Commit 685bfd2c48bb3284d31e73ff3151c957d76deda9
Committed by
Linus Torvalds
Linus Torvalds
1 parent
898b374af6
Exists in
master
and in
7 other branches
umh: creds: convert call_usermodehelper_keys() to use subprocess_info->init()
call_usermodehelper_keys() uses call_usermodehelper_setkeys() to change subprocess_info->cred in advance. Now that we have info->init() we can change this code to set tgcred->session_keyring in context of execing kernel thread. Note: since currently call_usermodehelper_keys() is never called with UMH_NO_WAIT, call_usermodehelper_keys()->key_get() and umh_keys_cleanup() are not really needed, we could rely on install_session_keyring_to_cred() which does key_get() on success. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Showing 5 changed files with 34 additions and 37 deletions Side-by-side Diff
include/linux/kmod.h
| ... | ... | @@ -72,8 +72,6 @@ |
| 72 | 72 | char **envp, gfp_t gfp_mask); |
| 73 | 73 | |
| 74 | 74 | /* Set various pieces of state into the subprocess_info structure */ |
| 75 | -void call_usermodehelper_setkeys(struct subprocess_info *info, | |
| 76 | - struct key *session_keyring); | |
| 77 | 75 | void call_usermodehelper_setfns(struct subprocess_info *info, |
| 78 | 76 | int (*init)(struct subprocess_info *info), |
| 79 | 77 | void (*cleanup)(struct subprocess_info *info), |
| ... | ... | @@ -110,21 +108,6 @@ |
| 110 | 108 | { |
| 111 | 109 | return call_usermodehelper_fns(path, argv, envp, wait, |
| 112 | 110 | NULL, NULL, NULL); |
| 113 | -} | |
| 114 | - | |
| 115 | -static inline int | |
| 116 | -call_usermodehelper_keys(char *path, char **argv, char **envp, | |
| 117 | - struct key *session_keyring, enum umh_wait wait) | |
| 118 | -{ | |
| 119 | - struct subprocess_info *info; | |
| 120 | - gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL; | |
| 121 | - | |
| 122 | - info = call_usermodehelper_setup(path, argv, envp, gfp_mask); | |
| 123 | - if (info == NULL) | |
| 124 | - return -ENOMEM; | |
| 125 | - | |
| 126 | - call_usermodehelper_setkeys(info, session_keyring); | |
| 127 | - return call_usermodehelper_exec(info, wait); | |
| 128 | 111 | } |
| 129 | 112 | |
| 130 | 113 | extern void usermodehelper_init(void); |
kernel/kmod.c
| ... | ... | @@ -367,24 +367,6 @@ |
| 367 | 367 | EXPORT_SYMBOL(call_usermodehelper_setup); |
| 368 | 368 | |
| 369 | 369 | /** |
| 370 | - * call_usermodehelper_setkeys - set the session keys for usermode helper | |
| 371 | - * @info: a subprocess_info returned by call_usermodehelper_setup | |
| 372 | - * @session_keyring: the session keyring for the process | |
| 373 | - */ | |
| 374 | -void call_usermodehelper_setkeys(struct subprocess_info *info, | |
| 375 | - struct key *session_keyring) | |
| 376 | -{ | |
| 377 | -#ifdef CONFIG_KEYS | |
| 378 | - struct thread_group_cred *tgcred = info->cred->tgcred; | |
| 379 | - key_put(tgcred->session_keyring); | |
| 380 | - tgcred->session_keyring = key_get(session_keyring); | |
| 381 | -#else | |
| 382 | - BUG(); | |
| 383 | -#endif | |
| 384 | -} | |
| 385 | -EXPORT_SYMBOL(call_usermodehelper_setkeys); | |
| 386 | - | |
| 387 | -/** | |
| 388 | 370 | * call_usermodehelper_setfns - set a cleanup/init function |
| 389 | 371 | * @info: a subprocess_info returned by call_usermodehelper_setup |
| 390 | 372 | * @cleanup: a cleanup function |
security/keys/internal.h
| ... | ... | @@ -124,6 +124,7 @@ |
| 124 | 124 | extern int install_user_keyrings(void); |
| 125 | 125 | extern int install_thread_keyring_to_cred(struct cred *); |
| 126 | 126 | extern int install_process_keyring_to_cred(struct cred *); |
| 127 | +extern int install_session_keyring_to_cred(struct cred *, struct key *); | |
| 127 | 128 | |
| 128 | 129 | extern struct key *request_key_and_link(struct key_type *type, |
| 129 | 130 | const char *description, |
security/keys/process_keys.c
| ... | ... | @@ -216,8 +216,7 @@ |
| 216 | 216 | /* |
| 217 | 217 | * install a session keyring directly to a credentials struct |
| 218 | 218 | */ |
| 219 | -static int install_session_keyring_to_cred(struct cred *cred, | |
| 220 | - struct key *keyring) | |
| 219 | +int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) | |
| 221 | 220 | { |
| 222 | 221 | unsigned long flags; |
| 223 | 222 | struct key *old; |
security/keys/request_key.c
| ... | ... | @@ -58,6 +58,38 @@ |
| 58 | 58 | } |
| 59 | 59 | EXPORT_SYMBOL(complete_request_key); |
| 60 | 60 | |
| 61 | +static int umh_keys_init(struct subprocess_info *info) | |
| 62 | +{ | |
| 63 | + struct cred *cred = (struct cred*)current_cred(); | |
| 64 | + struct key *keyring = info->data; | |
| 65 | + /* | |
| 66 | + * This is called in context of freshly forked kthread before | |
| 67 | + * kernel_execve(), we can just change our ->session_keyring. | |
| 68 | + */ | |
| 69 | + return install_session_keyring_to_cred(cred, keyring); | |
| 70 | +} | |
| 71 | + | |
| 72 | +static void umh_keys_cleanup(struct subprocess_info *info) | |
| 73 | +{ | |
| 74 | + struct key *keyring = info->data; | |
| 75 | + key_put(keyring); | |
| 76 | +} | |
| 77 | + | |
| 78 | +static int call_usermodehelper_keys(char *path, char **argv, char **envp, | |
| 79 | + struct key *session_keyring, enum umh_wait wait) | |
| 80 | +{ | |
| 81 | + gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL; | |
| 82 | + struct subprocess_info *info = | |
| 83 | + call_usermodehelper_setup(path, argv, envp, gfp_mask); | |
| 84 | + | |
| 85 | + if (!info) | |
| 86 | + return -ENOMEM; | |
| 87 | + | |
| 88 | + call_usermodehelper_setfns(info, umh_keys_init, umh_keys_cleanup, | |
| 89 | + key_get(session_keyring)); | |
| 90 | + return call_usermodehelper_exec(info, wait); | |
| 91 | +} | |
| 92 | + | |
| 61 | 93 | /* |
| 62 | 94 | * request userspace finish the construction of a key |
| 63 | 95 | * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>" |