summaryrefslogtreecommitdiff
path: root/security/keys/key.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-05-03 08:50:52 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2017-05-03 08:50:52 -0700
commit0302e28dee643932ee7b3c112ebccdbb9f8ec32c (patch)
tree405d4cb3f772ef069ed7f291adc4b74a4e73346e /security/keys/key.c
parent89c9fea3c8034cdb2fd745f551cde0b507fd6893 (diff)
parent8979b02aaf1d6de8d52cc143aa4da961ed32e5a2 (diff)
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris: "Highlights: IMA: - provide ">" and "<" operators for fowner/uid/euid rules KEYS: - add a system blacklist keyring - add KEYCTL_RESTRICT_KEYRING, exposes keyring link restriction functionality to userland via keyctl() LSM: - harden LSM API with __ro_after_init - add prlmit security hook, implement for SELinux - revive security_task_alloc hook TPM: - implement contextual TPM command 'spaces'" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (98 commits) tpm: Fix reference count to main device tpm_tis: convert to using locality callbacks tpm: fix handling of the TPM 2.0 event logs tpm_crb: remove a cruft constant keys: select CONFIG_CRYPTO when selecting DH / KDF apparmor: Make path_max parameter readonly apparmor: fix parameters so that the permission test is bypassed at boot apparmor: fix invalid reference to index variable of iterator line 836 apparmor: use SHASH_DESC_ON_STACK security/apparmor/lsm.c: set debug messages apparmor: fix boolreturn.cocci warnings Smack: Use GFP_KERNEL for smk_netlbl_mls(). smack: fix double free in smack_parse_opts_str() KEYS: add SP800-56A KDF support for DH KEYS: Keyring asymmetric key restrict method with chaining KEYS: Restrict asymmetric key linkage using a specific keychain KEYS: Add a lookup_restriction function for the asymmetric key type KEYS: Add KEYCTL_RESTRICT_KEYRING KEYS: Consistent ordering for __key_link_begin and restrict check KEYS: Add an optional lookup_restriction hook to key_type ...
Diffstat (limited to 'security/keys/key.c')
-rw-r--r--security/keys/key.c58
1 files changed, 31 insertions, 27 deletions
diff --git a/security/keys/key.c b/security/keys/key.c
index 346fbf201c22..455c04d80bbb 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -93,7 +93,7 @@ try_again:
/* if we get here, then the user record still hadn't appeared on the
* second pass - so we use the candidate record */
- atomic_set(&candidate->usage, 1);
+ refcount_set(&candidate->usage, 1);
atomic_set(&candidate->nkeys, 0);
atomic_set(&candidate->nikeys, 0);
candidate->uid = uid;
@@ -110,7 +110,7 @@ try_again:
/* okay - we found a user record for this UID */
found:
- atomic_inc(&user->usage);
+ refcount_inc(&user->usage);
spin_unlock(&key_user_lock);
kfree(candidate);
out:
@@ -122,7 +122,7 @@ out:
*/
void key_user_put(struct key_user *user)
{
- if (atomic_dec_and_lock(&user->usage, &key_user_lock)) {
+ if (refcount_dec_and_lock(&user->usage, &key_user_lock)) {
rb_erase(&user->node, &key_user_tree);
spin_unlock(&key_user_lock);
@@ -201,12 +201,15 @@ serial_exists:
* @cred: The credentials specifying UID namespace.
* @perm: The permissions mask of the new key.
* @flags: Flags specifying quota properties.
- * @restrict_link: Optional link restriction method for new keyrings.
+ * @restrict_link: Optional link restriction for new keyrings.
*
* Allocate a key of the specified type with the attributes given. The key is
* returned in an uninstantiated state and the caller needs to instantiate the
* key before returning.
*
+ * The restrict_link structure (if not NULL) will be freed when the
+ * keyring is destroyed, so it must be dynamically allocated.
+ *
* The user's key count quota is updated to reflect the creation of the key and
* the user's key data quota has the default for the key type reserved. The
* instantiation function should amend this as necessary. If insufficient
@@ -225,9 +228,7 @@ serial_exists:
struct key *key_alloc(struct key_type *type, const char *desc,
kuid_t uid, kgid_t gid, const struct cred *cred,
key_perm_t perm, unsigned long flags,
- int (*restrict_link)(struct key *,
- const struct key_type *,
- const union key_payload *))
+ struct key_restriction *restrict_link)
{
struct key_user *user = NULL;
struct key *key;
@@ -285,7 +286,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
if (!key->index_key.description)
goto no_memory_3;
- atomic_set(&key->usage, 1);
+ refcount_set(&key->usage, 1);
init_rwsem(&key->sem);
lockdep_set_class(&key->sem, &type->lock_class);
key->index_key.type = type;
@@ -499,19 +500,23 @@ int key_instantiate_and_link(struct key *key,
}
if (keyring) {
- if (keyring->restrict_link) {
- ret = keyring->restrict_link(keyring, key->type,
- &prep.payload);
- if (ret < 0)
- goto error;
- }
ret = __key_link_begin(keyring, &key->index_key, &edit);
if (ret < 0)
goto error;
+
+ if (keyring->restrict_link && keyring->restrict_link->check) {
+ struct key_restriction *keyres = keyring->restrict_link;
+
+ ret = keyres->check(keyring, key->type, &prep.payload,
+ keyres->key);
+ if (ret < 0)
+ goto error_link_end;
+ }
}
ret = __key_instantiate_and_link(key, &prep, keyring, authkey, &edit);
+error_link_end:
if (keyring)
__key_link_end(keyring, &key->index_key, edit);
@@ -621,7 +626,7 @@ void key_put(struct key *key)
if (key) {
key_check(key);
- if (atomic_dec_and_test(&key->usage))
+ if (refcount_dec_and_test(&key->usage))
schedule_work(&key_gc_work);
}
}
@@ -656,7 +661,7 @@ not_found:
found:
/* pretend it doesn't exist if it is awaiting deletion */
- if (atomic_read(&key->usage) == 0)
+ if (refcount_read(&key->usage) == 0)
goto not_found;
/* this races with key_put(), but that doesn't matter since key_put()
@@ -806,9 +811,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
struct key *keyring, *key = NULL;
key_ref_t key_ref;
int ret;
- int (*restrict_link)(struct key *,
- const struct key_type *,
- const union key_payload *) = NULL;
+ struct key_restriction *restrict_link = NULL;
/* look up the key type to see if it's one of the registered kernel
* types */
@@ -854,20 +857,21 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
}
index_key.desc_len = strlen(index_key.description);
- if (restrict_link) {
- ret = restrict_link(keyring, index_key.type, &prep.payload);
- if (ret < 0) {
- key_ref = ERR_PTR(ret);
- goto error_free_prep;
- }
- }
-
ret = __key_link_begin(keyring, &index_key, &edit);
if (ret < 0) {
key_ref = ERR_PTR(ret);
goto error_free_prep;
}
+ if (restrict_link && restrict_link->check) {
+ ret = restrict_link->check(keyring, index_key.type,
+ &prep.payload, restrict_link->key);
+ if (ret < 0) {
+ key_ref = ERR_PTR(ret);
+ goto error_link_end;
+ }
+ }
+
/* if we're going to allocate a new key, we're going to have
* to modify the keyring */
ret = key_permission(keyring_ref, KEY_NEED_WRITE);