aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorJeff Garzik <jgarzik@pretzel.yyz.us>2005-06-26 18:06:06 -0400
committerJeff Garzik <jgarzik@pobox.com>2005-06-26 18:06:06 -0400
commitaef7b83c92dd0b7e994805440655d1d64147287b (patch)
tree981f373358c1988e061625e8f272013065cb086f /security
parentb1fc5505e0dbcc3fd7c75bfe6bee39ec50080963 (diff)
parent8678887e7fb43cd6c9be6c9807b05e77848e0920 (diff)
Merge /spare/repo/linux-2.6/
Diffstat (limited to 'security')
-rw-r--r--security/commoncap.c2
-rw-r--r--security/dummy.c2
-rw-r--r--security/keys/Makefile5
-rw-r--r--security/keys/compat.c7
-rw-r--r--security/keys/internal.h45
-rw-r--r--security/keys/key.c118
-rw-r--r--security/keys/keyctl.c199
-rw-r--r--security/keys/keyring.c312
-rw-r--r--security/keys/proc.c21
-rw-r--r--security/keys/process_keys.c213
-rw-r--r--security/keys/request_key.c221
-rw-r--r--security/keys/request_key_auth.c180
-rw-r--r--security/keys/user_defined.c87
-rw-r--r--security/seclvl.c4
-rw-r--r--security/selinux/avc.c40
-rw-r--r--security/selinux/hooks.c27
-rw-r--r--security/selinux/include/av_perm_to_string.h2
-rw-r--r--security/selinux/include/av_permissions.h2
-rw-r--r--security/selinux/nlmsgtab.c12
-rw-r--r--security/selinux/selinuxfs.c9
-rw-r--r--security/selinux/ss/conditional.c9
-rw-r--r--security/selinux/ss/policydb.c15
-rw-r--r--security/selinux/ss/services.c18
23 files changed, 1073 insertions, 477 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index 849b8c338ee..04c12f58d65 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -149,7 +149,7 @@ void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
if (bprm->e_uid != current->uid || bprm->e_gid != current->gid ||
!cap_issubset (new_permitted, current->cap_permitted)) {
- current->mm->dumpable = 0;
+ current->mm->dumpable = suid_dumpable;
if (unsafe & ~LSM_UNSAFE_PTRACE_CAP) {
if (!capable(CAP_SETUID)) {
diff --git a/security/dummy.c b/security/dummy.c
index b32eff14654..6ff88758647 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -130,7 +130,7 @@ static void dummy_bprm_free_security (struct linux_binprm *bprm)
static void dummy_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
{
if (bprm->e_uid != current->uid || bprm->e_gid != current->gid) {
- current->mm->dumpable = 0;
+ current->mm->dumpable = suid_dumpable;
if ((unsafe & ~LSM_UNSAFE_PTRACE_CAP) && !capable(CAP_SETUID)) {
bprm->e_uid = current->uid;
diff --git a/security/keys/Makefile b/security/keys/Makefile
index ddb495d6506..c392d750b20 100644
--- a/security/keys/Makefile
+++ b/security/keys/Makefile
@@ -7,8 +7,9 @@ obj-y := \
keyring.o \
keyctl.o \
process_keys.o \
- user_defined.o \
- request_key.o
+ request_key.o \
+ request_key_auth.o \
+ user_defined.o
obj-$(CONFIG_KEYS_COMPAT) += compat.o
obj-$(CONFIG_PROC_FS) += proc.o
diff --git a/security/keys/compat.c b/security/keys/compat.c
index aff8b22dcb5..3303673c636 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -1,6 +1,6 @@
/* compat.c: 32-bit compatibility syscall for 64-bit systems
*
- * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
+ * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*
* This program is free software; you can redistribute it and/or
@@ -24,7 +24,7 @@
* - if you can, you should call sys_keyctl directly
*/
asmlinkage long compat_sys_keyctl(u32 option,
- u32 arg2, u32 arg3, u32 arg4, u32 arg5)
+ u32 arg2, u32 arg3, u32 arg4, u32 arg5)
{
switch (option) {
case KEYCTL_GET_KEYRING_ID:
@@ -71,6 +71,9 @@ asmlinkage long compat_sys_keyctl(u32 option,
case KEYCTL_NEGATE:
return keyctl_negate_key(arg2, arg3, arg4);
+ case KEYCTL_SET_REQKEY_KEYRING:
+ return keyctl_set_reqkey_keyring(arg2);
+
default:
return -EOPNOTSUPP;
}
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 67b2b93a748..46c8602661c 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -1,6 +1,6 @@
/* internal.h: authentication token and access key management internal defs
*
- * Copyright (C) 2003 Red Hat, Inc. All Rights Reserved.
+ * Copyright (C) 2003-5 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*
* This program is free software; you can redistribute it and/or
@@ -15,6 +15,16 @@
#include <linux/key.h>
#include <linux/key-ui.h>
+#if 0
+#define kenter(FMT, a...) printk("==> %s("FMT")\n",__FUNCTION__ , ## a)
+#define kleave(FMT, a...) printk("<== %s()"FMT"\n",__FUNCTION__ , ## a)
+#define kdebug(FMT, a...) printk(FMT"\n" , ## a)
+#else
+#define kenter(FMT, a...) do {} while(0)
+#define kleave(FMT, a...) do {} while(0)
+#define kdebug(FMT, a...) do {} while(0)
+#endif
+
extern struct key_type key_type_dead;
extern struct key_type key_type_user;
@@ -66,20 +76,46 @@ extern struct key *__keyring_search_one(struct key *keyring,
const char *description,
key_perm_t perm);
+extern struct key *keyring_search_instkey(struct key *keyring,
+ key_serial_t target_id);
+
typedef int (*key_match_func_t)(const struct key *, const void *);
extern struct key *keyring_search_aux(struct key *keyring,
+ struct task_struct *tsk,
struct key_type *type,
const void *description,
key_match_func_t match);
-extern struct key *search_process_keyrings_aux(struct key_type *type,
- const void *description,
- key_match_func_t match);
+extern struct key *search_process_keyrings(struct key_type *type,
+ const void *description,
+ key_match_func_t match,
+ struct task_struct *tsk);
extern struct key *find_keyring_by_name(const char *name, key_serial_t bound);
extern int install_thread_keyring(struct task_struct *tsk);
+extern int install_process_keyring(struct task_struct *tsk);
+
+extern struct key *request_key_and_link(struct key_type *type,
+ const char *description,
+ const char *callout_info,
+ struct key *dest_keyring);
+
+/*
+ * request_key authorisation
+ */
+struct request_key_auth {
+ struct key *target_key;
+ struct task_struct *context;
+ pid_t pid;
+};
+
+extern struct key_type key_type_request_key_auth;
+extern struct key *request_key_auth_new(struct key *target,
+ struct key **_rkakey);
+
+extern struct key *key_get_instantiation_authkey(key_serial_t target_id);
/*
* keyctl functions
@@ -100,6 +136,7 @@ extern long keyctl_setperm_key(key_serial_t, key_perm_t);
extern long keyctl_instantiate_key(key_serial_t, const void __user *,
size_t, key_serial_t);
extern long keyctl_negate_key(key_serial_t, unsigned, key_serial_t);
+extern long keyctl_set_reqkey_keyring(int);
/*
diff --git a/security/keys/key.c b/security/keys/key.c
index 59402c84320..fb89f984446 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -1,6 +1,6 @@
/* key.c: basic authentication token and access key management
*
- * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
+ * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*
* This program is free software; you can redistribute it and/or
@@ -294,7 +294,6 @@ struct key *key_alloc(struct key_type *type, const char *desc,
}
atomic_set(&key->usage, 1);
- rwlock_init(&key->lock);
init_rwsem(&key->sem);
key->type = type;
key->user = user;
@@ -308,7 +307,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
key->payload.data = NULL;
if (!not_in_quota)
- key->flags |= KEY_FLAG_IN_QUOTA;
+ key->flags |= 1 << KEY_FLAG_IN_QUOTA;
memset(&key->type_data, 0, sizeof(key->type_data));
@@ -359,7 +358,7 @@ int key_payload_reserve(struct key *key, size_t datalen)
key_check(key);
/* contemplate the quota adjustment */
- if (delta != 0 && key->flags & KEY_FLAG_IN_QUOTA) {
+ if (delta != 0 && test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
spin_lock(&key->user->lock);
if (delta > 0 &&
@@ -392,7 +391,8 @@ EXPORT_SYMBOL(key_payload_reserve);
static int __key_instantiate_and_link(struct key *key,
const void *data,
size_t datalen,
- struct key *keyring)
+ struct key *keyring,
+ struct key *instkey)
{
int ret, awaken;
@@ -405,27 +405,25 @@ static int __key_instantiate_and_link(struct key *key,
down_write(&key_construction_sem);
/* can't instantiate twice */
- if (!(key->flags & KEY_FLAG_INSTANTIATED)) {
+ if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
/* instantiate the key */
ret = key->type->instantiate(key, data, datalen);
if (ret == 0) {
/* mark the key as being instantiated */
- write_lock(&key->lock);
-
atomic_inc(&key->user->nikeys);
- key->flags |= KEY_FLAG_INSTANTIATED;
+ set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
- if (key->flags & KEY_FLAG_USER_CONSTRUCT) {
- key->flags &= ~KEY_FLAG_USER_CONSTRUCT;
+ if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
awaken = 1;
- }
-
- write_unlock(&key->lock);
/* and link it into the destination keyring */
if (keyring)
ret = __key_link(keyring, key);
+
+ /* disable the authorisation key */
+ if (instkey)
+ key_revoke(instkey);
}
}
@@ -446,19 +444,21 @@ static int __key_instantiate_and_link(struct key *key,
int key_instantiate_and_link(struct key *key,
const void *data,
size_t datalen,
- struct key *keyring)
+ struct key *keyring,
+ struct key *instkey)
{
int ret;
if (keyring)
down_write(&keyring->sem);
- ret = __key_instantiate_and_link(key, data, datalen, keyring);
+ ret = __key_instantiate_and_link(key, data, datalen, keyring, instkey);
if (keyring)
up_write(&keyring->sem);
return ret;
+
} /* end key_instantiate_and_link() */
EXPORT_SYMBOL(key_instantiate_and_link);
@@ -469,7 +469,8 @@ EXPORT_SYMBOL(key_instantiate_and_link);
*/
int key_negate_and_link(struct key *key,
unsigned timeout,
- struct key *keyring)
+ struct key *keyring,
+ struct key *instkey)
{
struct timespec now;
int ret, awaken;
@@ -486,26 +487,26 @@ int key_negate_and_link(struct key *key,
down_write(&key_construction_sem);
/* can't instantiate twice */
- if (!(key->flags & KEY_FLAG_INSTANTIATED)) {
+ if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
/* mark the key as being negatively instantiated */
- write_lock(&key->lock);
-
atomic_inc(&key->user->nikeys);
- key->flags |= KEY_FLAG_INSTANTIATED | KEY_FLAG_NEGATIVE;
+ set_bit(KEY_FLAG_NEGATIVE, &key->flags);
+ set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
now = current_kernel_time();
key->expiry = now.tv_sec + timeout;
- if (key->flags & KEY_FLAG_USER_CONSTRUCT) {
- key->flags &= ~KEY_FLAG_USER_CONSTRUCT;
+ if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
awaken = 1;
- }
- write_unlock(&key->lock);
ret = 0;
/* and link it into the destination keyring */
if (keyring)
ret = __key_link(keyring, key);
+
+ /* disable the authorisation key */
+ if (instkey)
+ key_revoke(instkey);
}
up_write(&key_construction_sem);
@@ -553,8 +554,10 @@ static void key_cleanup(void *data)
rb_erase(&key->serial_node, &key_serial_tree);
spin_unlock(&key_serial_lock);
+ key_check(key);
+
/* deal with the user's key tracking and quota */
- if (key->flags & KEY_FLAG_IN_QUOTA) {
+ if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
spin_lock(&key->user->lock);
key->user->qnkeys--;
key->user->qnbytes -= key->quotalen;
@@ -562,7 +565,7 @@ static void key_cleanup(void *data)
}
atomic_dec(&key->user->nkeys);
- if (key->flags & KEY_FLAG_INSTANTIATED)
+ if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
atomic_dec(&key->user->nikeys);
key_user_put(key->user);
@@ -631,9 +634,9 @@ struct key *key_lookup(key_serial_t id)
goto error;
found:
- /* pretent doesn't exist if it's dead */
+ /* pretend it doesn't exist if it's dead */
if (atomic_read(&key->usage) == 0 ||
- (key->flags & KEY_FLAG_DEAD) ||
+ test_bit(KEY_FLAG_DEAD, &key->flags) ||
key->type == &key_type_dead)
goto not_found;
@@ -708,12 +711,9 @@ static inline struct key *__key_update(struct key *key, const void *payload,
ret = key->type->update(key, payload, plen);
- if (ret == 0) {
+ if (ret == 0)
/* updating a negative key instantiates it */
- write_lock(&key->lock);
- key->flags &= ~KEY_FLAG_NEGATIVE;
- write_unlock(&key->lock);
- }
+ clear_bit(KEY_FLAG_NEGATIVE, &key->flags);
up_write(&key->sem);
@@ -793,7 +793,7 @@ struct key *key_create_or_update(struct key *keyring,
}
/* instantiate it and link it into the target keyring */
- ret = __key_instantiate_and_link(key, payload, plen, keyring);
+ ret = __key_instantiate_and_link(key, payload, plen, keyring, NULL);
if (ret < 0) {
key_put(key);
key = ERR_PTR(ret);
@@ -841,12 +841,9 @@ int key_update(struct key *key, const void *payload, size_t plen)
down_write(&key->sem);
ret = key->type->update(key, payload, plen);
- if (ret == 0) {
+ if (ret == 0)
/* updating a negative key instantiates it */
- write_lock(&key->lock);
- key->flags &= ~KEY_FLAG_NEGATIVE;
- write_unlock(&key->lock);
- }
+ clear_bit(KEY_FLAG_NEGATIVE, &key->flags);
up_write(&key->sem);
}
@@ -892,10 +889,7 @@ struct key *key_duplicate(struct key *source, const char *desc)
goto error2;
atomic_inc(&key->user->nikeys);
-
- write_lock(&key->lock);
- key->flags |= KEY_FLAG_INSTANTIATED;
- write_unlock(&key->lock);
+ set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
error_k:
up_read(&key_types_sem);
@@ -922,9 +916,7 @@ void key_revoke(struct key *key)
/* make sure no one's trying to change or use the key when we mark
* it */
down_write(&key->sem);
- write_lock(&key->lock);
- key->flags |= KEY_FLAG_REVOKED;
- write_unlock(&key->lock);
+ set_bit(KEY_FLAG_REVOKED, &key->flags);
up_write(&key->sem);
} /* end key_revoke() */
@@ -975,24 +967,33 @@ void unregister_key_type(struct key_type *ktype)
/* withdraw the key type */
list_del_init(&ktype->link);
- /* need to withdraw all keys of this type */
+ /* mark all the keys of this type dead */
spin_lock(&key_serial_lock);
for (_n = rb_first(&key_serial_tree); _n; _n = rb_next(_n)) {
key = rb_entry(_n, struct key, serial_node);
- if (key->type != ktype)
- continue;
+ if (key->type == ktype)
+ key->type = &key_type_dead;
+ }
+
+ spin_unlock(&key_serial_lock);
+
+ /* make sure everyone revalidates their keys */
+ synchronize_rcu();
- write_lock(&key->lock);
- key->type = &key_type_dead;
- write_unlock(&key->lock);
+ /* we should now be able to destroy the payloads of all the keys of
+ * this type with impunity */
+ spin_lock(&key_serial_lock);
+
+ for (_n = rb_first(&key_serial_tree); _n; _n = rb_next(_n)) {
+ key = rb_entry(_n, struct key, serial_node);
- /* there shouldn't be anyone looking at the description or
- * payload now */
- if (ktype->destroy)
- ktype->destroy(key);
- memset(&key->payload, 0xbd, sizeof(key->payload));
+ if (key->type == ktype) {
+ if (ktype->destroy)
+ ktype->destroy(key);
+ memset(&key->payload, 0xbd, sizeof(key->payload));
+ }
}
spin_unlock(&key_serial_lock);
@@ -1037,4 +1038,5 @@ void __init key_init(void)
/* link the two root keyrings together */
key_link(&root_session_keyring, &root_user_keyring);
+
} /* end key_init() */
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index dc0011b3fac..fea262860ea 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1,6 +1,6 @@
/* keyctl.c: userspace keyctl operations
*
- * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
+ * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*
* This program is free software; you can redistribute it and/or
@@ -49,6 +49,13 @@ asmlinkage long sys_add_key(const char __user *_type,
goto error;
type[31] = '\0';
+ if (!type[0])
+ goto error;
+
+ ret = -EPERM;
+ if (type[0] == '.')
+ goto error;
+
ret = -EFAULT;
dlen = strnlen_user(_description, PAGE_SIZE - 1);
if (dlen <= 0)
@@ -82,7 +89,7 @@ asmlinkage long sys_add_key(const char __user *_type,
}
/* find the target keyring (which must be writable) */
- keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
+ keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
if (IS_ERR(keyring)) {
ret = PTR_ERR(keyring);
goto error3;
@@ -181,7 +188,7 @@ asmlinkage long sys_request_key(const char __user *_type,
/* get the destination keyring if specified */
dest = NULL;
if (destringid) {
- dest = lookup_user_key(destringid, 1, 0, KEY_WRITE);
+ dest = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE);
if (IS_ERR(dest)) {
ret = PTR_ERR(dest);
goto error3;
@@ -196,23 +203,15 @@ asmlinkage long sys_request_key(const char __user *_type,
}
/* do the search */
- key = request_key(ktype, description, callout_info);
+ key = request_key_and_link(ktype, description, callout_info, dest);
if (IS_ERR(key)) {
ret = PTR_ERR(key);
goto error5;
}
- /* link the resulting key to the destination keyring */
- if (dest) {
- ret = key_link(dest, key);
- if (ret < 0)
- goto error6;
- }
-
ret = key->serial;
- error6:
- key_put(key);
+ key_put(key);
error5:
key_type_put(ktype);
error4:
@@ -237,7 +236,7 @@ long keyctl_get_keyring_ID(key_serial_t id, int create)
struct key *key;
long ret;
- key = lookup_user_key(id, create, 0, KEY_SEARCH);
+ key = lookup_user_key(NULL, id, create, 0, KEY_SEARCH);
if (IS_ERR(key)) {
ret = PTR_ERR(key);
goto error;
@@ -324,7 +323,7 @@ long keyctl_update_key(key_serial_t id,
}
/* find the target key (which must be writable) */
- key = lookup_user_key(id, 0, 0, KEY_WRITE);
+ key = lookup_user_key(NULL, id, 0, 0, KEY_WRITE);
if (IS_ERR(key)) {
ret = PTR_ERR(key);
goto error2;
@@ -352,7 +351,7 @@ long keyctl_revoke_key(key_serial_t id)
struct key *key;
long ret;
- key = lookup_user_key(id, 0, 0, KEY_WRITE);
+ key = lookup_user_key(NULL, id, 0, 0, KEY_WRITE);
if (IS_ERR(key)) {
ret = PTR_ERR(key);
goto error;
@@ -378,7 +377,7 @@ long keyctl_keyring_clear(key_serial_t ringid)
struct key *keyring;
long ret;
- keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
+ keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
if (IS_ERR(keyring)) {
ret = PTR_ERR(keyring);
goto error;
@@ -404,13 +403,13 @@ long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
struct key *keyring, *key;
long ret;
- keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
+ keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
if (IS_ERR(keyring)) {
ret = PTR_ERR(keyring);
goto error;
}
- key = lookup_user_key(id, 1, 0, KEY_LINK);
+ key = lookup_user_key(NULL, id, 1, 0, KEY_LINK);
if (IS_ERR(key)) {
ret = PTR_ERR(key);
goto error2;
@@ -438,13 +437,13 @@ long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
struct key *keyring, *key;
long ret;
- keyring = lookup_user_key(ringid, 0, 0, KEY_WRITE);
+ keyring = lookup_user_key(NULL, ringid, 0, 0, KEY_WRITE);
if (IS_ERR(keyring)) {
ret = PTR_ERR(keyring);
goto error;
}
- key = lookup_user_key(id, 0, 0, 0);
+ key = lookup_user_key(NULL, id, 0, 0, 0);
if (IS_ERR(key)) {
ret = PTR_ERR(key);
goto error2;
@@ -475,16 +474,29 @@ long keyctl_describe_key(key_serial_t keyid,
char __user *buffer,
size_t buflen)
{
- struct key *key;
+ struct key *key, *instkey;
char *tmpbuf;
long ret;
- key = lookup_user_key(keyid, 0, 1, KEY_VIEW);
+ key = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW);
if (IS_ERR(key)) {
+ /* viewing a key under construction is permitted if we have the
+ * authorisation token handy */
+ if (PTR_ERR(key) == -EACCES) {
+ instkey = key_get_instantiation_authkey(keyid);
+ if (!IS_ERR(instkey)) {
+ key_put(instkey);
+ key = lookup_user_key(NULL, keyid, 0, 1, 0);
+ if (!IS_ERR(key))
+ goto okay;
+ }
+ }
+
ret = PTR_ERR(key);
goto error;
}
+okay:
/* calculate how much description we're going to return */
ret = -ENOMEM;
tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL);
@@ -568,7 +580,7 @@ long keyctl_keyring_search(key_serial_t ringid,
goto error2;
/* get the keyring at which to begin the search */
- keyring = lookup_user_key(ringid, 0, 0, KEY_SEARCH);
+ keyring = lookup_user_key(NULL, ringid, 0, 0, KEY_SEARCH);
if (IS_ERR(keyring)) {
ret = PTR_ERR(keyring);
goto error2;
@@ -577,7 +589,7 @@ long keyctl_keyring_search(key_serial_t ringid,
/* get the destination keyring if specified */
dest = NULL;
if (destringid) {
- dest = lookup_user_key(destringid, 1, 0, KEY_WRITE);
+ dest = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE);
if (IS_ERR(dest)) {
ret = PTR_ERR(dest);
goto error3;
@@ -656,24 +668,23 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
long ret;
/* find the key first */
- key = lookup_user_key(keyid, 0, 0, 0);
+ key = lookup_user_key(NULL, keyid, 0, 0, 0);
if (!IS_ERR(key)) {
/* see if we can read it directly */
if (key_permission(key, KEY_READ))
goto can_read_key;
- /* can't; see if it's searchable from this process's
- * keyrings */
- ret = -ENOKEY;
- if (key_permission(key, KEY_SEARCH)) {
- /* okay - we do have search permission on the key
- * itself, but do we have the key? */
- skey = search_process_keyrings_aux(key->type, key,
- keyctl_read_key_same);
- if (!IS_ERR(skey))
- goto can_read_key2;
- }
-
+ /* we can't; see if it's searchable from this process's
+ * keyrings
+ * - we automatically take account of the fact that it may be
+ * dangling off an instantiation key
+ */
+ skey = search_process_keyrings(key->type, key,
+ keyctl_read_key_same, current);
+ if (!IS_ERR(skey))
+ goto can_read_key2;
+
+ ret = PTR_ERR(skey);
goto error2;
}
@@ -719,7 +730,7 @@ long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
if (uid == (uid_t) -1 && gid == (gid_t) -1)
goto error;
- key = lookup_user_key(id, 1, 1, 0);
+ key = lookup_user_key(NULL, id, 1, 1, 0);
if (IS_ERR(key)) {
ret = PTR_ERR(key);
goto error;
@@ -728,7 +739,6 @@ long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
/* make the changes with the locks held to prevent chown/chown races */
ret = -EACCES;
down_write(&key->sem);
- write_lock(&key->lock);
if (!capable(CAP_SYS_ADMIN)) {
/* only the sysadmin can chown a key to some other UID */
@@ -755,7 +765,6 @@ long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
ret = 0;
no_access:
- write_unlock(&key->lock);
up_write(&key->sem);
key_put(key);
error:
@@ -778,32 +787,25 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
if (perm & ~(KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL))
goto error;
- key = lookup_user_key(id, 1, 1, 0);
+ key = lookup_user_key(NULL, id, 1, 1, 0);
if (IS_ERR(key)) {
ret = PTR_ERR(key);
goto error;
}
- /* make the changes with the locks held to prevent chown/chmod
- * races */
+ /* make the changes with the locks held to prevent chown/chmod races */
ret = -EACCES;
down_write(&key->sem);
- write_lock(&key->lock);
- /* if we're not the sysadmin, we can only chmod a key that we
- * own */
- if (!capable(CAP_SYS_ADMIN) && key->uid != current->fsuid)
- goto no_access;
-
- /* changing the permissions mask */
- key->perm = perm;
- ret = 0;
+ /* if we're not the sysadmin, we can only change a key that we own */
+ if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) {
+ key->perm = perm;
+ ret = 0;
+ }
- no_access:
- write_unlock(&key->lock);
up_write(&key->sem);
key_put(key);
- error:
+error:
return ret;
} /* end keyctl_setperm_key() */
@@ -818,7 +820,8 @@ long keyctl_instantiate_key(key_serial_t id,
size_t plen,
key_serial_t ringid)
{
- struct key *key, *keyring;
+ struct request_key_auth *rka;
+ struct key *instkey, *keyring;
void *payload;
long ret;
@@ -840,18 +843,21 @@ long keyctl_instantiate_key(key_serial_t id,
goto error2;
}
- /* find the target key (which must be writable) */
- key = lookup_user_key(id, 0, 1, KEY_WRITE);
- if (IS_ERR(key)) {
- ret = PTR_ERR(key);
+ /* find the instantiation authorisation key */
+ instkey = key_get_instantiation_authkey(id);
+ if (IS_ERR(instkey)) {
+ ret = PTR_ERR(instkey);
goto error2;
}
- /* find the destination keyring if present (which must also be
- * writable) */
+ rka = instkey->payload.data;
+
+ /* find the destination keyring amongst those belonging to the
+ * requesting task */
keyring = NULL;
if (ringid) {
- keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
+ keyring = lookup_user_key(rka->context, ringid, 1, 0,
+ KEY_WRITE);
if (IS_ERR(keyring)) {
ret = PTR_ERR(keyring);
goto error3;
@@ -859,11 +865,12 @@ long keyctl_instantiate_key(key_serial_t id,
}
/* instantiate the key and link it into a keyring */
- ret = key_instantiate_and_link(key, payload, plen, keyring);
+ ret = key_instantiate_and_link(rka->target_key, payload, plen,
+ keyring, instkey);
key_put(keyring);
error3:
- key_put(key);
+ key_put(instkey);
error2:
kfree(payload);
error:
@@ -878,21 +885,24 @@ long keyctl_instantiate_key(key_serial_t id,
*/
long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
{
- struct key *key, *keyring;
+ struct request_key_auth *rka;
+ struct key *instkey, *keyring;
long ret;
- /* find the target key (which must be writable) */
- key = lookup_user_key(id, 0, 1, KEY_WRITE);
- if (IS_ERR(key)) {
- ret = PTR_ERR(key);
+ /* find the instantiation authorisation key */
+ instkey = key_get_instantiation_authkey(id);
+ if (IS_ERR(instkey)) {
+ ret = PTR_ERR(instkey);
goto error;
}
+ rka = instkey->payload.data;
+
/* find the destination keyring if present (which must also be
* writable) */
keyring = NULL;
if (ringid) {
- keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
+ keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
if (IS_ERR(keyring)) {
ret = PTR_ERR(keyring);
goto error2;
@@ -900,11 +910,11 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
}
/* instantiate the key and link it into a keyring */
- ret = key_negate_and_link(key, timeout, keyring);
+ ret = key_negate_and_link(rka->target_key, timeout, keyring, instkey);
key_put(keyring);
error2:
- key_put(key);
+ key_put(instkey);
error:
return ret;
@@ -912,6 +922,44 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
/*****************************************************************************/
/*
+ * set the default keyring in which request_key() will cache keys
+ * - return the old setting
+ */
+long keyctl_set_reqkey_keyring(int reqkey_defl)
+{
+ int ret;
+
+ switch (reqkey_defl) {
+ case KEY_REQKEY_DEFL_THREAD_KEYRING:
+ ret = install_thread_keyring(current);
+ if (ret < 0)
+ return ret;
+ goto set;
+
+ case KEY_REQKEY_DEFL_PROCESS_KEYRING:
+ ret = install_process_keyring(current);
+ if (ret < 0)
+ return ret;
+
+ case KEY_REQKEY_DEFL_DEFAULT:
+ case KEY_REQKEY_DEFL_SESSION_KEYRING:
+ case KEY_REQKEY_DEFL_USER_KEYRING:
+ case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
+ set:
+ current->jit_keyring = reqkey_defl;
+
+ case KEY_REQKEY_DEFL_NO_CHANGE:
+ return current->jit_keyring;
+
+ case KEY_REQKEY_DEFL_GROUP_KEYRING:
+ default:
+ return -EINVAL;
+ }
+
+} /* end keyctl_set_reqkey_keyring() */
+
+/*****************************************************************************/
+/*
* the key control system call
*/
asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3,
@@ -980,6 +1028,9 @@ asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3,
(unsigned) arg3,
(key_serial_t) arg4);
+ case KEYCTL_SET_REQKEY_KEYRING:
+ return keyctl_set_reqkey_keyring(arg2);
+
default:
return -EOPNOTSUPP;
}
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index e2ab4f8e748..90a551e4da6 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -1,6 +1,6 @@
/* keyring.c: keyring handling
*
- * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
+ * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*
* This program is free software; you can redistribute it and/or
@@ -132,10 +132,17 @@ static int keyring_duplicate(struct key *keyring, const struct key *source)
(PAGE_SIZE - sizeof(*klist)) / sizeof(struct key);
ret = 0;
- sklist = source->payload.subscriptions;
- if (sklist && sklist->nkeys > 0) {
+ /* find out how many keys are currently linked */
+ rcu_read_lock();
+ sklist = rcu_dereference(source->payload.subscriptions);
+ max = 0;
+ if (sklist)
max = sklist->nkeys;
+ rcu_read_unlock();
+
+ /* allocate a new payload and stuff load with key links */
+ if (max > 0) {
BUG_ON(max > limit);
max = (max + 3) & ~3;
@@ -148,6 +155,10 @@ static int keyring_duplicate(struct key *keyring, const struct key *source)
if (!klist)
goto error;
+ /* set links */
+ rcu_read_lock();
+ sklist = rcu_dereference(source->payload.subscriptions);
+
klist->maxkeys = max;
klist->nkeys = sklist->nkeys;
memcpy(klist->keys,
@@ -157,7 +168,9 @@ static int keyring_duplicate(struct key *keyring, const struct key *source)
for (loop = klist->nkeys - 1; loop >= 0; loop--)
atomic_inc(&klist->keys[loop]->usage);
- keyring->payload.subscriptions = klist;
+ rcu_read_unlock();
+
+ rcu_assign_pointer(keyring->payload.subscriptions, klist);
ret = 0;
}
@@ -192,7 +205,7 @@ static void keyring_destroy(struct key *keyring)
write_unlock(&keyring_name_lock);
}
- klist = keyring->payload.subscriptions;
+ klist = rcu_dereference(keyring->payload.subscriptions);
if (klist) {
for (loop = klist->nkeys - 1; loop >= 0; loop--)
key_put(klist->keys[loop]);
@@ -216,17 +229,20 @@ static void keyring_describe(const struct key *keyring, struct seq_file *m)
seq_puts(m, "[anon]");
}
- klist = keyring->payload.subscriptions;
+ rcu_read_lock();
+ klist = rcu_dereference(keyring->payload.subscriptions);
if (klist)
seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys);
else
seq_puts(m, ": empty");
+ rcu_read_unlock();
} /* end keyring_describe() */
/*****************************************************************************/
/*
* read a list of key IDs from the keyring's contents
+ * - the keyring's semaphore is read-locked
*/
static long keyring_read(const struct key *keyring,
char __user *buffer, size_t buflen)
@@ -237,7 +253,7 @@ static long keyring_read(const struct key *keyring,
int loop, ret;
ret = 0;
- klist = keyring->payload.subscriptions;
+ klist = rcu_dereference(keyring->payload.subscriptions);
if (klist) {
/* calculate how much data we could return */
@@ -292,7 +308,7 @@ struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
uid, gid, KEY_USR_ALL, not_in_quota);
if (!IS_ERR(keyring)) {
- ret = key_instantiate_and_link(keyring, NULL, 0, dest);
+ ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);
if (ret < 0) {
key_put(keyring);
keyring = ERR_PTR(ret);
@@ -310,17 +326,18 @@ struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
* - we only find keys on which we have search permission
* - we use the supplied match function to see if the description (or other
* feature of interest) matches
- * - we readlock the keyrings as we search down the tree
+ * - we rely on RCU to prevent the keyring lists from disappearing on us
* - we return -EAGAIN if we didn't find any matching key
* - we return -ENOKEY if we only found negative matching keys
*/
struct key *keyring_search_aux(struct key *keyring,
+ struct task_struct *context,
struct key_type *type,
const void *description,
key_match_func_t match)
{
struct {
- struct key *keyring;
+ struct keyring_list *keylist;
int kix;
} stack[KEYRING_SEARCH_MAX_DEPTH];
@@ -328,13 +345,15 @@ struct key *keyring_search_aux(struct key *keyring,
struct timespec now;
struct key *key;
long err;
- int sp, psp, kix;
+ int sp, kix;
key_check(keyring);
+ rcu_read_lock();
+
/* top keyring must have search permission to begin the search */
key = ERR_PTR(-EACCES);
- if (!key_permission(keyring, KEY_SEARCH))
+ if (!key_task_permission(keyring, context, KEY_SEARCH))
goto error;
key = ERR_PTR(-ENOTDIR);
@@ -347,11 +366,10 @@ struct key *keyring_search_aux(struct key *keyring,
/* start processing a new keyring */
descend:
- read_lock(&keyring->lock);
- if (keyring->flags & KEY_FLAG_REVOKED)
+ if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
goto not_this_keyring;
- keylist = keyring->payload.subscriptions;
+ keylist = rcu_dereference(keyring->payload.subscriptions);
if (!keylist)
goto not_this_keyring;
@@ -364,7 +382,7 @@ struct key *keyring_search_aux(struct key *keyring,
continue;
/* skip revoked keys and expired keys */
- if (key->flags & KEY_FLAG_REVOKED)
+ if (test_bit(KEY_FLAG_REVOKED, &key->flags))
continue;
if (key->expiry && now.tv_sec >= key->expiry)
@@ -375,11 +393,11 @@ struct key *keyring_search_aux(struct key *keyring,
continue;
/* key must have search permissions */
- if (!key_permission(key, KEY_SEARCH))
+ if (!key_task_permission(key, context, KEY_SEARCH))
continue;
/* we set a different error code if we find a negative key */
- if (key->flags & KEY_FLAG_NEGATIVE) {
+ if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
err = -ENOKEY;
continue;
}
@@ -390,48 +408,37 @@ struct key *keyring_search_aux(struct key *keyring,
/* search through the keyrings nested in this one */
kix = 0;
ascend:
- while (kix < keylist->nkeys) {
+ for (; kix < keylist->nkeys; kix++) {
key = keylist->keys[kix];
if (key->type != &key_type_keyring)
- goto next;
+ continue;
/* recursively search nested keyrings
* - only search keyrings for which we have search permission
*/
if (sp >= KEYRING_SEARCH_MAX_DEPTH)
- goto next;
-
- if (!key_permission(key, KEY_SEARCH))
- goto next;
+ continue;
- /* evade loops in the keyring tree */
- for (psp = 0; psp < sp; psp++)
- if (stack[psp].keyring == keyring)
- goto next;
+ if (!key_task_permission(key, context, KEY_SEARCH))
+ continue;
/* stack the current position */
- stack[sp].keyring = keyring;
+ stack[sp].keylist = keylist;
stack[sp].kix = kix;
sp++;
/* begin again with the new keyring */
keyring = key;
goto descend;
-
- next:
- kix++;
}
/* the keyring we're looking at was disqualified or didn't contain a
* matching key */
not_this_keyring:
- read_unlock(&keyring->lock);
-
if (sp > 0) {
/* resume the processing of a keyring higher up in the tree */
sp--;
- keyring = stack[sp].keyring;
- keylist = keyring->payload.subscriptions;
+ keylist = stack[sp].keylist;
kix = stack[sp].kix + 1;
goto ascend;
}
@@ -442,16 +449,9 @@ struct key *keyring_search_aux(struct key *keyring,
/* we found a viable match */
found:
atomic_inc(&key->usage);
- read_unlock(&keyring->lock);
-
- /* unwind the keyring stack */
- while (sp > 0) {
- sp--;
- read_unlock(&stack[sp].keyring->lock);
- }
-
key_check(key);
error:
+ rcu_read_unlock();
return key;
} /* end keyring_search_aux() */
@@ -469,7 +469,11 @@ struct key *keyring_search(struct key *keyring,
struct key_type *type,
const char *description)
{
- return keyring_search_aux(keyring, type, description, type->match);
+ if (!type->match)
+ return ERR_PTR(-ENOKEY);
+
+ return keyring_search_aux(keyring, current,
+ type, description, type->match);
} /* end keyring_search() */
@@ -489,15 +493,18 @@ struct key *__keyring_search_one(struct key *keyring,
struct key *key;
int loop;
- klist = keyring->payload.subscriptions;
+ rcu_read_lock();
+
+ klist = rcu_dereference(keyring->payload.subscriptions);
if (klist) {
for (loop = 0; loop < klist->nkeys; loop++) {
key = klist->keys[loop];
if (key->type == ktype &&
- key->type->match(key, description) &&
+ (!key->type->match ||
+ key->type->match(key, description)) &&
key_permission(key, perm) &&
- !(key->flags & KEY_FLAG_REVOKED)
+ !test_bit(KEY_FLAG_REVOKED, &key->flags)
)
goto found;
}
@@ -509,12 +516,58 @@ struct key *__keyring_search_one(struct key *keyring,
found:
atomic_inc(&key->usage);
error:
+ rcu_read_unlock();
return key;
} /* end __keyring_search_one() */
/*****************************************************************************/
/*
+ * search for an instantiation authorisation key matching a target key
+ * - the RCU read lock must be held by the caller
+ * - a target_id of zero specifies any valid token
+ */
+struct key *keyring_search_instkey(struct key *keyring,
+ key_serial_t target_id)
+{
+ struct request_key_auth *rka;
+ struct keyring_list *klist;
+ struct key *instkey;
+ int loop;
+
+ klist = rcu_dereference(keyring->payload.subscriptions);
+ if (klist) {
+ for (loop = 0; loop < klist->nkeys; loop++) {
+ instkey = klist->keys[loop];
+
+ if (instkey->type != &key_type_request_key_auth)
+ continue;
+
+ rka = instkey->payload.data;
+ if (target_id && rka->target_key->serial != target_id)
+ continue;
+
+ /* the auth key is revoked during instantiation */
+ if (!test_bit(KEY_FLAG_REVOKED, &instkey->flags))
+ goto found;
+
+ instkey = ERR_PTR(-EKEYREVOKED);
+ goto error;
+ }
+ }
+
+ instkey = ERR_PTR(-EACCES);
+ goto error;
+
+found:
+ atomic_inc(&instkey->usage);
+error:
+ return instkey;
+
+} /* end keyring_search_instkey() */
+
+/*****************************************************************************/
+/*
* find a keyring with the specified name
* - all named keyrings are searched
* - only find keyrings with search permission for the process
@@ -540,7 +593,7 @@ struct key *find_keyring_by_name(const char *name, key_serial_t bound)
&keyring_name_hash[bucket],
type_data.link
) {
- if (keyring->flags & KEY_FLAG_REVOKED)
+ if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
continue;
if (strcmp(keyring->description, name) != 0)
@@ -579,7 +632,7 @@ struct key *find_keyring_by_name(const char *name, key_serial_t bound)
static int keyring_detect_cycle(struct key *A, struct key *B)
{
struct {
- struct key *subtree;
+ struct keyring_list *keylist;
int kix;
} stack[KEYRING_SEARCH_MAX_DEPTH];
@@ -587,20 +640,21 @@ static int keyring_detect_cycle(struct key *A, struct key *B)
struct key *subtree, *key;
int sp, kix, ret;
+ rcu_read_lock();
+
ret = -EDEADLK;
if (A == B)
- goto error;
+ goto cycle_detected;
subtree = B;
sp = 0;
/* start processing a new keyring */
descend:
- read_lock(&subtree->lock);
- if (subtree->flags & KEY_FLAG_REVOKED)
+ if (test_bit(KEY_FLAG_REVOKED, &subtree->flags))
goto not_this_keyring;
- keylist = subtree->payload.subscriptions;
+ keylist = rcu_dereference(subtree->payload.subscriptions);
if (!keylist)
goto not_this_keyring;
kix = 0;
@@ -619,7 +673,7 @@ static int keyring_detect_cycle(struct key *A, struct key *B)
goto too_deep;
/* stack the current position */
- stack[sp].subtree = subtree;
+ stack[sp].keylist = keylist;
stack[sp].kix = kix;
sp++;
@@ -632,13 +686,10 @@ static int keyring_detect_cycle(struct key *A, struct key *B)
/* the keyring we're looking at was disqualified or didn't contain a
* matching key */
not_this_keyring:
- read_unlock(&subtree->lock);
-
if (sp > 0) {
/* resume the checking of a keyring higher up in the tree */
sp--;
- subtree = stack[sp].subtree;
- keylist = subtree->payload.subscriptions;
+ keylist = stack[sp].keylist;
kix = stack[sp].kix + 1;
goto ascend;
}
@@ -646,30 +697,36 @@ static int keyring_detect_cycle(struct key *A, struct key *B)
ret = 0; /* no cycles detected */
error:
+ rcu_read_unlock();
return ret;
too_deep:
ret = -ELOOP;
- goto error_unwind;
+ goto error;
+
cycle_detected:
ret = -EDEADLK;
- error_unwind:
- read_unlock(&subtree->lock);
-
- /* unwind the keyring stack */
- while (sp > 0) {
- sp--;
- read_unlock(&stack[sp].subtree->lock);
- }
-
goto error;
} /* end keyring_detect_cycle() */
/*****************************************************************************/
/*
+ * dispose of a keyring list after the RCU grace period
+ */
+static void keyring_link_rcu_disposal(struct rcu_head *rcu)
+{
+ struct keyring_list *klist =
+ container_of(rcu, struct keyring_list, rcu);
+
+ kfree(klist);
+
+} /* end keyring_link_rcu_disposal() */
+
+/*****************************************************************************/
+/*
* link a key into to a keyring
- * - must be called with the keyring's semaphore held
+ * - must be called with the keyring's semaphore write-locked
*/
int __key_link(struct key *keyring, struct key *key)
{
@@ -679,7 +736,7 @@ int __key_link(struct key *keyring, struct key *key)
int ret;
ret = -EKEYREVOKED;
- if (keyring->flags & KEY_FLAG_REVOKED)
+ if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
goto error;
ret = -ENOTDIR;
@@ -710,9 +767,10 @@ int __key_link(struct key *keyring, struct key *key)
/* there's sufficient slack space to add directly */
atomic_inc(&key->usage);
- write_lock(&keyring->lock);
- klist->keys[klist->nkeys++] = key;
- write_unlock(&keyring->lock);
+ klist->keys[klist->nkeys] = key;
+ smp_wmb();
+ klist->nkeys++;
+ smp_wmb();
ret = 0;
}
@@ -723,6 +781,8 @@ int __key_link(struct key *keyring, struct key *key)
max += klist->maxkeys;
ret = -ENFILE;
+ if (max > 65535)
+ goto error3;
size = sizeof(*klist) + sizeof(*key) * max;
if (size > PAGE_SIZE)
goto error3;
@@ -743,14 +803,13 @@ int __key_link(struct key *keyring, struct key *key)
/* add the key into the new space */
atomic_inc(&key->usage);
-
- write_lock(&keyring->lock);
- keyring->payload.subscriptions = nklist;
nklist->keys[nklist->nkeys++] = key;
- write_unlock(&keyring->lock);
+
+ rcu_assign_pointer(keyring->payload.subscriptions, nklist);
/* dispose of the old keyring list */
- kfree(klist);
+ if (klist)
+ call_rcu(&klist->rcu, keyring_link_rcu_disposal);
ret = 0;
}
@@ -791,11 +850,26 @@ EXPORT_SYMBOL(key_link);
/*****************************************************************************/
/*
+ * dispose of a keyring list after the RCU grace period, freeing the unlinked
+ * key
+ */
+static void keyring_unlink_rcu_disposal(struct rcu_head *rcu)
+{
+ struct keyring_list *klist =
+ container_of(rcu, struct keyring_list, rcu);
+
+ key_put(klist->keys[klist->delkey]);
+ kfree(klist);
+
+} /* end keyring_unlink_rcu_disposal() */
+
+/*****************************************************************************/
+/*
* unlink the first link to a key from a keyring
*/
int key_unlink(struct key *keyring, struct key *key)
{
- struct keyring_list *klist;
+ struct keyring_list *klist, *nklist;
int loop, ret;
key_check(keyring);
@@ -819,31 +893,45 @@ int key_unlink(struct key *keyring, struct key *key)
ret = -ENOENT;
goto error;
- key_is_present:
+key_is_present:
+ /* we need to copy the key list for RCU purposes */
+ nklist = kmalloc(sizeof(*klist) + sizeof(*key) * klist->maxkeys,
+ GFP_KERNEL);
+ if (!nklist)
+ goto nomem;
+ nklist->maxkeys = klist->maxkeys;
+ nklist->nkeys = klist->nkeys - 1;
+
+ if (loop > 0)
+ memcpy(&nklist->keys[0],
+ &klist->keys[0],
+ loop * sizeof(klist->keys[0]));
+
+ if (loop < nklist->nkeys)
+ memcpy(&nklist->keys[loop],
+ &klist->keys[loop + 1],
+ (nklist->nkeys - loop) * sizeof(klist->keys[0]));
+
/* adjust the user's quota */
key_payload_reserve(keyring,
keyring->datalen - KEYQUOTA_LINK_BYTES);
- /* shuffle down the key pointers
- * - it might be worth shrinking the allocated memory, but that runs
- * the risk of ENOMEM as we would have to copy
- */
- write_lock(&keyring->lock);
+ rcu_assign_pointer(keyring->payload.subscriptions, nklist);
- klist->nkeys--;
- if (loop < klist->nkeys)
- memcpy(&klist->keys[loop],
- &klist->keys[loop + 1],
- (klist->nkeys - loop) * sizeof(struct key *));
+ up_write(&keyring->sem);
- write_unlock(&keyring->lock);
+ /* schedule for later cleanup */
+ klist->delkey = loop;
+ call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
- up_write(&keyring->sem);
- key_put(key);
ret = 0;
- error:
+error:
return ret;
+nomem:
+ ret = -ENOMEM;
+ up_write(&keyring->sem);
+ goto error;
} /* end key_unlink() */
@@ -851,13 +939,32 @@ EXPORT_SYMBOL(key_unlink);
/*****************************************************************************/
/*
+ * dispose of a keyring list after the RCU grace period, releasing the keys it
+ * links to
+ */
+static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
+{
+ struct keyring_list *klist;
+ int loop;
+
+ klist = container_of(rcu, struct keyring_list, rcu);
+
+ for (loop = klist->nkeys - 1; loop >= 0; loop--)
+ key_put(klist->keys[loop]);
+
+ kfree(klist);
+
+} /* end keyring_clear_rcu_disposal() */
+
+/*****************************************************************************/
+/*
* clear the specified process keyring
* - implements keyctl(KEYCTL_CLEAR)
*/
int keyring_clear(struct key *keyring)
{
struct keyring_list *klist;
- int loop, ret;
+ int ret;
ret = -ENOTDIR;
if (keyring->type == &key_type_keyring) {
@@ -870,20 +977,15 @@ int keyring_clear(struct key *keyring)
key_payload_reserve(keyring,
sizeof(struct keyring_list));
- write_lock(&keyring->lock);
- keyring->payload.subscriptions = NULL;
- write_unlock(&keyring->lock);
+ rcu_assign_pointer(keyring->payload.subscriptions,
+ NULL);
}
up_write(&keyring->sem);
/* free the keys after the locks have been dropped */
- if (klist) {
- for (loop = klist->nkeys - 1; loop >= 0; loop--)
- key_put(klist->keys[loop]);
-
- kfree(klist);
- }
+ if (klist)
+ call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
ret = 0;
}
diff --git a/security/keys/proc.c b/security/keys/proc.c
index 91343b85c39..c55cf1fd082 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -140,7 +140,7 @@ static int proc_keys_show(struct seq_file *m, void *v)
now = current_kernel_time();
- read_lock(&key->lock);
+ rcu_read_lock();
/* come up with a suitable timeout value */
if (key->expiry == 0) {
@@ -164,14 +164,17 @@ static int proc_keys_show(struct seq_file *m, void *v)
sprintf(xbuf, "%luw", timo / (60*60*24*7));
}
+#define showflag(KEY, LETTER, FLAG) \
+ (test_bit(FLAG, &(KEY)->flags) ? LETTER : '-')
+
seq_printf(m, "%08x %c%c%c%c%c%c %5d %4s %06x %5d %5d %-9.9s ",
key->serial,
- key->flags & KEY_FLAG_INSTANTIATED ? 'I' : '-',
- key->flags & KEY_FLAG_REVOKED ? 'R' : '-',
- key->flags & KEY_FLAG_DEAD ? 'D' : '-',
- key->flags & KEY_FLAG_IN_QUOTA ? 'Q' : '-',
- key->flags & KEY_FLAG_USER_CONSTRUCT ? 'U' : '-',
- key->flags & KEY_FLAG_NEGATIVE ? 'N' : '-',
+ showflag(key, 'I', KEY_FLAG_INSTANTIATED),
+ showflag(key, 'R', KEY_FLAG_REVOKED),
+ showflag(key, 'D', KEY_FLAG_DEAD),
+ showflag(key, 'Q', KEY_FLAG_IN_QUOTA),
+ showflag(key, 'U', KEY_FLAG_USER_CONSTRUCT),
+ showflag(key, 'N', KEY_FLAG_NEGATIVE),
atomic_read(&key->usage),
xbuf,
key->perm,
@@ -179,11 +182,13 @@ static int proc_keys_show(struct seq_file *m, void *v)
key->gid,
key->type->name);
+#undef showflag
+
if (key->type->describe)
key->type->describe(key, m);
seq_putc(m, '\n');
- read_unlock(&key->lock);
+ rcu_read_unlock();
return 0;
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 2eb0e471cd4..9b0369c5a22 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -1,6 +1,6 @@
/* process_keys.c: management of a process's keyrings
*
- * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
+ * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*
* This program is free software; you can redistribute it and/or
@@ -38,10 +38,9 @@ struct key root_user_keyring = {
.serial = 2,
.type = &key_type_keyring,
.user = &root_key_user,
- .lock = RW_LOCK_UNLOCKED,
.sem = __RWSEM_INITIALIZER(root_user_keyring.sem),
.perm = KEY_USR_ALL,
- .flags = KEY_FLAG_INSTANTIATED,
+ .flags = 1 << KEY_FLAG_INSTANTIATED,
.description = "_uid.0",
#ifdef KEY_DEBUGGING
.magic = KEY_DEBUG_MAGIC,
@@ -54,10 +53,9 @@ struct key root_session_keyring = {
.serial = 1,
.type = &key_type_keyring,
.user = &root_key_user,
- .lock = RW_LOCK_UNLOCKED,
.sem = __RWSEM_INITIALIZER(root_session_keyring.sem),
.perm = KEY_USR_ALL,
- .flags = KEY_FLAG_INSTANTIATED,
+ .flags = 1 << KEY_FLAG_INSTANTIATED,
.description = "_uid_ses.0",
#ifdef KEY_DEBUGGING
.magic = KEY_DEBUG_MAGIC,
@@ -167,7 +165,7 @@ int install_thread_keyring(struct task_struct *tsk)
/*
* make sure a process keyring is installed
*/
-static int install_process_keyring(struct task_struct *tsk)
+int install_process_keyring(struct task_struct *tsk)
{
unsigned long flags;
struct key *keyring;
@@ -183,7 +181,7 @@ static int install_process_keyring(struct task_struct *tsk)
goto error;
}
- /* attach or swap keyrings */
+ /* attach keyring */
spin_lock_irqsave(&tsk->sighand->siglock, flags);
if (!tsk->signal->process_keyring) {
tsk->signal->process_keyring = keyring;
@@ -229,12 +227,14 @@ static int install_session_keyring(struct task_struct *tsk,
/* install the keyring */
spin_lock_irqsave(&tsk->sighand->siglock, flags);
- old = tsk->signal->session_keyring;
- tsk->signal->session_keyring = keyring;
+ old = rcu_dereference(tsk->signal->session_keyring);
+ rcu_assign_pointer(tsk->signal->session_keyring, keyring);
spin_unlock_irqrestore(&tsk->sighand->siglock, flags);
ret = 0;
+ /* we're using RCU on the pointer */
+ synchronize_rcu();
key_put(old);
error:
return ret;
@@ -247,8 +247,6 @@ static int install_session_keyring(struct task_struct *tsk,
*/
int copy_thread_group_keys(struct task_struct *tsk)
{
- unsigned long flags;
-
key_check(current->thread_group->session_keyring);
key_check(current->thread_group->process_keyring);
@@ -256,10 +254,10 @@ int copy_thread_group_keys(struct task_struct *tsk)
tsk->signal->process_keyring = NULL;
/* same session keyring */
- spin_lock_irqsave(&current->sighand->siglock, flags);
+ rcu_read_lock();
tsk->signal->session_keyring =
- key_get(current->signal->session_keyring);
- spin_unlock_irqrestore(&current->sighand->siglock, flags);
+ key_get(rcu_dereference(current->signal->session_keyring));
+ rcu_read_unlock();
return 0;
@@ -349,9 +347,7 @@ void key_fsuid_changed(struct task_struct *tsk)
/* update the ownership of the thread keyring */
if (tsk->thread_keyring) {
down_write(&tsk->thread_keyring->sem);
- write_lock(&tsk->thread_keyring->lock);
tsk->thread_keyring->uid = tsk->fsuid;
- write_unlock(&tsk->thread_keyring->lock);
up_write(&tsk->thread_keyring->sem);
}
@@ -366,9 +362,7 @@ void key_fsgid_changed(struct task_struct *tsk)
/* update the ownership of the thread keyring */
if (tsk->thread_keyring) {
down_write(&tsk->thread_keyring->sem);
- write_lock(&tsk->thread_keyring->lock);
tsk->thread_keyring->gid = tsk->fsgid;
- write_unlock(&tsk->thread_keyring->lock);
up_write(&tsk->thread_keyring->sem);
}
@@ -382,13 +376,13 @@ void key_fsgid_changed(struct task_struct *tsk)
* - we return -EAGAIN if we didn't find any matching key
* - we return -ENOKEY if we found only negative matching keys
*/
-struct key *search_process_keyrings_aux(struct key_type *type,
- const void *description,
- key_match_func_t match)
+struct key *search_process_keyrings(struct key_type *type,
+ const void *description,
+ key_match_func_t match,
+ struct task_struct *context)
{
- struct task_struct *tsk = current;
- unsigned long flags;
- struct key *key, *ret, *err, *tmp;
+ struct request_key_auth *rka;
+ struct key *key, *ret, *err, *instkey;
/* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
* searchable, but we failed to find a key or we found a negative key;
@@ -402,9 +396,9 @@ struct key *search_process_keyrings_aux(struct key_type *type,
err = ERR_PTR(-EAGAIN);
/* search the thread keyring first */
- if (tsk->thread_keyring) {
- key = keyring_search_aux(tsk->thread_keyring, type,
- description, match);
+ if (context->thread_keyring) {
+ key = keyring_search_aux(context->thread_keyring,
+ context, type, description, match);
if (!IS_ERR(key))
goto found;
@@ -422,9 +416,9 @@ struct key *search_process_keyrings_aux(struct key_type *type,
}
/* search the process keyring second */
- if (tsk->signal->process_keyring) {
- key = keyring_search_aux(tsk->signal->process_keyring,
- type, description, match);
+ if (context->signal->process_keyring) {
+ key = keyring_search_aux(context->signal->process_keyring,
+ context, type, description, match);
if (!IS_ERR(key))
goto found;
@@ -441,52 +435,93 @@ struct key *search_process_keyrings_aux(struct key_type *type,
}
}
- /* search the session keyring last */
- spin_lock_irqsave(&tsk->sighand->siglock, flags);
+ /* search the session keyring */
+ if (context->signal->session_keyring) {
+ rcu_read_lock();
+ key = keyring_search_aux(
+ rcu_dereference(context->signal->session_keyring),
+ context, type, description, match);
+ rcu_read_unlock();
- tmp = tsk->signal->session_keyring;
- if (!tmp)
- tmp = tsk->user->session_keyring;
- atomic_inc(&tmp->usage);
+ if (!IS_ERR(key))
+ goto found;
- spin_unlock_irqrestore(&tsk->sighand->siglock, flags);
+ switch (PTR_ERR(key)) {
+ case -EAGAIN: /* no key */
+ if (ret)
+ break;
+ case -ENOKEY: /* negative key */
+ ret = key;
+ break;
+ default:
+ err = key;
+ break;
+ }
+
+ /* if this process has a session keyring and that has an
+ * instantiation authorisation key in the bottom level, then we
+ * also search the keyrings of the process mentioned there */
+ if (context != current)
+ goto no_key;
+
+ rcu_read_lock();
+ instkey = __keyring_search_one(
+ rcu_dereference(context->signal->session_keyring),
+ &key_type_request_key_auth, NULL, 0);
+ rcu_read_unlock();
+
+ if (IS_ERR(instkey))
+ goto no_key;
+
+ rka = instkey->payload.data;
- key = keyring_search_aux(tmp, type, description, match);
- key_put(tmp);
- if (!IS_ERR(key))
- goto found;
+ key = search_process_keyrings(type, description, match,
+ rka->context);
+ key_put(instkey);
- switch (PTR_ERR(key)) {
- case -EAGAIN: /* no key */
- if (ret)
+ if (!IS_ERR(key))
+ goto found;
+
+ switch (PTR_ERR(key)) {
+ case -EAGAIN: /* no key */
+ if (ret)
+ break;
+ case -ENOKEY: /* negative key */
+ ret = key;
break;
- case -ENOKEY: /* negative key */
- ret = key;
- break;
- default:
- err = key;
- break;
+ default:
+ err = key;
+ break;
+ }
+ }
+ /* or search the user-session keyring */
+ else {
+ key = keyring_search_aux(context->user->session_keyring,
+ context, type, description, match);
+ if (!IS_ERR(key))
+ goto found;
+
+ switch (PTR_ERR(key)) {
+ case -EAGAIN: /* no key */
+ if (ret)
+ break;
+ case -ENOKEY: /* negative key */
+ ret = key;
+ break;
+ default:
+ err = key;
+ break;
+ }
}
+
+no_key:
/* no key - decide on the error we're going to go for */
key = ret ? ret : err;
- found:
+found:
return key;
-} /* end search_process_keyrings_aux() */
-
-/*****************************************************************************/
-/*
- * search the process keyrings for the first matching key
- * - we return -EAGAIN if we didn't find any matching key
- * - we return -ENOKEY if we found only negative matching keys
- */
-struct key *search_process_keyrings(struct key_type *type,
- const char *description)
-{
- return search_process_keyrings_aux(type, description, type->match);
-
} /* end search_process_keyrings() */
/*****************************************************************************/
@@ -495,72 +530,73 @@ struct key *search_process_keyrings(struct key_type *type,
* - don't create special keyrings unless so requested
* - partially constructed keys aren't found unless requested
*/
-struct key *lookup_user_key(key_serial_t id, int create, int partial,
- key_perm_t perm)
+struct key *lookup_user_key(struct task_struct *context, key_serial_t id,
+ int create, int partial, key_perm_t perm)
{
- struct task_struct *tsk = current;
- unsigned long flags;
struct key *key;
int ret;
+ if (!context)
+ context = current;
+
key = ERR_PTR(-ENOKEY);
switch (id) {
case KEY_SPEC_THREAD_KEYRING:
- if (!tsk->thread_keyring) {
+ if (!context->thread_keyring) {
if (!create)
goto error;
- ret = install_thread_keyring(tsk);
+ ret = install_thread_keyring(context);
if (ret < 0) {
key = ERR_PTR(ret);
goto error;
}
}
- key = tsk->thread_keyring;
+ key = context->thread_keyring;
atomic_inc(&key->usage);
break;
case KEY_SPEC_PROCESS_KEYRING:
- if (!tsk->signal->process_keyring) {
+ if (!context->signal->process_keyring) {
if (!create)
goto error;
- ret = install_process_keyring(tsk);
+ ret = install_process_keyring(context);
if (ret < 0) {
key = ERR_PTR(ret);
goto error;
}
}
- key = tsk->signal->process_keyring;
+ key = context->signal->process_keyring;
atomic_inc(&key->usage);
break;
case KEY_SPEC_SESSION_KEYRING:
- if (!tsk->signal->session_keyring) {
+ if (!context->signal->session_keyring) {
/* always install a session keyring upon access if one
* doesn't exist yet */
ret = install_session_keyring(
- tsk, tsk->user->session_keyring);
+ context, context->user->session_keyring);
if (ret < 0)
goto error;
}
- spin_lock_irqsave(&tsk->sighand->siglock, flags);
- key = tsk->signal->session_keyring;
+ rcu_read_lock();
+ key = rcu_dereference(context->signal->session_keyring);
atomic_inc(&key->usage);
- spin_unlock_irqrestore(&tsk->sighand->siglock, flags);
+ rcu_read_unlock();
break;
case KEY_SPEC_USER_KEYRING:
- key = tsk->user->uid_keyring;
+ key = context->user->uid_keyring;
atomic_inc(&key->usage);
break;
case KEY_SPEC_USER_SESSION_KEYRING:
- key = tsk->user->session_keyring;
+ key = context->user->session_keyring;
atomic_inc(&key->usage);
break;
@@ -580,7 +616,7 @@ struct key *lookup_user_key(key_serial_t id, int create, int partial,
break;
}
- /* check the status and permissions */
+ /* check the status */
if (perm) {
ret = key_validate(key);
if (ret < 0)
@@ -588,11 +624,13 @@ struct key *lookup_user_key(key_serial_t id, int create, int partial,
}
ret = -EIO;
- if (!partial && !(key->flags & KEY_FLAG_INSTANTIATED))
+ if (!partial && !test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
goto invalid_key;
+ /* check the permissions */
ret = -EACCES;
- if (!key_permission(key, perm))
+
+ if (!key_task_permission(key, context, perm))
goto invalid_key;
error:
@@ -615,7 +653,6 @@ struct key *lookup_user_key(key_serial_t id, int create, int partial,
long join_session_keyring(const char *name)
{
struct task_struct *tsk = current;
- unsigned long flags;
struct key *keyring;
long ret;
@@ -625,9 +662,9 @@ long join_session_keyring(const char *name)
if (ret < 0)
goto error;
- spin_lock_irqsave(&tsk->sighand->siglock, flags);
- ret = tsk->signal->session_keyring->serial;
- spin_unlock_irqrestore(&tsk->sighand->siglock, flags);
+ rcu_read_lock();
+ ret = rcu_dereference(tsk->signal->session_keyring)->serial;
+ rcu_read_unlock();
goto error;
}
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 9705b1aeba5..dfcd983af1f 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -1,6 +1,6 @@
/* request_key.c: request a key from userspace
*
- * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
+ * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*
* This program is free software; you can redistribute it and/or
@@ -13,6 +13,7 @@
#include <linux/sched.h>
#include <linux/kmod.h>
#include <linux/err.h>
+#include <linux/keyctl.h>
#include "internal.h"
struct key_construction {
@@ -27,18 +28,26 @@ DECLARE_WAIT_QUEUE_HEAD(request_key_conswq);
/*
* request userspace finish the construction of a key
* - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring> <info>"
- * - if callout_info is an empty string, it'll be rendered as a "-" instead
*/
static int call_request_key(struct key *key,
const char *op,
const char *callout_info)
{
struct task_struct *tsk = current;
- unsigned long flags;
key_serial_t prkey, sskey;
+ struct key *session_keyring, *rkakey;
char *argv[10], *envp[3], uid_str[12], gid_str[12];
char key_str[12], keyring_str[3][12];
- int i;
+ int ret, i;
+
+ kenter("{%d},%s,%s", key->serial, op, callout_info);
+
+ /* generate a new session keyring with an auth key in it */
+ session_keyring = request_key_auth_new(key, &rkakey);
+ if (IS_ERR(session_keyring)) {
+ ret = PTR_ERR(session_keyring);
+ goto error;
+ }
/* record the UID and GID */
sprintf(uid_str, "%d", current->fsuid);
@@ -55,17 +64,17 @@ static int call_request_key(struct key *key,
if (tsk->signal->process_keyring)
prkey = tsk->signal->process_keyring->serial;
- sskey = 0;
- spin_lock_irqsave(&tsk->sighand->siglock, flags);
- if (tsk->signal->session_keyring)
- sskey = tsk->signal->session_keyring->serial;
- spin_unlock_irqrestore(&tsk->sighand->siglock, flags);
-
+ sprintf(keyring_str[1], "%d", prkey);
- if (!sskey)
+ if (tsk->signal->session_keyring) {
+ rcu_read_lock();
+ sskey = rcu_dereference(tsk->signal->session_keyring)->serial;
+ rcu_read_unlock();
+ }
+ else {
sskey = tsk->user->session_keyring->serial;
+ }
- sprintf(keyring_str[1], "%d", prkey);
sprintf(keyring_str[2], "%d", sskey);
/* set up a minimal environment */
@@ -84,11 +93,20 @@ static int call_request_key(struct key *key,
argv[i++] = keyring_str[0];
argv[i++] = keyring_str[1];
argv[i++] = keyring_str[2];
- argv[i++] = callout_info[0] ? (char *) callout_info : "-";
+ argv[i++] = (char *) callout_info;
argv[i] = NULL;
/* do it */
- return call_usermodehelper(argv[0], argv, envp, 1);
+ ret = call_usermodehelper_keys(argv[0], argv, envp, session_keyring, 1);
+
+ /* dispose of the special keys */
+ key_revoke(rkakey);
+ key_put(rkakey);
+ key_put(session_keyring);
+
+ error:
+ kleave(" = %d", ret);
+ return ret;
} /* end call_request_key() */
@@ -105,7 +123,9 @@ static struct key *__request_key_construction(struct key_type *type,
struct key_construction cons;
struct timespec now;
struct key *key;
- int ret, negative;
+ int ret, negated;
+
+ kenter("%s,%s,%s", type->name, description, callout_info);
/* create a key and add it to the queue */
key = key_alloc(type, description,
@@ -113,9 +133,7 @@ static struct key *__request_key_construction(struct key_type *type,
if (IS_ERR(key))
goto alloc_failed;
- write_lock(&key->lock);
- key->flags |= KEY_FLAG_USER_CONSTRUCT;
- write_unlock(&key->lock);
+ set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
cons.key = key;
list_add_tail(&cons.link, &key->user->consq);
@@ -130,7 +148,7 @@ static struct key *__request_key_construction(struct key_type *type,
/* if the key wasn't instantiated, then we want to give an error */
ret = -ENOKEY;
- if (!(key->flags & KEY_FLAG_INSTANTIATED))
+ if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
goto request_failed;
down_write(&key_construction_sem);
@@ -139,12 +157,13 @@ static struct key *__request_key_construction(struct key_type *type,
/* also give an error if the key was negatively instantiated */
check_not_negative:
- if (key->flags & KEY_FLAG_NEGATIVE) {
+ if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
key_put(key);
key = ERR_PTR(-ENOKEY);
}
out:
+ kleave(" = %p", key);
return key;
request_failed:
@@ -152,24 +171,23 @@ static struct key *__request_key_construction(struct key_type *type,
* - remove from construction queue
* - mark the key as dead
*/
- negative = 0;
+ negated = 0;
down_write(&key_construction_sem);
list_del(&cons.link);
- write_lock(&key->lock);
- key->flags &= ~KEY_FLAG_USER_CONSTRUCT;
-
/* check it didn't get instantiated between the check and the down */
- if (!(key->flags & KEY_FLAG_INSTANTIATED)) {
- key->flags |= KEY_FLAG_INSTANTIATED | KEY_FLAG_NEGATIVE;
- negative = 1;
+ if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
+ set_bit(KEY_FLAG_NEGATIVE, &key->flags);
+ set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
+ negated = 1;
}
- write_unlock(&key->lock);
+ clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
+
up_write(&key_construction_sem);
- if (!negative)
+ if (!negated)
goto check_not_negative; /* surprisingly, the key got
* instantiated */
@@ -178,13 +196,12 @@ static struct key *__request_key_construction(struct key_type *type,
key->expiry = now.tv_sec + key_negative_timeout;
if (current->signal->session_keyring) {
- unsigned long flags;
struct key *keyring;
- spin_lock_irqsave(&current->sighand->siglock, flags);
- keyring = current->signal->session_keyring;
+ rcu_read_lock();
+ keyring = rcu_dereference(current->signal->session_keyring);
atomic_inc(&keyring->usage);
- spin_unlock_irqrestore(&current->sighand->siglock, flags);
+ rcu_read_unlock();
key_link(keyring, key);
key_put(keyring);
@@ -220,6 +237,9 @@ static struct key *request_key_construction(struct key_type *type,
DECLARE_WAITQUEUE(myself, current);
+ kenter("%s,%s,{%d},%s",
+ type->name, description, user->uid, callout_info);
+
/* see if there's such a key under construction already */
down_write(&key_construction_sem);
@@ -236,6 +256,7 @@ static struct key *request_key_construction(struct key_type *type,
/* see about getting userspace to construct the key */
key = __request_key_construction(type, description, callout_info);
error:
+ kleave(" = %p", key);
return key;
/* someone else has the same key under construction
@@ -249,8 +270,10 @@ static struct key *request_key_construction(struct key_type *type,
add_wait_queue(&request_key_conswq, &myself);
for (;;) {
- set_current_state(TASK_UNINTERRUPTIBLE);
- if (!(ckey->flags & KEY_FLAG_USER_CONSTRUCT))
+ set_current_state(TASK_INTERRUPTIBLE);
+ if (!test_bit(KEY_FLAG_USER_CONSTRUCT, &ckey->flags))
+ break;
+ if (signal_pending(current))
break;
schedule();
}
@@ -271,21 +294,83 @@ static struct key *request_key_construction(struct key_type *type,
/*****************************************************************************/
/*
+ * link a freshly minted key to an appropriate destination keyring
+ */
+static void request_key_link(struct key *key, struct key *dest_keyring)
+{
+ struct task_struct *tsk = current;
+ struct key *drop = NULL;
+
+ kenter("{%d},%p", key->serial, dest_keyring);
+
+ /* find the appropriate keyring */
+ if (!dest_keyring) {
+ switch (tsk->jit_keyring) {
+ case KEY_REQKEY_DEFL_DEFAULT:
+ case KEY_REQKEY_DEFL_THREAD_KEYRING:
+ dest_keyring = tsk->thread_keyring;
+ if (dest_keyring)
+ break;
+
+ case KEY_REQKEY_DEFL_PROCESS_KEYRING:
+ dest_keyring = tsk->signal->process_keyring;
+ if (dest_keyring)
+ break;
+
+ case KEY_REQKEY_DEFL_SESSION_KEYRING:
+ rcu_read_lock();
+ dest_keyring = key_get(
+ rcu_dereference(tsk->signal->session_keyring));
+ rcu_read_unlock();
+ drop = dest_keyring;
+
+ if (dest_keyring)
+ break;
+
+ case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
+ dest_keyring = current->user->session_keyring;
+ break;
+
+ case KEY_REQKEY_DEFL_USER_KEYRING:
+ dest_keyring = current->user->uid_keyring;
+ break;
+
+ case KEY_REQKEY_DEFL_GROUP_KEYRING:
+ default:
+ BUG();
+ }
+ }
+
+ /* and attach the key to it */
+ key_link(dest_keyring, key);
+
+ key_put(drop);
+
+ kleave("");
+
+} /* end request_key_link() */
+
+/*****************************************************************************/
+/*
* request a key
* - search the process's keyrings
* - check the list of keys being created or updated
- * - call out to userspace for a key if requested (supplementary info can be
- * passed)
+ * - call out to userspace for a key if supplementary info was provided
+ * - cache the key in an appropriate keyring
*/
-struct key *request_key(struct key_type *type,
- const char *description,
- const char *callout_info)
+struct key *request_key_and_link(struct key_type *type,
+ const char *description,
+ const char *callout_info,
+ struct key *dest_keyring)
{
struct key_user *user;
struct key *key;
+ kenter("%s,%s,%s,%p",
+ type->name, description, callout_info, dest_keyring);
+
/* search all the process keyrings for a key */
- key = search_process_keyrings_aux(type, description, type->match);
+ key = search_process_keyrings(type, description, type->match, current);
if (PTR_ERR(key) == -EAGAIN) {
/* the search failed, but the keyrings were searchable, so we
@@ -296,12 +381,13 @@ struct key *request_key(struct key_type *type,
/* - get hold of the user's construction queue */
user = key_user_lookup(current->fsuid);
- if (!user) {
- key = ERR_PTR(-ENOMEM);
- goto error;
- }
+ if (!user)
+ goto nomem;
+
+ do {
+ if (signal_pending(current))
+ goto interrupted;
- for (;;) {
/* ask userspace (returns NULL if it waited on a key
* being constructed) */
key = request_key_construction(type, description,
@@ -311,18 +397,46 @@ struct key *request_key(struct key_type *type,
/* someone else made the key we want, so we need to
* search again as it might now be available to us */
- key = search_process_keyrings_aux(type, description,
- type->match);
- if (PTR_ERR(key) != -EAGAIN)
- break;
- }
+ key = search_process_keyrings(type, description,
+ type->match, current);
+
+ } while (PTR_ERR(key) == -EAGAIN);
key_user_put(user);
+
+ /* link the new key into the appropriate keyring */
+ if (!PTR_ERR(key))
+ request_key_link(key, dest_keyring);
}
- error:
+error:
+ kleave(" = %p", key);
return key;
+nomem:
+ key = ERR_PTR(-ENOMEM);
+ goto error;
+
+interrupted:
+ key_user_put(user);
+ key = ERR_PTR(-EINTR);
+ goto error;
+
+} /* end request_key_and_link() */
+
+/*****************************************************************************/
+/*
+ * request a key
+ * - search the process's keyrings
+ * - check the list of keys being created or updated
+ * - call out to userspace for a key if supplementary info was provided
+ */
+struct key *request_key(struct key_type *type,
+ const char *description,
+ const char *callout_info)
+{
+ return request_key_and_link(type, description, callout_info, NULL);
+
} /* end request_key() */
EXPORT_SYMBOL(request_key);
@@ -339,7 +453,8 @@ int key_validate(struct key *key)
if (key) {
/* check it's still accessible */
ret = -EKEYREVOKED;
- if (key->flags & (KEY_FLAG_REVOKED | KEY_FLAG_DEAD))
+ if (test_bit(KEY_FLAG_REVOKED, &key->flags) ||
+ test_bit(KEY_FLAG_DEAD, &key->flags))
goto error;
/* check it hasn't expired */
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
new file mode 100644
index 00000000000..f2226463222
--- /dev/null
+++ b/security/keys/request_key_auth.c
@@ -0,0 +1,180 @@
+/* request_key_auth.c: request key authorisation controlling key def
+ *
+ * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+
+#include <linux/module.h>
+#include <linux/sched.h>
+#include <linux/err.h>
+#include <linux/seq_file.h>
+#include "internal.h"
+
+static int request_key_auth_instantiate(struct key *, const void *, size_t);
+static void request_key_auth_describe(const struct key *, struct seq_file *);
+static void request_key_auth_destroy(struct key *);
+
+/*
+ * the request-key authorisation key type definition
+ */
+struct key_type key_type_request_key_auth = {
+ .name = ".request_key_auth",
+ .def_datalen = sizeof(struct request_key_auth),
+ .instantiate = request_key_auth_instantiate,
+ .describe = request_key_auth_describe,
+ .destroy = request_key_auth_destroy,
+};
+
+/*****************************************************************************/
+/*
+ * instantiate a request-key authorisation record
+ */
+static int request_key_auth_instantiate(struct key *key,
+ const void *data,
+ size_t datalen)
+{
+ struct request_key_auth *rka, *irka;
+ struct key *instkey;
+ int ret;
+
+ ret = -ENOMEM;
+ rka = kmalloc(sizeof(*rka), GFP_KERNEL);
+ if (rka) {
+ /* see if the calling process is already servicing the key
+ * request of another process */
+ instkey = key_get_instantiation_authkey(0);
+ if (!IS_ERR(instkey)) {
+ /* it is - use that instantiation context here too */
+ irka = instkey->payload.data;
+ rka->context = irka->context;
+ rka->pid = irka->pid;
+ key_put(instkey);
+ }
+ else {
+ /* it isn't - use this process as the context */
+ rka->context = current;
+ rka->pid = current->pid;
+ }
+
+ rka->target_key = key_get((struct key *) data);
+ key->payload.data = rka;
+ ret = 0;
+ }
+
+ return ret;
+
+} /* end request_key_auth_instantiate() */
+
+/*****************************************************************************/
+/*
+ *
+ */
+static void request_key_auth_describe(const struct key *key,
+ struct seq_file *m)
+{
+ struct request_key_auth *rka = key->payload.data;
+
+ seq_puts(m, "key:");
+ seq_puts(m, key->description);
+ seq_printf(m, " pid:%d", rka->pid);
+
+} /* end request_key_auth_describe() */
+
+/*****************************************************************************/
+/*
+ * destroy an instantiation authorisation token key
+ */
+static void request_key_auth_destroy(struct key *key)
+{
+ struct request_key_auth *rka = key->payload.data;
+
+ kenter("{%d}", key->serial);
+
+ key_put(rka->target_key);
+
+} /* end request_key_auth_destroy() */
+
+/*****************************************************************************/
+/*
+ * create a session keyring to be for the invokation of /sbin/request-key and
+ * stick an authorisation token in it
+ */
+struct key *request_key_auth_new(struct key *target, struct key **_rkakey)
+{
+ struct key *keyring, *rkakey = NULL;
+ char desc[20];
+ int ret;
+
+ kenter("%d,", target->serial);
+
+ /* allocate a new session keyring */
+ sprintf(desc, "_req.%u", target->serial);
+
+ keyring = keyring_alloc(desc, current->fsuid, current->fsgid, 1, NULL);
+ if (IS_ERR(keyring)) {
+ kleave("= %ld", PTR_ERR(keyring));
+ return keyring;
+ }
+
+ /* allocate the auth key */
+ sprintf(desc, "%x", target->serial);
+
+ rkakey = key_alloc(&key_type_request_key_auth, desc,
+ current->fsuid, current->fsgid,
+ KEY_USR_VIEW, 1);
+ if (IS_ERR(rkakey)) {
+ key_put(keyring);
+ kleave("= %ld", PTR_ERR(rkakey));
+ return rkakey;
+ }
+
+ /* construct and attach to the keyring */
+ ret = key_instantiate_and_link(rkakey, target, 0, keyring, NULL);
+ if (ret < 0) {
+ key_revoke(rkakey);
+ key_put(rkakey);
+ key_put(keyring);
+ kleave("= %d", ret);
+ return ERR_PTR(ret);
+ }
+
+ *_rkakey = rkakey;
+ kleave(" = {%d} ({%d})", keyring->serial, rkakey->serial);
+ return keyring;
+
+} /* end request_key_auth_new() */
+
+/*****************************************************************************/
+/*
+ * get the authorisation key for instantiation of a specific key if attached to
+ * the current process's keyrings
+ * - this key is inserted into a keyring and that is set as /sbin/request-key's
+ * session keyring
+ * - a target_id of zero specifies any valid token
+ */
+struct key *key_get_instantiation_authkey(key_serial_t target_id)
+{
+ struct task_struct *tsk = current;
+ struct key *instkey;
+
+ /* we must have our own personal session keyring */
+ if (!tsk->signal->session_keyring)
+ return ERR_PTR(-EACCES);
+
+ /* and it must contain a suitable request authorisation key
+ * - lock RCU against session keyring changing
+ */
+ rcu_read_lock();
+
+ instkey = keyring_search_instkey(
+ rcu_dereference(tsk->signal->session_keyring), target_id);
+
+ rcu_read_unlock();
+ return instkey;
+
+} /* end key_get_instantiation_authkey() */
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index 8d65b3a2812..e446acba73d 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -42,12 +42,21 @@ struct key_type key_type_user = {
.read = user_read,
};
+struct user_key_payload {
+ struct rcu_head rcu; /* RCU destructor */
+ unsigned short datalen; /* length of this data */
+ char data[0]; /* actual data */
+};
+
+EXPORT_SYMBOL_GPL(key_type_user);
+
/*****************************************************************************/
/*
* instantiate a user defined key
*/
static int user_instantiate(struct key *key, const void *data, size_t datalen)
{
+ struct user_key_payload *upayload;
int ret;
ret = -EINVAL;
@@ -58,13 +67,15 @@ static int user_instantiate(struct key *key, const void *data, size_t datalen)
if (ret < 0)
goto error;
- /* attach the data */
ret = -ENOMEM;
- key->payload.data = kmalloc(datalen, GFP_KERNEL);
- if (!key->payload.data)
+ upayload = kmalloc(sizeof(*upayload) + datalen, GFP_KERNEL);
+ if (!upayload)
goto error;
- memcpy(key->payload.data, data, datalen);
+ /* attach the data */
+ upayload->datalen = datalen;
+ memcpy(upayload->data, data, datalen);
+ rcu_assign_pointer(key->payload.data, upayload);
ret = 0;
error:
@@ -75,18 +86,25 @@ static int user_instantiate(struct key *key, const void *data, size_t datalen)
/*****************************************************************************/
/*
* duplicate a user defined key
+ * - both keys' semaphores are locked against further modification
+ * - the new key cannot yet be accessed
*/
static int user_duplicate(struct key *key, const struct key *source)
{
+ struct user_key_payload *upayload, *spayload;
int ret;
/* just copy the payload */
ret = -ENOMEM;
- key->payload.data = kmalloc(source->datalen, GFP_KERNEL);
+ upayload = kmalloc(sizeof(*upayload) + source->datalen, GFP_KERNEL);
+ if (upayload) {
+ spayload = rcu_dereference(source->payload.data);
+ BUG_ON(source->datalen != spayload->datalen);
+
+ upayload->datalen = key->datalen = spayload->datalen;
+ memcpy(upayload->data, spayload->data, key->datalen);
- if (key->payload.data) {
- key->datalen = source->datalen;
- memcpy(key->payload.data, source->payload.data, source->datalen);
+ key->payload.data = upayload;
ret = 0;
}
@@ -96,40 +114,54 @@ static int user_duplicate(struct key *key, const struct key *source)
/*****************************************************************************/
/*
+ * dispose of the old data from an updated user defined key
+ */
+static void user_update_rcu_disposal(struct rcu_head *rcu)
+{
+ struct user_key_payload *upayload;
+
+ upayload = container_of(rcu, struct user_key_payload, rcu);
+
+ kfree(upayload);
+
+} /* end user_update_rcu_disposal() */
+
+/*****************************************************************************/
+/*
* update a user defined key
+ * - the key's semaphore is write-locked
*/
static int user_update(struct key *key, const void *data, size_t datalen)
{
- void *new, *zap;
+ struct user_key_payload *upayload, *zap;
int ret;
ret = -EINVAL;
if (datalen <= 0 || datalen > 32767 || !data)
goto error;
- /* copy the data */
+ /* construct a replacement payload */
ret = -ENOMEM;
- new = kmalloc(datalen, GFP_KERNEL);
- if (!new)
+ upayload = kmalloc(sizeof(*upayload) + datalen, GFP_KERNEL);
+ if (!upayload)
goto error;
- memcpy(new, data, datalen);
+ upayload->datalen = datalen;
+ memcpy(upayload->data, data, datalen);
/* check the quota and attach the new data */
- zap = new;
- write_lock(&key->lock);
+ zap = upayload;
ret = key_payload_reserve(key, datalen);
if (ret == 0) {
/* attach the new data, displacing the old */
zap = key->payload.data;
- key->payload.data = new;
+ rcu_assign_pointer(key->payload.data, upayload);
key->expiry = 0;
}
- write_unlock(&key->lock);
- kfree(zap);
+ call_rcu(&zap->rcu, user_update_rcu_disposal);
error:
return ret;
@@ -152,13 +184,15 @@ static int user_match(const struct key *key, const void *description)
*/
static void user_destroy(struct key *key)
{
- kfree(key->payload.data);
+ struct user_key_payload *upayload = key->payload.data;
+
+ kfree(upayload);
} /* end user_destroy() */
/*****************************************************************************/
/*
- * describe the user
+ * describe the user key
*/
static void user_describe(const struct key *key, struct seq_file *m)
{
@@ -171,18 +205,23 @@ static void user_describe(const struct key *key, struct seq_file *m)
/*****************************************************************************/
/*
* read the key data
+ * - the key's semaphore is read-locked
*/
static long user_read(const struct key *key,
char __user *buffer, size_t buflen)
{
- long ret = key->datalen;
+ struct user_key_payload *upayload;
+ long ret;
+
+ upayload = rcu_dereference(key->payload.data);
+ ret = upayload->datalen;
/* we can return the data as is */
if (buffer && buflen > 0) {
- if (buflen > key->datalen)
- buflen = key->datalen;
+ if (buflen > upayload->datalen)
+ buflen = upayload->datalen;
- if (copy_to_user(buffer, key->payload.data, buflen) != 0)
+ if (copy_to_user(buffer, upayload->data, buflen) != 0)
ret = -EFAULT;
}
diff --git a/security/seclvl.c b/security/seclvl.c
index 8a0ab0d7949..c8e87b22c9b 100644
--- a/security/seclvl.c
+++ b/security/seclvl.c
@@ -155,7 +155,7 @@ seclvl_attr_store(struct kobject *kobj,
struct seclvl_obj *obj = container_of(kobj, struct seclvl_obj, kobj);
struct seclvl_attribute *attribute =
container_of(attr, struct seclvl_attribute, attr);
- return (attribute->store ? attribute->store(obj, buf, len) : 0);
+ return attribute->store ? attribute->store(obj, buf, len) : -EIO;
}
static ssize_t
@@ -164,7 +164,7 @@ seclvl_attr_show(struct kobject *kobj, struct attribute *attr, char *buf)
struct seclvl_obj *obj = container_of(kobj, struct seclvl_obj, kobj);
struct seclvl_attribute *attribute =
container_of(attr, struct seclvl_attribute, attr);
- return (attribute->show ? attribute->show(obj, buf) : 0);
+ return attribute->show ? attribute->show(obj, buf) : -EIO;
}
/**
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 85a6f66a873..451502467a9 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -242,7 +242,7 @@ void __init avc_init(void)
avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node),
0, SLAB_PANIC, NULL, NULL);
- audit_log(current->audit_context, "AVC INITIALIZED\n");
+ audit_log(current->audit_context, AUDIT_KERNEL, "AVC INITIALIZED\n");
}
int avc_get_hash_stats(char *page)
@@ -532,6 +532,7 @@ void avc_audit(u32 ssid, u32 tsid,
u16 tclass, u32 requested,
struct av_decision *avd, int result, struct avc_audit_data *a)
{
+ struct task_struct *tsk = current;
struct inode *inode = NULL;
u32 denied, audited;
struct audit_buffer *ab;
@@ -549,12 +550,18 @@ void avc_audit(u32 ssid, u32 tsid,
return;
}
- ab = audit_log_start(current->audit_context);
+ ab = audit_log_start(current->audit_context, AUDIT_AVC);
if (!ab)
return; /* audit_panic has been called */
audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted");
avc_dump_av(ab, tclass,audited);
audit_log_format(ab, " for ");
+ if (a && a->tsk)
+ tsk = a->tsk;
+ if (tsk && tsk->pid) {
+ audit_log_format(ab, " pid=%d comm=", tsk->pid);
+ audit_log_untrustedstring(ab, tsk->comm);
+ }
if (a) {
switch (a->type) {
case AVC_AUDIT_DATA_IPC:
@@ -566,21 +573,18 @@ void avc_audit(u32 ssid, u32 tsid,
case AVC_AUDIT_DATA_FS:
if (a->u.fs.dentry) {
struct dentry *dentry = a->u.fs.dentry;
- if (a->u.fs.mnt) {
- audit_log_d_path(ab, "path=", dentry,
- a->u.fs.mnt);
- } else {
- audit_log_format(ab, " name=%s",
- dentry->d_name.name);
- }
+ if (a->u.fs.mnt)
+ audit_avc_path(dentry, a->u.fs.mnt);
+ audit_log_format(ab, " name=");
+ audit_log_untrustedstring(ab, dentry->d_name.name);
inode = dentry->d_inode;
} else if (a->u.fs.inode) {
struct dentry *dentry;
inode = a->u.fs.inode;
dentry = d_find_alias(inode);
if (dentry) {
- audit_log_format(ab, " name=%s",
- dentry->d_name.name);
+ audit_log_format(ab, " name=");
+ audit_log_untrustedstring(ab, dentry->d_name.name);
dput(dentry);
}
}
@@ -623,22 +627,20 @@ void avc_audit(u32 ssid, u32 tsid,
case AF_UNIX:
u = unix_sk(sk);
if (u->dentry) {
- audit_log_d_path(ab, "path=",
- u->dentry, u->mnt);
+ audit_avc_path(u->dentry, u->mnt);
+ audit_log_format(ab, " name=");
+ audit_log_untrustedstring(ab, u->dentry->d_name.name);
break;
}
if (!u->addr)
break;
len = u->addr->len-sizeof(short);
p = &u->addr->name->sun_path[0];
+ audit_log_format(ab, " path=");
if (*p)
- audit_log_format(ab,
- "path=%*.*s", len,
- len, p);
+ audit_log_untrustedstring(ab, p);
else
- audit_log_format(ab,
- "path=@%*.*s", len-1,
- len-1, p+1);
+ audit_log_hex(ab, p, len);
break;
}
}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index aae1e794fe4..17a1189f1ff 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1658,9 +1658,8 @@ static int selinux_bprm_secureexec (struct linux_binprm *bprm)
static void selinux_bprm_free_security(struct linux_binprm *bprm)
{
- struct bprm_security_struct *bsec = bprm->security;
+ kfree(bprm->security);
bprm->security = NULL;
- kfree(bsec);
}
extern struct vfsmount *selinuxfs_mount;
@@ -1945,6 +1944,7 @@ static int selinux_sb_copy_data(struct file_system_type *type, void *orig, void
} while (*in_end++);
copy_page(in_save, nosec_save);
+ free_page((unsigned long)nosec_save);
out:
return rc;
}
@@ -2476,6 +2476,17 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
prot = reqprot;
#ifndef CONFIG_PPC32
+ if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXECUTABLE) &&
+ (vma->vm_start >= vma->vm_mm->start_brk &&
+ vma->vm_end <= vma->vm_mm->brk)) {
+ /*
+ * We are making an executable mapping in the brk region.
+ * This has an additional execheap check.
+ */
+ rc = task_has_perm(current, current, PROCESS__EXECHEAP);
+ if (rc)
+ return rc;
+ }
if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) {
/*
* We are making executable a file mapping that has
@@ -2487,6 +2498,16 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
if (rc)
return rc;
}
+ if (!vma->vm_file && (prot & PROT_EXEC) &&
+ vma->vm_start <= vma->vm_mm->start_stack &&
+ vma->vm_end >= vma->vm_mm->start_stack) {
+ /* Attempt to make the process stack executable.
+ * This has an additional execstack check.
+ */
+ rc = task_has_perm(current, current, PROCESS__EXECSTACK);
+ if (rc)
+ return rc;
+ }
#endif
return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
@@ -3419,7 +3440,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
if (err) {
if (err == -EINVAL) {
- audit_log(current->audit_context,
+ audit_log(current->audit_context, AUDIT_SELINUX_ERR,
"SELinux: unrecognized netlink message"
" type=%hu for sclass=%hu\n",
nlh->nlmsg_type, isec->sclass);
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index 8928bb4d3c5..1deb59e1b76 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -70,6 +70,8 @@
S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition")
S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent")
S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")
+ S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")
+ S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")
S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
S_(SECCLASS_MSG, MSG__SEND, "send")
S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index bdfce4ca8f8..a78b5d59c9f 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -465,6 +465,8 @@
#define PROCESS__DYNTRANSITION 0x00800000UL
#define PROCESS__SETCURRENT 0x01000000UL
#define PROCESS__EXECMEM 0x02000000UL
+#define PROCESS__EXECSTACK 0x04000000UL
+#define PROCESS__EXECHEAP 0x08000000UL
#define IPC__CREATE 0x00000001UL
#define IPC__DESTROY 0x00000002UL
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index b3adb481bc2..92b057becb4 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -63,6 +63,8 @@ static struct nlmsg_perm nlmsg_route_perms[] =
{ RTM_GETPREFIX, NETLINK_ROUTE_SOCKET__NLMSG_READ },
{ RTM_GETMULTICAST, NETLINK_ROUTE_SOCKET__NLMSG_READ },
{ RTM_GETANYCAST, NETLINK_ROUTE_SOCKET__NLMSG_READ },
+ { RTM_GETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_READ },
+ { RTM_SETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
};
static struct nlmsg_perm nlmsg_firewall_perms[] =
@@ -97,6 +99,7 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
{ AUDIT_ADD, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
{ AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
{ AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
+ { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ },
};
@@ -141,8 +144,13 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
break;
case SECCLASS_NETLINK_AUDIT_SOCKET:
- err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
- sizeof(nlmsg_audit_perms));
+ if (nlmsg_type >= AUDIT_FIRST_USER_MSG &&
+ nlmsg_type <= AUDIT_LAST_USER_MSG) {
+ *perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;
+ } else {
+ err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
+ sizeof(nlmsg_audit_perms));
+ }
break;
/* No messaging from userspace, or class unknown/unhandled */
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 07221568b50..8eb140dd2e4 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -951,8 +951,7 @@ static int sel_make_bools(void)
u32 sid;
/* remove any existing files */
- if (bool_pending_values)
- kfree(bool_pending_values);
+ kfree(bool_pending_values);
sel_remove_bools(dir);
@@ -997,10 +996,8 @@ static int sel_make_bools(void)
out:
free_page((unsigned long)page);
if (names) {
- for (i = 0; i < num; i++) {
- if (names[i])
- kfree(names[i]);
- }
+ for (i = 0; i < num; i++)
+ kfree(names[i]);
kfree(names);
}
return ret;
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index b53441184ac..e2057f5a411 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -166,16 +166,14 @@ static void cond_list_destroy(struct cond_node *list)
void cond_policydb_destroy(struct policydb *p)
{
- if (p->bool_val_to_struct != NULL)
- kfree(p->bool_val_to_struct);
+ kfree(p->bool_val_to_struct);
avtab_destroy(&p->te_cond_avtab);
cond_list_destroy(p->cond_list);
}
int cond_init_bool_indexes(struct policydb *p)
{
- if (p->bool_val_to_struct)
- kfree(p->bool_val_to_struct);
+ kfree(p->bool_val_to_struct);
p->bool_val_to_struct = (struct cond_bool_datum**)
kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum*), GFP_KERNEL);
if (!p->bool_val_to_struct)
@@ -185,8 +183,7 @@ int cond_init_bool_indexes(struct policydb *p)
int cond_destroy_bool(void *key, void *datum, void *p)
{
- if (key)
- kfree(key);
+ kfree(key);
kfree(datum);
return 0;
}
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 14190efbf33..785c33cf486 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -590,17 +590,12 @@ void policydb_destroy(struct policydb *p)
hashtab_destroy(p->symtab[i].table);
}
- for (i = 0; i < SYM_NUM; i++) {
- if (p->sym_val_to_name[i])
- kfree(p->sym_val_to_name[i]);
- }
+ for (i = 0; i < SYM_NUM; i++)
+ kfree(p->sym_val_to_name[i]);
- if (p->class_val_to_struct)
- kfree(p->class_val_to_struct);
- if (p->role_val_to_struct)
- kfree(p->role_val_to_struct);
- if (p->user_val_to_struct)
- kfree(p->user_val_to_struct);
+ kfree(p->class_val_to_struct);
+ kfree(p->role_val_to_struct);
+ kfree(p->user_val_to_struct);
avtab_destroy(&p->te_avtab);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 5a820cf88c9..922bb45054a 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -365,7 +365,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
goto out;
if (context_struct_to_string(tcontext, &t, &tlen) < 0)
goto out;
- audit_log(current->audit_context,
+ audit_log(current->audit_context, AUDIT_SELINUX_ERR,
"security_validate_transition: denied for"
" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
o, n, t, policydb.p_class_val_to_name[tclass-1]);
@@ -476,8 +476,8 @@ int security_compute_av(u32 ssid,
int rc = 0;
if (!ss_initialized) {
- avd->allowed = requested;
- avd->decided = requested;
+ avd->allowed = 0xffffffff;
+ avd->decided = 0xffffffff;
avd->auditallow = 0;
avd->auditdeny = 0xffffffff;
avd->seqno = latest_granting;
@@ -742,7 +742,7 @@ static int compute_sid_handle_invalid_context(
goto out;
if (context_struct_to_string(newcontext, &n, &nlen) < 0)
goto out;
- audit_log(current->audit_context,
+ audit_log(current->audit_context, AUDIT_SELINUX_ERR,
"security_compute_sid: invalid context %s"
" for scontext=%s"
" tcontext=%s"
@@ -1196,9 +1196,11 @@ int security_load_policy(void *data, size_t len)
}
policydb_loaded_version = policydb.policyvers;
ss_initialized = 1;
-
+ seqno = ++latest_granting;
LOAD_UNLOCK;
selinux_complete_init();
+ avc_ss_reset(seqno);
+ selnl_notify_policyload(seqno);
return 0;
}
@@ -1703,11 +1705,9 @@ out:
err:
if (*names) {
for (i = 0; i < *len; i++)
- if ((*names)[i])
- kfree((*names)[i]);
+ kfree((*names)[i]);
}
- if (*values)
- kfree(*values);
+ kfree(*values);
goto out;
}