lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[PATCH] Keys: Remove key duplication

Browse Source 
Remove the key duplication stuff since there's nothing that uses it, no way
to get at it and it's awkward to deal with for LSM purposes.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
David Howells
2006-01-06 00:11:24 -08:00
committed by Linus Torvalds
parent 32725ad843
commit 8d9067bda9
6 changed files with 3 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
Documentation/keys.txt
View File

@@ -860,24 +860,6 @@ The structure has a number of fields, some of which are mandatory:
It is safe to sleep in this method. It is safe to sleep in this method.
(*) int (*duplicate)(struct key *key, const struct key *source);
If this type of key can be duplicated, then this method should be
provided. It is called to copy the payload attached to the source into the
new key. The data length on the new key will have been updated and the
quota adjusted already.
This method will be called with the source key's semaphore read-locked to
prevent its payload from being changed, thus RCU constraints need not be
applied to the source key.
This method does not have to lock the destination key in order to attach a
payload. The fact that KEY_FLAG_INSTANTIATED is not set in key->flags
prevents anything else from gaining access to the key.
It is safe to sleep in this method.
(*) int (*update)(struct key *key, const void *data, size_t datalen); (*) int (*update)(struct key *key, const void *data, size_t datalen);
If this type of key can be updated, then this method should be provided. If this type of key can be updated, then this method should be provided.

1
include/keys/user-type.h
View File

@@ -35,7 +35,6 @@ struct user_key_payload {
extern struct key_type key_type_user; extern struct key_type key_type_user;
extern int user_instantiate(struct key *key, const void *data, size_t datalen); extern int user_instantiate(struct key *key, const void *data, size_t datalen);
extern int user_duplicate(struct key *key, const struct key *source);
extern int user_update(struct key *key, const void *data, size_t datalen); extern int user_update(struct key *key, const void *data, size_t datalen);
extern int user_match(const struct key *key, const void *criterion); extern int user_match(const struct key *key, const void *criterion);
extern void user_destroy(struct key *key); extern void user_destroy(struct key *key);

8
include/linux/key.h
View File

@@ -193,14 +193,6 @@ struct key_type {
*/ */
int (*instantiate)(struct key *key, const void *data, size_t datalen); int (*instantiate)(struct key *key, const void *data, size_t datalen);
/* duplicate a key of this type (optional)
* - the source key will be locked against change
* - the new description will be attached
* - the quota will have been adjusted automatically from
* source->quotalen
*/
int (*duplicate)(struct key *key, const struct key *source);
/* update a key of this type (optional) /* update a key of this type (optional)
* - this method should call key_payload_reserve() to recalculate the * - this method should call key_payload_reserve() to recalculate the
* quota consumption * quota consumption

56
security/keys/key.c
View File

@@ -240,9 +240,9 @@ static inline void key_alloc_serial(struct key *key)
/* /*
* allocate a key of the specified type * allocate a key of the specified type
* - update the user's quota to reflect the existence of the key * - update the user's quota to reflect the existence of the key
* - called from a key-type operation with key_types_sem read-locked by either * - called from a key-type operation with key_types_sem read-locked by
* key_create_or_update() or by key_duplicate(); this prevents unregistration * key_create_or_update()
* of the key type * - this prevents unregistration of the key type
* - upon return the key is as yet uninstantiated; the caller needs to either * - upon return the key is as yet uninstantiated; the caller needs to either
* instantiate the key or discard it before returning * instantiate the key or discard it before returning
*/ */
@@ -887,56 +887,6 @@ int key_update(key_ref_t key_ref, const void *payload, size_t plen)
EXPORT_SYMBOL(key_update); EXPORT_SYMBOL(key_update);
/*****************************************************************************/
/*
* duplicate a key, potentially with a revised description
* - must be supported by the keytype (keyrings for instance can be duplicated)
*/
struct key *key_duplicate(struct key *source, const char *desc)
{
struct key *key;
int ret;
key_check(source);
if (!desc)
desc = source->description;
down_read(&key_types_sem);
ret = -EINVAL;
if (!source->type->duplicate)
goto error;
/* allocate and instantiate a key */
key = key_alloc(source->type, desc, current->fsuid, current->fsgid,
source->perm, 0);
if (IS_ERR(key))
goto error_k;
down_read(&source->sem);
ret = key->type->duplicate(key, source);
up_read(&source->sem);
if (ret < 0)
goto error2;
atomic_inc(&key->user->nikeys);
set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
error_k:
up_read(&key_types_sem);
out:
return key;
error2:
key_put(key);
error:
up_read(&key_types_sem);
key = ERR_PTR(ret);
goto out;
} /* end key_duplicate() */
/*****************************************************************************/ /*****************************************************************************/
/* /*
* revoke a key * revoke a key

64
security/keys/keyring.c
View File

@@ -48,7 +48,6 @@ static inline unsigned keyring_hash(const char *desc)
*/ */
static int keyring_instantiate(struct key *keyring, static int keyring_instantiate(struct key *keyring,
const void *data, size_t datalen); const void *data, size_t datalen);
static int keyring_duplicate(struct key *keyring, const struct key *source);
static int keyring_match(const struct key *keyring, const void *criterion); static int keyring_match(const struct key *keyring, const void *criterion);
static void keyring_destroy(struct key *keyring); static void keyring_destroy(struct key *keyring);
static void keyring_describe(const struct key *keyring, struct seq_file *m); static void keyring_describe(const struct key *keyring, struct seq_file *m);
@@ -59,7 +58,6 @@ struct key_type key_type_keyring = {
.name = "keyring", .name = "keyring",
.def_datalen = sizeof(struct keyring_list), .def_datalen = sizeof(struct keyring_list),
.instantiate = keyring_instantiate, .instantiate = keyring_instantiate,
.duplicate = keyring_duplicate,
.match = keyring_match, .match = keyring_match,
.destroy = keyring_destroy, .destroy = keyring_destroy,
.describe = keyring_describe, .describe = keyring_describe,
@@ -118,68 +116,6 @@ static int keyring_instantiate(struct key *keyring,
} /* end keyring_instantiate() */ } /* end keyring_instantiate() */
/*****************************************************************************/
/*
* duplicate the list of subscribed keys from a source keyring into this one
*/
static int keyring_duplicate(struct key *keyring, const struct key *source)
{
struct keyring_list *sklist, *klist;
unsigned max;
size_t size;
int loop, ret;
const unsigned limit =
(PAGE_SIZE - sizeof(*klist)) / sizeof(struct key *);
ret = 0;
/* find out how many keys are currently linked */
rcu_read_lock();
sklist = rcu_dereference(source->payload.subscriptions);
max = 0;
if (sklist)
max = sklist->nkeys;
rcu_read_unlock();
/* allocate a new payload and stuff load with key links */
if (max > 0) {
BUG_ON(max > limit);
max = (max + 3) & ~3;
if (max > limit)
max = limit;
ret = -ENOMEM;
size = sizeof(*klist) + sizeof(struct key *) * max;
klist = kmalloc(size, GFP_KERNEL);
if (!klist)
goto error;
/* set links */
rcu_read_lock();
sklist = rcu_dereference(source->payload.subscriptions);
klist->maxkeys = max;
klist->nkeys = sklist->nkeys;
memcpy(klist->keys,
sklist->keys,
sklist->nkeys * sizeof(struct key *));
for (loop = klist->nkeys - 1; loop >= 0; loop--)
atomic_inc(&klist->keys[loop]->usage);
rcu_read_unlock();
rcu_assign_pointer(keyring->payload.subscriptions, klist);
ret = 0;
}
error:
return ret;
} /* end keyring_duplicate() */
/*****************************************************************************/ /*****************************************************************************/
/* /*
* match keyrings on their name * match keyrings on their name

33
security/keys/user_defined.c
View File

@@ -26,7 +26,6 @@
struct key_type key_type_user = { struct key_type key_type_user = {
.name = "user", .name = "user",
.instantiate = user_instantiate, .instantiate = user_instantiate,
.duplicate = user_duplicate,
.update = user_update, .update = user_update,
.match = user_match, .match = user_match,
.destroy = user_destroy, .destroy = user_destroy,
@@ -68,40 +67,8 @@ error:
return ret; return ret;
} /* end user_instantiate() */ } /* end user_instantiate() */
EXPORT_SYMBOL_GPL(user_instantiate); EXPORT_SYMBOL_GPL(user_instantiate);
/*****************************************************************************/
/*
* duplicate a user defined key
* - both keys' semaphores are locked against further modification
* - the new key cannot yet be accessed
*/
int user_duplicate(struct key *key, const struct key *source)
{
struct user_key_payload *upayload, *spayload;
int ret;
/* just copy the payload */
ret = -ENOMEM;
upayload = kmalloc(sizeof(*upayload) + source->datalen, GFP_KERNEL);
if (upayload) {
spayload = rcu_dereference(source->payload.data);
BUG_ON(source->datalen != spayload->datalen);
upayload->datalen = key->datalen = spayload->datalen;
memcpy(upayload->data, spayload->data, key->datalen);
key->payload.data = upayload;
ret = 0;
}
return ret;
} /* end user_duplicate() */
EXPORT_SYMBOL_GPL(user_duplicate);
/*****************************************************************************/ /*****************************************************************************/
/* /*
* dispose of the old data from an updated user defined key * dispose of the old data from an updated user defined key