aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/keys/compat.c4
-rw-r--r--security/keys/encrypted_defined.c1
-rw-r--r--security/keys/key.c80
-rw-r--r--security/keys/keyctl.c77
-rw-r--r--security/keys/keyring.c64
-rw-r--r--security/keys/permission.c8
-rw-r--r--security/keys/proc.c7
-rw-r--r--security/keys/process_keys.c23
-rw-r--r--security/keys/request_key_auth.c32
-rw-r--r--security/keys/user_defined.c32
10 files changed, 80 insertions, 248 deletions
diff --git a/security/keys/compat.c b/security/keys/compat.c
index 792c0a611a6d..3cedf6305179 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -14,7 +14,6 @@
14#include <linux/compat.h> 14#include <linux/compat.h>
15#include "internal.h" 15#include "internal.h"
16 16
17/*****************************************************************************/
18/* 17/*
19 * the key control system call, 32-bit compatibility version for 64-bit archs 18 * the key control system call, 32-bit compatibility version for 64-bit archs
20 * - this should only be called if the 64-bit arch uses weird pointers in 19 * - this should only be called if the 64-bit arch uses weird pointers in
@@ -88,5 +87,4 @@ asmlinkage long compat_sys_keyctl(u32 option,
88 default: 87 default:
89 return -EOPNOTSUPP; 88 return -EOPNOTSUPP;
90 } 89 }
91 90}
92} /* end compat_sys_keyctl() */
diff --git a/security/keys/encrypted_defined.c b/security/keys/encrypted_defined.c
index 32d27c858388..28791a65740e 100644
--- a/security/keys/encrypted_defined.c
+++ b/security/keys/encrypted_defined.c
@@ -888,7 +888,6 @@ static int __init init_encrypted(void)
888out: 888out:
889 encrypted_shash_release(); 889 encrypted_shash_release();
890 return ret; 890 return ret;
891
892} 891}
893 892
894static void __exit cleanup_encrypted(void) 893static void __exit cleanup_encrypted(void)
diff --git a/security/keys/key.c b/security/keys/key.c
index c1eac8084ade..3a92d7365870 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -56,7 +56,6 @@ void __key_check(const struct key *key)
56} 56}
57#endif 57#endif
58 58
59/*****************************************************************************/
60/* 59/*
61 * get the key quota record for a user, allocating a new record if one doesn't 60 * get the key quota record for a user, allocating a new record if one doesn't
62 * already exist 61 * already exist
@@ -130,10 +129,8 @@ struct key_user *key_user_lookup(uid_t uid, struct user_namespace *user_ns)
130 kfree(candidate); 129 kfree(candidate);
131 out: 130 out:
132 return user; 131 return user;
132}
133 133
134} /* end key_user_lookup() */
135
136/*****************************************************************************/
137/* 134/*
138 * dispose of a user structure 135 * dispose of a user structure
139 */ 136 */
@@ -146,10 +143,8 @@ void key_user_put(struct key_user *user)
146 143
147 kfree(user); 144 kfree(user);
148 } 145 }
146}
149 147
150} /* end key_user_put() */
151
152/*****************************************************************************/
153/* 148/*
154 * assign a key the next unique serial number 149 * assign a key the next unique serial number
155 * - these are assigned randomly to avoid security issues through covert 150 * - these are assigned randomly to avoid security issues through covert
@@ -211,10 +206,8 @@ serial_exists:
211 if (key->serial < xkey->serial) 206 if (key->serial < xkey->serial)
212 goto attempt_insertion; 207 goto attempt_insertion;
213 } 208 }
209}
214 210
215} /* end key_alloc_serial() */
216
217/*****************************************************************************/
218/* 211/*
219 * allocate a key of the specified type 212 * allocate a key of the specified type
220 * - update the user's quota to reflect the existence of the key 213 * - update the user's quota to reflect the existence of the key
@@ -344,12 +337,10 @@ no_quota:
344 key_user_put(user); 337 key_user_put(user);
345 key = ERR_PTR(-EDQUOT); 338 key = ERR_PTR(-EDQUOT);
346 goto error; 339 goto error;
347 340}
348} /* end key_alloc() */
349 341
350EXPORT_SYMBOL(key_alloc); 342EXPORT_SYMBOL(key_alloc);
351 343
352/*****************************************************************************/
353/* 344/*
354 * reserve an amount of quota for the key's payload 345 * reserve an amount of quota for the key's payload
355 */ 346 */
@@ -384,12 +375,10 @@ int key_payload_reserve(struct key *key, size_t datalen)
384 key->datalen = datalen; 375 key->datalen = datalen;
385 376
386 return ret; 377 return ret;
387 378}
388} /* end key_payload_reserve() */
389 379
390EXPORT_SYMBOL(key_payload_reserve); 380EXPORT_SYMBOL(key_payload_reserve);
391 381
392/*****************************************************************************/
393/* 382/*
394 * instantiate a key and link it into the target keyring atomically 383 * instantiate a key and link it into the target keyring atomically
395 * - called with the target keyring's semaphore writelocked 384 * - called with the target keyring's semaphore writelocked
@@ -441,10 +430,8 @@ static int __key_instantiate_and_link(struct key *key,
441 wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT); 430 wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT);
442 431
443 return ret; 432 return ret;
433}
444 434
445} /* end __key_instantiate_and_link() */
446
447/*****************************************************************************/
448/* 435/*
449 * instantiate a key and link it into the target keyring atomically 436 * instantiate a key and link it into the target keyring atomically
450 */ 437 */
@@ -471,12 +458,10 @@ int key_instantiate_and_link(struct key *key,
471 __key_link_end(keyring, key->type, prealloc); 458 __key_link_end(keyring, key->type, prealloc);
472 459
473 return ret; 460 return ret;
474 461}
475} /* end key_instantiate_and_link() */
476 462
477EXPORT_SYMBOL(key_instantiate_and_link); 463EXPORT_SYMBOL(key_instantiate_and_link);
478 464
479/*****************************************************************************/
480/* 465/*
481 * negatively instantiate a key and link it into the target keyring atomically 466 * negatively instantiate a key and link it into the target keyring atomically
482 */ 467 */
@@ -535,12 +520,10 @@ int key_negate_and_link(struct key *key,
535 wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT); 520 wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT);
536 521
537 return ret == 0 ? link_ret : ret; 522 return ret == 0 ? link_ret : ret;
538 523}
539} /* end key_negate_and_link() */
540 524
541EXPORT_SYMBOL(key_negate_and_link); 525EXPORT_SYMBOL(key_negate_and_link);
542 526
543/*****************************************************************************/
544/* 527/*
545 * do cleaning up in process context so that we don't have to disable 528 * do cleaning up in process context so that we don't have to disable
546 * interrupts all over the place 529 * interrupts all over the place
@@ -601,10 +584,8 @@ static void key_cleanup(struct work_struct *work)
601 584
602 /* there may, of course, be more than one key to destroy */ 585 /* there may, of course, be more than one key to destroy */
603 goto go_again; 586 goto go_again;
587}
604 588
605} /* end key_cleanup() */
606
607/*****************************************************************************/
608/* 589/*
609 * dispose of a reference to a key 590 * dispose of a reference to a key
610 * - when all the references are gone, we schedule the cleanup task to come and 591 * - when all the references are gone, we schedule the cleanup task to come and
@@ -618,12 +599,10 @@ void key_put(struct key *key)
618 if (atomic_dec_and_test(&key->usage)) 599 if (atomic_dec_and_test(&key->usage))
619 schedule_work(&key_cleanup_task); 600 schedule_work(&key_cleanup_task);
620 } 601 }
621 602}
622} /* end key_put() */
623 603
624EXPORT_SYMBOL(key_put); 604EXPORT_SYMBOL(key_put);
625 605
626/*****************************************************************************/
627/* 606/*
628 * find a key by its serial number 607 * find a key by its serial number
629 */ 608 */
@@ -664,10 +643,8 @@ struct key *key_lookup(key_serial_t id)
664 error: 643 error:
665 spin_unlock(&key_serial_lock); 644 spin_unlock(&key_serial_lock);
666 return key; 645 return key;
646}
667 647
668} /* end key_lookup() */
669
670/*****************************************************************************/
671/* 648/*
672 * find and lock the specified key type against removal 649 * find and lock the specified key type against removal
673 * - we return with the sem readlocked 650 * - we return with the sem readlocked
@@ -690,20 +667,16 @@ struct key_type *key_type_lookup(const char *type)
690 667
691 found_kernel_type: 668 found_kernel_type:
692 return ktype; 669 return ktype;
670}
693 671
694} /* end key_type_lookup() */
695
696/*****************************************************************************/
697/* 672/*
698 * unlock a key type 673 * unlock a key type
699 */ 674 */
700void key_type_put(struct key_type *ktype) 675void key_type_put(struct key_type *ktype)
701{ 676{
702 up_read(&key_types_sem); 677 up_read(&key_types_sem);
678}
703 679
704} /* end key_type_put() */
705
706/*****************************************************************************/
707/* 680/*
708 * attempt to update an existing key 681 * attempt to update an existing key
709 * - the key has an incremented refcount 682 * - the key has an incremented refcount
@@ -742,10 +715,8 @@ error:
742 key_put(key); 715 key_put(key);
743 key_ref = ERR_PTR(ret); 716 key_ref = ERR_PTR(ret);
744 goto out; 717 goto out;
718}
745 719
746} /* end __key_update() */
747
748/*****************************************************************************/
749/* 720/*
750 * search the specified keyring for a key of the same description; if one is 721 * search the specified keyring for a key of the same description; if one is
751 * found, update it, otherwise add a new one 722 * found, update it, otherwise add a new one
@@ -855,12 +826,10 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
855 826
856 key_ref = __key_update(key_ref, payload, plen); 827 key_ref = __key_update(key_ref, payload, plen);
857 goto error; 828 goto error;
858 829}
859} /* end key_create_or_update() */
860 830
861EXPORT_SYMBOL(key_create_or_update); 831EXPORT_SYMBOL(key_create_or_update);
862 832
863/*****************************************************************************/
864/* 833/*
865 * update a key 834 * update a key
866 */ 835 */
@@ -891,12 +860,10 @@ int key_update(key_ref_t key_ref, const void *payload, size_t plen)
891 860
892 error: 861 error:
893 return ret; 862 return ret;
894 863}
895} /* end key_update() */
896 864
897EXPORT_SYMBOL(key_update); 865EXPORT_SYMBOL(key_update);
898 866
899/*****************************************************************************/
900/* 867/*
901 * revoke a key 868 * revoke a key
902 */ 869 */
@@ -926,12 +893,10 @@ void key_revoke(struct key *key)
926 } 893 }
927 894
928 up_write(&key->sem); 895 up_write(&key->sem);
929 896}
930} /* end key_revoke() */
931 897
932EXPORT_SYMBOL(key_revoke); 898EXPORT_SYMBOL(key_revoke);
933 899
934/*****************************************************************************/
935/* 900/*
936 * register a type of key 901 * register a type of key
937 */ 902 */
@@ -956,12 +921,10 @@ int register_key_type(struct key_type *ktype)
956 out: 921 out:
957 up_write(&key_types_sem); 922 up_write(&key_types_sem);
958 return ret; 923 return ret;
959 924}
960} /* end register_key_type() */
961 925
962EXPORT_SYMBOL(register_key_type); 926EXPORT_SYMBOL(register_key_type);
963 927
964/*****************************************************************************/
965/* 928/*
966 * unregister a type of key 929 * unregister a type of key
967 */ 930 */
@@ -1010,12 +973,10 @@ void unregister_key_type(struct key_type *ktype)
1010 up_write(&key_types_sem); 973 up_write(&key_types_sem);
1011 974
1012 key_schedule_gc(0); 975 key_schedule_gc(0);
1013 976}
1014} /* end unregister_key_type() */
1015 977
1016EXPORT_SYMBOL(unregister_key_type); 978EXPORT_SYMBOL(unregister_key_type);
1017 979
1018/*****************************************************************************/
1019/* 980/*
1020 * initialise the key management stuff 981 * initialise the key management stuff
1021 */ 982 */
@@ -1037,5 +998,4 @@ void __init key_init(void)
1037 998
1038 rb_insert_color(&root_key_user.node, 999 rb_insert_color(&root_key_user.node,
1039 &key_user_tree); 1000 &key_user_tree);
1040 1001}
1041} /* end key_init() */
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 60924f6a52db..83ec98b7e98d 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -46,7 +46,6 @@ static int key_get_type_from_user(char *type,
46 return 0; 46 return 0;
47} 47}
48 48
49/*****************************************************************************/
50/* 49/*
51 * extract the description of a new key from userspace and either add it as a 50 * extract the description of a new key from userspace and either add it as a
52 * new key to the specified keyring or update a matching key in that keyring 51 * new key to the specified keyring or update a matching key in that keyring
@@ -132,10 +131,8 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type,
132 kfree(description); 131 kfree(description);
133 error: 132 error:
134 return ret; 133 return ret;
134}
135 135
136} /* end sys_add_key() */
137
138/*****************************************************************************/
139/* 136/*
140 * search the process keyrings for a matching key 137 * search the process keyrings for a matching key
141 * - nested keyrings may also be searched if they have Search permission 138 * - nested keyrings may also be searched if they have Search permission
@@ -222,10 +219,8 @@ error2:
222 kfree(description); 219 kfree(description);
223error: 220error:
224 return ret; 221 return ret;
222}
225 223
226} /* end sys_request_key() */
227
228/*****************************************************************************/
229/* 224/*
230 * get the ID of the specified process keyring 225 * get the ID of the specified process keyring
231 * - the keyring must have search permission to be found 226 * - the keyring must have search permission to be found
@@ -251,7 +246,6 @@ error:
251 246
252} /* end keyctl_get_keyring_ID() */ 247} /* end keyctl_get_keyring_ID() */
253 248
254/*****************************************************************************/
255/* 249/*
256 * join the session keyring 250 * join the session keyring
257 * - implements keyctl(KEYCTL_JOIN_SESSION_KEYRING) 251 * - implements keyctl(KEYCTL_JOIN_SESSION_KEYRING)
@@ -277,10 +271,8 @@ long keyctl_join_session_keyring(const char __user *_name)
277 271
278error: 272error:
279 return ret; 273 return ret;
274}
280 275
281} /* end keyctl_join_session_keyring() */
282
283/*****************************************************************************/
284/* 276/*
285 * update a key's data payload 277 * update a key's data payload
286 * - the key must be writable 278 * - the key must be writable
@@ -326,10 +318,8 @@ error2:
326 kfree(payload); 318 kfree(payload);
327error: 319error:
328 return ret; 320 return ret;
321}
329 322
330} /* end keyctl_update_key() */
331
332/*****************************************************************************/
333/* 323/*
334 * revoke a key 324 * revoke a key
335 * - the key must be writable 325 * - the key must be writable
@@ -358,10 +348,8 @@ long keyctl_revoke_key(key_serial_t id)
358 key_ref_put(key_ref); 348 key_ref_put(key_ref);
359error: 349error:
360 return ret; 350 return ret;
351}
361 352
362} /* end keyctl_revoke_key() */
363
364/*****************************************************************************/
365/* 353/*
366 * clear the specified process keyring 354 * clear the specified process keyring
367 * - the keyring must be writable 355 * - the keyring must be writable
@@ -383,10 +371,8 @@ long keyctl_keyring_clear(key_serial_t ringid)
383 key_ref_put(keyring_ref); 371 key_ref_put(keyring_ref);
384error: 372error:
385 return ret; 373 return ret;
374}
386 375
387} /* end keyctl_keyring_clear() */
388
389/*****************************************************************************/
390/* 376/*
391 * link a key into a keyring 377 * link a key into a keyring
392 * - the keyring must be writable 378 * - the keyring must be writable
@@ -417,10 +403,8 @@ error2:
417 key_ref_put(keyring_ref); 403 key_ref_put(keyring_ref);
418error: 404error:
419 return ret; 405 return ret;
406}
420 407
421} /* end keyctl_keyring_link() */
422
423/*****************************************************************************/
424/* 408/*
425 * unlink the first attachment of a key from a keyring 409 * unlink the first attachment of a key from a keyring
426 * - the keyring must be writable 410 * - the keyring must be writable
@@ -451,10 +435,8 @@ error2:
451 key_ref_put(keyring_ref); 435 key_ref_put(keyring_ref);
452error: 436error:
453 return ret; 437 return ret;
438}
454 439
455} /* end keyctl_keyring_unlink() */
456
457/*****************************************************************************/
458/* 440/*
459 * describe a user key 441 * describe a user key
460 * - the key must have view permission 442 * - the key must have view permission
@@ -531,10 +513,8 @@ error2:
531 key_ref_put(key_ref); 513 key_ref_put(key_ref);
532error: 514error:
533 return ret; 515 return ret;
516}
534 517
535} /* end keyctl_describe_key() */
536
537/*****************************************************************************/
538/* 518/*
539 * search the specified keyring for a matching key 519 * search the specified keyring for a matching key
540 * - the start keyring must be searchable 520 * - the start keyring must be searchable
@@ -626,10 +606,8 @@ error2:
626 kfree(description); 606 kfree(description);
627error: 607error:
628 return ret; 608 return ret;
609}
629 610
630} /* end keyctl_keyring_search() */
631
632/*****************************************************************************/
633/* 611/*
634 * read a user key's payload 612 * read a user key's payload
635 * - the keyring must be readable or the key must be searchable from the 613 * - the keyring must be readable or the key must be searchable from the
@@ -688,10 +666,8 @@ error2:
688 key_put(key); 666 key_put(key);
689error: 667error:
690 return ret; 668 return ret;
669}
691 670
692} /* end keyctl_read_key() */
693
694/*****************************************************************************/
695/* 671/*
696 * change the ownership of a key 672 * change the ownership of a key
697 * - the keyring owned by the changer 673 * - the keyring owned by the changer
@@ -796,10 +772,8 @@ quota_overrun:
796 zapowner = newowner; 772 zapowner = newowner;
797 ret = -EDQUOT; 773 ret = -EDQUOT;
798 goto error_put; 774 goto error_put;
775}
799 776
800} /* end keyctl_chown_key() */
801
802/*****************************************************************************/
803/* 777/*
804 * change the permission mask on a key 778 * change the permission mask on a key
805 * - the keyring owned by the changer 779 * - the keyring owned by the changer
@@ -838,8 +812,7 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
838 key_put(key); 812 key_put(key);
839error: 813error:
840 return ret; 814 return ret;
841 815}
842} /* end keyctl_setperm_key() */
843 816
844/* 817/*
845 * get the destination keyring for instantiation 818 * get the destination keyring for instantiation
@@ -895,7 +868,6 @@ static int keyctl_change_reqkey_auth(struct key *key)
895 return commit_creds(new); 868 return commit_creds(new);
896} 869}
897 870
898/*****************************************************************************/
899/* 871/*
900 * instantiate the key with the specified payload, and, if one is given, link 872 * instantiate the key with the specified payload, and, if one is given, link
901 * the key into the keyring 873 * the key into the keyring
@@ -973,10 +945,8 @@ error2:
973 vfree(payload); 945 vfree(payload);
974error: 946error:
975 return ret; 947 return ret;
948}
976 949
977} /* end keyctl_instantiate_key() */
978
979/*****************************************************************************/
980/* 950/*
981 * negatively instantiate the key with the given timeout (in seconds), and, if 951 * negatively instantiate the key with the given timeout (in seconds), and, if
982 * one is given, link the key into the keyring 952 * one is given, link the key into the keyring
@@ -1020,10 +990,8 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
1020 990
1021error: 991error:
1022 return ret; 992 return ret;
993}
1023 994
1024} /* end keyctl_negate_key() */
1025
1026/*****************************************************************************/
1027/* 995/*
1028 * set the default keyring in which request_key() will cache keys 996 * set the default keyring in which request_key() will cache keys
1029 * - return the old setting 997 * - return the old setting
@@ -1079,10 +1047,8 @@ set:
1079error: 1047error:
1080 abort_creds(new); 1048 abort_creds(new);
1081 return ret; 1049 return ret;
1050}
1082 1051
1083} /* end keyctl_set_reqkey_keyring() */
1084
1085/*****************************************************************************/
1086/* 1052/*
1087 * set or clear the timeout for a key 1053 * set or clear the timeout for a key
1088 */ 1054 */
@@ -1136,10 +1102,8 @@ okay:
1136 ret = 0; 1102 ret = 0;
1137error: 1103error:
1138 return ret; 1104 return ret;
1105}
1139 1106
1140} /* end keyctl_set_timeout() */
1141
1142/*****************************************************************************/
1143/* 1107/*
1144 * assume the authority to instantiate the specified key 1108 * assume the authority to instantiate the specified key
1145 */ 1109 */
@@ -1178,8 +1142,7 @@ long keyctl_assume_authority(key_serial_t id)
1178 ret = authkey->serial; 1142 ret = authkey->serial;
1179error: 1143error:
1180 return ret; 1144 return ret;
1181 1145}
1182} /* end keyctl_assume_authority() */
1183 1146
1184/* 1147/*
1185 * get the security label of a key 1148 * get the security label of a key
@@ -1348,7 +1311,6 @@ error_keyring:
1348#endif /* !TIF_NOTIFY_RESUME */ 1311#endif /* !TIF_NOTIFY_RESUME */
1349} 1312}
1350 1313
1351/*****************************************************************************/
1352/* 1314/*
1353 * the key control system call 1315 * the key control system call
1354 */ 1316 */
@@ -1439,5 +1401,4 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
1439 default: 1401 default:
1440 return -EOPNOTSUPP; 1402 return -EOPNOTSUPP;
1441 } 1403 }
1442 1404}
1443} /* end sys_keyctl() */
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index d37f713e73ce..0a2b8e916d97 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -80,7 +80,6 @@ EXPORT_SYMBOL(key_type_keyring);
80 */ 80 */
81static DECLARE_RWSEM(keyring_serialise_link_sem); 81static DECLARE_RWSEM(keyring_serialise_link_sem);
82 82
83/*****************************************************************************/
84/* 83/*
85 * publish the name of a keyring so that it can be found by name (if it has 84 * publish the name of a keyring so that it can be found by name (if it has
86 * one) 85 * one)
@@ -102,10 +101,8 @@ static void keyring_publish_name(struct key *keyring)
102 101
103 write_unlock(&keyring_name_lock); 102 write_unlock(&keyring_name_lock);
104 } 103 }
104}
105 105
106} /* end keyring_publish_name() */
107
108/*****************************************************************************/
109/* 106/*
110 * initialise a keyring 107 * initialise a keyring
111 * - we object if we were given any data 108 * - we object if we were given any data
@@ -123,10 +120,8 @@ static int keyring_instantiate(struct key *keyring,
123 } 120 }
124 121
125 return ret; 122 return ret;
123}
126 124
127} /* end keyring_instantiate() */
128
129/*****************************************************************************/
130/* 125/*
131 * match keyrings on their name 126 * match keyrings on their name
132 */ 127 */
@@ -134,10 +129,8 @@ static int keyring_match(const struct key *keyring, const void *description)
134{ 129{
135 return keyring->description && 130 return keyring->description &&
136 strcmp(keyring->description, description) == 0; 131 strcmp(keyring->description, description) == 0;
132}
137 133
138} /* end keyring_match() */
139
140/*****************************************************************************/
141/* 134/*
142 * dispose of the data dangling from the corpse of a keyring 135 * dispose of the data dangling from the corpse of a keyring
143 */ 136 */
@@ -164,10 +157,8 @@ static void keyring_destroy(struct key *keyring)
164 key_put(klist->keys[loop]); 157 key_put(klist->keys[loop]);
165 kfree(klist); 158 kfree(klist);
166 } 159 }
160}
167 161
168} /* end keyring_destroy() */
169
170/*****************************************************************************/
171/* 162/*
172 * describe the keyring 163 * describe the keyring
173 */ 164 */
@@ -187,10 +178,8 @@ static void keyring_describe(const struct key *keyring, struct seq_file *m)
187 else 178 else
188 seq_puts(m, ": empty"); 179 seq_puts(m, ": empty");
189 rcu_read_unlock(); 180 rcu_read_unlock();
181}
190 182
191} /* end keyring_describe() */
192
193/*****************************************************************************/
194/* 183/*
195 * read a list of key IDs from the keyring's contents 184 * read a list of key IDs from the keyring's contents
196 * - the keyring's semaphore is read-locked 185 * - the keyring's semaphore is read-locked
@@ -241,10 +230,8 @@ static long keyring_read(const struct key *keyring,
241 230
242error: 231error:
243 return ret; 232 return ret;
233}
244 234
245} /* end keyring_read() */
246
247/*****************************************************************************/
248/* 235/*
249 * allocate a keyring and link into the destination keyring 236 * allocate a keyring and link into the destination keyring
250 */ 237 */
@@ -269,10 +256,8 @@ struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
269 } 256 }
270 257
271 return keyring; 258 return keyring;
259}
272 260
273} /* end keyring_alloc() */
274
275/*****************************************************************************/
276/* 261/*
277 * search the supplied keyring tree for a key that matches the criterion 262 * search the supplied keyring tree for a key that matches the criterion
278 * - perform a breadth-then-depth search up to the prescribed limit 263 * - perform a breadth-then-depth search up to the prescribed limit
@@ -444,10 +429,8 @@ error_2:
444 rcu_read_unlock(); 429 rcu_read_unlock();
445error: 430error:
446 return key_ref; 431 return key_ref;
432}
447 433
448} /* end keyring_search_aux() */
449
450/*****************************************************************************/
451/* 434/*
452 * search the supplied keyring tree for a key that matches the criterion 435 * search the supplied keyring tree for a key that matches the criterion
453 * - perform a breadth-then-depth search up to the prescribed limit 436 * - perform a breadth-then-depth search up to the prescribed limit
@@ -465,12 +448,10 @@ key_ref_t keyring_search(key_ref_t keyring,
465 448
466 return keyring_search_aux(keyring, current->cred, 449 return keyring_search_aux(keyring, current->cred,
467 type, description, type->match); 450 type, description, type->match);
468 451}
469} /* end keyring_search() */
470 452
471EXPORT_SYMBOL(keyring_search); 453EXPORT_SYMBOL(keyring_search);
472 454
473/*****************************************************************************/
474/* 455/*
475 * search the given keyring only (no recursion) 456 * search the given keyring only (no recursion)
476 * - keyring must be locked by caller 457 * - keyring must be locked by caller
@@ -514,10 +495,8 @@ found:
514 atomic_inc(&key->usage); 495 atomic_inc(&key->usage);
515 rcu_read_unlock(); 496 rcu_read_unlock();
516 return make_key_ref(key, possessed); 497 return make_key_ref(key, possessed);
498}
517 499
518} /* end __keyring_search_one() */
519
520/*****************************************************************************/
521/* 500/*
522 * find a keyring with the specified name 501 * find a keyring with the specified name
523 * - all named keyrings are searched 502 * - all named keyrings are searched
@@ -569,10 +548,8 @@ struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
569out: 548out:
570 read_unlock(&keyring_name_lock); 549 read_unlock(&keyring_name_lock);
571 return keyring; 550 return keyring;
551}
572 552
573} /* end find_keyring_by_name() */
574
575/*****************************************************************************/
576/* 553/*
577 * see if a cycle will will be created by inserting acyclic tree B in acyclic 554 * see if a cycle will will be created by inserting acyclic tree B in acyclic
578 * tree A at the topmost level (ie: as a direct child of A) 555 * tree A at the topmost level (ie: as a direct child of A)
@@ -657,8 +634,7 @@ too_deep:
657cycle_detected: 634cycle_detected:
658 ret = -EDEADLK; 635 ret = -EDEADLK;
659 goto error; 636 goto error;
660 637}
661} /* end keyring_detect_cycle() */
662 638
663/* 639/*
664 * dispose of a keyring list after the RCU grace period, freeing the unlinked 640 * dispose of a keyring list after the RCU grace period, freeing the unlinked
@@ -898,7 +874,6 @@ int key_link(struct key *keyring, struct key *key)
898 874
899EXPORT_SYMBOL(key_link); 875EXPORT_SYMBOL(key_link);
900 876
901/*****************************************************************************/
902/* 877/*
903 * unlink the first link to a key from a keyring 878 * unlink the first link to a key from a keyring
904 */ 879 */
@@ -968,12 +943,10 @@ nomem:
968 ret = -ENOMEM; 943 ret = -ENOMEM;
969 up_write(&keyring->sem); 944 up_write(&keyring->sem);
970 goto error; 945 goto error;
971 946}
972} /* end key_unlink() */
973 947
974EXPORT_SYMBOL(key_unlink); 948EXPORT_SYMBOL(key_unlink);
975 949
976/*****************************************************************************/
977/* 950/*
978 * dispose of a keyring list after the RCU grace period, releasing the keys it 951 * dispose of a keyring list after the RCU grace period, releasing the keys it
979 * links to 952 * links to
@@ -989,10 +962,8 @@ static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
989 key_put(klist->keys[loop]); 962 key_put(klist->keys[loop]);
990 963
991 kfree(klist); 964 kfree(klist);
965}
992 966
993} /* end keyring_clear_rcu_disposal() */
994
995/*****************************************************************************/
996/* 967/*
997 * clear the specified process keyring 968 * clear the specified process keyring
998 * - implements keyctl(KEYCTL_CLEAR) 969 * - implements keyctl(KEYCTL_CLEAR)
@@ -1027,12 +998,10 @@ int keyring_clear(struct key *keyring)
1027 } 998 }
1028 999
1029 return ret; 1000 return ret;
1030 1001}
1031} /* end keyring_clear() */
1032 1002
1033EXPORT_SYMBOL(keyring_clear); 1003EXPORT_SYMBOL(keyring_clear);
1034 1004
1035/*****************************************************************************/
1036/* 1005/*
1037 * dispose of the links from a revoked keyring 1006 * dispose of the links from a revoked keyring
1038 * - called with the key sem write-locked 1007 * - called with the key sem write-locked
@@ -1050,8 +1019,7 @@ static void keyring_revoke(struct key *keyring)
1050 rcu_assign_pointer(keyring->payload.subscriptions, NULL); 1019 rcu_assign_pointer(keyring->payload.subscriptions, NULL);
1051 call_rcu(&klist->rcu, keyring_clear_rcu_disposal); 1020 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1052 } 1021 }
1053 1022}
1054} /* end keyring_revoke() */
1055 1023
1056/* 1024/*
1057 * Determine whether a key is dead 1025 * Determine whether a key is dead
diff --git a/security/keys/permission.c b/security/keys/permission.c
index 28645502cd0d..6284b1496c29 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -13,7 +13,6 @@
13#include <linux/security.h> 13#include <linux/security.h>
14#include "internal.h" 14#include "internal.h"
15 15
16/*****************************************************************************/
17/** 16/**
18 * key_task_permission - Check a key can be used 17 * key_task_permission - Check a key can be used
19 * @key_ref: The key to check 18 * @key_ref: The key to check
@@ -79,12 +78,10 @@ use_these_perms:
79 78
80 /* let LSM be the final arbiter */ 79 /* let LSM be the final arbiter */
81 return security_key_permission(key_ref, cred, perm); 80 return security_key_permission(key_ref, cred, perm);
82 81}
83} /* end key_task_permission() */
84 82
85EXPORT_SYMBOL(key_task_permission); 83EXPORT_SYMBOL(key_task_permission);
86 84
87/*****************************************************************************/
88/* 85/*
89 * validate a key 86 * validate a key
90 */ 87 */
@@ -111,7 +108,6 @@ int key_validate(struct key *key)
111 108
112error: 109error:
113 return ret; 110 return ret;
114 111}
115} /* end key_validate() */
116 112
117EXPORT_SYMBOL(key_validate); 113EXPORT_SYMBOL(key_validate);
diff --git a/security/keys/proc.c b/security/keys/proc.c
index 70373966816e..ad5f64e1b320 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -60,7 +60,6 @@ static const struct file_operations proc_key_users_fops = {
60 .release = seq_release, 60 .release = seq_release,
61}; 61};
62 62
63/*****************************************************************************/
64/* 63/*
65 * declare the /proc files 64 * declare the /proc files
66 */ 65 */
@@ -79,12 +78,10 @@ static int __init key_proc_init(void)
79 panic("Cannot create /proc/key-users\n"); 78 panic("Cannot create /proc/key-users\n");
80 79
81 return 0; 80 return 0;
82 81}
83} /* end key_proc_init() */
84 82
85__initcall(key_proc_init); 83__initcall(key_proc_init);
86 84
87/*****************************************************************************/
88/* 85/*
89 * implement "/proc/keys" to provides a list of the keys on the system 86 * implement "/proc/keys" to provides a list of the keys on the system
90 */ 87 */
@@ -293,7 +290,6 @@ static struct rb_node *key_user_first(struct rb_root *r)
293 return __key_user_next(n); 290 return __key_user_next(n);
294} 291}
295 292
296/*****************************************************************************/
297/* 293/*
298 * implement "/proc/key-users" to provides a list of the key users 294 * implement "/proc/key-users" to provides a list of the key users
299 */ 295 */
@@ -351,5 +347,4 @@ static int proc_key_users_show(struct seq_file *m, void *v)
351 maxbytes); 347 maxbytes);
352 348
353 return 0; 349 return 0;
354
355} 350}
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 504bdd2452bd..ea55cf9acf36 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -38,7 +38,6 @@ struct key_user root_key_user = {
38 .user_ns = &init_user_ns, 38 .user_ns = &init_user_ns,
39}; 39};
40 40
41/*****************************************************************************/
42/* 41/*
43 * install user and user session keyrings for a particular UID 42 * install user and user session keyrings for a particular UID
44 */ 43 */
@@ -275,7 +274,6 @@ static int install_session_keyring(struct key *keyring)
275 return commit_creds(new); 274 return commit_creds(new);
276} 275}
277 276
278/*****************************************************************************/
279/* 277/*
280 * the filesystem user ID changed 278 * the filesystem user ID changed
281 */ 279 */
@@ -288,10 +286,8 @@ void key_fsuid_changed(struct task_struct *tsk)
288 tsk->cred->thread_keyring->uid = tsk->cred->fsuid; 286 tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
289 up_write(&tsk->cred->thread_keyring->sem); 287 up_write(&tsk->cred->thread_keyring->sem);
290 } 288 }
289}
291 290
292} /* end key_fsuid_changed() */
293
294/*****************************************************************************/
295/* 291/*
296 * the filesystem group ID changed 292 * the filesystem group ID changed
297 */ 293 */
@@ -304,10 +300,8 @@ void key_fsgid_changed(struct task_struct *tsk)
304 tsk->cred->thread_keyring->gid = tsk->cred->fsgid; 300 tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
305 up_write(&tsk->cred->thread_keyring->sem); 301 up_write(&tsk->cred->thread_keyring->sem);
306 } 302 }
303}
307 304
308} /* end key_fsgid_changed() */
309
310/*****************************************************************************/
311/* 305/*
312 * search only my process keyrings for the first matching key 306 * search only my process keyrings for the first matching key
313 * - we use the supplied match function to see if the description (or other 307 * - we use the supplied match function to see if the description (or other
@@ -428,7 +422,6 @@ found:
428 return key_ref; 422 return key_ref;
429} 423}
430 424
431/*****************************************************************************/
432/* 425/*
433 * search the process keyrings for the first matching key 426 * search the process keyrings for the first matching key
434 * - we use the supplied match function to see if the description (or other 427 * - we use the supplied match function to see if the description (or other
@@ -489,20 +482,16 @@ key_ref_t search_process_keyrings(struct key_type *type,
489 482
490found: 483found:
491 return key_ref; 484 return key_ref;
485}
492 486
493} /* end search_process_keyrings() */
494
495/*****************************************************************************/
496/* 487/*
497 * see if the key we're looking at is the target key 488 * see if the key we're looking at is the target key
498 */ 489 */
499int lookup_user_key_possessed(const struct key *key, const void *target) 490int lookup_user_key_possessed(const struct key *key, const void *target)
500{ 491{
501 return key == target; 492 return key == target;
493}
502 494
503} /* end lookup_user_key_possessed() */
504
505/*****************************************************************************/
506/* 495/*
507 * lookup a key given a key ID from userspace with a given permissions mask 496 * lookup a key given a key ID from userspace with a given permissions mask
508 * - don't create special keyrings unless so requested 497 * - don't create special keyrings unless so requested
@@ -711,10 +700,8 @@ invalid_key:
711reget_creds: 700reget_creds:
712 put_cred(cred); 701 put_cred(cred);
713 goto try_again; 702 goto try_again;
703}
714 704
715} /* end lookup_user_key() */
716
717/*****************************************************************************/
718/* 705/*
719 * join the named keyring as the session keyring if possible, or attempt to 706 * join the named keyring as the session keyring if possible, or attempt to
720 * create a new one of that name if not 707 * create a new one of that name if not
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index 86747151ee5b..ba717b8163ab 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -38,7 +38,6 @@ struct key_type key_type_request_key_auth = {
38 .read = request_key_auth_read, 38 .read = request_key_auth_read,
39}; 39};
40 40
41/*****************************************************************************/
42/* 41/*
43 * instantiate a request-key authorisation key 42 * instantiate a request-key authorisation key
44 */ 43 */
@@ -48,10 +47,8 @@ static int request_key_auth_instantiate(struct key *key,
48{ 47{
49 key->payload.data = (struct request_key_auth *) data; 48 key->payload.data = (struct request_key_auth *) data;
50 return 0; 49 return 0;
50}
51 51
52} /* end request_key_auth_instantiate() */
53
54/*****************************************************************************/
55/* 52/*
56 * reading a request-key authorisation key retrieves the callout information 53 * reading a request-key authorisation key retrieves the callout information
57 */ 54 */
@@ -63,10 +60,8 @@ static void request_key_auth_describe(const struct key *key,
63 seq_puts(m, "key:"); 60 seq_puts(m, "key:");
64 seq_puts(m, key->description); 61 seq_puts(m, key->description);
65 seq_printf(m, " pid:%d ci:%zu", rka->pid, rka->callout_len); 62 seq_printf(m, " pid:%d ci:%zu", rka->pid, rka->callout_len);
63}
66 64
67} /* end request_key_auth_describe() */
68
69/*****************************************************************************/
70/* 65/*
71 * read the callout_info data 66 * read the callout_info data
72 * - the key's semaphore is read-locked 67 * - the key's semaphore is read-locked
@@ -91,10 +86,8 @@ static long request_key_auth_read(const struct key *key,
91 } 86 }
92 87
93 return ret; 88 return ret;
89}
94 90
95} /* end request_key_auth_read() */
96
97/*****************************************************************************/
98/* 91/*
99 * handle revocation of an authorisation token key 92 * handle revocation of an authorisation token key
100 * - called with the key sem write-locked 93 * - called with the key sem write-locked
@@ -109,10 +102,8 @@ static void request_key_auth_revoke(struct key *key)
109 put_cred(rka->cred); 102 put_cred(rka->cred);
110 rka->cred = NULL; 103 rka->cred = NULL;
111 } 104 }
105}
112 106
113} /* end request_key_auth_revoke() */
114
115/*****************************************************************************/
116/* 107/*
117 * destroy an instantiation authorisation token key 108 * destroy an instantiation authorisation token key
118 */ 109 */
@@ -131,10 +122,8 @@ static void request_key_auth_destroy(struct key *key)
131 key_put(rka->dest_keyring); 122 key_put(rka->dest_keyring);
132 kfree(rka->callout_info); 123 kfree(rka->callout_info);
133 kfree(rka); 124 kfree(rka);
125}
134 126
135} /* end request_key_auth_destroy() */
136
137/*****************************************************************************/
138/* 127/*
139 * create an authorisation token for /sbin/request-key or whoever to gain 128 * create an authorisation token for /sbin/request-key or whoever to gain
140 * access to the caller's security data 129 * access to the caller's security data
@@ -228,10 +217,8 @@ error_alloc:
228 kfree(rka); 217 kfree(rka);
229 kleave("= %d", ret); 218 kleave("= %d", ret);
230 return ERR_PTR(ret); 219 return ERR_PTR(ret);
220}
231 221
232} /* end request_key_auth_new() */
233
234/*****************************************************************************/
235/* 222/*
236 * see if an authorisation key is associated with a particular key 223 * see if an authorisation key is associated with a particular key
237 */ 224 */
@@ -242,10 +229,8 @@ static int key_get_instantiation_authkey_match(const struct key *key,
242 key_serial_t id = (key_serial_t)(unsigned long) _id; 229 key_serial_t id = (key_serial_t)(unsigned long) _id;
243 230
244 return rka->target_key->serial == id; 231 return rka->target_key->serial == id;
232}
245 233
246} /* end key_get_instantiation_authkey_match() */
247
248/*****************************************************************************/
249/* 234/*
250 * get the authorisation key for instantiation of a specific key if attached to 235 * get the authorisation key for instantiation of a specific key if attached to
251 * the current process's keyrings 236 * the current process's keyrings
@@ -278,5 +263,4 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id)
278 263
279error: 264error:
280 return authkey; 265 return authkey;
281 266}
282} /* end key_get_instantiation_authkey() */
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index e9aa07929656..02807fb16340 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -35,7 +35,6 @@ struct key_type key_type_user = {
35 35
36EXPORT_SYMBOL_GPL(key_type_user); 36EXPORT_SYMBOL_GPL(key_type_user);
37 37
38/*****************************************************************************/
39/* 38/*
40 * instantiate a user defined key 39 * instantiate a user defined key
41 */ 40 */
@@ -65,12 +64,10 @@ int user_instantiate(struct key *key, const void *data, size_t datalen)
65 64
66error: 65error:
67 return ret; 66 return ret;
68 67}
69} /* end user_instantiate() */
70 68
71EXPORT_SYMBOL_GPL(user_instantiate); 69EXPORT_SYMBOL_GPL(user_instantiate);
72 70
73/*****************************************************************************/
74/* 71/*
75 * dispose of the old data from an updated user defined key 72 * dispose of the old data from an updated user defined key
76 */ 73 */
@@ -81,10 +78,8 @@ static void user_update_rcu_disposal(struct rcu_head *rcu)
81 upayload = container_of(rcu, struct user_key_payload, rcu); 78 upayload = container_of(rcu, struct user_key_payload, rcu);
82 79
83 kfree(upayload); 80 kfree(upayload);
81}
84 82
85} /* end user_update_rcu_disposal() */
86
87/*****************************************************************************/
88/* 83/*
89 * update a user defined key 84 * update a user defined key
90 * - the key's semaphore is write-locked 85 * - the key's semaphore is write-locked
@@ -123,24 +118,20 @@ int user_update(struct key *key, const void *data, size_t datalen)
123 118
124error: 119error:
125 return ret; 120 return ret;
126 121}
127} /* end user_update() */
128 122
129EXPORT_SYMBOL_GPL(user_update); 123EXPORT_SYMBOL_GPL(user_update);
130 124
131/*****************************************************************************/
132/* 125/*
133 * match users on their name 126 * match users on their name
134 */ 127 */
135int user_match(const struct key *key, const void *description) 128int user_match(const struct key *key, const void *description)
136{ 129{
137 return strcmp(key->description, description) == 0; 130 return strcmp(key->description, description) == 0;
138 131}
139} /* end user_match() */
140 132
141EXPORT_SYMBOL_GPL(user_match); 133EXPORT_SYMBOL_GPL(user_match);
142 134
143/*****************************************************************************/
144/* 135/*
145 * dispose of the links from a revoked keyring 136 * dispose of the links from a revoked keyring
146 * - called with the key sem write-locked 137 * - called with the key sem write-locked
@@ -156,12 +147,10 @@ void user_revoke(struct key *key)
156 rcu_assign_pointer(key->payload.data, NULL); 147 rcu_assign_pointer(key->payload.data, NULL);
157 call_rcu(&upayload->rcu, user_update_rcu_disposal); 148 call_rcu(&upayload->rcu, user_update_rcu_disposal);
158 } 149 }
159 150}
160} /* end user_revoke() */
161 151
162EXPORT_SYMBOL(user_revoke); 152EXPORT_SYMBOL(user_revoke);
163 153
164/*****************************************************************************/
165/* 154/*
166 * dispose of the data dangling from the corpse of a user key 155 * dispose of the data dangling from the corpse of a user key
167 */ 156 */
@@ -170,12 +159,10 @@ void user_destroy(struct key *key)
170 struct user_key_payload *upayload = key->payload.data; 159 struct user_key_payload *upayload = key->payload.data;
171 160
172 kfree(upayload); 161 kfree(upayload);
173 162}
174} /* end user_destroy() */
175 163
176EXPORT_SYMBOL_GPL(user_destroy); 164EXPORT_SYMBOL_GPL(user_destroy);
177 165
178/*****************************************************************************/
179/* 166/*
180 * describe the user key 167 * describe the user key
181 */ 168 */
@@ -184,12 +171,10 @@ void user_describe(const struct key *key, struct seq_file *m)
184 seq_puts(m, key->description); 171 seq_puts(m, key->description);
185 172
186 seq_printf(m, ": %u", key->datalen); 173 seq_printf(m, ": %u", key->datalen);
187 174}
188} /* end user_describe() */
189 175
190EXPORT_SYMBOL_GPL(user_describe); 176EXPORT_SYMBOL_GPL(user_describe);
191 177
192/*****************************************************************************/
193/* 178/*
194 * read the key data 179 * read the key data
195 * - the key's semaphore is read-locked 180 * - the key's semaphore is read-locked
@@ -213,7 +198,6 @@ long user_read(const struct key *key, char __user *buffer, size_t buflen)
213 } 198 }
214 199
215 return ret; 200 return ret;
216 201}
217} /* end user_read() */
218 202
219EXPORT_SYMBOL_GPL(user_read); 203EXPORT_SYMBOL_GPL(user_read);