1 /* Userspace key control operations 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/syscalls.h> 17 #include <linux/key.h> 18 #include <linux/keyctl.h> 19 #include <linux/fs.h> 20 #include <linux/capability.h> 21 #include <linux/string.h> 22 #include <linux/err.h> 23 #include <linux/vmalloc.h> 24 #include <linux/security.h> 25 #include <linux/uio.h> 26 #include <asm/uaccess.h> 27 #include "internal.h" 28 29 #define KEY_MAX_DESC_SIZE 4096 30 31 static int key_get_type_from_user(char *type, 32 const char __user *_type, 33 unsigned len) 34 { 35 int ret; 36 37 ret = strncpy_from_user(type, _type, len); 38 if (ret < 0) 39 return ret; 40 if (ret == 0 || ret >= len) 41 return -EINVAL; 42 if (type[0] == '.') 43 return -EPERM; 44 type[len - 1] = '\0'; 45 return 0; 46 } 47 48 /* 49 * Extract the description of a new key from userspace and either add it as a 50 * new key to the specified keyring or update a matching key in that keyring. 51 * 52 * If the description is NULL or an empty string, the key type is asked to 53 * generate one from the payload. 54 * 55 * The keyring must be writable so that we can attach the key to it. 56 * 57 * If successful, the new key's serial number is returned, otherwise an error 58 * code is returned. 59 */ 60 SYSCALL_DEFINE5(add_key, const char __user *, _type, 61 const char __user *, _description, 62 const void __user *, _payload, 63 size_t, plen, 64 key_serial_t, ringid) 65 { 66 key_ref_t keyring_ref, key_ref; 67 char type[32], *description; 68 void *payload; 69 long ret; 70 bool vm; 71 72 ret = -EINVAL; 73 if (plen > 1024 * 1024 - 1) 74 goto error; 75 76 /* draw all the data into kernel space */ 77 ret = key_get_type_from_user(type, _type, sizeof(type)); 78 if (ret < 0) 79 goto error; 80 81 description = NULL; 82 if (_description) { 83 description = strndup_user(_description, KEY_MAX_DESC_SIZE); 84 if (IS_ERR(description)) { 85 ret = PTR_ERR(description); 86 goto error; 87 } 88 if (!*description) { 89 kfree(description); 90 description = NULL; 91 } else if ((description[0] == '.') && 92 (strncmp(type, "keyring", 7) == 0)) { 93 ret = -EPERM; 94 goto error2; 95 } 96 } 97 98 /* pull the payload in if one was supplied */ 99 payload = NULL; 100 101 vm = false; 102 if (_payload) { 103 ret = -ENOMEM; 104 payload = kmalloc(plen, GFP_KERNEL | __GFP_NOWARN); 105 if (!payload) { 106 if (plen <= PAGE_SIZE) 107 goto error2; 108 vm = true; 109 payload = vmalloc(plen); 110 if (!payload) 111 goto error2; 112 } 113 114 ret = -EFAULT; 115 if (copy_from_user(payload, _payload, plen) != 0) 116 goto error3; 117 } 118 119 /* find the target keyring (which must be writable) */ 120 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); 121 if (IS_ERR(keyring_ref)) { 122 ret = PTR_ERR(keyring_ref); 123 goto error3; 124 } 125 126 /* create or update the requested key and add it to the target 127 * keyring */ 128 key_ref = key_create_or_update(keyring_ref, type, description, 129 payload, plen, KEY_PERM_UNDEF, 130 KEY_ALLOC_IN_QUOTA); 131 if (!IS_ERR(key_ref)) { 132 ret = key_ref_to_ptr(key_ref)->serial; 133 key_ref_put(key_ref); 134 } 135 else { 136 ret = PTR_ERR(key_ref); 137 } 138 139 key_ref_put(keyring_ref); 140 error3: 141 if (!vm) 142 kfree(payload); 143 else 144 vfree(payload); 145 error2: 146 kfree(description); 147 error: 148 return ret; 149 } 150 151 /* 152 * Search the process keyrings and keyring trees linked from those for a 153 * matching key. Keyrings must have appropriate Search permission to be 154 * searched. 155 * 156 * If a key is found, it will be attached to the destination keyring if there's 157 * one specified and the serial number of the key will be returned. 158 * 159 * If no key is found, /sbin/request-key will be invoked if _callout_info is 160 * non-NULL in an attempt to create a key. The _callout_info string will be 161 * passed to /sbin/request-key to aid with completing the request. If the 162 * _callout_info string is "" then it will be changed to "-". 163 */ 164 SYSCALL_DEFINE4(request_key, const char __user *, _type, 165 const char __user *, _description, 166 const char __user *, _callout_info, 167 key_serial_t, destringid) 168 { 169 struct key_type *ktype; 170 struct key *key; 171 key_ref_t dest_ref; 172 size_t callout_len; 173 char type[32], *description, *callout_info; 174 long ret; 175 176 /* pull the type into kernel space */ 177 ret = key_get_type_from_user(type, _type, sizeof(type)); 178 if (ret < 0) 179 goto error; 180 181 /* pull the description into kernel space */ 182 description = strndup_user(_description, KEY_MAX_DESC_SIZE); 183 if (IS_ERR(description)) { 184 ret = PTR_ERR(description); 185 goto error; 186 } 187 188 /* pull the callout info into kernel space */ 189 callout_info = NULL; 190 callout_len = 0; 191 if (_callout_info) { 192 callout_info = strndup_user(_callout_info, PAGE_SIZE); 193 if (IS_ERR(callout_info)) { 194 ret = PTR_ERR(callout_info); 195 goto error2; 196 } 197 callout_len = strlen(callout_info); 198 } 199 200 /* get the destination keyring if specified */ 201 dest_ref = NULL; 202 if (destringid) { 203 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 204 KEY_NEED_WRITE); 205 if (IS_ERR(dest_ref)) { 206 ret = PTR_ERR(dest_ref); 207 goto error3; 208 } 209 } 210 211 /* find the key type */ 212 ktype = key_type_lookup(type); 213 if (IS_ERR(ktype)) { 214 ret = PTR_ERR(ktype); 215 goto error4; 216 } 217 218 /* do the search */ 219 key = request_key_and_link(ktype, description, callout_info, 220 callout_len, NULL, key_ref_to_ptr(dest_ref), 221 KEY_ALLOC_IN_QUOTA); 222 if (IS_ERR(key)) { 223 ret = PTR_ERR(key); 224 goto error5; 225 } 226 227 /* wait for the key to finish being constructed */ 228 ret = wait_for_key_construction(key, 1); 229 if (ret < 0) 230 goto error6; 231 232 ret = key->serial; 233 234 error6: 235 key_put(key); 236 error5: 237 key_type_put(ktype); 238 error4: 239 key_ref_put(dest_ref); 240 error3: 241 kfree(callout_info); 242 error2: 243 kfree(description); 244 error: 245 return ret; 246 } 247 248 /* 249 * Get the ID of the specified process keyring. 250 * 251 * The requested keyring must have search permission to be found. 252 * 253 * If successful, the ID of the requested keyring will be returned. 254 */ 255 long keyctl_get_keyring_ID(key_serial_t id, int create) 256 { 257 key_ref_t key_ref; 258 unsigned long lflags; 259 long ret; 260 261 lflags = create ? KEY_LOOKUP_CREATE : 0; 262 key_ref = lookup_user_key(id, lflags, KEY_NEED_SEARCH); 263 if (IS_ERR(key_ref)) { 264 ret = PTR_ERR(key_ref); 265 goto error; 266 } 267 268 ret = key_ref_to_ptr(key_ref)->serial; 269 key_ref_put(key_ref); 270 error: 271 return ret; 272 } 273 274 /* 275 * Join a (named) session keyring. 276 * 277 * Create and join an anonymous session keyring or join a named session 278 * keyring, creating it if necessary. A named session keyring must have Search 279 * permission for it to be joined. Session keyrings without this permit will 280 * be skipped over. 281 * 282 * If successful, the ID of the joined session keyring will be returned. 283 */ 284 long keyctl_join_session_keyring(const char __user *_name) 285 { 286 char *name; 287 long ret; 288 289 /* fetch the name from userspace */ 290 name = NULL; 291 if (_name) { 292 name = strndup_user(_name, KEY_MAX_DESC_SIZE); 293 if (IS_ERR(name)) { 294 ret = PTR_ERR(name); 295 goto error; 296 } 297 } 298 299 /* join the session */ 300 ret = join_session_keyring(name); 301 kfree(name); 302 303 error: 304 return ret; 305 } 306 307 /* 308 * Update a key's data payload from the given data. 309 * 310 * The key must grant the caller Write permission and the key type must support 311 * updating for this to work. A negative key can be positively instantiated 312 * with this call. 313 * 314 * If successful, 0 will be returned. If the key type does not support 315 * updating, then -EOPNOTSUPP will be returned. 316 */ 317 long keyctl_update_key(key_serial_t id, 318 const void __user *_payload, 319 size_t plen) 320 { 321 key_ref_t key_ref; 322 void *payload; 323 long ret; 324 325 ret = -EINVAL; 326 if (plen > PAGE_SIZE) 327 goto error; 328 329 /* pull the payload in if one was supplied */ 330 payload = NULL; 331 if (_payload) { 332 ret = -ENOMEM; 333 payload = kmalloc(plen, GFP_KERNEL); 334 if (!payload) 335 goto error; 336 337 ret = -EFAULT; 338 if (copy_from_user(payload, _payload, plen) != 0) 339 goto error2; 340 } 341 342 /* find the target key (which must be writable) */ 343 key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE); 344 if (IS_ERR(key_ref)) { 345 ret = PTR_ERR(key_ref); 346 goto error2; 347 } 348 349 /* update the key */ 350 ret = key_update(key_ref, payload, plen); 351 352 key_ref_put(key_ref); 353 error2: 354 kfree(payload); 355 error: 356 return ret; 357 } 358 359 /* 360 * Revoke a key. 361 * 362 * The key must be grant the caller Write or Setattr permission for this to 363 * work. The key type should give up its quota claim when revoked. The key 364 * and any links to the key will be automatically garbage collected after a 365 * certain amount of time (/proc/sys/kernel/keys/gc_delay). 366 * 367 * If successful, 0 is returned. 368 */ 369 long keyctl_revoke_key(key_serial_t id) 370 { 371 key_ref_t key_ref; 372 long ret; 373 374 key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE); 375 if (IS_ERR(key_ref)) { 376 ret = PTR_ERR(key_ref); 377 if (ret != -EACCES) 378 goto error; 379 key_ref = lookup_user_key(id, 0, KEY_NEED_SETATTR); 380 if (IS_ERR(key_ref)) { 381 ret = PTR_ERR(key_ref); 382 goto error; 383 } 384 } 385 386 key_revoke(key_ref_to_ptr(key_ref)); 387 ret = 0; 388 389 key_ref_put(key_ref); 390 error: 391 return ret; 392 } 393 394 /* 395 * Invalidate a key. 396 * 397 * The key must be grant the caller Invalidate permission for this to work. 398 * The key and any links to the key will be automatically garbage collected 399 * immediately. 400 * 401 * If successful, 0 is returned. 402 */ 403 long keyctl_invalidate_key(key_serial_t id) 404 { 405 key_ref_t key_ref; 406 long ret; 407 408 kenter("%d", id); 409 410 key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH); 411 if (IS_ERR(key_ref)) { 412 ret = PTR_ERR(key_ref); 413 414 /* Root is permitted to invalidate certain special keys */ 415 if (capable(CAP_SYS_ADMIN)) { 416 key_ref = lookup_user_key(id, 0, 0); 417 if (IS_ERR(key_ref)) 418 goto error; 419 if (test_bit(KEY_FLAG_ROOT_CAN_INVAL, 420 &key_ref_to_ptr(key_ref)->flags)) 421 goto invalidate; 422 goto error_put; 423 } 424 425 goto error; 426 } 427 428 invalidate: 429 key_invalidate(key_ref_to_ptr(key_ref)); 430 ret = 0; 431 error_put: 432 key_ref_put(key_ref); 433 error: 434 kleave(" = %ld", ret); 435 return ret; 436 } 437 438 /* 439 * Clear the specified keyring, creating an empty process keyring if one of the 440 * special keyring IDs is used. 441 * 442 * The keyring must grant the caller Write permission for this to work. If 443 * successful, 0 will be returned. 444 */ 445 long keyctl_keyring_clear(key_serial_t ringid) 446 { 447 key_ref_t keyring_ref; 448 long ret; 449 450 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); 451 if (IS_ERR(keyring_ref)) { 452 ret = PTR_ERR(keyring_ref); 453 454 /* Root is permitted to invalidate certain special keyrings */ 455 if (capable(CAP_SYS_ADMIN)) { 456 keyring_ref = lookup_user_key(ringid, 0, 0); 457 if (IS_ERR(keyring_ref)) 458 goto error; 459 if (test_bit(KEY_FLAG_ROOT_CAN_CLEAR, 460 &key_ref_to_ptr(keyring_ref)->flags)) 461 goto clear; 462 goto error_put; 463 } 464 465 goto error; 466 } 467 468 clear: 469 ret = keyring_clear(key_ref_to_ptr(keyring_ref)); 470 error_put: 471 key_ref_put(keyring_ref); 472 error: 473 return ret; 474 } 475 476 /* 477 * Create a link from a keyring to a key if there's no matching key in the 478 * keyring, otherwise replace the link to the matching key with a link to the 479 * new key. 480 * 481 * The key must grant the caller Link permission and the the keyring must grant 482 * the caller Write permission. Furthermore, if an additional link is created, 483 * the keyring's quota will be extended. 484 * 485 * If successful, 0 will be returned. 486 */ 487 long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) 488 { 489 key_ref_t keyring_ref, key_ref; 490 long ret; 491 492 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); 493 if (IS_ERR(keyring_ref)) { 494 ret = PTR_ERR(keyring_ref); 495 goto error; 496 } 497 498 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_NEED_LINK); 499 if (IS_ERR(key_ref)) { 500 ret = PTR_ERR(key_ref); 501 goto error2; 502 } 503 504 ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 505 506 key_ref_put(key_ref); 507 error2: 508 key_ref_put(keyring_ref); 509 error: 510 return ret; 511 } 512 513 /* 514 * Unlink a key from a keyring. 515 * 516 * The keyring must grant the caller Write permission for this to work; the key 517 * itself need not grant the caller anything. If the last link to a key is 518 * removed then that key will be scheduled for destruction. 519 * 520 * If successful, 0 will be returned. 521 */ 522 long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) 523 { 524 key_ref_t keyring_ref, key_ref; 525 long ret; 526 527 keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_WRITE); 528 if (IS_ERR(keyring_ref)) { 529 ret = PTR_ERR(keyring_ref); 530 goto error; 531 } 532 533 key_ref = lookup_user_key(id, KEY_LOOKUP_FOR_UNLINK, 0); 534 if (IS_ERR(key_ref)) { 535 ret = PTR_ERR(key_ref); 536 goto error2; 537 } 538 539 ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 540 541 key_ref_put(key_ref); 542 error2: 543 key_ref_put(keyring_ref); 544 error: 545 return ret; 546 } 547 548 /* 549 * Return a description of a key to userspace. 550 * 551 * The key must grant the caller View permission for this to work. 552 * 553 * If there's a buffer, we place up to buflen bytes of data into it formatted 554 * in the following way: 555 * 556 * type;uid;gid;perm;description<NUL> 557 * 558 * If successful, we return the amount of description available, irrespective 559 * of how much we may have copied into the buffer. 560 */ 561 long keyctl_describe_key(key_serial_t keyid, 562 char __user *buffer, 563 size_t buflen) 564 { 565 struct key *key, *instkey; 566 key_ref_t key_ref; 567 char *infobuf; 568 long ret; 569 int desclen, infolen; 570 571 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW); 572 if (IS_ERR(key_ref)) { 573 /* viewing a key under construction is permitted if we have the 574 * authorisation token handy */ 575 if (PTR_ERR(key_ref) == -EACCES) { 576 instkey = key_get_instantiation_authkey(keyid); 577 if (!IS_ERR(instkey)) { 578 key_put(instkey); 579 key_ref = lookup_user_key(keyid, 580 KEY_LOOKUP_PARTIAL, 581 0); 582 if (!IS_ERR(key_ref)) 583 goto okay; 584 } 585 } 586 587 ret = PTR_ERR(key_ref); 588 goto error; 589 } 590 591 okay: 592 key = key_ref_to_ptr(key_ref); 593 desclen = strlen(key->description); 594 595 /* calculate how much information we're going to return */ 596 ret = -ENOMEM; 597 infobuf = kasprintf(GFP_KERNEL, 598 "%s;%d;%d;%08x;", 599 key->type->name, 600 from_kuid_munged(current_user_ns(), key->uid), 601 from_kgid_munged(current_user_ns(), key->gid), 602 key->perm); 603 if (!infobuf) 604 goto error2; 605 infolen = strlen(infobuf); 606 ret = infolen + desclen + 1; 607 608 /* consider returning the data */ 609 if (buffer && buflen >= ret) { 610 if (copy_to_user(buffer, infobuf, infolen) != 0 || 611 copy_to_user(buffer + infolen, key->description, 612 desclen + 1) != 0) 613 ret = -EFAULT; 614 } 615 616 kfree(infobuf); 617 error2: 618 key_ref_put(key_ref); 619 error: 620 return ret; 621 } 622 623 /* 624 * Search the specified keyring and any keyrings it links to for a matching 625 * key. Only keyrings that grant the caller Search permission will be searched 626 * (this includes the starting keyring). Only keys with Search permission can 627 * be found. 628 * 629 * If successful, the found key will be linked to the destination keyring if 630 * supplied and the key has Link permission, and the found key ID will be 631 * returned. 632 */ 633 long keyctl_keyring_search(key_serial_t ringid, 634 const char __user *_type, 635 const char __user *_description, 636 key_serial_t destringid) 637 { 638 struct key_type *ktype; 639 key_ref_t keyring_ref, key_ref, dest_ref; 640 char type[32], *description; 641 long ret; 642 643 /* pull the type and description into kernel space */ 644 ret = key_get_type_from_user(type, _type, sizeof(type)); 645 if (ret < 0) 646 goto error; 647 648 description = strndup_user(_description, KEY_MAX_DESC_SIZE); 649 if (IS_ERR(description)) { 650 ret = PTR_ERR(description); 651 goto error; 652 } 653 654 /* get the keyring at which to begin the search */ 655 keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_SEARCH); 656 if (IS_ERR(keyring_ref)) { 657 ret = PTR_ERR(keyring_ref); 658 goto error2; 659 } 660 661 /* get the destination keyring if specified */ 662 dest_ref = NULL; 663 if (destringid) { 664 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 665 KEY_NEED_WRITE); 666 if (IS_ERR(dest_ref)) { 667 ret = PTR_ERR(dest_ref); 668 goto error3; 669 } 670 } 671 672 /* find the key type */ 673 ktype = key_type_lookup(type); 674 if (IS_ERR(ktype)) { 675 ret = PTR_ERR(ktype); 676 goto error4; 677 } 678 679 /* do the search */ 680 key_ref = keyring_search(keyring_ref, ktype, description); 681 if (IS_ERR(key_ref)) { 682 ret = PTR_ERR(key_ref); 683 684 /* treat lack or presence of a negative key the same */ 685 if (ret == -EAGAIN) 686 ret = -ENOKEY; 687 goto error5; 688 } 689 690 /* link the resulting key to the destination keyring if we can */ 691 if (dest_ref) { 692 ret = key_permission(key_ref, KEY_NEED_LINK); 693 if (ret < 0) 694 goto error6; 695 696 ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref)); 697 if (ret < 0) 698 goto error6; 699 } 700 701 ret = key_ref_to_ptr(key_ref)->serial; 702 703 error6: 704 key_ref_put(key_ref); 705 error5: 706 key_type_put(ktype); 707 error4: 708 key_ref_put(dest_ref); 709 error3: 710 key_ref_put(keyring_ref); 711 error2: 712 kfree(description); 713 error: 714 return ret; 715 } 716 717 /* 718 * Read a key's payload. 719 * 720 * The key must either grant the caller Read permission, or it must grant the 721 * caller Search permission when searched for from the process keyrings. 722 * 723 * If successful, we place up to buflen bytes of data into the buffer, if one 724 * is provided, and return the amount of data that is available in the key, 725 * irrespective of how much we copied into the buffer. 726 */ 727 long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) 728 { 729 struct key *key; 730 key_ref_t key_ref; 731 long ret; 732 733 /* find the key first */ 734 key_ref = lookup_user_key(keyid, 0, 0); 735 if (IS_ERR(key_ref)) { 736 ret = -ENOKEY; 737 goto error; 738 } 739 740 key = key_ref_to_ptr(key_ref); 741 742 /* see if we can read it directly */ 743 ret = key_permission(key_ref, KEY_NEED_READ); 744 if (ret == 0) 745 goto can_read_key; 746 if (ret != -EACCES) 747 goto error; 748 749 /* we can't; see if it's searchable from this process's keyrings 750 * - we automatically take account of the fact that it may be 751 * dangling off an instantiation key 752 */ 753 if (!is_key_possessed(key_ref)) { 754 ret = -EACCES; 755 goto error2; 756 } 757 758 /* the key is probably readable - now try to read it */ 759 can_read_key: 760 ret = key_validate(key); 761 if (ret == 0) { 762 ret = -EOPNOTSUPP; 763 if (key->type->read) { 764 /* read the data with the semaphore held (since we 765 * might sleep) */ 766 down_read(&key->sem); 767 ret = key->type->read(key, buffer, buflen); 768 up_read(&key->sem); 769 } 770 } 771 772 error2: 773 key_put(key); 774 error: 775 return ret; 776 } 777 778 /* 779 * Change the ownership of a key 780 * 781 * The key must grant the caller Setattr permission for this to work, though 782 * the key need not be fully instantiated yet. For the UID to be changed, or 783 * for the GID to be changed to a group the caller is not a member of, the 784 * caller must have sysadmin capability. If either uid or gid is -1 then that 785 * attribute is not changed. 786 * 787 * If the UID is to be changed, the new user must have sufficient quota to 788 * accept the key. The quota deduction will be removed from the old user to 789 * the new user should the attribute be changed. 790 * 791 * If successful, 0 will be returned. 792 */ 793 long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group) 794 { 795 struct key_user *newowner, *zapowner = NULL; 796 struct key *key; 797 key_ref_t key_ref; 798 long ret; 799 kuid_t uid; 800 kgid_t gid; 801 802 uid = make_kuid(current_user_ns(), user); 803 gid = make_kgid(current_user_ns(), group); 804 ret = -EINVAL; 805 if ((user != (uid_t) -1) && !uid_valid(uid)) 806 goto error; 807 if ((group != (gid_t) -1) && !gid_valid(gid)) 808 goto error; 809 810 ret = 0; 811 if (user == (uid_t) -1 && group == (gid_t) -1) 812 goto error; 813 814 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 815 KEY_NEED_SETATTR); 816 if (IS_ERR(key_ref)) { 817 ret = PTR_ERR(key_ref); 818 goto error; 819 } 820 821 key = key_ref_to_ptr(key_ref); 822 823 /* make the changes with the locks held to prevent chown/chown races */ 824 ret = -EACCES; 825 down_write(&key->sem); 826 827 if (!capable(CAP_SYS_ADMIN)) { 828 /* only the sysadmin can chown a key to some other UID */ 829 if (user != (uid_t) -1 && !uid_eq(key->uid, uid)) 830 goto error_put; 831 832 /* only the sysadmin can set the key's GID to a group other 833 * than one of those that the current process subscribes to */ 834 if (group != (gid_t) -1 && !gid_eq(gid, key->gid) && !in_group_p(gid)) 835 goto error_put; 836 } 837 838 /* change the UID */ 839 if (user != (uid_t) -1 && !uid_eq(uid, key->uid)) { 840 ret = -ENOMEM; 841 newowner = key_user_lookup(uid); 842 if (!newowner) 843 goto error_put; 844 845 /* transfer the quota burden to the new user */ 846 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { 847 unsigned maxkeys = uid_eq(uid, GLOBAL_ROOT_UID) ? 848 key_quota_root_maxkeys : key_quota_maxkeys; 849 unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ? 850 key_quota_root_maxbytes : key_quota_maxbytes; 851 852 spin_lock(&newowner->lock); 853 if (newowner->qnkeys + 1 >= maxkeys || 854 newowner->qnbytes + key->quotalen >= maxbytes || 855 newowner->qnbytes + key->quotalen < 856 newowner->qnbytes) 857 goto quota_overrun; 858 859 newowner->qnkeys++; 860 newowner->qnbytes += key->quotalen; 861 spin_unlock(&newowner->lock); 862 863 spin_lock(&key->user->lock); 864 key->user->qnkeys--; 865 key->user->qnbytes -= key->quotalen; 866 spin_unlock(&key->user->lock); 867 } 868 869 atomic_dec(&key->user->nkeys); 870 atomic_inc(&newowner->nkeys); 871 872 if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { 873 atomic_dec(&key->user->nikeys); 874 atomic_inc(&newowner->nikeys); 875 } 876 877 zapowner = key->user; 878 key->user = newowner; 879 key->uid = uid; 880 } 881 882 /* change the GID */ 883 if (group != (gid_t) -1) 884 key->gid = gid; 885 886 ret = 0; 887 888 error_put: 889 up_write(&key->sem); 890 key_put(key); 891 if (zapowner) 892 key_user_put(zapowner); 893 error: 894 return ret; 895 896 quota_overrun: 897 spin_unlock(&newowner->lock); 898 zapowner = newowner; 899 ret = -EDQUOT; 900 goto error_put; 901 } 902 903 /* 904 * Change the permission mask on a key. 905 * 906 * The key must grant the caller Setattr permission for this to work, though 907 * the key need not be fully instantiated yet. If the caller does not have 908 * sysadmin capability, it may only change the permission on keys that it owns. 909 */ 910 long keyctl_setperm_key(key_serial_t id, key_perm_t perm) 911 { 912 struct key *key; 913 key_ref_t key_ref; 914 long ret; 915 916 ret = -EINVAL; 917 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) 918 goto error; 919 920 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 921 KEY_NEED_SETATTR); 922 if (IS_ERR(key_ref)) { 923 ret = PTR_ERR(key_ref); 924 goto error; 925 } 926 927 key = key_ref_to_ptr(key_ref); 928 929 /* make the changes with the locks held to prevent chown/chmod races */ 930 ret = -EACCES; 931 down_write(&key->sem); 932 933 /* if we're not the sysadmin, we can only change a key that we own */ 934 if (capable(CAP_SYS_ADMIN) || uid_eq(key->uid, current_fsuid())) { 935 key->perm = perm; 936 ret = 0; 937 } 938 939 up_write(&key->sem); 940 key_put(key); 941 error: 942 return ret; 943 } 944 945 /* 946 * Get the destination keyring for instantiation and check that the caller has 947 * Write permission on it. 948 */ 949 static long get_instantiation_keyring(key_serial_t ringid, 950 struct request_key_auth *rka, 951 struct key **_dest_keyring) 952 { 953 key_ref_t dkref; 954 955 *_dest_keyring = NULL; 956 957 /* just return a NULL pointer if we weren't asked to make a link */ 958 if (ringid == 0) 959 return 0; 960 961 /* if a specific keyring is nominated by ID, then use that */ 962 if (ringid > 0) { 963 dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); 964 if (IS_ERR(dkref)) 965 return PTR_ERR(dkref); 966 *_dest_keyring = key_ref_to_ptr(dkref); 967 return 0; 968 } 969 970 if (ringid == KEY_SPEC_REQKEY_AUTH_KEY) 971 return -EINVAL; 972 973 /* otherwise specify the destination keyring recorded in the 974 * authorisation key (any KEY_SPEC_*_KEYRING) */ 975 if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) { 976 *_dest_keyring = key_get(rka->dest_keyring); 977 return 0; 978 } 979 980 return -ENOKEY; 981 } 982 983 /* 984 * Change the request_key authorisation key on the current process. 985 */ 986 static int keyctl_change_reqkey_auth(struct key *key) 987 { 988 struct cred *new; 989 990 new = prepare_creds(); 991 if (!new) 992 return -ENOMEM; 993 994 key_put(new->request_key_auth); 995 new->request_key_auth = key_get(key); 996 997 return commit_creds(new); 998 } 999 1000 /* 1001 * Instantiate a key with the specified payload and link the key into the 1002 * destination keyring if one is given. 1003 * 1004 * The caller must have the appropriate instantiation permit set for this to 1005 * work (see keyctl_assume_authority). No other permissions are required. 1006 * 1007 * If successful, 0 will be returned. 1008 */ 1009 long keyctl_instantiate_key_common(key_serial_t id, 1010 struct iov_iter *from, 1011 key_serial_t ringid) 1012 { 1013 const struct cred *cred = current_cred(); 1014 struct request_key_auth *rka; 1015 struct key *instkey, *dest_keyring; 1016 size_t plen = from ? iov_iter_count(from) : 0; 1017 void *payload; 1018 long ret; 1019 1020 kenter("%d,,%zu,%d", id, plen, ringid); 1021 1022 if (!plen) 1023 from = NULL; 1024 1025 ret = -EINVAL; 1026 if (plen > 1024 * 1024 - 1) 1027 goto error; 1028 1029 /* the appropriate instantiation authorisation key must have been 1030 * assumed before calling this */ 1031 ret = -EPERM; 1032 instkey = cred->request_key_auth; 1033 if (!instkey) 1034 goto error; 1035 1036 rka = instkey->payload.data; 1037 if (rka->target_key->serial != id) 1038 goto error; 1039 1040 /* pull the payload in if one was supplied */ 1041 payload = NULL; 1042 1043 if (from) { 1044 ret = -ENOMEM; 1045 payload = kmalloc(plen, GFP_KERNEL); 1046 if (!payload) { 1047 if (plen <= PAGE_SIZE) 1048 goto error; 1049 payload = vmalloc(plen); 1050 if (!payload) 1051 goto error; 1052 } 1053 1054 ret = -EFAULT; 1055 if (copy_from_iter(payload, plen, from) != plen) 1056 goto error2; 1057 } 1058 1059 /* find the destination keyring amongst those belonging to the 1060 * requesting task */ 1061 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1062 if (ret < 0) 1063 goto error2; 1064 1065 /* instantiate the key and link it into a keyring */ 1066 ret = key_instantiate_and_link(rka->target_key, payload, plen, 1067 dest_keyring, instkey); 1068 1069 key_put(dest_keyring); 1070 1071 /* discard the assumed authority if it's just been disabled by 1072 * instantiation of the key */ 1073 if (ret == 0) 1074 keyctl_change_reqkey_auth(NULL); 1075 1076 error2: 1077 kvfree(payload); 1078 error: 1079 return ret; 1080 } 1081 1082 /* 1083 * Instantiate a key with the specified payload and link the key into the 1084 * destination keyring if one is given. 1085 * 1086 * The caller must have the appropriate instantiation permit set for this to 1087 * work (see keyctl_assume_authority). No other permissions are required. 1088 * 1089 * If successful, 0 will be returned. 1090 */ 1091 long keyctl_instantiate_key(key_serial_t id, 1092 const void __user *_payload, 1093 size_t plen, 1094 key_serial_t ringid) 1095 { 1096 if (_payload && plen) { 1097 struct iovec iov; 1098 struct iov_iter from; 1099 int ret; 1100 1101 ret = import_single_range(WRITE, (void __user *)_payload, plen, 1102 &iov, &from); 1103 if (unlikely(ret)) 1104 return ret; 1105 1106 return keyctl_instantiate_key_common(id, &from, ringid); 1107 } 1108 1109 return keyctl_instantiate_key_common(id, NULL, ringid); 1110 } 1111 1112 /* 1113 * Instantiate a key with the specified multipart payload and link the key into 1114 * the destination keyring if one is given. 1115 * 1116 * The caller must have the appropriate instantiation permit set for this to 1117 * work (see keyctl_assume_authority). No other permissions are required. 1118 * 1119 * If successful, 0 will be returned. 1120 */ 1121 long keyctl_instantiate_key_iov(key_serial_t id, 1122 const struct iovec __user *_payload_iov, 1123 unsigned ioc, 1124 key_serial_t ringid) 1125 { 1126 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack; 1127 struct iov_iter from; 1128 long ret; 1129 1130 if (!_payload_iov) 1131 ioc = 0; 1132 1133 ret = import_iovec(WRITE, _payload_iov, ioc, 1134 ARRAY_SIZE(iovstack), &iov, &from); 1135 if (ret < 0) 1136 return ret; 1137 ret = keyctl_instantiate_key_common(id, &from, ringid); 1138 kfree(iov); 1139 return ret; 1140 } 1141 1142 /* 1143 * Negatively instantiate the key with the given timeout (in seconds) and link 1144 * the key into the destination keyring if one is given. 1145 * 1146 * The caller must have the appropriate instantiation permit set for this to 1147 * work (see keyctl_assume_authority). No other permissions are required. 1148 * 1149 * The key and any links to the key will be automatically garbage collected 1150 * after the timeout expires. 1151 * 1152 * Negative keys are used to rate limit repeated request_key() calls by causing 1153 * them to return -ENOKEY until the negative key expires. 1154 * 1155 * If successful, 0 will be returned. 1156 */ 1157 long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 1158 { 1159 return keyctl_reject_key(id, timeout, ENOKEY, ringid); 1160 } 1161 1162 /* 1163 * Negatively instantiate the key with the given timeout (in seconds) and error 1164 * code and link the key into the destination keyring if one is given. 1165 * 1166 * The caller must have the appropriate instantiation permit set for this to 1167 * work (see keyctl_assume_authority). No other permissions are required. 1168 * 1169 * The key and any links to the key will be automatically garbage collected 1170 * after the timeout expires. 1171 * 1172 * Negative keys are used to rate limit repeated request_key() calls by causing 1173 * them to return the specified error code until the negative key expires. 1174 * 1175 * If successful, 0 will be returned. 1176 */ 1177 long keyctl_reject_key(key_serial_t id, unsigned timeout, unsigned error, 1178 key_serial_t ringid) 1179 { 1180 const struct cred *cred = current_cred(); 1181 struct request_key_auth *rka; 1182 struct key *instkey, *dest_keyring; 1183 long ret; 1184 1185 kenter("%d,%u,%u,%d", id, timeout, error, ringid); 1186 1187 /* must be a valid error code and mustn't be a kernel special */ 1188 if (error <= 0 || 1189 error >= MAX_ERRNO || 1190 error == ERESTARTSYS || 1191 error == ERESTARTNOINTR || 1192 error == ERESTARTNOHAND || 1193 error == ERESTART_RESTARTBLOCK) 1194 return -EINVAL; 1195 1196 /* the appropriate instantiation authorisation key must have been 1197 * assumed before calling this */ 1198 ret = -EPERM; 1199 instkey = cred->request_key_auth; 1200 if (!instkey) 1201 goto error; 1202 1203 rka = instkey->payload.data; 1204 if (rka->target_key->serial != id) 1205 goto error; 1206 1207 /* find the destination keyring if present (which must also be 1208 * writable) */ 1209 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1210 if (ret < 0) 1211 goto error; 1212 1213 /* instantiate the key and link it into a keyring */ 1214 ret = key_reject_and_link(rka->target_key, timeout, error, 1215 dest_keyring, instkey); 1216 1217 key_put(dest_keyring); 1218 1219 /* discard the assumed authority if it's just been disabled by 1220 * instantiation of the key */ 1221 if (ret == 0) 1222 keyctl_change_reqkey_auth(NULL); 1223 1224 error: 1225 return ret; 1226 } 1227 1228 /* 1229 * Read or set the default keyring in which request_key() will cache keys and 1230 * return the old setting. 1231 * 1232 * If a process keyring is specified then this will be created if it doesn't 1233 * yet exist. The old setting will be returned if successful. 1234 */ 1235 long keyctl_set_reqkey_keyring(int reqkey_defl) 1236 { 1237 struct cred *new; 1238 int ret, old_setting; 1239 1240 old_setting = current_cred_xxx(jit_keyring); 1241 1242 if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE) 1243 return old_setting; 1244 1245 new = prepare_creds(); 1246 if (!new) 1247 return -ENOMEM; 1248 1249 switch (reqkey_defl) { 1250 case KEY_REQKEY_DEFL_THREAD_KEYRING: 1251 ret = install_thread_keyring_to_cred(new); 1252 if (ret < 0) 1253 goto error; 1254 goto set; 1255 1256 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 1257 ret = install_process_keyring_to_cred(new); 1258 if (ret < 0) { 1259 if (ret != -EEXIST) 1260 goto error; 1261 ret = 0; 1262 } 1263 goto set; 1264 1265 case KEY_REQKEY_DEFL_DEFAULT: 1266 case KEY_REQKEY_DEFL_SESSION_KEYRING: 1267 case KEY_REQKEY_DEFL_USER_KEYRING: 1268 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 1269 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: 1270 goto set; 1271 1272 case KEY_REQKEY_DEFL_NO_CHANGE: 1273 case KEY_REQKEY_DEFL_GROUP_KEYRING: 1274 default: 1275 ret = -EINVAL; 1276 goto error; 1277 } 1278 1279 set: 1280 new->jit_keyring = reqkey_defl; 1281 commit_creds(new); 1282 return old_setting; 1283 error: 1284 abort_creds(new); 1285 return ret; 1286 } 1287 1288 /* 1289 * Set or clear the timeout on a key. 1290 * 1291 * Either the key must grant the caller Setattr permission or else the caller 1292 * must hold an instantiation authorisation token for the key. 1293 * 1294 * The timeout is either 0 to clear the timeout, or a number of seconds from 1295 * the current time. The key and any links to the key will be automatically 1296 * garbage collected after the timeout expires. 1297 * 1298 * If successful, 0 is returned. 1299 */ 1300 long keyctl_set_timeout(key_serial_t id, unsigned timeout) 1301 { 1302 struct key *key, *instkey; 1303 key_ref_t key_ref; 1304 long ret; 1305 1306 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 1307 KEY_NEED_SETATTR); 1308 if (IS_ERR(key_ref)) { 1309 /* setting the timeout on a key under construction is permitted 1310 * if we have the authorisation token handy */ 1311 if (PTR_ERR(key_ref) == -EACCES) { 1312 instkey = key_get_instantiation_authkey(id); 1313 if (!IS_ERR(instkey)) { 1314 key_put(instkey); 1315 key_ref = lookup_user_key(id, 1316 KEY_LOOKUP_PARTIAL, 1317 0); 1318 if (!IS_ERR(key_ref)) 1319 goto okay; 1320 } 1321 } 1322 1323 ret = PTR_ERR(key_ref); 1324 goto error; 1325 } 1326 1327 okay: 1328 key = key_ref_to_ptr(key_ref); 1329 key_set_timeout(key, timeout); 1330 key_put(key); 1331 1332 ret = 0; 1333 error: 1334 return ret; 1335 } 1336 1337 /* 1338 * Assume (or clear) the authority to instantiate the specified key. 1339 * 1340 * This sets the authoritative token currently in force for key instantiation. 1341 * This must be done for a key to be instantiated. It has the effect of making 1342 * available all the keys from the caller of the request_key() that created a 1343 * key to request_key() calls made by the caller of this function. 1344 * 1345 * The caller must have the instantiation key in their process keyrings with a 1346 * Search permission grant available to the caller. 1347 * 1348 * If the ID given is 0, then the setting will be cleared and 0 returned. 1349 * 1350 * If the ID given has a matching an authorisation key, then that key will be 1351 * set and its ID will be returned. The authorisation key can be read to get 1352 * the callout information passed to request_key(). 1353 */ 1354 long keyctl_assume_authority(key_serial_t id) 1355 { 1356 struct key *authkey; 1357 long ret; 1358 1359 /* special key IDs aren't permitted */ 1360 ret = -EINVAL; 1361 if (id < 0) 1362 goto error; 1363 1364 /* we divest ourselves of authority if given an ID of 0 */ 1365 if (id == 0) { 1366 ret = keyctl_change_reqkey_auth(NULL); 1367 goto error; 1368 } 1369 1370 /* attempt to assume the authority temporarily granted to us whilst we 1371 * instantiate the specified key 1372 * - the authorisation key must be in the current task's keyrings 1373 * somewhere 1374 */ 1375 authkey = key_get_instantiation_authkey(id); 1376 if (IS_ERR(authkey)) { 1377 ret = PTR_ERR(authkey); 1378 goto error; 1379 } 1380 1381 ret = keyctl_change_reqkey_auth(authkey); 1382 if (ret < 0) 1383 goto error; 1384 key_put(authkey); 1385 1386 ret = authkey->serial; 1387 error: 1388 return ret; 1389 } 1390 1391 /* 1392 * Get a key's the LSM security label. 1393 * 1394 * The key must grant the caller View permission for this to work. 1395 * 1396 * If there's a buffer, then up to buflen bytes of data will be placed into it. 1397 * 1398 * If successful, the amount of information available will be returned, 1399 * irrespective of how much was copied (including the terminal NUL). 1400 */ 1401 long keyctl_get_security(key_serial_t keyid, 1402 char __user *buffer, 1403 size_t buflen) 1404 { 1405 struct key *key, *instkey; 1406 key_ref_t key_ref; 1407 char *context; 1408 long ret; 1409 1410 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW); 1411 if (IS_ERR(key_ref)) { 1412 if (PTR_ERR(key_ref) != -EACCES) 1413 return PTR_ERR(key_ref); 1414 1415 /* viewing a key under construction is also permitted if we 1416 * have the authorisation token handy */ 1417 instkey = key_get_instantiation_authkey(keyid); 1418 if (IS_ERR(instkey)) 1419 return PTR_ERR(instkey); 1420 key_put(instkey); 1421 1422 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0); 1423 if (IS_ERR(key_ref)) 1424 return PTR_ERR(key_ref); 1425 } 1426 1427 key = key_ref_to_ptr(key_ref); 1428 ret = security_key_getsecurity(key, &context); 1429 if (ret == 0) { 1430 /* if no information was returned, give userspace an empty 1431 * string */ 1432 ret = 1; 1433 if (buffer && buflen > 0 && 1434 copy_to_user(buffer, "", 1) != 0) 1435 ret = -EFAULT; 1436 } else if (ret > 0) { 1437 /* return as much data as there's room for */ 1438 if (buffer && buflen > 0) { 1439 if (buflen > ret) 1440 buflen = ret; 1441 1442 if (copy_to_user(buffer, context, buflen) != 0) 1443 ret = -EFAULT; 1444 } 1445 1446 kfree(context); 1447 } 1448 1449 key_ref_put(key_ref); 1450 return ret; 1451 } 1452 1453 /* 1454 * Attempt to install the calling process's session keyring on the process's 1455 * parent process. 1456 * 1457 * The keyring must exist and must grant the caller LINK permission, and the 1458 * parent process must be single-threaded and must have the same effective 1459 * ownership as this process and mustn't be SUID/SGID. 1460 * 1461 * The keyring will be emplaced on the parent when it next resumes userspace. 1462 * 1463 * If successful, 0 will be returned. 1464 */ 1465 long keyctl_session_to_parent(void) 1466 { 1467 struct task_struct *me, *parent; 1468 const struct cred *mycred, *pcred; 1469 struct callback_head *newwork, *oldwork; 1470 key_ref_t keyring_r; 1471 struct cred *cred; 1472 int ret; 1473 1474 keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_NEED_LINK); 1475 if (IS_ERR(keyring_r)) 1476 return PTR_ERR(keyring_r); 1477 1478 ret = -ENOMEM; 1479 1480 /* our parent is going to need a new cred struct, a new tgcred struct 1481 * and new security data, so we allocate them here to prevent ENOMEM in 1482 * our parent */ 1483 cred = cred_alloc_blank(); 1484 if (!cred) 1485 goto error_keyring; 1486 newwork = &cred->rcu; 1487 1488 cred->session_keyring = key_ref_to_ptr(keyring_r); 1489 keyring_r = NULL; 1490 init_task_work(newwork, key_change_session_keyring); 1491 1492 me = current; 1493 rcu_read_lock(); 1494 write_lock_irq(&tasklist_lock); 1495 1496 ret = -EPERM; 1497 oldwork = NULL; 1498 parent = me->real_parent; 1499 1500 /* the parent mustn't be init and mustn't be a kernel thread */ 1501 if (parent->pid <= 1 || !parent->mm) 1502 goto unlock; 1503 1504 /* the parent must be single threaded */ 1505 if (!thread_group_empty(parent)) 1506 goto unlock; 1507 1508 /* the parent and the child must have different session keyrings or 1509 * there's no point */ 1510 mycred = current_cred(); 1511 pcred = __task_cred(parent); 1512 if (mycred == pcred || 1513 mycred->session_keyring == pcred->session_keyring) { 1514 ret = 0; 1515 goto unlock; 1516 } 1517 1518 /* the parent must have the same effective ownership and mustn't be 1519 * SUID/SGID */ 1520 if (!uid_eq(pcred->uid, mycred->euid) || 1521 !uid_eq(pcred->euid, mycred->euid) || 1522 !uid_eq(pcred->suid, mycred->euid) || 1523 !gid_eq(pcred->gid, mycred->egid) || 1524 !gid_eq(pcred->egid, mycred->egid) || 1525 !gid_eq(pcred->sgid, mycred->egid)) 1526 goto unlock; 1527 1528 /* the keyrings must have the same UID */ 1529 if ((pcred->session_keyring && 1530 !uid_eq(pcred->session_keyring->uid, mycred->euid)) || 1531 !uid_eq(mycred->session_keyring->uid, mycred->euid)) 1532 goto unlock; 1533 1534 /* cancel an already pending keyring replacement */ 1535 oldwork = task_work_cancel(parent, key_change_session_keyring); 1536 1537 /* the replacement session keyring is applied just prior to userspace 1538 * restarting */ 1539 ret = task_work_add(parent, newwork, true); 1540 if (!ret) 1541 newwork = NULL; 1542 unlock: 1543 write_unlock_irq(&tasklist_lock); 1544 rcu_read_unlock(); 1545 if (oldwork) 1546 put_cred(container_of(oldwork, struct cred, rcu)); 1547 if (newwork) 1548 put_cred(cred); 1549 return ret; 1550 1551 error_keyring: 1552 key_ref_put(keyring_r); 1553 return ret; 1554 } 1555 1556 /* 1557 * The key control system call 1558 */ 1559 SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, 1560 unsigned long, arg4, unsigned long, arg5) 1561 { 1562 switch (option) { 1563 case KEYCTL_GET_KEYRING_ID: 1564 return keyctl_get_keyring_ID((key_serial_t) arg2, 1565 (int) arg3); 1566 1567 case KEYCTL_JOIN_SESSION_KEYRING: 1568 return keyctl_join_session_keyring((const char __user *) arg2); 1569 1570 case KEYCTL_UPDATE: 1571 return keyctl_update_key((key_serial_t) arg2, 1572 (const void __user *) arg3, 1573 (size_t) arg4); 1574 1575 case KEYCTL_REVOKE: 1576 return keyctl_revoke_key((key_serial_t) arg2); 1577 1578 case KEYCTL_DESCRIBE: 1579 return keyctl_describe_key((key_serial_t) arg2, 1580 (char __user *) arg3, 1581 (unsigned) arg4); 1582 1583 case KEYCTL_CLEAR: 1584 return keyctl_keyring_clear((key_serial_t) arg2); 1585 1586 case KEYCTL_LINK: 1587 return keyctl_keyring_link((key_serial_t) arg2, 1588 (key_serial_t) arg3); 1589 1590 case KEYCTL_UNLINK: 1591 return keyctl_keyring_unlink((key_serial_t) arg2, 1592 (key_serial_t) arg3); 1593 1594 case KEYCTL_SEARCH: 1595 return keyctl_keyring_search((key_serial_t) arg2, 1596 (const char __user *) arg3, 1597 (const char __user *) arg4, 1598 (key_serial_t) arg5); 1599 1600 case KEYCTL_READ: 1601 return keyctl_read_key((key_serial_t) arg2, 1602 (char __user *) arg3, 1603 (size_t) arg4); 1604 1605 case KEYCTL_CHOWN: 1606 return keyctl_chown_key((key_serial_t) arg2, 1607 (uid_t) arg3, 1608 (gid_t) arg4); 1609 1610 case KEYCTL_SETPERM: 1611 return keyctl_setperm_key((key_serial_t) arg2, 1612 (key_perm_t) arg3); 1613 1614 case KEYCTL_INSTANTIATE: 1615 return keyctl_instantiate_key((key_serial_t) arg2, 1616 (const void __user *) arg3, 1617 (size_t) arg4, 1618 (key_serial_t) arg5); 1619 1620 case KEYCTL_NEGATE: 1621 return keyctl_negate_key((key_serial_t) arg2, 1622 (unsigned) arg3, 1623 (key_serial_t) arg4); 1624 1625 case KEYCTL_SET_REQKEY_KEYRING: 1626 return keyctl_set_reqkey_keyring(arg2); 1627 1628 case KEYCTL_SET_TIMEOUT: 1629 return keyctl_set_timeout((key_serial_t) arg2, 1630 (unsigned) arg3); 1631 1632 case KEYCTL_ASSUME_AUTHORITY: 1633 return keyctl_assume_authority((key_serial_t) arg2); 1634 1635 case KEYCTL_GET_SECURITY: 1636 return keyctl_get_security((key_serial_t) arg2, 1637 (char __user *) arg3, 1638 (size_t) arg4); 1639 1640 case KEYCTL_SESSION_TO_PARENT: 1641 return keyctl_session_to_parent(); 1642 1643 case KEYCTL_REJECT: 1644 return keyctl_reject_key((key_serial_t) arg2, 1645 (unsigned) arg3, 1646 (unsigned) arg4, 1647 (key_serial_t) arg5); 1648 1649 case KEYCTL_INSTANTIATE_IOV: 1650 return keyctl_instantiate_key_iov( 1651 (key_serial_t) arg2, 1652 (const struct iovec __user *) arg3, 1653 (unsigned) arg4, 1654 (key_serial_t) arg5); 1655 1656 case KEYCTL_INVALIDATE: 1657 return keyctl_invalidate_key((key_serial_t) arg2); 1658 1659 case KEYCTL_GET_PERSISTENT: 1660 return keyctl_get_persistent((uid_t)arg2, (key_serial_t)arg3); 1661 1662 default: 1663 return -EOPNOTSUPP; 1664 } 1665 } 1666