diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/keys/compat.c | 4 | ||||
-rw-r--r-- | security/keys/encrypted_defined.c | 1 | ||||
-rw-r--r-- | security/keys/key.c | 80 | ||||
-rw-r--r-- | security/keys/keyctl.c | 77 | ||||
-rw-r--r-- | security/keys/keyring.c | 64 | ||||
-rw-r--r-- | security/keys/permission.c | 8 | ||||
-rw-r--r-- | security/keys/proc.c | 7 | ||||
-rw-r--r-- | security/keys/process_keys.c | 23 | ||||
-rw-r--r-- | security/keys/request_key_auth.c | 32 | ||||
-rw-r--r-- | security/keys/user_defined.c | 32 |
10 files changed, 80 insertions, 248 deletions
diff --git a/security/keys/compat.c b/security/keys/compat.c index 792c0a611a6d..3cedf6305179 100644 --- a/security/keys/compat.c +++ b/security/keys/compat.c | |||
@@ -14,7 +14,6 @@ | |||
14 | #include <linux/compat.h> | 14 | #include <linux/compat.h> |
15 | #include "internal.h" | 15 | #include "internal.h" |
16 | 16 | ||
17 | /*****************************************************************************/ | ||
18 | /* | 17 | /* |
19 | * the key control system call, 32-bit compatibility version for 64-bit archs | 18 | * the key control system call, 32-bit compatibility version for 64-bit archs |
20 | * - this should only be called if the 64-bit arch uses weird pointers in | 19 | * - this should only be called if the 64-bit arch uses weird pointers in |
@@ -88,5 +87,4 @@ asmlinkage long compat_sys_keyctl(u32 option, | |||
88 | default: | 87 | default: |
89 | return -EOPNOTSUPP; | 88 | return -EOPNOTSUPP; |
90 | } | 89 | } |
91 | 90 | } | |
92 | } /* end compat_sys_keyctl() */ | ||
diff --git a/security/keys/encrypted_defined.c b/security/keys/encrypted_defined.c index 32d27c858388..28791a65740e 100644 --- a/security/keys/encrypted_defined.c +++ b/security/keys/encrypted_defined.c | |||
@@ -888,7 +888,6 @@ static int __init init_encrypted(void) | |||
888 | out: | 888 | out: |
889 | encrypted_shash_release(); | 889 | encrypted_shash_release(); |
890 | return ret; | 890 | return ret; |
891 | |||
892 | } | 891 | } |
893 | 892 | ||
894 | static void __exit cleanup_encrypted(void) | 893 | static void __exit cleanup_encrypted(void) |
diff --git a/security/keys/key.c b/security/keys/key.c index c1eac8084ade..3a92d7365870 100644 --- a/security/keys/key.c +++ b/security/keys/key.c | |||
@@ -56,7 +56,6 @@ void __key_check(const struct key *key) | |||
56 | } | 56 | } |
57 | #endif | 57 | #endif |
58 | 58 | ||
59 | /*****************************************************************************/ | ||
60 | /* | 59 | /* |
61 | * get the key quota record for a user, allocating a new record if one doesn't | 60 | * get the key quota record for a user, allocating a new record if one doesn't |
62 | * already exist | 61 | * already exist |
@@ -130,10 +129,8 @@ struct key_user *key_user_lookup(uid_t uid, struct user_namespace *user_ns) | |||
130 | kfree(candidate); | 129 | kfree(candidate); |
131 | out: | 130 | out: |
132 | return user; | 131 | return user; |
132 | } | ||
133 | 133 | ||
134 | } /* end key_user_lookup() */ | ||
135 | |||
136 | /*****************************************************************************/ | ||
137 | /* | 134 | /* |
138 | * dispose of a user structure | 135 | * dispose of a user structure |
139 | */ | 136 | */ |
@@ -146,10 +143,8 @@ void key_user_put(struct key_user *user) | |||
146 | 143 | ||
147 | kfree(user); | 144 | kfree(user); |
148 | } | 145 | } |
146 | } | ||
149 | 147 | ||
150 | } /* end key_user_put() */ | ||
151 | |||
152 | /*****************************************************************************/ | ||
153 | /* | 148 | /* |
154 | * assign a key the next unique serial number | 149 | * assign a key the next unique serial number |
155 | * - these are assigned randomly to avoid security issues through covert | 150 | * - these are assigned randomly to avoid security issues through covert |
@@ -211,10 +206,8 @@ serial_exists: | |||
211 | if (key->serial < xkey->serial) | 206 | if (key->serial < xkey->serial) |
212 | goto attempt_insertion; | 207 | goto attempt_insertion; |
213 | } | 208 | } |
209 | } | ||
214 | 210 | ||
215 | } /* end key_alloc_serial() */ | ||
216 | |||
217 | /*****************************************************************************/ | ||
218 | /* | 211 | /* |
219 | * allocate a key of the specified type | 212 | * allocate a key of the specified type |
220 | * - update the user's quota to reflect the existence of the key | 213 | * - update the user's quota to reflect the existence of the key |
@@ -344,12 +337,10 @@ no_quota: | |||
344 | key_user_put(user); | 337 | key_user_put(user); |
345 | key = ERR_PTR(-EDQUOT); | 338 | key = ERR_PTR(-EDQUOT); |
346 | goto error; | 339 | goto error; |
347 | 340 | } | |
348 | } /* end key_alloc() */ | ||
349 | 341 | ||
350 | EXPORT_SYMBOL(key_alloc); | 342 | EXPORT_SYMBOL(key_alloc); |
351 | 343 | ||
352 | /*****************************************************************************/ | ||
353 | /* | 344 | /* |
354 | * reserve an amount of quota for the key's payload | 345 | * reserve an amount of quota for the key's payload |
355 | */ | 346 | */ |
@@ -384,12 +375,10 @@ int key_payload_reserve(struct key *key, size_t datalen) | |||
384 | key->datalen = datalen; | 375 | key->datalen = datalen; |
385 | 376 | ||
386 | return ret; | 377 | return ret; |
387 | 378 | } | |
388 | } /* end key_payload_reserve() */ | ||
389 | 379 | ||
390 | EXPORT_SYMBOL(key_payload_reserve); | 380 | EXPORT_SYMBOL(key_payload_reserve); |
391 | 381 | ||
392 | /*****************************************************************************/ | ||
393 | /* | 382 | /* |
394 | * instantiate a key and link it into the target keyring atomically | 383 | * instantiate a key and link it into the target keyring atomically |
395 | * - called with the target keyring's semaphore writelocked | 384 | * - called with the target keyring's semaphore writelocked |
@@ -441,10 +430,8 @@ static int __key_instantiate_and_link(struct key *key, | |||
441 | wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT); | 430 | wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT); |
442 | 431 | ||
443 | return ret; | 432 | return ret; |
433 | } | ||
444 | 434 | ||
445 | } /* end __key_instantiate_and_link() */ | ||
446 | |||
447 | /*****************************************************************************/ | ||
448 | /* | 435 | /* |
449 | * instantiate a key and link it into the target keyring atomically | 436 | * instantiate a key and link it into the target keyring atomically |
450 | */ | 437 | */ |
@@ -471,12 +458,10 @@ int key_instantiate_and_link(struct key *key, | |||
471 | __key_link_end(keyring, key->type, prealloc); | 458 | __key_link_end(keyring, key->type, prealloc); |
472 | 459 | ||
473 | return ret; | 460 | return ret; |
474 | 461 | } | |
475 | } /* end key_instantiate_and_link() */ | ||
476 | 462 | ||
477 | EXPORT_SYMBOL(key_instantiate_and_link); | 463 | EXPORT_SYMBOL(key_instantiate_and_link); |
478 | 464 | ||
479 | /*****************************************************************************/ | ||
480 | /* | 465 | /* |
481 | * negatively instantiate a key and link it into the target keyring atomically | 466 | * negatively instantiate a key and link it into the target keyring atomically |
482 | */ | 467 | */ |
@@ -535,12 +520,10 @@ int key_negate_and_link(struct key *key, | |||
535 | wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT); | 520 | wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT); |
536 | 521 | ||
537 | return ret == 0 ? link_ret : ret; | 522 | return ret == 0 ? link_ret : ret; |
538 | 523 | } | |
539 | } /* end key_negate_and_link() */ | ||
540 | 524 | ||
541 | EXPORT_SYMBOL(key_negate_and_link); | 525 | EXPORT_SYMBOL(key_negate_and_link); |
542 | 526 | ||
543 | /*****************************************************************************/ | ||
544 | /* | 527 | /* |
545 | * do cleaning up in process context so that we don't have to disable | 528 | * do cleaning up in process context so that we don't have to disable |
546 | * interrupts all over the place | 529 | * interrupts all over the place |
@@ -601,10 +584,8 @@ static void key_cleanup(struct work_struct *work) | |||
601 | 584 | ||
602 | /* there may, of course, be more than one key to destroy */ | 585 | /* there may, of course, be more than one key to destroy */ |
603 | goto go_again; | 586 | goto go_again; |
587 | } | ||
604 | 588 | ||
605 | } /* end key_cleanup() */ | ||
606 | |||
607 | /*****************************************************************************/ | ||
608 | /* | 589 | /* |
609 | * dispose of a reference to a key | 590 | * dispose of a reference to a key |
610 | * - when all the references are gone, we schedule the cleanup task to come and | 591 | * - when all the references are gone, we schedule the cleanup task to come and |
@@ -618,12 +599,10 @@ void key_put(struct key *key) | |||
618 | if (atomic_dec_and_test(&key->usage)) | 599 | if (atomic_dec_and_test(&key->usage)) |
619 | schedule_work(&key_cleanup_task); | 600 | schedule_work(&key_cleanup_task); |
620 | } | 601 | } |
621 | 602 | } | |
622 | } /* end key_put() */ | ||
623 | 603 | ||
624 | EXPORT_SYMBOL(key_put); | 604 | EXPORT_SYMBOL(key_put); |
625 | 605 | ||
626 | /*****************************************************************************/ | ||
627 | /* | 606 | /* |
628 | * find a key by its serial number | 607 | * find a key by its serial number |
629 | */ | 608 | */ |
@@ -664,10 +643,8 @@ struct key *key_lookup(key_serial_t id) | |||
664 | error: | 643 | error: |
665 | spin_unlock(&key_serial_lock); | 644 | spin_unlock(&key_serial_lock); |
666 | return key; | 645 | return key; |
646 | } | ||
667 | 647 | ||
668 | } /* end key_lookup() */ | ||
669 | |||
670 | /*****************************************************************************/ | ||
671 | /* | 648 | /* |
672 | * find and lock the specified key type against removal | 649 | * find and lock the specified key type against removal |
673 | * - we return with the sem readlocked | 650 | * - we return with the sem readlocked |
@@ -690,20 +667,16 @@ struct key_type *key_type_lookup(const char *type) | |||
690 | 667 | ||
691 | found_kernel_type: | 668 | found_kernel_type: |
692 | return ktype; | 669 | return ktype; |
670 | } | ||
693 | 671 | ||
694 | } /* end key_type_lookup() */ | ||
695 | |||
696 | /*****************************************************************************/ | ||
697 | /* | 672 | /* |
698 | * unlock a key type | 673 | * unlock a key type |
699 | */ | 674 | */ |
700 | void key_type_put(struct key_type *ktype) | 675 | void key_type_put(struct key_type *ktype) |
701 | { | 676 | { |
702 | up_read(&key_types_sem); | 677 | up_read(&key_types_sem); |
678 | } | ||
703 | 679 | ||
704 | } /* end key_type_put() */ | ||
705 | |||
706 | /*****************************************************************************/ | ||
707 | /* | 680 | /* |
708 | * attempt to update an existing key | 681 | * attempt to update an existing key |
709 | * - the key has an incremented refcount | 682 | * - the key has an incremented refcount |
@@ -742,10 +715,8 @@ error: | |||
742 | key_put(key); | 715 | key_put(key); |
743 | key_ref = ERR_PTR(ret); | 716 | key_ref = ERR_PTR(ret); |
744 | goto out; | 717 | goto out; |
718 | } | ||
745 | 719 | ||
746 | } /* end __key_update() */ | ||
747 | |||
748 | /*****************************************************************************/ | ||
749 | /* | 720 | /* |
750 | * search the specified keyring for a key of the same description; if one is | 721 | * search the specified keyring for a key of the same description; if one is |
751 | * found, update it, otherwise add a new one | 722 | * found, update it, otherwise add a new one |
@@ -855,12 +826,10 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, | |||
855 | 826 | ||
856 | key_ref = __key_update(key_ref, payload, plen); | 827 | key_ref = __key_update(key_ref, payload, plen); |
857 | goto error; | 828 | goto error; |
858 | 829 | } | |
859 | } /* end key_create_or_update() */ | ||
860 | 830 | ||
861 | EXPORT_SYMBOL(key_create_or_update); | 831 | EXPORT_SYMBOL(key_create_or_update); |
862 | 832 | ||
863 | /*****************************************************************************/ | ||
864 | /* | 833 | /* |
865 | * update a key | 834 | * update a key |
866 | */ | 835 | */ |
@@ -891,12 +860,10 @@ int key_update(key_ref_t key_ref, const void *payload, size_t plen) | |||
891 | 860 | ||
892 | error: | 861 | error: |
893 | return ret; | 862 | return ret; |
894 | 863 | } | |
895 | } /* end key_update() */ | ||
896 | 864 | ||
897 | EXPORT_SYMBOL(key_update); | 865 | EXPORT_SYMBOL(key_update); |
898 | 866 | ||
899 | /*****************************************************************************/ | ||
900 | /* | 867 | /* |
901 | * revoke a key | 868 | * revoke a key |
902 | */ | 869 | */ |
@@ -926,12 +893,10 @@ void key_revoke(struct key *key) | |||
926 | } | 893 | } |
927 | 894 | ||
928 | up_write(&key->sem); | 895 | up_write(&key->sem); |
929 | 896 | } | |
930 | } /* end key_revoke() */ | ||
931 | 897 | ||
932 | EXPORT_SYMBOL(key_revoke); | 898 | EXPORT_SYMBOL(key_revoke); |
933 | 899 | ||
934 | /*****************************************************************************/ | ||
935 | /* | 900 | /* |
936 | * register a type of key | 901 | * register a type of key |
937 | */ | 902 | */ |
@@ -956,12 +921,10 @@ int register_key_type(struct key_type *ktype) | |||
956 | out: | 921 | out: |
957 | up_write(&key_types_sem); | 922 | up_write(&key_types_sem); |
958 | return ret; | 923 | return ret; |
959 | 924 | } | |
960 | } /* end register_key_type() */ | ||
961 | 925 | ||
962 | EXPORT_SYMBOL(register_key_type); | 926 | EXPORT_SYMBOL(register_key_type); |
963 | 927 | ||
964 | /*****************************************************************************/ | ||
965 | /* | 928 | /* |
966 | * unregister a type of key | 929 | * unregister a type of key |
967 | */ | 930 | */ |
@@ -1010,12 +973,10 @@ void unregister_key_type(struct key_type *ktype) | |||
1010 | up_write(&key_types_sem); | 973 | up_write(&key_types_sem); |
1011 | 974 | ||
1012 | key_schedule_gc(0); | 975 | key_schedule_gc(0); |
1013 | 976 | } | |
1014 | } /* end unregister_key_type() */ | ||
1015 | 977 | ||
1016 | EXPORT_SYMBOL(unregister_key_type); | 978 | EXPORT_SYMBOL(unregister_key_type); |
1017 | 979 | ||
1018 | /*****************************************************************************/ | ||
1019 | /* | 980 | /* |
1020 | * initialise the key management stuff | 981 | * initialise the key management stuff |
1021 | */ | 982 | */ |
@@ -1037,5 +998,4 @@ void __init key_init(void) | |||
1037 | 998 | ||
1038 | rb_insert_color(&root_key_user.node, | 999 | rb_insert_color(&root_key_user.node, |
1039 | &key_user_tree); | 1000 | &key_user_tree); |
1040 | 1001 | } | |
1041 | } /* end key_init() */ | ||
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 60924f6a52db..83ec98b7e98d 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c | |||
@@ -46,7 +46,6 @@ static int key_get_type_from_user(char *type, | |||
46 | return 0; | 46 | return 0; |
47 | } | 47 | } |
48 | 48 | ||
49 | /*****************************************************************************/ | ||
50 | /* | 49 | /* |
51 | * extract the description of a new key from userspace and either add it as a | 50 | * extract the description of a new key from userspace and either add it as a |
52 | * new key to the specified keyring or update a matching key in that keyring | 51 | * new key to the specified keyring or update a matching key in that keyring |
@@ -132,10 +131,8 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type, | |||
132 | kfree(description); | 131 | kfree(description); |
133 | error: | 132 | error: |
134 | return ret; | 133 | return ret; |
134 | } | ||
135 | 135 | ||
136 | } /* end sys_add_key() */ | ||
137 | |||
138 | /*****************************************************************************/ | ||
139 | /* | 136 | /* |
140 | * search the process keyrings for a matching key | 137 | * search the process keyrings for a matching key |
141 | * - nested keyrings may also be searched if they have Search permission | 138 | * - nested keyrings may also be searched if they have Search permission |
@@ -222,10 +219,8 @@ error2: | |||
222 | kfree(description); | 219 | kfree(description); |
223 | error: | 220 | error: |
224 | return ret; | 221 | return ret; |
222 | } | ||
225 | 223 | ||
226 | } /* end sys_request_key() */ | ||
227 | |||
228 | /*****************************************************************************/ | ||
229 | /* | 224 | /* |
230 | * get the ID of the specified process keyring | 225 | * get the ID of the specified process keyring |
231 | * - the keyring must have search permission to be found | 226 | * - the keyring must have search permission to be found |
@@ -251,7 +246,6 @@ error: | |||
251 | 246 | ||
252 | } /* end keyctl_get_keyring_ID() */ | 247 | } /* end keyctl_get_keyring_ID() */ |
253 | 248 | ||
254 | /*****************************************************************************/ | ||
255 | /* | 249 | /* |
256 | * join the session keyring | 250 | * join the session keyring |
257 | * - implements keyctl(KEYCTL_JOIN_SESSION_KEYRING) | 251 | * - implements keyctl(KEYCTL_JOIN_SESSION_KEYRING) |
@@ -277,10 +271,8 @@ long keyctl_join_session_keyring(const char __user *_name) | |||
277 | 271 | ||
278 | error: | 272 | error: |
279 | return ret; | 273 | return ret; |
274 | } | ||
280 | 275 | ||
281 | } /* end keyctl_join_session_keyring() */ | ||
282 | |||
283 | /*****************************************************************************/ | ||
284 | /* | 276 | /* |
285 | * update a key's data payload | 277 | * update a key's data payload |
286 | * - the key must be writable | 278 | * - the key must be writable |
@@ -326,10 +318,8 @@ error2: | |||
326 | kfree(payload); | 318 | kfree(payload); |
327 | error: | 319 | error: |
328 | return ret; | 320 | return ret; |
321 | } | ||
329 | 322 | ||
330 | } /* end keyctl_update_key() */ | ||
331 | |||
332 | /*****************************************************************************/ | ||
333 | /* | 323 | /* |
334 | * revoke a key | 324 | * revoke a key |
335 | * - the key must be writable | 325 | * - the key must be writable |
@@ -358,10 +348,8 @@ long keyctl_revoke_key(key_serial_t id) | |||
358 | key_ref_put(key_ref); | 348 | key_ref_put(key_ref); |
359 | error: | 349 | error: |
360 | return ret; | 350 | return ret; |
351 | } | ||
361 | 352 | ||
362 | } /* end keyctl_revoke_key() */ | ||
363 | |||
364 | /*****************************************************************************/ | ||
365 | /* | 353 | /* |
366 | * clear the specified process keyring | 354 | * clear the specified process keyring |
367 | * - the keyring must be writable | 355 | * - the keyring must be writable |
@@ -383,10 +371,8 @@ long keyctl_keyring_clear(key_serial_t ringid) | |||
383 | key_ref_put(keyring_ref); | 371 | key_ref_put(keyring_ref); |
384 | error: | 372 | error: |
385 | return ret; | 373 | return ret; |
374 | } | ||
386 | 375 | ||
387 | } /* end keyctl_keyring_clear() */ | ||
388 | |||
389 | /*****************************************************************************/ | ||
390 | /* | 376 | /* |
391 | * link a key into a keyring | 377 | * link a key into a keyring |
392 | * - the keyring must be writable | 378 | * - the keyring must be writable |
@@ -417,10 +403,8 @@ error2: | |||
417 | key_ref_put(keyring_ref); | 403 | key_ref_put(keyring_ref); |
418 | error: | 404 | error: |
419 | return ret; | 405 | return ret; |
406 | } | ||
420 | 407 | ||
421 | } /* end keyctl_keyring_link() */ | ||
422 | |||
423 | /*****************************************************************************/ | ||
424 | /* | 408 | /* |
425 | * unlink the first attachment of a key from a keyring | 409 | * unlink the first attachment of a key from a keyring |
426 | * - the keyring must be writable | 410 | * - the keyring must be writable |
@@ -451,10 +435,8 @@ error2: | |||
451 | key_ref_put(keyring_ref); | 435 | key_ref_put(keyring_ref); |
452 | error: | 436 | error: |
453 | return ret; | 437 | return ret; |
438 | } | ||
454 | 439 | ||
455 | } /* end keyctl_keyring_unlink() */ | ||
456 | |||
457 | /*****************************************************************************/ | ||
458 | /* | 440 | /* |
459 | * describe a user key | 441 | * describe a user key |
460 | * - the key must have view permission | 442 | * - the key must have view permission |
@@ -531,10 +513,8 @@ error2: | |||
531 | key_ref_put(key_ref); | 513 | key_ref_put(key_ref); |
532 | error: | 514 | error: |
533 | return ret; | 515 | return ret; |
516 | } | ||
534 | 517 | ||
535 | } /* end keyctl_describe_key() */ | ||
536 | |||
537 | /*****************************************************************************/ | ||
538 | /* | 518 | /* |
539 | * search the specified keyring for a matching key | 519 | * search the specified keyring for a matching key |
540 | * - the start keyring must be searchable | 520 | * - the start keyring must be searchable |
@@ -626,10 +606,8 @@ error2: | |||
626 | kfree(description); | 606 | kfree(description); |
627 | error: | 607 | error: |
628 | return ret; | 608 | return ret; |
609 | } | ||
629 | 610 | ||
630 | } /* end keyctl_keyring_search() */ | ||
631 | |||
632 | /*****************************************************************************/ | ||
633 | /* | 611 | /* |
634 | * read a user key's payload | 612 | * read a user key's payload |
635 | * - the keyring must be readable or the key must be searchable from the | 613 | * - the keyring must be readable or the key must be searchable from the |
@@ -688,10 +666,8 @@ error2: | |||
688 | key_put(key); | 666 | key_put(key); |
689 | error: | 667 | error: |
690 | return ret; | 668 | return ret; |
669 | } | ||
691 | 670 | ||
692 | } /* end keyctl_read_key() */ | ||
693 | |||
694 | /*****************************************************************************/ | ||
695 | /* | 671 | /* |
696 | * change the ownership of a key | 672 | * change the ownership of a key |
697 | * - the keyring owned by the changer | 673 | * - the keyring owned by the changer |
@@ -796,10 +772,8 @@ quota_overrun: | |||
796 | zapowner = newowner; | 772 | zapowner = newowner; |
797 | ret = -EDQUOT; | 773 | ret = -EDQUOT; |
798 | goto error_put; | 774 | goto error_put; |
775 | } | ||
799 | 776 | ||
800 | } /* end keyctl_chown_key() */ | ||
801 | |||
802 | /*****************************************************************************/ | ||
803 | /* | 777 | /* |
804 | * change the permission mask on a key | 778 | * change the permission mask on a key |
805 | * - the keyring owned by the changer | 779 | * - the keyring owned by the changer |
@@ -838,8 +812,7 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm) | |||
838 | key_put(key); | 812 | key_put(key); |
839 | error: | 813 | error: |
840 | return ret; | 814 | return ret; |
841 | 815 | } | |
842 | } /* end keyctl_setperm_key() */ | ||
843 | 816 | ||
844 | /* | 817 | /* |
845 | * get the destination keyring for instantiation | 818 | * get the destination keyring for instantiation |
@@ -895,7 +868,6 @@ static int keyctl_change_reqkey_auth(struct key *key) | |||
895 | return commit_creds(new); | 868 | return commit_creds(new); |
896 | } | 869 | } |
897 | 870 | ||
898 | /*****************************************************************************/ | ||
899 | /* | 871 | /* |
900 | * instantiate the key with the specified payload, and, if one is given, link | 872 | * instantiate the key with the specified payload, and, if one is given, link |
901 | * the key into the keyring | 873 | * the key into the keyring |
@@ -973,10 +945,8 @@ error2: | |||
973 | vfree(payload); | 945 | vfree(payload); |
974 | error: | 946 | error: |
975 | return ret; | 947 | return ret; |
948 | } | ||
976 | 949 | ||
977 | } /* end keyctl_instantiate_key() */ | ||
978 | |||
979 | /*****************************************************************************/ | ||
980 | /* | 950 | /* |
981 | * negatively instantiate the key with the given timeout (in seconds), and, if | 951 | * negatively instantiate the key with the given timeout (in seconds), and, if |
982 | * one is given, link the key into the keyring | 952 | * one is given, link the key into the keyring |
@@ -1020,10 +990,8 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) | |||
1020 | 990 | ||
1021 | error: | 991 | error: |
1022 | return ret; | 992 | return ret; |
993 | } | ||
1023 | 994 | ||
1024 | } /* end keyctl_negate_key() */ | ||
1025 | |||
1026 | /*****************************************************************************/ | ||
1027 | /* | 995 | /* |
1028 | * set the default keyring in which request_key() will cache keys | 996 | * set the default keyring in which request_key() will cache keys |
1029 | * - return the old setting | 997 | * - return the old setting |
@@ -1079,10 +1047,8 @@ set: | |||
1079 | error: | 1047 | error: |
1080 | abort_creds(new); | 1048 | abort_creds(new); |
1081 | return ret; | 1049 | return ret; |
1050 | } | ||
1082 | 1051 | ||
1083 | } /* end keyctl_set_reqkey_keyring() */ | ||
1084 | |||
1085 | /*****************************************************************************/ | ||
1086 | /* | 1052 | /* |
1087 | * set or clear the timeout for a key | 1053 | * set or clear the timeout for a key |
1088 | */ | 1054 | */ |
@@ -1136,10 +1102,8 @@ okay: | |||
1136 | ret = 0; | 1102 | ret = 0; |
1137 | error: | 1103 | error: |
1138 | return ret; | 1104 | return ret; |
1105 | } | ||
1139 | 1106 | ||
1140 | } /* end keyctl_set_timeout() */ | ||
1141 | |||
1142 | /*****************************************************************************/ | ||
1143 | /* | 1107 | /* |
1144 | * assume the authority to instantiate the specified key | 1108 | * assume the authority to instantiate the specified key |
1145 | */ | 1109 | */ |
@@ -1178,8 +1142,7 @@ long keyctl_assume_authority(key_serial_t id) | |||
1178 | ret = authkey->serial; | 1142 | ret = authkey->serial; |
1179 | error: | 1143 | error: |
1180 | return ret; | 1144 | return ret; |
1181 | 1145 | } | |
1182 | } /* end keyctl_assume_authority() */ | ||
1183 | 1146 | ||
1184 | /* | 1147 | /* |
1185 | * get the security label of a key | 1148 | * get the security label of a key |
@@ -1348,7 +1311,6 @@ error_keyring: | |||
1348 | #endif /* !TIF_NOTIFY_RESUME */ | 1311 | #endif /* !TIF_NOTIFY_RESUME */ |
1349 | } | 1312 | } |
1350 | 1313 | ||
1351 | /*****************************************************************************/ | ||
1352 | /* | 1314 | /* |
1353 | * the key control system call | 1315 | * the key control system call |
1354 | */ | 1316 | */ |
@@ -1439,5 +1401,4 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, | |||
1439 | default: | 1401 | default: |
1440 | return -EOPNOTSUPP; | 1402 | return -EOPNOTSUPP; |
1441 | } | 1403 | } |
1442 | 1404 | } | |
1443 | } /* end sys_keyctl() */ | ||
diff --git a/security/keys/keyring.c b/security/keys/keyring.c index d37f713e73ce..0a2b8e916d97 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c | |||
@@ -80,7 +80,6 @@ EXPORT_SYMBOL(key_type_keyring); | |||
80 | */ | 80 | */ |
81 | static DECLARE_RWSEM(keyring_serialise_link_sem); | 81 | static DECLARE_RWSEM(keyring_serialise_link_sem); |
82 | 82 | ||
83 | /*****************************************************************************/ | ||
84 | /* | 83 | /* |
85 | * publish the name of a keyring so that it can be found by name (if it has | 84 | * publish the name of a keyring so that it can be found by name (if it has |
86 | * one) | 85 | * one) |
@@ -102,10 +101,8 @@ static void keyring_publish_name(struct key *keyring) | |||
102 | 101 | ||
103 | write_unlock(&keyring_name_lock); | 102 | write_unlock(&keyring_name_lock); |
104 | } | 103 | } |
104 | } | ||
105 | 105 | ||
106 | } /* end keyring_publish_name() */ | ||
107 | |||
108 | /*****************************************************************************/ | ||
109 | /* | 106 | /* |
110 | * initialise a keyring | 107 | * initialise a keyring |
111 | * - we object if we were given any data | 108 | * - we object if we were given any data |
@@ -123,10 +120,8 @@ static int keyring_instantiate(struct key *keyring, | |||
123 | } | 120 | } |
124 | 121 | ||
125 | return ret; | 122 | return ret; |
123 | } | ||
126 | 124 | ||
127 | } /* end keyring_instantiate() */ | ||
128 | |||
129 | /*****************************************************************************/ | ||
130 | /* | 125 | /* |
131 | * match keyrings on their name | 126 | * match keyrings on their name |
132 | */ | 127 | */ |
@@ -134,10 +129,8 @@ static int keyring_match(const struct key *keyring, const void *description) | |||
134 | { | 129 | { |
135 | return keyring->description && | 130 | return keyring->description && |
136 | strcmp(keyring->description, description) == 0; | 131 | strcmp(keyring->description, description) == 0; |
132 | } | ||
137 | 133 | ||
138 | } /* end keyring_match() */ | ||
139 | |||
140 | /*****************************************************************************/ | ||
141 | /* | 134 | /* |
142 | * dispose of the data dangling from the corpse of a keyring | 135 | * dispose of the data dangling from the corpse of a keyring |
143 | */ | 136 | */ |
@@ -164,10 +157,8 @@ static void keyring_destroy(struct key *keyring) | |||
164 | key_put(klist->keys[loop]); | 157 | key_put(klist->keys[loop]); |
165 | kfree(klist); | 158 | kfree(klist); |
166 | } | 159 | } |
160 | } | ||
167 | 161 | ||
168 | } /* end keyring_destroy() */ | ||
169 | |||
170 | /*****************************************************************************/ | ||
171 | /* | 162 | /* |
172 | * describe the keyring | 163 | * describe the keyring |
173 | */ | 164 | */ |
@@ -187,10 +178,8 @@ static void keyring_describe(const struct key *keyring, struct seq_file *m) | |||
187 | else | 178 | else |
188 | seq_puts(m, ": empty"); | 179 | seq_puts(m, ": empty"); |
189 | rcu_read_unlock(); | 180 | rcu_read_unlock(); |
181 | } | ||
190 | 182 | ||
191 | } /* end keyring_describe() */ | ||
192 | |||
193 | /*****************************************************************************/ | ||
194 | /* | 183 | /* |
195 | * read a list of key IDs from the keyring's contents | 184 | * read a list of key IDs from the keyring's contents |
196 | * - the keyring's semaphore is read-locked | 185 | * - the keyring's semaphore is read-locked |
@@ -241,10 +230,8 @@ static long keyring_read(const struct key *keyring, | |||
241 | 230 | ||
242 | error: | 231 | error: |
243 | return ret; | 232 | return ret; |
233 | } | ||
244 | 234 | ||
245 | } /* end keyring_read() */ | ||
246 | |||
247 | /*****************************************************************************/ | ||
248 | /* | 235 | /* |
249 | * allocate a keyring and link into the destination keyring | 236 | * allocate a keyring and link into the destination keyring |
250 | */ | 237 | */ |
@@ -269,10 +256,8 @@ struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, | |||
269 | } | 256 | } |
270 | 257 | ||
271 | return keyring; | 258 | return keyring; |
259 | } | ||
272 | 260 | ||
273 | } /* end keyring_alloc() */ | ||
274 | |||
275 | /*****************************************************************************/ | ||
276 | /* | 261 | /* |
277 | * search the supplied keyring tree for a key that matches the criterion | 262 | * search the supplied keyring tree for a key that matches the criterion |
278 | * - perform a breadth-then-depth search up to the prescribed limit | 263 | * - perform a breadth-then-depth search up to the prescribed limit |
@@ -444,10 +429,8 @@ error_2: | |||
444 | rcu_read_unlock(); | 429 | rcu_read_unlock(); |
445 | error: | 430 | error: |
446 | return key_ref; | 431 | return key_ref; |
432 | } | ||
447 | 433 | ||
448 | } /* end keyring_search_aux() */ | ||
449 | |||
450 | /*****************************************************************************/ | ||
451 | /* | 434 | /* |
452 | * search the supplied keyring tree for a key that matches the criterion | 435 | * search the supplied keyring tree for a key that matches the criterion |
453 | * - perform a breadth-then-depth search up to the prescribed limit | 436 | * - perform a breadth-then-depth search up to the prescribed limit |
@@ -465,12 +448,10 @@ key_ref_t keyring_search(key_ref_t keyring, | |||
465 | 448 | ||
466 | return keyring_search_aux(keyring, current->cred, | 449 | return keyring_search_aux(keyring, current->cred, |
467 | type, description, type->match); | 450 | type, description, type->match); |
468 | 451 | } | |
469 | } /* end keyring_search() */ | ||
470 | 452 | ||
471 | EXPORT_SYMBOL(keyring_search); | 453 | EXPORT_SYMBOL(keyring_search); |
472 | 454 | ||
473 | /*****************************************************************************/ | ||
474 | /* | 455 | /* |
475 | * search the given keyring only (no recursion) | 456 | * search the given keyring only (no recursion) |
476 | * - keyring must be locked by caller | 457 | * - keyring must be locked by caller |
@@ -514,10 +495,8 @@ found: | |||
514 | atomic_inc(&key->usage); | 495 | atomic_inc(&key->usage); |
515 | rcu_read_unlock(); | 496 | rcu_read_unlock(); |
516 | return make_key_ref(key, possessed); | 497 | return make_key_ref(key, possessed); |
498 | } | ||
517 | 499 | ||
518 | } /* end __keyring_search_one() */ | ||
519 | |||
520 | /*****************************************************************************/ | ||
521 | /* | 500 | /* |
522 | * find a keyring with the specified name | 501 | * find a keyring with the specified name |
523 | * - all named keyrings are searched | 502 | * - all named keyrings are searched |
@@ -569,10 +548,8 @@ struct key *find_keyring_by_name(const char *name, bool skip_perm_check) | |||
569 | out: | 548 | out: |
570 | read_unlock(&keyring_name_lock); | 549 | read_unlock(&keyring_name_lock); |
571 | return keyring; | 550 | return keyring; |
551 | } | ||
572 | 552 | ||
573 | } /* end find_keyring_by_name() */ | ||
574 | |||
575 | /*****************************************************************************/ | ||
576 | /* | 553 | /* |
577 | * see if a cycle will will be created by inserting acyclic tree B in acyclic | 554 | * see if a cycle will will be created by inserting acyclic tree B in acyclic |
578 | * tree A at the topmost level (ie: as a direct child of A) | 555 | * tree A at the topmost level (ie: as a direct child of A) |
@@ -657,8 +634,7 @@ too_deep: | |||
657 | cycle_detected: | 634 | cycle_detected: |
658 | ret = -EDEADLK; | 635 | ret = -EDEADLK; |
659 | goto error; | 636 | goto error; |
660 | 637 | } | |
661 | } /* end keyring_detect_cycle() */ | ||
662 | 638 | ||
663 | /* | 639 | /* |
664 | * dispose of a keyring list after the RCU grace period, freeing the unlinked | 640 | * dispose of a keyring list after the RCU grace period, freeing the unlinked |
@@ -898,7 +874,6 @@ int key_link(struct key *keyring, struct key *key) | |||
898 | 874 | ||
899 | EXPORT_SYMBOL(key_link); | 875 | EXPORT_SYMBOL(key_link); |
900 | 876 | ||
901 | /*****************************************************************************/ | ||
902 | /* | 877 | /* |
903 | * unlink the first link to a key from a keyring | 878 | * unlink the first link to a key from a keyring |
904 | */ | 879 | */ |
@@ -968,12 +943,10 @@ nomem: | |||
968 | ret = -ENOMEM; | 943 | ret = -ENOMEM; |
969 | up_write(&keyring->sem); | 944 | up_write(&keyring->sem); |
970 | goto error; | 945 | goto error; |
971 | 946 | } | |
972 | } /* end key_unlink() */ | ||
973 | 947 | ||
974 | EXPORT_SYMBOL(key_unlink); | 948 | EXPORT_SYMBOL(key_unlink); |
975 | 949 | ||
976 | /*****************************************************************************/ | ||
977 | /* | 950 | /* |
978 | * dispose of a keyring list after the RCU grace period, releasing the keys it | 951 | * dispose of a keyring list after the RCU grace period, releasing the keys it |
979 | * links to | 952 | * links to |
@@ -989,10 +962,8 @@ static void keyring_clear_rcu_disposal(struct rcu_head *rcu) | |||
989 | key_put(klist->keys[loop]); | 962 | key_put(klist->keys[loop]); |
990 | 963 | ||
991 | kfree(klist); | 964 | kfree(klist); |
965 | } | ||
992 | 966 | ||
993 | } /* end keyring_clear_rcu_disposal() */ | ||
994 | |||
995 | /*****************************************************************************/ | ||
996 | /* | 967 | /* |
997 | * clear the specified process keyring | 968 | * clear the specified process keyring |
998 | * - implements keyctl(KEYCTL_CLEAR) | 969 | * - implements keyctl(KEYCTL_CLEAR) |
@@ -1027,12 +998,10 @@ int keyring_clear(struct key *keyring) | |||
1027 | } | 998 | } |
1028 | 999 | ||
1029 | return ret; | 1000 | return ret; |
1030 | 1001 | } | |
1031 | } /* end keyring_clear() */ | ||
1032 | 1002 | ||
1033 | EXPORT_SYMBOL(keyring_clear); | 1003 | EXPORT_SYMBOL(keyring_clear); |
1034 | 1004 | ||
1035 | /*****************************************************************************/ | ||
1036 | /* | 1005 | /* |
1037 | * dispose of the links from a revoked keyring | 1006 | * dispose of the links from a revoked keyring |
1038 | * - called with the key sem write-locked | 1007 | * - called with the key sem write-locked |
@@ -1050,8 +1019,7 @@ static void keyring_revoke(struct key *keyring) | |||
1050 | rcu_assign_pointer(keyring->payload.subscriptions, NULL); | 1019 | rcu_assign_pointer(keyring->payload.subscriptions, NULL); |
1051 | call_rcu(&klist->rcu, keyring_clear_rcu_disposal); | 1020 | call_rcu(&klist->rcu, keyring_clear_rcu_disposal); |
1052 | } | 1021 | } |
1053 | 1022 | } | |
1054 | } /* end keyring_revoke() */ | ||
1055 | 1023 | ||
1056 | /* | 1024 | /* |
1057 | * Determine whether a key is dead | 1025 | * Determine whether a key is dead |
diff --git a/security/keys/permission.c b/security/keys/permission.c index 28645502cd0d..6284b1496c29 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c | |||
@@ -13,7 +13,6 @@ | |||
13 | #include <linux/security.h> | 13 | #include <linux/security.h> |
14 | #include "internal.h" | 14 | #include "internal.h" |
15 | 15 | ||
16 | /*****************************************************************************/ | ||
17 | /** | 16 | /** |
18 | * key_task_permission - Check a key can be used | 17 | * key_task_permission - Check a key can be used |
19 | * @key_ref: The key to check | 18 | * @key_ref: The key to check |
@@ -79,12 +78,10 @@ use_these_perms: | |||
79 | 78 | ||
80 | /* let LSM be the final arbiter */ | 79 | /* let LSM be the final arbiter */ |
81 | return security_key_permission(key_ref, cred, perm); | 80 | return security_key_permission(key_ref, cred, perm); |
82 | 81 | } | |
83 | } /* end key_task_permission() */ | ||
84 | 82 | ||
85 | EXPORT_SYMBOL(key_task_permission); | 83 | EXPORT_SYMBOL(key_task_permission); |
86 | 84 | ||
87 | /*****************************************************************************/ | ||
88 | /* | 85 | /* |
89 | * validate a key | 86 | * validate a key |
90 | */ | 87 | */ |
@@ -111,7 +108,6 @@ int key_validate(struct key *key) | |||
111 | 108 | ||
112 | error: | 109 | error: |
113 | return ret; | 110 | return ret; |
114 | 111 | } | |
115 | } /* end key_validate() */ | ||
116 | 112 | ||
117 | EXPORT_SYMBOL(key_validate); | 113 | EXPORT_SYMBOL(key_validate); |
diff --git a/security/keys/proc.c b/security/keys/proc.c index 70373966816e..ad5f64e1b320 100644 --- a/security/keys/proc.c +++ b/security/keys/proc.c | |||
@@ -60,7 +60,6 @@ static const struct file_operations proc_key_users_fops = { | |||
60 | .release = seq_release, | 60 | .release = seq_release, |
61 | }; | 61 | }; |
62 | 62 | ||
63 | /*****************************************************************************/ | ||
64 | /* | 63 | /* |
65 | * declare the /proc files | 64 | * declare the /proc files |
66 | */ | 65 | */ |
@@ -79,12 +78,10 @@ static int __init key_proc_init(void) | |||
79 | panic("Cannot create /proc/key-users\n"); | 78 | panic("Cannot create /proc/key-users\n"); |
80 | 79 | ||
81 | return 0; | 80 | return 0; |
82 | 81 | } | |
83 | } /* end key_proc_init() */ | ||
84 | 82 | ||
85 | __initcall(key_proc_init); | 83 | __initcall(key_proc_init); |
86 | 84 | ||
87 | /*****************************************************************************/ | ||
88 | /* | 85 | /* |
89 | * implement "/proc/keys" to provides a list of the keys on the system | 86 | * implement "/proc/keys" to provides a list of the keys on the system |
90 | */ | 87 | */ |
@@ -293,7 +290,6 @@ static struct rb_node *key_user_first(struct rb_root *r) | |||
293 | return __key_user_next(n); | 290 | return __key_user_next(n); |
294 | } | 291 | } |
295 | 292 | ||
296 | /*****************************************************************************/ | ||
297 | /* | 293 | /* |
298 | * implement "/proc/key-users" to provides a list of the key users | 294 | * implement "/proc/key-users" to provides a list of the key users |
299 | */ | 295 | */ |
@@ -351,5 +347,4 @@ static int proc_key_users_show(struct seq_file *m, void *v) | |||
351 | maxbytes); | 347 | maxbytes); |
352 | 348 | ||
353 | return 0; | 349 | return 0; |
354 | |||
355 | } | 350 | } |
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 504bdd2452bd..ea55cf9acf36 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c | |||
@@ -38,7 +38,6 @@ struct key_user root_key_user = { | |||
38 | .user_ns = &init_user_ns, | 38 | .user_ns = &init_user_ns, |
39 | }; | 39 | }; |
40 | 40 | ||
41 | /*****************************************************************************/ | ||
42 | /* | 41 | /* |
43 | * install user and user session keyrings for a particular UID | 42 | * install user and user session keyrings for a particular UID |
44 | */ | 43 | */ |
@@ -275,7 +274,6 @@ static int install_session_keyring(struct key *keyring) | |||
275 | return commit_creds(new); | 274 | return commit_creds(new); |
276 | } | 275 | } |
277 | 276 | ||
278 | /*****************************************************************************/ | ||
279 | /* | 277 | /* |
280 | * the filesystem user ID changed | 278 | * the filesystem user ID changed |
281 | */ | 279 | */ |
@@ -288,10 +286,8 @@ void key_fsuid_changed(struct task_struct *tsk) | |||
288 | tsk->cred->thread_keyring->uid = tsk->cred->fsuid; | 286 | tsk->cred->thread_keyring->uid = tsk->cred->fsuid; |
289 | up_write(&tsk->cred->thread_keyring->sem); | 287 | up_write(&tsk->cred->thread_keyring->sem); |
290 | } | 288 | } |
289 | } | ||
291 | 290 | ||
292 | } /* end key_fsuid_changed() */ | ||
293 | |||
294 | /*****************************************************************************/ | ||
295 | /* | 291 | /* |
296 | * the filesystem group ID changed | 292 | * the filesystem group ID changed |
297 | */ | 293 | */ |
@@ -304,10 +300,8 @@ void key_fsgid_changed(struct task_struct *tsk) | |||
304 | tsk->cred->thread_keyring->gid = tsk->cred->fsgid; | 300 | tsk->cred->thread_keyring->gid = tsk->cred->fsgid; |
305 | up_write(&tsk->cred->thread_keyring->sem); | 301 | up_write(&tsk->cred->thread_keyring->sem); |
306 | } | 302 | } |
303 | } | ||
307 | 304 | ||
308 | } /* end key_fsgid_changed() */ | ||
309 | |||
310 | /*****************************************************************************/ | ||
311 | /* | 305 | /* |
312 | * search only my process keyrings for the first matching key | 306 | * search only my process keyrings for the first matching key |
313 | * - we use the supplied match function to see if the description (or other | 307 | * - we use the supplied match function to see if the description (or other |
@@ -428,7 +422,6 @@ found: | |||
428 | return key_ref; | 422 | return key_ref; |
429 | } | 423 | } |
430 | 424 | ||
431 | /*****************************************************************************/ | ||
432 | /* | 425 | /* |
433 | * search the process keyrings for the first matching key | 426 | * search the process keyrings for the first matching key |
434 | * - we use the supplied match function to see if the description (or other | 427 | * - we use the supplied match function to see if the description (or other |
@@ -489,20 +482,16 @@ key_ref_t search_process_keyrings(struct key_type *type, | |||
489 | 482 | ||
490 | found: | 483 | found: |
491 | return key_ref; | 484 | return key_ref; |
485 | } | ||
492 | 486 | ||
493 | } /* end search_process_keyrings() */ | ||
494 | |||
495 | /*****************************************************************************/ | ||
496 | /* | 487 | /* |
497 | * see if the key we're looking at is the target key | 488 | * see if the key we're looking at is the target key |
498 | */ | 489 | */ |
499 | int lookup_user_key_possessed(const struct key *key, const void *target) | 490 | int lookup_user_key_possessed(const struct key *key, const void *target) |
500 | { | 491 | { |
501 | return key == target; | 492 | return key == target; |
493 | } | ||
502 | 494 | ||
503 | } /* end lookup_user_key_possessed() */ | ||
504 | |||
505 | /*****************************************************************************/ | ||
506 | /* | 495 | /* |
507 | * lookup a key given a key ID from userspace with a given permissions mask | 496 | * lookup a key given a key ID from userspace with a given permissions mask |
508 | * - don't create special keyrings unless so requested | 497 | * - don't create special keyrings unless so requested |
@@ -711,10 +700,8 @@ invalid_key: | |||
711 | reget_creds: | 700 | reget_creds: |
712 | put_cred(cred); | 701 | put_cred(cred); |
713 | goto try_again; | 702 | goto try_again; |
703 | } | ||
714 | 704 | ||
715 | } /* end lookup_user_key() */ | ||
716 | |||
717 | /*****************************************************************************/ | ||
718 | /* | 705 | /* |
719 | * join the named keyring as the session keyring if possible, or attempt to | 706 | * join the named keyring as the session keyring if possible, or attempt to |
720 | * create a new one of that name if not | 707 | * create a new one of that name if not |
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index 86747151ee5b..ba717b8163ab 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c | |||
@@ -38,7 +38,6 @@ struct key_type key_type_request_key_auth = { | |||
38 | .read = request_key_auth_read, | 38 | .read = request_key_auth_read, |
39 | }; | 39 | }; |
40 | 40 | ||
41 | /*****************************************************************************/ | ||
42 | /* | 41 | /* |
43 | * instantiate a request-key authorisation key | 42 | * instantiate a request-key authorisation key |
44 | */ | 43 | */ |
@@ -48,10 +47,8 @@ static int request_key_auth_instantiate(struct key *key, | |||
48 | { | 47 | { |
49 | key->payload.data = (struct request_key_auth *) data; | 48 | key->payload.data = (struct request_key_auth *) data; |
50 | return 0; | 49 | return 0; |
50 | } | ||
51 | 51 | ||
52 | } /* end request_key_auth_instantiate() */ | ||
53 | |||
54 | /*****************************************************************************/ | ||
55 | /* | 52 | /* |
56 | * reading a request-key authorisation key retrieves the callout information | 53 | * reading a request-key authorisation key retrieves the callout information |
57 | */ | 54 | */ |
@@ -63,10 +60,8 @@ static void request_key_auth_describe(const struct key *key, | |||
63 | seq_puts(m, "key:"); | 60 | seq_puts(m, "key:"); |
64 | seq_puts(m, key->description); | 61 | seq_puts(m, key->description); |
65 | seq_printf(m, " pid:%d ci:%zu", rka->pid, rka->callout_len); | 62 | seq_printf(m, " pid:%d ci:%zu", rka->pid, rka->callout_len); |
63 | } | ||
66 | 64 | ||
67 | } /* end request_key_auth_describe() */ | ||
68 | |||
69 | /*****************************************************************************/ | ||
70 | /* | 65 | /* |
71 | * read the callout_info data | 66 | * read the callout_info data |
72 | * - the key's semaphore is read-locked | 67 | * - the key's semaphore is read-locked |
@@ -91,10 +86,8 @@ static long request_key_auth_read(const struct key *key, | |||
91 | } | 86 | } |
92 | 87 | ||
93 | return ret; | 88 | return ret; |
89 | } | ||
94 | 90 | ||
95 | } /* end request_key_auth_read() */ | ||
96 | |||
97 | /*****************************************************************************/ | ||
98 | /* | 91 | /* |
99 | * handle revocation of an authorisation token key | 92 | * handle revocation of an authorisation token key |
100 | * - called with the key sem write-locked | 93 | * - called with the key sem write-locked |
@@ -109,10 +102,8 @@ static void request_key_auth_revoke(struct key *key) | |||
109 | put_cred(rka->cred); | 102 | put_cred(rka->cred); |
110 | rka->cred = NULL; | 103 | rka->cred = NULL; |
111 | } | 104 | } |
105 | } | ||
112 | 106 | ||
113 | } /* end request_key_auth_revoke() */ | ||
114 | |||
115 | /*****************************************************************************/ | ||
116 | /* | 107 | /* |
117 | * destroy an instantiation authorisation token key | 108 | * destroy an instantiation authorisation token key |
118 | */ | 109 | */ |
@@ -131,10 +122,8 @@ static void request_key_auth_destroy(struct key *key) | |||
131 | key_put(rka->dest_keyring); | 122 | key_put(rka->dest_keyring); |
132 | kfree(rka->callout_info); | 123 | kfree(rka->callout_info); |
133 | kfree(rka); | 124 | kfree(rka); |
125 | } | ||
134 | 126 | ||
135 | } /* end request_key_auth_destroy() */ | ||
136 | |||
137 | /*****************************************************************************/ | ||
138 | /* | 127 | /* |
139 | * create an authorisation token for /sbin/request-key or whoever to gain | 128 | * create an authorisation token for /sbin/request-key or whoever to gain |
140 | * access to the caller's security data | 129 | * access to the caller's security data |
@@ -228,10 +217,8 @@ error_alloc: | |||
228 | kfree(rka); | 217 | kfree(rka); |
229 | kleave("= %d", ret); | 218 | kleave("= %d", ret); |
230 | return ERR_PTR(ret); | 219 | return ERR_PTR(ret); |
220 | } | ||
231 | 221 | ||
232 | } /* end request_key_auth_new() */ | ||
233 | |||
234 | /*****************************************************************************/ | ||
235 | /* | 222 | /* |
236 | * see if an authorisation key is associated with a particular key | 223 | * see if an authorisation key is associated with a particular key |
237 | */ | 224 | */ |
@@ -242,10 +229,8 @@ static int key_get_instantiation_authkey_match(const struct key *key, | |||
242 | key_serial_t id = (key_serial_t)(unsigned long) _id; | 229 | key_serial_t id = (key_serial_t)(unsigned long) _id; |
243 | 230 | ||
244 | return rka->target_key->serial == id; | 231 | return rka->target_key->serial == id; |
232 | } | ||
245 | 233 | ||
246 | } /* end key_get_instantiation_authkey_match() */ | ||
247 | |||
248 | /*****************************************************************************/ | ||
249 | /* | 234 | /* |
250 | * get the authorisation key for instantiation of a specific key if attached to | 235 | * get the authorisation key for instantiation of a specific key if attached to |
251 | * the current process's keyrings | 236 | * the current process's keyrings |
@@ -278,5 +263,4 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id) | |||
278 | 263 | ||
279 | error: | 264 | error: |
280 | return authkey; | 265 | return authkey; |
281 | 266 | } | |
282 | } /* end key_get_instantiation_authkey() */ | ||
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c index e9aa07929656..02807fb16340 100644 --- a/security/keys/user_defined.c +++ b/security/keys/user_defined.c | |||
@@ -35,7 +35,6 @@ struct key_type key_type_user = { | |||
35 | 35 | ||
36 | EXPORT_SYMBOL_GPL(key_type_user); | 36 | EXPORT_SYMBOL_GPL(key_type_user); |
37 | 37 | ||
38 | /*****************************************************************************/ | ||
39 | /* | 38 | /* |
40 | * instantiate a user defined key | 39 | * instantiate a user defined key |
41 | */ | 40 | */ |
@@ -65,12 +64,10 @@ int user_instantiate(struct key *key, const void *data, size_t datalen) | |||
65 | 64 | ||
66 | error: | 65 | error: |
67 | return ret; | 66 | return ret; |
68 | 67 | } | |
69 | } /* end user_instantiate() */ | ||
70 | 68 | ||
71 | EXPORT_SYMBOL_GPL(user_instantiate); | 69 | EXPORT_SYMBOL_GPL(user_instantiate); |
72 | 70 | ||
73 | /*****************************************************************************/ | ||
74 | /* | 71 | /* |
75 | * dispose of the old data from an updated user defined key | 72 | * dispose of the old data from an updated user defined key |
76 | */ | 73 | */ |
@@ -81,10 +78,8 @@ static void user_update_rcu_disposal(struct rcu_head *rcu) | |||
81 | upayload = container_of(rcu, struct user_key_payload, rcu); | 78 | upayload = container_of(rcu, struct user_key_payload, rcu); |
82 | 79 | ||
83 | kfree(upayload); | 80 | kfree(upayload); |
81 | } | ||
84 | 82 | ||
85 | } /* end user_update_rcu_disposal() */ | ||
86 | |||
87 | /*****************************************************************************/ | ||
88 | /* | 83 | /* |
89 | * update a user defined key | 84 | * update a user defined key |
90 | * - the key's semaphore is write-locked | 85 | * - the key's semaphore is write-locked |
@@ -123,24 +118,20 @@ int user_update(struct key *key, const void *data, size_t datalen) | |||
123 | 118 | ||
124 | error: | 119 | error: |
125 | return ret; | 120 | return ret; |
126 | 121 | } | |
127 | } /* end user_update() */ | ||
128 | 122 | ||
129 | EXPORT_SYMBOL_GPL(user_update); | 123 | EXPORT_SYMBOL_GPL(user_update); |
130 | 124 | ||
131 | /*****************************************************************************/ | ||
132 | /* | 125 | /* |
133 | * match users on their name | 126 | * match users on their name |
134 | */ | 127 | */ |
135 | int user_match(const struct key *key, const void *description) | 128 | int user_match(const struct key *key, const void *description) |
136 | { | 129 | { |
137 | return strcmp(key->description, description) == 0; | 130 | return strcmp(key->description, description) == 0; |
138 | 131 | } | |
139 | } /* end user_match() */ | ||
140 | 132 | ||
141 | EXPORT_SYMBOL_GPL(user_match); | 133 | EXPORT_SYMBOL_GPL(user_match); |
142 | 134 | ||
143 | /*****************************************************************************/ | ||
144 | /* | 135 | /* |
145 | * dispose of the links from a revoked keyring | 136 | * dispose of the links from a revoked keyring |
146 | * - called with the key sem write-locked | 137 | * - called with the key sem write-locked |
@@ -156,12 +147,10 @@ void user_revoke(struct key *key) | |||
156 | rcu_assign_pointer(key->payload.data, NULL); | 147 | rcu_assign_pointer(key->payload.data, NULL); |
157 | call_rcu(&upayload->rcu, user_update_rcu_disposal); | 148 | call_rcu(&upayload->rcu, user_update_rcu_disposal); |
158 | } | 149 | } |
159 | 150 | } | |
160 | } /* end user_revoke() */ | ||
161 | 151 | ||
162 | EXPORT_SYMBOL(user_revoke); | 152 | EXPORT_SYMBOL(user_revoke); |
163 | 153 | ||
164 | /*****************************************************************************/ | ||
165 | /* | 154 | /* |
166 | * dispose of the data dangling from the corpse of a user key | 155 | * dispose of the data dangling from the corpse of a user key |
167 | */ | 156 | */ |
@@ -170,12 +159,10 @@ void user_destroy(struct key *key) | |||
170 | struct user_key_payload *upayload = key->payload.data; | 159 | struct user_key_payload *upayload = key->payload.data; |
171 | 160 | ||
172 | kfree(upayload); | 161 | kfree(upayload); |
173 | 162 | } | |
174 | } /* end user_destroy() */ | ||
175 | 163 | ||
176 | EXPORT_SYMBOL_GPL(user_destroy); | 164 | EXPORT_SYMBOL_GPL(user_destroy); |
177 | 165 | ||
178 | /*****************************************************************************/ | ||
179 | /* | 166 | /* |
180 | * describe the user key | 167 | * describe the user key |
181 | */ | 168 | */ |
@@ -184,12 +171,10 @@ void user_describe(const struct key *key, struct seq_file *m) | |||
184 | seq_puts(m, key->description); | 171 | seq_puts(m, key->description); |
185 | 172 | ||
186 | seq_printf(m, ": %u", key->datalen); | 173 | seq_printf(m, ": %u", key->datalen); |
187 | 174 | } | |
188 | } /* end user_describe() */ | ||
189 | 175 | ||
190 | EXPORT_SYMBOL_GPL(user_describe); | 176 | EXPORT_SYMBOL_GPL(user_describe); |
191 | 177 | ||
192 | /*****************************************************************************/ | ||
193 | /* | 178 | /* |
194 | * read the key data | 179 | * read the key data |
195 | * - the key's semaphore is read-locked | 180 | * - the key's semaphore is read-locked |
@@ -213,7 +198,6 @@ long user_read(const struct key *key, char __user *buffer, size_t buflen) | |||
213 | } | 198 | } |
214 | 199 | ||
215 | return ret; | 200 | return ret; |
216 | 201 | } | |
217 | } /* end user_read() */ | ||
218 | 202 | ||
219 | EXPORT_SYMBOL_GPL(user_read); | 203 | EXPORT_SYMBOL_GPL(user_read); |