add new system file

hc

2024-02-20 102a0743326a03cd1a1202ceda21e175b7d3575c

 kernel/security/keys/request_key.c
..
..
@@ -1,30 +1,55 @@
1
+// SPDX-License-Identifier: GPL-2.0-or-later
1
2
 /* Request a key from userspace
2
3
  *
3
4
  * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved.
4
5
  * Written by David Howells (dhowells@redhat.com)
5
6
  *
6
- * This program is free software; you can redistribute it and/or
7
- * modify it under the terms of the GNU General Public License
8
- * as published by the Free Software Foundation; either version
9
- * 2 of the License, or (at your option) any later version.
10
- *
11
7
  * See Documentation/security/keys/request-key.rst
12
8
  */
13
9
 
14
-#include <linux/module.h>
10
+#include <linux/export.h>
15
11
 #include <linux/sched.h>
16
12
 #include <linux/kmod.h>
17
13
 #include <linux/err.h>
18
14
 #include <linux/keyctl.h>
19
15
 #include <linux/slab.h>
16
+#include <net/net_namespace.h>
20
17
 #include "internal.h"
21
18
 #include <keys/request_key_auth-type.h>
22
19
 
23
20
 #define key_negative_timeout	60	/* default timeout on a negative key's existence */
24
21
 
22
+static struct key *check_cached_key(struct keyring_search_context *ctx)
23
+{
24
+#ifdef CONFIG_KEYS_REQUEST_CACHE
25
+	struct key *key = current->cached_requested_key;
26
+
27
+	if (key &&
28
+	    ctx->match_data.cmp(key, &ctx->match_data) &&
29
+	    !(key->flags & ((1 << KEY_FLAG_INVALIDATED) |
30
+			    (1 << KEY_FLAG_REVOKED))))
31
+		return key_get(key);
32
+#endif
33
+	return NULL;
34
+}
35
+
36
+static void cache_requested_key(struct key *key)
37
+{
38
+#ifdef CONFIG_KEYS_REQUEST_CACHE
39
+	struct task_struct *t = current;
40
+
41
+	/* Do not cache key if it is a kernel thread */
42
+	if (!(t->flags & PF_KTHREAD)) {
43
+		key_put(t->cached_requested_key);
44
+		t->cached_requested_key = key_get(key);
45
+		set_tsk_thread_flag(t, TIF_NOTIFY_RESUME);
46
+	}
47
+#endif
48
+}
49
+
25
50
 /**
26
51
  * complete_request_key - Complete the construction of a key.
27
- * @auth_key: The authorisation key.
52
+ * @authkey: The authorisation key.
28
53
  * @error: The success or failute of the construction.
29
54
  *
30
55
  * Complete the attempt to construct a key.  The key will be negated
..
..
@@ -96,7 +121,7 @@
96
121
 	struct request_key_auth *rka = get_request_key_auth(authkey);
97
122
 	const struct cred *cred = current_cred();
98
123
 	key_serial_t prkey, sskey;
99
-	struct key *key = rka->target_key, *keyring, *session;
124
+	struct key *key = rka->target_key, *keyring, *session, *user_session;
100
125
 	char *argv[9], *envp[3], uid_str[12], gid_str[12];
101
126
 	char key_str[12], keyring_str[3][12];
102
127
 	char desc[20];
..
..
@@ -104,9 +129,9 @@
104
129
 
105
130
 	kenter("{%d},{%d},%s", key->serial, authkey->serial, rka->op);
106
131
 
107
-	ret = install_user_keyrings();
132
+	ret = look_up_user_keyrings(NULL, &user_session);
108
133
 	if (ret < 0)
109
-		goto error_alloc;
134
+		goto error_us;
110
135
 
111
136
 	/* allocate a new session keyring */
112
137
 	sprintf(desc, "_req.%u", key->serial);
..
..
@@ -142,12 +167,10 @@
142
167
 		prkey = cred->process_keyring->serial;
143
168
 	sprintf(keyring_str[1], "%d", prkey);
144
169
 
145
-	rcu_read_lock();
146
-	session = rcu_dereference(cred->session_keyring);
170
+	session = cred->session_keyring;
147
171
 	if (!session)
148
-		session = cred->user->session_keyring;
172
+		session = user_session;
149
173
 	sskey = session->serial;
150
-	rcu_read_unlock();
151
174
 
152
175
 	sprintf(keyring_str[2], "%d", sskey);
153
176
 
..
..
@@ -188,6 +211,8 @@
188
211
 	key_put(keyring);
189
212
 
190
213
 error_alloc:
214
+	key_put(user_session);
215
+error_us:
191
216
 	complete_request_key(authkey, ret);
192
217
 	kleave(" = %d", ret);
193
218
 	return ret;
..
..
@@ -224,7 +249,7 @@
224
249
 	/* check that the actor called complete_request_key() prior to
225
250
 	 * returning an error */
226
251
 	WARN_ON(ret < 0 &&
227
-		!test_bit(KEY_FLAG_REVOKED, &authkey->flags));
252
+		!test_bit(KEY_FLAG_INVALIDATED, &authkey->flags));
228
253
 
229
254
 	key_put(authkey);
230
255
 	kleave(" = %d", ret);
..
..
@@ -273,32 +298,36 @@
273
298
 				}
274
299
 			}
275
300
 
301
+			fallthrough;
276
302
 		case KEY_REQKEY_DEFL_THREAD_KEYRING:
277
303
 			dest_keyring = key_get(cred->thread_keyring);
278
304
 			if (dest_keyring)
279
305
 				break;
280
306
 
307
+			fallthrough;
281
308
 		case KEY_REQKEY_DEFL_PROCESS_KEYRING:
282
309
 			dest_keyring = key_get(cred->process_keyring);
283
310
 			if (dest_keyring)
284
311
 				break;
285
312
 
313
+			fallthrough;
286
314
 		case KEY_REQKEY_DEFL_SESSION_KEYRING:
287
-			rcu_read_lock();
288
-			dest_keyring = key_get(
289
-				rcu_dereference(cred->session_keyring));
290
-			rcu_read_unlock();
315
+			dest_keyring = key_get(cred->session_keyring);
291
316
 
292
317
 			if (dest_keyring)
293
318
 				break;
294
319
 
320
+			fallthrough;
295
321
 		case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
296
-			dest_keyring =
297
-				key_get(cred->user->session_keyring);
322
+			ret = look_up_user_keyrings(NULL, &dest_keyring);
323
+			if (ret < 0)
324
+				return ret;
298
325
 			break;
299
326
 
300
327
 		case KEY_REQKEY_DEFL_USER_KEYRING:
301
-			dest_keyring = key_get(cred->user->uid_keyring);
328
+			ret = look_up_user_keyrings(&dest_keyring, NULL);
329
+			if (ret < 0)
330
+				return ret;
302
331
 			break;
303
332
 
304
333
 		case KEY_REQKEY_DEFL_GROUP_KEYRING:
..
..
@@ -343,7 +372,7 @@
343
372
 			       struct key_user *user,
344
373
 			       struct key **_key)
345
374
 {
346
-	struct assoc_array_edit *edit;
375
+	struct assoc_array_edit *edit = NULL;
347
376
 	struct key *key;
348
377
 	key_perm_t perm;
349
378
 	key_ref_t key_ref;
..
..
@@ -372,26 +401,39 @@
372
401
 	set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
373
402
 
374
403
 	if (dest_keyring) {
375
-		ret = __key_link_begin(dest_keyring, &ctx->index_key, &edit);
404
+		ret = __key_link_lock(dest_keyring, &key->index_key);
376
405
 		if (ret < 0)
377
-			goto link_prealloc_failed;
406
+			goto link_lock_failed;
378
407
 	}
379
408
 
380
-	/* attach the key to the destination keyring under lock, but we do need
409
+	/*
410
+	 * Attach the key to the destination keyring under lock, but we do need
381
411
 	 * to do another check just in case someone beat us to it whilst we
382
-	 * waited for locks */
412
+	 * waited for locks.
413
+	 *
414
+	 * The caller might specify a comparison function which looks for keys
415
+	 * that do not exactly match but are still equivalent from the caller's
416
+	 * perspective. The __key_link_begin() operation must be done only after
417
+	 * an actual key is determined.
418
+	 */
383
419
 	mutex_lock(&key_construction_mutex);
384
420
 
385
-	key_ref = search_process_keyrings(ctx);
421
+	rcu_read_lock();
422
+	key_ref = search_process_keyrings_rcu(ctx);
423
+	rcu_read_unlock();
386
424
 	if (!IS_ERR(key_ref))
387
425
 		goto key_already_present;
388
426
 
389
-	if (dest_keyring)
390
-		__key_link(key, &edit);
427
+	if (dest_keyring) {
428
+		ret = __key_link_begin(dest_keyring, &key->index_key, &edit);
429
+		if (ret < 0)
430
+			goto link_alloc_failed;
431
+		__key_link(dest_keyring, key, &edit);
432
+	}
391
433
 
392
434
 	mutex_unlock(&key_construction_mutex);
393
435
 	if (dest_keyring)
394
-		__key_link_end(dest_keyring, &ctx->index_key, edit);
436
+		__key_link_end(dest_keyring, &key->index_key, edit);
395
437
 	mutex_unlock(&user->cons_lock);
396
438
 	*_key = key;
397
439
 	kleave(" = 0 [%d]", key_serial(key));
..
..
@@ -404,10 +446,13 @@
404
446
 	mutex_unlock(&key_construction_mutex);
405
447
 	key = key_ref_to_ptr(key_ref);
406
448
 	if (dest_keyring) {
449
+		ret = __key_link_begin(dest_keyring, &key->index_key, &edit);
450
+		if (ret < 0)
451
+			goto link_alloc_failed_unlocked;
407
452
 		ret = __key_link_check_live_key(dest_keyring, key);
408
453
 		if (ret == 0)
409
-			__key_link(key, &edit);
410
-		__key_link_end(dest_keyring, &ctx->index_key, edit);
454
+			__key_link(dest_keyring, key, &edit);
455
+		__key_link_end(dest_keyring, &key->index_key, edit);
411
456
 		if (ret < 0)
412
457
 			goto link_check_failed;
413
458
 	}
..
..
@@ -422,7 +467,11 @@
422
467
 	kleave(" = %d [linkcheck]", ret);
423
468
 	return ret;
424
469
 
425
-link_prealloc_failed:
470
+link_alloc_failed:
471
+	mutex_unlock(&key_construction_mutex);
472
+link_alloc_failed_unlocked:
473
+	__key_link_end(dest_keyring, &key->index_key, edit);
474
+link_lock_failed:
426
475
 	mutex_unlock(&user->cons_lock);
427
476
 	key_put(key);
428
477
 	kleave(" = %d [prelink]", ret);
..
..
@@ -497,16 +546,18 @@
497
546
  * request_key_and_link - Request a key and cache it in a keyring.
498
547
  * @type: The type of key we want.
499
548
  * @description: The searchable description of the key.
549
+ * @domain_tag: The domain in which the key operates.
500
550
  * @callout_info: The data to pass to the instantiation upcall (or NULL).
501
551
  * @callout_len: The length of callout_info.
502
552
  * @aux: Auxiliary data for the upcall.
503
553
  * @dest_keyring: Where to cache the key.
504
554
  * @flags: Flags to key_alloc().
505
555
  *
506
- * A key matching the specified criteria is searched for in the process's
507
- * keyrings and returned with its usage count incremented if found.  Otherwise,
508
- * if callout_info is not NULL, a key will be allocated and some service
509
- * (probably in userspace) will be asked to instantiate it.
556
+ * A key matching the specified criteria (type, description, domain_tag) is
557
+ * searched for in the process's keyrings and returned with its usage count
558
+ * incremented if found.  Otherwise, if callout_info is not NULL, a key will be
559
+ * allocated and some service (probably in userspace) will be asked to
560
+ * instantiate it.
510
561
  *
511
562
  * If successfully found or created, the key will be linked to the destination
512
563
  * keyring if one is provided.
..
..
@@ -522,6 +573,7 @@
522
573
  */
523
574
 struct key *request_key_and_link(struct key_type *type,
524
575
 				 const char *description,
576
+				 struct key_tag *domain_tag,
525
577
 				 const void *callout_info,
526
578
 				 size_t callout_len,
527
579
 				 void *aux,
..
..
@@ -530,6 +582,7 @@
530
582
 {
531
583
 	struct keyring_search_context ctx = {
532
584
 		.index_key.type		= type,
585
+		.index_key.domain_tag	= domain_tag,
533
586
 		.index_key.description	= description,
534
587
 		.index_key.desc_len	= strlen(description),
535
588
 		.cred			= current_cred(),
..
..
@@ -537,7 +590,8 @@
537
590
 		.match_data.raw_data	= description,
538
591
 		.match_data.lookup_type	= KEYRING_SEARCH_LOOKUP_DIRECT,
539
592
 		.flags			= (KEYRING_SEARCH_DO_STATE_CHECK |
540
-					   KEYRING_SEARCH_SKIP_EXPIRED),
593
+					   KEYRING_SEARCH_SKIP_EXPIRED |
594
+					   KEYRING_SEARCH_RECURSE),
541
595
 	};
542
596
 	struct key *key;
543
597
 	key_ref_t key_ref;
..
..
@@ -555,10 +609,26 @@
555
609
 		}
556
610
 	}
557
611
 
612
+	key = check_cached_key(&ctx);
613
+	if (key)
614
+		goto error_free;
615
+
558
616
 	/* search all the process keyrings for a key */
559
-	key_ref = search_process_keyrings(&ctx);
617
+	rcu_read_lock();
618
+	key_ref = search_process_keyrings_rcu(&ctx);
619
+	rcu_read_unlock();
560
620
 
561
621
 	if (!IS_ERR(key_ref)) {
622
+		if (dest_keyring) {
623
+			ret = key_task_permission(key_ref, current_cred(),
624
+						  KEY_NEED_LINK);
625
+			if (ret < 0) {
626
+				key_ref_put(key_ref);
627
+				key = ERR_PTR(ret);
628
+				goto error_free;
629
+			}
630
+		}
631
+
562
632
 		key = key_ref_to_ptr(key_ref);
563
633
 		if (dest_keyring) {
564
634
 			ret = key_link(dest_keyring, key);
..
..
@@ -568,6 +638,9 @@
568
638
 				goto error_free;
569
639
 			}
570
640
 		}
641
+
642
+		/* Only cache the key on immediate success */
643
+		cache_requested_key(key);
571
644
 	} else if (PTR_ERR(key_ref) != -EAGAIN) {
572
645
 		key = ERR_CAST(key_ref);
573
646
 	} else  {
..
..
@@ -616,9 +689,10 @@
616
689
 EXPORT_SYMBOL(wait_for_key_construction);
617
690
 
618
691
 /**
619
- * request_key - Request a key and wait for construction
692
+ * request_key_tag - Request a key and wait for construction
620
693
  * @type: Type of key.
621
694
  * @description: The searchable description of the key.
695
+ * @domain_tag: The domain in which the key operates.
622
696
  * @callout_info: The data to pass to the instantiation upcall (or NULL).
623
697
  *
624
698
  * As for request_key_and_link() except that it does not add the returned key
..
..
@@ -629,9 +703,10 @@
629
703
  * Furthermore, it then works as wait_for_key_construction() to wait for the
630
704
  * completion of keys undergoing construction with a non-interruptible wait.
631
705
  */
632
-struct key *request_key(struct key_type *type,
633
-			const char *description,
634
-			const char *callout_info)
706
+struct key *request_key_tag(struct key_type *type,
707
+			    const char *description,
708
+			    struct key_tag *domain_tag,
709
+			    const char *callout_info)
635
710
 {
636
711
 	struct key *key;
637
712
 	size_t callout_len = 0;
..
..
@@ -639,7 +714,8 @@
639
714
 
640
715
 	if (callout_info)
641
716
 		callout_len = strlen(callout_info);
642
-	key = request_key_and_link(type, description, callout_info, callout_len,
717
+	key = request_key_and_link(type, description, domain_tag,
718
+				   callout_info, callout_len,
643
719
 				   NULL, NULL, KEY_ALLOC_IN_QUOTA);
644
720
 	if (!IS_ERR(key)) {
645
721
 		ret = wait_for_key_construction(key, false);
..
..
@@ -650,12 +726,13 @@
650
726
 	}
651
727
 	return key;
652
728
 }
653
-EXPORT_SYMBOL(request_key);
729
+EXPORT_SYMBOL(request_key_tag);
654
730
 
655
731
 /**
656
732
  * request_key_with_auxdata - Request a key with auxiliary data for the upcaller
657
733
  * @type: The type of key we want.
658
734
  * @description: The searchable description of the key.
735
+ * @domain_tag: The domain in which the key operates.
659
736
  * @callout_info: The data to pass to the instantiation upcall (or NULL).
660
737
  * @callout_len: The length of callout_info.
661
738
  * @aux: Auxiliary data for the upcall.
..
..
@@ -668,6 +745,7 @@
668
745
  */
669
746
 struct key *request_key_with_auxdata(struct key_type *type,
670
747
 				     const char *description,
748
+				     struct key_tag *domain_tag,
671
749
 				     const void *callout_info,
672
750
 				     size_t callout_len,
673
751
 				     void *aux)
..
..
@@ -675,7 +753,8 @@
675
753
 	struct key *key;
676
754
 	int ret;
677
755
 
678
-	key = request_key_and_link(type, description, callout_info, callout_len,
756
+	key = request_key_and_link(type, description, domain_tag,
757
+				   callout_info, callout_len,
679
758
 				   aux, NULL, KEY_ALLOC_IN_QUOTA);
680
759
 	if (!IS_ERR(key)) {
681
760
 		ret = wait_for_key_construction(key, false);
..
..
@@ -688,52 +767,55 @@
688
767
 }
689
768
 EXPORT_SYMBOL(request_key_with_auxdata);
690
769
 
691
-/*
692
- * request_key_async - Request a key (allow async construction)
693
- * @type: Type of key.
694
- * @description: The searchable description of the key.
695
- * @callout_info: The data to pass to the instantiation upcall (or NULL).
696
- * @callout_len: The length of callout_info.
770
+/**
771
+ * request_key_rcu - Request key from RCU-read-locked context
772
+ * @type: The type of key we want.
773
+ * @description: The name of the key we want.
774
+ * @domain_tag: The domain in which the key operates.
697
775
  *
698
- * As for request_key_and_link() except that it does not add the returned key
699
- * to a keyring if found, new keys are always allocated in the user's quota and
700
- * no auxiliary data can be passed.
776
+ * Request a key from a context that we may not sleep in (such as RCU-mode
777
+ * pathwalk).  Keys under construction are ignored.
701
778
  *
702
- * The caller should call wait_for_key_construction() to wait for the
703
- * completion of the returned key if it is still undergoing construction.
779
+ * Return a pointer to the found key if successful, -ENOKEY if we couldn't find
780
+ * a key or some other error if the key found was unsuitable or inaccessible.
704
781
  */
705
-struct key *request_key_async(struct key_type *type,
706
-			      const char *description,
707
-			      const void *callout_info,
708
-			      size_t callout_len)
782
+struct key *request_key_rcu(struct key_type *type,
783
+			    const char *description,
784
+			    struct key_tag *domain_tag)
709
785
 {
710
-	return request_key_and_link(type, description, callout_info,
711
-				    callout_len, NULL, NULL,
712
-				    KEY_ALLOC_IN_QUOTA);
713
-}
714
-EXPORT_SYMBOL(request_key_async);
786
+	struct keyring_search_context ctx = {
787
+		.index_key.type		= type,
788
+		.index_key.domain_tag	= domain_tag,
789
+		.index_key.description	= description,
790
+		.index_key.desc_len	= strlen(description),
791
+		.cred			= current_cred(),
792
+		.match_data.cmp		= key_default_cmp,
793
+		.match_data.raw_data	= description,
794
+		.match_data.lookup_type	= KEYRING_SEARCH_LOOKUP_DIRECT,
795
+		.flags			= (KEYRING_SEARCH_DO_STATE_CHECK |
796
+					   KEYRING_SEARCH_SKIP_EXPIRED),
797
+	};
798
+	struct key *key;
799
+	key_ref_t key_ref;
715
800
 
716
-/*
717
- * request a key with auxiliary data for the upcaller (allow async construction)
718
- * @type: Type of key.
719
- * @description: The searchable description of the key.
720
- * @callout_info: The data to pass to the instantiation upcall (or NULL).
721
- * @callout_len: The length of callout_info.
722
- * @aux: Auxiliary data for the upcall.
723
- *
724
- * As for request_key_and_link() except that it does not add the returned key
725
- * to a keyring if found and new keys are always allocated in the user's quota.
726
- *
727
- * The caller should call wait_for_key_construction() to wait for the
728
- * completion of the returned key if it is still undergoing construction.
729
- */
730
-struct key *request_key_async_with_auxdata(struct key_type *type,
731
-					   const char *description,
732
-					   const void *callout_info,
733
-					   size_t callout_len,
734
-					   void *aux)
735
-{
736
-	return request_key_and_link(type, description, callout_info,
737
-				    callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA);
801
+	kenter("%s,%s", type->name, description);
802
+
803
+	key = check_cached_key(&ctx);
804
+	if (key)
805
+		return key;
806
+
807
+	/* search all the process keyrings for a key */
808
+	key_ref = search_process_keyrings_rcu(&ctx);
809
+	if (IS_ERR(key_ref)) {
810
+		key = ERR_CAST(key_ref);
811
+		if (PTR_ERR(key_ref) == -EAGAIN)
812
+			key = ERR_PTR(-ENOKEY);
813
+	} else {
814
+		key = key_ref_to_ptr(key_ref);
815
+		cache_requested_key(key);
816
+	}
817
+
818
+	kleave(" = %p", key);
819
+	return key;
738
820
 }
739
-EXPORT_SYMBOL(request_key_async_with_auxdata);
821
+EXPORT_SYMBOL(request_key_rcu);