diff options
Diffstat (limited to 'security/keys/request_key.c')
| -rw-r--r-- | security/keys/request_key.c | 36 |
1 files changed, 29 insertions, 7 deletions
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 90c1506d007c..e6dd366d43a3 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
| @@ -129,7 +129,7 @@ static struct key *__request_key_construction(struct key_type *type, | |||
| 129 | 129 | ||
| 130 | /* create a key and add it to the queue */ | 130 | /* create a key and add it to the queue */ |
| 131 | key = key_alloc(type, description, | 131 | key = key_alloc(type, description, |
| 132 | current->fsuid, current->fsgid, KEY_USR_ALL, 0); | 132 | current->fsuid, current->fsgid, KEY_POS_ALL, 0); |
| 133 | if (IS_ERR(key)) | 133 | if (IS_ERR(key)) |
| 134 | goto alloc_failed; | 134 | goto alloc_failed; |
| 135 | 135 | ||
| @@ -365,14 +365,24 @@ struct key *request_key_and_link(struct key_type *type, | |||
| 365 | { | 365 | { |
| 366 | struct key_user *user; | 366 | struct key_user *user; |
| 367 | struct key *key; | 367 | struct key *key; |
| 368 | key_ref_t key_ref; | ||
| 368 | 369 | ||
| 369 | kenter("%s,%s,%s,%p", | 370 | kenter("%s,%s,%s,%p", |
| 370 | type->name, description, callout_info, dest_keyring); | 371 | type->name, description, callout_info, dest_keyring); |
| 371 | 372 | ||
| 372 | /* search all the process keyrings for a key */ | 373 | /* search all the process keyrings for a key */ |
| 373 | key = search_process_keyrings(type, description, type->match, current); | 374 | key_ref = search_process_keyrings(type, description, type->match, |
| 375 | current); | ||
| 374 | 376 | ||
| 375 | if (PTR_ERR(key) == -EAGAIN) { | 377 | kdebug("search 1: %p", key_ref); |
| 378 | |||
| 379 | if (!IS_ERR(key_ref)) { | ||
| 380 | key = key_ref_to_ptr(key_ref); | ||
| 381 | } | ||
| 382 | else if (PTR_ERR(key_ref) != -EAGAIN) { | ||
| 383 | key = ERR_PTR(PTR_ERR(key_ref)); | ||
| 384 | } | ||
| 385 | else { | ||
| 376 | /* the search failed, but the keyrings were searchable, so we | 386 | /* the search failed, but the keyrings were searchable, so we |
| 377 | * should consult userspace if we can */ | 387 | * should consult userspace if we can */ |
| 378 | key = ERR_PTR(-ENOKEY); | 388 | key = ERR_PTR(-ENOKEY); |
| @@ -384,7 +394,7 @@ struct key *request_key_and_link(struct key_type *type, | |||
| 384 | if (!user) | 394 | if (!user) |
| 385 | goto nomem; | 395 | goto nomem; |
| 386 | 396 | ||
| 387 | do { | 397 | for (;;) { |
| 388 | if (signal_pending(current)) | 398 | if (signal_pending(current)) |
| 389 | goto interrupted; | 399 | goto interrupted; |
| 390 | 400 | ||
| @@ -397,10 +407,22 @@ struct key *request_key_and_link(struct key_type *type, | |||
| 397 | 407 | ||
| 398 | /* someone else made the key we want, so we need to | 408 | /* someone else made the key we want, so we need to |
| 399 | * search again as it might now be available to us */ | 409 | * search again as it might now be available to us */ |
| 400 | key = search_process_keyrings(type, description, | 410 | key_ref = search_process_keyrings(type, description, |
| 401 | type->match, current); | 411 | type->match, |
| 412 | current); | ||
| 413 | |||
| 414 | kdebug("search 2: %p", key_ref); | ||
| 402 | 415 | ||
| 403 | } while (PTR_ERR(key) == -EAGAIN); | 416 | if (!IS_ERR(key_ref)) { |
| 417 | key = key_ref_to_ptr(key_ref); | ||
| 418 | break; | ||
| 419 | } | ||
| 420 | |||
| 421 | if (PTR_ERR(key_ref) != -EAGAIN) { | ||
| 422 | key = ERR_PTR(PTR_ERR(key_ref)); | ||
| 423 | break; | ||
| 424 | } | ||
| 425 | } | ||
| 404 | 426 | ||
| 405 | key_user_put(user); | 427 | key_user_put(user); |
| 406 | 428 | ||