Doug / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 896903c2f5f79f029388f033a00c3b813bc91201

Authored by David Howells
Committed by James Morris
1 parent f0641cba77
Exists in master and in 7 other branches imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-l5.0.0_1.0.0-ga

KEYS: call_sbin_request_key() must write lock keyrings before modifying them 

call_sbin_request_key() creates a keyring and then attempts to insert a link to
the authorisation key into that keyring, but does so without holding a write
lock on the keyring semaphore.

It will normally get away with this because it hasn't told anyone that the
keyring exists yet.  The new keyring, however, has had its serial number
published, which means it can be accessed directly by that handle.

This was found by a previous patch that adds RCU lockdep checks to the code
that reads the keyring payload pointer, which includes a check that the keyring
semaphore is actually locked.

Without this patch, the following command:

	keyctl request2 user b a @s

will provoke the following lockdep warning is displayed in dmesg:

	===================================================
	[ INFO: suspicious rcu_dereference_check() usage. ]
	---------------------------------------------------
	security/keys/keyring.c:727 invoked rcu_dereference_check() without protection!

	other info that might help us debug this:

	rcu_scheduler_active = 1, debug_locks = 0
	2 locks held by keyctl/2076:
	 #0:  (key_types_sem){.+.+.+}, at: [<ffffffff811a5b29>] key_type_lookup+0x1c/0x71
	 #1:  (keyring_serialise_link_sem){+.+.+.}, at: [<ffffffff811a6d1e>] __key_link+0x4d/0x3c5

	stack backtrace:
	Pid: 2076, comm: keyctl Not tainted 2.6.34-rc6-cachefs #54
	Call Trace:
	 [<ffffffff81051fdc>] lockdep_rcu_dereference+0xaa/0xb2
	 [<ffffffff811a6d1e>] ? __key_link+0x4d/0x3c5
	 [<ffffffff811a6e6f>] __key_link+0x19e/0x3c5
	 [<ffffffff811a5952>] ? __key_instantiate_and_link+0xb1/0xdc
	 [<ffffffff811a59bf>] ? key_instantiate_and_link+0x42/0x5f
	 [<ffffffff811aa0dc>] call_sbin_request_key+0xe7/0x33b
	 [<ffffffff8139376a>] ? mutex_unlock+0x9/0xb
	 [<ffffffff811a5952>] ? __key_instantiate_and_link+0xb1/0xdc
	 [<ffffffff811a59bf>] ? key_instantiate_and_link+0x42/0x5f
	 [<ffffffff811aa6fa>] ? request_key_auth_new+0x1c2/0x23c
	 [<ffffffff810aaf15>] ? cache_alloc_debugcheck_after+0x108/0x173
	 [<ffffffff811a9d00>] ? request_key_and_link+0x146/0x300
	 [<ffffffff810ac568>] ? kmem_cache_alloc+0xe1/0x118
	 [<ffffffff811a9e45>] request_key_and_link+0x28b/0x300
	 [<ffffffff811a89ac>] sys_request_key+0xf7/0x14a
	 [<ffffffff81052c0b>] ? trace_hardirqs_on_caller+0x10c/0x130
	 [<ffffffff81394fb9>] ? trace_hardirqs_on_thunk+0x3a/0x3f
	 [<ffffffff81001eeb>] system_call_fastpath+0x16/0x1b

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>

Showing 1 changed file with 1 additions and 1 deletions Inline Diff

security/keys/request_key.c
Diff comments   View file @ 896903c
1 /* Request a key from userspace 1 /* Request a key from userspace
2 * 2 *
3 * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
5 * 5 *
6 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License 7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version. 9 * 2 of the License, or (at your option) any later version.
10 * 10 *
11 * See Documentation/keys-request-key.txt 11 * See Documentation/keys-request-key.txt
12 */ 12 */
13 13
14 #include <linux/module.h> 14 #include <linux/module.h>
15 #include <linux/sched.h> 15 #include <linux/sched.h>
16 #include <linux/kmod.h> 16 #include <linux/kmod.h>
17 #include <linux/err.h> 17 #include <linux/err.h>
18 #include <linux/keyctl.h> 18 #include <linux/keyctl.h>
19 #include <linux/slab.h> 19 #include <linux/slab.h>
20 #include "internal.h" 20 #include "internal.h"
21 21
22 #define key_negative_timeout 60 /* default timeout on a negative key's existence */ 22 #define key_negative_timeout 60 /* default timeout on a negative key's existence */
23 23
24 /* 24 /*
25 * wait_on_bit() sleep function for uninterruptible waiting 25 * wait_on_bit() sleep function for uninterruptible waiting
26 */ 26 */
27 static int key_wait_bit(void *flags) 27 static int key_wait_bit(void *flags)
28 { 28 {
29 schedule(); 29 schedule();
30 return 0; 30 return 0;
31 } 31 }
32 32
33 /* 33 /*
34 * wait_on_bit() sleep function for interruptible waiting 34 * wait_on_bit() sleep function for interruptible waiting
35 */ 35 */
36 static int key_wait_bit_intr(void *flags) 36 static int key_wait_bit_intr(void *flags)
37 { 37 {
38 schedule(); 38 schedule();
39 return signal_pending(current) ? -ERESTARTSYS : 0; 39 return signal_pending(current) ? -ERESTARTSYS : 0;
40 } 40 }
41 41
42 /* 42 /*
43 * call to complete the construction of a key 43 * call to complete the construction of a key
44 */ 44 */
45 void complete_request_key(struct key_construction *cons, int error) 45 void complete_request_key(struct key_construction *cons, int error)
46 { 46 {
47 kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error); 47 kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error);
48 48
49 if (error < 0) 49 if (error < 0)
50 key_negate_and_link(cons->key, key_negative_timeout, NULL, 50 key_negate_and_link(cons->key, key_negative_timeout, NULL,
51 cons->authkey); 51 cons->authkey);
52 else 52 else
53 key_revoke(cons->authkey); 53 key_revoke(cons->authkey);
54 54
55 key_put(cons->key); 55 key_put(cons->key);
56 key_put(cons->authkey); 56 key_put(cons->authkey);
57 kfree(cons); 57 kfree(cons);
58 } 58 }
59 EXPORT_SYMBOL(complete_request_key); 59 EXPORT_SYMBOL(complete_request_key);
60 60
61 /* 61 /*
62 * request userspace finish the construction of a key 62 * request userspace finish the construction of a key
63 * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>" 63 * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
64 */ 64 */
65 static int call_sbin_request_key(struct key_construction *cons, 65 static int call_sbin_request_key(struct key_construction *cons,
66 const char *op, 66 const char *op,
67 void *aux) 67 void *aux)
68 { 68 {
69 const struct cred *cred = current_cred(); 69 const struct cred *cred = current_cred();
70 key_serial_t prkey, sskey; 70 key_serial_t prkey, sskey;
71 struct key *key = cons->key, *authkey = cons->authkey, *keyring, 71 struct key *key = cons->key, *authkey = cons->authkey, *keyring,
72 *session; 72 *session;
73 char *argv[9], *envp[3], uid_str[12], gid_str[12]; 73 char *argv[9], *envp[3], uid_str[12], gid_str[12];
74 char key_str[12], keyring_str[3][12]; 74 char key_str[12], keyring_str[3][12];
75 char desc[20]; 75 char desc[20];
76 int ret, i; 76 int ret, i;
77 77
78 kenter("{%d},{%d},%s", key->serial, authkey->serial, op); 78 kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
79 79
80 ret = install_user_keyrings(); 80 ret = install_user_keyrings();
81 if (ret < 0) 81 if (ret < 0)
82 goto error_alloc; 82 goto error_alloc;
83 83
84 /* allocate a new session keyring */ 84 /* allocate a new session keyring */
85 sprintf(desc, "_req.%u", key->serial); 85 sprintf(desc, "_req.%u", key->serial);
86 86
87 cred = get_current_cred(); 87 cred = get_current_cred();
88 keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, 88 keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
89 KEY_ALLOC_QUOTA_OVERRUN, NULL); 89 KEY_ALLOC_QUOTA_OVERRUN, NULL);
90 put_cred(cred); 90 put_cred(cred);
91 if (IS_ERR(keyring)) { 91 if (IS_ERR(keyring)) {
92 ret = PTR_ERR(keyring); 92 ret = PTR_ERR(keyring);
93 goto error_alloc; 93 goto error_alloc;
94 } 94 }
95 95
96 /* attach the auth key to the session keyring */ 96 /* attach the auth key to the session keyring */
97 ret = __key_link(keyring, authkey); 97 ret = key_link(keyring, authkey);
98 if (ret < 0) 98 if (ret < 0)
99 goto error_link; 99 goto error_link;
100 100
101 /* record the UID and GID */ 101 /* record the UID and GID */
102 sprintf(uid_str, "%d", cred->fsuid); 102 sprintf(uid_str, "%d", cred->fsuid);
103 sprintf(gid_str, "%d", cred->fsgid); 103 sprintf(gid_str, "%d", cred->fsgid);
104 104
105 /* we say which key is under construction */ 105 /* we say which key is under construction */
106 sprintf(key_str, "%d", key->serial); 106 sprintf(key_str, "%d", key->serial);
107 107
108 /* we specify the process's default keyrings */ 108 /* we specify the process's default keyrings */
109 sprintf(keyring_str[0], "%d", 109 sprintf(keyring_str[0], "%d",
110 cred->thread_keyring ? cred->thread_keyring->serial : 0); 110 cred->thread_keyring ? cred->thread_keyring->serial : 0);
111 111
112 prkey = 0; 112 prkey = 0;
113 if (cred->tgcred->process_keyring) 113 if (cred->tgcred->process_keyring)
114 prkey = cred->tgcred->process_keyring->serial; 114 prkey = cred->tgcred->process_keyring->serial;
115 115
116 rcu_read_lock(); 116 rcu_read_lock();
117 session = rcu_dereference(cred->tgcred->session_keyring); 117 session = rcu_dereference(cred->tgcred->session_keyring);
118 if (!session) 118 if (!session)
119 session = cred->user->session_keyring; 119 session = cred->user->session_keyring;
120 sskey = session->serial; 120 sskey = session->serial;
121 rcu_read_unlock(); 121 rcu_read_unlock();
122 122
123 sprintf(keyring_str[2], "%d", sskey); 123 sprintf(keyring_str[2], "%d", sskey);
124 124
125 /* set up a minimal environment */ 125 /* set up a minimal environment */
126 i = 0; 126 i = 0;
127 envp[i++] = "HOME=/"; 127 envp[i++] = "HOME=/";
128 envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; 128 envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
129 envp[i] = NULL; 129 envp[i] = NULL;
130 130
131 /* set up the argument list */ 131 /* set up the argument list */
132 i = 0; 132 i = 0;
133 argv[i++] = "/sbin/request-key"; 133 argv[i++] = "/sbin/request-key";
134 argv[i++] = (char *) op; 134 argv[i++] = (char *) op;
135 argv[i++] = key_str; 135 argv[i++] = key_str;
136 argv[i++] = uid_str; 136 argv[i++] = uid_str;
137 argv[i++] = gid_str; 137 argv[i++] = gid_str;
138 argv[i++] = keyring_str[0]; 138 argv[i++] = keyring_str[0];
139 argv[i++] = keyring_str[1]; 139 argv[i++] = keyring_str[1];
140 argv[i++] = keyring_str[2]; 140 argv[i++] = keyring_str[2];
141 argv[i] = NULL; 141 argv[i] = NULL;
142 142
143 /* do it */ 143 /* do it */
144 ret = call_usermodehelper_keys(argv[0], argv, envp, keyring, 144 ret = call_usermodehelper_keys(argv[0], argv, envp, keyring,
145 UMH_WAIT_PROC); 145 UMH_WAIT_PROC);
146 kdebug("usermode -> 0x%x", ret); 146 kdebug("usermode -> 0x%x", ret);
147 if (ret >= 0) { 147 if (ret >= 0) {
148 /* ret is the exit/wait code */ 148 /* ret is the exit/wait code */
149 if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) || 149 if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) ||
150 key_validate(key) < 0) 150 key_validate(key) < 0)
151 ret = -ENOKEY; 151 ret = -ENOKEY;
152 else 152 else
153 /* ignore any errors from userspace if the key was 153 /* ignore any errors from userspace if the key was
154 * instantiated */ 154 * instantiated */
155 ret = 0; 155 ret = 0;
156 } 156 }
157 157
158 error_link: 158 error_link:
159 key_put(keyring); 159 key_put(keyring);
160 160
161 error_alloc: 161 error_alloc:
162 complete_request_key(cons, ret); 162 complete_request_key(cons, ret);
163 kleave(" = %d", ret); 163 kleave(" = %d", ret);
164 return ret; 164 return ret;
165 } 165 }
166 166
167 /* 167 /*
168 * call out to userspace for key construction 168 * call out to userspace for key construction
169 * - we ignore program failure and go on key status instead 169 * - we ignore program failure and go on key status instead
170 */ 170 */
171 static int construct_key(struct key *key, const void *callout_info, 171 static int construct_key(struct key *key, const void *callout_info,
172 size_t callout_len, void *aux, 172 size_t callout_len, void *aux,
173 struct key *dest_keyring) 173 struct key *dest_keyring)
174 { 174 {
175 struct key_construction *cons; 175 struct key_construction *cons;
176 request_key_actor_t actor; 176 request_key_actor_t actor;
177 struct key *authkey; 177 struct key *authkey;
178 int ret; 178 int ret;
179 179
180 kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux); 180 kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux);
181 181
182 cons = kmalloc(sizeof(*cons), GFP_KERNEL); 182 cons = kmalloc(sizeof(*cons), GFP_KERNEL);
183 if (!cons) 183 if (!cons)
184 return -ENOMEM; 184 return -ENOMEM;
185 185
186 /* allocate an authorisation key */ 186 /* allocate an authorisation key */
187 authkey = request_key_auth_new(key, callout_info, callout_len, 187 authkey = request_key_auth_new(key, callout_info, callout_len,
188 dest_keyring); 188 dest_keyring);
189 if (IS_ERR(authkey)) { 189 if (IS_ERR(authkey)) {
190 kfree(cons); 190 kfree(cons);
191 ret = PTR_ERR(authkey); 191 ret = PTR_ERR(authkey);
192 authkey = NULL; 192 authkey = NULL;
193 } else { 193 } else {
194 cons->authkey = key_get(authkey); 194 cons->authkey = key_get(authkey);
195 cons->key = key_get(key); 195 cons->key = key_get(key);
196 196
197 /* make the call */ 197 /* make the call */
198 actor = call_sbin_request_key; 198 actor = call_sbin_request_key;
199 if (key->type->request_key) 199 if (key->type->request_key)
200 actor = key->type->request_key; 200 actor = key->type->request_key;
201 201
202 ret = actor(cons, "create", aux); 202 ret = actor(cons, "create", aux);
203 203
204 /* check that the actor called complete_request_key() prior to 204 /* check that the actor called complete_request_key() prior to
205 * returning an error */ 205 * returning an error */
206 WARN_ON(ret < 0 && 206 WARN_ON(ret < 0 &&
207 !test_bit(KEY_FLAG_REVOKED, &authkey->flags)); 207 !test_bit(KEY_FLAG_REVOKED, &authkey->flags));
208 key_put(authkey); 208 key_put(authkey);
209 } 209 }
210 210
211 kleave(" = %d", ret); 211 kleave(" = %d", ret);
212 return ret; 212 return ret;
213 } 213 }
214 214
215 /* 215 /*
216 * get the appropriate destination keyring for the request 216 * get the appropriate destination keyring for the request
217 * - we return whatever keyring we select with an extra reference upon it which 217 * - we return whatever keyring we select with an extra reference upon it which
218 * the caller must release 218 * the caller must release
219 */ 219 */
220 static void construct_get_dest_keyring(struct key **_dest_keyring) 220 static void construct_get_dest_keyring(struct key **_dest_keyring)
221 { 221 {
222 struct request_key_auth *rka; 222 struct request_key_auth *rka;
223 const struct cred *cred = current_cred(); 223 const struct cred *cred = current_cred();
224 struct key *dest_keyring = *_dest_keyring, *authkey; 224 struct key *dest_keyring = *_dest_keyring, *authkey;
225 225
226 kenter("%p", dest_keyring); 226 kenter("%p", dest_keyring);
227 227
228 /* find the appropriate keyring */ 228 /* find the appropriate keyring */
229 if (dest_keyring) { 229 if (dest_keyring) {
230 /* the caller supplied one */ 230 /* the caller supplied one */
231 key_get(dest_keyring); 231 key_get(dest_keyring);
232 } else { 232 } else {
233 /* use a default keyring; falling through the cases until we 233 /* use a default keyring; falling through the cases until we
234 * find one that we actually have */ 234 * find one that we actually have */
235 switch (cred->jit_keyring) { 235 switch (cred->jit_keyring) {
236 case KEY_REQKEY_DEFL_DEFAULT: 236 case KEY_REQKEY_DEFL_DEFAULT:
237 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: 237 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
238 if (cred->request_key_auth) { 238 if (cred->request_key_auth) {
239 authkey = cred->request_key_auth; 239 authkey = cred->request_key_auth;
240 down_read(&authkey->sem); 240 down_read(&authkey->sem);
241 rka = authkey->payload.data; 241 rka = authkey->payload.data;
242 if (!test_bit(KEY_FLAG_REVOKED, 242 if (!test_bit(KEY_FLAG_REVOKED,
243 &authkey->flags)) 243 &authkey->flags))
244 dest_keyring = 244 dest_keyring =
245 key_get(rka->dest_keyring); 245 key_get(rka->dest_keyring);
246 up_read(&authkey->sem); 246 up_read(&authkey->sem);
247 if (dest_keyring) 247 if (dest_keyring)
248 break; 248 break;
249 } 249 }
250 250
251 case KEY_REQKEY_DEFL_THREAD_KEYRING: 251 case KEY_REQKEY_DEFL_THREAD_KEYRING:
252 dest_keyring = key_get(cred->thread_keyring); 252 dest_keyring = key_get(cred->thread_keyring);
253 if (dest_keyring) 253 if (dest_keyring)
254 break; 254 break;
255 255
256 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 256 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
257 dest_keyring = key_get(cred->tgcred->process_keyring); 257 dest_keyring = key_get(cred->tgcred->process_keyring);
258 if (dest_keyring) 258 if (dest_keyring)
259 break; 259 break;
260 260
261 case KEY_REQKEY_DEFL_SESSION_KEYRING: 261 case KEY_REQKEY_DEFL_SESSION_KEYRING:
262 rcu_read_lock(); 262 rcu_read_lock();
263 dest_keyring = key_get( 263 dest_keyring = key_get(
264 rcu_dereference(cred->tgcred->session_keyring)); 264 rcu_dereference(cred->tgcred->session_keyring));
265 rcu_read_unlock(); 265 rcu_read_unlock();
266 266
267 if (dest_keyring) 267 if (dest_keyring)
268 break; 268 break;
269 269
270 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 270 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
271 dest_keyring = 271 dest_keyring =
272 key_get(cred->user->session_keyring); 272 key_get(cred->user->session_keyring);
273 break; 273 break;
274 274
275 case KEY_REQKEY_DEFL_USER_KEYRING: 275 case KEY_REQKEY_DEFL_USER_KEYRING:
276 dest_keyring = key_get(cred->user->uid_keyring); 276 dest_keyring = key_get(cred->user->uid_keyring);
277 break; 277 break;
278 278
279 case KEY_REQKEY_DEFL_GROUP_KEYRING: 279 case KEY_REQKEY_DEFL_GROUP_KEYRING:
280 default: 280 default:
281 BUG(); 281 BUG();
282 } 282 }
283 } 283 }
284 284
285 *_dest_keyring = dest_keyring; 285 *_dest_keyring = dest_keyring;
286 kleave(" [dk %d]", key_serial(dest_keyring)); 286 kleave(" [dk %d]", key_serial(dest_keyring));
287 return; 287 return;
288 } 288 }
289 289
290 /* 290 /*
291 * allocate a new key in under-construction state and attempt to link it in to 291 * allocate a new key in under-construction state and attempt to link it in to
292 * the requested place 292 * the requested place
293 * - may return a key that's already under construction instead 293 * - may return a key that's already under construction instead
294 */ 294 */
295 static int construct_alloc_key(struct key_type *type, 295 static int construct_alloc_key(struct key_type *type,
296 const char *description, 296 const char *description,
297 struct key *dest_keyring, 297 struct key *dest_keyring,
298 unsigned long flags, 298 unsigned long flags,
299 struct key_user *user, 299 struct key_user *user,
300 struct key **_key) 300 struct key **_key)
301 { 301 {
302 const struct cred *cred = current_cred(); 302 const struct cred *cred = current_cred();
303 struct key *key; 303 struct key *key;
304 key_ref_t key_ref; 304 key_ref_t key_ref;
305 305
306 kenter("%s,%s,,,", type->name, description); 306 kenter("%s,%s,,,", type->name, description);
307 307
308 mutex_lock(&user->cons_lock); 308 mutex_lock(&user->cons_lock);
309 309
310 key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred, 310 key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred,
311 KEY_POS_ALL, flags); 311 KEY_POS_ALL, flags);
312 if (IS_ERR(key)) 312 if (IS_ERR(key))
313 goto alloc_failed; 313 goto alloc_failed;
314 314
315 set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); 315 set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
316 316
317 if (dest_keyring) 317 if (dest_keyring)
318 down_write(&dest_keyring->sem); 318 down_write(&dest_keyring->sem);
319 319
320 /* attach the key to the destination keyring under lock, but we do need 320 /* attach the key to the destination keyring under lock, but we do need
321 * to do another check just in case someone beat us to it whilst we 321 * to do another check just in case someone beat us to it whilst we
322 * waited for locks */ 322 * waited for locks */
323 mutex_lock(&key_construction_mutex); 323 mutex_lock(&key_construction_mutex);
324 324
325 key_ref = search_process_keyrings(type, description, type->match, cred); 325 key_ref = search_process_keyrings(type, description, type->match, cred);
326 if (!IS_ERR(key_ref)) 326 if (!IS_ERR(key_ref))
327 goto key_already_present; 327 goto key_already_present;
328 328
329 if (dest_keyring) 329 if (dest_keyring)
330 __key_link(dest_keyring, key); 330 __key_link(dest_keyring, key);
331 331
332 mutex_unlock(&key_construction_mutex); 332 mutex_unlock(&key_construction_mutex);
333 if (dest_keyring) 333 if (dest_keyring)
334 up_write(&dest_keyring->sem); 334 up_write(&dest_keyring->sem);
335 mutex_unlock(&user->cons_lock); 335 mutex_unlock(&user->cons_lock);
336 *_key = key; 336 *_key = key;
337 kleave(" = 0 [%d]", key_serial(key)); 337 kleave(" = 0 [%d]", key_serial(key));
338 return 0; 338 return 0;
339 339
340 key_already_present: 340 key_already_present:
341 mutex_unlock(&key_construction_mutex); 341 mutex_unlock(&key_construction_mutex);
342 if (dest_keyring) { 342 if (dest_keyring) {
343 __key_link(dest_keyring, key_ref_to_ptr(key_ref)); 343 __key_link(dest_keyring, key_ref_to_ptr(key_ref));
344 up_write(&dest_keyring->sem); 344 up_write(&dest_keyring->sem);
345 } 345 }
346 mutex_unlock(&user->cons_lock); 346 mutex_unlock(&user->cons_lock);
347 key_put(key); 347 key_put(key);
348 *_key = key = key_ref_to_ptr(key_ref); 348 *_key = key = key_ref_to_ptr(key_ref);
349 kleave(" = -EINPROGRESS [%d]", key_serial(key)); 349 kleave(" = -EINPROGRESS [%d]", key_serial(key));
350 return -EINPROGRESS; 350 return -EINPROGRESS;
351 351
352 alloc_failed: 352 alloc_failed:
353 mutex_unlock(&user->cons_lock); 353 mutex_unlock(&user->cons_lock);
354 *_key = NULL; 354 *_key = NULL;
355 kleave(" = %ld", PTR_ERR(key)); 355 kleave(" = %ld", PTR_ERR(key));
356 return PTR_ERR(key); 356 return PTR_ERR(key);
357 } 357 }
358 358
359 /* 359 /*
360 * commence key construction 360 * commence key construction
361 */ 361 */
362 static struct key *construct_key_and_link(struct key_type *type, 362 static struct key *construct_key_and_link(struct key_type *type,
363 const char *description, 363 const char *description,
364 const char *callout_info, 364 const char *callout_info,
365 size_t callout_len, 365 size_t callout_len,
366 void *aux, 366 void *aux,
367 struct key *dest_keyring, 367 struct key *dest_keyring,
368 unsigned long flags) 368 unsigned long flags)
369 { 369 {
370 struct key_user *user; 370 struct key_user *user;
371 struct key *key; 371 struct key *key;
372 int ret; 372 int ret;
373 373
374 kenter(""); 374 kenter("");
375 375
376 user = key_user_lookup(current_fsuid(), current_user_ns()); 376 user = key_user_lookup(current_fsuid(), current_user_ns());
377 if (!user) 377 if (!user)
378 return ERR_PTR(-ENOMEM); 378 return ERR_PTR(-ENOMEM);
379 379
380 construct_get_dest_keyring(&dest_keyring); 380 construct_get_dest_keyring(&dest_keyring);
381 381
382 ret = construct_alloc_key(type, description, dest_keyring, flags, user, 382 ret = construct_alloc_key(type, description, dest_keyring, flags, user,
383 &key); 383 &key);
384 key_user_put(user); 384 key_user_put(user);
385 385
386 if (ret == 0) { 386 if (ret == 0) {
387 ret = construct_key(key, callout_info, callout_len, aux, 387 ret = construct_key(key, callout_info, callout_len, aux,
388 dest_keyring); 388 dest_keyring);
389 if (ret < 0) { 389 if (ret < 0) {
390 kdebug("cons failed"); 390 kdebug("cons failed");
391 goto construction_failed; 391 goto construction_failed;
392 } 392 }
393 } 393 }
394 394
395 key_put(dest_keyring); 395 key_put(dest_keyring);
396 kleave(" = key %d", key_serial(key)); 396 kleave(" = key %d", key_serial(key));
397 return key; 397 return key;
398 398
399 construction_failed: 399 construction_failed:
400 key_negate_and_link(key, key_negative_timeout, NULL, NULL); 400 key_negate_and_link(key, key_negative_timeout, NULL, NULL);
401 key_put(key); 401 key_put(key);
402 key_put(dest_keyring); 402 key_put(dest_keyring);
403 kleave(" = %d", ret); 403 kleave(" = %d", ret);
404 return ERR_PTR(ret); 404 return ERR_PTR(ret);
405 } 405 }
406 406
407 /* 407 /*
408 * request a key 408 * request a key
409 * - search the process's keyrings 409 * - search the process's keyrings
410 * - check the list of keys being created or updated 410 * - check the list of keys being created or updated
411 * - call out to userspace for a key if supplementary info was provided 411 * - call out to userspace for a key if supplementary info was provided
412 * - cache the key in an appropriate keyring 412 * - cache the key in an appropriate keyring
413 */ 413 */
414 struct key *request_key_and_link(struct key_type *type, 414 struct key *request_key_and_link(struct key_type *type,
415 const char *description, 415 const char *description,
416 const void *callout_info, 416 const void *callout_info,
417 size_t callout_len, 417 size_t callout_len,
418 void *aux, 418 void *aux,
419 struct key *dest_keyring, 419 struct key *dest_keyring,
420 unsigned long flags) 420 unsigned long flags)
421 { 421 {
422 const struct cred *cred = current_cred(); 422 const struct cred *cred = current_cred();
423 struct key *key; 423 struct key *key;
424 key_ref_t key_ref; 424 key_ref_t key_ref;
425 425
426 kenter("%s,%s,%p,%zu,%p,%p,%lx", 426 kenter("%s,%s,%p,%zu,%p,%p,%lx",
427 type->name, description, callout_info, callout_len, aux, 427 type->name, description, callout_info, callout_len, aux,
428 dest_keyring, flags); 428 dest_keyring, flags);
429 429
430 /* search all the process keyrings for a key */ 430 /* search all the process keyrings for a key */
431 key_ref = search_process_keyrings(type, description, type->match, 431 key_ref = search_process_keyrings(type, description, type->match,
432 cred); 432 cred);
433 433
434 if (!IS_ERR(key_ref)) { 434 if (!IS_ERR(key_ref)) {
435 key = key_ref_to_ptr(key_ref); 435 key = key_ref_to_ptr(key_ref);
436 if (dest_keyring) { 436 if (dest_keyring) {
437 construct_get_dest_keyring(&dest_keyring); 437 construct_get_dest_keyring(&dest_keyring);
438 key_link(dest_keyring, key); 438 key_link(dest_keyring, key);
439 key_put(dest_keyring); 439 key_put(dest_keyring);
440 } 440 }
441 } else if (PTR_ERR(key_ref) != -EAGAIN) { 441 } else if (PTR_ERR(key_ref) != -EAGAIN) {
442 key = ERR_CAST(key_ref); 442 key = ERR_CAST(key_ref);
443 } else { 443 } else {
444 /* the search failed, but the keyrings were searchable, so we 444 /* the search failed, but the keyrings were searchable, so we
445 * should consult userspace if we can */ 445 * should consult userspace if we can */
446 key = ERR_PTR(-ENOKEY); 446 key = ERR_PTR(-ENOKEY);
447 if (!callout_info) 447 if (!callout_info)
448 goto error; 448 goto error;
449 449
450 key = construct_key_and_link(type, description, callout_info, 450 key = construct_key_and_link(type, description, callout_info,
451 callout_len, aux, dest_keyring, 451 callout_len, aux, dest_keyring,
452 flags); 452 flags);
453 } 453 }
454 454
455 error: 455 error:
456 kleave(" = %p", key); 456 kleave(" = %p", key);
457 return key; 457 return key;
458 } 458 }
459 459
460 /* 460 /*
461 * wait for construction of a key to complete 461 * wait for construction of a key to complete
462 */ 462 */
463 int wait_for_key_construction(struct key *key, bool intr) 463 int wait_for_key_construction(struct key *key, bool intr)
464 { 464 {
465 int ret; 465 int ret;
466 466
467 ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT, 467 ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT,
468 intr ? key_wait_bit_intr : key_wait_bit, 468 intr ? key_wait_bit_intr : key_wait_bit,
469 intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE); 469 intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
470 if (ret < 0) 470 if (ret < 0)
471 return ret; 471 return ret;
472 return key_validate(key); 472 return key_validate(key);
473 } 473 }
474 EXPORT_SYMBOL(wait_for_key_construction); 474 EXPORT_SYMBOL(wait_for_key_construction);
475 475
476 /* 476 /*
477 * request a key 477 * request a key
478 * - search the process's keyrings 478 * - search the process's keyrings
479 * - check the list of keys being created or updated 479 * - check the list of keys being created or updated
480 * - call out to userspace for a key if supplementary info was provided 480 * - call out to userspace for a key if supplementary info was provided
481 * - waits uninterruptible for creation to complete 481 * - waits uninterruptible for creation to complete
482 */ 482 */
483 struct key *request_key(struct key_type *type, 483 struct key *request_key(struct key_type *type,
484 const char *description, 484 const char *description,
485 const char *callout_info) 485 const char *callout_info)
486 { 486 {
487 struct key *key; 487 struct key *key;
488 size_t callout_len = 0; 488 size_t callout_len = 0;
489 int ret; 489 int ret;
490 490
491 if (callout_info) 491 if (callout_info)
492 callout_len = strlen(callout_info); 492 callout_len = strlen(callout_info);
493 key = request_key_and_link(type, description, callout_info, callout_len, 493 key = request_key_and_link(type, description, callout_info, callout_len,
494 NULL, NULL, KEY_ALLOC_IN_QUOTA); 494 NULL, NULL, KEY_ALLOC_IN_QUOTA);
495 if (!IS_ERR(key)) { 495 if (!IS_ERR(key)) {
496 ret = wait_for_key_construction(key, false); 496 ret = wait_for_key_construction(key, false);
497 if (ret < 0) { 497 if (ret < 0) {
498 key_put(key); 498 key_put(key);
499 return ERR_PTR(ret); 499 return ERR_PTR(ret);
500 } 500 }
501 } 501 }
502 return key; 502 return key;
503 } 503 }
504 EXPORT_SYMBOL(request_key); 504 EXPORT_SYMBOL(request_key);
505 505
506 /* 506 /*
507 * request a key with auxiliary data for the upcaller 507 * request a key with auxiliary data for the upcaller
508 * - search the process's keyrings 508 * - search the process's keyrings
509 * - check the list of keys being created or updated 509 * - check the list of keys being created or updated
510 * - call out to userspace for a key if supplementary info was provided 510 * - call out to userspace for a key if supplementary info was provided
511 * - waits uninterruptible for creation to complete 511 * - waits uninterruptible for creation to complete
512 */ 512 */
513 struct key *request_key_with_auxdata(struct key_type *type, 513 struct key *request_key_with_auxdata(struct key_type *type,
514 const char *description, 514 const char *description,
515 const void *callout_info, 515 const void *callout_info,
516 size_t callout_len, 516 size_t callout_len,
517 void *aux) 517 void *aux)
518 { 518 {
519 struct key *key; 519 struct key *key;
520 int ret; 520 int ret;
521 521
522 key = request_key_and_link(type, description, callout_info, callout_len, 522 key = request_key_and_link(type, description, callout_info, callout_len,
523 aux, NULL, KEY_ALLOC_IN_QUOTA); 523 aux, NULL, KEY_ALLOC_IN_QUOTA);
524 if (!IS_ERR(key)) { 524 if (!IS_ERR(key)) {
525 ret = wait_for_key_construction(key, false); 525 ret = wait_for_key_construction(key, false);
526 if (ret < 0) { 526 if (ret < 0) {
527 key_put(key); 527 key_put(key);
528 return ERR_PTR(ret); 528 return ERR_PTR(ret);
529 } 529 }
530 } 530 }
531 return key; 531 return key;
532 } 532 }
533 EXPORT_SYMBOL(request_key_with_auxdata); 533 EXPORT_SYMBOL(request_key_with_auxdata);
534 534
535 /* 535 /*
536 * request a key (allow async construction) 536 * request a key (allow async construction)
537 * - search the process's keyrings 537 * - search the process's keyrings
538 * - check the list of keys being created or updated 538 * - check the list of keys being created or updated
539 * - call out to userspace for a key if supplementary info was provided 539 * - call out to userspace for a key if supplementary info was provided
540 */ 540 */
541 struct key *request_key_async(struct key_type *type, 541 struct key *request_key_async(struct key_type *type,
542 const char *description, 542 const char *description,
543 const void *callout_info, 543 const void *callout_info,
544 size_t callout_len) 544 size_t callout_len)
545 { 545 {
546 return request_key_and_link(type, description, callout_info, 546 return request_key_and_link(type, description, callout_info,
547 callout_len, NULL, NULL, 547 callout_len, NULL, NULL,
548 KEY_ALLOC_IN_QUOTA); 548 KEY_ALLOC_IN_QUOTA);
549 } 549 }
550 EXPORT_SYMBOL(request_key_async); 550 EXPORT_SYMBOL(request_key_async);
551 551
552 /* 552 /*
553 * request a key with auxiliary data for the upcaller (allow async construction) 553 * request a key with auxiliary data for the upcaller (allow async construction)
554 * - search the process's keyrings 554 * - search the process's keyrings
555 * - check the list of keys being created or updated 555 * - check the list of keys being created or updated
556 * - call out to userspace for a key if supplementary info was provided 556 * - call out to userspace for a key if supplementary info was provided
557 */ 557 */
558 struct key *request_key_async_with_auxdata(struct key_type *type, 558 struct key *request_key_async_with_auxdata(struct key_type *type,
559 const char *description, 559 const char *description,
560 const void *callout_info, 560 const void *callout_info,
561 size_t callout_len, 561 size_t callout_len,
562 void *aux) 562 void *aux)
563 { 563 {
564 return request_key_and_link(type, description, callout_info, 564 return request_key_and_link(type, description, callout_info,
565 callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA); 565 callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA);
566 } 566 }
567 EXPORT_SYMBOL(request_key_async_with_auxdata); 567 EXPORT_SYMBOL(request_key_async_with_auxdata);
568 568