write in 30M

hc

2024-02-20 ea08eeccae9297f7aabd2ef7f0c2517ac4549acc

 kernel/security/keys/process_keys.c
..
..
@@ -1,15 +1,10 @@
1
+// SPDX-License-Identifier: GPL-2.0-or-later
1
2
 /* Manage a process's keyrings
2
3
  *
3
4
  * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
4
5
  * Written by David Howells (dhowells@redhat.com)
5
- *
6
- * This program is free software; you can redistribute it and/or
7
- * modify it under the terms of the GNU General Public License
8
- * as published by the Free Software Foundation; either version
9
- * 2 of the License, or (at your option) any later version.
10
6
  */
11
7
 
12
-#include <linux/module.h>
13
8
 #include <linux/init.h>
14
9
 #include <linux/sched.h>
15
10
 #include <linux/sched/user.h>
..
..
@@ -20,14 +15,12 @@
20
15
 #include <linux/security.h>
21
16
 #include <linux/user_namespace.h>
22
17
 #include <linux/uaccess.h>
18
+#include <linux/init_task.h>
23
19
 #include <keys/request_key_auth-type.h>
24
20
 #include "internal.h"
25
21
 
26
22
 /* Session keyring create vs join semaphore */
27
23
 static DEFINE_MUTEX(key_session_mutex);
28
-
29
-/* User keyring creation semaphore */
30
-static DEFINE_MUTEX(key_user_keyring_mutex);
31
24
 
32
25
 /* The root user's tracking struct */
33
26
 struct key_user root_key_user = {
..
..
@@ -40,94 +33,183 @@
40
33
 };
41
34
 
42
35
 /*
43
- * Install the user and user session keyrings for the current process's UID.
36
+ * Get or create a user register keyring.
44
37
  */
45
-int install_user_keyrings(void)
38
+static struct key *get_user_register(struct user_namespace *user_ns)
46
39
 {
47
-	struct user_struct *user;
48
-	const struct cred *cred;
49
-	struct key *uid_keyring, *session_keyring;
40
+	struct key *reg_keyring = READ_ONCE(user_ns->user_keyring_register);
41
+
42
+	if (reg_keyring)
43
+		return reg_keyring;
44
+
45
+	down_write(&user_ns->keyring_sem);
46
+
47
+	/* Make sure there's a register keyring.  It gets owned by the
48
+	 * user_namespace's owner.
49
+	 */
50
+	reg_keyring = user_ns->user_keyring_register;
51
+	if (!reg_keyring) {
52
+		reg_keyring = keyring_alloc(".user_reg",
53
+					    user_ns->owner, INVALID_GID,
54
+					    &init_cred,
55
+					    KEY_POS_WRITE | KEY_POS_SEARCH |
56
+					    KEY_USR_VIEW | KEY_USR_READ,
57
+					    0,
58
+					    NULL, NULL);
59
+		if (!IS_ERR(reg_keyring))
60
+			smp_store_release(&user_ns->user_keyring_register,
61
+					  reg_keyring);
62
+	}
63
+
64
+	up_write(&user_ns->keyring_sem);
65
+
66
+	/* We don't return a ref since the keyring is pinned by the user_ns */
67
+	return reg_keyring;
68
+}
69
+
70
+/*
71
+ * Look up the user and user session keyrings for the current process's UID,
72
+ * creating them if they don't exist.
73
+ */
74
+int look_up_user_keyrings(struct key **_user_keyring,
75
+			  struct key **_user_session_keyring)
76
+{
77
+	const struct cred *cred = current_cred();
78
+	struct user_namespace *user_ns = current_user_ns();
79
+	struct key *reg_keyring, *uid_keyring, *session_keyring;
50
80
 	key_perm_t user_keyring_perm;
81
+	key_ref_t uid_keyring_r, session_keyring_r;
82
+	uid_t uid = from_kuid(user_ns, cred->user->uid);
51
83
 	char buf[20];
52
84
 	int ret;
53
-	uid_t uid;
54
85
 
55
86
 	user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
56
-	cred = current_cred();
57
-	user = cred->user;
58
-	uid = from_kuid(cred->user_ns, user->uid);
59
87
 
60
-	kenter("%p{%u}", user, uid);
88
+	kenter("%u", uid);
61
89
 
62
-	if (user->uid_keyring && user->session_keyring) {
63
-		kleave(" = 0 [exist]");
64
-		return 0;
65
-	}
90
+	reg_keyring = get_user_register(user_ns);
91
+	if (IS_ERR(reg_keyring))
92
+		return PTR_ERR(reg_keyring);
66
93
 
67
-	mutex_lock(&key_user_keyring_mutex);
94
+	down_write(&user_ns->keyring_sem);
68
95
 	ret = 0;
69
96
 
70
-	if (!user->uid_keyring) {
71
-		/* get the UID-specific keyring
72
-		 * - there may be one in existence already as it may have been
73
-		 *   pinned by a session, but the user_struct pointing to it
74
-		 *   may have been destroyed by setuid */
75
-		sprintf(buf, "_uid.%u", uid);
76
-
77
-		uid_keyring = find_keyring_by_name(buf, true);
97
+	/* Get the user keyring.  Note that there may be one in existence
98
+	 * already as it may have been pinned by a session, but the user_struct
99
+	 * pointing to it may have been destroyed by setuid.
100
+	 */
101
+	snprintf(buf, sizeof(buf), "_uid.%u", uid);
102
+	uid_keyring_r = keyring_search(make_key_ref(reg_keyring, true),
103
+				       &key_type_keyring, buf, false);
104
+	kdebug("_uid %p", uid_keyring_r);
105
+	if (uid_keyring_r == ERR_PTR(-EAGAIN)) {
106
+		uid_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID,
107
+					    cred, user_keyring_perm,
108
+					    KEY_ALLOC_UID_KEYRING |
109
+					    KEY_ALLOC_IN_QUOTA,
110
+					    NULL, reg_keyring);
78
111
 		if (IS_ERR(uid_keyring)) {
79
-			uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID,
80
-						    cred, user_keyring_perm,
81
-						    KEY_ALLOC_UID_KEYRING |
82
-							KEY_ALLOC_IN_QUOTA,
83
-						    NULL, NULL);
84
-			if (IS_ERR(uid_keyring)) {
85
-				ret = PTR_ERR(uid_keyring);
86
-				goto error;
87
-			}
112
+			ret = PTR_ERR(uid_keyring);
113
+			goto error;
88
114
 		}
89
-
90
-		/* get a default session keyring (which might also exist
91
-		 * already) */
92
-		sprintf(buf, "_uid_ses.%u", uid);
93
-
94
-		session_keyring = find_keyring_by_name(buf, true);
95
-		if (IS_ERR(session_keyring)) {
96
-			session_keyring =
97
-				keyring_alloc(buf, user->uid, INVALID_GID,
98
-					      cred, user_keyring_perm,
99
-					      KEY_ALLOC_UID_KEYRING |
100
-						  KEY_ALLOC_IN_QUOTA,
101
-					      NULL, NULL);
102
-			if (IS_ERR(session_keyring)) {
103
-				ret = PTR_ERR(session_keyring);
104
-				goto error_release;
105
-			}
106
-
107
-			/* we install a link from the user session keyring to
108
-			 * the user keyring */
109
-			ret = key_link(session_keyring, uid_keyring);
110
-			if (ret < 0)
111
-				goto error_release_both;
112
-		}
113
-
114
-		/* install the keyrings */
115
-		user->uid_keyring = uid_keyring;
116
-		user->session_keyring = session_keyring;
115
+	} else if (IS_ERR(uid_keyring_r)) {
116
+		ret = PTR_ERR(uid_keyring_r);
117
+		goto error;
118
+	} else {
119
+		uid_keyring = key_ref_to_ptr(uid_keyring_r);
117
120
 	}
118
121
 
119
-	mutex_unlock(&key_user_keyring_mutex);
122
+	/* Get a default session keyring (which might also exist already) */
123
+	snprintf(buf, sizeof(buf), "_uid_ses.%u", uid);
124
+	session_keyring_r = keyring_search(make_key_ref(reg_keyring, true),
125
+					   &key_type_keyring, buf, false);
126
+	kdebug("_uid_ses %p", session_keyring_r);
127
+	if (session_keyring_r == ERR_PTR(-EAGAIN)) {
128
+		session_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID,
129
+						cred, user_keyring_perm,
130
+						KEY_ALLOC_UID_KEYRING |
131
+						KEY_ALLOC_IN_QUOTA,
132
+						NULL, NULL);
133
+		if (IS_ERR(session_keyring)) {
134
+			ret = PTR_ERR(session_keyring);
135
+			goto error_release;
136
+		}
137
+
138
+		/* We install a link from the user session keyring to
139
+		 * the user keyring.
140
+		 */
141
+		ret = key_link(session_keyring, uid_keyring);
142
+		if (ret < 0)
143
+			goto error_release_session;
144
+
145
+		/* And only then link the user-session keyring to the
146
+		 * register.
147
+		 */
148
+		ret = key_link(reg_keyring, session_keyring);
149
+		if (ret < 0)
150
+			goto error_release_session;
151
+	} else if (IS_ERR(session_keyring_r)) {
152
+		ret = PTR_ERR(session_keyring_r);
153
+		goto error_release;
154
+	} else {
155
+		session_keyring = key_ref_to_ptr(session_keyring_r);
156
+	}
157
+
158
+	up_write(&user_ns->keyring_sem);
159
+
160
+	if (_user_session_keyring)
161
+		*_user_session_keyring = session_keyring;
162
+	else
163
+		key_put(session_keyring);
164
+	if (_user_keyring)
165
+		*_user_keyring = uid_keyring;
166
+	else
167
+		key_put(uid_keyring);
120
168
 	kleave(" = 0");
121
169
 	return 0;
122
170
 
123
-error_release_both:
171
+error_release_session:
124
172
 	key_put(session_keyring);
125
173
 error_release:
126
174
 	key_put(uid_keyring);
127
175
 error:
128
-	mutex_unlock(&key_user_keyring_mutex);
176
+	up_write(&user_ns->keyring_sem);
129
177
 	kleave(" = %d", ret);
130
178
 	return ret;
179
+}
180
+
181
+/*
182
+ * Get the user session keyring if it exists, but don't create it if it
183
+ * doesn't.
184
+ */
185
+struct key *get_user_session_keyring_rcu(const struct cred *cred)
186
+{
187
+	struct key *reg_keyring = READ_ONCE(cred->user_ns->user_keyring_register);
188
+	key_ref_t session_keyring_r;
189
+	char buf[20];
190
+
191
+	struct keyring_search_context ctx = {
192
+		.index_key.type		= &key_type_keyring,
193
+		.index_key.description	= buf,
194
+		.cred			= cred,
195
+		.match_data.cmp		= key_default_cmp,
196
+		.match_data.raw_data	= buf,
197
+		.match_data.lookup_type	= KEYRING_SEARCH_LOOKUP_DIRECT,
198
+		.flags			= KEYRING_SEARCH_DO_STATE_CHECK,
199
+	};
200
+
201
+	if (!reg_keyring)
202
+		return NULL;
203
+
204
+	ctx.index_key.desc_len = snprintf(buf, sizeof(buf), "_uid_ses.%u",
205
+					  from_kuid(cred->user_ns,
206
+						    cred->user->uid));
207
+
208
+	session_keyring_r = keyring_search_rcu(make_key_ref(reg_keyring, true),
209
+					       &ctx);
210
+	if (IS_ERR(session_keyring_r))
211
+		return NULL;
212
+	return key_ref_to_ptr(session_keyring_r);
131
213
 }
132
214
 
133
215
 /*
..
..
@@ -228,6 +310,7 @@
228
310
  * Install the given keyring as the session keyring of the given credentials
229
311
  * struct, replacing the existing one if any.  If the given keyring is NULL,
230
312
  * then install a new anonymous session keyring.
313
+ * @cred can not be in use by any task yet.
231
314
  *
232
315
  * Return: 0 on success; -errno on failure.
233
316
  */
..
..
@@ -255,7 +338,7 @@
255
338
 
256
339
 	/* install the keyring */
257
340
 	old = cred->session_keyring;
258
-	rcu_assign_pointer(cred->session_keyring, keyring);
341
+	cred->session_keyring = keyring;
259
342
 
260
343
 	if (old)
261
344
 		key_put(old);
..
..
@@ -291,34 +374,33 @@
291
374
 /*
292
375
  * Handle the fsuid changing.
293
376
  */
294
-void key_fsuid_changed(struct task_struct *tsk)
377
+void key_fsuid_changed(struct cred *new_cred)
295
378
 {
296
379
 	/* update the ownership of the thread keyring */
297
-	BUG_ON(!tsk->cred);
298
-	if (tsk->cred->thread_keyring) {
299
-		down_write(&tsk->cred->thread_keyring->sem);
300
-		tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
301
-		up_write(&tsk->cred->thread_keyring->sem);
380
+	if (new_cred->thread_keyring) {
381
+		down_write(&new_cred->thread_keyring->sem);
382
+		new_cred->thread_keyring->uid = new_cred->fsuid;
383
+		up_write(&new_cred->thread_keyring->sem);
302
384
 	}
303
385
 }
304
386
 
305
387
 /*
306
388
  * Handle the fsgid changing.
307
389
  */
308
-void key_fsgid_changed(struct task_struct *tsk)
390
+void key_fsgid_changed(struct cred *new_cred)
309
391
 {
310
392
 	/* update the ownership of the thread keyring */
311
-	BUG_ON(!tsk->cred);
312
-	if (tsk->cred->thread_keyring) {
313
-		down_write(&tsk->cred->thread_keyring->sem);
314
-		tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
315
-		up_write(&tsk->cred->thread_keyring->sem);
393
+	if (new_cred->thread_keyring) {
394
+		down_write(&new_cred->thread_keyring->sem);
395
+		new_cred->thread_keyring->gid = new_cred->fsgid;
396
+		up_write(&new_cred->thread_keyring->sem);
316
397
 	}
317
398
 }
318
399
 
319
400
 /*
320
401
  * Search the process keyrings attached to the supplied cred for the first
321
- * matching key.
402
+ * matching key under RCU conditions (the caller must be holding the RCU read
403
+ * lock).
322
404
  *
323
405
  * The search criteria are the type and the match function.  The description is
324
406
  * given to the match function as a parameter, but doesn't otherwise influence
..
..
@@ -337,9 +419,11 @@
337
419
  * In the case of a successful return, the possession attribute is set on the
338
420
  * returned key reference.
339
421
  */
340
-key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
422
+key_ref_t search_cred_keyrings_rcu(struct keyring_search_context *ctx)
341
423
 {
424
+	struct key *user_session;
342
425
 	key_ref_t key_ref, ret, err;
426
+	const struct cred *cred = ctx->cred;
343
427
 
344
428
 	/* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
345
429
 	 * searchable, but we failed to find a key or we found a negative key;
..
..
@@ -353,9 +437,9 @@
353
437
 	err = ERR_PTR(-EAGAIN);
354
438
 
355
439
 	/* search the thread keyring first */
356
-	if (ctx->cred->thread_keyring) {
357
-		key_ref = keyring_search_aux(
358
-			make_key_ref(ctx->cred->thread_keyring, 1), ctx);
440
+	if (cred->thread_keyring) {
441
+		key_ref = keyring_search_rcu(
442
+			make_key_ref(cred->thread_keyring, 1), ctx);
359
443
 		if (!IS_ERR(key_ref))
360
444
 			goto found;
361
445
 
..
..
@@ -371,9 +455,9 @@
371
455
 	}
372
456
 
373
457
 	/* search the process keyring second */
374
-	if (ctx->cred->process_keyring) {
375
-		key_ref = keyring_search_aux(
376
-			make_key_ref(ctx->cred->process_keyring, 1), ctx);
458
+	if (cred->process_keyring) {
459
+		key_ref = keyring_search_rcu(
460
+			make_key_ref(cred->process_keyring, 1), ctx);
377
461
 		if (!IS_ERR(key_ref))
378
462
 			goto found;
379
463
 
..
..
@@ -381,6 +465,7 @@
381
465
 		case -EAGAIN: /* no key */
382
466
 			if (ret)
383
467
 				break;
468
+			fallthrough;
384
469
 		case -ENOKEY: /* negative key */
385
470
 			ret = key_ref;
386
471
 			break;
..
..
@@ -391,12 +476,9 @@
391
476
 	}
392
477
 
393
478
 	/* search the session keyring */
394
-	if (ctx->cred->session_keyring) {
395
-		rcu_read_lock();
396
-		key_ref = keyring_search_aux(
397
-			make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1),
398
-			ctx);
399
-		rcu_read_unlock();
479
+	if (cred->session_keyring) {
480
+		key_ref = keyring_search_rcu(
481
+			make_key_ref(cred->session_keyring, 1), ctx);
400
482
 
401
483
 		if (!IS_ERR(key_ref))
402
484
 			goto found;
..
..
@@ -405,6 +487,7 @@
405
487
 		case -EAGAIN: /* no key */
406
488
 			if (ret)
407
489
 				break;
490
+			fallthrough;
408
491
 		case -ENOKEY: /* negative key */
409
492
 			ret = key_ref;
410
493
 			break;
..
..
@@ -414,10 +497,11 @@
414
497
 		}
415
498
 	}
416
499
 	/* or search the user-session keyring */
417
-	else if (ctx->cred->user->session_keyring) {
418
-		key_ref = keyring_search_aux(
419
-			make_key_ref(ctx->cred->user->session_keyring, 1),
420
-			ctx);
500
+	else if ((user_session = get_user_session_keyring_rcu(cred))) {
501
+		key_ref = keyring_search_rcu(make_key_ref(user_session, 1),
502
+					     ctx);
503
+		key_put(user_session);
504
+
421
505
 		if (!IS_ERR(key_ref))
422
506
 			goto found;
423
507
 
..
..
@@ -425,6 +509,7 @@
425
509
 		case -EAGAIN: /* no key */
426
510
 			if (ret)
427
511
 				break;
512
+			fallthrough;
428
513
 		case -ENOKEY: /* negative key */
429
514
 			ret = key_ref;
430
515
 			break;
..
..
@@ -447,16 +532,16 @@
447
532
  * the keys attached to the assumed authorisation key using its credentials if
448
533
  * one is available.
449
534
  *
450
- * Return same as search_my_process_keyrings().
535
+ * The caller must be holding the RCU read lock.
536
+ *
537
+ * Return same as search_cred_keyrings_rcu().
451
538
  */
452
-key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
539
+key_ref_t search_process_keyrings_rcu(struct keyring_search_context *ctx)
453
540
 {
454
541
 	struct request_key_auth *rka;
455
542
 	key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
456
543
 
457
-	might_sleep();
458
-
459
-	key_ref = search_my_process_keyrings(ctx);
544
+	key_ref = search_cred_keyrings_rcu(ctx);
460
545
 	if (!IS_ERR(key_ref))
461
546
 		goto found;
462
547
 	err = key_ref;
..
..
@@ -471,24 +556,17 @@
471
556
 	    ) {
472
557
 		const struct cred *cred = ctx->cred;
473
558
 
474
-		/* defend against the auth key being revoked */
475
-		down_read(&cred->request_key_auth->sem);
476
-
477
-		if (key_validate(ctx->cred->request_key_auth) == 0) {
559
+		if (key_validate(cred->request_key_auth) == 0) {
478
560
 			rka = ctx->cred->request_key_auth->payload.data[0];
479
561
 
562
+			//// was search_process_keyrings() [ie. recursive]
480
563
 			ctx->cred = rka->cred;
481
-			key_ref = search_process_keyrings(ctx);
564
+			key_ref = search_cred_keyrings_rcu(ctx);
482
565
 			ctx->cred = cred;
483
-
484
-			up_read(&cred->request_key_auth->sem);
485
566
 
486
567
 			if (!IS_ERR(key_ref))
487
568
 				goto found;
488
-
489
569
 			ret = key_ref;
490
-		} else {
491
-			up_read(&cred->request_key_auth->sem);
492
570
 		}
493
571
 	}
494
572
 
..
..
@@ -503,7 +581,6 @@
503
581
 found:
504
582
 	return key_ref;
505
583
 }
506
-
507
584
 /*
508
585
  * See if the key we're looking at is the target key.
509
586
  */
..
..
@@ -532,15 +609,16 @@
532
609
  * returned key reference.
533
610
  */
534
611
 key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
535
-			  key_perm_t perm)
612
+			  enum key_need_perm need_perm)
536
613
 {
537
614
 	struct keyring_search_context ctx = {
538
615
 		.match_data.cmp		= lookup_user_key_possessed,
539
616
 		.match_data.lookup_type	= KEYRING_SEARCH_LOOKUP_DIRECT,
540
-		.flags			= KEYRING_SEARCH_NO_STATE_CHECK,
617
+		.flags			= (KEYRING_SEARCH_NO_STATE_CHECK |
618
+					   KEYRING_SEARCH_RECURSE),
541
619
 	};
542
620
 	struct request_key_auth *rka;
543
-	struct key *key;
621
+	struct key *key, *user_session;
544
622
 	key_ref_t key_ref, skey_ref;
545
623
 	int ret;
546
624
 
..
..
@@ -589,20 +667,20 @@
589
667
 		if (!ctx.cred->session_keyring) {
590
668
 			/* always install a session keyring upon access if one
591
669
 			 * doesn't exist yet */
592
-			ret = install_user_keyrings();
670
+			ret = look_up_user_keyrings(NULL, &user_session);
593
671
 			if (ret < 0)
594
672
 				goto error;
595
673
 			if (lflags & KEY_LOOKUP_CREATE)
596
674
 				ret = join_session_keyring(NULL);
597
675
 			else
598
-				ret = install_session_keyring(
599
-					ctx.cred->user->session_keyring);
676
+				ret = install_session_keyring(user_session);
600
677
 
678
+			key_put(user_session);
601
679
 			if (ret < 0)
602
680
 				goto error;
603
681
 			goto reget_creds;
604
-		} else if (ctx.cred->session_keyring ==
605
-			   ctx.cred->user->session_keyring &&
682
+		} else if (test_bit(KEY_FLAG_UID_KEYRING,
683
+				    &ctx.cred->session_keyring->flags) &&
606
684
 			   lflags & KEY_LOOKUP_CREATE) {
607
685
 			ret = join_session_keyring(NULL);
608
686
 			if (ret < 0)
..
..
@@ -610,34 +688,22 @@
610
688
 			goto reget_creds;
611
689
 		}
612
690
 
613
-		rcu_read_lock();
614
-		key = rcu_dereference(ctx.cred->session_keyring);
691
+		key = ctx.cred->session_keyring;
615
692
 		__key_get(key);
616
-		rcu_read_unlock();
617
693
 		key_ref = make_key_ref(key, 1);
618
694
 		break;
619
695
 
620
696
 	case KEY_SPEC_USER_KEYRING:
621
-		if (!ctx.cred->user->uid_keyring) {
622
-			ret = install_user_keyrings();
623
-			if (ret < 0)
624
-				goto error;
625
-		}
626
-
627
-		key = ctx.cred->user->uid_keyring;
628
-		__key_get(key);
697
+		ret = look_up_user_keyrings(&key, NULL);
698
+		if (ret < 0)
699
+			goto error;
629
700
 		key_ref = make_key_ref(key, 1);
630
701
 		break;
631
702
 
632
703
 	case KEY_SPEC_USER_SESSION_KEYRING:
633
-		if (!ctx.cred->user->session_keyring) {
634
-			ret = install_user_keyrings();
635
-			if (ret < 0)
636
-				goto error;
637
-		}
638
-
639
-		key = ctx.cred->user->session_keyring;
640
-		__key_get(key);
704
+		ret = look_up_user_keyrings(NULL, &key);
705
+		if (ret < 0)
706
+			goto error;
641
707
 		key_ref = make_key_ref(key, 1);
642
708
 		break;
643
709
 
..
..
@@ -689,12 +755,12 @@
689
755
 		key_ref = make_key_ref(key, 0);
690
756
 
691
757
 		/* check to see if we possess the key */
692
-		ctx.index_key.type		= key->type;
693
-		ctx.index_key.description	= key->description;
694
-		ctx.index_key.desc_len		= strlen(key->description);
758
+		ctx.index_key			= key->index_key;
695
759
 		ctx.match_data.raw_data		= key;
696
760
 		kdebug("check possessed");
697
-		skey_ref = search_process_keyrings(&ctx);
761
+		rcu_read_lock();
762
+		skey_ref = search_process_keyrings_rcu(&ctx);
763
+		rcu_read_unlock();
698
764
 		kdebug("possessed=%p", skey_ref);
699
765
 
700
766
 		if (!IS_ERR(skey_ref)) {
..
..
@@ -707,35 +773,33 @@
707
773
 
708
774
 	/* unlink does not use the nominated key in any way, so can skip all
709
775
 	 * the permission checks as it is only concerned with the keyring */
710
-	if (lflags & KEY_LOOKUP_FOR_UNLINK) {
711
-		ret = 0;
712
-		goto error;
713
-	}
714
-
715
-	if (!(lflags & KEY_LOOKUP_PARTIAL)) {
716
-		ret = wait_for_key_construction(key, true);
717
-		switch (ret) {
718
-		case -ERESTARTSYS:
719
-			goto invalid_key;
720
-		default:
721
-			if (perm)
776
+	if (need_perm != KEY_NEED_UNLINK) {
777
+		if (!(lflags & KEY_LOOKUP_PARTIAL)) {
778
+			ret = wait_for_key_construction(key, true);
779
+			switch (ret) {
780
+			case -ERESTARTSYS:
722
781
 				goto invalid_key;
723
-		case 0:
724
-			break;
782
+			default:
783
+				if (need_perm != KEY_AUTHTOKEN_OVERRIDE &&
784
+				    need_perm != KEY_DEFER_PERM_CHECK)
785
+					goto invalid_key;
786
+			case 0:
787
+				break;
788
+			}
789
+		} else if (need_perm != KEY_DEFER_PERM_CHECK) {
790
+			ret = key_validate(key);
791
+			if (ret < 0)
792
+				goto invalid_key;
725
793
 		}
726
-	} else if (perm) {
727
-		ret = key_validate(key);
728
-		if (ret < 0)
794
+
795
+		ret = -EIO;
796
+		if (!(lflags & KEY_LOOKUP_PARTIAL) &&
797
+		    key_read_state(key) == KEY_IS_UNINSTANTIATED)
729
798
 			goto invalid_key;
730
799
 	}
731
-
732
-	ret = -EIO;
733
-	if (!(lflags & KEY_LOOKUP_PARTIAL) &&
734
-	    key_read_state(key) == KEY_IS_UNINSTANTIATED)
735
-		goto invalid_key;
736
800
 
737
801
 	/* check the permissions */
738
-	ret = key_task_permission(key_ref, ctx.cred, perm);
802
+	ret = key_task_permission(key_ref, ctx.cred, need_perm);
739
803
 	if (ret < 0)
740
804
 		goto invalid_key;
741
805
 
..
..
@@ -886,7 +950,7 @@
886
950
  */
887
951
 static int __init init_root_keyring(void)
888
952
 {
889
-	return install_user_keyrings();
953
+	return look_up_user_keyrings(NULL, NULL);
890
954
 }
891
955
 
892
956
 late_initcall(init_root_keyring);