diff options
Diffstat (limited to 'security/keys/proc.c')
| -rw-r--r-- | security/keys/proc.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/security/keys/proc.c b/security/keys/proc.c index 217b6855e815..88e9a466940f 100644 --- a/security/keys/proc.c +++ b/security/keys/proc.c | |||
| @@ -182,7 +182,6 @@ static void proc_keys_stop(struct seq_file *p, void *v) | |||
| 182 | 182 | ||
| 183 | static int proc_keys_show(struct seq_file *m, void *v) | 183 | static int proc_keys_show(struct seq_file *m, void *v) |
| 184 | { | 184 | { |
| 185 | const struct cred *cred = current_cred(); | ||
| 186 | struct rb_node *_p = v; | 185 | struct rb_node *_p = v; |
| 187 | struct key *key = rb_entry(_p, struct key, serial_node); | 186 | struct key *key = rb_entry(_p, struct key, serial_node); |
| 188 | struct timespec now; | 187 | struct timespec now; |
| @@ -191,15 +190,23 @@ static int proc_keys_show(struct seq_file *m, void *v) | |||
| 191 | char xbuf[12]; | 190 | char xbuf[12]; |
| 192 | int rc; | 191 | int rc; |
| 193 | 192 | ||
| 193 | struct keyring_search_context ctx = { | ||
| 194 | .index_key.type = key->type, | ||
| 195 | .index_key.description = key->description, | ||
| 196 | .cred = current_cred(), | ||
| 197 | .match = lookup_user_key_possessed, | ||
| 198 | .match_data = key, | ||
| 199 | .flags = (KEYRING_SEARCH_NO_STATE_CHECK | | ||
| 200 | KEYRING_SEARCH_LOOKUP_DIRECT), | ||
| 201 | }; | ||
| 202 | |||
| 194 | key_ref = make_key_ref(key, 0); | 203 | key_ref = make_key_ref(key, 0); |
| 195 | 204 | ||
| 196 | /* determine if the key is possessed by this process (a test we can | 205 | /* determine if the key is possessed by this process (a test we can |
| 197 | * skip if the key does not indicate the possessor can view it | 206 | * skip if the key does not indicate the possessor can view it |
| 198 | */ | 207 | */ |
| 199 | if (key->perm & KEY_POS_VIEW) { | 208 | if (key->perm & KEY_POS_VIEW) { |
| 200 | skey_ref = search_my_process_keyrings(key->type, key, | 209 | skey_ref = search_my_process_keyrings(&ctx); |
| 201 | lookup_user_key_possessed, | ||
| 202 | true, cred); | ||
| 203 | if (!IS_ERR(skey_ref)) { | 210 | if (!IS_ERR(skey_ref)) { |
| 204 | key_ref_put(skey_ref); | 211 | key_ref_put(skey_ref); |
| 205 | key_ref = make_key_ref(key, 1); | 212 | key_ref = make_key_ref(key, 1); |
| @@ -211,7 +218,7 @@ static int proc_keys_show(struct seq_file *m, void *v) | |||
| 211 | * - the caller holds a spinlock, and thus the RCU read lock, making our | 218 | * - the caller holds a spinlock, and thus the RCU read lock, making our |
| 212 | * access to __current_cred() safe | 219 | * access to __current_cred() safe |
| 213 | */ | 220 | */ |
| 214 | rc = key_task_permission(key_ref, cred, KEY_VIEW); | 221 | rc = key_task_permission(key_ref, ctx.cred, KEY_VIEW); |
| 215 | if (rc < 0) | 222 | if (rc < 0) |
| 216 | return 0; | 223 | return 0; |
| 217 | 224 | ||