CRED: Use RCU to access another task's creds and to release a task's own creds
[safe/jmp/linux-2.6] / security / keys / request_key_auth.c
index 0ecc2e8..2125579 100644 (file)
 #include <linux/sched.h>
 #include <linux/err.h>
 #include <linux/seq_file.h>
+#include <linux/slab.h>
 #include <asm/uaccess.h>
 #include "internal.h"
 
 static int request_key_auth_instantiate(struct key *, const void *, size_t);
 static void request_key_auth_describe(const struct key *, struct seq_file *);
+static void request_key_auth_revoke(struct key *);
 static void request_key_auth_destroy(struct key *);
 static long request_key_auth_read(const struct key *, char __user *, size_t);
 
@@ -31,6 +33,7 @@ struct key_type key_type_request_key_auth = {
        .def_datalen    = sizeof(struct request_key_auth),
        .instantiate    = request_key_auth_instantiate,
        .describe       = request_key_auth_describe,
+       .revoke         = request_key_auth_revoke,
        .destroy        = request_key_auth_destroy,
        .read           = request_key_auth_read,
 };
@@ -59,7 +62,7 @@ static void request_key_auth_describe(const struct key *key,
 
        seq_puts(m, "key:");
        seq_puts(m, key->description);
-       seq_printf(m, " pid:%d ci:%zu", rka->pid, strlen(rka->callout_info));
+       seq_printf(m, " pid:%d ci:%zu", rka->pid, rka->callout_len);
 
 } /* end request_key_auth_describe() */
 
@@ -75,7 +78,7 @@ static long request_key_auth_read(const struct key *key,
        size_t datalen;
        long ret;
 
-       datalen = strlen(rka->callout_info);
+       datalen = rka->callout_len;
        ret = datalen;
 
        /* we can return the data as is */
@@ -93,6 +96,24 @@ static long request_key_auth_read(const struct key *key,
 
 /*****************************************************************************/
 /*
+ * handle revocation of an authorisation token key
+ * - called with the key sem write-locked
+ */
+static void request_key_auth_revoke(struct key *key)
+{
+       struct request_key_auth *rka = key->payload.data;
+
+       kenter("{%d}", key->serial);
+
+       if (rka->context) {
+               put_task_struct(rka->context);
+               rka->context = NULL;
+       }
+
+} /* end request_key_auth_revoke() */
+
+/*****************************************************************************/
+/*
  * destroy an instantiation authorisation token key
  */
 static void request_key_auth_destroy(struct key *key)
@@ -101,7 +122,14 @@ static void request_key_auth_destroy(struct key *key)
 
        kenter("{%d}", key->serial);
 
+       if (rka->context) {
+               put_task_struct(rka->context);
+               rka->context = NULL;
+       }
+
        key_put(rka->target_key);
+       key_put(rka->dest_keyring);
+       kfree(rka->callout_info);
        kfree(rka);
 
 } /* end request_key_auth_destroy() */
@@ -111,7 +139,8 @@ static void request_key_auth_destroy(struct key *key)
  * create an authorisation token for /sbin/request-key or whoever to gain
  * access to the caller's security data
  */
-struct key *request_key_auth_new(struct key *target, const char *callout_info)
+struct key *request_key_auth_new(struct key *target, const void *callout_info,
+                                size_t callout_len, struct key *dest_keyring)
 {
        struct request_key_auth *rka, *irka;
        struct key *authkey = NULL;
@@ -126,31 +155,51 @@ struct key *request_key_auth_new(struct key *target, const char *callout_info)
                kleave(" = -ENOMEM");
                return ERR_PTR(-ENOMEM);
        }
+       rka->callout_info = kmalloc(callout_len, GFP_KERNEL);
+       if (!rka->callout_info) {
+               kleave(" = -ENOMEM");
+               kfree(rka);
+               return ERR_PTR(-ENOMEM);
+       }
 
        /* see if the calling process is already servicing the key request of
         * another process */
-       if (current->request_key_auth) {
+       if (current->cred->request_key_auth) {
                /* it is - use that instantiation context here too */
-               irka = current->request_key_auth->payload.data;
+               down_read(&current->cred->request_key_auth->sem);
+
+               /* if the auth key has been revoked, then the key we're
+                * servicing is already instantiated */
+               if (test_bit(KEY_FLAG_REVOKED,
+                            &current->cred->request_key_auth->flags))
+                       goto auth_key_revoked;
+
+               irka = current->cred->request_key_auth->payload.data;
                rka->context = irka->context;
                rka->pid = irka->pid;
+               get_task_struct(rka->context);
+
+               up_read(&current->cred->request_key_auth->sem);
        }
        else {
                /* it isn't - use this process as the context */
                rka->context = current;
                rka->pid = current->pid;
+               get_task_struct(rka->context);
        }
 
        rka->target_key = key_get(target);
-       rka->callout_info = callout_info;
+       rka->dest_keyring = key_get(dest_keyring);
+       memcpy(rka->callout_info, callout_info, callout_len);
+       rka->callout_len = callout_len;
 
        /* allocate the auth key */
        sprintf(desc, "%x", target->serial);
 
        authkey = key_alloc(&key_type_request_key_auth, desc,
-                           current->fsuid, current->fsgid, current,
+                           current_fsuid(), current_fsgid(), current,
                            KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH |
-                           KEY_USR_VIEW, 1);
+                           KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA);
        if (IS_ERR(authkey)) {
                ret = PTR_ERR(authkey);
                goto error_alloc;
@@ -161,14 +210,23 @@ struct key *request_key_auth_new(struct key *target, const char *callout_info)
        if (ret < 0)
                goto error_inst;
 
-       kleave(" = {%d})", authkey->serial);
+       kleave(" = {%d}", authkey->serial);
        return authkey;
 
+auth_key_revoked:
+       up_read(&current->cred->request_key_auth->sem);
+       kfree(rka->callout_info);
+       kfree(rka);
+       kleave("= -EKEYREVOKED");
+       return ERR_PTR(-EKEYREVOKED);
+
 error_inst:
        key_revoke(authkey);
        key_put(authkey);
 error_alloc:
        key_put(rka->target_key);
+       key_put(rka->dest_keyring);
+       kfree(rka->callout_info);
        kfree(rka);
        kleave("= %d", ret);
        return ERR_PTR(ret);
@@ -209,7 +267,7 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id)
                current);
 
        if (IS_ERR(authkey_ref)) {
-               authkey = ERR_PTR(PTR_ERR(authkey_ref));
+               authkey = ERR_CAST(authkey_ref);
                goto error;
        }