Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris: "A quiet cycle for the security subsystem with just a few maintenance updates." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: Smack: create a sysfs mount point for smackfs Smack: use select not depends in Kconfig Yama: remove locking from delete path Yama: add RCU to drop read locking drivers/char/tpm: remove tasklet and cleanup KEYS: Use keyring_alloc() to create special keyrings KEYS: Reduce initial permissions on keys KEYS: Make the session and process keyrings per-thread seccomp: Make syscall skipping and nr changes more consistent key: Fix resource leak keys: Fix unreachable code KEYS: Add payload preparsing opportunity prior to key instantiate or update
This commit is contained in:
Linus Torvalds
@@ -854,13 +854,13 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
|
||||
/* if the client doesn't provide, decide on the permissions we want */
|
||||
if (perm == KEY_PERM_UNDEF) {
|
||||
perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
|
||||
perm |= KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_LINK | KEY_USR_SETATTR;
|
||||
perm |= KEY_USR_VIEW;
|
||||
|
||||
if (ktype->read)
|
||||
perm |= KEY_POS_READ | KEY_USR_READ;
|
||||
perm |= KEY_POS_READ;
|
||||
|
||||
if (ktype == &key_type_keyring || ktype->update)
|
||||
perm |= KEY_USR_WRITE;
|
||||
perm |= KEY_POS_WRITE;
|
||||
}
|
||||
|
||||
/* allocate a new key */
|
||||
|
||||
@@ -1132,12 +1132,12 @@ long keyctl_instantiate_key_iov(key_serial_t id,
|
||||
ret = rw_copy_check_uvector(WRITE, _payload_iov, ioc,
|
||||
ARRAY_SIZE(iovstack), iovstack, &iov);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
goto err;
|
||||
if (ret == 0)
|
||||
goto no_payload_free;
|
||||
|
||||
ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid);
|
||||
|
||||
err:
|
||||
if (iov != iovstack)
|
||||
kfree(iov);
|
||||
return ret;
|
||||
@@ -1495,7 +1495,8 @@ long keyctl_session_to_parent(void)
|
||||
goto error_keyring;
|
||||
newwork = &cred->rcu;
|
||||
|
||||
cred->tgcred->session_keyring = key_ref_to_ptr(keyring_r);
|
||||
cred->session_keyring = key_ref_to_ptr(keyring_r);
|
||||
keyring_r = NULL;
|
||||
init_task_work(newwork, key_change_session_keyring);
|
||||
|
||||
me = current;
|
||||
@@ -1519,7 +1520,7 @@ long keyctl_session_to_parent(void)
|
||||
mycred = current_cred();
|
||||
pcred = __task_cred(parent);
|
||||
if (mycred == pcred ||
|
||||
mycred->tgcred->session_keyring == pcred->tgcred->session_keyring) {
|
||||
mycred->session_keyring == pcred->session_keyring) {
|
||||
ret = 0;
|
||||
goto unlock;
|
||||
}
|
||||
@@ -1535,9 +1536,9 @@ long keyctl_session_to_parent(void)
|
||||
goto unlock;
|
||||
|
||||
/* the keyrings must have the same UID */
|
||||
if ((pcred->tgcred->session_keyring &&
|
||||
!uid_eq(pcred->tgcred->session_keyring->uid, mycred->euid)) ||
|
||||
!uid_eq(mycred->tgcred->session_keyring->uid, mycred->euid))
|
||||
if ((pcred->session_keyring &&
|
||||
!uid_eq(pcred->session_keyring->uid, mycred->euid)) ||
|
||||
!uid_eq(mycred->session_keyring->uid, mycred->euid))
|
||||
goto unlock;
|
||||
|
||||
/* cancel an already pending keyring replacement */
|
||||
|
||||
@@ -257,17 +257,14 @@ error:
|
||||
* Allocate a keyring and link into the destination keyring.
|
||||
*/
|
||||
struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
|
||||
const struct cred *cred, unsigned long flags,
|
||||
struct key *dest)
|
||||
const struct cred *cred, key_perm_t perm,
|
||||
unsigned long flags, struct key *dest)
|
||||
{
|
||||
struct key *keyring;
|
||||
int ret;
|
||||
|
||||
keyring = key_alloc(&key_type_keyring, description,
|
||||
uid, gid, cred,
|
||||
(KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL,
|
||||
flags);
|
||||
|
||||
uid, gid, cred, perm, flags);
|
||||
if (!IS_ERR(keyring)) {
|
||||
ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);
|
||||
if (ret < 0) {
|
||||
@@ -278,6 +275,7 @@ struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
|
||||
|
||||
return keyring;
|
||||
}
|
||||
EXPORT_SYMBOL(keyring_alloc);
|
||||
|
||||
/**
|
||||
* keyring_search_aux - Search a keyring tree for a key matching some criteria
|
||||
|
||||
@@ -45,10 +45,12 @@ int install_user_keyrings(void)
|
||||
struct user_struct *user;
|
||||
const struct cred *cred;
|
||||
struct key *uid_keyring, *session_keyring;
|
||||
key_perm_t user_keyring_perm;
|
||||
char buf[20];
|
||||
int ret;
|
||||
uid_t uid;
|
||||
|
||||
user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
|
||||
cred = current_cred();
|
||||
user = cred->user;
|
||||
uid = from_kuid(cred->user_ns, user->uid);
|
||||
@@ -73,8 +75,8 @@ int install_user_keyrings(void)
|
||||
uid_keyring = find_keyring_by_name(buf, true);
|
||||
if (IS_ERR(uid_keyring)) {
|
||||
uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID,
|
||||
cred, KEY_ALLOC_IN_QUOTA,
|
||||
NULL);
|
||||
cred, user_keyring_perm,
|
||||
KEY_ALLOC_IN_QUOTA, NULL);
|
||||
if (IS_ERR(uid_keyring)) {
|
||||
ret = PTR_ERR(uid_keyring);
|
||||
goto error;
|
||||
@@ -89,7 +91,8 @@ int install_user_keyrings(void)
|
||||
if (IS_ERR(session_keyring)) {
|
||||
session_keyring =
|
||||
keyring_alloc(buf, user->uid, INVALID_GID,
|
||||
cred, KEY_ALLOC_IN_QUOTA, NULL);
|
||||
cred, user_keyring_perm,
|
||||
KEY_ALLOC_IN_QUOTA, NULL);
|
||||
if (IS_ERR(session_keyring)) {
|
||||
ret = PTR_ERR(session_keyring);
|
||||
goto error_release;
|
||||
@@ -130,6 +133,7 @@ int install_thread_keyring_to_cred(struct cred *new)
|
||||
struct key *keyring;
|
||||
|
||||
keyring = keyring_alloc("_tid", new->uid, new->gid, new,
|
||||
KEY_POS_ALL | KEY_USR_VIEW,
|
||||
KEY_ALLOC_QUOTA_OVERRUN, NULL);
|
||||
if (IS_ERR(keyring))
|
||||
return PTR_ERR(keyring);
|
||||
@@ -170,27 +174,18 @@ static int install_thread_keyring(void)
|
||||
int install_process_keyring_to_cred(struct cred *new)
|
||||
{
|
||||
struct key *keyring;
|
||||
int ret;
|
||||
|
||||
if (new->tgcred->process_keyring)
|
||||
if (new->process_keyring)
|
||||
return -EEXIST;
|
||||
|
||||
keyring = keyring_alloc("_pid", new->uid, new->gid,
|
||||
new, KEY_ALLOC_QUOTA_OVERRUN, NULL);
|
||||
keyring = keyring_alloc("_pid", new->uid, new->gid, new,
|
||||
KEY_POS_ALL | KEY_USR_VIEW,
|
||||
KEY_ALLOC_QUOTA_OVERRUN, NULL);
|
||||
if (IS_ERR(keyring))
|
||||
return PTR_ERR(keyring);
|
||||
|
||||
spin_lock_irq(&new->tgcred->lock);
|
||||
if (!new->tgcred->process_keyring) {
|
||||
new->tgcred->process_keyring = keyring;
|
||||
keyring = NULL;
|
||||
ret = 0;
|
||||
} else {
|
||||
ret = -EEXIST;
|
||||
}
|
||||
spin_unlock_irq(&new->tgcred->lock);
|
||||
key_put(keyring);
|
||||
return ret;
|
||||
new->process_keyring = keyring;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -231,11 +226,12 @@ int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
|
||||
/* create an empty session keyring */
|
||||
if (!keyring) {
|
||||
flags = KEY_ALLOC_QUOTA_OVERRUN;
|
||||
if (cred->tgcred->session_keyring)
|
||||
if (cred->session_keyring)
|
||||
flags = KEY_ALLOC_IN_QUOTA;
|
||||
|
||||
keyring = keyring_alloc("_ses", cred->uid, cred->gid,
|
||||
cred, flags, NULL);
|
||||
keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
|
||||
KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
|
||||
flags, NULL);
|
||||
if (IS_ERR(keyring))
|
||||
return PTR_ERR(keyring);
|
||||
} else {
|
||||
@@ -243,17 +239,11 @@ int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
|
||||
}
|
||||
|
||||
/* install the keyring */
|
||||
spin_lock_irq(&cred->tgcred->lock);
|
||||
old = cred->tgcred->session_keyring;
|
||||
rcu_assign_pointer(cred->tgcred->session_keyring, keyring);
|
||||
spin_unlock_irq(&cred->tgcred->lock);
|
||||
old = cred->session_keyring;
|
||||
rcu_assign_pointer(cred->session_keyring, keyring);
|
||||
|
||||
/* we're using RCU on the pointer, but there's no point synchronising
|
||||
* on it if it didn't previously point to anything */
|
||||
if (old) {
|
||||
synchronize_rcu();
|
||||
if (old)
|
||||
key_put(old);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -368,9 +358,9 @@ key_ref_t search_my_process_keyrings(struct key_type *type,
|
||||
}
|
||||
|
||||
/* search the process keyring second */
|
||||
if (cred->tgcred->process_keyring) {
|
||||
if (cred->process_keyring) {
|
||||
key_ref = keyring_search_aux(
|
||||
make_key_ref(cred->tgcred->process_keyring, 1),
|
||||
make_key_ref(cred->process_keyring, 1),
|
||||
cred, type, description, match, no_state_check);
|
||||
if (!IS_ERR(key_ref))
|
||||
goto found;
|
||||
@@ -389,12 +379,10 @@ key_ref_t search_my_process_keyrings(struct key_type *type,
|
||||
}
|
||||
|
||||
/* search the session keyring */
|
||||
if (cred->tgcred->session_keyring) {
|
||||
if (cred->session_keyring) {
|
||||
rcu_read_lock();
|
||||
key_ref = keyring_search_aux(
|
||||
make_key_ref(rcu_dereference(
|
||||
cred->tgcred->session_keyring),
|
||||
1),
|
||||
make_key_ref(rcu_dereference(cred->session_keyring), 1),
|
||||
cred, type, description, match, no_state_check);
|
||||
rcu_read_unlock();
|
||||
|
||||
@@ -564,7 +552,7 @@ try_again:
|
||||
break;
|
||||
|
||||
case KEY_SPEC_PROCESS_KEYRING:
|
||||
if (!cred->tgcred->process_keyring) {
|
||||
if (!cred->process_keyring) {
|
||||
if (!(lflags & KEY_LOOKUP_CREATE))
|
||||
goto error;
|
||||
|
||||
@@ -576,13 +564,13 @@ try_again:
|
||||
goto reget_creds;
|
||||
}
|
||||
|
||||
key = cred->tgcred->process_keyring;
|
||||
key = cred->process_keyring;
|
||||
atomic_inc(&key->usage);
|
||||
key_ref = make_key_ref(key, 1);
|
||||
break;
|
||||
|
||||
case KEY_SPEC_SESSION_KEYRING:
|
||||
if (!cred->tgcred->session_keyring) {
|
||||
if (!cred->session_keyring) {
|
||||
/* always install a session keyring upon access if one
|
||||
* doesn't exist yet */
|
||||
ret = install_user_keyrings();
|
||||
@@ -597,7 +585,7 @@ try_again:
|
||||
if (ret < 0)
|
||||
goto error;
|
||||
goto reget_creds;
|
||||
} else if (cred->tgcred->session_keyring ==
|
||||
} else if (cred->session_keyring ==
|
||||
cred->user->session_keyring &&
|
||||
lflags & KEY_LOOKUP_CREATE) {
|
||||
ret = join_session_keyring(NULL);
|
||||
@@ -607,7 +595,7 @@ try_again:
|
||||
}
|
||||
|
||||
rcu_read_lock();
|
||||
key = rcu_dereference(cred->tgcred->session_keyring);
|
||||
key = rcu_dereference(cred->session_keyring);
|
||||
atomic_inc(&key->usage);
|
||||
rcu_read_unlock();
|
||||
key_ref = make_key_ref(key, 1);
|
||||
@@ -767,12 +755,6 @@ long join_session_keyring(const char *name)
|
||||
struct key *keyring;
|
||||
long ret, serial;
|
||||
|
||||
/* only permit this if there's a single thread in the thread group -
|
||||
* this avoids us having to adjust the creds on all threads and risking
|
||||
* ENOMEM */
|
||||
if (!current_is_single_threaded())
|
||||
return -EMLINK;
|
||||
|
||||
new = prepare_creds();
|
||||
if (!new)
|
||||
return -ENOMEM;
|
||||
@@ -784,7 +766,7 @@ long join_session_keyring(const char *name)
|
||||
if (ret < 0)
|
||||
goto error;
|
||||
|
||||
serial = new->tgcred->session_keyring->serial;
|
||||
serial = new->session_keyring->serial;
|
||||
ret = commit_creds(new);
|
||||
if (ret == 0)
|
||||
ret = serial;
|
||||
@@ -798,8 +780,10 @@ long join_session_keyring(const char *name)
|
||||
keyring = find_keyring_by_name(name, false);
|
||||
if (PTR_ERR(keyring) == -ENOKEY) {
|
||||
/* not found - try and create a new one */
|
||||
keyring = keyring_alloc(name, old->uid, old->gid, old,
|
||||
KEY_ALLOC_IN_QUOTA, NULL);
|
||||
keyring = keyring_alloc(
|
||||
name, old->uid, old->gid, old,
|
||||
KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
|
||||
KEY_ALLOC_IN_QUOTA, NULL);
|
||||
if (IS_ERR(keyring)) {
|
||||
ret = PTR_ERR(keyring);
|
||||
goto error2;
|
||||
@@ -807,6 +791,9 @@ long join_session_keyring(const char *name)
|
||||
} else if (IS_ERR(keyring)) {
|
||||
ret = PTR_ERR(keyring);
|
||||
goto error2;
|
||||
} else if (keyring == new->session_keyring) {
|
||||
ret = 0;
|
||||
goto error2;
|
||||
}
|
||||
|
||||
/* we've got a keyring - now to install it */
|
||||
@@ -863,8 +850,7 @@ void key_change_session_keyring(struct callback_head *twork)
|
||||
|
||||
new->jit_keyring = old->jit_keyring;
|
||||
new->thread_keyring = key_get(old->thread_keyring);
|
||||
new->tgcred->tgid = old->tgcred->tgid;
|
||||
new->tgcred->process_keyring = key_get(old->tgcred->process_keyring);
|
||||
new->process_keyring = key_get(old->process_keyring);
|
||||
|
||||
security_transfer_creds(new, old);
|
||||
|
||||
|
||||
@@ -126,6 +126,7 @@ static int call_sbin_request_key(struct key_construction *cons,
|
||||
|
||||
cred = get_current_cred();
|
||||
keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
|
||||
KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
|
||||
KEY_ALLOC_QUOTA_OVERRUN, NULL);
|
||||
put_cred(cred);
|
||||
if (IS_ERR(keyring)) {
|
||||
@@ -150,12 +151,12 @@ static int call_sbin_request_key(struct key_construction *cons,
|
||||
cred->thread_keyring ? cred->thread_keyring->serial : 0);
|
||||
|
||||
prkey = 0;
|
||||
if (cred->tgcred->process_keyring)
|
||||
prkey = cred->tgcred->process_keyring->serial;
|
||||
if (cred->process_keyring)
|
||||
prkey = cred->process_keyring->serial;
|
||||
sprintf(keyring_str[1], "%d", prkey);
|
||||
|
||||
rcu_read_lock();
|
||||
session = rcu_dereference(cred->tgcred->session_keyring);
|
||||
session = rcu_dereference(cred->session_keyring);
|
||||
if (!session)
|
||||
session = cred->user->session_keyring;
|
||||
sskey = session->serial;
|
||||
@@ -297,14 +298,14 @@ static void construct_get_dest_keyring(struct key **_dest_keyring)
|
||||
break;
|
||||
|
||||
case KEY_REQKEY_DEFL_PROCESS_KEYRING:
|
||||
dest_keyring = key_get(cred->tgcred->process_keyring);
|
||||
dest_keyring = key_get(cred->process_keyring);
|
||||
if (dest_keyring)
|
||||
break;
|
||||
|
||||
case KEY_REQKEY_DEFL_SESSION_KEYRING:
|
||||
rcu_read_lock();
|
||||
dest_keyring = key_get(
|
||||
rcu_dereference(cred->tgcred->session_keyring));
|
||||
rcu_dereference(cred->session_keyring));
|
||||
rcu_read_unlock();
|
||||
|
||||
if (dest_keyring)
|
||||
@@ -347,6 +348,7 @@ static int construct_alloc_key(struct key_type *type,
|
||||
const struct cred *cred = current_cred();
|
||||
unsigned long prealloc;
|
||||
struct key *key;
|
||||
key_perm_t perm;
|
||||
key_ref_t key_ref;
|
||||
int ret;
|
||||
|
||||
@@ -355,8 +357,15 @@ static int construct_alloc_key(struct key_type *type,
|
||||
*_key = NULL;
|
||||
mutex_lock(&user->cons_lock);
|
||||
|
||||
perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
|
||||
perm |= KEY_USR_VIEW;
|
||||
if (type->read)
|
||||
perm |= KEY_POS_READ;
|
||||
if (type == &key_type_keyring || type->update)
|
||||
perm |= KEY_POS_WRITE;
|
||||
|
||||
key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred,
|
||||
KEY_POS_ALL, flags);
|
||||
perm, flags);
|
||||
if (IS_ERR(key))
|
||||
goto alloc_failed;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user