Doug / smarc-fsl-linux-kernel | Embedian Git Server

Commit 59e6b9c11341e3b8ac5925427c903d4eae435bd8

Authored by Bryan Schumaker 2012-02-25 03:14:50 +0800

Committed by Trond Myklebust 2012-03-02 05:50:31 +0800

Exists in smarc-l5.0.0_1.0.0-ga and in 5 other branches

Created a function for setting timeouts on keys

The keyctl_set_timeout function isn't exported to other parts of the
kernel, but I want to use it for the NFS idmapper.  I already have the
key, but I wanted a generic way to set the timeout.

Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

Showing 3 changed files with 24 additions and 16 deletions Inline Diff

include/linux/key.h
security/keys/key.c
security/keys/keyctl.c

include/linux/key.h

Diff comments View file @ 59e6b9c

 /* Authentication token and access key management
  *
  * Copyright (C) 2004, 2007 Red Hat, Inc. All Rights Reserved.
  * Written by David Howells (dhowells@redhat.com)
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; either version
  * 2 of the License, or (at your option) any later version.
  *
  *
  * See Documentation/security/keys.txt for information on keys/keyrings.
  */
 #ifndef _LINUX_KEY_H
 #define _LINUX_KEY_H
 #include <linux/types.h>
 #include <linux/list.h>
 #include <linux/rbtree.h>
 #include <linux/rcupdate.h>
 #include <linux/sysctl.h>
 #include <linux/rwsem.h>
 #include <linux/atomic.h>
 #ifdef __KERNEL__
 /* key handle serial number */
 typedef int32_t key_serial_t;
 /* key handle permissions mask */
 typedef uint32_t key_perm_t;
 struct key;
 #ifdef CONFIG_KEYS
 #undef KEY_DEBUGGING
 #define KEY_POS_VIEW	0x01000000	/* possessor can view a key's attributes */
 #define KEY_POS_READ	0x02000000	/* possessor can read key payload / view keyring */
 #define KEY_POS_WRITE	0x04000000	/* possessor can update key payload / add link to keyring */
 #define KEY_POS_SEARCH	0x08000000	/* possessor can find a key in search / search a keyring */
 #define KEY_POS_LINK	0x10000000	/* possessor can create a link to a key/keyring */
 #define KEY_POS_SETATTR	0x20000000	/* possessor can set key attributes */
 #define KEY_POS_ALL	0x3f000000
 #define KEY_USR_VIEW	0x00010000	/* user permissions... */
 #define KEY_USR_READ	0x00020000
 #define KEY_USR_WRITE	0x00040000
 #define KEY_USR_SEARCH	0x00080000
 #define KEY_USR_LINK	0x00100000
 #define KEY_USR_SETATTR	0x00200000
 #define KEY_USR_ALL	0x003f0000
 #define KEY_GRP_VIEW	0x00000100	/* group permissions... */
 #define KEY_GRP_READ	0x00000200
 #define KEY_GRP_WRITE	0x00000400
 #define KEY_GRP_SEARCH	0x00000800
 #define KEY_GRP_LINK	0x00001000
 #define KEY_GRP_SETATTR	0x00002000
 #define KEY_GRP_ALL	0x00003f00
 #define KEY_OTH_VIEW	0x00000001	/* third party permissions... */
 #define KEY_OTH_READ	0x00000002
 #define KEY_OTH_WRITE	0x00000004
 #define KEY_OTH_SEARCH	0x00000008
 #define KEY_OTH_LINK	0x00000010
 #define KEY_OTH_SETATTR	0x00000020
 #define KEY_OTH_ALL	0x0000003f
 #define KEY_PERM_UNDEF	0xffffffff
 struct seq_file;
 struct user_struct;
 struct signal_struct;
 struct cred;
 struct key_type;
 struct key_owner;
 struct keyring_list;
 struct keyring_name;
 /*****************************************************************************/
 /*
  * key reference with possession attribute handling
  *
  * NOTE! key_ref_t is a typedef'd pointer to a type that is not actually
  * defined. This is because we abuse the bottom bit of the reference to carry a
  * flag to indicate whether the calling process possesses that key in one of
  * its keyrings.
  *
  * the key_ref_t has been made a separate type so that the compiler can reject
  * attempts to dereference it without proper conversion.
  *
  * the three functions are used to assemble and disassemble references
  */
 typedef struct __key_reference_with_attributes *key_ref_t;
 static inline key_ref_t make_key_ref(const struct key *key,
 				     unsigned long possession)
 {
 	return (key_ref_t) ((unsigned long) key | possession);
 }
 static inline struct key *key_ref_to_ptr(const key_ref_t key_ref)
 {
 	return (struct key *) ((unsigned long) key_ref & ~1UL);
 }
 static inline unsigned long is_key_possessed(const key_ref_t key_ref)
 {
 	return (unsigned long) key_ref & 1UL;
 }
 /*****************************************************************************/
 /*
  * authentication token / access credential / keyring
  * - types of key include:
  *   - keyrings
  *   - disk encryption IDs
  *   - Kerberos TGTs and tickets
  */
 struct key {
 	atomic_t		usage;		/* number of references */
 	key_serial_t		serial;		/* key serial number */
 	struct rb_node		serial_node;
 	struct key_type		*type;		/* type of key */
 	struct rw_semaphore	sem;		/* change vs change sem */
 	struct key_user		*user;		/* owner of this key */
 	void			*security;	/* security data for this key */
 	union {
 		time_t		expiry;		/* time at which key expires (or 0) */
 		time_t		revoked_at;	/* time at which key was revoked */
 	};
 	uid_t			uid;
 	gid_t			gid;
 	key_perm_t		perm;		/* access permissions */
 	unsigned short		quotalen;	/* length added to quota */
 	unsigned short		datalen;	/* payload data length
 						 * - may not match RCU dereferenced payload
 						 * - payload should contain own length
 						 */
 #ifdef KEY_DEBUGGING
 	unsigned		magic;
 #define KEY_DEBUG_MAGIC		0x18273645u
 #define KEY_DEBUG_MAGIC_X	0xf8e9dacbu
 #endif
 	unsigned long		flags;		/* status flags (change with bitops) */
 #define KEY_FLAG_INSTANTIATED	0	/* set if key has been instantiated */
 #define KEY_FLAG_DEAD		1	/* set if key type has been deleted */
 #define KEY_FLAG_REVOKED	2	/* set if key had been revoked */
 #define KEY_FLAG_IN_QUOTA	3	/* set if key consumes quota */
 #define KEY_FLAG_USER_CONSTRUCT	4	/* set if key is being constructed in userspace */
 #define KEY_FLAG_NEGATIVE	5	/* set if key is negative */
 	/* the description string
 	 * - this is used to match a key against search criteria
 	 * - this should be a printable string
 	 * - eg: for krb5 AFS, this might be "afs@REDHAT.COM"
 	 */
 	char			*description;
 	/* type specific data
 	 * - this is used by the keyring type to index the name
 	 */
 	union {
 		struct list_head	link;
 		unsigned long		x[2];
 		void			*p[2];
 		int			reject_error;
 	} type_data;
 	/* key data
 	 * - this is used to hold the data actually used in cryptography or
 	 *   whatever
 	 */
 	union {
 		unsigned long		value;
 		void __rcu		*rcudata;
 		void			*data;
 		struct keyring_list __rcu *subscriptions;
 	} payload;
 };
 extern struct key *key_alloc(struct key_type *type,
 			     const char *desc,
 			     uid_t uid, gid_t gid,
 			     const struct cred *cred,
 			     key_perm_t perm,
 			     unsigned long flags);
 #define KEY_ALLOC_IN_QUOTA	0x0000	/* add to quota, reject if would overrun */
 #define KEY_ALLOC_QUOTA_OVERRUN	0x0001	/* add to quota, permit even if overrun */
 #define KEY_ALLOC_NOT_IN_QUOTA	0x0002	/* not in quota */
 extern void key_revoke(struct key *key);
 extern void key_put(struct key *key);
 static inline struct key *key_get(struct key *key)
 {
 	if (key)
 		atomic_inc(&key->usage);
 	return key;
 }
 static inline void key_ref_put(key_ref_t key_ref)
 {
 	key_put(key_ref_to_ptr(key_ref));
 }
 extern struct key *request_key(struct key_type *type,
 			       const char *description,
 			       const char *callout_info);
 extern struct key *request_key_with_auxdata(struct key_type *type,
 					    const char *description,
 					    const void *callout_info,
 					    size_t callout_len,
 					    void *aux);
 extern struct key *request_key_async(struct key_type *type,
 				     const char *description,
 				     const void *callout_info,
 				     size_t callout_len);
 extern struct key *request_key_async_with_auxdata(struct key_type *type,
 						  const char *description,
 						  const void *callout_info,
 						  size_t callout_len,
 						  void *aux);
 extern int wait_for_key_construction(struct key *key, bool intr);
 extern int key_validate(struct key *key);
 extern key_ref_t key_create_or_update(key_ref_t keyring,
 				      const char *type,
 				      const char *description,
 				      const void *payload,
 				      size_t plen,
 				      key_perm_t perm,
 				      unsigned long flags);
 extern int key_update(key_ref_t key,
 		      const void *payload,
 		      size_t plen);
 extern int key_link(struct key *keyring,
 		    struct key *key);
 extern int key_unlink(struct key *keyring,
 		      struct key *key);
 extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
 				 const struct cred *cred,
 				 unsigned long flags,
 				 struct key *dest);
 extern int keyring_clear(struct key *keyring);
 extern key_ref_t keyring_search(key_ref_t keyring,
 				struct key_type *type,
 				const char *description);
 extern int keyring_add_key(struct key *keyring,
 			   struct key *key);
 extern struct key *key_lookup(key_serial_t id);
 static inline key_serial_t key_serial(const struct key *key)
 {
 	return key ? key->serial : 0;
 }
+extern void key_set_timeout(struct key *, unsigned);
 /**
  * key_is_instantiated - Determine if a key has been positively instantiated
  * @key: The key to check.
  *
  * Return true if the specified key has been positively instantiated, false
  * otherwise.
  */
 static inline bool key_is_instantiated(const struct key *key)
 {
 	return test_bit(KEY_FLAG_INSTANTIATED, &key->flags) &&
 		!test_bit(KEY_FLAG_NEGATIVE, &key->flags);
 }
 #define rcu_dereference_key(KEY)					\
 	(rcu_dereference_protected((KEY)->payload.rcudata,		\
 				   rwsem_is_locked(&((struct key *)(KEY))->sem)))
 #define rcu_assign_keypointer(KEY, PAYLOAD)				\
 	(rcu_assign_pointer((KEY)->payload.rcudata, PAYLOAD))
 #ifdef CONFIG_SYSCTL
 extern ctl_table key_sysctls[];
 #endif
 extern void key_replace_session_keyring(void);
 /*
  * the userspace interface
  */
 extern int install_thread_keyring_to_cred(struct cred *cred);
 extern void key_fsuid_changed(struct task_struct *tsk);
 extern void key_fsgid_changed(struct task_struct *tsk);
 extern void key_init(void);
 #else /* CONFIG_KEYS */
 #define key_validate(k)			0
 #define key_serial(k)			0
 #define key_get(k) 			({ NULL; })
 #define key_revoke(k)			do { } while(0)
 #define key_put(k)			do { } while(0)
 #define key_ref_put(k)			do { } while(0)
 #define make_key_ref(k, p)		NULL
 #define key_ref_to_ptr(k)		NULL
 #define is_key_possessed(k)		0
 #define key_fsuid_changed(t)		do { } while(0)
 #define key_fsgid_changed(t)		do { } while(0)
 #define key_init()			do { } while(0)
 #define key_replace_session_keyring()	do { } while(0)
 #endif /* CONFIG_KEYS */
 #endif /* __KERNEL__ */
 #endif /* _LINUX_KEY_H */

security/keys/key.c

Diff comments View file @ 59e6b9c

 /* Basic authentication token and access key management
  *
  * Copyright (C) 2004-2008 Red Hat, Inc. All Rights Reserved.
  * Written by David Howells (dhowells@redhat.com)
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; either version
  * 2 of the License, or (at your option) any later version.
  */
 #include <linux/module.h>
 #include <linux/init.h>
 #include <linux/poison.h>
 #include <linux/sched.h>
 #include <linux/slab.h>
 #include <linux/security.h>
 #include <linux/workqueue.h>
 #include <linux/random.h>
 #include <linux/err.h>
 #include <linux/user_namespace.h>
 #include "internal.h"
 struct kmem_cache *key_jar;
 struct rb_root		key_serial_tree; /* tree of keys indexed by serial */
 DEFINE_SPINLOCK(key_serial_lock);
 struct rb_root	key_user_tree; /* tree of quota records indexed by UID */
 DEFINE_SPINLOCK(key_user_lock);
 unsigned int key_quota_root_maxkeys = 200;	/* root's key count quota */
 unsigned int key_quota_root_maxbytes = 20000;	/* root's key space quota */
 unsigned int key_quota_maxkeys = 200;		/* general key count quota */
 unsigned int key_quota_maxbytes = 20000;	/* general key space quota */
 static LIST_HEAD(key_types_list);
 static DECLARE_RWSEM(key_types_sem);
 /* We serialise key instantiation and link */
 DEFINE_MUTEX(key_construction_mutex);
 #ifdef KEY_DEBUGGING
 void __key_check(const struct key *key)
 {
 	printk("__key_check: key %p {%08x} should be {%08x}\n",
 	       key, key->magic, KEY_DEBUG_MAGIC);
 	BUG();
 }
 #endif
 /*
  * Get the key quota record for a user, allocating a new record if one doesn't
  * already exist.
  */
 struct key_user *key_user_lookup(uid_t uid, struct user_namespace *user_ns)
 {
 	struct key_user *candidate = NULL, *user;
 	struct rb_node *parent = NULL;
 	struct rb_node **p;
 try_again:
 	p = &key_user_tree.rb_node;
 	spin_lock(&key_user_lock);
 	/* search the tree for a user record with a matching UID */
 	while (*p) {
 		parent = *p;
 		user = rb_entry(parent, struct key_user, node);
 		if (uid < user->uid)
 			p = &(*p)->rb_left;
 		else if (uid > user->uid)
 			p = &(*p)->rb_right;
 		else if (user_ns < user->user_ns)
 			p = &(*p)->rb_left;
 		else if (user_ns > user->user_ns)
 			p = &(*p)->rb_right;
 		else
 			goto found;
 	}
 	/* if we get here, we failed to find a match in the tree */
 	if (!candidate) {
 		/* allocate a candidate user record if we don't already have
 		 * one */
 		spin_unlock(&key_user_lock);
 		user = NULL;
 		candidate = kmalloc(sizeof(struct key_user), GFP_KERNEL);
 		if (unlikely(!candidate))
 			goto out;
 		/* the allocation may have scheduled, so we need to repeat the
 		 * search lest someone else added the record whilst we were
 		 * asleep */
 		goto try_again;
 	}
 	/* if we get here, then the user record still hadn't appeared on the
 	 * second pass - so we use the candidate record */
 	atomic_set(&candidate->usage, 1);
 	atomic_set(&candidate->nkeys, 0);
 	atomic_set(&candidate->nikeys, 0);
 	candidate->uid = uid;
 	candidate->user_ns = get_user_ns(user_ns);
 	candidate->qnkeys = 0;
 	candidate->qnbytes = 0;
 	spin_lock_init(&candidate->lock);
 	mutex_init(&candidate->cons_lock);
 	rb_link_node(&candidate->node, parent, p);
 	rb_insert_color(&candidate->node, &key_user_tree);
 	spin_unlock(&key_user_lock);
 	user = candidate;
 	goto out;
 	/* okay - we found a user record for this UID */
 found:
 	atomic_inc(&user->usage);
 	spin_unlock(&key_user_lock);
 	kfree(candidate);
 out:
 	return user;
 }
 /*
  * Dispose of a user structure
  */
 void key_user_put(struct key_user *user)
 {
 	if (atomic_dec_and_lock(&user->usage, &key_user_lock)) {
 		rb_erase(&user->node, &key_user_tree);
 		spin_unlock(&key_user_lock);
 		put_user_ns(user->user_ns);
 		kfree(user);
 	}
 }
 /*
  * Allocate a serial number for a key.  These are assigned randomly to avoid
  * security issues through covert channel problems.
  */
 static inline void key_alloc_serial(struct key *key)
 {
 	struct rb_node *parent, **p;
 	struct key *xkey;
 	/* propose a random serial number and look for a hole for it in the
 	 * serial number tree */
 	do {
 		get_random_bytes(&key->serial, sizeof(key->serial));
 		key->serial >>= 1; /* negative numbers are not permitted */
 	} while (key->serial < 3);
 	spin_lock(&key_serial_lock);
 attempt_insertion:
 	parent = NULL;
 	p = &key_serial_tree.rb_node;
 	while (*p) {
 		parent = *p;
 		xkey = rb_entry(parent, struct key, serial_node);
 		if (key->serial < xkey->serial)
 			p = &(*p)->rb_left;
 		else if (key->serial > xkey->serial)
 			p = &(*p)->rb_right;
 		else
 			goto serial_exists;
 	}
 	/* we've found a suitable hole - arrange for this key to occupy it */
 	rb_link_node(&key->serial_node, parent, p);
 	rb_insert_color(&key->serial_node, &key_serial_tree);
 	spin_unlock(&key_serial_lock);
 	return;
 	/* we found a key with the proposed serial number - walk the tree from
 	 * that point looking for the next unused serial number */
 serial_exists:
 	for (;;) {
 		key->serial++;
 		if (key->serial < 3) {
 			key->serial = 3;
 			goto attempt_insertion;
 		}
 		parent = rb_next(parent);
 		if (!parent)
 			goto attempt_insertion;
 		xkey = rb_entry(parent, struct key, serial_node);
 		if (key->serial < xkey->serial)
 			goto attempt_insertion;
 	}
 }
 /**
  * key_alloc - Allocate a key of the specified type.
  * @type: The type of key to allocate.
  * @desc: The key description to allow the key to be searched out.
  * @uid: The owner of the new key.
  * @gid: The group ID for the new key's group permissions.
  * @cred: The credentials specifying UID namespace.
  * @perm: The permissions mask of the new key.
  * @flags: Flags specifying quota properties.
  *
  * Allocate a key of the specified type with the attributes given.  The key is
  * returned in an uninstantiated state and the caller needs to instantiate the
  * key before returning.
  *
  * The user's key count quota is updated to reflect the creation of the key and
  * the user's key data quota has the default for the key type reserved.  The
  * instantiation function should amend this as necessary.  If insufficient
  * quota is available, -EDQUOT will be returned.
  *
  * The LSM security modules can prevent a key being created, in which case
  * -EACCES will be returned.
  *
  * Returns a pointer to the new key if successful and an error code otherwise.
  *
  * Note that the caller needs to ensure the key type isn't uninstantiated.
  * Internally this can be done by locking key_types_sem.  Externally, this can
  * be done by either never unregistering the key type, or making sure
  * key_alloc() calls don't race with module unloading.
  */
 struct key *key_alloc(struct key_type *type, const char *desc,
 		      uid_t uid, gid_t gid, const struct cred *cred,
 		      key_perm_t perm, unsigned long flags)
 {
 	struct key_user *user = NULL;
 	struct key *key;
 	size_t desclen, quotalen;
 	int ret;
 	key = ERR_PTR(-EINVAL);
 	if (!desc || !*desc)
 		goto error;
 	if (type->vet_description) {
 		ret = type->vet_description(desc);
 		if (ret < 0) {
 			key = ERR_PTR(ret);
 			goto error;
 		}
 	}
 	desclen = strlen(desc) + 1;
 	quotalen = desclen + type->def_datalen;
 	/* get hold of the key tracking for this user */
 	user = key_user_lookup(uid, cred->user->user_ns);
 	if (!user)
 		goto no_memory_1;
 	/* check that the user's quota permits allocation of another key and
 	 * its description */
 	if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
 		unsigned maxkeys = (uid == 0) ?
 			key_quota_root_maxkeys : key_quota_maxkeys;
 		unsigned maxbytes = (uid == 0) ?
 			key_quota_root_maxbytes : key_quota_maxbytes;
 		spin_lock(&user->lock);
 		if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) {
 			if (user->qnkeys + 1 >= maxkeys ||
 			    user->qnbytes + quotalen >= maxbytes ||
 			    user->qnbytes + quotalen < user->qnbytes)
 				goto no_quota;
 		}
 		user->qnkeys++;
 		user->qnbytes += quotalen;
 		spin_unlock(&user->lock);
 	}
 	/* allocate and initialise the key and its description */
 	key = kmem_cache_alloc(key_jar, GFP_KERNEL);
 	if (!key)
 		goto no_memory_2;
 	if (desc) {
 		key->description = kmemdup(desc, desclen, GFP_KERNEL);
 		if (!key->description)
 			goto no_memory_3;
 	}
 	atomic_set(&key->usage, 1);
 	init_rwsem(&key->sem);
 	lockdep_set_class(&key->sem, &type->lock_class);
 	key->type = type;
 	key->user = user;
 	key->quotalen = quotalen;
 	key->datalen = type->def_datalen;
 	key->uid = uid;
 	key->gid = gid;
 	key->perm = perm;
 	key->flags = 0;
 	key->expiry = 0;
 	key->payload.data = NULL;
 	key->security = NULL;
 	if (!(flags & KEY_ALLOC_NOT_IN_QUOTA))
 		key->flags |= 1 << KEY_FLAG_IN_QUOTA;
 	memset(&key->type_data, 0, sizeof(key->type_data));
 #ifdef KEY_DEBUGGING
 	key->magic = KEY_DEBUG_MAGIC;
 #endif
 	/* let the security module know about the key */
 	ret = security_key_alloc(key, cred, flags);
 	if (ret < 0)
 		goto security_error;
 	/* publish the key by giving it a serial number */
 	atomic_inc(&user->nkeys);
 	key_alloc_serial(key);
 error:
 	return key;
 security_error:
 	kfree(key->description);
 	kmem_cache_free(key_jar, key);
 	if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
 		spin_lock(&user->lock);
 		user->qnkeys--;
 		user->qnbytes -= quotalen;
 		spin_unlock(&user->lock);
 	}
 	key_user_put(user);
 	key = ERR_PTR(ret);
 	goto error;
 no_memory_3:
 	kmem_cache_free(key_jar, key);
 no_memory_2:
 	if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
 		spin_lock(&user->lock);
 		user->qnkeys--;
 		user->qnbytes -= quotalen;
 		spin_unlock(&user->lock);
 	}
 	key_user_put(user);
 no_memory_1:
 	key = ERR_PTR(-ENOMEM);
 	goto error;
 no_quota:
 	spin_unlock(&user->lock);
 	key_user_put(user);
 	key = ERR_PTR(-EDQUOT);
 	goto error;
 }
 EXPORT_SYMBOL(key_alloc);
 /**
  * key_payload_reserve - Adjust data quota reservation for the key's payload
  * @key: The key to make the reservation for.
  * @datalen: The amount of data payload the caller now wants.
  *
  * Adjust the amount of the owning user's key data quota that a key reserves.
  * If the amount is increased, then -EDQUOT may be returned if there isn't
  * enough free quota available.
  *
  * If successful, 0 is returned.
  */
 int key_payload_reserve(struct key *key, size_t datalen)
 {
 	int delta = (int)datalen - key->datalen;
 	int ret = 0;
 	key_check(key);
 	/* contemplate the quota adjustment */
 	if (delta != 0 && test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
 		unsigned maxbytes = (key->user->uid == 0) ?
 			key_quota_root_maxbytes : key_quota_maxbytes;
 		spin_lock(&key->user->lock);
 		if (delta > 0 &&
 		    (key->user->qnbytes + delta >= maxbytes ||
 		     key->user->qnbytes + delta < key->user->qnbytes)) {
 			ret = -EDQUOT;
 		}
 		else {
 			key->user->qnbytes += delta;
 			key->quotalen += delta;
 		}
 		spin_unlock(&key->user->lock);
 	}
 	/* change the recorded data length if that didn't generate an error */
 	if (ret == 0)
 		key->datalen = datalen;
 	return ret;
 }
 EXPORT_SYMBOL(key_payload_reserve);
 /*
  * Instantiate a key and link it into the target keyring atomically.  Must be
  * called with the target keyring's semaphore writelocked.  The target key's
  * semaphore need not be locked as instantiation is serialised by
  * key_construction_mutex.
  */
 static int __key_instantiate_and_link(struct key *key,
 				      const void *data,
 				      size_t datalen,
 				      struct key *keyring,
 				      struct key *authkey,
 				      unsigned long *_prealloc)
 {
 	int ret, awaken;
 	key_check(key);
 	key_check(keyring);
 	awaken = 0;
 	ret = -EBUSY;
 	mutex_lock(&key_construction_mutex);
 	/* can't instantiate twice */
 	if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
 		/* instantiate the key */
 		ret = key->type->instantiate(key, data, datalen);
 		if (ret == 0) {
 			/* mark the key as being instantiated */
 			atomic_inc(&key->user->nikeys);
 			set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
 			if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
 				awaken = 1;
 			/* and link it into the destination keyring */
 			if (keyring)
 				__key_link(keyring, key, _prealloc);
 			/* disable the authorisation key */
 			if (authkey)
 				key_revoke(authkey);
 		}
 	}
 	mutex_unlock(&key_construction_mutex);
 	/* wake up anyone waiting for a key to be constructed */
 	if (awaken)
 		wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT);
 	return ret;
 }
 /**
  * key_instantiate_and_link - Instantiate a key and link it into the keyring.
  * @key: The key to instantiate.
  * @data: The data to use to instantiate the keyring.
  * @datalen: The length of @data.
  * @keyring: Keyring to create a link in on success (or NULL).
  * @authkey: The authorisation token permitting instantiation.
  *
  * Instantiate a key that's in the uninstantiated state using the provided data
  * and, if successful, link it in to the destination keyring if one is
  * supplied.
  *
  * If successful, 0 is returned, the authorisation token is revoked and anyone
  * waiting for the key is woken up.  If the key was already instantiated,
  * -EBUSY will be returned.
  */
 int key_instantiate_and_link(struct key *key,
 			     const void *data,
 			     size_t datalen,
 			     struct key *keyring,
 			     struct key *authkey)
 {
 	unsigned long prealloc;
 	int ret;
 	if (keyring) {
 		ret = __key_link_begin(keyring, key->type, key->description,
 				       &prealloc);
 		if (ret < 0)
 			return ret;
 	}
 	ret = __key_instantiate_and_link(key, data, datalen, keyring, authkey,
 					 &prealloc);
 	if (keyring)
 		__key_link_end(keyring, key->type, prealloc);
 	return ret;
 }
 EXPORT_SYMBOL(key_instantiate_and_link);
 /**
  * key_reject_and_link - Negatively instantiate a key and link it into the keyring.
  * @key: The key to instantiate.
  * @timeout: The timeout on the negative key.
  * @error: The error to return when the key is hit.
  * @keyring: Keyring to create a link in on success (or NULL).
  * @authkey: The authorisation token permitting instantiation.
  *
  * Negatively instantiate a key that's in the uninstantiated state and, if
  * successful, set its timeout and stored error and link it in to the
  * destination keyring if one is supplied.  The key and any links to the key
  * will be automatically garbage collected after the timeout expires.
  *
  * Negative keys are used to rate limit repeated request_key() calls by causing
  * them to return the stored error code (typically ENOKEY) until the negative
  * key expires.
  *
  * If successful, 0 is returned, the authorisation token is revoked and anyone
  * waiting for the key is woken up.  If the key was already instantiated,
  * -EBUSY will be returned.
  */
 int key_reject_and_link(struct key *key,
 			unsigned timeout,
 			unsigned error,
 			struct key *keyring,
 			struct key *authkey)
 {
 	unsigned long prealloc;
 	struct timespec now;
 	int ret, awaken, link_ret = 0;
 	key_check(key);
 	key_check(keyring);
 	awaken = 0;
 	ret = -EBUSY;
 	if (keyring)
 		link_ret = __key_link_begin(keyring, key->type,
 					    key->description, &prealloc);
 	mutex_lock(&key_construction_mutex);
 	/* can't instantiate twice */
 	if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
 		/* mark the key as being negatively instantiated */
 		atomic_inc(&key->user->nikeys);
 		set_bit(KEY_FLAG_NEGATIVE, &key->flags);
 		set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
 		key->type_data.reject_error = -error;
 		now = current_kernel_time();
 		key->expiry = now.tv_sec + timeout;
 		key_schedule_gc(key->expiry + key_gc_delay);
 		if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
 			awaken = 1;
 		ret = 0;
 		/* and link it into the destination keyring */
 		if (keyring && link_ret == 0)
 			__key_link(keyring, key, &prealloc);
 		/* disable the authorisation key */
 		if (authkey)
 			key_revoke(authkey);
 	}
 	mutex_unlock(&key_construction_mutex);
 	if (keyring)
 		__key_link_end(keyring, key->type, prealloc);
 	/* wake up anyone waiting for a key to be constructed */
 	if (awaken)
 		wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT);
 	return ret == 0 ? link_ret : ret;
 }
 EXPORT_SYMBOL(key_reject_and_link);
 /**
  * key_put - Discard a reference to a key.
  * @key: The key to discard a reference from.
  *
  * Discard a reference to a key, and when all the references are gone, we
  * schedule the cleanup task to come and pull it out of the tree in process
  * context at some later time.
  */
 void key_put(struct key *key)
 {
 	if (key) {
 		key_check(key);
 		if (atomic_dec_and_test(&key->usage))
 			queue_work(system_nrt_wq, &key_gc_work);
 	}
 }
 EXPORT_SYMBOL(key_put);
 /*
  * Find a key by its serial number.
  */
 struct key *key_lookup(key_serial_t id)
 {
 	struct rb_node *n;
 	struct key *key;
 	spin_lock(&key_serial_lock);
 	/* search the tree for the specified key */
 	n = key_serial_tree.rb_node;
 	while (n) {
 		key = rb_entry(n, struct key, serial_node);
 		if (id < key->serial)
 			n = n->rb_left;
 		else if (id > key->serial)
 			n = n->rb_right;
 		else
 			goto found;
 	}
 not_found:
 	key = ERR_PTR(-ENOKEY);
 	goto error;
 found:
 	/* pretend it doesn't exist if it is awaiting deletion */
 	if (atomic_read(&key->usage) == 0)
 		goto not_found;
 	/* this races with key_put(), but that doesn't matter since key_put()
 	 * doesn't actually change the key
 	 */
 	atomic_inc(&key->usage);
 error:
 	spin_unlock(&key_serial_lock);
 	return key;
 }
 /*
  * Find and lock the specified key type against removal.
  *
  * We return with the sem read-locked if successful.  If the type wasn't
  * available -ENOKEY is returned instead.
  */
 struct key_type *key_type_lookup(const char *type)
 {
 	struct key_type *ktype;
 	down_read(&key_types_sem);
 	/* look up the key type to see if it's one of the registered kernel
 	 * types */
 	list_for_each_entry(ktype, &key_types_list, link) {
 		if (strcmp(ktype->name, type) == 0)
 			goto found_kernel_type;
 	}
 	up_read(&key_types_sem);
 	ktype = ERR_PTR(-ENOKEY);
 found_kernel_type:
 	return ktype;
 }
+void key_set_timeout(struct key *key, unsigned timeout)
+{
+	struct timespec now;
+	time_t expiry = 0;
+	/* make the changes with the locks held to prevent races */
+	down_write(&key->sem);
+	if (timeout > 0) {
+		now = current_kernel_time();
+		expiry = now.tv_sec + timeout;
+	}
+	key->expiry = expiry;
+	key_schedule_gc(key->expiry + key_gc_delay);
+	up_write(&key->sem);
+}
+EXPORT_SYMBOL_GPL(key_set_timeout);
 /*
  * Unlock a key type locked by key_type_lookup().
  */
 void key_type_put(struct key_type *ktype)
 {
 	up_read(&key_types_sem);
 }
 /*
  * Attempt to update an existing key.
  *
  * The key is given to us with an incremented refcount that we need to discard
  * if we get an error.
  */
 static inline key_ref_t __key_update(key_ref_t key_ref,
 				     const void *payload, size_t plen)
 {
 	struct key *key = key_ref_to_ptr(key_ref);
 	int ret;
 	/* need write permission on the key to update it */
 	ret = key_permission(key_ref, KEY_WRITE);
 	if (ret < 0)
 		goto error;
 	ret = -EEXIST;
 	if (!key->type->update)
 		goto error;
 	down_write(&key->sem);
 	ret = key->type->update(key, payload, plen);
 	if (ret == 0)
 		/* updating a negative key instantiates it */
 		clear_bit(KEY_FLAG_NEGATIVE, &key->flags);
 	up_write(&key->sem);
 	if (ret < 0)
 		goto error;
 out:
 	return key_ref;
 error:
 	key_put(key);
 	key_ref = ERR_PTR(ret);
 	goto out;
 }
 /**
  * key_create_or_update - Update or create and instantiate a key.
  * @keyring_ref: A pointer to the destination keyring with possession flag.
  * @type: The type of key.
  * @description: The searchable description for the key.
  * @payload: The data to use to instantiate or update the key.
  * @plen: The length of @payload.
  * @perm: The permissions mask for a new key.
  * @flags: The quota flags for a new key.
  *
  * Search the destination keyring for a key of the same description and if one
  * is found, update it, otherwise create and instantiate a new one and create a
  * link to it from that keyring.
  *
  * If perm is KEY_PERM_UNDEF then an appropriate key permissions mask will be
  * concocted.
  *
  * Returns a pointer to the new key if successful, -ENODEV if the key type
  * wasn't available, -ENOTDIR if the keyring wasn't a keyring, -EACCES if the
  * caller isn't permitted to modify the keyring or the LSM did not permit
  * creation of the key.
  *
  * On success, the possession flag from the keyring ref will be tacked on to
  * the key ref before it is returned.
  */
 key_ref_t key_create_or_update(key_ref_t keyring_ref,
 			       const char *type,
 			       const char *description,
 			       const void *payload,
 			       size_t plen,
 			       key_perm_t perm,
 			       unsigned long flags)
 {
 	unsigned long prealloc;
 	const struct cred *cred = current_cred();
 	struct key_type *ktype;
 	struct key *keyring, *key = NULL;
 	key_ref_t key_ref;
 	int ret;
 	/* look up the key type to see if it's one of the registered kernel
 	 * types */
 	ktype = key_type_lookup(type);
 	if (IS_ERR(ktype)) {
 		key_ref = ERR_PTR(-ENODEV);
 		goto error;
 	}
 	key_ref = ERR_PTR(-EINVAL);
 	if (!ktype->match || !ktype->instantiate)
 		goto error_2;
 	keyring = key_ref_to_ptr(keyring_ref);
 	key_check(keyring);
 	key_ref = ERR_PTR(-ENOTDIR);
 	if (keyring->type != &key_type_keyring)
 		goto error_2;
 	ret = __key_link_begin(keyring, ktype, description, &prealloc);
 	if (ret < 0)
 		goto error_2;
 	/* if we're going to allocate a new key, we're going to have
 	 * to modify the keyring */
 	ret = key_permission(keyring_ref, KEY_WRITE);
 	if (ret < 0) {
 		key_ref = ERR_PTR(ret);
 		goto error_3;
 	}
 	/* if it's possible to update this type of key, search for an existing
 	 * key of the same type and description in the destination keyring and
 	 * update that instead if possible
 	 */
 	if (ktype->update) {
 		key_ref = __keyring_search_one(keyring_ref, ktype, description,
 					       0);
 		if (!IS_ERR(key_ref))
 			goto found_matching_key;
 	}
 	/* if the client doesn't provide, decide on the permissions we want */
 	if (perm == KEY_PERM_UNDEF) {
 		perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
 		perm |= KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_LINK | KEY_USR_SETATTR;
 		if (ktype->read)
 			perm |= KEY_POS_READ | KEY_USR_READ;
 		if (ktype == &key_type_keyring || ktype->update)
 			perm |= KEY_USR_WRITE;
 	}
 	/* allocate a new key */
 	key = key_alloc(ktype, description, cred->fsuid, cred->fsgid, cred,
 			perm, flags);
 	if (IS_ERR(key)) {
 		key_ref = ERR_CAST(key);
 		goto error_3;
 	}
 	/* instantiate it and link it into the target keyring */
 	ret = __key_instantiate_and_link(key, payload, plen, keyring, NULL,
 					 &prealloc);
 	if (ret < 0) {
 		key_put(key);
 		key_ref = ERR_PTR(ret);
 		goto error_3;
 	}
 	key_ref = make_key_ref(key, is_key_possessed(keyring_ref));
  error_3:
 	__key_link_end(keyring, ktype, prealloc);
  error_2:
 	key_type_put(ktype);
  error:
 	return key_ref;
  found_matching_key:
 	/* we found a matching key, so we're going to try to update it
 	 * - we can drop the locks first as we have the key pinned
 	 */
 	__key_link_end(keyring, ktype, prealloc);
 	key_type_put(ktype);
 	key_ref = __key_update(key_ref, payload, plen);
 	goto error;
 }
 EXPORT_SYMBOL(key_create_or_update);
 /**
  * key_update - Update a key's contents.
  * @key_ref: The pointer (plus possession flag) to the key.
  * @payload: The data to be used to update the key.
  * @plen: The length of @payload.
  *
  * Attempt to update the contents of a key with the given payload data.  The
  * caller must be granted Write permission on the key.  Negative keys can be
  * instantiated by this method.
  *
  * Returns 0 on success, -EACCES if not permitted and -EOPNOTSUPP if the key
  * type does not support updating.  The key type may return other errors.
  */
 int key_update(key_ref_t key_ref, const void *payload, size_t plen)
 {
 	struct key *key = key_ref_to_ptr(key_ref);
 	int ret;
 	key_check(key);
 	/* the key must be writable */
 	ret = key_permission(key_ref, KEY_WRITE);
 	if (ret < 0)
 		goto error;
 	/* attempt to update it if supported */
 	ret = -EOPNOTSUPP;
 	if (key->type->update) {
 		down_write(&key->sem);
 		ret = key->type->update(key, payload, plen);
 		if (ret == 0)
 			/* updating a negative key instantiates it */
 			clear_bit(KEY_FLAG_NEGATIVE, &key->flags);
 		up_write(&key->sem);
 	}
  error:
 	return ret;
 }
 EXPORT_SYMBOL(key_update);
 /**
  * key_revoke - Revoke a key.
  * @key: The key to be revoked.
  *
  * Mark a key as being revoked and ask the type to free up its resources.  The
  * revocation timeout is set and the key and all its links will be
  * automatically garbage collected after key_gc_delay amount of time if they
  * are not manually dealt with first.
  */
 void key_revoke(struct key *key)
 {
 	struct timespec now;
 	time_t time;
 	key_check(key);
 	/* make sure no one's trying to change or use the key when we mark it
 	 * - we tell lockdep that we might nest because we might be revoking an
 	 *   authorisation key whilst holding the sem on a key we've just
 	 *   instantiated
 	 */
 	down_write_nested(&key->sem, 1);
 	if (!test_and_set_bit(KEY_FLAG_REVOKED, &key->flags) &&
 	    key->type->revoke)
 		key->type->revoke(key);
 	/* set the death time to no more than the expiry time */
 	now = current_kernel_time();
 	time = now.tv_sec;
 	if (key->revoked_at == 0 || key->revoked_at > time) {
 		key->revoked_at = time;
 		key_schedule_gc(key->revoked_at + key_gc_delay);
 	}
 	up_write(&key->sem);
 }
 EXPORT_SYMBOL(key_revoke);
 /**
  * register_key_type - Register a type of key.
  * @ktype: The new key type.
  *
  * Register a new key type.
  *
  * Returns 0 on success or -EEXIST if a type of this name already exists.
  */
 int register_key_type(struct key_type *ktype)
 {
 	struct key_type *p;
 	int ret;
 	memset(&ktype->lock_class, 0, sizeof(ktype->lock_class));
 	ret = -EEXIST;
 	down_write(&key_types_sem);
 	/* disallow key types with the same name */
 	list_for_each_entry(p, &key_types_list, link) {
 		if (strcmp(p->name, ktype->name) == 0)
 			goto out;
 	}
 	/* store the type */
 	list_add(&ktype->link, &key_types_list);
 	ret = 0;
 out:
 	up_write(&key_types_sem);
 	return ret;
 }
 EXPORT_SYMBOL(register_key_type);
 /**
  * unregister_key_type - Unregister a type of key.
  * @ktype: The key type.
  *
  * Unregister a key type and mark all the extant keys of this type as dead.
  * Those keys of this type are then destroyed to get rid of their payloads and
  * they and their links will be garbage collected as soon as possible.
  */
 void unregister_key_type(struct key_type *ktype)
 {
 	down_write(&key_types_sem);
 	list_del_init(&ktype->link);
 	downgrade_write(&key_types_sem);
 	key_gc_keytype(ktype);
 	up_read(&key_types_sem);
 }
 EXPORT_SYMBOL(unregister_key_type);
 /*
  * Initialise the key management state.
  */
 void __init key_init(void)
 {
 	/* allocate a slab in which we can store keys */
 	key_jar = kmem_cache_create("key_jar", sizeof(struct key),
 			0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
 	/* add the special key types */
 	list_add_tail(&key_type_keyring.link, &key_types_list);
 	list_add_tail(&key_type_dead.link, &key_types_list);
 	list_add_tail(&key_type_user.link, &key_types_list);
 	list_add_tail(&key_type_logon.link, &key_types_list);
 	/* record the root user tracking */
 	rb_link_node(&root_key_user.node,
 		     NULL,
 		     &key_user_tree.rb_node);
 	rb_insert_color(&root_key_user.node,
 			&key_user_tree);
 }

security/keys/keyctl.c

Diff comments View file @ 59e6b9c

1	/* Userspace key control operations	1	/* Userspace key control operations
2	*	2	*
3	* Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.	3	* Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
4	* Written by David Howells (dhowells@redhat.com)	4	* Written by David Howells (dhowells@redhat.com)
5	*	5	*
6	* This program is free software; you can redistribute it and/or	6	* This program is free software; you can redistribute it and/or
7	* modify it under the terms of the GNU General Public License	7	* modify it under the terms of the GNU General Public License
8	* as published by the Free Software Foundation; either version	8	* as published by the Free Software Foundation; either version
9	* 2 of the License, or (at your option) any later version.	9	* 2 of the License, or (at your option) any later version.
10	*/	10	*/
11		11
12	#include <linux/module.h>	12	#include <linux/module.h>
13	#include <linux/init.h>	13	#include <linux/init.h>
14	#include <linux/sched.h>	14	#include <linux/sched.h>
15	#include <linux/slab.h>	15	#include <linux/slab.h>
16	#include <linux/syscalls.h>	16	#include <linux/syscalls.h>
		17	#include <linux/key.h>
17	#include <linux/keyctl.h>	18	#include <linux/keyctl.h>
18	#include <linux/fs.h>	19	#include <linux/fs.h>
19	#include <linux/capability.h>	20	#include <linux/capability.h>
20	#include <linux/string.h>	21	#include <linux/string.h>
21	#include <linux/err.h>	22	#include <linux/err.h>
22	#include <linux/vmalloc.h>	23	#include <linux/vmalloc.h>
23	#include <linux/security.h>	24	#include <linux/security.h>
24	#include <asm/uaccess.h>	25	#include <asm/uaccess.h>
25	#include "internal.h"	26	#include "internal.h"
26		27
27	static int key_get_type_from_user(char *type,	28	static int key_get_type_from_user(char *type,
28	const char __user *_type,	29	const char __user *_type,
29	unsigned len)	30	unsigned len)
30	{	31	{
31	int ret;	32	int ret;
32		33
33	ret = strncpy_from_user(type, _type, len);	34	ret = strncpy_from_user(type, _type, len);
34	if (ret < 0)	35	if (ret < 0)
35	return ret;	36	return ret;
36	if (ret == 0 \|\| ret >= len)	37	if (ret == 0 \|\| ret >= len)
37	return -EINVAL;	38	return -EINVAL;
38	if (type[0] == '.')	39	if (type[0] == '.')
39	return -EPERM;	40	return -EPERM;
40	type[len - 1] = '\0';	41	type[len - 1] = '\0';
41	return 0;	42	return 0;
42	}	43	}
43		44
44	/*	45	/*
45	* Extract the description of a new key from userspace and either add it as a	46	* Extract the description of a new key from userspace and either add it as a
46	* new key to the specified keyring or update a matching key in that keyring.	47	* new key to the specified keyring or update a matching key in that keyring.
47	*	48	*
48	* The keyring must be writable so that we can attach the key to it.	49	* The keyring must be writable so that we can attach the key to it.
49	*	50	*
50	* If successful, the new key's serial number is returned, otherwise an error	51	* If successful, the new key's serial number is returned, otherwise an error
51	* code is returned.	52	* code is returned.
52	*/	53	*/
53	SYSCALL_DEFINE5(add_key, const char __user *, _type,	54	SYSCALL_DEFINE5(add_key, const char __user *, _type,
54	const char __user *, _description,	55	const char __user *, _description,
55	const void __user *, _payload,	56	const void __user *, _payload,
56	size_t, plen,	57	size_t, plen,
57	key_serial_t, ringid)	58	key_serial_t, ringid)
58	{	59	{
59	key_ref_t keyring_ref, key_ref;	60	key_ref_t keyring_ref, key_ref;
60	char type[32], *description;	61	char type[32], *description;
61	void *payload;	62	void *payload;
62	long ret;	63	long ret;
63	bool vm;	64	bool vm;
64		65
65	ret = -EINVAL;	66	ret = -EINVAL;
66	if (plen > 1024 * 1024 - 1)	67	if (plen > 1024 * 1024 - 1)
67	goto error;	68	goto error;
68		69
69	/* draw all the data into kernel space */	70	/* draw all the data into kernel space */
70	ret = key_get_type_from_user(type, _type, sizeof(type));	71	ret = key_get_type_from_user(type, _type, sizeof(type));
71	if (ret < 0)	72	if (ret < 0)
72	goto error;	73	goto error;
73		74
74	description = strndup_user(_description, PAGE_SIZE);	75	description = strndup_user(_description, PAGE_SIZE);
75	if (IS_ERR(description)) {	76	if (IS_ERR(description)) {
76	ret = PTR_ERR(description);	77	ret = PTR_ERR(description);
77	goto error;	78	goto error;
78	}	79	}
79		80
80	/* pull the payload in if one was supplied */	81	/* pull the payload in if one was supplied */
81	payload = NULL;	82	payload = NULL;
82		83
83	vm = false;	84	vm = false;
84	if (_payload) {	85	if (_payload) {
85	ret = -ENOMEM;	86	ret = -ENOMEM;
86	payload = kmalloc(plen, GFP_KERNEL);	87	payload = kmalloc(plen, GFP_KERNEL);
87	if (!payload) {	88	if (!payload) {
88	if (plen <= PAGE_SIZE)	89	if (plen <= PAGE_SIZE)
89	goto error2;	90	goto error2;
90	vm = true;	91	vm = true;
91	payload = vmalloc(plen);	92	payload = vmalloc(plen);
92	if (!payload)	93	if (!payload)
93	goto error2;	94	goto error2;
94	}	95	}
95		96
96	ret = -EFAULT;	97	ret = -EFAULT;
97	if (copy_from_user(payload, _payload, plen) != 0)	98	if (copy_from_user(payload, _payload, plen) != 0)
98	goto error3;	99	goto error3;
99	}	100	}
100		101
101	/* find the target keyring (which must be writable) */	102	/* find the target keyring (which must be writable) */
102	keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);	103	keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);
103	if (IS_ERR(keyring_ref)) {	104	if (IS_ERR(keyring_ref)) {
104	ret = PTR_ERR(keyring_ref);	105	ret = PTR_ERR(keyring_ref);
105	goto error3;	106	goto error3;
106	}	107	}
107		108
108	/* create or update the requested key and add it to the target	109	/* create or update the requested key and add it to the target
109	* keyring */	110	* keyring */
110	key_ref = key_create_or_update(keyring_ref, type, description,	111	key_ref = key_create_or_update(keyring_ref, type, description,
111	payload, plen, KEY_PERM_UNDEF,	112	payload, plen, KEY_PERM_UNDEF,
112	KEY_ALLOC_IN_QUOTA);	113	KEY_ALLOC_IN_QUOTA);
113	if (!IS_ERR(key_ref)) {	114	if (!IS_ERR(key_ref)) {
114	ret = key_ref_to_ptr(key_ref)->serial;	115	ret = key_ref_to_ptr(key_ref)->serial;
115	key_ref_put(key_ref);	116	key_ref_put(key_ref);
116	}	117	}
117	else {	118	else {
118	ret = PTR_ERR(key_ref);	119	ret = PTR_ERR(key_ref);
119	}	120	}
120		121
121	key_ref_put(keyring_ref);	122	key_ref_put(keyring_ref);
122	error3:	123	error3:
123	if (!vm)	124	if (!vm)
124	kfree(payload);	125	kfree(payload);
125	else	126	else
126	vfree(payload);	127	vfree(payload);
127	error2:	128	error2:
128	kfree(description);	129	kfree(description);
129	error:	130	error:
130	return ret;	131	return ret;
131	}	132	}
132		133
133	/*	134	/*
134	* Search the process keyrings and keyring trees linked from those for a	135	* Search the process keyrings and keyring trees linked from those for a
135	* matching key. Keyrings must have appropriate Search permission to be	136	* matching key. Keyrings must have appropriate Search permission to be
136	* searched.	137	* searched.
137	*	138	*
138	* If a key is found, it will be attached to the destination keyring if there's	139	* If a key is found, it will be attached to the destination keyring if there's
139	* one specified and the serial number of the key will be returned.	140	* one specified and the serial number of the key will be returned.
140	*	141	*
141	* If no key is found, /sbin/request-key will be invoked if _callout_info is	142	* If no key is found, /sbin/request-key will be invoked if _callout_info is
142	* non-NULL in an attempt to create a key. The _callout_info string will be	143	* non-NULL in an attempt to create a key. The _callout_info string will be
143	* passed to /sbin/request-key to aid with completing the request. If the	144	* passed to /sbin/request-key to aid with completing the request. If the
144	* _callout_info string is "" then it will be changed to "-".	145	* _callout_info string is "" then it will be changed to "-".
145	*/	146	*/
146	SYSCALL_DEFINE4(request_key, const char __user *, _type,	147	SYSCALL_DEFINE4(request_key, const char __user *, _type,
147	const char __user *, _description,	148	const char __user *, _description,
148	const char __user *, _callout_info,	149	const char __user *, _callout_info,
149	key_serial_t, destringid)	150	key_serial_t, destringid)
150	{	151	{
151	struct key_type *ktype;	152	struct key_type *ktype;
152	struct key *key;	153	struct key *key;
153	key_ref_t dest_ref;	154	key_ref_t dest_ref;
154	size_t callout_len;	155	size_t callout_len;
155	char type[32], description, callout_info;	156	char type[32], description, callout_info;
156	long ret;	157	long ret;
157		158
158	/* pull the type into kernel space */	159	/* pull the type into kernel space */
159	ret = key_get_type_from_user(type, _type, sizeof(type));	160	ret = key_get_type_from_user(type, _type, sizeof(type));
160	if (ret < 0)	161	if (ret < 0)
161	goto error;	162	goto error;
162		163
163	/* pull the description into kernel space */	164	/* pull the description into kernel space */
164	description = strndup_user(_description, PAGE_SIZE);	165	description = strndup_user(_description, PAGE_SIZE);
165	if (IS_ERR(description)) {	166	if (IS_ERR(description)) {
166	ret = PTR_ERR(description);	167	ret = PTR_ERR(description);
167	goto error;	168	goto error;
168	}	169	}
169		170
170	/* pull the callout info into kernel space */	171	/* pull the callout info into kernel space */
171	callout_info = NULL;	172	callout_info = NULL;
172	callout_len = 0;	173	callout_len = 0;
173	if (_callout_info) {	174	if (_callout_info) {
174	callout_info = strndup_user(_callout_info, PAGE_SIZE);	175	callout_info = strndup_user(_callout_info, PAGE_SIZE);
175	if (IS_ERR(callout_info)) {	176	if (IS_ERR(callout_info)) {
176	ret = PTR_ERR(callout_info);	177	ret = PTR_ERR(callout_info);
177	goto error2;	178	goto error2;
178	}	179	}
179	callout_len = strlen(callout_info);	180	callout_len = strlen(callout_info);
180	}	181	}
181		182
182	/* get the destination keyring if specified */	183	/* get the destination keyring if specified */
183	dest_ref = NULL;	184	dest_ref = NULL;
184	if (destringid) {	185	if (destringid) {
185	dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE,	186	dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE,
186	KEY_WRITE);	187	KEY_WRITE);
187	if (IS_ERR(dest_ref)) {	188	if (IS_ERR(dest_ref)) {
188	ret = PTR_ERR(dest_ref);	189	ret = PTR_ERR(dest_ref);
189	goto error3;	190	goto error3;
190	}	191	}
191	}	192	}
192		193
193	/* find the key type */	194	/* find the key type */
194	ktype = key_type_lookup(type);	195	ktype = key_type_lookup(type);
195	if (IS_ERR(ktype)) {	196	if (IS_ERR(ktype)) {
196	ret = PTR_ERR(ktype);	197	ret = PTR_ERR(ktype);
197	goto error4;	198	goto error4;
198	}	199	}
199		200
200	/* do the search */	201	/* do the search */
201	key = request_key_and_link(ktype, description, callout_info,	202	key = request_key_and_link(ktype, description, callout_info,
202	callout_len, NULL, key_ref_to_ptr(dest_ref),	203	callout_len, NULL, key_ref_to_ptr(dest_ref),
203	KEY_ALLOC_IN_QUOTA);	204	KEY_ALLOC_IN_QUOTA);
204	if (IS_ERR(key)) {	205	if (IS_ERR(key)) {
205	ret = PTR_ERR(key);	206	ret = PTR_ERR(key);
206	goto error5;	207	goto error5;
207	}	208	}
208		209
209	/* wait for the key to finish being constructed */	210	/* wait for the key to finish being constructed */
210	ret = wait_for_key_construction(key, 1);	211	ret = wait_for_key_construction(key, 1);
211	if (ret < 0)	212	if (ret < 0)
212	goto error6;	213	goto error6;
213		214
214	ret = key->serial;	215	ret = key->serial;
215		216
216	error6:	217	error6:
217	key_put(key);	218	key_put(key);
218	error5:	219	error5:
219	key_type_put(ktype);	220	key_type_put(ktype);
220	error4:	221	error4:
221	key_ref_put(dest_ref);	222	key_ref_put(dest_ref);
222	error3:	223	error3:
223	kfree(callout_info);	224	kfree(callout_info);
224	error2:	225	error2:
225	kfree(description);	226	kfree(description);
226	error:	227	error:
227	return ret;	228	return ret;
228	}	229	}
229		230
230	/*	231	/*
231	* Get the ID of the specified process keyring.	232	* Get the ID of the specified process keyring.
232	*	233	*
233	* The requested keyring must have search permission to be found.	234	* The requested keyring must have search permission to be found.
234	*	235	*
235	* If successful, the ID of the requested keyring will be returned.	236	* If successful, the ID of the requested keyring will be returned.
236	*/	237	*/
237	long keyctl_get_keyring_ID(key_serial_t id, int create)	238	long keyctl_get_keyring_ID(key_serial_t id, int create)
238	{	239	{
239	key_ref_t key_ref;	240	key_ref_t key_ref;
240	unsigned long lflags;	241	unsigned long lflags;
241	long ret;	242	long ret;
242		243
243	lflags = create ? KEY_LOOKUP_CREATE : 0;	244	lflags = create ? KEY_LOOKUP_CREATE : 0;
244	key_ref = lookup_user_key(id, lflags, KEY_SEARCH);	245	key_ref = lookup_user_key(id, lflags, KEY_SEARCH);
245	if (IS_ERR(key_ref)) {	246	if (IS_ERR(key_ref)) {
246	ret = PTR_ERR(key_ref);	247	ret = PTR_ERR(key_ref);
247	goto error;	248	goto error;
248	}	249	}
249		250
250	ret = key_ref_to_ptr(key_ref)->serial;	251	ret = key_ref_to_ptr(key_ref)->serial;
251	key_ref_put(key_ref);	252	key_ref_put(key_ref);
252	error:	253	error:
253	return ret;	254	return ret;
254	}	255	}
255		256
256	/*	257	/*
257	* Join a (named) session keyring.	258	* Join a (named) session keyring.
258	*	259	*
259	* Create and join an anonymous session keyring or join a named session	260	* Create and join an anonymous session keyring or join a named session
260	* keyring, creating it if necessary. A named session keyring must have Search	261	* keyring, creating it if necessary. A named session keyring must have Search
261	* permission for it to be joined. Session keyrings without this permit will	262	* permission for it to be joined. Session keyrings without this permit will
262	* be skipped over.	263	* be skipped over.
263	*	264	*
264	* If successful, the ID of the joined session keyring will be returned.	265	* If successful, the ID of the joined session keyring will be returned.
265	*/	266	*/
266	long keyctl_join_session_keyring(const char __user *_name)	267	long keyctl_join_session_keyring(const char __user *_name)
267	{	268	{
268	char *name;	269	char *name;
269	long ret;	270	long ret;
270		271
271	/* fetch the name from userspace */	272	/* fetch the name from userspace */
272	name = NULL;	273	name = NULL;
273	if (_name) {	274	if (_name) {
274	name = strndup_user(_name, PAGE_SIZE);	275	name = strndup_user(_name, PAGE_SIZE);
275	if (IS_ERR(name)) {	276	if (IS_ERR(name)) {
276	ret = PTR_ERR(name);	277	ret = PTR_ERR(name);
277	goto error;	278	goto error;
278	}	279	}
279	}	280	}
280		281
281	/* join the session */	282	/* join the session */
282	ret = join_session_keyring(name);	283	ret = join_session_keyring(name);
283	kfree(name);	284	kfree(name);
284		285
285	error:	286	error:
286	return ret;	287	return ret;
287	}	288	}
288		289
289	/*	290	/*
290	* Update a key's data payload from the given data.	291	* Update a key's data payload from the given data.
291	*	292	*
292	* The key must grant the caller Write permission and the key type must support	293	* The key must grant the caller Write permission and the key type must support
293	* updating for this to work. A negative key can be positively instantiated	294	* updating for this to work. A negative key can be positively instantiated
294	* with this call.	295	* with this call.
295	*	296	*
296	* If successful, 0 will be returned. If the key type does not support	297	* If successful, 0 will be returned. If the key type does not support
297	* updating, then -EOPNOTSUPP will be returned.	298	* updating, then -EOPNOTSUPP will be returned.
298	*/	299	*/
299	long keyctl_update_key(key_serial_t id,	300	long keyctl_update_key(key_serial_t id,
300	const void __user *_payload,	301	const void __user *_payload,
301	size_t plen)	302	size_t plen)
302	{	303	{
303	key_ref_t key_ref;	304	key_ref_t key_ref;
304	void *payload;	305	void *payload;
305	long ret;	306	long ret;
306		307
307	ret = -EINVAL;	308	ret = -EINVAL;
308	if (plen > PAGE_SIZE)	309	if (plen > PAGE_SIZE)
309	goto error;	310	goto error;
310		311
311	/* pull the payload in if one was supplied */	312	/* pull the payload in if one was supplied */
312	payload = NULL;	313	payload = NULL;
313	if (_payload) {	314	if (_payload) {
314	ret = -ENOMEM;	315	ret = -ENOMEM;
315	payload = kmalloc(plen, GFP_KERNEL);	316	payload = kmalloc(plen, GFP_KERNEL);
316	if (!payload)	317	if (!payload)
317	goto error;	318	goto error;
318		319
319	ret = -EFAULT;	320	ret = -EFAULT;
320	if (copy_from_user(payload, _payload, plen) != 0)	321	if (copy_from_user(payload, _payload, plen) != 0)
321	goto error2;	322	goto error2;
322	}	323	}
323		324
324	/* find the target key (which must be writable) */	325	/* find the target key (which must be writable) */
325	key_ref = lookup_user_key(id, 0, KEY_WRITE);	326	key_ref = lookup_user_key(id, 0, KEY_WRITE);
326	if (IS_ERR(key_ref)) {	327	if (IS_ERR(key_ref)) {
327	ret = PTR_ERR(key_ref);	328	ret = PTR_ERR(key_ref);
328	goto error2;	329	goto error2;
329	}	330	}
330		331
331	/* update the key */	332	/* update the key */
332	ret = key_update(key_ref, payload, plen);	333	ret = key_update(key_ref, payload, plen);
333		334
334	key_ref_put(key_ref);	335	key_ref_put(key_ref);
335	error2:	336	error2:
336	kfree(payload);	337	kfree(payload);
337	error:	338	error:
338	return ret;	339	return ret;
339	}	340	}
340		341
341	/*	342	/*
342	* Revoke a key.	343	* Revoke a key.
343	*	344	*
344	* The key must be grant the caller Write or Setattr permission for this to	345	* The key must be grant the caller Write or Setattr permission for this to
345	* work. The key type should give up its quota claim when revoked. The key	346	* work. The key type should give up its quota claim when revoked. The key
346	* and any links to the key will be automatically garbage collected after a	347	* and any links to the key will be automatically garbage collected after a
347	* certain amount of time (/proc/sys/kernel/keys/gc_delay).	348	* certain amount of time (/proc/sys/kernel/keys/gc_delay).
348	*	349	*
349	* If successful, 0 is returned.	350	* If successful, 0 is returned.
350	*/	351	*/
351	long keyctl_revoke_key(key_serial_t id)	352	long keyctl_revoke_key(key_serial_t id)
352	{	353	{
353	key_ref_t key_ref;	354	key_ref_t key_ref;
354	long ret;	355	long ret;
355		356
356	key_ref = lookup_user_key(id, 0, KEY_WRITE);	357	key_ref = lookup_user_key(id, 0, KEY_WRITE);
357	if (IS_ERR(key_ref)) {	358	if (IS_ERR(key_ref)) {
358	ret = PTR_ERR(key_ref);	359	ret = PTR_ERR(key_ref);
359	if (ret != -EACCES)	360	if (ret != -EACCES)
360	goto error;	361	goto error;
361	key_ref = lookup_user_key(id, 0, KEY_SETATTR);	362	key_ref = lookup_user_key(id, 0, KEY_SETATTR);
362	if (IS_ERR(key_ref)) {	363	if (IS_ERR(key_ref)) {
363	ret = PTR_ERR(key_ref);	364	ret = PTR_ERR(key_ref);
364	goto error;	365	goto error;
365	}	366	}
366	}	367	}
367		368
368	key_revoke(key_ref_to_ptr(key_ref));	369	key_revoke(key_ref_to_ptr(key_ref));
369	ret = 0;	370	ret = 0;
370		371
371	key_ref_put(key_ref);	372	key_ref_put(key_ref);
372	error:	373	error:
373	return ret;	374	return ret;
374	}	375	}
375		376
376	/*	377	/*
377	* Clear the specified keyring, creating an empty process keyring if one of the	378	* Clear the specified keyring, creating an empty process keyring if one of the
378	* special keyring IDs is used.	379	* special keyring IDs is used.
379	*	380	*
380	* The keyring must grant the caller Write permission for this to work. If	381	* The keyring must grant the caller Write permission for this to work. If
381	* successful, 0 will be returned.	382	* successful, 0 will be returned.
382	*/	383	*/
383	long keyctl_keyring_clear(key_serial_t ringid)	384	long keyctl_keyring_clear(key_serial_t ringid)
384	{	385	{
385	key_ref_t keyring_ref;	386	key_ref_t keyring_ref;
386	long ret;	387	long ret;
387		388
388	keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);	389	keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);
389	if (IS_ERR(keyring_ref)) {	390	if (IS_ERR(keyring_ref)) {
390	ret = PTR_ERR(keyring_ref);	391	ret = PTR_ERR(keyring_ref);
391	goto error;	392	goto error;
392	}	393	}
393		394
394	ret = keyring_clear(key_ref_to_ptr(keyring_ref));	395	ret = keyring_clear(key_ref_to_ptr(keyring_ref));
395		396
396	key_ref_put(keyring_ref);	397	key_ref_put(keyring_ref);
397	error:	398	error:
398	return ret;	399	return ret;
399	}	400	}
400		401
401	/*	402	/*
402	* Create a link from a keyring to a key if there's no matching key in the	403	* Create a link from a keyring to a key if there's no matching key in the
403	* keyring, otherwise replace the link to the matching key with a link to the	404	* keyring, otherwise replace the link to the matching key with a link to the
404	* new key.	405	* new key.
405	*	406	*
406	* The key must grant the caller Link permission and the the keyring must grant	407	* The key must grant the caller Link permission and the the keyring must grant
407	* the caller Write permission. Furthermore, if an additional link is created,	408	* the caller Write permission. Furthermore, if an additional link is created,
408	* the keyring's quota will be extended.	409	* the keyring's quota will be extended.
409	*	410	*
410	* If successful, 0 will be returned.	411	* If successful, 0 will be returned.
411	*/	412	*/
412	long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)	413	long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
413	{	414	{
414	key_ref_t keyring_ref, key_ref;	415	key_ref_t keyring_ref, key_ref;
415	long ret;	416	long ret;
416		417
417	keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);	418	keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);
418	if (IS_ERR(keyring_ref)) {	419	if (IS_ERR(keyring_ref)) {
419	ret = PTR_ERR(keyring_ref);	420	ret = PTR_ERR(keyring_ref);
420	goto error;	421	goto error;
421	}	422	}
422		423
423	key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_LINK);	424	key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_LINK);
424	if (IS_ERR(key_ref)) {	425	if (IS_ERR(key_ref)) {
425	ret = PTR_ERR(key_ref);	426	ret = PTR_ERR(key_ref);
426	goto error2;	427	goto error2;
427	}	428	}
428		429
429	ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref));	430	ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref));
430		431
431	key_ref_put(key_ref);	432	key_ref_put(key_ref);
432	error2:	433	error2:
433	key_ref_put(keyring_ref);	434	key_ref_put(keyring_ref);
434	error:	435	error:
435	return ret;	436	return ret;
436	}	437	}
437		438
438	/*	439	/*
439	* Unlink a key from a keyring.	440	* Unlink a key from a keyring.
440	*	441	*
441	* The keyring must grant the caller Write permission for this to work; the key	442	* The keyring must grant the caller Write permission for this to work; the key
442	* itself need not grant the caller anything. If the last link to a key is	443	* itself need not grant the caller anything. If the last link to a key is
443	* removed then that key will be scheduled for destruction.	444	* removed then that key will be scheduled for destruction.
444	*	445	*
445	* If successful, 0 will be returned.	446	* If successful, 0 will be returned.
446	*/	447	*/
447	long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)	448	long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
448	{	449	{
449	key_ref_t keyring_ref, key_ref;	450	key_ref_t keyring_ref, key_ref;
450	long ret;	451	long ret;
451		452
452	keyring_ref = lookup_user_key(ringid, 0, KEY_WRITE);	453	keyring_ref = lookup_user_key(ringid, 0, KEY_WRITE);
453	if (IS_ERR(keyring_ref)) {	454	if (IS_ERR(keyring_ref)) {
454	ret = PTR_ERR(keyring_ref);	455	ret = PTR_ERR(keyring_ref);
455	goto error;	456	goto error;
456	}	457	}
457		458
458	key_ref = lookup_user_key(id, KEY_LOOKUP_FOR_UNLINK, 0);	459	key_ref = lookup_user_key(id, KEY_LOOKUP_FOR_UNLINK, 0);
459	if (IS_ERR(key_ref)) {	460	if (IS_ERR(key_ref)) {
460	ret = PTR_ERR(key_ref);	461	ret = PTR_ERR(key_ref);
461	goto error2;	462	goto error2;
462	}	463	}
463		464
464	ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref));	465	ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref));
465		466
466	key_ref_put(key_ref);	467	key_ref_put(key_ref);
467	error2:	468	error2:
468	key_ref_put(keyring_ref);	469	key_ref_put(keyring_ref);
469	error:	470	error:
470	return ret;	471	return ret;
471	}	472	}
472		473
473	/*	474	/*
474	* Return a description of a key to userspace.	475	* Return a description of a key to userspace.
475	*	476	*
476	* The key must grant the caller View permission for this to work.	477	* The key must grant the caller View permission for this to work.
477	*	478	*
478	* If there's a buffer, we place up to buflen bytes of data into it formatted	479	* If there's a buffer, we place up to buflen bytes of data into it formatted
479	* in the following way:	480	* in the following way:
480	*	481	*
481	* type;uid;gid;perm;description<NUL>	482	* type;uid;gid;perm;description<NUL>
482	*	483	*
483	* If successful, we return the amount of description available, irrespective	484	* If successful, we return the amount of description available, irrespective
484	* of how much we may have copied into the buffer.	485	* of how much we may have copied into the buffer.
485	*/	486	*/
486	long keyctl_describe_key(key_serial_t keyid,	487	long keyctl_describe_key(key_serial_t keyid,
487	char __user *buffer,	488	char __user *buffer,
488	size_t buflen)	489	size_t buflen)
489	{	490	{
490	struct key key, instkey;	491	struct key key, instkey;
491	key_ref_t key_ref;	492	key_ref_t key_ref;
492	char *tmpbuf;	493	char *tmpbuf;
493	long ret;	494	long ret;
494		495
495	key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW);	496	key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW);
496	if (IS_ERR(key_ref)) {	497	if (IS_ERR(key_ref)) {
497	/* viewing a key under construction is permitted if we have the	498	/* viewing a key under construction is permitted if we have the
498	* authorisation token handy */	499	* authorisation token handy */
499	if (PTR_ERR(key_ref) == -EACCES) {	500	if (PTR_ERR(key_ref) == -EACCES) {
500	instkey = key_get_instantiation_authkey(keyid);	501	instkey = key_get_instantiation_authkey(keyid);
501	if (!IS_ERR(instkey)) {	502	if (!IS_ERR(instkey)) {
502	key_put(instkey);	503	key_put(instkey);
503	key_ref = lookup_user_key(keyid,	504	key_ref = lookup_user_key(keyid,
504	KEY_LOOKUP_PARTIAL,	505	KEY_LOOKUP_PARTIAL,
505	0);	506	0);
506	if (!IS_ERR(key_ref))	507	if (!IS_ERR(key_ref))
507	goto okay;	508	goto okay;
508	}	509	}
509	}	510	}
510		511
511	ret = PTR_ERR(key_ref);	512	ret = PTR_ERR(key_ref);
512	goto error;	513	goto error;
513	}	514	}
514		515
515	okay:	516	okay:
516	/* calculate how much description we're going to return */	517	/* calculate how much description we're going to return */
517	ret = -ENOMEM;	518	ret = -ENOMEM;
518	tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL);	519	tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL);
519	if (!tmpbuf)	520	if (!tmpbuf)
520	goto error2;	521	goto error2;
521		522
522	key = key_ref_to_ptr(key_ref);	523	key = key_ref_to_ptr(key_ref);
523		524
524	ret = snprintf(tmpbuf, PAGE_SIZE - 1,	525	ret = snprintf(tmpbuf, PAGE_SIZE - 1,
525	"%s;%d;%d;%08x;%s",	526	"%s;%d;%d;%08x;%s",
526	key->type->name,	527	key->type->name,
527	key->uid,	528	key->uid,
528	key->gid,	529	key->gid,
529	key->perm,	530	key->perm,
530	key->description ?: "");	531	key->description ?: "");
531		532
532	/* include a NUL char at the end of the data */	533	/* include a NUL char at the end of the data */
533	if (ret > PAGE_SIZE - 1)	534	if (ret > PAGE_SIZE - 1)
534	ret = PAGE_SIZE - 1;	535	ret = PAGE_SIZE - 1;
535	tmpbuf[ret] = 0;	536	tmpbuf[ret] = 0;
536	ret++;	537	ret++;
537		538
538	/* consider returning the data */	539	/* consider returning the data */
539	if (buffer && buflen > 0) {	540	if (buffer && buflen > 0) {
540	if (buflen > ret)	541	if (buflen > ret)
541	buflen = ret;	542	buflen = ret;
542		543
543	if (copy_to_user(buffer, tmpbuf, buflen) != 0)	544	if (copy_to_user(buffer, tmpbuf, buflen) != 0)
544	ret = -EFAULT;	545	ret = -EFAULT;
545	}	546	}
546		547
547	kfree(tmpbuf);	548	kfree(tmpbuf);
548	error2:	549	error2:
549	key_ref_put(key_ref);	550	key_ref_put(key_ref);
550	error:	551	error:
551	return ret;	552	return ret;
552	}	553	}
553		554
554	/*	555	/*
555	* Search the specified keyring and any keyrings it links to for a matching	556	* Search the specified keyring and any keyrings it links to for a matching
556	* key. Only keyrings that grant the caller Search permission will be searched	557	* key. Only keyrings that grant the caller Search permission will be searched
557	* (this includes the starting keyring). Only keys with Search permission can	558	* (this includes the starting keyring). Only keys with Search permission can
558	* be found.	559	* be found.
559	*	560	*
560	* If successful, the found key will be linked to the destination keyring if	561	* If successful, the found key will be linked to the destination keyring if
561	* supplied and the key has Link permission, and the found key ID will be	562	* supplied and the key has Link permission, and the found key ID will be
562	* returned.	563	* returned.
563	*/	564	*/
564	long keyctl_keyring_search(key_serial_t ringid,	565	long keyctl_keyring_search(key_serial_t ringid,
565	const char __user *_type,	566	const char __user *_type,
566	const char __user *_description,	567	const char __user *_description,
567	key_serial_t destringid)	568	key_serial_t destringid)
568	{	569	{
569	struct key_type *ktype;	570	struct key_type *ktype;
570	key_ref_t keyring_ref, key_ref, dest_ref;	571	key_ref_t keyring_ref, key_ref, dest_ref;
571	char type[32], *description;	572	char type[32], *description;
572	long ret;	573	long ret;
573		574
574	/* pull the type and description into kernel space */	575	/* pull the type and description into kernel space */
575	ret = key_get_type_from_user(type, _type, sizeof(type));	576	ret = key_get_type_from_user(type, _type, sizeof(type));
576	if (ret < 0)	577	if (ret < 0)
577	goto error;	578	goto error;
578		579
579	description = strndup_user(_description, PAGE_SIZE);	580	description = strndup_user(_description, PAGE_SIZE);
580	if (IS_ERR(description)) {	581	if (IS_ERR(description)) {
581	ret = PTR_ERR(description);	582	ret = PTR_ERR(description);
582	goto error;	583	goto error;
583	}	584	}
584		585
585	/* get the keyring at which to begin the search */	586	/* get the keyring at which to begin the search */
586	keyring_ref = lookup_user_key(ringid, 0, KEY_SEARCH);	587	keyring_ref = lookup_user_key(ringid, 0, KEY_SEARCH);
587	if (IS_ERR(keyring_ref)) {	588	if (IS_ERR(keyring_ref)) {
588	ret = PTR_ERR(keyring_ref);	589	ret = PTR_ERR(keyring_ref);
589	goto error2;	590	goto error2;
590	}	591	}
591		592
592	/* get the destination keyring if specified */	593	/* get the destination keyring if specified */
593	dest_ref = NULL;	594	dest_ref = NULL;
594	if (destringid) {	595	if (destringid) {
595	dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE,	596	dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE,
596	KEY_WRITE);	597	KEY_WRITE);
597	if (IS_ERR(dest_ref)) {	598	if (IS_ERR(dest_ref)) {
598	ret = PTR_ERR(dest_ref);	599	ret = PTR_ERR(dest_ref);
599	goto error3;	600	goto error3;
600	}	601	}
601	}	602	}
602		603
603	/* find the key type */	604	/* find the key type */
604	ktype = key_type_lookup(type);	605	ktype = key_type_lookup(type);
605	if (IS_ERR(ktype)) {	606	if (IS_ERR(ktype)) {
606	ret = PTR_ERR(ktype);	607	ret = PTR_ERR(ktype);
607	goto error4;	608	goto error4;
608	}	609	}
609		610
610	/* do the search */	611	/* do the search */
611	key_ref = keyring_search(keyring_ref, ktype, description);	612	key_ref = keyring_search(keyring_ref, ktype, description);
612	if (IS_ERR(key_ref)) {	613	if (IS_ERR(key_ref)) {
613	ret = PTR_ERR(key_ref);	614	ret = PTR_ERR(key_ref);
614		615
615	/* treat lack or presence of a negative key the same */	616	/* treat lack or presence of a negative key the same */
616	if (ret == -EAGAIN)	617	if (ret == -EAGAIN)
617	ret = -ENOKEY;	618	ret = -ENOKEY;
618	goto error5;	619	goto error5;
619	}	620	}
620		621
621	/* link the resulting key to the destination keyring if we can */	622	/* link the resulting key to the destination keyring if we can */
622	if (dest_ref) {	623	if (dest_ref) {
623	ret = key_permission(key_ref, KEY_LINK);	624	ret = key_permission(key_ref, KEY_LINK);
624	if (ret < 0)	625	if (ret < 0)
625	goto error6;	626	goto error6;
626		627
627	ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref));	628	ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref));
628	if (ret < 0)	629	if (ret < 0)
629	goto error6;	630	goto error6;
630	}	631	}
631		632
632	ret = key_ref_to_ptr(key_ref)->serial;	633	ret = key_ref_to_ptr(key_ref)->serial;
633		634
634	error6:	635	error6:
635	key_ref_put(key_ref);	636	key_ref_put(key_ref);
636	error5:	637	error5:
637	key_type_put(ktype);	638	key_type_put(ktype);
638	error4:	639	error4:
639	key_ref_put(dest_ref);	640	key_ref_put(dest_ref);
640	error3:	641	error3:
641	key_ref_put(keyring_ref);	642	key_ref_put(keyring_ref);
642	error2:	643	error2:
643	kfree(description);	644	kfree(description);
644	error:	645	error:
645	return ret;	646	return ret;
646	}	647	}
647		648
648	/*	649	/*
649	* Read a key's payload.	650	* Read a key's payload.
650	*	651	*
651	* The key must either grant the caller Read permission, or it must grant the	652	* The key must either grant the caller Read permission, or it must grant the
652	* caller Search permission when searched for from the process keyrings.	653	* caller Search permission when searched for from the process keyrings.
653	*	654	*
654	* If successful, we place up to buflen bytes of data into the buffer, if one	655	* If successful, we place up to buflen bytes of data into the buffer, if one
655	* is provided, and return the amount of data that is available in the key,	656	* is provided, and return the amount of data that is available in the key,
656	* irrespective of how much we copied into the buffer.	657	* irrespective of how much we copied into the buffer.
657	*/	658	*/
658	long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)	659	long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
659	{	660	{
660	struct key *key;	661	struct key *key;
661	key_ref_t key_ref;	662	key_ref_t key_ref;
662	long ret;	663	long ret;
663		664
664	/* find the key first */	665	/* find the key first */
665	key_ref = lookup_user_key(keyid, 0, 0);	666	key_ref = lookup_user_key(keyid, 0, 0);
666	if (IS_ERR(key_ref)) {	667	if (IS_ERR(key_ref)) {
667	ret = -ENOKEY;	668	ret = -ENOKEY;
668	goto error;	669	goto error;
669	}	670	}
670		671
671	key = key_ref_to_ptr(key_ref);	672	key = key_ref_to_ptr(key_ref);
672		673
673	/* see if we can read it directly */	674	/* see if we can read it directly */
674	ret = key_permission(key_ref, KEY_READ);	675	ret = key_permission(key_ref, KEY_READ);
675	if (ret == 0)	676	if (ret == 0)
676	goto can_read_key;	677	goto can_read_key;
677	if (ret != -EACCES)	678	if (ret != -EACCES)
678	goto error;	679	goto error;
679		680
680	/* we can't; see if it's searchable from this process's keyrings	681	/* we can't; see if it's searchable from this process's keyrings
681	* - we automatically take account of the fact that it may be	682	* - we automatically take account of the fact that it may be
682	* dangling off an instantiation key	683	* dangling off an instantiation key
683	*/	684	*/
684	if (!is_key_possessed(key_ref)) {	685	if (!is_key_possessed(key_ref)) {
685	ret = -EACCES;	686	ret = -EACCES;
686	goto error2;	687	goto error2;
687	}	688	}
688		689
689	/* the key is probably readable - now try to read it */	690	/* the key is probably readable - now try to read it */
690	can_read_key:	691	can_read_key:
691	ret = key_validate(key);	692	ret = key_validate(key);
692	if (ret == 0) {	693	if (ret == 0) {
693	ret = -EOPNOTSUPP;	694	ret = -EOPNOTSUPP;
694	if (key->type->read) {	695	if (key->type->read) {
695	/* read the data with the semaphore held (since we	696	/* read the data with the semaphore held (since we
696	* might sleep) */	697	* might sleep) */
697	down_read(&key->sem);	698	down_read(&key->sem);
698	ret = key->type->read(key, buffer, buflen);	699	ret = key->type->read(key, buffer, buflen);
699	up_read(&key->sem);	700	up_read(&key->sem);
700	}	701	}
701	}	702	}
702		703
703	error2:	704	error2:
704	key_put(key);	705	key_put(key);
705	error:	706	error:
706	return ret;	707	return ret;
707	}	708	}
708		709
709	/*	710	/*
710	* Change the ownership of a key	711	* Change the ownership of a key
711	*	712	*
712	* The key must grant the caller Setattr permission for this to work, though	713	* The key must grant the caller Setattr permission for this to work, though
713	* the key need not be fully instantiated yet. For the UID to be changed, or	714	* the key need not be fully instantiated yet. For the UID to be changed, or
714	* for the GID to be changed to a group the caller is not a member of, the	715	* for the GID to be changed to a group the caller is not a member of, the
715	* caller must have sysadmin capability. If either uid or gid is -1 then that	716	* caller must have sysadmin capability. If either uid or gid is -1 then that
716	* attribute is not changed.	717	* attribute is not changed.
717	*	718	*
718	* If the UID is to be changed, the new user must have sufficient quota to	719	* If the UID is to be changed, the new user must have sufficient quota to
719	* accept the key. The quota deduction will be removed from the old user to	720	* accept the key. The quota deduction will be removed from the old user to
720	* the new user should the attribute be changed.	721	* the new user should the attribute be changed.
721	*	722	*
722	* If successful, 0 will be returned.	723	* If successful, 0 will be returned.
723	*/	724	*/
724	long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)	725	long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
725	{	726	{
726	struct key_user newowner, zapowner = NULL;	727	struct key_user newowner, zapowner = NULL;
727	struct key *key;	728	struct key *key;
728	key_ref_t key_ref;	729	key_ref_t key_ref;
729	long ret;	730	long ret;
730		731
731	ret = 0;	732	ret = 0;
732	if (uid == (uid_t) -1 && gid == (gid_t) -1)	733	if (uid == (uid_t) -1 && gid == (gid_t) -1)
733	goto error;	734	goto error;
734		735
735	key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE \| KEY_LOOKUP_PARTIAL,	736	key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE \| KEY_LOOKUP_PARTIAL,
736	KEY_SETATTR);	737	KEY_SETATTR);
737	if (IS_ERR(key_ref)) {	738	if (IS_ERR(key_ref)) {
738	ret = PTR_ERR(key_ref);	739	ret = PTR_ERR(key_ref);
739	goto error;	740	goto error;
740	}	741	}
741		742
742	key = key_ref_to_ptr(key_ref);	743	key = key_ref_to_ptr(key_ref);
743		744
744	/* make the changes with the locks held to prevent chown/chown races */	745	/* make the changes with the locks held to prevent chown/chown races */
745	ret = -EACCES;	746	ret = -EACCES;
746	down_write(&key->sem);	747	down_write(&key->sem);
747		748
748	if (!capable(CAP_SYS_ADMIN)) {	749	if (!capable(CAP_SYS_ADMIN)) {
749	/* only the sysadmin can chown a key to some other UID */	750	/* only the sysadmin can chown a key to some other UID */
750	if (uid != (uid_t) -1 && key->uid != uid)	751	if (uid != (uid_t) -1 && key->uid != uid)
751	goto error_put;	752	goto error_put;
752		753
753	/* only the sysadmin can set the key's GID to a group other	754	/* only the sysadmin can set the key's GID to a group other
754	* than one of those that the current process subscribes to */	755	* than one of those that the current process subscribes to */
755	if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid))	756	if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid))
756	goto error_put;	757	goto error_put;
757	}	758	}
758		759
759	/* change the UID */	760	/* change the UID */
760	if (uid != (uid_t) -1 && uid != key->uid) {	761	if (uid != (uid_t) -1 && uid != key->uid) {
761	ret = -ENOMEM;	762	ret = -ENOMEM;
762	newowner = key_user_lookup(uid, current_user_ns());	763	newowner = key_user_lookup(uid, current_user_ns());
763	if (!newowner)	764	if (!newowner)
764	goto error_put;	765	goto error_put;
765		766
766	/* transfer the quota burden to the new user */	767	/* transfer the quota burden to the new user */
767	if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {	768	if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
768	unsigned maxkeys = (uid == 0) ?	769	unsigned maxkeys = (uid == 0) ?
769	key_quota_root_maxkeys : key_quota_maxkeys;	770	key_quota_root_maxkeys : key_quota_maxkeys;
770	unsigned maxbytes = (uid == 0) ?	771	unsigned maxbytes = (uid == 0) ?
771	key_quota_root_maxbytes : key_quota_maxbytes;	772	key_quota_root_maxbytes : key_quota_maxbytes;
772		773
773	spin_lock(&newowner->lock);	774	spin_lock(&newowner->lock);
774	if (newowner->qnkeys + 1 >= maxkeys \|\|	775	if (newowner->qnkeys + 1 >= maxkeys \|\|
775	newowner->qnbytes + key->quotalen >= maxbytes \|\|	776	newowner->qnbytes + key->quotalen >= maxbytes \|\|
776	newowner->qnbytes + key->quotalen <	777	newowner->qnbytes + key->quotalen <
777	newowner->qnbytes)	778	newowner->qnbytes)
778	goto quota_overrun;	779	goto quota_overrun;
779		780
780	newowner->qnkeys++;	781	newowner->qnkeys++;
781	newowner->qnbytes += key->quotalen;	782	newowner->qnbytes += key->quotalen;
782	spin_unlock(&newowner->lock);	783	spin_unlock(&newowner->lock);
783		784
784	spin_lock(&key->user->lock);	785	spin_lock(&key->user->lock);
785	key->user->qnkeys--;	786	key->user->qnkeys--;
786	key->user->qnbytes -= key->quotalen;	787	key->user->qnbytes -= key->quotalen;
787	spin_unlock(&key->user->lock);	788	spin_unlock(&key->user->lock);
788	}	789	}
789		790
790	atomic_dec(&key->user->nkeys);	791	atomic_dec(&key->user->nkeys);
791	atomic_inc(&newowner->nkeys);	792	atomic_inc(&newowner->nkeys);
792		793
793	if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {	794	if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
794	atomic_dec(&key->user->nikeys);	795	atomic_dec(&key->user->nikeys);
795	atomic_inc(&newowner->nikeys);	796	atomic_inc(&newowner->nikeys);
796	}	797	}
797		798
798	zapowner = key->user;	799	zapowner = key->user;
799	key->user = newowner;	800	key->user = newowner;
800	key->uid = uid;	801	key->uid = uid;
801	}	802	}
802		803
803	/* change the GID */	804	/* change the GID */
804	if (gid != (gid_t) -1)	805	if (gid != (gid_t) -1)
805	key->gid = gid;	806	key->gid = gid;
806		807
807	ret = 0;	808	ret = 0;
808		809
809	error_put:	810	error_put:
810	up_write(&key->sem);	811	up_write(&key->sem);
811	key_put(key);	812	key_put(key);
812	if (zapowner)	813	if (zapowner)
813	key_user_put(zapowner);	814	key_user_put(zapowner);
814	error:	815	error:
815	return ret;	816	return ret;
816		817
817	quota_overrun:	818	quota_overrun:
818	spin_unlock(&newowner->lock);	819	spin_unlock(&newowner->lock);
819	zapowner = newowner;	820	zapowner = newowner;
820	ret = -EDQUOT;	821	ret = -EDQUOT;
821	goto error_put;	822	goto error_put;
822	}	823	}
823		824
824	/*	825	/*
825	* Change the permission mask on a key.	826	* Change the permission mask on a key.
826	*	827	*
827	* The key must grant the caller Setattr permission for this to work, though	828	* The key must grant the caller Setattr permission for this to work, though
828	* the key need not be fully instantiated yet. If the caller does not have	829	* the key need not be fully instantiated yet. If the caller does not have
829	* sysadmin capability, it may only change the permission on keys that it owns.	830	* sysadmin capability, it may only change the permission on keys that it owns.
830	*/	831	*/
831	long keyctl_setperm_key(key_serial_t id, key_perm_t perm)	832	long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
832	{	833	{
833	struct key *key;	834	struct key *key;
834	key_ref_t key_ref;	835	key_ref_t key_ref;
835	long ret;	836	long ret;
836		837
837	ret = -EINVAL;	838	ret = -EINVAL;
838	if (perm & ~(KEY_POS_ALL \| KEY_USR_ALL \| KEY_GRP_ALL \| KEY_OTH_ALL))	839	if (perm & ~(KEY_POS_ALL \| KEY_USR_ALL \| KEY_GRP_ALL \| KEY_OTH_ALL))
839	goto error;	840	goto error;
840		841
841	key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE \| KEY_LOOKUP_PARTIAL,	842	key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE \| KEY_LOOKUP_PARTIAL,
842	KEY_SETATTR);	843	KEY_SETATTR);
843	if (IS_ERR(key_ref)) {	844	if (IS_ERR(key_ref)) {
844	ret = PTR_ERR(key_ref);	845	ret = PTR_ERR(key_ref);
845	goto error;	846	goto error;
846	}	847	}
847		848
848	key = key_ref_to_ptr(key_ref);	849	key = key_ref_to_ptr(key_ref);
849		850
850	/* make the changes with the locks held to prevent chown/chmod races */	851	/* make the changes with the locks held to prevent chown/chmod races */
851	ret = -EACCES;	852	ret = -EACCES;
852	down_write(&key->sem);	853	down_write(&key->sem);
853		854
854	/* if we're not the sysadmin, we can only change a key that we own */	855	/* if we're not the sysadmin, we can only change a key that we own */
855	if (capable(CAP_SYS_ADMIN) \|\| key->uid == current_fsuid()) {	856	if (capable(CAP_SYS_ADMIN) \|\| key->uid == current_fsuid()) {
856	key->perm = perm;	857	key->perm = perm;
857	ret = 0;	858	ret = 0;
858	}	859	}
859		860
860	up_write(&key->sem);	861	up_write(&key->sem);
861	key_put(key);	862	key_put(key);
862	error:	863	error:
863	return ret;	864	return ret;
864	}	865	}
865		866
866	/*	867	/*
867	* Get the destination keyring for instantiation and check that the caller has	868	* Get the destination keyring for instantiation and check that the caller has
868	* Write permission on it.	869	* Write permission on it.
869	*/	870	*/
870	static long get_instantiation_keyring(key_serial_t ringid,	871	static long get_instantiation_keyring(key_serial_t ringid,
871	struct request_key_auth *rka,	872	struct request_key_auth *rka,
872	struct key **_dest_keyring)	873	struct key **_dest_keyring)
873	{	874	{
874	key_ref_t dkref;	875	key_ref_t dkref;
875		876
876	*_dest_keyring = NULL;	877	*_dest_keyring = NULL;
877		878
878	/* just return a NULL pointer if we weren't asked to make a link */	879	/* just return a NULL pointer if we weren't asked to make a link */
879	if (ringid == 0)	880	if (ringid == 0)
880	return 0;	881	return 0;
881		882
882	/* if a specific keyring is nominated by ID, then use that */	883	/* if a specific keyring is nominated by ID, then use that */
883	if (ringid > 0) {	884	if (ringid > 0) {
884	dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);	885	dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);
885	if (IS_ERR(dkref))	886	if (IS_ERR(dkref))
886	return PTR_ERR(dkref);	887	return PTR_ERR(dkref);
887	*_dest_keyring = key_ref_to_ptr(dkref);	888	*_dest_keyring = key_ref_to_ptr(dkref);
888	return 0;	889	return 0;
889	}	890	}
890		891
891	if (ringid == KEY_SPEC_REQKEY_AUTH_KEY)	892	if (ringid == KEY_SPEC_REQKEY_AUTH_KEY)
892	return -EINVAL;	893	return -EINVAL;
893		894
894	/* otherwise specify the destination keyring recorded in the	895	/* otherwise specify the destination keyring recorded in the
895	* authorisation key (any KEY_SPEC__KEYRING) /	896	* authorisation key (any KEY_SPEC__KEYRING) /
896	if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) {	897	if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) {
897	*_dest_keyring = key_get(rka->dest_keyring);	898	*_dest_keyring = key_get(rka->dest_keyring);
898	return 0;	899	return 0;
899	}	900	}
900		901
901	return -ENOKEY;	902	return -ENOKEY;
902	}	903	}
903		904
904	/*	905	/*
905	* Change the request_key authorisation key on the current process.	906	* Change the request_key authorisation key on the current process.
906	*/	907	*/
907	static int keyctl_change_reqkey_auth(struct key *key)	908	static int keyctl_change_reqkey_auth(struct key *key)
908	{	909	{
909	struct cred *new;	910	struct cred *new;
910		911
911	new = prepare_creds();	912	new = prepare_creds();
912	if (!new)	913	if (!new)
913	return -ENOMEM;	914	return -ENOMEM;
914		915
915	key_put(new->request_key_auth);	916	key_put(new->request_key_auth);
916	new->request_key_auth = key_get(key);	917	new->request_key_auth = key_get(key);
917		918
918	return commit_creds(new);	919	return commit_creds(new);
919	}	920	}
920		921
921	/*	922	/*
922	* Copy the iovec data from userspace	923	* Copy the iovec data from userspace
923	*/	924	*/
924	static long copy_from_user_iovec(void buffer, const struct iovec iov,	925	static long copy_from_user_iovec(void buffer, const struct iovec iov,
925	unsigned ioc)	926	unsigned ioc)
926	{	927	{
927	for (; ioc > 0; ioc--) {	928	for (; ioc > 0; ioc--) {
928	if (copy_from_user(buffer, iov->iov_base, iov->iov_len) != 0)	929	if (copy_from_user(buffer, iov->iov_base, iov->iov_len) != 0)
929	return -EFAULT;	930	return -EFAULT;
930	buffer += iov->iov_len;	931	buffer += iov->iov_len;
931	iov++;	932	iov++;
932	}	933	}
933	return 0;	934	return 0;
934	}	935	}
935		936
936	/*	937	/*
937	* Instantiate a key with the specified payload and link the key into the	938	* Instantiate a key with the specified payload and link the key into the
938	* destination keyring if one is given.	939	* destination keyring if one is given.
939	*	940	*
940	* The caller must have the appropriate instantiation permit set for this to	941	* The caller must have the appropriate instantiation permit set for this to
941	* work (see keyctl_assume_authority). No other permissions are required.	942	* work (see keyctl_assume_authority). No other permissions are required.
942	*	943	*
943	* If successful, 0 will be returned.	944	* If successful, 0 will be returned.
944	*/	945	*/
945	long keyctl_instantiate_key_common(key_serial_t id,	946	long keyctl_instantiate_key_common(key_serial_t id,
946	const struct iovec *payload_iov,	947	const struct iovec *payload_iov,
947	unsigned ioc,	948	unsigned ioc,
948	size_t plen,	949	size_t plen,
949	key_serial_t ringid)	950	key_serial_t ringid)
950	{	951	{
951	const struct cred *cred = current_cred();	952	const struct cred *cred = current_cred();
952	struct request_key_auth *rka;	953	struct request_key_auth *rka;
953	struct key instkey, dest_keyring;	954	struct key instkey, dest_keyring;
954	void *payload;	955	void *payload;
955	long ret;	956	long ret;
956	bool vm = false;	957	bool vm = false;
957		958
958	kenter("%d,,%zu,%d", id, plen, ringid);	959	kenter("%d,,%zu,%d", id, plen, ringid);
959		960
960	ret = -EINVAL;	961	ret = -EINVAL;
961	if (plen > 1024 * 1024 - 1)	962	if (plen > 1024 * 1024 - 1)
962	goto error;	963	goto error;
963		964
964	/* the appropriate instantiation authorisation key must have been	965	/* the appropriate instantiation authorisation key must have been
965	* assumed before calling this */	966	* assumed before calling this */
966	ret = -EPERM;	967	ret = -EPERM;
967	instkey = cred->request_key_auth;	968	instkey = cred->request_key_auth;
968	if (!instkey)	969	if (!instkey)
969	goto error;	970	goto error;
970		971
971	rka = instkey->payload.data;	972	rka = instkey->payload.data;
972	if (rka->target_key->serial != id)	973	if (rka->target_key->serial != id)
973	goto error;	974	goto error;
974		975
975	/* pull the payload in if one was supplied */	976	/* pull the payload in if one was supplied */
976	payload = NULL;	977	payload = NULL;
977		978
978	if (payload_iov) {	979	if (payload_iov) {
979	ret = -ENOMEM;	980	ret = -ENOMEM;
980	payload = kmalloc(plen, GFP_KERNEL);	981	payload = kmalloc(plen, GFP_KERNEL);
981	if (!payload) {	982	if (!payload) {
982	if (plen <= PAGE_SIZE)	983	if (plen <= PAGE_SIZE)
983	goto error;	984	goto error;
984	vm = true;	985	vm = true;
985	payload = vmalloc(plen);	986	payload = vmalloc(plen);
986	if (!payload)	987	if (!payload)
987	goto error;	988	goto error;
988	}	989	}
989		990
990	ret = copy_from_user_iovec(payload, payload_iov, ioc);	991	ret = copy_from_user_iovec(payload, payload_iov, ioc);
991	if (ret < 0)	992	if (ret < 0)
992	goto error2;	993	goto error2;
993	}	994	}
994		995
995	/* find the destination keyring amongst those belonging to the	996	/* find the destination keyring amongst those belonging to the
996	* requesting task */	997	* requesting task */
997	ret = get_instantiation_keyring(ringid, rka, &dest_keyring);	998	ret = get_instantiation_keyring(ringid, rka, &dest_keyring);
998	if (ret < 0)	999	if (ret < 0)
999	goto error2;	1000	goto error2;
1000		1001
1001	/* instantiate the key and link it into a keyring */	1002	/* instantiate the key and link it into a keyring */
1002	ret = key_instantiate_and_link(rka->target_key, payload, plen,	1003	ret = key_instantiate_and_link(rka->target_key, payload, plen,
1003	dest_keyring, instkey);	1004	dest_keyring, instkey);
1004		1005
1005	key_put(dest_keyring);	1006	key_put(dest_keyring);
1006		1007
1007	/* discard the assumed authority if it's just been disabled by	1008	/* discard the assumed authority if it's just been disabled by
1008	* instantiation of the key */	1009	* instantiation of the key */
1009	if (ret == 0)	1010	if (ret == 0)
1010	keyctl_change_reqkey_auth(NULL);	1011	keyctl_change_reqkey_auth(NULL);
1011		1012
1012	error2:	1013	error2:
1013	if (!vm)	1014	if (!vm)
1014	kfree(payload);	1015	kfree(payload);
1015	else	1016	else
1016	vfree(payload);	1017	vfree(payload);
1017	error:	1018	error:
1018	return ret;	1019	return ret;
1019	}	1020	}
1020		1021
1021	/*	1022	/*
1022	* Instantiate a key with the specified payload and link the key into the	1023	* Instantiate a key with the specified payload and link the key into the
1023	* destination keyring if one is given.	1024	* destination keyring if one is given.
1024	*	1025	*
1025	* The caller must have the appropriate instantiation permit set for this to	1026	* The caller must have the appropriate instantiation permit set for this to
1026	* work (see keyctl_assume_authority). No other permissions are required.	1027	* work (see keyctl_assume_authority). No other permissions are required.
1027	*	1028	*
1028	* If successful, 0 will be returned.	1029	* If successful, 0 will be returned.
1029	*/	1030	*/
1030	long keyctl_instantiate_key(key_serial_t id,	1031	long keyctl_instantiate_key(key_serial_t id,
1031	const void __user *_payload,	1032	const void __user *_payload,
1032	size_t plen,	1033	size_t plen,
1033	key_serial_t ringid)	1034	key_serial_t ringid)
1034	{	1035	{
1035	if (_payload && plen) {	1036	if (_payload && plen) {
1036	struct iovec iov[1] = {	1037	struct iovec iov[1] = {
1037	[0].iov_base = (void __user *)_payload,	1038	[0].iov_base = (void __user *)_payload,
1038	[0].iov_len = plen	1039	[0].iov_len = plen
1039	};	1040	};
1040		1041
1041	return keyctl_instantiate_key_common(id, iov, 1, plen, ringid);	1042	return keyctl_instantiate_key_common(id, iov, 1, plen, ringid);
1042	}	1043	}
1043		1044
1044	return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid);	1045	return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid);
1045	}	1046	}
1046		1047
1047	/*	1048	/*
1048	* Instantiate a key with the specified multipart payload and link the key into	1049	* Instantiate a key with the specified multipart payload and link the key into
1049	* the destination keyring if one is given.	1050	* the destination keyring if one is given.
1050	*	1051	*
1051	* The caller must have the appropriate instantiation permit set for this to	1052	* The caller must have the appropriate instantiation permit set for this to
1052	* work (see keyctl_assume_authority). No other permissions are required.	1053	* work (see keyctl_assume_authority). No other permissions are required.
1053	*	1054	*
1054	* If successful, 0 will be returned.	1055	* If successful, 0 will be returned.
1055	*/	1056	*/
1056	long keyctl_instantiate_key_iov(key_serial_t id,	1057	long keyctl_instantiate_key_iov(key_serial_t id,
1057	const struct iovec __user *_payload_iov,	1058	const struct iovec __user *_payload_iov,
1058	unsigned ioc,	1059	unsigned ioc,
1059	key_serial_t ringid)	1060	key_serial_t ringid)
1060	{	1061	{
1061	struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;	1062	struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
1062	long ret;	1063	long ret;
1063		1064
1064	if (_payload_iov == 0 \|\| ioc == 0)	1065	if (_payload_iov == 0 \|\| ioc == 0)
1065	goto no_payload;	1066	goto no_payload;
1066		1067
1067	ret = rw_copy_check_uvector(WRITE, _payload_iov, ioc,	1068	ret = rw_copy_check_uvector(WRITE, _payload_iov, ioc,
1068	ARRAY_SIZE(iovstack), iovstack, &iov, 1);	1069	ARRAY_SIZE(iovstack), iovstack, &iov, 1);
1069	if (ret < 0)	1070	if (ret < 0)
1070	return ret;	1071	return ret;
1071	if (ret == 0)	1072	if (ret == 0)
1072	goto no_payload_free;	1073	goto no_payload_free;
1073		1074
1074	ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid);	1075	ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid);
1075		1076
1076	if (iov != iovstack)	1077	if (iov != iovstack)
1077	kfree(iov);	1078	kfree(iov);
1078	return ret;	1079	return ret;
1079		1080
1080	no_payload_free:	1081	no_payload_free:
1081	if (iov != iovstack)	1082	if (iov != iovstack)
1082	kfree(iov);	1083	kfree(iov);
1083	no_payload:	1084	no_payload:
1084	return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid);	1085	return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid);
1085	}	1086	}
1086		1087
1087	/*	1088	/*
1088	* Negatively instantiate the key with the given timeout (in seconds) and link	1089	* Negatively instantiate the key with the given timeout (in seconds) and link
1089	* the key into the destination keyring if one is given.	1090	* the key into the destination keyring if one is given.
1090	*	1091	*
1091	* The caller must have the appropriate instantiation permit set for this to	1092	* The caller must have the appropriate instantiation permit set for this to
1092	* work (see keyctl_assume_authority). No other permissions are required.	1093	* work (see keyctl_assume_authority). No other permissions are required.
1093	*	1094	*
1094	* The key and any links to the key will be automatically garbage collected	1095	* The key and any links to the key will be automatically garbage collected
1095	* after the timeout expires.	1096	* after the timeout expires.
1096	*	1097	*
1097	* Negative keys are used to rate limit repeated request_key() calls by causing	1098	* Negative keys are used to rate limit repeated request_key() calls by causing
1098	* them to return -ENOKEY until the negative key expires.	1099	* them to return -ENOKEY until the negative key expires.
1099	*	1100	*
1100	* If successful, 0 will be returned.	1101	* If successful, 0 will be returned.
1101	*/	1102	*/
1102	long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)	1103	long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
1103	{	1104	{
1104	return keyctl_reject_key(id, timeout, ENOKEY, ringid);	1105	return keyctl_reject_key(id, timeout, ENOKEY, ringid);
1105	}	1106	}
1106		1107
1107	/*	1108	/*
1108	* Negatively instantiate the key with the given timeout (in seconds) and error	1109	* Negatively instantiate the key with the given timeout (in seconds) and error
1109	* code and link the key into the destination keyring if one is given.	1110	* code and link the key into the destination keyring if one is given.
1110	*	1111	*
1111	* The caller must have the appropriate instantiation permit set for this to	1112	* The caller must have the appropriate instantiation permit set for this to
1112	* work (see keyctl_assume_authority). No other permissions are required.	1113	* work (see keyctl_assume_authority). No other permissions are required.
1113	*	1114	*
1114	* The key and any links to the key will be automatically garbage collected	1115	* The key and any links to the key will be automatically garbage collected
1115	* after the timeout expires.	1116	* after the timeout expires.
1116	*	1117	*
1117	* Negative keys are used to rate limit repeated request_key() calls by causing	1118	* Negative keys are used to rate limit repeated request_key() calls by causing
1118	* them to return the specified error code until the negative key expires.	1119	* them to return the specified error code until the negative key expires.
1119	*	1120	*
1120	* If successful, 0 will be returned.	1121	* If successful, 0 will be returned.
1121	*/	1122	*/
1122	long keyctl_reject_key(key_serial_t id, unsigned timeout, unsigned error,	1123	long keyctl_reject_key(key_serial_t id, unsigned timeout, unsigned error,
1123	key_serial_t ringid)	1124	key_serial_t ringid)
1124	{	1125	{
1125	const struct cred *cred = current_cred();	1126	const struct cred *cred = current_cred();
1126	struct request_key_auth *rka;	1127	struct request_key_auth *rka;
1127	struct key instkey, dest_keyring;	1128	struct key instkey, dest_keyring;
1128	long ret;	1129	long ret;
1129		1130
1130	kenter("%d,%u,%u,%d", id, timeout, error, ringid);	1131	kenter("%d,%u,%u,%d", id, timeout, error, ringid);
1131		1132
1132	/* must be a valid error code and mustn't be a kernel special */	1133	/* must be a valid error code and mustn't be a kernel special */
1133	if (error <= 0 \|\|	1134	if (error <= 0 \|\|
1134	error >= MAX_ERRNO \|\|	1135	error >= MAX_ERRNO \|\|
1135	error == ERESTARTSYS \|\|	1136	error == ERESTARTSYS \|\|
1136	error == ERESTARTNOINTR \|\|	1137	error == ERESTARTNOINTR \|\|
1137	error == ERESTARTNOHAND \|\|	1138	error == ERESTARTNOHAND \|\|
1138	error == ERESTART_RESTARTBLOCK)	1139	error == ERESTART_RESTARTBLOCK)
1139	return -EINVAL;	1140	return -EINVAL;
1140		1141
1141	/* the appropriate instantiation authorisation key must have been	1142	/* the appropriate instantiation authorisation key must have been
1142	* assumed before calling this */	1143	* assumed before calling this */
1143	ret = -EPERM;	1144	ret = -EPERM;
1144	instkey = cred->request_key_auth;	1145	instkey = cred->request_key_auth;
1145	if (!instkey)	1146	if (!instkey)
1146	goto error;	1147	goto error;
1147		1148
1148	rka = instkey->payload.data;	1149	rka = instkey->payload.data;
1149	if (rka->target_key->serial != id)	1150	if (rka->target_key->serial != id)
1150	goto error;	1151	goto error;
1151		1152
1152	/* find the destination keyring if present (which must also be	1153	/* find the destination keyring if present (which must also be
1153	* writable) */	1154	* writable) */
1154	ret = get_instantiation_keyring(ringid, rka, &dest_keyring);	1155	ret = get_instantiation_keyring(ringid, rka, &dest_keyring);
1155	if (ret < 0)	1156	if (ret < 0)
1156	goto error;	1157	goto error;
1157		1158
1158	/* instantiate the key and link it into a keyring */	1159	/* instantiate the key and link it into a keyring */
1159	ret = key_reject_and_link(rka->target_key, timeout, error,	1160	ret = key_reject_and_link(rka->target_key, timeout, error,
1160	dest_keyring, instkey);	1161	dest_keyring, instkey);
1161		1162
1162	key_put(dest_keyring);	1163	key_put(dest_keyring);
1163		1164
1164	/* discard the assumed authority if it's just been disabled by	1165	/* discard the assumed authority if it's just been disabled by
1165	* instantiation of the key */	1166	* instantiation of the key */
1166	if (ret == 0)	1167	if (ret == 0)
1167	keyctl_change_reqkey_auth(NULL);	1168	keyctl_change_reqkey_auth(NULL);
1168		1169
1169	error:	1170	error:
1170	return ret;	1171	return ret;
1171	}	1172	}
1172		1173
1173	/*	1174	/*
1174	* Read or set the default keyring in which request_key() will cache keys and	1175	* Read or set the default keyring in which request_key() will cache keys and
1175	* return the old setting.	1176	* return the old setting.
1176	*	1177	*
1177	* If a process keyring is specified then this will be created if it doesn't	1178	* If a process keyring is specified then this will be created if it doesn't
1178	* yet exist. The old setting will be returned if successful.	1179	* yet exist. The old setting will be returned if successful.
1179	*/	1180	*/
1180	long keyctl_set_reqkey_keyring(int reqkey_defl)	1181	long keyctl_set_reqkey_keyring(int reqkey_defl)
1181	{	1182	{
1182	struct cred *new;	1183	struct cred *new;
1183	int ret, old_setting;	1184	int ret, old_setting;
1184		1185
1185	old_setting = current_cred_xxx(jit_keyring);	1186	old_setting = current_cred_xxx(jit_keyring);
1186		1187
1187	if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE)	1188	if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE)
1188	return old_setting;	1189	return old_setting;
1189		1190
1190	new = prepare_creds();	1191	new = prepare_creds();
1191	if (!new)	1192	if (!new)
1192	return -ENOMEM;	1193	return -ENOMEM;
1193		1194
1194	switch (reqkey_defl) {	1195	switch (reqkey_defl) {
1195	case KEY_REQKEY_DEFL_THREAD_KEYRING:	1196	case KEY_REQKEY_DEFL_THREAD_KEYRING:
1196	ret = install_thread_keyring_to_cred(new);	1197	ret = install_thread_keyring_to_cred(new);
1197	if (ret < 0)	1198	if (ret < 0)
1198	goto error;	1199	goto error;
1199	goto set;	1200	goto set;
1200		1201
1201	case KEY_REQKEY_DEFL_PROCESS_KEYRING:	1202	case KEY_REQKEY_DEFL_PROCESS_KEYRING:
1202	ret = install_process_keyring_to_cred(new);	1203	ret = install_process_keyring_to_cred(new);
1203	if (ret < 0) {	1204	if (ret < 0) {
1204	if (ret != -EEXIST)	1205	if (ret != -EEXIST)
1205	goto error;	1206	goto error;
1206	ret = 0;	1207	ret = 0;
1207	}	1208	}
1208	goto set;	1209	goto set;
1209		1210
1210	case KEY_REQKEY_DEFL_DEFAULT:	1211	case KEY_REQKEY_DEFL_DEFAULT:
1211	case KEY_REQKEY_DEFL_SESSION_KEYRING:	1212	case KEY_REQKEY_DEFL_SESSION_KEYRING:
1212	case KEY_REQKEY_DEFL_USER_KEYRING:	1213	case KEY_REQKEY_DEFL_USER_KEYRING:
1213	case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:	1214	case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
1214	case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:	1215	case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
1215	goto set;	1216	goto set;
1216		1217
1217	case KEY_REQKEY_DEFL_NO_CHANGE:	1218	case KEY_REQKEY_DEFL_NO_CHANGE:
1218	case KEY_REQKEY_DEFL_GROUP_KEYRING:	1219	case KEY_REQKEY_DEFL_GROUP_KEYRING:
1219	default:	1220	default:
1220	ret = -EINVAL;	1221	ret = -EINVAL;
1221	goto error;	1222	goto error;
1222	}	1223	}
1223		1224
1224	set:	1225	set:
1225	new->jit_keyring = reqkey_defl;	1226	new->jit_keyring = reqkey_defl;
1226	commit_creds(new);	1227	commit_creds(new);
1227	return old_setting;	1228	return old_setting;
1228	error:	1229	error:
1229	abort_creds(new);	1230	abort_creds(new);
1230	return ret;	1231	return ret;
1231	}	1232	}
1232		1233
1233	/*	1234	/*
1234	* Set or clear the timeout on a key.	1235	* Set or clear the timeout on a key.
1235	*	1236	*
1236	* Either the key must grant the caller Setattr permission or else the caller	1237	* Either the key must grant the caller Setattr permission or else the caller
1237	* must hold an instantiation authorisation token for the key.	1238	* must hold an instantiation authorisation token for the key.
1238	*	1239	*
1239	* The timeout is either 0 to clear the timeout, or a number of seconds from	1240	* The timeout is either 0 to clear the timeout, or a number of seconds from
1240	* the current time. The key and any links to the key will be automatically	1241	* the current time. The key and any links to the key will be automatically
1241	* garbage collected after the timeout expires.	1242	* garbage collected after the timeout expires.
1242	*	1243	*
1243	* If successful, 0 is returned.	1244	* If successful, 0 is returned.
1244	*/	1245	*/
1245	long keyctl_set_timeout(key_serial_t id, unsigned timeout)	1246	long keyctl_set_timeout(key_serial_t id, unsigned timeout)
1246	{	1247	{
1247	struct timespec now;
1248	struct key key, instkey;	1248	struct key key, instkey;
1249	key_ref_t key_ref;	1249	key_ref_t key_ref;
1250	time_t expiry;
1251	long ret;	1250	long ret;
1252		1251
1253	key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE \| KEY_LOOKUP_PARTIAL,	1252	key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE \| KEY_LOOKUP_PARTIAL,
1254	KEY_SETATTR);	1253	KEY_SETATTR);
1255	if (IS_ERR(key_ref)) {	1254	if (IS_ERR(key_ref)) {
1256	/* setting the timeout on a key under construction is permitted	1255	/* setting the timeout on a key under construction is permitted
1257	* if we have the authorisation token handy */	1256	* if we have the authorisation token handy */
1258	if (PTR_ERR(key_ref) == -EACCES) {	1257	if (PTR_ERR(key_ref) == -EACCES) {
1259	instkey = key_get_instantiation_authkey(id);	1258	instkey = key_get_instantiation_authkey(id);
1260	if (!IS_ERR(instkey)) {	1259	if (!IS_ERR(instkey)) {
1261	key_put(instkey);	1260	key_put(instkey);
1262	key_ref = lookup_user_key(id,	1261	key_ref = lookup_user_key(id,
1263	KEY_LOOKUP_PARTIAL,	1262	KEY_LOOKUP_PARTIAL,
1264	0);	1263	0);
1265	if (!IS_ERR(key_ref))	1264	if (!IS_ERR(key_ref))
1266	goto okay;	1265	goto okay;
1267	}	1266	}
1268	}	1267	}
1269		1268
1270	ret = PTR_ERR(key_ref);	1269	ret = PTR_ERR(key_ref);
1271	goto error;	1270	goto error;
1272	}	1271	}
1273		1272
1274	okay:	1273	okay:
1275	key = key_ref_to_ptr(key_ref);	1274	key = key_ref_to_ptr(key_ref);
1276		1275	key_set_timeout(key, timeout);
1277	/* make the changes with the locks held to prevent races */
1278	down_write(&key->sem);
1279
1280	expiry = 0;
1281	if (timeout > 0) {
1282	now = current_kernel_time();
1283	expiry = now.tv_sec + timeout;
1284	}
1285
1286	key->expiry = expiry;
1287	key_schedule_gc(key->expiry + key_gc_delay);
1288
1289	up_write(&key->sem);
1290	key_put(key);	1276	key_put(key);
1291		1277
1292	ret = 0;	1278	ret = 0;
1293	error:	1279	error:
1294	return ret;	1280	return ret;
1295	}	1281	}
1296		1282
1297	/*	1283	/*
1298	* Assume (or clear) the authority to instantiate the specified key.	1284	* Assume (or clear) the authority to instantiate the specified key.
1299	*	1285	*
1300	* This sets the authoritative token currently in force for key instantiation.	1286	* This sets the authoritative token currently in force for key instantiation.
1301	* This must be done for a key to be instantiated. It has the effect of making	1287	* This must be done for a key to be instantiated. It has the effect of making
1302	* available all the keys from the caller of the request_key() that created a	1288	* available all the keys from the caller of the request_key() that created a
1303	* key to request_key() calls made by the caller of this function.	1289	* key to request_key() calls made by the caller of this function.
1304	*	1290	*
1305	* The caller must have the instantiation key in their process keyrings with a	1291	* The caller must have the instantiation key in their process keyrings with a
1306	* Search permission grant available to the caller.	1292	* Search permission grant available to the caller.
1307	*	1293	*
1308	* If the ID given is 0, then the setting will be cleared and 0 returned.	1294	* If the ID given is 0, then the setting will be cleared and 0 returned.
1309	*	1295	*
1310	* If the ID given has a matching an authorisation key, then that key will be	1296	* If the ID given has a matching an authorisation key, then that key will be
1311	* set and its ID will be returned. The authorisation key can be read to get	1297	* set and its ID will be returned. The authorisation key can be read to get
1312	* the callout information passed to request_key().	1298	* the callout information passed to request_key().
1313	*/	1299	*/
1314	long keyctl_assume_authority(key_serial_t id)	1300	long keyctl_assume_authority(key_serial_t id)
1315	{	1301	{
1316	struct key *authkey;	1302	struct key *authkey;
1317	long ret;	1303	long ret;
1318		1304
1319	/* special key IDs aren't permitted */	1305	/* special key IDs aren't permitted */
1320	ret = -EINVAL;	1306	ret = -EINVAL;
1321	if (id < 0)	1307	if (id < 0)
1322	goto error;	1308	goto error;
1323		1309
1324	/* we divest ourselves of authority if given an ID of 0 */	1310	/* we divest ourselves of authority if given an ID of 0 */
1325	if (id == 0) {	1311	if (id == 0) {
1326	ret = keyctl_change_reqkey_auth(NULL);	1312	ret = keyctl_change_reqkey_auth(NULL);
1327	goto error;	1313	goto error;
1328	}	1314	}
1329		1315
1330	/* attempt to assume the authority temporarily granted to us whilst we	1316	/* attempt to assume the authority temporarily granted to us whilst we
1331	* instantiate the specified key	1317	* instantiate the specified key
1332	* - the authorisation key must be in the current task's keyrings	1318	* - the authorisation key must be in the current task's keyrings
1333	* somewhere	1319	* somewhere
1334	*/	1320	*/
1335	authkey = key_get_instantiation_authkey(id);	1321	authkey = key_get_instantiation_authkey(id);
1336	if (IS_ERR(authkey)) {	1322	if (IS_ERR(authkey)) {
1337	ret = PTR_ERR(authkey);	1323	ret = PTR_ERR(authkey);
1338	goto error;	1324	goto error;
1339	}	1325	}
1340		1326
1341	ret = keyctl_change_reqkey_auth(authkey);	1327	ret = keyctl_change_reqkey_auth(authkey);
1342	if (ret < 0)	1328	if (ret < 0)
1343	goto error;	1329	goto error;
1344	key_put(authkey);	1330	key_put(authkey);
1345		1331
1346	ret = authkey->serial;	1332	ret = authkey->serial;
1347	error:	1333	error:
1348	return ret;	1334	return ret;
1349	}	1335	}
1350		1336
1351	/*	1337	/*
1352	* Get a key's the LSM security label.	1338	* Get a key's the LSM security label.
1353	*	1339	*
1354	* The key must grant the caller View permission for this to work.	1340	* The key must grant the caller View permission for this to work.
1355	*	1341	*
1356	* If there's a buffer, then up to buflen bytes of data will be placed into it.	1342	* If there's a buffer, then up to buflen bytes of data will be placed into it.
1357	*	1343	*
1358	* If successful, the amount of information available will be returned,	1344	* If successful, the amount of information available will be returned,
1359	* irrespective of how much was copied (including the terminal NUL).	1345	* irrespective of how much was copied (including the terminal NUL).
1360	*/	1346	*/
1361	long keyctl_get_security(key_serial_t keyid,	1347	long keyctl_get_security(key_serial_t keyid,
1362	char __user *buffer,	1348	char __user *buffer,
1363	size_t buflen)	1349	size_t buflen)
1364	{	1350	{
1365	struct key key, instkey;	1351	struct key key, instkey;
1366	key_ref_t key_ref;	1352	key_ref_t key_ref;
1367	char *context;	1353	char *context;
1368	long ret;	1354	long ret;
1369		1355
1370	key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW);	1356	key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW);
1371	if (IS_ERR(key_ref)) {	1357	if (IS_ERR(key_ref)) {
1372	if (PTR_ERR(key_ref) != -EACCES)	1358	if (PTR_ERR(key_ref) != -EACCES)
1373	return PTR_ERR(key_ref);	1359	return PTR_ERR(key_ref);
1374		1360
1375	/* viewing a key under construction is also permitted if we	1361	/* viewing a key under construction is also permitted if we
1376	* have the authorisation token handy */	1362	* have the authorisation token handy */
1377	instkey = key_get_instantiation_authkey(keyid);	1363	instkey = key_get_instantiation_authkey(keyid);
1378	if (IS_ERR(instkey))	1364	if (IS_ERR(instkey))
1379	return PTR_ERR(instkey);	1365	return PTR_ERR(instkey);
1380	key_put(instkey);	1366	key_put(instkey);
1381		1367
1382	key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0);	1368	key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0);
1383	if (IS_ERR(key_ref))	1369	if (IS_ERR(key_ref))
1384	return PTR_ERR(key_ref);	1370	return PTR_ERR(key_ref);
1385	}	1371	}
1386		1372
1387	key = key_ref_to_ptr(key_ref);	1373	key = key_ref_to_ptr(key_ref);
1388	ret = security_key_getsecurity(key, &context);	1374	ret = security_key_getsecurity(key, &context);
1389	if (ret == 0) {	1375	if (ret == 0) {
1390	/* if no information was returned, give userspace an empty	1376	/* if no information was returned, give userspace an empty
1391	* string */	1377	* string */
1392	ret = 1;	1378	ret = 1;
1393	if (buffer && buflen > 0 &&	1379	if (buffer && buflen > 0 &&
1394	copy_to_user(buffer, "", 1) != 0)	1380	copy_to_user(buffer, "", 1) != 0)
1395	ret = -EFAULT;	1381	ret = -EFAULT;
1396	} else if (ret > 0) {	1382	} else if (ret > 0) {
1397	/* return as much data as there's room for */	1383	/* return as much data as there's room for */
1398	if (buffer && buflen > 0) {	1384	if (buffer && buflen > 0) {
1399	if (buflen > ret)	1385	if (buflen > ret)
1400	buflen = ret;	1386	buflen = ret;
1401		1387
1402	if (copy_to_user(buffer, context, buflen) != 0)	1388	if (copy_to_user(buffer, context, buflen) != 0)
1403	ret = -EFAULT;	1389	ret = -EFAULT;
1404	}	1390	}
1405		1391
1406	kfree(context);	1392	kfree(context);
1407	}	1393	}
1408		1394
1409	key_ref_put(key_ref);	1395	key_ref_put(key_ref);
1410	return ret;	1396	return ret;
1411	}	1397	}
1412		1398
1413	/*	1399	/*
1414	* Attempt to install the calling process's session keyring on the process's	1400	* Attempt to install the calling process's session keyring on the process's
1415	* parent process.	1401	* parent process.
1416	*	1402	*
1417	* The keyring must exist and must grant the caller LINK permission, and the	1403	* The keyring must exist and must grant the caller LINK permission, and the
1418	* parent process must be single-threaded and must have the same effective	1404	* parent process must be single-threaded and must have the same effective
1419	* ownership as this process and mustn't be SUID/SGID.	1405	* ownership as this process and mustn't be SUID/SGID.
1420	*	1406	*
1421	* The keyring will be emplaced on the parent when it next resumes userspace.	1407	* The keyring will be emplaced on the parent when it next resumes userspace.
1422	*	1408	*
1423	* If successful, 0 will be returned.	1409	* If successful, 0 will be returned.
1424	*/	1410	*/
1425	long keyctl_session_to_parent(void)	1411	long keyctl_session_to_parent(void)
1426	{	1412	{
1427	#ifdef TIF_NOTIFY_RESUME	1413	#ifdef TIF_NOTIFY_RESUME
1428	struct task_struct me, parent;	1414	struct task_struct me, parent;
1429	const struct cred mycred, pcred;	1415	const struct cred mycred, pcred;
1430	struct cred cred, oldcred;	1416	struct cred cred, oldcred;
1431	key_ref_t keyring_r;	1417	key_ref_t keyring_r;
1432	int ret;	1418	int ret;
1433		1419
1434	keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK);	1420	keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK);
1435	if (IS_ERR(keyring_r))	1421	if (IS_ERR(keyring_r))
1436	return PTR_ERR(keyring_r);	1422	return PTR_ERR(keyring_r);
1437		1423
1438	/* our parent is going to need a new cred struct, a new tgcred struct	1424	/* our parent is going to need a new cred struct, a new tgcred struct
1439	* and new security data, so we allocate them here to prevent ENOMEM in	1425	* and new security data, so we allocate them here to prevent ENOMEM in
1440	* our parent */	1426	* our parent */
1441	ret = -ENOMEM;	1427	ret = -ENOMEM;
1442	cred = cred_alloc_blank();	1428	cred = cred_alloc_blank();
1443	if (!cred)	1429	if (!cred)
1444	goto error_keyring;	1430	goto error_keyring;
1445		1431
1446	cred->tgcred->session_keyring = key_ref_to_ptr(keyring_r);	1432	cred->tgcred->session_keyring = key_ref_to_ptr(keyring_r);
1447	keyring_r = NULL;	1433	keyring_r = NULL;
1448		1434
1449	me = current;	1435	me = current;
1450	rcu_read_lock();	1436	rcu_read_lock();
1451	write_lock_irq(&tasklist_lock);	1437	write_lock_irq(&tasklist_lock);
1452		1438
1453	parent = me->real_parent;	1439	parent = me->real_parent;
1454	ret = -EPERM;	1440	ret = -EPERM;
1455		1441
1456	/* the parent mustn't be init and mustn't be a kernel thread */	1442	/* the parent mustn't be init and mustn't be a kernel thread */
1457	if (parent->pid <= 1 \|\| !parent->mm)	1443	if (parent->pid <= 1 \|\| !parent->mm)
1458	goto not_permitted;	1444	goto not_permitted;
1459		1445
1460	/* the parent must be single threaded */	1446	/* the parent must be single threaded */
1461	if (!thread_group_empty(parent))	1447	if (!thread_group_empty(parent))
1462	goto not_permitted;	1448	goto not_permitted;
1463		1449
1464	/* the parent and the child must have different session keyrings or	1450	/* the parent and the child must have different session keyrings or
1465	* there's no point */	1451	* there's no point */
1466	mycred = current_cred();	1452	mycred = current_cred();
1467	pcred = __task_cred(parent);	1453	pcred = __task_cred(parent);
1468	if (mycred == pcred \|\|	1454	if (mycred == pcred \|\|
1469	mycred->tgcred->session_keyring == pcred->tgcred->session_keyring)	1455	mycred->tgcred->session_keyring == pcred->tgcred->session_keyring)
1470	goto already_same;	1456	goto already_same;
1471		1457
1472	/* the parent must have the same effective ownership and mustn't be	1458	/* the parent must have the same effective ownership and mustn't be
1473	* SUID/SGID */	1459	* SUID/SGID */
1474	if (pcred->uid != mycred->euid \|\|	1460	if (pcred->uid != mycred->euid \|\|
1475	pcred->euid != mycred->euid \|\|	1461	pcred->euid != mycred->euid \|\|
1476	pcred->suid != mycred->euid \|\|	1462	pcred->suid != mycred->euid \|\|
1477	pcred->gid != mycred->egid \|\|	1463	pcred->gid != mycred->egid \|\|
1478	pcred->egid != mycred->egid \|\|	1464	pcred->egid != mycred->egid \|\|
1479	pcred->sgid != mycred->egid)	1465	pcred->sgid != mycred->egid)
1480	goto not_permitted;	1466	goto not_permitted;
1481		1467
1482	/* the keyrings must have the same UID */	1468	/* the keyrings must have the same UID */
1483	if ((pcred->tgcred->session_keyring &&	1469	if ((pcred->tgcred->session_keyring &&
1484	pcred->tgcred->session_keyring->uid != mycred->euid) \|\|	1470	pcred->tgcred->session_keyring->uid != mycred->euid) \|\|
1485	mycred->tgcred->session_keyring->uid != mycred->euid)	1471	mycred->tgcred->session_keyring->uid != mycred->euid)
1486	goto not_permitted;	1472	goto not_permitted;
1487		1473
1488	/* if there's an already pending keyring replacement, then we replace	1474	/* if there's an already pending keyring replacement, then we replace
1489	* that */	1475	* that */
1490	oldcred = parent->replacement_session_keyring;	1476	oldcred = parent->replacement_session_keyring;
1491		1477
1492	/* the replacement session keyring is applied just prior to userspace	1478	/* the replacement session keyring is applied just prior to userspace
1493	* restarting */	1479	* restarting */
1494	parent->replacement_session_keyring = cred;	1480	parent->replacement_session_keyring = cred;
1495	cred = NULL;	1481	cred = NULL;
1496	set_ti_thread_flag(task_thread_info(parent), TIF_NOTIFY_RESUME);	1482	set_ti_thread_flag(task_thread_info(parent), TIF_NOTIFY_RESUME);
1497		1483
1498	write_unlock_irq(&tasklist_lock);	1484	write_unlock_irq(&tasklist_lock);
1499	rcu_read_unlock();	1485	rcu_read_unlock();
1500	if (oldcred)	1486	if (oldcred)
1501	put_cred(oldcred);	1487	put_cred(oldcred);
1502	return 0;	1488	return 0;
1503		1489
1504	already_same:	1490	already_same:
1505	ret = 0;	1491	ret = 0;
1506	not_permitted:	1492	not_permitted:
1507	write_unlock_irq(&tasklist_lock);	1493	write_unlock_irq(&tasklist_lock);
1508	rcu_read_unlock();	1494	rcu_read_unlock();
1509	put_cred(cred);	1495	put_cred(cred);
1510	return ret;	1496	return ret;
1511		1497
1512	error_keyring:	1498	error_keyring:
1513	key_ref_put(keyring_r);	1499	key_ref_put(keyring_r);
1514	return ret;	1500	return ret;
1515		1501
1516	#else /* !TIF_NOTIFY_RESUME */	1502	#else /* !TIF_NOTIFY_RESUME */
1517	/*	1503	/*
1518	* To be removed when TIF_NOTIFY_RESUME has been implemented on	1504	* To be removed when TIF_NOTIFY_RESUME has been implemented on
1519	* m68k/xtensa	1505	* m68k/xtensa
1520	*/	1506	*/
1521	#warning TIF_NOTIFY_RESUME not implemented	1507	#warning TIF_NOTIFY_RESUME not implemented
1522	return -EOPNOTSUPP;	1508	return -EOPNOTSUPP;
1523	#endif /* !TIF_NOTIFY_RESUME */	1509	#endif /* !TIF_NOTIFY_RESUME */
1524	}	1510	}
1525		1511
1526	/*	1512	/*
1527	* The key control system call	1513	* The key control system call
1528	*/	1514	*/
1529	SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,	1515	SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
1530	unsigned long, arg4, unsigned long, arg5)	1516	unsigned long, arg4, unsigned long, arg5)
1531	{	1517	{
1532	switch (option) {	1518	switch (option) {
1533	case KEYCTL_GET_KEYRING_ID:	1519	case KEYCTL_GET_KEYRING_ID:
1534	return keyctl_get_keyring_ID((key_serial_t) arg2,	1520	return keyctl_get_keyring_ID((key_serial_t) arg2,
1535	(int) arg3);	1521	(int) arg3);
1536		1522
1537	case KEYCTL_JOIN_SESSION_KEYRING:	1523	case KEYCTL_JOIN_SESSION_KEYRING:
1538	return keyctl_join_session_keyring((const char __user *) arg2);	1524	return keyctl_join_session_keyring((const char __user *) arg2);
1539		1525
1540	case KEYCTL_UPDATE:	1526	case KEYCTL_UPDATE:
1541	return keyctl_update_key((key_serial_t) arg2,	1527	return keyctl_update_key((key_serial_t) arg2,
1542	(const void __user *) arg3,	1528	(const void __user *) arg3,
1543	(size_t) arg4);	1529	(size_t) arg4);
1544		1530
1545	case KEYCTL_REVOKE:	1531	case KEYCTL_REVOKE:
1546	return keyctl_revoke_key((key_serial_t) arg2);	1532	return keyctl_revoke_key((key_serial_t) arg2);
1547		1533
1548	case KEYCTL_DESCRIBE:	1534	case KEYCTL_DESCRIBE:
1549	return keyctl_describe_key((key_serial_t) arg2,	1535	return keyctl_describe_key((key_serial_t) arg2,
1550	(char __user *) arg3,	1536	(char __user *) arg3,
1551	(unsigned) arg4);	1537	(unsigned) arg4);
1552		1538
1553	case KEYCTL_CLEAR:	1539	case KEYCTL_CLEAR:
1554	return keyctl_keyring_clear((key_serial_t) arg2);	1540	return keyctl_keyring_clear((key_serial_t) arg2);
1555		1541
1556	case KEYCTL_LINK:	1542	case KEYCTL_LINK:
1557	return keyctl_keyring_link((key_serial_t) arg2,	1543	return keyctl_keyring_link((key_serial_t) arg2,
1558	(key_serial_t) arg3);	1544	(key_serial_t) arg3);
1559		1545
1560	case KEYCTL_UNLINK:	1546	case KEYCTL_UNLINK:
1561	return keyctl_keyring_unlink((key_serial_t) arg2,	1547	return keyctl_keyring_unlink((key_serial_t) arg2,
1562	(key_serial_t) arg3);	1548	(key_serial_t) arg3);
1563		1549
1564	case KEYCTL_SEARCH:	1550	case KEYCTL_SEARCH:
1565	return keyctl_keyring_search((key_serial_t) arg2,	1551	return keyctl_keyring_search((key_serial_t) arg2,
1566	(const char __user *) arg3,	1552	(const char __user *) arg3,
1567	(const char __user *) arg4,	1553	(const char __user *) arg4,
1568	(key_serial_t) arg5);	1554	(key_serial_t) arg5);
1569		1555
1570	case KEYCTL_READ:	1556	case KEYCTL_READ:
1571	return keyctl_read_key((key_serial_t) arg2,	1557	return keyctl_read_key((key_serial_t) arg2,
1572	(char __user *) arg3,	1558	(char __user *) arg3,
1573	(size_t) arg4);	1559	(size_t) arg4);
1574		1560
1575	case KEYCTL_CHOWN:	1561	case KEYCTL_CHOWN:
1576	return keyctl_chown_key((key_serial_t) arg2,	1562	return keyctl_chown_key((key_serial_t) arg2,
1577	(uid_t) arg3,	1563	(uid_t) arg3,
1578	(gid_t) arg4);	1564	(gid_t) arg4);
1579		1565
1580	case KEYCTL_SETPERM:	1566	case KEYCTL_SETPERM:
1581	return keyctl_setperm_key((key_serial_t) arg2,	1567	return keyctl_setperm_key((key_serial_t) arg2,
1582	(key_perm_t) arg3);	1568	(key_perm_t) arg3);
1583		1569
1584	case KEYCTL_INSTANTIATE:	1570	case KEYCTL_INSTANTIATE:
1585	return keyctl_instantiate_key((key_serial_t) arg2,	1571	return keyctl_instantiate_key((key_serial_t) arg2,
1586	(const void __user *) arg3,	1572	(const void __user *) arg3,
1587	(size_t) arg4,	1573	(size_t) arg4,
1588	(key_serial_t) arg5);	1574	(key_serial_t) arg5);
1589		1575
1590	case KEYCTL_NEGATE:	1576	case KEYCTL_NEGATE:
1591	return keyctl_negate_key((key_serial_t) arg2,	1577	return keyctl_negate_key((key_serial_t) arg2,
1592	(unsigned) arg3,	1578	(unsigned) arg3,
1593	(key_serial_t) arg4);	1579	(key_serial_t) arg4);
1594		1580
1595	case KEYCTL_SET_REQKEY_KEYRING:	1581	case KEYCTL_SET_REQKEY_KEYRING:
1596	return keyctl_set_reqkey_keyring(arg2);	1582	return keyctl_set_reqkey_keyring(arg2);
1597		1583
1598	case KEYCTL_SET_TIMEOUT:	1584	case KEYCTL_SET_TIMEOUT:
1599	return keyctl_set_timeout((key_serial_t) arg2,	1585	return keyctl_set_timeout((key_serial_t) arg2,
1600	(unsigned) arg3);	1586	(unsigned) arg3);
1601		1587
1602	case KEYCTL_ASSUME_AUTHORITY:	1588	case KEYCTL_ASSUME_AUTHORITY:
1603	return keyctl_assume_authority((key_serial_t) arg2);	1589	return keyctl_assume_authority((key_serial_t) arg2);
1604		1590
1605	case KEYCTL_GET_SECURITY:	1591	case KEYCTL_GET_SECURITY:
1606	return keyctl_get_security((key_serial_t) arg2,	1592	return keyctl_get_security((key_serial_t) arg2,
1607	(char __user *) arg3,	1593	(char __user *) arg3,
1608	(size_t) arg4);	1594	(size_t) arg4);
1609		1595
1610	case KEYCTL_SESSION_TO_PARENT:	1596	case KEYCTL_SESSION_TO_PARENT:
1611	return keyctl_session_to_parent();	1597	return keyctl_session_to_parent();
1612		1598
1613	case KEYCTL_REJECT:	1599	case KEYCTL_REJECT:
1614	return keyctl_reject_key((key_serial_t) arg2,	1600	return keyctl_reject_key((key_serial_t) arg2,
1615	(unsigned) arg3,	1601	(unsigned) arg3,
1616	(unsigned) arg4,	1602	(unsigned) arg4,
1617	(key_serial_t) arg5);	1603	(key_serial_t) arg5);
1618		1604
1619	case KEYCTL_INSTANTIATE_IOV:	1605	case KEYCTL_INSTANTIATE_IOV:
1620	return keyctl_instantiate_key_iov(	1606	return keyctl_instantiate_key_iov(
1621	(key_serial_t) arg2,	1607	(key_serial_t) arg2,
1622	(const struct iovec __user *) arg3,	1608	(const struct iovec __user *) arg3,
1623	(unsigned) arg4,	1609	(unsigned) arg4,
1624	(key_serial_t) arg5);	1610	(key_serial_t) arg5);
1625		1611
1626	default:	1612	default:
1627	return -EOPNOTSUPP;	1613	return -EOPNOTSUPP;
1628	}	1614	}
1629	}	1615	}