aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys/keyctl.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/keys/keyctl.c')
-rw-r--r--security/keys/keyctl.c301
1 files changed, 151 insertions, 150 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index a6516a64b297..4c670ee6acf9 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -34,7 +34,7 @@ asmlinkage long sys_add_key(const char __user *_type,
34 size_t plen, 34 size_t plen,
35 key_serial_t ringid) 35 key_serial_t ringid)
36{ 36{
37 struct key *keyring, *key; 37 key_ref_t keyring_ref, key_ref;
38 char type[32], *description; 38 char type[32], *description;
39 void *payload; 39 void *payload;
40 long dlen, ret; 40 long dlen, ret;
@@ -86,25 +86,25 @@ asmlinkage long sys_add_key(const char __user *_type,
86 } 86 }
87 87
88 /* find the target keyring (which must be writable) */ 88 /* find the target keyring (which must be writable) */
89 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 89 keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
90 if (IS_ERR(keyring)) { 90 if (IS_ERR(keyring_ref)) {
91 ret = PTR_ERR(keyring); 91 ret = PTR_ERR(keyring_ref);
92 goto error3; 92 goto error3;
93 } 93 }
94 94
95 /* create or update the requested key and add it to the target 95 /* create or update the requested key and add it to the target
96 * keyring */ 96 * keyring */
97 key = key_create_or_update(keyring, type, description, 97 key_ref = key_create_or_update(keyring_ref, type, description,
98 payload, plen, 0); 98 payload, plen, 0);
99 if (!IS_ERR(key)) { 99 if (!IS_ERR(key_ref)) {
100 ret = key->serial; 100 ret = key_ref_to_ptr(key_ref)->serial;
101 key_put(key); 101 key_ref_put(key_ref);
102 } 102 }
103 else { 103 else {
104 ret = PTR_ERR(key); 104 ret = PTR_ERR(key_ref);
105 } 105 }
106 106
107 key_put(keyring); 107 key_ref_put(keyring_ref);
108 error3: 108 error3:
109 kfree(payload); 109 kfree(payload);
110 error2: 110 error2:
@@ -131,7 +131,8 @@ asmlinkage long sys_request_key(const char __user *_type,
131 key_serial_t destringid) 131 key_serial_t destringid)
132{ 132{
133 struct key_type *ktype; 133 struct key_type *ktype;
134 struct key *key, *dest; 134 struct key *key;
135 key_ref_t dest_ref;
135 char type[32], *description, *callout_info; 136 char type[32], *description, *callout_info;
136 long dlen, ret; 137 long dlen, ret;
137 138
@@ -187,11 +188,11 @@ asmlinkage long sys_request_key(const char __user *_type,
187 } 188 }
188 189
189 /* get the destination keyring if specified */ 190 /* get the destination keyring if specified */
190 dest = NULL; 191 dest_ref = NULL;
191 if (destringid) { 192 if (destringid) {
192 dest = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE); 193 dest_ref = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE);
193 if (IS_ERR(dest)) { 194 if (IS_ERR(dest_ref)) {
194 ret = PTR_ERR(dest); 195 ret = PTR_ERR(dest_ref);
195 goto error3; 196 goto error3;
196 } 197 }
197 } 198 }
@@ -204,7 +205,8 @@ asmlinkage long sys_request_key(const char __user *_type,
204 } 205 }
205 206
206 /* do the search */ 207 /* do the search */
207 key = request_key_and_link(ktype, description, callout_info, dest); 208 key = request_key_and_link(ktype, description, callout_info,
209 key_ref_to_ptr(dest_ref));
208 if (IS_ERR(key)) { 210 if (IS_ERR(key)) {
209 ret = PTR_ERR(key); 211 ret = PTR_ERR(key);
210 goto error5; 212 goto error5;
@@ -216,7 +218,7 @@ asmlinkage long sys_request_key(const char __user *_type,
216 error5: 218 error5:
217 key_type_put(ktype); 219 key_type_put(ktype);
218 error4: 220 error4:
219 key_put(dest); 221 key_ref_put(dest_ref);
220 error3: 222 error3:
221 kfree(callout_info); 223 kfree(callout_info);
222 error2: 224 error2:
@@ -234,17 +236,17 @@ asmlinkage long sys_request_key(const char __user *_type,
234 */ 236 */
235long keyctl_get_keyring_ID(key_serial_t id, int create) 237long keyctl_get_keyring_ID(key_serial_t id, int create)
236{ 238{
237 struct key *key; 239 key_ref_t key_ref;
238 long ret; 240 long ret;
239 241
240 key = lookup_user_key(NULL, id, create, 0, KEY_SEARCH); 242 key_ref = lookup_user_key(NULL, id, create, 0, KEY_SEARCH);
241 if (IS_ERR(key)) { 243 if (IS_ERR(key_ref)) {
242 ret = PTR_ERR(key); 244 ret = PTR_ERR(key_ref);
243 goto error; 245 goto error;
244 } 246 }
245 247
246 ret = key->serial; 248 ret = key_ref_to_ptr(key_ref)->serial;
247 key_put(key); 249 key_ref_put(key_ref);
248 error: 250 error:
249 return ret; 251 return ret;
250 252
@@ -302,7 +304,7 @@ long keyctl_update_key(key_serial_t id,
302 const void __user *_payload, 304 const void __user *_payload,
303 size_t plen) 305 size_t plen)
304{ 306{
305 struct key *key; 307 key_ref_t key_ref;
306 void *payload; 308 void *payload;
307 long ret; 309 long ret;
308 310
@@ -324,16 +326,16 @@ long keyctl_update_key(key_serial_t id,
324 } 326 }
325 327
326 /* find the target key (which must be writable) */ 328 /* find the target key (which must be writable) */
327 key = lookup_user_key(NULL, id, 0, 0, KEY_WRITE); 329 key_ref = lookup_user_key(NULL, id, 0, 0, KEY_WRITE);
328 if (IS_ERR(key)) { 330 if (IS_ERR(key_ref)) {
329 ret = PTR_ERR(key); 331 ret = PTR_ERR(key_ref);
330 goto error2; 332 goto error2;
331 } 333 }
332 334
333 /* update the key */ 335 /* update the key */
334 ret = key_update(key, payload, plen); 336 ret = key_update(key_ref, payload, plen);
335 337
336 key_put(key); 338 key_ref_put(key_ref);
337 error2: 339 error2:
338 kfree(payload); 340 kfree(payload);
339 error: 341 error:
@@ -349,19 +351,19 @@ long keyctl_update_key(key_serial_t id,
349 */ 351 */
350long keyctl_revoke_key(key_serial_t id) 352long keyctl_revoke_key(key_serial_t id)
351{ 353{
352 struct key *key; 354 key_ref_t key_ref;
353 long ret; 355 long ret;
354 356
355 key = lookup_user_key(NULL, id, 0, 0, KEY_WRITE); 357 key_ref = lookup_user_key(NULL, id, 0, 0, KEY_WRITE);
356 if (IS_ERR(key)) { 358 if (IS_ERR(key_ref)) {
357 ret = PTR_ERR(key); 359 ret = PTR_ERR(key_ref);
358 goto error; 360 goto error;
359 } 361 }
360 362
361 key_revoke(key); 363 key_revoke(key_ref_to_ptr(key_ref));
362 ret = 0; 364 ret = 0;
363 365
364 key_put(key); 366 key_ref_put(key_ref);
365 error: 367 error:
366 return ret; 368 return ret;
367 369
@@ -375,18 +377,18 @@ long keyctl_revoke_key(key_serial_t id)
375 */ 377 */
376long keyctl_keyring_clear(key_serial_t ringid) 378long keyctl_keyring_clear(key_serial_t ringid)
377{ 379{
378 struct key *keyring; 380 key_ref_t keyring_ref;
379 long ret; 381 long ret;
380 382
381 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 383 keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
382 if (IS_ERR(keyring)) { 384 if (IS_ERR(keyring_ref)) {
383 ret = PTR_ERR(keyring); 385 ret = PTR_ERR(keyring_ref);
384 goto error; 386 goto error;
385 } 387 }
386 388
387 ret = keyring_clear(keyring); 389 ret = keyring_clear(key_ref_to_ptr(keyring_ref));
388 390
389 key_put(keyring); 391 key_ref_put(keyring_ref);
390 error: 392 error:
391 return ret; 393 return ret;
392 394
@@ -401,26 +403,26 @@ long keyctl_keyring_clear(key_serial_t ringid)
401 */ 403 */
402long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) 404long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
403{ 405{
404 struct key *keyring, *key; 406 key_ref_t keyring_ref, key_ref;
405 long ret; 407 long ret;
406 408
407 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 409 keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
408 if (IS_ERR(keyring)) { 410 if (IS_ERR(keyring_ref)) {
409 ret = PTR_ERR(keyring); 411 ret = PTR_ERR(keyring_ref);
410 goto error; 412 goto error;
411 } 413 }
412 414
413 key = lookup_user_key(NULL, id, 1, 0, KEY_LINK); 415 key_ref = lookup_user_key(NULL, id, 1, 0, KEY_LINK);
414 if (IS_ERR(key)) { 416 if (IS_ERR(key_ref)) {
415 ret = PTR_ERR(key); 417 ret = PTR_ERR(key_ref);
416 goto error2; 418 goto error2;
417 } 419 }
418 420
419 ret = key_link(keyring, key); 421 ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref));
420 422
421 key_put(key); 423 key_ref_put(key_ref);
422 error2: 424 error2:
423 key_put(keyring); 425 key_ref_put(keyring_ref);
424 error: 426 error:
425 return ret; 427 return ret;
426 428
@@ -435,26 +437,26 @@ long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
435 */ 437 */
436long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) 438long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
437{ 439{
438 struct key *keyring, *key; 440 key_ref_t keyring_ref, key_ref;
439 long ret; 441 long ret;
440 442
441 keyring = lookup_user_key(NULL, ringid, 0, 0, KEY_WRITE); 443 keyring_ref = lookup_user_key(NULL, ringid, 0, 0, KEY_WRITE);
442 if (IS_ERR(keyring)) { 444 if (IS_ERR(keyring_ref)) {
443 ret = PTR_ERR(keyring); 445 ret = PTR_ERR(keyring_ref);
444 goto error; 446 goto error;
445 } 447 }
446 448
447 key = lookup_user_key(NULL, id, 0, 0, 0); 449 key_ref = lookup_user_key(NULL, id, 0, 0, 0);
448 if (IS_ERR(key)) { 450 if (IS_ERR(key_ref)) {
449 ret = PTR_ERR(key); 451 ret = PTR_ERR(key_ref);
450 goto error2; 452 goto error2;
451 } 453 }
452 454
453 ret = key_unlink(keyring, key); 455 ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref));
454 456
455 key_put(key); 457 key_ref_put(key_ref);
456 error2: 458 error2:
457 key_put(keyring); 459 key_ref_put(keyring_ref);
458 error: 460 error:
459 return ret; 461 return ret;
460 462
@@ -476,24 +478,26 @@ long keyctl_describe_key(key_serial_t keyid,
476 size_t buflen) 478 size_t buflen)
477{ 479{
478 struct key *key, *instkey; 480 struct key *key, *instkey;
481 key_ref_t key_ref;
479 char *tmpbuf; 482 char *tmpbuf;
480 long ret; 483 long ret;
481 484
482 key = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW); 485 key_ref = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW);
483 if (IS_ERR(key)) { 486 if (IS_ERR(key_ref)) {
484 /* viewing a key under construction is permitted if we have the 487 /* viewing a key under construction is permitted if we have the
485 * authorisation token handy */ 488 * authorisation token handy */
486 if (PTR_ERR(key) == -EACCES) { 489 if (PTR_ERR(key_ref) == -EACCES) {
487 instkey = key_get_instantiation_authkey(keyid); 490 instkey = key_get_instantiation_authkey(keyid);
488 if (!IS_ERR(instkey)) { 491 if (!IS_ERR(instkey)) {
489 key_put(instkey); 492 key_put(instkey);
490 key = lookup_user_key(NULL, keyid, 0, 1, 0); 493 key_ref = lookup_user_key(NULL, keyid,
491 if (!IS_ERR(key)) 494 0, 1, 0);
495 if (!IS_ERR(key_ref))
492 goto okay; 496 goto okay;
493 } 497 }
494 } 498 }
495 499
496 ret = PTR_ERR(key); 500 ret = PTR_ERR(key_ref);
497 goto error; 501 goto error;
498 } 502 }
499 503
@@ -504,13 +508,16 @@ okay:
504 if (!tmpbuf) 508 if (!tmpbuf)
505 goto error2; 509 goto error2;
506 510
511 key = key_ref_to_ptr(key_ref);
512
507 ret = snprintf(tmpbuf, PAGE_SIZE - 1, 513 ret = snprintf(tmpbuf, PAGE_SIZE - 1,
508 "%s;%d;%d;%06x;%s", 514 "%s;%d;%d;%08x;%s",
509 key->type->name, 515 key_ref_to_ptr(key_ref)->type->name,
510 key->uid, 516 key_ref_to_ptr(key_ref)->uid,
511 key->gid, 517 key_ref_to_ptr(key_ref)->gid,
512 key->perm, 518 key_ref_to_ptr(key_ref)->perm,
513 key->description ? key->description :"" 519 key_ref_to_ptr(key_ref)->description ?
520 key_ref_to_ptr(key_ref)->description : ""
514 ); 521 );
515 522
516 /* include a NUL char at the end of the data */ 523 /* include a NUL char at the end of the data */
@@ -530,7 +537,7 @@ okay:
530 537
531 kfree(tmpbuf); 538 kfree(tmpbuf);
532 error2: 539 error2:
533 key_put(key); 540 key_ref_put(key_ref);
534 error: 541 error:
535 return ret; 542 return ret;
536 543
@@ -552,7 +559,7 @@ long keyctl_keyring_search(key_serial_t ringid,
552 key_serial_t destringid) 559 key_serial_t destringid)
553{ 560{
554 struct key_type *ktype; 561 struct key_type *ktype;
555 struct key *keyring, *key, *dest; 562 key_ref_t keyring_ref, key_ref, dest_ref;
556 char type[32], *description; 563 char type[32], *description;
557 long dlen, ret; 564 long dlen, ret;
558 565
@@ -581,18 +588,18 @@ long keyctl_keyring_search(key_serial_t ringid,
581 goto error2; 588 goto error2;
582 589
583 /* get the keyring at which to begin the search */ 590 /* get the keyring at which to begin the search */
584 keyring = lookup_user_key(NULL, ringid, 0, 0, KEY_SEARCH); 591 keyring_ref = lookup_user_key(NULL, ringid, 0, 0, KEY_SEARCH);
585 if (IS_ERR(keyring)) { 592 if (IS_ERR(keyring_ref)) {
586 ret = PTR_ERR(keyring); 593 ret = PTR_ERR(keyring_ref);
587 goto error2; 594 goto error2;
588 } 595 }
589 596
590 /* get the destination keyring if specified */ 597 /* get the destination keyring if specified */
591 dest = NULL; 598 dest_ref = NULL;
592 if (destringid) { 599 if (destringid) {
593 dest = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE); 600 dest_ref = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE);
594 if (IS_ERR(dest)) { 601 if (IS_ERR(dest_ref)) {
595 ret = PTR_ERR(dest); 602 ret = PTR_ERR(dest_ref);
596 goto error3; 603 goto error3;
597 } 604 }
598 } 605 }
@@ -605,9 +612,9 @@ long keyctl_keyring_search(key_serial_t ringid,
605 } 612 }
606 613
607 /* do the search */ 614 /* do the search */
608 key = keyring_search(keyring, ktype, description); 615 key_ref = keyring_search(keyring_ref, ktype, description);
609 if (IS_ERR(key)) { 616 if (IS_ERR(key_ref)) {
610 ret = PTR_ERR(key); 617 ret = PTR_ERR(key_ref);
611 618
612 /* treat lack or presence of a negative key the same */ 619 /* treat lack or presence of a negative key the same */
613 if (ret == -EAGAIN) 620 if (ret == -EAGAIN)
@@ -616,26 +623,26 @@ long keyctl_keyring_search(key_serial_t ringid,
616 } 623 }
617 624
618 /* link the resulting key to the destination keyring if we can */ 625 /* link the resulting key to the destination keyring if we can */
619 if (dest) { 626 if (dest_ref) {
620 ret = -EACCES; 627 ret = -EACCES;
621 if (!key_permission(key, KEY_LINK)) 628 if (!key_permission(key_ref, KEY_LINK))
622 goto error6; 629 goto error6;
623 630
624 ret = key_link(dest, key); 631 ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref));
625 if (ret < 0) 632 if (ret < 0)
626 goto error6; 633 goto error6;
627 } 634 }
628 635
629 ret = key->serial; 636 ret = key_ref_to_ptr(key_ref)->serial;
630 637
631 error6: 638 error6:
632 key_put(key); 639 key_ref_put(key_ref);
633 error5: 640 error5:
634 key_type_put(ktype); 641 key_type_put(ktype);
635 error4: 642 error4:
636 key_put(dest); 643 key_ref_put(dest_ref);
637 error3: 644 error3:
638 key_put(keyring); 645 key_ref_put(keyring_ref);
639 error2: 646 error2:
640 kfree(description); 647 kfree(description);
641 error: 648 error:
@@ -645,16 +652,6 @@ long keyctl_keyring_search(key_serial_t ringid,
645 652
646/*****************************************************************************/ 653/*****************************************************************************/
647/* 654/*
648 * see if the key we're looking at is the target key
649 */
650static int keyctl_read_key_same(const struct key *key, const void *target)
651{
652 return key == target;
653
654} /* end keyctl_read_key_same() */
655
656/*****************************************************************************/
657/*
658 * read a user key's payload 655 * read a user key's payload
659 * - the keyring must be readable or the key must be searchable from the 656 * - the keyring must be readable or the key must be searchable from the
660 * process's keyrings 657 * process's keyrings
@@ -665,38 +662,33 @@ static int keyctl_read_key_same(const struct key *key, const void *target)
665 */ 662 */
666long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) 663long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
667{ 664{
668 struct key *key, *skey; 665 struct key *key;
666 key_ref_t key_ref;
669 long ret; 667 long ret;
670 668
671 /* find the key first */ 669 /* find the key first */
672 key = lookup_user_key(NULL, keyid, 0, 0, 0); 670 key_ref = lookup_user_key(NULL, keyid, 0, 0, 0);
673 if (!IS_ERR(key)) { 671 if (IS_ERR(key_ref)) {
674 /* see if we can read it directly */ 672 ret = -ENOKEY;
675 if (key_permission(key, KEY_READ)) 673 goto error;
676 goto can_read_key;
677
678 /* we can't; see if it's searchable from this process's
679 * keyrings
680 * - we automatically take account of the fact that it may be
681 * dangling off an instantiation key
682 */
683 skey = search_process_keyrings(key->type, key,
684 keyctl_read_key_same, current);
685 if (!IS_ERR(skey))
686 goto can_read_key2;
687
688 ret = PTR_ERR(skey);
689 if (ret == -EAGAIN)
690 ret = -EACCES;
691 goto error2;
692 } 674 }
693 675
694 ret = -ENOKEY; 676 key = key_ref_to_ptr(key_ref);
695 goto error; 677
678 /* see if we can read it directly */
679 if (key_permission(key_ref, KEY_READ))
680 goto can_read_key;
681
682 /* we can't; see if it's searchable from this process's keyrings
683 * - we automatically take account of the fact that it may be
684 * dangling off an instantiation key
685 */
686 if (!is_key_possessed(key_ref)) {
687 ret = -EACCES;
688 goto error2;
689 }
696 690
697 /* the key is probably readable - now try to read it */ 691 /* the key is probably readable - now try to read it */
698 can_read_key2:
699 key_put(skey);
700 can_read_key: 692 can_read_key:
701 ret = key_validate(key); 693 ret = key_validate(key);
702 if (ret == 0) { 694 if (ret == 0) {
@@ -727,18 +719,21 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
727long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid) 719long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
728{ 720{
729 struct key *key; 721 struct key *key;
722 key_ref_t key_ref;
730 long ret; 723 long ret;
731 724
732 ret = 0; 725 ret = 0;
733 if (uid == (uid_t) -1 && gid == (gid_t) -1) 726 if (uid == (uid_t) -1 && gid == (gid_t) -1)
734 goto error; 727 goto error;
735 728
736 key = lookup_user_key(NULL, id, 1, 1, 0); 729 key_ref = lookup_user_key(NULL, id, 1, 1, 0);
737 if (IS_ERR(key)) { 730 if (IS_ERR(key_ref)) {
738 ret = PTR_ERR(key); 731 ret = PTR_ERR(key_ref);
739 goto error; 732 goto error;
740 } 733 }
741 734
735 key = key_ref_to_ptr(key_ref);
736
742 /* make the changes with the locks held to prevent chown/chown races */ 737 /* make the changes with the locks held to prevent chown/chown races */
743 ret = -EACCES; 738 ret = -EACCES;
744 down_write(&key->sem); 739 down_write(&key->sem);
@@ -784,18 +779,21 @@ long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
784long keyctl_setperm_key(key_serial_t id, key_perm_t perm) 779long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
785{ 780{
786 struct key *key; 781 struct key *key;
782 key_ref_t key_ref;
787 long ret; 783 long ret;
788 784
789 ret = -EINVAL; 785 ret = -EINVAL;
790 if (perm & ~(KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) 786 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL))
791 goto error; 787 goto error;
792 788
793 key = lookup_user_key(NULL, id, 1, 1, 0); 789 key_ref = lookup_user_key(NULL, id, 1, 1, 0);
794 if (IS_ERR(key)) { 790 if (IS_ERR(key_ref)) {
795 ret = PTR_ERR(key); 791 ret = PTR_ERR(key_ref);
796 goto error; 792 goto error;
797 } 793 }
798 794
795 key = key_ref_to_ptr(key_ref);
796
799 /* make the changes with the locks held to prevent chown/chmod races */ 797 /* make the changes with the locks held to prevent chown/chmod races */
800 ret = -EACCES; 798 ret = -EACCES;
801 down_write(&key->sem); 799 down_write(&key->sem);
@@ -824,7 +822,8 @@ long keyctl_instantiate_key(key_serial_t id,
824 key_serial_t ringid) 822 key_serial_t ringid)
825{ 823{
826 struct request_key_auth *rka; 824 struct request_key_auth *rka;
827 struct key *instkey, *keyring; 825 struct key *instkey;
826 key_ref_t keyring_ref;
828 void *payload; 827 void *payload;
829 long ret; 828 long ret;
830 829
@@ -857,21 +856,21 @@ long keyctl_instantiate_key(key_serial_t id,
857 856
858 /* find the destination keyring amongst those belonging to the 857 /* find the destination keyring amongst those belonging to the
859 * requesting task */ 858 * requesting task */
860 keyring = NULL; 859 keyring_ref = NULL;
861 if (ringid) { 860 if (ringid) {
862 keyring = lookup_user_key(rka->context, ringid, 1, 0, 861 keyring_ref = lookup_user_key(rka->context, ringid, 1, 0,
863 KEY_WRITE); 862 KEY_WRITE);
864 if (IS_ERR(keyring)) { 863 if (IS_ERR(keyring_ref)) {
865 ret = PTR_ERR(keyring); 864 ret = PTR_ERR(keyring_ref);
866 goto error3; 865 goto error3;
867 } 866 }
868 } 867 }
869 868
870 /* instantiate the key and link it into a keyring */ 869 /* instantiate the key and link it into a keyring */
871 ret = key_instantiate_and_link(rka->target_key, payload, plen, 870 ret = key_instantiate_and_link(rka->target_key, payload, plen,
872 keyring, instkey); 871 key_ref_to_ptr(keyring_ref), instkey);
873 872
874 key_put(keyring); 873 key_ref_put(keyring_ref);
875 error3: 874 error3:
876 key_put(instkey); 875 key_put(instkey);
877 error2: 876 error2:
@@ -889,7 +888,8 @@ long keyctl_instantiate_key(key_serial_t id,
889long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 888long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
890{ 889{
891 struct request_key_auth *rka; 890 struct request_key_auth *rka;
892 struct key *instkey, *keyring; 891 struct key *instkey;
892 key_ref_t keyring_ref;
893 long ret; 893 long ret;
894 894
895 /* find the instantiation authorisation key */ 895 /* find the instantiation authorisation key */
@@ -903,19 +903,20 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
903 903
904 /* find the destination keyring if present (which must also be 904 /* find the destination keyring if present (which must also be
905 * writable) */ 905 * writable) */
906 keyring = NULL; 906 keyring_ref = NULL;
907 if (ringid) { 907 if (ringid) {
908 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 908 keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
909 if (IS_ERR(keyring)) { 909 if (IS_ERR(keyring_ref)) {
910 ret = PTR_ERR(keyring); 910 ret = PTR_ERR(keyring_ref);
911 goto error2; 911 goto error2;
912 } 912 }
913 } 913 }
914 914
915 /* instantiate the key and link it into a keyring */ 915 /* instantiate the key and link it into a keyring */
916 ret = key_negate_and_link(rka->target_key, timeout, keyring, instkey); 916 ret = key_negate_and_link(rka->target_key, timeout,
917 key_ref_to_ptr(keyring_ref), instkey);
917 918
918 key_put(keyring); 919 key_ref_put(keyring_ref);
919 error2: 920 error2:
920 key_put(instkey); 921 key_put(instkey);
921 error: 922 error:
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-18 06:18:10 -0500