 +444,21 @@ static int __key_instantiate_and_link(struct key *key,
446int key_instantiate_and_link(struct key *key, 444int key_instantiate_and_link(struct key *key,
447 const void *data, 445 const void *data,
448 size_t datalen, 446 size_t datalen,
449 struct key *keyring) 447 struct key *keyring,
448 struct key *instkey)
450{ 449{
451 int ret; 450 int ret;
452 451
453 if (keyring) 452 if (keyring)
454 down_write(&keyring->sem); 453 down_write(&keyring->sem);
455 454
456 ret = __key_instantiate_and_link(key, data, datalen, keyring); 455 ret = __key_instantiate_and_link(key, data, datalen, keyring, instkey);
457 456
458 if (keyring) 457 if (keyring)
459 up_write(&keyring->sem); 458 up_write(&keyring->sem);
460 459
461 return ret; 460 return ret;
461
462} /* end key_instantiate_and_link() */ 462} /* end key_instantiate_and_link() */
463 463
464EXPORT_SYMBOL(key_instantiate_and_link); 464EXPORT_SYMBOL(key_instantiate_and_link);
@@ -469,7 +469,8 @@ EXPORT_SYMBOL(key_instantiate_and_link);
469 */ 469 */
470int key_negate_and_link(struct key *key, 470int key_negate_and_link(struct key *key,
471 unsigned timeout, 471 unsigned timeout,
472 struct key *keyring) 472 struct key *keyring,
473 struct key *instkey)
473{ 474{
474 struct timespec now; 475 struct timespec now;
475 int ret, awaken; 476 int ret, awaken;
@@ -486,26 +487,26 @@ int key_negate_and_link(struct key *key,
486 down_write(&key_construction_sem); 487 down_write(&key_construction_sem);
487 488
488 /* can't instantiate twice */ 489 /* can't instantiate twice */
489 if (!(key->flags & KEY_FLAG_INSTANTIATED)) { 490 if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
490 /* mark the key as being negatively instantiated */ 491 /* mark the key as being negatively instantiated */
491 write_lock(&key->lock);
492
493 atomic_inc(&key->user->nikeys); 492 atomic_inc(&key->user->nikeys);
494 key->flags |= KEY_FLAG_INSTANTIATED | KEY_FLAG_NEGATIVE; 493 set_bit(KEY_FLAG_NEGATIVE, &key->flags);
494 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
495 now = current_kernel_time(); 495 now = current_kernel_time();
496 key->expiry = now.tv_sec + timeout; 496 key->expiry = now.tv_sec + timeout;
497 497
498 if (key->flags & KEY_FLAG_USER_CONSTRUCT) { 498 if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
499 key->flags &= ~KEY_FLAG_USER_CONSTRUCT;
500 awaken = 1; 499 awaken = 1;
501 }
502 500
503 write_unlock(&key->lock);
504 ret = 0; 501 ret = 0;
505 502
506 /* and link it into the destination keyring */ 503 /* and link it into the destination keyring */
507 if (keyring) 504 if (keyring)
508 ret = __key_link(keyring, key); 505 ret = __key_link(keyring, key);
506
507 /* disable the authorisation key */
508 if (instkey)
509 key_revoke(instkey);
509 } 510 }
510 511
511 up_write(&key_construction_sem); 512 up_write(&key_construction_sem);
@@ -553,8 +554,10 @@ static void key_cleanup(void *data)
553 rb_erase(&key->serial_node, &key_serial_tree); 554 rb_erase(&key->serial_node, &key_serial_tree);
554 spin_unlock(&key_serial_lock); 555 spin_unlock(&key_serial_lock);
555 556
557 key_check(key);
558
556 /* deal with the user's key tracking and quota */ 559 /* deal with the user's key tracking and quota */
557 if (key->flags & KEY_FLAG_IN_QUOTA) { 560 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
558 spin_lock(&key->user->lock); 561 spin_lock(&key->user->lock);
559 key->user->qnkeys--; 562 key->user->qnkeys--;
560 key->user->qnbytes -= key->quotalen; 563 key->user->qnbytes -= key->quotalen;
@@ -562,7 +565,7 @@ static void key_cleanup(void *data)
562 } 565 }
563 566
564 atomic_dec(&key->user->nkeys); 567 atomic_dec(&key->user->nkeys);
565 if (key->flags & KEY_FLAG_INSTANTIATED) 568 if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
566 atomic_dec(&key->user->nikeys); 569 atomic_dec(&key->user->nikeys);
567 570
568 key_user_put(key->user); 571 key_user_put(key->user);
@@ -631,9 +634,9 @@ struct key *key_lookup(key_serial_t id)
631 goto error; 634 goto error;
632 635
633 found: 636 found:
634 /* pretent doesn't exist if it's dead */ 637 /* pretend it doesn't exist if it's dead */
635 if (atomic_read(&key->usage) == 0 || 638 if (atomic_read(&key->usage) == 0 ||
636 (key->flags & KEY_FLAG_DEAD) || 639 test_bit(KEY_FLAG_DEAD, &key->flags) ||
637 key->type == &key_type_dead) 640 key->type == &key_type_dead)
638 goto not_found; 641 goto not_found;
639 642
@@ -708,12 +711,9 @@ static inline struct key *__key_update(struct key *key, const void *payload,
708 711
709 ret = key->type->update(key, payload, plen); 712 ret = key->type->update(key, payload, plen);
710 713
711 if (ret == 0) { 714 if (ret == 0)
712 /* updating a negative key instantiates it */ 715 /* updating a negative key instantiates it */
713 write_lock(&key->lock); 716 clear_bit(KEY_FLAG_NEGATIVE, &key->flags);
714 key->flags &= ~KEY_FLAG_NEGATIVE;
715 write_unlock(&key->lock);
716 }
717 717
718 up_write(&key->sem); 718 up_write(&key->sem);
719 719
@@ -793,7 +793,7 @@ struct key *key_create_or_update(struct key *keyring,
793 } 793 }
794 794
795 /* instantiate it and link it into the target keyring */ 795 /* instantiate it and link it into the target keyring */
796 ret = __key_instantiate_and_link(key, payload, plen, keyring); 796 ret = __key_instantiate_and_link(key, payload, plen, keyring, NULL);
797 if (ret < 0) { 797 if (ret < 0) {
798 key_put(key); 798 key_put(key);
799 key = ERR_PTR(ret); 799 key = ERR_PTR(ret);
@@ -841,12 +841,9 @@ int key_update(struct key *key, const void *payload, size_t plen)
841 down_write(&key->sem); 841 down_write(&key->sem);
842 ret = key->type->update(key, payload, plen); 842 ret = key->type->update(key, payload, plen);
843 843
844 if (ret == 0) { 844 if (ret == 0)
845 /* updating a negative key instantiates it */ 845 /* updating a negative key instantiates it */
846 write_lock(&key->lock); 846 clear_bit(KEY_FLAG_NEGATIVE, &key->flags);
847 key->flags &= ~KEY_FLAG_NEGATIVE;
848 write_unlock(&key->lock);
849 }
850 847
851 up_write(&key->sem); 848 up_write(&key->sem);
852 } 849 }
@@ -892,10 +889,7 @@ struct key *key_duplicate(struct key *source, const char *desc)
892 goto error2; 889 goto error2;
893 890
894 atomic_inc(&key->user->nikeys); 891 atomic_inc(&key->user->nikeys);
895 892 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
896 write_lock(&key->lock);
897 key->flags |= KEY_FLAG_INSTANTIATED;
898 write_unlock(&key->lock);
899 893
900 error_k: 894 error_k:
901 up_read(&key_types_sem); 895 up_read(&key_types_sem);
@@ -922,9 +916,7 @@ void key_revoke(struct key *key)
922 /* make sure no one's trying to change or use the key when we mark 916 /* make sure no one's trying to change or use the key when we mark
923 * it */ 917 * it */
924 down_write(&key->sem); 918 down_write(&key->sem);
925 write_lock(&key->lock); 919 set_bit(KEY_FLAG_REVOKED, &key->flags);
926 key->flags |= KEY_FLAG_REVOKED;
927 write_unlock(&key->lock);
928 up_write(&key->sem); 920 up_write(&key->sem);
929 921
930} /* end key_revoke() */ 922} /* end key_revoke() */
@@ -975,24 +967,33 @@ void unregister_key_type(struct key_type *ktype)
975 /* withdraw the key type */ 967 /* withdraw the key type */
976 list_del_init(&ktype->link); 968 list_del_init(&ktype->link);
977 969
978 /* need to withdraw all keys of this type */ 970 /* mark all the keys of this type dead */
979 spin_lock(&key_serial_lock); 971 spin_lock(&key_serial_lock);
980 972
981 for (_n = rb_first(&key_serial_tree); _n; _n = rb_next(_n)) { 973 for (_n = rb_first(&key_serial_tree); _n; _n = rb_next(_n)) {
982 key = rb_entry(_n, struct key, serial_node); 974 key = rb_entry(_n, struct key, serial_node);
983 975
984 if (key->type != ktype) 976 if (key->type == ktype)
985 continue; 977 key->type = &key_type_dead;
978 }
979
980 spin_unlock(&key_serial_lock);
981
982 /* make sure everyone revalidates their keys */
983 synchronize_rcu();
986 984
987 write_lock(&key->lock); 985 /* we should now be able to destroy the payloads of all the keys of
988 key->type = &key_type_dead; 986 * this type with impunity */
989 write_unlock(&key->lock); 987 spin_lock(&key_serial_lock);
988
989 for (_n = rb_first(&key_serial_tree); _n; _n = rb_next(_n)) {
990 key = rb_entry(_n, struct key, serial_node);
990 991
991 /* there shouldn't be anyone looking at the description or 992 if (key->type == ktype) {
992 * payload now */ 993 if (ktype->destroy)
993 if (ktype->destroy) 994 ktype->destroy(key);
994 ktype->destroy(key); 995 memset(&key->payload, 0xbd, sizeof(key->payload));
995 memset(&key->payload, 0xbd, sizeof(key->payload)); 996 }
996 } 997 }
997 998
998 spin_unlock(&key_serial_lock); 999 spin_unlock(&key_serial_lock);
@@ -1037,4 +1038,5 @@ void __init key_init(void)
1037 1038
1038 /* link the two root keyrings together */ 1039 /* link the two root keyrings together */
1039 key_link(&root_session_keyring, &root_user_keyring); 1040 key_link(&root_session_keyring, &root_user_keyring);
1041
1040} /* end key_init() */ 1042} /* end key_init() */
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index dc0011b3fac9..a6516a64b297 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1,6 +1,6 @@
1/* keyctl.c: userspace keyctl operations 1/* keyctl.c: userspace keyctl operations
2 * 2 *
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
5 * 5 *
6 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -49,6 +49,10 @@ asmlinkage long sys_add_key(const char __user *_type,
49 goto error; 49 goto error;
50 type[31] = '\0'; 50 type[31] = '\0';
51 51
52 ret = -EPERM;
53 if (type[0] == '.')
54 goto error;
55
52 ret = -EFAULT; 56 ret = -EFAULT;
53 dlen = strnlen_user(_description, PAGE_SIZE - 1); 57 dlen = strnlen_user(_description, PAGE_SIZE - 1);
54 if (dlen <= 0) 58 if (dlen <= 0)
@@ -82,7 +86,7 @@ asmlinkage long sys_add_key(const char __user *_type,
82 } 86 }
83 87
84 /* find the target keyring (which must be writable) */ 88 /* find the target keyring (which must be writable) */
85 keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE); 89 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
86 if (IS_ERR(keyring)) { 90 if (IS_ERR(keyring)) {
87 ret = PTR_ERR(keyring); 91 ret = PTR_ERR(keyring);
88 goto error3; 92 goto error3;
@@ -137,6 +141,10 @@ asmlinkage long sys_request_key(const char __user *_type,
137 goto error; 141 goto error;
138 type[31] = '\0'; 142 type[31] = '\0';
139 143
144 ret = -EPERM;
145 if (type[0] == '.')
146 goto error;
147
140 /* pull the description into kernel space */ 148 /* pull the description into kernel space */
141 ret = -EFAULT; 149 ret = -EFAULT;
142 dlen = strnlen_user(_description, PAGE_SIZE - 1); 150 dlen = strnlen_user(_description, PAGE_SIZE - 1);
@@ -181,7 +189,7 @@ asmlinkage long sys_request_key(const char __user *_type,
181 /* get the destination keyring if specified */ 189 /* get the destination keyring if specified */
182 dest = NULL; 190 dest = NULL;
183 if (destringid) { 191 if (destringid) {
184 dest = lookup_user_key(destringid, 1, 0, KEY_WRITE); 192 dest = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE);
185 if (IS_ERR(dest)) { 193 if (IS_ERR(dest)) {
186 ret = PTR_ERR(dest); 194 ret = PTR_ERR(dest);
187 goto error3; 195 goto error3;
@@ -196,23 +204,15 @@ asmlinkage long sys_request_key(const char __user *_type,
196 } 204 }
197 205
198 /* do the search */ 206 /* do the search */
199 key = request_key(ktype, description, callout_info); 207 key = request_key_and_link(ktype, description, callout_info, dest);
200 if (IS_ERR(key)) { 208 if (IS_ERR(key)) {
201 ret = PTR_ERR(key); 209 ret = PTR_ERR(key);
202 goto error5; 210 goto error5;
203 } 211 }
204 212
205 /* link the resulting key to the destination keyring */
206 if (dest) {
207 ret = key_link(dest, key);
208 if (ret < 0)
209 goto error6;
210 }
211
212 ret = key->serial; 213 ret = key->serial;
213 214
214 error6: 215 key_put(key);
215 key_put(key);
216 error5: 216 error5:
217 key_type_put(ktype); 217 key_type_put(ktype);
218 error4: 218 error4:
@@ -237,7 +237,7 @@ long keyctl_get_keyring_ID(key_serial_t id, int create)
237 struct key *key; 237 struct key *key;
238 long ret; 238 long ret;
239 239
240 key = lookup_user_key(id, create, 0, KEY_SEARCH); 240 key = lookup_user_key(NULL, id, create, 0, KEY_SEARCH);
241 if (IS_ERR(key)) { 241 if (IS_ERR(key)) {
242 ret = PTR_ERR(key); 242 ret = PTR_ERR(key);
243 goto error; 243 goto error;
@@ -324,7 +324,7 @@ long keyctl_update_key(key_serial_t id,
324 } 324 }
325 325
326 /* find the target key (which must be writable) */ 326 /* find the target key (which must be writable) */
327 key = lookup_user_key(id, 0, 0, KEY_WRITE); 327 key = lookup_user_key(NULL, id, 0, 0, KEY_WRITE);
328 if (IS_ERR(key)) { 328 if (IS_ERR(key)) {
329 ret = PTR_ERR(key); 329 ret = PTR_ERR(key);
330 goto error2; 330 goto error2;
@@ -352,7 +352,7 @@ long keyctl_revoke_key(key_serial_t id)
352 struct key *key; 352 struct key *key;
353 long ret; 353 long ret;
354 354
355 key = lookup_user_key(id, 0, 0, KEY_WRITE); 355 key = lookup_user_key(NULL, id, 0, 0, KEY_WRITE);
356 if (IS_ERR(key)) { 356 if (IS_ERR(key)) {
357 ret = PTR_ERR(key); 357 ret = PTR_ERR(key);
358 goto error; 358 goto error;
@@ -363,7 +363,7 @@ long keyctl_revoke_key(key_serial_t id)
363 363
364 key_put(key); 364 key_put(key);
365 error: 365 error:
366 return 0; 366 return ret;
367 367
368} /* end keyctl_revoke_key() */ 368} /* end keyctl_revoke_key() */
369 369
@@ -378,7 +378,7 @@ long keyctl_keyring_clear(key_serial_t ringid)
378 struct key *keyring; 378 struct key *keyring;
379 long ret; 379 long ret;
380 380
381 keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE); 381 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
382 if (IS_ERR(keyring)) { 382 if (IS_ERR(keyring)) {
383 ret = PTR_ERR(keyring); 383 ret = PTR_ERR(keyring);
384 goto error; 384 goto error;
@@ -404,13 +404,13 @@ long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
404 struct key *keyring, *key; 404 struct key *keyring, *key;
405 long ret; 405 long ret;
406 406
407 keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE); 407 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
408 if (IS_ERR(keyring)) { 408 if (IS_ERR(keyring)) {
409 ret = PTR_ERR(keyring); 409 ret = PTR_ERR(keyring);
410 goto error; 410 goto error;
411 } 411 }
412 412
413 key = lookup_user_key(id, 1, 0, KEY_LINK); 413 key = lookup_user_key(NULL, id, 1, 0, KEY_LINK);
414 if (IS_ERR(key)) { 414 if (IS_ERR(key)) {
415 ret = PTR_ERR(key); 415 ret = PTR_ERR(key);
416 goto error2; 416 goto error2;
@@ -438,13 +438,13 @@ long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
438 struct key *keyring, *key; 438 struct key *keyring, *key;
439 long ret; 439 long ret;
440 440
441 keyring = lookup_user_key(ringid, 0, 0, KEY_WRITE); 441 keyring = lookup_user_key(NULL, ringid, 0, 0, KEY_WRITE);
442 if (IS_ERR(keyring)) { 442 if (IS_ERR(keyring)) {
443 ret = PTR_ERR(keyring); 443 ret = PTR_ERR(keyring);
444 goto error; 444 goto error;
445 } 445 }
446 446
447 key = lookup_user_key(id, 0, 0, 0); 447 key = lookup_user_key(NULL, id, 0, 0, 0);
448 if (IS_ERR(key)) { 448 if (IS_ERR(key)) {
449 ret = PTR_ERR(key); 449 ret = PTR_ERR(key);
450 goto error2; 450 goto error2;
@@ -475,16 +475,29 @@ long keyctl_describe_key(key_serial_t keyid,
475 char __user *buffer, 475 char __user *buffer,
476 size_t buflen) 476 size_t buflen)
477{ 477{
478 struct key *key; 478 struct key *key, *instkey;
479 char *tmpbuf; 479 char *tmpbuf;
480 long ret; 480 long ret;
481 481
482 key = lookup_user_key(keyid, 0, 1, KEY_VIEW); 482 key = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW);
483 if (IS_ERR(key)) { 483 if (IS_ERR(key)) {
484 /* viewing a key under construction is permitted if we have the
485 * authorisation token handy */
486 if (PTR_ERR(key) == -EACCES) {
487 instkey = key_get_instantiation_authkey(keyid);
488 if (!IS_ERR(instkey)) {
489 key_put(instkey);
490 key = lookup_user_key(NULL, keyid, 0, 1, 0);
491 if (!IS_ERR(key))
492 goto okay;
493 }
494 }
495
484 ret = PTR_ERR(key); 496 ret = PTR_ERR(key);
485 goto error; 497 goto error;
486 } 498 }
487 499
500okay:
488 /* calculate how much description we're going to return */ 501 /* calculate how much description we're going to return */
489 ret = -ENOMEM; 502 ret = -ENOMEM;
490 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL); 503 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL);
@@ -568,7 +581,7 @@ long keyctl_keyring_search(key_serial_t ringid,
568 goto error2; 581 goto error2;
569 582
570 /* get the keyring at which to begin the search */ 583 /* get the keyring at which to begin the search */
571 keyring = lookup_user_key(ringid, 0, 0, KEY_SEARCH); 584 keyring = lookup_user_key(NULL, ringid, 0, 0, KEY_SEARCH);
572 if (IS_ERR(keyring)) { 585 if (IS_ERR(keyring)) {
573 ret = PTR_ERR(keyring); 586 ret = PTR_ERR(keyring);
574 goto error2; 587 goto error2;
@@ -577,7 +590,7 @@ long keyctl_keyring_search(key_serial_t ringid,
577 /* get the destination keyring if specified */ 590 /* get the destination keyring if specified */
578 dest = NULL; 591 dest = NULL;
579 if (destringid) { 592 if (destringid) {
580 dest = lookup_user_key(destringid, 1, 0, KEY_WRITE); 593 dest = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE);
581 if (IS_ERR(dest)) { 594 if (IS_ERR(dest)) {
582 ret = PTR_ERR(dest); 595 ret = PTR_ERR(dest);
583 goto error3; 596 goto error3;
@@ -656,24 +669,25 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
656 long ret; 669 long ret;
657 670
658 /* find the key first */ 671 /* find the key first */
659 key = lookup_user_key(keyid, 0, 0, 0); 672 key = lookup_user_key(NULL, keyid, 0, 0, 0);
660 if (!IS_ERR(key)) { 673 if (!IS_ERR(key)) {
661 /* see if we can read it directly */ 674 /* see if we can read it directly */
662 if (key_permission(key, KEY_READ)) 675 if (key_permission(key, KEY_READ))
663 goto can_read_key; 676 goto can_read_key;
664 677
665 /* can't; see if it's searchable from this process's 678 /* we can't; see if it's searchable from this process's
666 * keyrings */ 679 * keyrings
667 ret = -ENOKEY; 680 * - we automatically take account of the fact that it may be
668 if (key_permission(key, KEY_SEARCH)) { 681 * dangling off an instantiation key
669 /* okay - we do have search permission on the key 682 */
670 * itself, but do we have the key? */ 683 skey = search_process_keyrings(key->type, key,
671 skey = search_process_keyrings_aux(key->type, key, 684 keyctl_read_key_same, current);
672 keyctl_read_key_same); 685 if (!IS_ERR(skey))
673 if (!IS_ERR(skey)) 686 goto can_read_key2;
674 goto can_read_key2; 687
675 } 688 ret = PTR_ERR(skey);
676 689 if (ret == -EAGAIN)
690 ret = -EACCES;
677 goto error2; 691 goto error2;
678 } 692 }
679 693
@@ -719,7 +733,7 @@ long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
719 if (uid == (uid_t) -1 && gid == (gid_t) -1) 733 if (uid == (uid_t) -1 && gid == (gid_t) -1)
720 goto error; 734 goto error;
721 735
722 key = lookup_user_key(id, 1, 1, 0); 736 key = lookup_user_key(NULL, id, 1, 1, 0);
723 if (IS_ERR(key)) { 737 if (IS_ERR(key)) {
724 ret = PTR_ERR(key); 738 ret = PTR_ERR(key);
725 goto error; 739 goto error;
@@ -728,7 +742,6 @@ long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
728 /* make the changes with the locks held to prevent chown/chown races */ 742 /* make the changes with the locks held to prevent chown/chown races */
729 ret = -EACCES; 743 ret = -EACCES;
730 down_write(&key->sem); 744 down_write(&key->sem);
731 write_lock(&key->lock);
732 745
733 if (!capable(CAP_SYS_ADMIN)) { 746 if (!capable(CAP_SYS_ADMIN)) {
734 /* only the sysadmin can chown a key to some other UID */ 747 /* only the sysadmin can chown a key to some other UID */
@@ -755,7 +768,6 @@ long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
755 ret = 0; 768 ret = 0;
756 769
757 no_access: 770 no_access:
758 write_unlock(&key->lock);
759 up_write(&key->sem); 771 up_write(&key->sem);
760 key_put(key); 772 key_put(key);
761 error: 773 error:
@@ -778,32 +790,25 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
778 if (perm & ~(KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) 790 if (perm & ~(KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL))
779 goto error; 791 goto error;
780 792
781 key = lookup_user_key(id, 1, 1, 0); 793 key = lookup_user_key(NULL, id, 1, 1, 0);
782 if (IS_ERR(key)) { 794 if (IS_ERR(key)) {
783 ret = PTR_ERR(key); 795 ret = PTR_ERR(key);
784 goto error; 796 goto error;
785 } 797 }
786 798
787 /* make the changes with the locks held to prevent chown/chmod 799 /* make the changes with the locks held to prevent chown/chmod races */
788 * races */
789 ret = -EACCES; 800 ret = -EACCES;
790 down_write(&key->sem); 801 down_write(&key->sem);
791 write_lock(&key->lock);
792
793 /* if we're not the sysadmin, we can only chmod a key that we
794 * own */
795 if (!capable(CAP_SYS_ADMIN) && key->uid != current->fsuid)
796 goto no_access;
797 802
798 /* changing the permissions mask */ 803 /* if we're not the sysadmin, we can only change a key that we own */
799 key->perm = perm; 804 if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) {
800 ret = 0; 805 key->perm = perm;
806 ret = 0;
807 }
801 808
802 no_access:
803 write_unlock(&key->lock);
804 up_write(&key->sem); 809 up_write(&key->sem);
805 key_put(key); 810 key_put(key);
806 error: 811error:
807 return ret; 812 return ret;
808 813
809} /* end keyctl_setperm_key() */ 814} /* end keyctl_setperm_key() */
@@ -818,7 +823,8 @@ long keyctl_instantiate_key(key_serial_t id,
818 size_t plen, 823 size_t plen,
819 key_serial_t ringid) 824 key_serial_t ringid)
820{ 825{
821 struct key *key, *keyring; 826 struct request_key_auth *rka;
827 struct key *instkey, *keyring;
822 void *payload; 828 void *payload;
823 long ret; 829 long ret;
824 830
@@ -840,18 +846,21 @@ long keyctl_instantiate_key(key_serial_t id,
840 goto error2; 846 goto error2;
841 } 847 }
842 848
843 /* find the target key (which must be writable) */ 849 /* find the instantiation authorisation key */
844 key = lookup_user_key(id, 0, 1, KEY_WRITE); 850 instkey = key_get_instantiation_authkey(id);
845 if (IS_ERR(key)) { 851 if (IS_ERR(instkey)) {
846 ret = PTR_ERR(key); 852 ret = PTR_ERR(instkey);
847 goto error2; 853 goto error2;
848 } 854 }
849 855
850 /* find the destination keyring if present (which must also be 856 rka = instkey->payload.data;
851 * writable) */ 857
858 /* find the destination keyring amongst those belonging to the
859 * requesting task */
852 keyring = NULL; 860 keyring = NULL;
853 if (ringid) { 861 if (ringid) {
854 keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE); 862 keyring = lookup_user_key(rka->context, ringid, 1, 0,
863 KEY_WRITE);
855 if (IS_ERR(keyring)) { 864 if (IS_ERR(keyring)) {
856 ret = PTR_ERR(keyring); 865 ret = PTR_ERR(keyring);
857 goto error3; 866 goto error3;
@@ -859,11 +868,12 @@ long keyctl_instantiate_key(key_serial_t id,
859 } 868 }
860 869
861 /* instantiate the key and link it into a keyring */ 870 /* instantiate the key and link it into a keyring */
862 ret = key_instantiate_and_link(key, payload, plen, keyring); 871 ret = key_instantiate_and_link(rka->target_key, payload, plen,
872 keyring, instkey);
863 873
864 key_put(keyring); 874 key_put(keyring);
865 error3: 875 error3:
866 key_put(key); 876 key_put(instkey);
867 error2: 877 error2:
868 kfree(payload); 878 kfree(payload);
869 error: 879 error:
@@ -878,21 +888,24 @@ long keyctl_instantiate_key(key_serial_t id,
878 */ 888 */
879long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 889long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
880{ 890{
881 struct key *key, *keyring; 891 struct request_key_auth *rka;
892 struct key *instkey, *keyring;
882 long ret; 893 long ret;
883 894
884 /* find the target key (which must be writable) */ 895 /* find the instantiation authorisation key */
885 key = lookup_user_key(id, 0, 1, KEY_WRITE); 896 instkey = key_get_instantiation_authkey(id);
886 if (IS_ERR(key)) { 897 if (IS_ERR(instkey)) {
887 ret = PTR_ERR(key); 898 ret = PTR_ERR(instkey);
888 goto error; 899 goto error;
889 } 900 }
890 901
902 rka = instkey->payload.data;
903
891 /* find the destination keyring if present (which must also be 904 /* find the destination keyring if present (which must also be
892 * writable) */ 905 * writable) */
893 keyring = NULL; 906 keyring = NULL;
894 if (ringid) { 907 if (ringid) {
895 keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE); 908 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
896 if (IS_ERR(keyring)) { 909 if (IS_ERR(keyring)) {
897 ret = PTR_ERR(keyring); 910 ret = PTR_ERR(keyring);
898 goto error2; 911 goto error2;
@@ -900,11 +913,11 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
900 } 913 }
901 914
902 /* instantiate the key and link it into a keyring */ 915 /* instantiate the key and link it into a keyring */
903 ret = key_negate_and_link(key, timeout, keyring); 916 ret = key_negate_and_link(rka->target_key, timeout, keyring, instkey);
904 917
905 key_put(keyring); 918 key_put(keyring);
906 error2: 919 error2:
907 key_put(key); 920 key_put(instkey);
908 error: 921 error:
909 return ret; 922 return ret;
910 923
@@ -912,6 +925,44 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
912 925
913/*****************************************************************************/ 926/*****************************************************************************/
914/* 927/*
928 * set the default keyring in which request_key() will cache keys
929 * - return the old setting
930 */
931long keyctl_set_reqkey_keyring(int reqkey_defl)
932{
933 int ret;
934
935 switch (reqkey_defl) {
936 case KEY_REQKEY_DEFL_THREAD_KEYRING:
937 ret = install_thread_keyring(current);
938 if (ret < 0)
939 return ret;
940 goto set;
941
942 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
943 ret = install_process_keyring(current);
944 if (ret < 0)
945 return ret;
946
947 case KEY_REQKEY_DEFL_DEFAULT:
948 case KEY_REQKEY_DEFL_SESSION_KEYRING:
949 case KEY_REQKEY_DEFL_USER_KEYRING:
950 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
951 set:
952 current->jit_keyring = reqkey_defl;
953
954 case KEY_REQKEY_DEFL_NO_CHANGE:
955 return current->jit_keyring;
956
957 case KEY_REQKEY_DEFL_GROUP_KEYRING:
958 default:
959 return -EINVAL;
960 }
961
962} /* end keyctl_set_reqkey_keyring() */
963
964/*****************************************************************************/
965/*
915 * the key control system call 966 * the key control system call
916 */ 967 */
917asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3, 968asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3,
@@ -980,6 +1031,9 @@ asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3,
980 (unsigned) arg3, 1031 (unsigned) arg3,
981 (key_serial_t) arg4); 1032 (key_serial_t) arg4);
982 1033
1034 case KEYCTL_SET_REQKEY_KEYRING:
1035 return keyctl_set_reqkey_keyring(arg2);
1036
983 default: 1037 default:
984 return -EOPNOTSUPP; 1038 return -EOPNOTSUPP;
985 } 1039 }
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index e2ab4f8e7481..9c208c756df8 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -1,6 +1,6 @@
1/* keyring.c: keyring handling 1/* keyring.c: keyring handling
2 * 2 *
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
5 * 5 *
6 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -129,13 +129,20 @@ static int keyring_duplicate(struct key *keyring, const struct key *source)
129 int loop, ret; 129 int loop, ret;
130 130
131 const unsigned limit = 131 const unsigned limit =
132 (PAGE_SIZE - sizeof(*klist)) / sizeof(struct key); 132 (PAGE_SIZE - sizeof(*klist)) / sizeof(struct key *);
133 133
134 ret = 0; 134 ret = 0;
135 sklist = source->payload.subscriptions;
136 135
137 if (sklist && sklist->nkeys > 0) { 136 /* find out how many keys are currently linked */
137 rcu_read_lock();
138 sklist = rcu_dereference(source->payload.subscriptions);
139 max = 0;
140 if (sklist)
138 max = sklist->nkeys; 141 max = sklist->nkeys;
142 rcu_read_unlock();
143
144 /* allocate a new payload and stuff load with key links */
145 if (max > 0) {
139 BUG_ON(max > limit); 146 BUG_ON(max > limit);
140 147
141 max = (max + 3) & ~3; 148 max = (max + 3) & ~3;
@@ -143,21 +150,27 @@ static int keyring_duplicate(struct key *keyring, const struct key *source)
143 max = limit; 150 max = limit;
144 151
145 ret = -ENOMEM; 152 ret = -ENOMEM;
146 size = sizeof(*klist) + sizeof(struct key) * max; 153 size = sizeof(*klist) + sizeof(struct key *) * max;
147 klist = kmalloc(size, GFP_KERNEL); 154 klist = kmalloc(size, GFP_KERNEL);
148 if (!klist) 155 if (!klist)
149 goto error; 156 goto error;
150 157
158 /* set links */
159 rcu_read_lock();
160 sklist = rcu_dereference(source->payload.subscriptions);
161
151 klist->maxkeys = max; 162 klist->maxkeys = max;
152 klist->nkeys = sklist->nkeys; 163 klist->nkeys = sklist->nkeys;
153 memcpy(klist->keys, 164 memcpy(klist->keys,
154 sklist->keys, 165 sklist->keys,
155 sklist->nkeys * sizeof(struct key)); 166 sklist->nkeys * sizeof(struct key *));
156 167
157 for (loop = klist->nkeys - 1; loop >= 0; loop--) 168 for (loop = klist->nkeys - 1; loop >= 0; loop--)
158 atomic_inc(&klist->keys[loop]->usage); 169 atomic_inc(&klist->keys[loop]->usage);
159 170
160 keyring->payload.subscriptions = klist; 171 rcu_read_unlock();
172
173 rcu_assign_pointer(keyring->payload.subscriptions, klist);
161 ret = 0; 174 ret = 0;
162 } 175 }
163 176
@@ -188,11 +201,15 @@ static void keyring_destroy(struct key *keyring)
188 201
189 if (keyring->description) { 202 if (keyring->description) {
190 write_lock(&keyring_name_lock); 203 write_lock(&keyring_name_lock);
191 list_del(&keyring->type_data.link); 204
205 if (keyring->type_data.link.next != NULL &&
206 !list_empty(&keyring->type_data.link))
207 list_del(&keyring->type_data.link);
208
192 write_unlock(&keyring_name_lock); 209 write_unlock(&keyring_name_lock);
193 } 210 }
194 211
195 klist = keyring->payload.subscriptions; 212 klist = rcu_dereference(keyring->payload.subscriptions);
196 if (klist) { 213 if (klist) {
197 for (loop = klist->nkeys - 1; loop >= 0; loop--) 214 for (loop = klist->nkeys - 1; loop >= 0; loop--)
198 key_put(klist->keys[loop]); 215 key_put(klist->keys[loop]);
@@ -216,17 +233,20 @@ static void keyring_describe(const struct key *keyring, struct seq_file *m)
216 seq_puts(m, "[anon]"); 233 seq_puts(m, "[anon]");
217 } 234 }
218 235
219 klist = keyring->payload.subscriptions; 236 rcu_read_lock();
237 klist = rcu_dereference(keyring->payload.subscriptions);
220 if (klist) 238 if (klist)
221 seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys); 239 seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys);
222 else 240 else
223 seq_puts(m, ": empty"); 241 seq_puts(m, ": empty");
242 rcu_read_unlock();
224 243
225} /* end keyring_describe() */ 244} /* end keyring_describe() */
226 245
227/*****************************************************************************/ 246/*****************************************************************************/
228/* 247/*
229 * read a list of key IDs from the keyring's contents 248 * read a list of key IDs from the keyring's contents
249 * - the keyring's semaphore is read-locked
230 */ 250 */
231static long keyring_read(const struct key *keyring, 251static long keyring_read(const struct key *keyring,
232 char __user *buffer, size_t buflen) 252 char __user *buffer, size_t buflen)
@@ -237,7 +257,7 @@ static long keyring_read(const struct key *keyring,
237 int loop, ret; 257 int loop, ret;
238 258
239 ret = 0; 259 ret = 0;
240 klist = keyring->payload.subscriptions; 260 klist = rcu_dereference(keyring->payload.subscriptions);
241 261
242 if (klist) { 262 if (klist) {
243 /* calculate how much data we could return */ 263 /* calculate how much data we could return */
@@ -292,7 +312,7 @@ struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
292 uid, gid, KEY_USR_ALL, not_in_quota); 312 uid, gid, KEY_USR_ALL, not_in_quota);
293 313
294 if (!IS_ERR(keyring)) { 314 if (!IS_ERR(keyring)) {
295 ret = key_instantiate_and_link(keyring, NULL, 0, dest); 315 ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);
296 if (ret < 0) { 316 if (ret < 0) {
297 key_put(keyring); 317 key_put(keyring);
298 keyring = ERR_PTR(ret); 318 keyring = ERR_PTR(ret);
@@ -310,17 +330,18 @@ struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
310 * - we only find keys on which we have search permission 330 * - we only find keys on which we have search permission
311 * - we use the supplied match function to see if the description (or other 331 * - we use the supplied match function to see if the description (or other
312 * feature of interest) matches 332 * feature of interest) matches
313 * - we readlock the keyrings as we search down the tree 333 * - we rely on RCU to prevent the keyring lists from disappearing on us
314 * - we return -EAGAIN if we didn't find any matching key 334 * - we return -EAGAIN if we didn't find any matching key
315 * - we return -ENOKEY if we only found negative matching keys 335 * - we return -ENOKEY if we only found negative matching keys
316 */ 336 */
317struct key *keyring_search_aux(struct key *keyring, 337struct key *keyring_search_aux(struct key *keyring,
338 struct task_struct *context,
318 struct key_type *type, 339 struct key_type *type,
319 const void *description, 340 const void *description,
320 key_match_func_t match) 341 key_match_func_t match)
321{ 342{
322 struct { 343 struct {
323 struct key *keyring; 344 struct keyring_list *keylist;
324 int kix; 345 int kix;
325 } stack[KEYRING_SEARCH_MAX_DEPTH]; 346 } stack[KEYRING_SEARCH_MAX_DEPTH];
326 347
@@ -328,13 +349,15 @@ struct key *keyring_search_aux(struct key *keyring,
328 struct timespec now; 349 struct timespec now;
329 struct key *key; 350 struct key *key;
330 long err; 351 long err;
331 int sp, psp, kix; 352 int sp, kix;
332 353
333 key_check(keyring); 354 key_check(keyring);
334 355
356 rcu_read_lock();
357
335 /* top keyring must have search permission to begin the search */ 358 /* top keyring must have search permission to begin the search */
336 key = ERR_PTR(-EACCES); 359 key = ERR_PTR(-EACCES);
337 if (!key_permission(keyring, KEY_SEARCH)) 360 if (!key_task_permission(keyring, context, KEY_SEARCH))
338 goto error; 361 goto error;
339 362
340 key = ERR_PTR(-ENOTDIR); 363 key = ERR_PTR(-ENOTDIR);
@@ -347,11 +370,10 @@ struct key *keyring_search_aux(struct key *keyring,
347 370
348 /* start processing a new keyring */ 371 /* start processing a new keyring */
349 descend: 372 descend:
350 read_lock(&keyring->lock); 373 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
351 if (keyring->flags & KEY_FLAG_REVOKED)
352 goto not_this_keyring; 374 goto not_this_keyring;
353 375
354 keylist = keyring->payload.subscriptions; 376 keylist = rcu_dereference(keyring->payload.subscriptions);
355 if (!keylist) 377 if (!keylist)
356 goto not_this_keyring; 378 goto not_this_keyring;
357 379
@@ -364,7 +386,7 @@ struct key *keyring_search_aux(struct key *keyring,
364 continue; 386 continue;
365 387
366 /* skip revoked keys and expired keys */ 388 /* skip revoked keys and expired keys */
367 if (key->flags & KEY_FLAG_REVOKED) 389 if (test_bit(KEY_FLAG_REVOKED, &key->flags))
368 continue; 390 continue;
369 391
370 if (key->expiry && now.tv_sec >= key->expiry) 392 if (key->expiry && now.tv_sec >= key->expiry)
@@ -375,11 +397,11 @@ struct key *keyring_search_aux(struct key *keyring,
375 continue; 397 continue;
376 398
377 /* key must have search permissions */ 399 /* key must have search permissions */
378 if (!key_permission(key, KEY_SEARCH)) 400 if (!key_task_permission(key, context, KEY_SEARCH))
379 continue; 401 continue;
380 402
381 /* we set a different error code if we find a negative key */ 403 /* we set a different error code if we find a negative key */
382 if (key->flags & KEY_FLAG_NEGATIVE) { 404 if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
383 err = -ENOKEY; 405 err = -ENOKEY;
384 continue; 406 continue;
385 } 407 }
@@ -390,48 +412,37 @@ struct key *keyring_search_aux(struct key *keyring,
390 /* search through the keyrings nested in this one */ 412 /* search through the keyrings nested in this one */
391 kix = 0; 413 kix = 0;
392 ascend: 414 ascend:
393 while (kix < keylist->nkeys) { 415 for (; kix < keylist->nkeys; kix++) {
394 key = keylist->keys[kix]; 416 key = keylist->keys[kix];
395 if (key->type != &key_type_keyring) 417 if (key->type != &key_type_keyring)
396 goto next; 418 continue;
397 419
398 /* recursively search nested keyrings 420 /* recursively search nested keyrings
399 * - only search keyrings for which we have search permission 421 * - only search keyrings for which we have search permission
400 */ 422 */
401 if (sp >= KEYRING_SEARCH_MAX_DEPTH) 423 if (sp >= KEYRING_SEARCH_MAX_DEPTH)
402 goto next; 424 continue;
403
404 if (!key_permission(key, KEY_SEARCH))
405 goto next;
406 425
407 /* evade loops in the keyring tree */ 426 if (!key_task_permission(key, context, KEY_SEARCH))
408 for (psp = 0; psp < sp; psp++) 427 continue;
409 if (stack[psp].keyring == keyring)
410 goto next;
411 428
412 /* stack the current position */ 429 /* stack the current position */
413 stack[sp].keyring = keyring; 430 stack[sp].keylist = keylist;
414 stack[sp].kix = kix; 431 stack[sp].kix = kix;
415 sp++; 432 sp++;
416 433
417 /* begin again with the new keyring */ 434 /* begin again with the new keyring */
418 keyring = key; 435 keyring = key;
419 goto descend; 436 goto descend;
420
421 next:
422 kix++;
423 } 437 }
424 438
425 /* the keyring we're looking at was disqualified or didn't contain a 439 /* the keyring we're looking at was disqualified or didn't contain a
426 * matching key */ 440 * matching key */
427 not_this_keyring: 441 not_this_keyring:
428 read_unlock(&keyring->lock);
429
430 if (sp > 0) { 442 if (sp > 0) {
431 /* resume the processing of a keyring higher up in the tree */ 443 /* resume the processing of a keyring higher up in the tree */
432 sp--; 444 sp--;
433 keyring = stack[sp].keyring; 445 keylist = stack[sp].keylist;
434 keylist = keyring->payload.subscriptions;
435 kix = stack[sp].kix + 1; 446 kix = stack[sp].kix + 1;
436 goto ascend; 447 goto ascend;
437 } 448 }
@@ -442,16 +453,9 @@ struct key *keyring_search_aux(struct key *keyring,
442 /* we found a viable match */ 453 /* we found a viable match */
443 found: 454 found:
444 atomic_inc(&key->usage); 455 atomic_inc(&key->usage);
445 read_unlock(&keyring->lock);
446
447 /* unwind the keyring stack */
448 while (sp > 0) {
449 sp--;
450 read_unlock(&stack[sp].keyring->lock);
451 }
452
453 key_check(key); 456 key_check(key);
454 error: 457 error:
458 rcu_read_unlock();
455 return key; 459 return key;
456 460
457} /* end keyring_search_aux() */ 461} /* end keyring_search_aux() */
@@ -469,7 +473,11 @@ struct key *keyring_search(struct key *keyring,
469 struct key_type *type, 473 struct key_type *type,
470 const char *description) 474 const char *description)
471{ 475{
472 return keyring_search_aux(keyring, type, description, type->match); 476 if (!type->match)
477 return ERR_PTR(-ENOKEY);
478
479 return keyring_search_aux(keyring, current,
480 type, description, type->match);
473 481
474} /* end keyring_search() */ 482} /* end keyring_search() */
475 483
@@ -489,15 +497,18 @@ struct key *__keyring_search_one(struct key *keyring,
489 struct key *key; 497 struct key *key;
490 int loop; 498 int loop;
491 499
492 klist = keyring->payload.subscriptions; 500 rcu_read_lock();
501
502 klist = rcu_dereference(keyring->payload.subscriptions);
493 if (klist) { 503 if (klist) {
494 for (loop = 0; loop < klist->nkeys; loop++) { 504 for (loop = 0; loop < klist->nkeys; loop++) {
495 key = klist->keys[loop]; 505 key = klist->keys[loop];
496 506
497 if (key->type == ktype && 507 if (key->type == ktype &&
498 key->type->match(key, description) && 508 (!key->type->match ||
509 key->type->match(key, description)) &&
499 key_permission(key, perm) && 510 key_permission(key, perm) &&
500 !(key->flags & KEY_FLAG_REVOKED) 511 !test_bit(KEY_FLAG_REVOKED, &key->flags)
501 ) 512 )
502 goto found; 513 goto found;
503 } 514 }
@@ -509,12 +520,58 @@ struct key *__keyring_search_one(struct key *keyring,
509 found: 520 found:
510 atomic_inc(&key->usage); 521 atomic_inc(&key->usage);
511 error: 522 error:
523 rcu_read_unlock();
512 return key; 524 return key;
513 525
514} /* end __keyring_search_one() */ 526} /* end __keyring_search_one() */
515 527
516/*****************************************************************************/ 528/*****************************************************************************/
517/* 529/*
530 * search for an instantiation authorisation key matching a target key
531 * - the RCU read lock must be held by the caller
532 * - a target_id of zero specifies any valid token
533 */
534struct key *keyring_search_instkey(struct key *keyring,
535 key_serial_t target_id)
536{
537 struct request_key_auth *rka;
538 struct keyring_list *klist;
539 struct key *instkey;
540 int loop;
541
542 klist = rcu_dereference(keyring->payload.subscriptions);
543 if (klist) {
544 for (loop = 0; loop < klist->nkeys; loop++) {
545 instkey = klist->keys[loop];
546
547 if (instkey->type != &key_type_request_key_auth)
548 continue;
549
550 rka = instkey->payload.data;
551 if (target_id && rka->target_key->serial != target_id)
552 continue;
553
554 /* the auth key is revoked during instantiation */
555 if (!test_bit(KEY_FLAG_REVOKED, &instkey->flags))
556 goto found;
557
558 instkey = ERR_PTR(-EKEYREVOKED);
559 goto error;
560 }
561 }
562
563 instkey = ERR_PTR(-EACCES);
564 goto error;
565
566found:
567 atomic_inc(&instkey->usage);
568error:
569 return instkey;
570
571} /* end keyring_search_instkey() */
572
573/*****************************************************************************/
574/*
518 * find a keyring with the specified name 575 * find a keyring with the specified name
519 * - all named keyrings are searched 576 * - all named keyrings are searched
520 * - only find keyrings with search permission for the process 577 * - only find keyrings with search permission for the process
@@ -540,7 +597,7 @@ struct key *find_keyring_by_name(const char *name, key_serial_t bound)
540 &keyring_name_hash[bucket], 597 &keyring_name_hash[bucket],
541 type_data.link 598 type_data.link
542 ) { 599 ) {
543 if (keyring->flags & KEY_FLAG_REVOKED) 600 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
544 continue; 601 continue;
545 602
546 if (strcmp(keyring->description, name) != 0) 603 if (strcmp(keyring->description, name) != 0)
@@ -579,7 +636,7 @@ struct key *find_keyring_by_name(const char *name, key_serial_t bound)
579static int keyring_detect_cycle(struct key *A, struct key *B) 636static int keyring_detect_cycle(struct key *A, struct key *B)
580{ 637{
581 struct { 638 struct {
582 struct key *subtree; 639 struct keyring_list *keylist;
583 int kix; 640 int kix;
584 } stack[KEYRING_SEARCH_MAX_DEPTH]; 641 } stack[KEYRING_SEARCH_MAX_DEPTH];
585 642
@@ -587,20 +644,21 @@ static int keyring_detect_cycle(struct key *A, struct key *B)
587 struct key *subtree, *key; 644 struct key *subtree, *key;
588 int sp, kix, ret; 645 int sp, kix, ret;
589 646
647 rcu_read_lock();
648
590 ret = -EDEADLK; 649 ret = -EDEADLK;
591 if (A == B) 650 if (A == B)
592 goto error; 651 goto cycle_detected;
593 652
594 subtree = B; 653 subtree = B;
595 sp = 0; 654 sp = 0;
596 655
597 /* start processing a new keyring */ 656 /* start processing a new keyring */
598 descend: 657 descend:
599 read_lock(&subtree->lock); 658 if (test_bit(KEY_FLAG_REVOKED, &subtree->flags))
600 if (subtree->flags & KEY_FLAG_REVOKED)
601 goto not_this_keyring; 659 goto not_this_keyring;
602 660
603 keylist = subtree->payload.subscriptions; 661 keylist = rcu_dereference(subtree->payload.subscriptions);
604 if (!keylist) 662 if (!keylist)
605 goto not_this_keyring; 663 goto not_this_keyring;
606 kix = 0; 664 kix = 0;
@@ -619,7 +677,7 @@ static int keyring_detect_cycle(struct key *A, struct key *B)
619 goto too_deep; 677 goto too_deep;
620 678
621 /* stack the current position */ 679 /* stack the current position */
622 stack[sp].subtree = subtree; 680 stack[sp].keylist = keylist;
623 stack[sp].kix = kix; 681 stack[sp].kix = kix;
624 sp++; 682 sp++;
625 683
@@ -632,13 +690,10 @@ static int keyring_detect_cycle(struct key *A, struct key *B)
632 /* the keyring we're looking at was disqualified or didn't contain a 690 /* the keyring we're looking at was disqualified or didn't contain a
633 * matching key */ 691 * matching key */
634 not_this_keyring: 692 not_this_keyring:
635 read_unlock(&subtree->lock);
636
637 if (sp > 0) { 693 if (sp > 0) {
638 /* resume the checking of a keyring higher up in the tree */ 694 /* resume the checking of a keyring higher up in the tree */
639 sp--; 695 sp--;
640 subtree = stack[sp].subtree; 696 keylist = stack[sp].keylist;
641 keylist = subtree->payload.subscriptions;
642 kix = stack[sp].kix + 1; 697 kix = stack[sp].kix + 1;
643 goto ascend; 698 goto ascend;
644 } 699 }
@@ -646,30 +701,36 @@ static int keyring_detect_cycle(struct key *A, struct key *B)
646 ret = 0; /* no cycles detected */ 701 ret = 0; /* no cycles detected */
647 702
648 error: 703 error:
704 rcu_read_unlock();
649 return ret; 705 return ret;
650 706
651 too_deep: 707 too_deep:
652 ret = -ELOOP; 708 ret = -ELOOP;
653 goto error_unwind; 709 goto error;
710
654 cycle_detected: 711 cycle_detected:
655 ret = -EDEADLK; 712 ret = -EDEADLK;
656 error_unwind:
657 read_unlock(&subtree->lock);
658
659 /* unwind the keyring stack */
660 while (sp > 0) {
661 sp--;
662 read_unlock(&stack[sp].subtree->lock);
663 }
664
665 goto error; 713 goto error;
666 714
667} /* end keyring_detect_cycle() */ 715} /* end keyring_detect_cycle() */
668 716
669/*****************************************************************************/ 717/*****************************************************************************/
670/* 718/*
719 * dispose of a keyring list after the RCU grace period
720 */
721static void keyring_link_rcu_disposal(struct rcu_head *rcu)
722{
723 struct keyring_list *klist =
724 container_of(rcu, struct keyring_list, rcu);
725
726 kfree(klist);
727
728} /* end keyring_link_rcu_disposal() */
729
730/*****************************************************************************/
731/*
671 * link a key into to a keyring 732 * link a key into to a keyring
672 * - must be called with the keyring's semaphore held 733 * - must be called with the keyring's semaphore write-locked
673 */ 734 */
674int __key_link(struct key *keyring, struct key *key) 735int __key_link(struct key *keyring, struct key *key)
675{ 736{
@@ -679,7 +740,7 @@ int __key_link(struct key *keyring, struct key *key)
679 int ret; 740 int ret;
680 741
681 ret = -EKEYREVOKED; 742 ret = -EKEYREVOKED;
682 if (keyring->flags & KEY_FLAG_REVOKED) 743 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
683 goto error; 744 goto error;
684 745
685 ret = -ENOTDIR; 746 ret = -ENOTDIR;
@@ -710,9 +771,10 @@ int __key_link(struct key *keyring, struct key *key)
710 /* there's sufficient slack space to add directly */ 771 /* there's sufficient slack space to add directly */
711 atomic_inc(&key->usage); 772 atomic_inc(&key->usage);
712 773
713 write_lock(&keyring->lock); 774 klist->keys[klist->nkeys] = key;
714 klist->keys[klist->nkeys++] = key; 775 smp_wmb();
715 write_unlock(&keyring->lock); 776 klist->nkeys++;
777 smp_wmb();
716 778
717 ret = 0; 779 ret = 0;
718 } 780 }
@@ -723,7 +785,9 @@ int __key_link(struct key *keyring, struct key *key)
723 max += klist->maxkeys; 785 max += klist->maxkeys;
724 786
725 ret = -ENFILE; 787 ret = -ENFILE;
726 size = sizeof(*klist) + sizeof(*key) * max; 788 if (max > 65535)
789 goto error3;
790 size = sizeof(*klist) + sizeof(struct key *) * max;
727 if (size > PAGE_SIZE) 791 if (size > PAGE_SIZE)
728 goto error3; 792 goto error3;
729 793
@@ -743,14 +807,13 @@ int __key_link(struct key *keyring, struct key *key)
743 807
744 /* add the key into the new space */ 808 /* add the key into the new space */
745 atomic_inc(&key->usage); 809 atomic_inc(&key->usage);
746
747 write_lock(&keyring->lock);
748 keyring->payload.subscriptions = nklist;
749 nklist->keys[nklist->nkeys++] = key; 810 nklist->keys[nklist->nkeys++] = key;
750 write_unlock(&keyring->lock); 811
812 rcu_assign_pointer(keyring->payload.subscriptions, nklist);
751 813
752 /* dispose of the old keyring list */ 814 /* dispose of the old keyring list */
753 kfree(klist); 815 if (klist)
816 call_rcu(&klist->rcu, keyring_link_rcu_disposal);
754 817
755 ret = 0; 818 ret = 0;
756 } 819 }
@@ -791,11 +854,26 @@ EXPORT_SYMBOL(key_link);
791 854
792/*****************************************************************************/ 855/*****************************************************************************/
793/* 856/*
857 * dispose of a keyring list after the RCU grace period, freeing the unlinked
858 * key
859 */
860static void keyring_unlink_rcu_disposal(struct rcu_head *rcu)
861{
862 struct keyring_list *klist =
863 container_of(rcu, struct keyring_list, rcu);
864
865 key_put(klist->keys[klist->delkey]);
866 kfree(klist);
867
868} /* end keyring_unlink_rcu_disposal() */
869
870/*****************************************************************************/
871/*
794 * unlink the first link to a key from a keyring 872 * unlink the first link to a key from a keyring
795 */ 873 */
796int key_unlink(struct key *keyring, struct key *key) 874int key_unlink(struct key *keyring, struct key *key)
797{ 875{
798 struct keyring_list *klist; 876 struct keyring_list *klist, *nklist;
799 int loop, ret; 877 int loop, ret;
800 878
801 key_check(keyring); 879 key_check(keyring);
@@ -819,31 +897,46 @@ int key_unlink(struct key *keyring, struct key *key)
819 ret = -ENOENT; 897 ret = -ENOENT;
820 goto error; 898 goto error;
821 899
822 key_is_present: 900key_is_present:
901 /* we need to copy the key list for RCU purposes */
902 nklist = kmalloc(sizeof(*klist) +
903 sizeof(struct key *) * klist->maxkeys,
904 GFP_KERNEL);
905 if (!nklist)
906 goto nomem;
907 nklist->maxkeys = klist->maxkeys;
908 nklist->nkeys = klist->nkeys - 1;
909
910 if (loop > 0)
911 memcpy(&nklist->keys[0],
912 &klist->keys[0],
913 loop * sizeof(struct key *));
914
915 if (loop < nklist->nkeys)
916 memcpy(&nklist->keys[loop],
917 &klist->keys[loop + 1],
918 (nklist->nkeys - loop) * sizeof(struct key *));
919
823 /* adjust the user's quota */ 920 /* adjust the user's quota */
824 key_payload_reserve(keyring, 921 key_payload_reserve(keyring,
825 keyring->datalen - KEYQUOTA_LINK_BYTES); 922 keyring->datalen - KEYQUOTA_LINK_BYTES);
826 923
827 /* shuffle down the key pointers 924 rcu_assign_pointer(keyring->payload.subscriptions, nklist);
828 * - it might be worth shrinking the allocated memory, but that runs
829 * the risk of ENOMEM as we would have to copy
830 */
831 write_lock(&keyring->lock);
832 925
833 klist->nkeys--; 926 up_write(&keyring->sem);
834 if (loop < klist->nkeys)
835 memcpy(&klist->keys[loop],
836 &klist->keys[loop + 1],
837 (klist->nkeys - loop) * sizeof(struct key *));
838 927
839 write_unlock(&keyring->lock); 928 /* schedule for later cleanup */
929 klist->delkey = loop;
930 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
840 931
841 up_write(&keyring->sem);
842 key_put(key);
843 ret = 0; 932 ret = 0;
844 933
845 error: 934error:
846 return ret; 935 return ret;
936nomem:
937 ret = -ENOMEM;
938 up_write(&keyring->sem);
939 goto error;
847 940
848} /* end key_unlink() */ 941} /* end key_unlink() */
849 942
@@ -851,13 +944,32 @@ EXPORT_SYMBOL(key_unlink);
851 944
852/*****************************************************************************/ 945/*****************************************************************************/
853/* 946/*
947 * dispose of a keyring list after the RCU grace period, releasing the keys it
948 * links to
949 */
950static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
951{
952 struct keyring_list *klist;
953 int loop;
954
955 klist = container_of(rcu, struct keyring_list, rcu);
956
957 for (loop = klist->nkeys - 1; loop >= 0; loop--)
958 key_put(klist->keys[loop]);
959
960 kfree(klist);
961
962} /* end keyring_clear_rcu_disposal() */
963
964/*****************************************************************************/
965/*
854 * clear the specified process keyring 966 * clear the specified process keyring
855 * - implements keyctl(KEYCTL_CLEAR) 967 * - implements keyctl(KEYCTL_CLEAR)
856 */ 968 */
857int keyring_clear(struct key *keyring) 969int keyring_clear(struct key *keyring)
858{ 970{
859 struct keyring_list *klist; 971 struct keyring_list *klist;
860 int loop, ret; 972 int ret;
861 973
862 ret = -ENOTDIR; 974 ret = -ENOTDIR;
863 if (keyring->type == &key_type_keyring) { 975 if (keyring->type == &key_type_keyring) {
@@ -870,20 +982,15 @@ int keyring_clear(struct key *keyring)
870 key_payload_reserve(keyring, 982 key_payload_reserve(keyring,
871 sizeof(struct keyring_list)); 983 sizeof(struct keyring_list));
872 984
873 write_lock(&keyring->lock); 985 rcu_assign_pointer(keyring->payload.subscriptions,
874 keyring->payload.subscriptions = NULL; 986 NULL);
875 write_unlock(&keyring->lock);
876 } 987 }
877 988
878 up_write(&keyring->sem); 989 up_write(&keyring->sem);
879 990
880 /* free the keys after the locks have been dropped */ 991 /* free the keys after the locks have been dropped */
881 if (klist) { 992 if (klist)
882 for (loop = klist->nkeys - 1; loop >= 0; loop--) 993 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
883 key_put(klist->keys[loop]);
884
885 kfree(klist);
886 }
887 994
888 ret = 0; 995 ret = 0;
889 } 996 }
diff --git a/security/keys/proc.c b/security/keys/proc.c
index 91343b85c39c..c55cf1fd0826 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -140,7 +140,7 @@ static int proc_keys_show(struct seq_file *m, void *v)
140 140
141 now = current_kernel_time(); 141 now = current_kernel_time();
142 142
143 read_lock(&key->lock); 143 rcu_read_lock();
144 144
145 /* come up with a suitable timeout value */ 145 /* come up with a suitable timeout value */
146 if (key->expiry == 0) { 146 if (key->expiry == 0) {
@@ -164,14 +164,17 @@ static int proc_keys_show(struct seq_file *m, void *v)
164 sprintf(xbuf, "%luw", timo / (60*60*24*7)); 164 sprintf(xbuf, "%luw", timo / (60*60*24*7));
165 } 165 }
166 166
167#define showflag(KEY, LETTER, FLAG) \
168 (test_bit(FLAG, &(KEY)->flags) ? LETTER : '-')
169
167 seq_printf(m, "%08x %c%c%c%c%c%c %5d %4s %06x %5d %5d %-9.9s ", 170 seq_printf(m, "%08x %c%c%c%c%c%c %5d %4s %06x %5d %5d %-9.9s ",
168 key->serial, 171 key->serial,
169 key->flags & KEY_FLAG_INSTANTIATED ? 'I' : '-', 172 showflag(key, 'I', KEY_FLAG_INSTANTIATED),
170 key->flags & KEY_FLAG_REVOKED ? 'R' : '-', 173 showflag(key, 'R', KEY_FLAG_REVOKED),
171 key->flags & KEY_FLAG_DEAD ? 'D' : '-', 174 showflag(key, 'D', KEY_FLAG_DEAD),
172 key->flags & KEY_FLAG_IN_QUOTA ? 'Q' : '-', 175 showflag(key, 'Q', KEY_FLAG_IN_QUOTA),
173 key->flags & KEY_FLAG_USER_CONSTRUCT ? 'U' : '-', 176 showflag(key, 'U', KEY_FLAG_USER_CONSTRUCT),
174 key->flags & KEY_FLAG_NEGATIVE ? 'N' : '-', 177 showflag(key, 'N', KEY_FLAG_NEGATIVE),
175 atomic_read(&key->usage), 178 atomic_read(&key->usage),
176 xbuf, 179 xbuf,
177 key->perm, 180 key->perm,
@@ -179,11 +182,13 @@ static int proc_keys_show(struct seq_file *m, void *v)
179 key->gid, 182 key->gid,
180 key->type->name); 183 key->type->name);
181 184
185#undef showflag
186
182 if (key->type->describe) 187 if (key->type->describe)
183 key->type->describe(key, m); 188 key->type->describe(key, m);
184 seq_putc(m, '\n'); 189 seq_putc(m, '\n');
185 190
186 read_unlock(&key->lock); 191 rcu_read_unlock();
187 192
188 return 0; 193 return 0;
189 194
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 2eb0e471cd40..c089f78fb94e 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -1,6 +1,6 @@
1/* process_keys.c: management of a process's keyrings 1/* process_keys.c: management of a process's keyrings
2 * 2 *
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
5 * 5 *
6 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -38,10 +38,9 @@ struct key root_user_keyring = {
38 .serial = 2, 38 .serial = 2,
39 .type = &key_type_keyring, 39 .type = &key_type_keyring,
40 .user = &root_key_user, 40 .user = &root_key_user,
41 .lock = RW_LOCK_UNLOCKED,
42 .sem = __RWSEM_INITIALIZER(root_user_keyring.sem), 41 .sem = __RWSEM_INITIALIZER(root_user_keyring.sem),
43 .perm = KEY_USR_ALL, 42 .perm = KEY_USR_ALL,
44 .flags = KEY_FLAG_INSTANTIATED, 43 .flags = 1 << KEY_FLAG_INSTANTIATED,
45 .description = "_uid.0", 44 .description = "_uid.0",
46#ifdef KEY_DEBUGGING 45#ifdef KEY_DEBUGGING
47 .magic = KEY_DEBUG_MAGIC, 46 .magic = KEY_DEBUG_MAGIC,
@@ -54,10 +53,9 @@ struct key root_session_keyring = {
54 .serial = 1, 53 .serial = 1,
55 .type = &key_type_keyring, 54 .type = &key_type_keyring,
56 .user = &root_key_user, 55 .user = &root_key_user,
57 .lock = RW_LOCK_UNLOCKED,
58 .sem = __RWSEM_INITIALIZER(root_session_keyring.sem), 56 .sem = __RWSEM_INITIALIZER(root_session_keyring.sem),
59 .perm = KEY_USR_ALL, 57 .perm = KEY_USR_ALL,
60 .flags = KEY_FLAG_INSTANTIATED, 58 .flags = 1 << KEY_FLAG_INSTANTIATED,
61 .description = "_uid_ses.0", 59 .description = "_uid_ses.0",
62#ifdef KEY_DEBUGGING 60#ifdef KEY_DEBUGGING
63 .magic = KEY_DEBUG_MAGIC, 61 .magic = KEY_DEBUG_MAGIC,
@@ -167,7 +165,7 @@ int install_thread_keyring(struct task_struct *tsk)
167/* 165/*
168 * make sure a process keyring is installed 166 * make sure a process keyring is installed
169 */ 167 */
170static int install_process_keyring(struct task_struct *tsk) 168int install_process_keyring(struct task_struct *tsk)
171{ 169{
172 unsigned long flags; 170 unsigned long flags;
173 struct key *keyring; 171 struct key *keyring;
@@ -183,7 +181,7 @@ static int install_process_keyring(struct task_struct *tsk)
183 goto error; 181 goto error;
184 } 182 }
185 183
186 /* attach or swap keyrings */ 184 /* attach keyring */
187 spin_lock_irqsave(&tsk->sighand->siglock, flags); 185 spin_lock_irqsave(&tsk->sighand->siglock, flags);
188 if (!tsk->signal->process_keyring) { 186 if (!tsk->signal->process_keyring) {
189 tsk->signal->process_keyring = keyring; 187 tsk->signal->process_keyring = keyring;
@@ -229,12 +227,14 @@ static int install_session_keyring(struct task_struct *tsk,
229 227
230 /* install the keyring */ 228 /* install the keyring */
231 spin_lock_irqsave(&tsk->sighand->siglock, flags); 229 spin_lock_irqsave(&tsk->sighand->siglock, flags);
232 old = tsk->signal->session_keyring; 230 old = rcu_dereference(tsk->signal->session_keyring);
233 tsk->signal->session_keyring = keyring; 231 rcu_assign_pointer(tsk->signal->session_keyring, keyring);
234 spin_unlock_irqrestore(&tsk->sighand->siglock, flags); 232 spin_unlock_irqrestore(&tsk->sighand->siglock, flags);
235 233
236 ret = 0; 234 ret = 0;
237 235
236 /* we're using RCU on the pointer */
237 synchronize_rcu();
238 key_put(old); 238 key_put(old);
239 error: 239 error:
240 return ret; 240 return ret;
@@ -247,8 +247,6 @@ static int install_session_keyring(struct task_struct *tsk,
247 */ 247 */
248int copy_thread_group_keys(struct task_struct *tsk) 248int copy_thread_group_keys(struct task_struct *tsk)
249{ 249{
250 unsigned long flags;
251
252 key_check(current->thread_group->session_keyring); 250 key_check(current->thread_group->session_keyring);
253 key_check(current->thread_group->process_keyring); 251 key_check(current->thread_group->process_keyring);
254 252
@@ -256,10 +254,10 @@ int copy_thread_group_keys(struct task_struct *tsk)
256 tsk->signal->process_keyring = NULL; 254 tsk->signal->process_keyring = NULL;
257 255
258 /* same session keyring */ 256 /* same session keyring */
259 spin_lock_irqsave(&current->sighand->siglock, flags); 257 rcu_read_lock();
260 tsk->signal->session_keyring = 258 tsk->signal->session_keyring =
261 key_get(current->signal->session_keyring); 259 key_get(rcu_dereference(current->signal->session_keyring));
262 spin_unlock_irqrestore(&current->sighand->siglock, flags); 260 rcu_read_unlock();
263 261
264 return 0; 262 return 0;
265 263
@@ -349,9 +347,7 @@ void key_fsuid_changed(struct task_struct *tsk)
349 /* update the ownership of the thread keyring */ 347 /* update the ownership of the thread keyring */
350 if (tsk->thread_keyring) { 348 if (tsk->thread_keyring) {
351 down_write(&tsk->thread_keyring->sem); 349 down_write(&tsk->thread_keyring->sem);
352 write_lock(&tsk->thread_keyring->lock);
353 tsk->thread_keyring->uid = tsk->fsuid; 350 tsk->thread_keyring->uid = tsk->fsuid;
354 write_unlock(&tsk->thread_keyring->lock);
355 up_write(&tsk->thread_keyring->sem); 351 up_write(&tsk->thread_keyring->sem);
356 } 352 }
357 353
@@ -366,9 +362,7 @@ void key_fsgid_changed(struct task_struct *tsk)
366 /* update the ownership of the thread keyring */ 362 /* update the ownership of the thread keyring */
367 if (tsk->thread_keyring) { 363 if (tsk->thread_keyring) {
368 down_write(&tsk->thread_keyring->sem); 364 down_write(&tsk->thread_keyring->sem);
369 write_lock(&tsk->thread_keyring->lock);
370 tsk->thread_keyring->gid = tsk->fsgid; 365 tsk->thread_keyring->gid = tsk->fsgid;
371 write_unlock(&tsk->thread_keyring->lock);
372 up_write(&tsk->thread_keyring->sem); 366 up_write(&tsk->thread_keyring->sem);
373 } 367 }
374 368
@@ -382,13 +376,13 @@ void key_fsgid_changed(struct task_struct *tsk)
382 * - we return -EAGAIN if we didn't find any matching key 376 * - we return -EAGAIN if we didn't find any matching key
383 * - we return -ENOKEY if we found only negative matching keys 377 * - we return -ENOKEY if we found only negative matching keys
384 */ 378 */
385struct key *search_process_keyrings_aux(struct key_type *type, 379struct key *search_process_keyrings(struct key_type *type,
386 const void *description, 380 const void *description,
387 key_match_func_t match) 381 key_match_func_t match,
382 struct task_struct *context)
388{ 383{
389 struct task_struct *tsk = current; 384 struct request_key_auth *rka;
390 unsigned long flags; 385 struct key *key, *ret, *err, *instkey;
391 struct key *key, *ret, *err, *tmp;
392 386
393 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were 387 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
394 * searchable, but we failed to find a key or we found a negative key; 388 * searchable, but we failed to find a key or we found a negative key;
@@ -402,9 +396,9 @@ struct key *search_process_keyrings_aux(struct key_type *type,
402 err = ERR_PTR(-EAGAIN); 396 err = ERR_PTR(-EAGAIN);
403 397
404 /* search the thread keyring first */ 398 /* search the thread keyring first */
405 if (tsk->thread_keyring) { 399 if (context->thread_keyring) {
406 key = keyring_search_aux(tsk->thread_keyring, type, 400 key = keyring_search_aux(context->thread_keyring,
407 description, match); 401 context, type, description, match);
408 if (!IS_ERR(key)) 402 if (!IS_ERR(key))
409 goto found; 403 goto found;
410 404
@@ -422,9 +416,9 @@ struct key *search_process_keyrings_aux(struct key_type *type,
422 } 416 }
423 417
424 /* search the process keyring second */ 418 /* search the process keyring second */
425 if (tsk->signal->process_keyring) { 419 if (context->signal->process_keyring) {
426 key = keyring_search_aux(tsk->signal->process_keyring, 420 key = keyring_search_aux(context->signal->process_keyring,
427 type, description, match); 421 context, type, description, match);
428 if (!IS_ERR(key)) 422 if (!IS_ERR(key))
429 goto found; 423 goto found;
430 424
@@ -441,52 +435,93 @@ struct key *search_process_keyrings_aux(struct key_type *type,
441 } 435 }
442 } 436 }
443 437
444 /* search the session keyring last */ 438 /* search the session keyring */
445 spin_lock_irqsave(&tsk->sighand->siglock, flags); 439 if (context->signal->session_keyring) {
440 rcu_read_lock();
441 key = keyring_search_aux(
442 rcu_dereference(context->signal->session_keyring),
443 context, type, description, match);
444 rcu_read_unlock();
446 445
447 tmp = tsk->signal->session_keyring; 446 if (!IS_ERR(key))
448 if (!tmp) 447 goto found;
449 tmp = tsk->user->session_keyring;
450 atomic_inc(&tmp->usage);
451 448
452 spin_unlock_irqrestore(&tsk->sighand->siglock, flags); 449 switch (PTR_ERR(key)) {
450 case -EAGAIN: /* no key */
451 if (ret)
452 break;
453 case -ENOKEY: /* negative key */
454 ret = key;
455 break;
456 default:
457 err = key;
458 break;
459 }
460
461 /* if this process has a session keyring and that has an
462 * instantiation authorisation key in the bottom level, then we
463 * also search the keyrings of the process mentioned there */
464 if (context != current)
465 goto no_key;
466
467 rcu_read_lock();
468 instkey = __keyring_search_one(
469 rcu_dereference(context->signal->session_keyring),
470 &key_type_request_key_auth, NULL, 0);
471 rcu_read_unlock();
472
473 if (IS_ERR(instkey))
474 goto no_key;
475
476 rka = instkey->payload.data;
453 477
454 key = keyring_search_aux(tmp, type, description, match); 478 key = search_process_keyrings(type, description, match,
455 key_put(tmp); 479 rka->context);
456 if (!IS_ERR(key)) 480 key_put(instkey);
457 goto found;
458 481
459 switch (PTR_ERR(key)) { 482 if (!IS_ERR(key))
460 case -EAGAIN: /* no key */ 483 goto found;
461 if (ret) 484
485 switch (PTR_ERR(key)) {
486 case -EAGAIN: /* no key */
487 if (ret)
488 break;
489 case -ENOKEY: /* negative key */
490 ret = key;
462 break; 491 break;
463 case -ENOKEY: /* negative key */ 492 default:
464 ret = key; 493 err = key;
465 break; 494 break;
466 default: 495 }
467 err = key; 496 }
468 break; 497 /* or search the user-session keyring */
498 else {
499 key = keyring_search_aux(context->user->session_keyring,
500 context, type, description, match);
501 if (!IS_ERR(key))
502 goto found;
503
504 switch (PTR_ERR(key)) {
505 case -EAGAIN: /* no key */
506 if (ret)
507 break;
508 case -ENOKEY: /* negative key */
509 ret = key;
510 break;
511 default:
512 err = key;
513 break;
514 }
469 } 515 }
470 516
517
518no_key:
471 /* no key - decide on the error we're going to go for */ 519 /* no key - decide on the error we're going to go for */
472 key = ret ? ret : err; 520 key = ret ? ret : err;
473 521
474 found: 522found:
475 return key; 523 return key;
476 524
477} /* end search_process_keyrings_aux() */
478
479/*****************************************************************************/
480/*
481 * search the process keyrings for the first matching key
482 * - we return -EAGAIN if we didn't find any matching key
483 * - we return -ENOKEY if we found only negative matching keys
484 */
485struct key *search_process_keyrings(struct key_type *type,
486 const char *description)
487{
488 return search_process_keyrings_aux(type, description, type->match);
489
490} /* end search_process_keyrings() */ 525} /* end search_process_keyrings() */
491 526
492/*****************************************************************************/ 527/*****************************************************************************/
@@ -495,72 +530,73 @@ struct key *search_process_keyrings(struct key_type *type,
495 * - don't create special keyrings unless so requested 530 * - don't create special keyrings unless so requested
496 * - partially constructed keys aren't found unless requested 531 * - partially constructed keys aren't found unless requested
497 */ 532 */
498struct key *lookup_user_key(key_serial_t id, int create, int partial, 533struct key *lookup_user_key(struct task_struct *context, key_serial_t id,
499 key_perm_t perm) 534 int create, int partial, key_perm_t perm)
500{ 535{
501 struct task_struct *tsk = current;
502 unsigned long flags;
503 struct key *key; 536 struct key *key;
504 int ret; 537 int ret;
505 538
539 if (!context)
540 context = current;
541
506 key = ERR_PTR(-ENOKEY); 542 key = ERR_PTR(-ENOKEY);
507 543
508 switch (id) { 544 switch (id) {
509 case KEY_SPEC_THREAD_KEYRING: 545 case KEY_SPEC_THREAD_KEYRING:
510 if (!tsk->thread_keyring) { 546 if (!context->thread_keyring) {
511 if (!create) 547 if (!create)
512 goto error; 548 goto error;
513 549
514 ret = install_thread_keyring(tsk); 550 ret = install_thread_keyring(context);
515 if (ret < 0) { 551 if (ret < 0) {
516 key = ERR_PTR(ret); 552 key = ERR_PTR(ret);
517 goto error; 553 goto error;
518 } 554 }
519 } 555 }
520 556
521 key = tsk->thread_keyring; 557 key = context->thread_keyring;
522 atomic_inc(&key->usage); 558 atomic_inc(&key->usage);
523 break; 559 break;
524 560
525 case KEY_SPEC_PROCESS_KEYRING: 561 case KEY_SPEC_PROCESS_KEYRING:
526 if (!tsk->signal->process_keyring) { 562 if (!context->signal->process_keyring) {
527 if (!create) 563 if (!create)
528 goto error; 564 goto error;
529 565
530 ret = install_process_keyring(tsk); 566 ret = install_process_keyring(context);
531 if (ret < 0) { 567 if (ret < 0) {
532 key = ERR_PTR(ret); 568 key = ERR_PTR(ret);
533 goto error; 569 goto error;
534 } 570 }
535 } 571 }
536 572
537 key = tsk->signal->process_keyring; 573 key = context->signal->process_keyring;
538 atomic_inc(&key->usage); 574 atomic_inc(&key->usage);
539 break; 575 break;
540 576
541 case KEY_SPEC_SESSION_KEYRING: 577 case KEY_SPEC_SESSION_KEYRING:
542 if (!tsk->signal->session_keyring) { 578 if (!context->signal->session_keyring) {
543 /* always install a session keyring upon access if one 579 /* always install a session keyring upon access if one
544 * doesn't exist yet */ 580 * doesn't exist yet */
545 ret = install_session_keyring( 581 ret = install_session_keyring(
546 tsk, tsk->user->session_keyring); 582 context, context->user->session_keyring);
547 if (ret < 0) 583 if (ret < 0)
548 goto error; 584 goto error;
549 } 585 }
550 586
551 spin_lock_irqsave(&tsk->sighand->siglock, flags); 587 rcu_read_lock();
552 key = tsk->signal->session_keyring; 588 key = rcu_dereference(context->signal->session_keyring);
553 atomic_inc(&key->usage); 589 atomic_inc(&key->usage);
554 spin_unlock_irqrestore(&tsk->sighand->siglock, flags); 590 rcu_read_unlock();
555 break; 591 break;
556 592
557 case KEY_SPEC_USER_KEYRING: 593 case KEY_SPEC_USER_KEYRING:
558 key = tsk->user->uid_keyring; 594 key = context->user->uid_keyring;
559 atomic_inc(&key->usage); 595 atomic_inc(&key->usage);
560 break; 596 break;
561 597
562 case KEY_SPEC_USER_SESSION_KEYRING: 598 case KEY_SPEC_USER_SESSION_KEYRING:
563 key = tsk->user->session_keyring; 599 key = context->user->session_keyring;
564 atomic_inc(&key->usage); 600 atomic_inc(&key->usage);
565 break; 601 break;
566 602
@@ -580,7 +616,7 @@ struct key *lookup_user_key(key_serial_t id, int create, int partial,
580 break; 616 break;
581 } 617 }
582 618
583 /* check the status and permissions */ 619 /* check the status */
584 if (perm) { 620 if (perm) {
585 ret = key_validate(key); 621 ret = key_validate(key);
586 if (ret < 0) 622 if (ret < 0)
@@ -588,11 +624,13 @@ struct key *lookup_user_key(key_serial_t id, int create, int partial,
588 } 624 }
589 625
590 ret = -EIO; 626 ret = -EIO;
591 if (!partial && !(key->flags & KEY_FLAG_INSTANTIATED)) 627 if (!partial && !test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
592 goto invalid_key; 628 goto invalid_key;
593 629
630 /* check the permissions */
594 ret = -EACCES; 631 ret = -EACCES;
595 if (!key_permission(key, perm)) 632
633 if (!key_task_permission(key, context, perm))
596 goto invalid_key; 634 goto invalid_key;
597 635
598 error: 636 error:
@@ -615,7 +653,6 @@ struct key *lookup_user_key(key_serial_t id, int create, int partial,
615long join_session_keyring(const char *name) 653long join_session_keyring(const char *name)
616{ 654{
617 struct task_struct *tsk = current; 655 struct task_struct *tsk = current;
618 unsigned long flags;
619 struct key *keyring; 656 struct key *keyring;
620 long ret; 657 long ret;
621 658
@@ -625,9 +662,9 @@ long join_session_keyring(const char *name)
625 if (ret < 0) 662 if (ret < 0)
626 goto error; 663 goto error;
627 664
628 spin_lock_irqsave(&tsk->sighand->siglock, flags); 665 rcu_read_lock();
629 ret = tsk->signal->session_keyring->serial; 666 ret = rcu_dereference(tsk->signal->session_keyring)->serial;
630 spin_unlock_irqrestore(&tsk->sighand->siglock, flags); 667 rcu_read_unlock();
631 goto error; 668 goto error;
632 } 669 }
633 670
@@ -641,7 +678,7 @@ long join_session_keyring(const char *name)
641 keyring = keyring_alloc(name, tsk->uid, tsk->gid, 0, NULL); 678 keyring = keyring_alloc(name, tsk->uid, tsk->gid, 0, NULL);
642 if (IS_ERR(keyring)) { 679 if (IS_ERR(keyring)) {
643 ret = PTR_ERR(keyring); 680 ret = PTR_ERR(keyring);
644 goto error; 681 goto error2;
645 } 682 }
646 } 683 }
647 else if (IS_ERR(keyring)) { 684 else if (IS_ERR(keyring)) {
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 9705b1aeba5d..90c1506d007c 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -1,6 +1,6 @@
1/* request_key.c: request a key from userspace 1/* request_key.c: request a key from userspace
2 * 2 *
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
5 * 5 *
6 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -13,6 +13,7 @@
13#include <linux/sched.h> 13#include <linux/sched.h>
14#include <linux/kmod.h> 14#include <linux/kmod.h>
15#include <linux/err.h> 15#include <linux/err.h>
16#include <linux/keyctl.h>
16#include "internal.h" 17#include "internal.h"
17 18
18struct key_construction { 19struct key_construction {
@@ -27,18 +28,26 @@ DECLARE_WAIT_QUEUE_HEAD(request_key_conswq);
27/* 28/*
28 * request userspace finish the construction of a key 29 * request userspace finish the construction of a key
29 * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring> <info>" 30 * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring> <info>"
30 * - if callout_info is an empty string, it'll be rendered as a "-" instead
31 */ 31 */
32static int call_request_key(struct key *key, 32static int call_request_key(struct key *key,
33 const char *op, 33 const char *op,
34 const char *callout_info) 34 const char *callout_info)
35{ 35{
36 struct task_struct *tsk = current; 36 struct task_struct *tsk = current;
37 unsigned long flags;
38 key_serial_t prkey, sskey; 37 key_serial_t prkey, sskey;
38 struct key *session_keyring, *rkakey;
39 char *argv[10], *envp[3], uid_str[12], gid_str[12]; 39 char *argv[10], *envp[3], uid_str[12], gid_str[12];
40 char key_str[12], keyring_str[3][12]; 40 char key_str[12], keyring_str[3][12];
41 int i; 41 int ret, i;
42
43 kenter("{%d},%s,%s", key->serial, op, callout_info);
44
45 /* generate a new session keyring with an auth key in it */
46 session_keyring = request_key_auth_new(key, &rkakey);
47 if (IS_ERR(session_keyring)) {
48 ret = PTR_ERR(session_keyring);
49 goto error;
50 }
42 51
43 /* record the UID and GID */ 52 /* record the UID and GID */
44 sprintf(uid_str, "%d", current->fsuid); 53 sprintf(uid_str, "%d", current->fsuid);
@@ -55,17 +64,17 @@ static int call_request_key(struct key *key,
55 if (tsk->signal->process_keyring) 64 if (tsk->signal->process_keyring)
56 prkey = tsk->signal->process_keyring->serial; 65 prkey = tsk->signal->process_keyring->serial;
57 66
58 sskey = 0; 67 sprintf(keyring_str[1], "%d", prkey);
59 spin_lock_irqsave(&tsk->sighand->siglock, flags);
60 if (tsk->signal->session_keyring)
61 sskey = tsk->signal->session_keyring->serial;
62 spin_unlock_irqrestore(&tsk->sighand->siglock, flags);
63
64 68
65 if (!sskey) 69 if (tsk->signal->session_keyring) {
70 rcu_read_lock();
71 sskey = rcu_dereference(tsk->signal->session_keyring)->serial;
72 rcu_read_unlock();
73 }
74 else {
66 sskey = tsk->user->session_keyring->serial; 75 sskey = tsk->user->session_keyring->serial;
76 }
67 77
68 sprintf(keyring_str[1], "%d", prkey);
69 sprintf(keyring_str[2], "%d", sskey); 78 sprintf(keyring_str[2], "%d", sskey);
70 79
71 /* set up a minimal environment */ 80 /* set up a minimal environment */
@@ -84,11 +93,20 @@ static int call_request_key(struct key *key,
84 argv[i++] = keyring_str[0]; 93 argv[i++] = keyring_str[0];
85 argv[i++] = keyring_str[1]; 94 argv[i++] = keyring_str[1];
86 argv[i++] = keyring_str[2]; 95 argv[i++] = keyring_str[2];
87 argv[i++] = callout_info[0] ? (char *) callout_info : "-"; 96 argv[i++] = (char *) callout_info;
88 argv[i] = NULL; 97 argv[i] = NULL;
89 98
90 /* do it */ 99 /* do it */
91 return call_usermodehelper(argv[0], argv, envp, 1); 100 ret = call_usermodehelper_keys(argv[0], argv, envp, session_keyring, 1);
101
102 /* dispose of the special keys */
103 key_revoke(rkakey);
104 key_put(rkakey);
105 key_put(session_keyring);
106
107 error:
108 kleave(" = %d", ret);
109 return ret;
92 110
93} /* end call_request_key() */ 111} /* end call_request_key() */
94 112
@@ -105,7 +123,9 @@ static struct key *__request_key_construction(struct key_type *type,
105 struct key_construction cons; 123 struct key_construction cons;
106 struct timespec now; 124 struct timespec now;
107 struct key *key; 125 struct key *key;
108 int ret, negative; 126 int ret, negated;
127
128 kenter("%s,%s,%s", type->name, description, callout_info);
109 129
110 /* create a key and add it to the queue */ 130 /* create a key and add it to the queue */
111 key = key_alloc(type, description, 131 key = key_alloc(type, description,
@@ -113,9 +133,7 @@ static struct key *__request_key_construction(struct key_type *type,
113 if (IS_ERR(key)) 133 if (IS_ERR(key))
114 goto alloc_failed; 134 goto alloc_failed;
115 135
116 write_lock(&key->lock); 136 set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
117 key->flags |= KEY_FLAG_USER_CONSTRUCT;
118 write_unlock(&key->lock);
119 137
120 cons.key = key; 138 cons.key = key;
121 list_add_tail(&cons.link, &key->user->consq); 139 list_add_tail(&cons.link, &key->user->consq);
@@ -130,7 +148,7 @@ static struct key *__request_key_construction(struct key_type *type,
130 148
131 /* if the key wasn't instantiated, then we want to give an error */ 149 /* if the key wasn't instantiated, then we want to give an error */
132 ret = -ENOKEY; 150 ret = -ENOKEY;
133 if (!(key->flags & KEY_FLAG_INSTANTIATED)) 151 if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
134 goto request_failed; 152 goto request_failed;
135 153
136 down_write(&key_construction_sem); 154 down_write(&key_construction_sem);
@@ -139,12 +157,13 @@ static struct key *__request_key_construction(struct key_type *type,
139 157
140 /* also give an error if the key was negatively instantiated */ 158 /* also give an error if the key was negatively instantiated */
141 check_not_negative: 159 check_not_negative:
142 if (key->flags & KEY_FLAG_NEGATIVE) { 160 if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
143 key_put(key); 161 key_put(key);
144 key = ERR_PTR(-ENOKEY); 162 key = ERR_PTR(-ENOKEY);
145 } 163 }
146 164
147 out: 165 out:
166 kleave(" = %p", key);
148 return key; 167 return key;
149 168
150 request_failed: 169 request_failed:
@@ -152,24 +171,23 @@ static struct key *__request_key_construction(struct key_type *type,
152 * - remove from construction queue 171 * - remove from construction queue
153 * - mark the key as dead 172 * - mark the key as dead
154 */ 173 */
155 negative = 0; 174 negated = 0;
156 down_write(&key_construction_sem); 175 down_write(&key_construction_sem);
157 176
158 list_del(&cons.link); 177 list_del(&cons.link);
159 178
160 write_lock(&key->lock);
161 key->flags &= ~KEY_FLAG_USER_CONSTRUCT;
162
163 /* check it didn't get instantiated between the check and the down */ 179 /* check it didn't get instantiated between the check and the down */
164 if (!(key->flags & KEY_FLAG_INSTANTIATED)) { 180 if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
165 key->flags |= KEY_FLAG_INSTANTIATED | KEY_FLAG_NEGATIVE; 181 set_bit(KEY_FLAG_NEGATIVE, &key->flags);
166 negative = 1; 182 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
183 negated = 1;
167 } 184 }
168 185
169 write_unlock(&key->lock); 186 clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
187
170 up_write(&key_construction_sem); 188 up_write(&key_construction_sem);
171 189
172 if (!negative) 190 if (!negated)
173 goto check_not_negative; /* surprisingly, the key got 191 goto check_not_negative; /* surprisingly, the key got
174 * instantiated */ 192 * instantiated */
175 193
@@ -178,13 +196,12 @@ static struct key *__request_key_construction(struct key_type *type,
178 key->expiry = now.tv_sec + key_negative_timeout; 196 key->expiry = now.tv_sec + key_negative_timeout;
179 197
180 if (current->signal->session_keyring) { 198 if (current->signal->session_keyring) {
181 unsigned long flags;
182 struct key *keyring; 199 struct key *keyring;
183 200
184 spin_lock_irqsave(&current->sighand->siglock, flags); 201 rcu_read_lock();
185 keyring = current->signal->session_keyring; 202 keyring = rcu_dereference(current->signal->session_keyring);
186 atomic_inc(&keyring->usage); 203 atomic_inc(&keyring->usage);
187 spin_unlock_irqrestore(&current->sighand->siglock, flags); 204 rcu_read_unlock();
188 205
189 key_link(keyring, key); 206 key_link(keyring, key);
190 key_put(keyring); 207 key_put(keyring);
@@ -220,6 +237,9 @@ static struct key *request_key_construction(struct key_type *type,
220 237
221 DECLARE_WAITQUEUE(myself, current); 238 DECLARE_WAITQUEUE(myself, current);
222 239
240 kenter("%s,%s,{%d},%s",
241 type->name, description, user->uid, callout_info);
242
223 /* see if there's such a key under construction already */ 243 /* see if there's such a key under construction already */
224 down_write(&key_construction_sem); 244 down_write(&key_construction_sem);
225 245
@@ -236,6 +256,7 @@ static struct key *request_key_construction(struct key_type *type,
236 /* see about getting userspace to construct the key */ 256 /* see about getting userspace to construct the key */
237 key = __request_key_construction(type, description, callout_info); 257 key = __request_key_construction(type, description, callout_info);
238 error: 258 error:
259 kleave(" = %p", key);
239 return key; 260 return key;
240 261
241 /* someone else has the same key under construction 262 /* someone else has the same key under construction
@@ -249,8 +270,10 @@ static struct key *request_key_construction(struct key_type *type,
249 add_wait_queue(&request_key_conswq, &myself); 270 add_wait_queue(&request_key_conswq, &myself);
250 271
251 for (;;) { 272 for (;;) {
252 set_current_state(TASK_UNINTERRUPTIBLE); 273 set_current_state(TASK_INTERRUPTIBLE);
253 if (!(ckey->flags & KEY_FLAG_USER_CONSTRUCT)) 274 if (!test_bit(KEY_FLAG_USER_CONSTRUCT, &ckey->flags))
275 break;
276 if (signal_pending(current))
254 break; 277 break;
255 schedule(); 278 schedule();
256 } 279 }
@@ -271,21 +294,83 @@ static struct key *request_key_construction(struct key_type *type,
271 294
272/*****************************************************************************/ 295/*****************************************************************************/
273/* 296/*
297 * link a freshly minted key to an appropriate destination keyring
298 */
299static void request_key_link(struct key *key, struct key *dest_keyring)
300{
301 struct task_struct *tsk = current;
302 struct key *drop = NULL;
303
304 kenter("{%d},%p", key->serial, dest_keyring);
305
306 /* find the appropriate keyring */
307 if (!dest_keyring) {
308 switch (tsk->jit_keyring) {
309 case KEY_REQKEY_DEFL_DEFAULT:
310 case KEY_REQKEY_DEFL_THREAD_KEYRING:
311 dest_keyring = tsk->thread_keyring;
312 if (dest_keyring)
313 break;
314
315 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
316 dest_keyring = tsk->signal->process_keyring;
317 if (dest_keyring)
318 break;
319
320 case KEY_REQKEY_DEFL_SESSION_KEYRING:
321 rcu_read_lock();
322 dest_keyring = key_get(
323 rcu_dereference(tsk->signal->session_keyring));
324 rcu_read_unlock();
325 drop = dest_keyring;
326
327 if (dest_keyring)
328 break;
329
330 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
331 dest_keyring = current->user->session_keyring;
332 break;
333
334 case KEY_REQKEY_DEFL_USER_KEYRING:
335 dest_keyring = current->user->uid_keyring;
336 break;
337
338 case KEY_REQKEY_DEFL_GROUP_KEYRING:
339 default:
340 BUG();
341 }
342 }
343
344 /* and attach the key to it */
345 key_link(dest_keyring, key);
346
347 key_put(drop);
348
349 kleave("");
350
351} /* end request_key_link() */
352
353/*****************************************************************************/
354/*
274 * request a key 355 * request a key
275 * - search the process's keyrings 356 * - search the process's keyrings
276 * - check the list of keys being created or updated 357 * - check the list of keys being created or updated
277 * - call out to userspace for a key if requested (supplementary info can be 358 * - call out to userspace for a key if supplementary info was provided
278 * passed) 359 * - cache the key in an appropriate keyring
279 */ 360 */
280struct key *request_key(struct key_type *type, 361struct key *request_key_and_link(struct key_type *type,
281 const char *description, 362 const char *description,
282 const char *callout_info) 363 const char *callout_info,
364 struct key *dest_keyring)
283{ 365{
284 struct key_user *user; 366 struct key_user *user;
285 struct key *key; 367 struct key *key;
286 368
369 kenter("%s,%s,%s,%p",
370 type->name, description, callout_info, dest_keyring);
371
287 /* search all the process keyrings for a key */ 372 /* search all the process keyrings for a key */
288 key = search_process_keyrings_aux(type, description, type->match); 373 key = search_process_keyrings(type, description, type->match, current);
289 374
290 if (PTR_ERR(key) == -EAGAIN) { 375 if (PTR_ERR(key) == -EAGAIN) {
291 /* the search failed, but the keyrings were searchable, so we 376 /* the search failed, but the keyrings were searchable, so we
@@ -296,12 +381,13 @@ struct key *request_key(struct key_type *type,
296 381
297 /* - get hold of the user's construction queue */ 382 /* - get hold of the user's construction queue */
298 user = key_user_lookup(current->fsuid); 383 user = key_user_lookup(current->fsuid);
299 if (!user) { 384 if (!user)
300 key = ERR_PTR(-ENOMEM); 385 goto nomem;
301 goto error; 386
302 } 387 do {
388 if (signal_pending(current))
389 goto interrupted;
303 390
304 for (;;) {
305 /* ask userspace (returns NULL if it waited on a key 391 /* ask userspace (returns NULL if it waited on a key
306 * being constructed) */ 392 * being constructed) */
307 key = request_key_construction(type, description, 393 key = request_key_construction(type, description,
@@ -311,18 +397,46 @@ struct key *request_key(struct key_type *type,
311 397
312 /* someone else made the key we want, so we need to 398 /* someone else made the key we want, so we need to
313 * search again as it might now be available to us */ 399 * search again as it might now be available to us */
314 key = search_process_keyrings_aux(type, description, 400 key = search_process_keyrings(type, description,
315 type->match); 401 type->match, current);
316 if (PTR_ERR(key) != -EAGAIN) 402
317 break; 403 } while (PTR_ERR(key) == -EAGAIN);
318 }
319 404
320 key_user_put(user); 405 key_user_put(user);
406
407 /* link the new key into the appropriate keyring */
408 if (!IS_ERR(key))
409 request_key_link(key, dest_keyring);
321 } 410 }
322 411
323 error: 412error:
413 kleave(" = %p", key);
324 return key; 414 return key;
325 415
416nomem:
417 key = ERR_PTR(-ENOMEM);
418 goto error;
419
420interrupted:
421 key_user_put(user);
422 key = ERR_PTR(-EINTR);
423 goto error;
424
425} /* end request_key_and_link() */
426
427/*****************************************************************************/
428/*
429 * request a key
430 * - search the process's keyrings
431 * - check the list of keys being created or updated
432 * - call out to userspace for a key if supplementary info was provided
433 */
434struct key *request_key(struct key_type *type,
435 const char *description,
436 const char *callout_info)
437{
438 return request_key_and_link(type, description, callout_info, NULL);
439
326} /* end request_key() */ 440} /* end request_key() */
327 441
328EXPORT_SYMBOL(request_key); 442EXPORT_SYMBOL(request_key);
@@ -339,7 +453,8 @@ int key_validate(struct key *key)
339 if (key) { 453 if (key) {
340 /* check it's still accessible */ 454 /* check it's still accessible */
341 ret = -EKEYREVOKED; 455 ret = -EKEYREVOKED;
342 if (key->flags & (KEY_FLAG_REVOKED | KEY_FLAG_DEAD)) 456 if (test_bit(KEY_FLAG_REVOKED, &key->flags) ||
457 test_bit(KEY_FLAG_DEAD, &key->flags))
343 goto error; 458 goto error;
344 459
345 /* check it hasn't expired */ 460 /* check it hasn't expired */
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
new file mode 100644
index 000000000000..f22264632229
--- /dev/null
+++ b/security/keys/request_key_auth.c
@@ -0,0 +1,180 @@
1/* request_key_auth.c: request key authorisation controlling key def
2 *
3 * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#include <linux/module.h>
13#include <linux/sched.h>
14#include <linux/err.h>
15#include <linux/seq_file.h>
16#include "internal.h"
17
18static int request_key_auth_instantiate(struct key *, const void *, size_t);
19static void request_key_auth_describe(const struct key *, struct seq_file *);
20static void request_key_auth_destroy(struct key *);
21
22/*
23 * the request-key authorisation key type definition
24 */
25struct key_type key_type_request_key_auth = {
26 .name = ".request_key_auth",
27 .def_datalen = sizeof(struct request_key_auth),
28 .instantiate = request_key_auth_instantiate,
29 .describe = request_key_auth_describe,
30 .destroy = request_key_auth_destroy,
31};
32
33/*****************************************************************************/
34/*
35 * instantiate a request-key authorisation record
36 */
37static int request_key_auth_instantiate(struct key *key,
38 const void *data,
39 size_t datalen)
40{
41 struct request_key_auth *rka, *irka;
42 struct key *instkey;
43 int ret;
44
45 ret = -ENOMEM;
46 rka = kmalloc(sizeof(*rka), GFP_KERNEL);
47 if (rka) {
48 /* see if the calling process is already servicing the key
49 * request of another process */
50 instkey = key_get_instantiation_authkey(0);
51 if (!IS_ERR(instkey)) {
52 /* it is - use that instantiation context here too */
53 irka = instkey->payload.data;
54 rka->context = irka->context;
55 rka->pid = irka->pid;
56 key_put(instkey);
57 }
58 else {
59 /* it isn't - use this process as the context */
60 rka->context = current;
61 rka->pid = current->pid;
62 }
63
64 rka->target_key = key_get((struct key *) data);
65 key->payload.data = rka;
66 ret = 0;
67 }
68
69 return ret;
70
71} /* end request_key_auth_instantiate() */
72
73/*****************************************************************************/
74/*
75 *
76 */
77static void request_key_auth_describe(const struct key *key,
78 struct seq_file *m)
79{
80 struct request_key_auth *rka = key->payload.data;
81
82 seq_puts(m, "key:");
83 seq_puts(m, key->description);
84 seq_printf(m, " pid:%d", rka->pid);
85
86} /* end request_key_auth_describe() */
87
88/*****************************************************************************/
89/*
90 * destroy an instantiation authorisation token key
91 */
92static void request_key_auth_destroy(struct key *key)
93{
94 struct request_key_auth *rka = key->payload.data;
95
96 kenter("{%d}", key->serial);
97
98 key_put(rka->target_key);
99
100} /* end request_key_auth_destroy() */
101
102/*****************************************************************************/
103/*
104 * create a session keyring to be for the invokation of /sbin/request-key and
105 * stick an authorisation token in it
106 */
107struct key *request_key_auth_new(struct key *target, struct key **_rkakey)
108{
109 struct key *keyring, *rkakey = NULL;
110 char desc[20];
111 int ret;
112
113 kenter("%d,", target->serial);
114
115 /* allocate a new session keyring */
116 sprintf(desc, "_req.%u", target->serial);
117
118 keyring = keyring_alloc(desc, current->fsuid, current->fsgid, 1, NULL);
119 if (IS_ERR(keyring)) {
120 kleave("= %ld", PTR_ERR(keyring));
121 return keyring;
122 }
123
124 /* allocate the auth key */
125 sprintf(desc, "%x", target->serial);
126
127 rkakey = key_alloc(&key_type_request_key_auth, desc,
128 current->fsuid, current->fsgid,
129 KEY_USR_VIEW, 1);
130 if (IS_ERR(rkakey)) {
131 key_put(keyring);
132 kleave("= %ld", PTR_ERR(rkakey));
133 return rkakey;
134 }
135
136 /* construct and attach to the keyring */
137 ret = key_instantiate_and_link(rkakey, target, 0, keyring, NULL);
138 if (ret < 0) {
139 key_revoke(rkakey);
140 key_put(rkakey);
141 key_put(keyring);
142 kleave("= %d", ret);
143 return ERR_PTR(ret);
144 }
145
146 *_rkakey = rkakey;
147 kleave(" = {%d} ({%d})", keyring->serial, rkakey->serial);
148 return keyring;
149
150} /* end request_key_auth_new() */
151
152/*****************************************************************************/
153/*
154 * get the authorisation key for instantiation of a specific key if attached to
155 * the current process's keyrings
156 * - this key is inserted into a keyring and that is set as /sbin/request-key's
157 * session keyring
158 * - a target_id of zero specifies any valid token
159 */
160struct key *key_get_instantiation_authkey(key_serial_t target_id)
161{
162 struct task_struct *tsk = current;
163 struct key *instkey;
164
165 /* we must have our own personal session keyring */
166 if (!tsk->signal->session_keyring)
167 return ERR_PTR(-EACCES);
168
169 /* and it must contain a suitable request authorisation key
170 * - lock RCU against session keyring changing
171 */
172 rcu_read_lock();
173
174 instkey = keyring_search_instkey(
175 rcu_dereference(tsk->signal->session_keyring), target_id);
176
177 rcu_read_unlock();
178 return instkey;
179
180} /* end key_get_instantiation_authkey() */
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index 8d65b3a28129..e446acba73d3 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -42,12 +42,21 @@ struct key_type key_type_user = {
42 .read = user_read, 42 .read = user_read,
43}; 43};
44 44
45struct user_key_payload {
46 struct rcu_head rcu; /* RCU destructor */
47 unsigned short datalen; /* length of this data */
48 char data[0]; /* actual data */
49};
50
51EXPORT_SYMBOL_GPL(key_type_user);
52
45/*****************************************************************************/ 53/*****************************************************************************/
46/* 54/*
47 * instantiate a user defined key 55 * instantiate a user defined key
48 */ 56 */
49static int user_instantiate(struct key *key, const void *data, size_t datalen) 57static int user_instantiate(struct key *key, const void *data, size_t datalen)
50{ 58{
59 struct user_key_payload *upayload;
51 int ret; 60 int ret;
52 61
53 ret = -EINVAL; 62 ret = -EINVAL;
@@ -58,13 +67,15 @@ static int user_instantiate(struct key *key, const void *data, size_t datalen)
58 if (ret < 0) 67 if (ret < 0)
59 goto error; 68 goto error;
60 69
61 /* attach the data */
62 ret = -ENOMEM; 70 ret = -ENOMEM;
63 key->payload.data = kmalloc(datalen, GFP_KERNEL); 71 upayload = kmalloc(sizeof(*upayload) + datalen, GFP_KERNEL);
64 if (!key->payload.data) 72 if (!upayload)
65 goto error; 73 goto error;
66 74
67 memcpy(key->payload.data, data, datalen); 75 /* attach the data */
76 upayload->datalen = datalen;
77 memcpy(upayload->data, data, datalen);
78 rcu_assign_pointer(key->payload.data, upayload);
68 ret = 0; 79 ret = 0;
69 80
70 error: 81 error:
@@ -75,18 +86,25 @@ static int user_instantiate(struct key *key, const void *data, size_t datalen)
75/*****************************************************************************/ 86/*****************************************************************************/
76/* 87/*
77 * duplicate a user defined key 88 * duplicate a user defined key
89 * - both keys' semaphores are locked against further modification
90 * - the new key cannot yet be accessed
78 */ 91 */
79static int user_duplicate(struct key *key, const struct key *source) 92static int user_duplicate(struct key *key, const struct key *source)
80{ 93{
94 struct user_key_payload *upayload, *spayload;
81 int ret; 95 int ret;
82 96
83 /* just copy the payload */ 97 /* just copy the payload */
84 ret = -ENOMEM; 98 ret = -ENOMEM;
85 key->payload.data = kmalloc(source->datalen, GFP_KERNEL); 99 upayload = kmalloc(sizeof(*upayload) + source->datalen, GFP_KERNEL);
100 if (upayload) {
101 spayload = rcu_dereference(source->payload.data);
102 BUG_ON(source->datalen != spayload->datalen);
103
104 upayload->datalen = key->datalen = spayload->datalen;
105 memcpy(upayload->data, spayload->data, key->datalen);
86 106
87 if (key->payload.data) { 107 key->payload.data = upayload;
88 key->datalen = source->datalen;
89 memcpy(key->payload.data, source->payload.data, source->datalen);
90 ret = 0; 108 ret = 0;
91 } 109 }
92 110
@@ -96,40 +114,54 @@ static int user_duplicate(struct key *key, const struct key *source)
96 114
97/*****************************************************************************/ 115/*****************************************************************************/
98/* 116/*
117 * dispose of the old data from an updated user defined key
118 */
119static void user_update_rcu_disposal(struct rcu_head *rcu)
120{
121 struct user_key_payload *upayload;
122
123 upayload = container_of(rcu, struct user_key_payload, rcu);
124
125 kfree(upayload);
126
127} /* end user_update_rcu_disposal() */
128
129/*****************************************************************************/
130/*
99 * update a user defined key 131 * update a user defined key
132 * - the key's semaphore is write-locked
100 */ 133 */
101static int user_update(struct key *key, const void *data, size_t datalen) 134static int user_update(struct key *key, const void *data, size_t datalen)
102{ 135{
103 void *new, *zap; 136 struct user_key_payload *upayload, *zap;
104 int ret; 137 int ret;
105 138
106 ret = -EINVAL; 139 ret = -EINVAL;
107 if (datalen <= 0 || datalen > 32767 || !data) 140 if (datalen <= 0 || datalen > 32767 || !data)
108 goto error; 141 goto error;
109 142
110 /* copy the data */ 143 /* construct a replacement payload */
111 ret = -ENOMEM; 144 ret = -ENOMEM;
112 new = kmalloc(datalen, GFP_KERNEL); 145 upayload = kmalloc(sizeof(*upayload) + datalen, GFP_KERNEL);
113 if (!new) 146 if (!upayload)
114 goto error; 147 goto error;
115 148
116 memcpy(new, data, datalen); 149 upayload->datalen = datalen;
150 memcpy(upayload->data, data, datalen);
117 151
118 /* check the quota and attach the new data */ 152 /* check the quota and attach the new data */
119 zap = new; 153 zap = upayload;
120 write_lock(&key->lock);
121 154
122 ret = key_payload_reserve(key, datalen); 155 ret = key_payload_reserve(key, datalen);
123 156
124 if (ret == 0) { 157 if (ret == 0) {
125 /* attach the new data, displacing the old */ 158 /* attach the new data, displacing the old */
126 zap = key->payload.data; 159 zap = key->payload.data;
127 key->payload.data = new; 160 rcu_assign_pointer(key->payload.data, upayload);
128 key->expiry = 0; 161 key->expiry = 0;
129 } 162 }
130 163
131 write_unlock(&key->lock); 164 call_rcu(&zap->rcu, user_update_rcu_disposal);
132 kfree(zap);
133 165
134 error: 166 error:
135 return ret; 167 return ret;
@@ -152,13 +184,15 @@ static int user_match(const struct key *key, const void *description)
152 */ 184 */
153static void user_destroy(struct key *key) 185static void user_destroy(struct key *key)
154{ 186{
155 kfree(key->payload.data); 187 struct user_key_payload *upayload = key->payload.data;
188
189 kfree(upayload);
156 190
157} /* end user_destroy() */ 191} /* end user_destroy() */
158 192
159/*****************************************************************************/ 193/*****************************************************************************/
160/* 194/*
161 * describe the user 195 * describe the user key
162 */ 196 */
163static void user_describe(const struct key *key, struct seq_file *m) 197static void user_describe(const struct key *key, struct seq_file *m)
164{ 198{
@@ -171,18 +205,23 @@ static void user_describe(const struct key *key, struct seq_file *m)
171/*****************************************************************************/ 205/*****************************************************************************/
172/* 206/*
173 * read the key data 207 * read the key data
208 * - the key's semaphore is read-locked
174 */ 209 */
175static long user_read(const struct key *key, 210static long user_read(const struct key *key,
176 char __user *buffer, size_t buflen) 211 char __user *buffer, size_t buflen)
177{ 212{
178 long ret = key->datalen; 213 struct user_key_payload *upayload;
214 long ret;
215
216 upayload = rcu_dereference(key->payload.data);
217 ret = upayload->datalen;
179 218
180 /* we can return the data as is */ 219 /* we can return the data as is */
181 if (buffer && buflen > 0) { 220 if (buffer && buflen > 0) {
182 if (buflen > key->datalen) 221 if (buflen > upayload->datalen)
183 buflen = key->datalen; 222 buflen = upayload->datalen;
184 223
185 if (copy_to_user(buffer, key->payload.data, buflen) != 0) 224 if (copy_to_user(buffer, upayload->data, buflen) != 0)
186 ret = -EFAULT; 225 ret = -EFAULT;
187 } 226 }
188 227
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 87302a49067b..2253f388234f 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -68,6 +68,7 @@
68#include <linux/personality.h> 68#include <linux/personality.h>
69#include <linux/sysctl.h> 69#include <linux/sysctl.h>
70#include <linux/audit.h> 70#include <linux/audit.h>
71#include <linux/string.h>
71 72
72#include "avc.h" 73#include "avc.h"
73#include "objsec.h" 74#include "objsec.h"
@@ -825,7 +826,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
825 sid = sbsec->def_sid; 826 sid = sbsec->def_sid;
826 rc = 0; 827 rc = 0;
827 } else { 828 } else {
828 rc = security_context_to_sid(context, rc, &sid); 829 rc = security_context_to_sid_default(context, rc, &sid,
830 sbsec->def_sid);
829 if (rc) { 831 if (rc) {
830 printk(KERN_WARNING "%s: context_to_sid(%s) " 832 printk(KERN_WARNING "%s: context_to_sid(%s) "
831 "returned %d for dev=%s ino=%ld\n", 833 "returned %d for dev=%s ino=%ld\n",
@@ -1658,9 +1660,8 @@ static int selinux_bprm_secureexec (struct linux_binprm *bprm)
1658 1660
1659static void selinux_bprm_free_security(struct linux_binprm *bprm) 1661static void selinux_bprm_free_security(struct linux_binprm *bprm)
1660{ 1662{
1661 struct bprm_security_struct *bsec = bprm->security; 1663 kfree(bprm->security);
1662 bprm->security = NULL; 1664 bprm->security = NULL;
1663 kfree(bsec);
1664} 1665}
1665 1666
1666extern struct vfsmount *selinuxfs_mount; 1667extern struct vfsmount *selinuxfs_mount;
@@ -1944,7 +1945,7 @@ static int selinux_sb_copy_data(struct file_system_type *type, void *orig, void
1944 } 1945 }
1945 } while (*in_end++); 1946 } while (*in_end++);
1946 1947
1947 copy_page(in_save, nosec_save); 1948 strcpy(in_save, nosec_save);
1948 free_page((unsigned long)nosec_save); 1949 free_page((unsigned long)nosec_save);
1949out: 1950out:
1950 return rc; 1951 return rc;
@@ -2477,6 +2478,17 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
2477 prot = reqprot; 2478 prot = reqprot;
2478 2479
2479#ifndef CONFIG_PPC32 2480#ifndef CONFIG_PPC32
2481 if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXECUTABLE) &&
2482 (vma->vm_start >= vma->vm_mm->start_brk &&
2483 vma->vm_end <= vma->vm_mm->brk)) {
2484 /*
2485 * We are making an executable mapping in the brk region.
2486 * This has an additional execheap check.
2487 */
2488 rc = task_has_perm(current, current, PROCESS__EXECHEAP);
2489 if (rc)
2490 return rc;
2491 }
2480 if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) { 2492 if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) {
2481 /* 2493 /*
2482 * We are making executable a file mapping that has 2494 * We are making executable a file mapping that has
@@ -2488,6 +2500,16 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
2488 if (rc) 2500 if (rc)
2489 return rc; 2501 return rc;
2490 } 2502 }
2503 if (!vma->vm_file && (prot & PROT_EXEC) &&
2504 vma->vm_start <= vma->vm_mm->start_stack &&
2505 vma->vm_end >= vma->vm_mm->start_stack) {
2506 /* Attempt to make the process stack executable.
2507 * This has an additional execstack check.
2508 */
2509 rc = task_has_perm(current, current, PROCESS__EXECSTACK);
2510 if (rc)
2511 return rc;
2512 }
2491#endif 2513#endif
2492 2514
2493 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED); 2515 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
@@ -3104,12 +3126,12 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address,
3104 3126
3105 if (sk->sk_family == PF_INET) { 3127 if (sk->sk_family == PF_INET) {
3106 addr4 = (struct sockaddr_in *)address; 3128 addr4 = (struct sockaddr_in *)address;
3107 if (addrlen != sizeof(struct sockaddr_in)) 3129 if (addrlen < sizeof(struct sockaddr_in))
3108 return -EINVAL; 3130 return -EINVAL;
3109 snum = ntohs(addr4->sin_port); 3131 snum = ntohs(addr4->sin_port);
3110 } else { 3132 } else {
3111 addr6 = (struct sockaddr_in6 *)address; 3133 addr6 = (struct sockaddr_in6 *)address;
3112 if (addrlen != sizeof(struct sockaddr_in6)) 3134 if (addrlen < SIN6_LEN_RFC2133)
3113 return -EINVAL; 3135 return -EINVAL;
3114 snum = ntohs(addr6->sin6_port); 3136 snum = ntohs(addr6->sin6_port);
3115 } 3137 }
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index 8928bb4d3c53..1deb59e1b762 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -70,6 +70,8 @@
70 S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition") 70 S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition")
71 S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent") 71 S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent")
72 S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") 72 S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")
73 S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")
74 S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")
73 S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") 75 S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
74 S_(SECCLASS_MSG, MSG__SEND, "send") 76 S_(SECCLASS_MSG, MSG__SEND, "send")
75 S_(SECCLASS_MSG, MSG__RECEIVE, "receive") 77 S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index bdfce4ca8f8e..a78b5d59c9fc 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -465,6 +465,8 @@
465#define PROCESS__DYNTRANSITION 0x00800000UL 465#define PROCESS__DYNTRANSITION 0x00800000UL
466#define PROCESS__SETCURRENT 0x01000000UL 466#define PROCESS__SETCURRENT 0x01000000UL
467#define PROCESS__EXECMEM 0x02000000UL 467#define PROCESS__EXECMEM 0x02000000UL
468#define PROCESS__EXECSTACK 0x04000000UL
469#define PROCESS__EXECHEAP 0x08000000UL
468 470
469#define IPC__CREATE 0x00000001UL 471#define IPC__CREATE 0x00000001UL
470#define IPC__DESTROY 0x00000002UL 472#define IPC__DESTROY 0x00000002UL
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index fa187c9a351d..71c0a19c9753 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -65,6 +65,8 @@ int security_sid_to_context(u32 sid, char **scontext,
65int security_context_to_sid(char *scontext, u32 scontext_len, 65int security_context_to_sid(char *scontext, u32 scontext_len,
66 u32 *out_sid); 66 u32 *out_sid);
67 67
68int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *out_sid, u32 def_sid);
69
68int security_get_user_sids(u32 callsid, char *username, 70int security_get_user_sids(u32 callsid, char *username,
69 u32 **sids, u32 *nel); 71 u32 **sids, u32 *nel);
70 72
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 07221568b505..8eb140dd2e4b 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -951,8 +951,7 @@ static int sel_make_bools(void)
951 u32 sid; 951 u32 sid;
952 952
953 /* remove any existing files */ 953 /* remove any existing files */
954 if (bool_pending_values) 954 kfree(bool_pending_values);
955 kfree(bool_pending_values);
956 955
957 sel_remove_bools(dir); 956 sel_remove_bools(dir);
958 957
@@ -997,10 +996,8 @@ static int sel_make_bools(void)
997out: 996out:
998 free_page((unsigned long)page); 997 free_page((unsigned long)page);
999 if (names) { 998 if (names) {
1000 for (i = 0; i < num; i++) { 999 for (i = 0; i < num; i++)
1001 if (names[i]) 1000 kfree(names[i]);
1002 kfree(names[i]);
1003 }
1004 kfree(names); 1001 kfree(names);
1005 } 1002 }
1006 return ret; 1003 return ret;
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index b53441184aca..e2057f5a411a 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -166,16 +166,14 @@ static void cond_list_destroy(struct cond_node *list)
166 166
167void cond_policydb_destroy(struct policydb *p) 167void cond_policydb_destroy(struct policydb *p)
168{ 168{
169 if (p->bool_val_to_struct != NULL) 169 kfree(p->bool_val_to_struct);
170 kfree(p->bool_val_to_struct);
171 avtab_destroy(&p->te_cond_avtab); 170 avtab_destroy(&p->te_cond_avtab);
172 cond_list_destroy(p->cond_list); 171 cond_list_destroy(p->cond_list);
173} 172}
174 173
175int cond_init_bool_indexes(struct policydb *p) 174int cond_init_bool_indexes(struct policydb *p)
176{ 175{
177 if (p->bool_val_to_struct) 176 kfree(p->bool_val_to_struct);
178 kfree(p->bool_val_to_struct);
179 p->bool_val_to_struct = (struct cond_bool_datum**) 177 p->bool_val_to_struct = (struct cond_bool_datum**)
180 kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum*), GFP_KERNEL); 178 kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum*), GFP_KERNEL);
181 if (!p->bool_val_to_struct) 179 if (!p->bool_val_to_struct)
@@ -185,8 +183,7 @@ int cond_init_bool_indexes(struct policydb *p)
185 183
186int cond_destroy_bool(void *key, void *datum, void *p) 184int cond_destroy_bool(void *key, void *datum, void *p)
187{ 185{
188 if (key) 186 kfree(key);
189 kfree(key);
190 kfree(datum); 187 kfree(datum);
191 return 0; 188 return 0;
192} 189}
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index 756036bcc243..d4c32c39ccc9 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -15,6 +15,7 @@
15#include <linux/slab.h> 15#include <linux/slab.h>
16#include <linux/string.h> 16#include <linux/string.h>
17#include <linux/errno.h> 17#include <linux/errno.h>
18#include "sidtab.h"
18#include "mls.h" 19#include "mls.h"
19#include "policydb.h" 20#include "policydb.h"
20#include "services.h" 21#include "services.h"
@@ -208,6 +209,26 @@ int mls_context_isvalid(struct policydb *p, struct context *c)
208} 209}
209 210
210/* 211/*
212 * Copies the MLS range from `src' into `dst'.
213 */
214static inline int mls_copy_context(struct context *dst,
215 struct context *src)
216{
217 int l, rc = 0;
218
219 /* Copy the MLS range from the source context */
220 for (l = 0; l < 2; l++) {
221 dst->range.level[l].sens = src->range.level[l].sens;
222 rc = ebitmap_cpy(&dst->range.level[l].cat,
223 &src->range.level[l].cat);
224 if (rc)
225 break;
226 }
227
228 return rc;
229}
230
231/*
211 * Set the MLS fields in the security context structure 232 * Set the MLS fields in the security context structure
212 * `context' based on the string representation in 233 * `context' based on the string representation in
213 * the string `*scontext'. Update `*scontext' to 234 * the string `*scontext'. Update `*scontext' to
@@ -216,10 +237,20 @@ int mls_context_isvalid(struct policydb *p, struct context *c)
216 * 237 *
217 * This function modifies the string in place, inserting 238 * This function modifies the string in place, inserting
218 * NULL characters to terminate the MLS fields. 239 * NULL characters to terminate the MLS fields.
240 *
241 * If a def_sid is provided and no MLS field is present,
242 * copy the MLS field of the associated default context.
243 * Used for upgraded to MLS systems where objects may lack
244 * MLS fields.
245 *
246 * Policy read-lock must be held for sidtab lookup.
247 *
219 */ 248 */
220int mls_context_to_sid(char oldc, 249int mls_context_to_sid(char oldc,
221 char **scontext, 250 char **scontext,
222 struct context *context) 251 struct context *context,
252 struct sidtab *s,
253 u32 def_sid)
223{ 254{
224 255
225 char delim; 256 char delim;
@@ -231,9 +262,23 @@ int mls_context_to_sid(char oldc,
231 if (!selinux_mls_enabled) 262 if (!selinux_mls_enabled)
232 return 0; 263 return 0;
233 264
234 /* No MLS component to the security context. */ 265 /*
235 if (!oldc) 266 * No MLS component to the security context, try and map to
267 * default if provided.
268 */
269 if (!oldc) {
270 struct context *defcon;
271
272 if (def_sid == SECSID_NULL)
273 goto out;
274
275 defcon = sidtab_search(s, def_sid);
276 if (!defcon)
277 goto out;
278
279 rc = mls_copy_context(context, defcon);
236 goto out; 280 goto out;
281 }
237 282
238 /* Extract low sensitivity. */ 283 /* Extract low sensitivity. */
239 scontextp = p = *scontext; 284 scontextp = p = *scontext;
@@ -334,26 +379,6 @@ out:
334} 379}
335 380
336/* 381/*
337 * Copies the MLS range from `src' into `dst'.
338 */
339static inline int mls_copy_context(struct context *dst,
340 struct context *src)
341{
342 int l, rc = 0;
343
344 /* Copy the MLS range from the source context */
345 for (l = 0; l < 2; l++) {
346 dst->range.level[l].sens = src->range.level[l].sens;
347 rc = ebitmap_cpy(&dst->range.level[l].cat,
348 &src->range.level[l].cat);
349 if (rc)
350 break;
351 }
352
353 return rc;
354}
355
356/*
357 * Copies the effective MLS range from `src' into `dst'. 382 * Copies the effective MLS range from `src' into `dst'.
358 */ 383 */
359static inline int mls_scopy_context(struct context *dst, 384static inline int mls_scopy_context(struct context *dst,
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h
index 0d37beaa85e2..03de697c8058 100644
--- a/security/selinux/ss/mls.h
+++ b/security/selinux/ss/mls.h
@@ -23,7 +23,9 @@ int mls_context_isvalid(struct policydb *p, struct context *c);
23 23
24int mls_context_to_sid(char oldc, 24int mls_context_to_sid(char oldc,
25 char **scontext, 25 char **scontext,
26 struct context *context); 26 struct context *context,
27 struct sidtab *s,
28 u32 def_sid);
27 29
28int mls_convert_context(struct policydb *oldp, 30int mls_convert_context(struct policydb *oldp,
29 struct policydb *newp, 31 struct policydb *newp,
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 14190efbf333..785c33cf4864 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -590,17 +590,12 @@ void policydb_destroy(struct policydb *p)
590 hashtab_destroy(p->symtab[i].table); 590 hashtab_destroy(p->symtab[i].table);
591 } 591 }
592 592
593 for (i = 0; i < SYM_NUM; i++) { 593 for (i = 0; i < SYM_NUM; i++)
594 if (p->sym_val_to_name[i]) 594 kfree(p->sym_val_to_name[i]);
595 kfree(p->sym_val_to_name[i]);
596 }
597 595
598 if (p->class_val_to_struct) 596 kfree(p->class_val_to_struct);
599 kfree(p->class_val_to_struct); 597 kfree(p->role_val_to_struct);
600 if (p->role_val_to_struct) 598 kfree(p->user_val_to_struct);
601 kfree(p->role_val_to_struct);
602 if (p->user_val_to_struct)
603 kfree(p->user_val_to_struct);
604 599
605 avtab_destroy(&p->te_avtab); 600 avtab_destroy(&p->te_avtab);
606 601
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index b6149147d5cb..014120474e69 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -601,18 +601,7 @@ out:
601 601
602} 602}
603 603
604/** 604static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid)
605 * security_context_to_sid - Obtain a SID for a given security context.
606 * @scontext: security context
607 * @scontext_len: length in bytes
608 * @sid: security identifier, SID
609 *
610 * Obtains a SID associated with the security context that
611 * has the string representation specified by @scontext.
612 * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
613 * memory is available, or 0 on success.
614 */
615int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
616{ 605{
617 char *scontext2; 606 char *scontext2;
618 struct context context; 607 struct context context;
@@ -703,7 +692,7 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
703 692
704 context.type = typdatum->value; 693 context.type = typdatum->value;
705 694
706 rc = mls_context_to_sid(oldc, &p, &context); 695 rc = mls_context_to_sid(oldc, &p, &context, &sidtab, def_sid);
707 if (rc) 696 if (rc)
708 goto out_unlock; 697 goto out_unlock;
709 698
@@ -727,6 +716,46 @@ out:
727 return rc; 716 return rc;
728} 717}
729 718
719/**
720 * security_context_to_sid - Obtain a SID for a given security context.
721 * @scontext: security context
722 * @scontext_len: length in bytes
723 * @sid: security identifier, SID
724 *
725 * Obtains a SID associated with the security context that
726 * has the string representation specified by @scontext.
727 * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
728 * memory is available, or 0 on success.
729 */
730int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
731{
732 return security_context_to_sid_core(scontext, scontext_len,
733 sid, SECSID_NULL);
734}
735
736/**
737 * security_context_to_sid_default - Obtain a SID for a given security context,
738 * falling back to specified default if needed.
739 *
740 * @scontext: security context
741 * @scontext_len: length in bytes
742 * @sid: security identifier, SID
743 * @def_sid: default SID to assign on errror
744 *
745 * Obtains a SID associated with the security context that
746 * has the string representation specified by @scontext.
747 * The default SID is passed to the MLS layer to be used to allow
748 * kernel labeling of the MLS field if the MLS field is not present
749 * (for upgrading to MLS without full relabel).
750 * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
751 * memory is available, or 0 on success.
752 */
753int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid)
754{
755 return security_context_to_sid_core(scontext, scontext_len,
756 sid, def_sid);
757}
758
730static int compute_sid_handle_invalid_context( 759static int compute_sid_handle_invalid_context(
731 struct context *scontext, 760 struct context *scontext,
732 struct context *tcontext, 761 struct context *tcontext,
@@ -1705,11 +1734,9 @@ out:
1705err: 1734err:
1706 if (*names) { 1735 if (*names) {
1707 for (i = 0; i < *len; i++) 1736 for (i = 0; i < *len; i++)
1708 if ((*names)[i]) 1737 kfree((*names)[i]);
1709 kfree((*names)[i]);
1710 } 1738 }
1711 if (*values) 1739 kfree(*values);
1712 kfree(*values);
1713 goto out; 1740 goto out;
1714} 1741}
1715 1742
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-06 22:06:27 -0500