diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-07-11 03:43:43 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-07-11 03:43:43 +0200 |
commit | 028db3e290f15ac509084c0fc3b9d021f668f877 (patch) | |
tree | 7497244a90100f2464403063f88f83a555da03b3 /security/keys/key.c | |
parent | Merge tag 'docs-5.3' of git://git.lwn.net/linux (diff) | |
download | linux-028db3e290f15ac509084c0fc3b9d021f668f877.tar.xz linux-028db3e290f15ac509084c0fc3b9d021f668f877.zip |
Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs"
This reverts merge 0f75ef6a9cff49ff612f7ce0578bced9d0b38325 (and thus
effectively commits
7a1ade847596 ("keys: Provide KEYCTL_GRANT_PERMISSION")
2e12256b9a76 ("keys: Replace uid/gid/perm permissions checking with an ACL")
that the merge brought in).
It turns out that it breaks booting with an encrypted volume, and Eric
biggers reports that it also breaks the fscrypt tests [1] and loading of
in-kernel X.509 certificates [2].
The root cause of all the breakage is likely the same, but David Howells
is off email so rather than try to work it out it's getting reverted in
order to not impact the rest of the merge window.
[1] https://lore.kernel.org/lkml/20190710011559.GA7973@sol.localdomain/
[2] https://lore.kernel.org/lkml/20190710013225.GB7973@sol.localdomain/
Link: https://lore.kernel.org/lkml/CAHk-=wjxoeMJfeBahnWH=9zShKp2bsVy527vo3_y8HfOdhwAAw@mail.gmail.com/
Reported-by: Eric Biggers <ebiggers@kernel.org>
Cc: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/keys/key.c')
-rw-r--r-- | security/keys/key.c | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/security/keys/key.c b/security/keys/key.c index 519211a996e7..764f4c57913e 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -195,7 +195,7 @@ serial_exists: * @uid: The owner of the new key. * @gid: The group ID for the new key's group permissions. * @cred: The credentials specifying UID namespace. - * @acl: The ACL to attach to the new key. + * @perm: The permissions mask of the new key. * @flags: Flags specifying quota properties. * @restrict_link: Optional link restriction for new keyrings. * @@ -223,7 +223,7 @@ serial_exists: */ struct key *key_alloc(struct key_type *type, const char *desc, kuid_t uid, kgid_t gid, const struct cred *cred, - struct key_acl *acl, unsigned long flags, + key_perm_t perm, unsigned long flags, struct key_restriction *restrict_link) { struct key_user *user = NULL; @@ -246,9 +246,6 @@ struct key *key_alloc(struct key_type *type, const char *desc, desclen = strlen(desc); quotalen = desclen + 1 + type->def_datalen; - if (!acl) - acl = &default_key_acl; - /* get hold of the key tracking for this user */ user = key_user_lookup(uid); if (!user) @@ -295,8 +292,7 @@ struct key *key_alloc(struct key_type *type, const char *desc, key->datalen = type->def_datalen; key->uid = uid; key->gid = gid; - refcount_inc(&acl->usage); - rcu_assign_pointer(key->acl, acl); + key->perm = perm; key->restrict_link = restrict_link; key->last_used_at = ktime_get_real_seconds(); @@ -791,7 +787,7 @@ error: * @description: The searchable description for the key. * @payload: The data to use to instantiate or update the key. * @plen: The length of @payload. - * @acl: The ACL to attach if a key is created. + * @perm: The permissions mask for a new key. * @flags: The quota flags for a new key. * * Search the destination keyring for a key of the same description and if one @@ -814,7 +810,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, const char *description, const void *payload, size_t plen, - struct key_acl *acl, + key_perm_t perm, unsigned long flags) { struct keyring_index_key index_key = { @@ -911,9 +907,22 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, goto found_matching_key; } + /* if the client doesn't provide, decide on the permissions we want */ + if (perm == KEY_PERM_UNDEF) { + perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; + perm |= KEY_USR_VIEW; + + if (index_key.type->read) + perm |= KEY_POS_READ; + + if (index_key.type == &key_type_keyring || + index_key.type->update) + perm |= KEY_POS_WRITE; + } + /* allocate a new key */ key = key_alloc(index_key.type, index_key.description, - cred->fsuid, cred->fsgid, cred, acl, flags, NULL); + cred->fsuid, cred->fsgid, cred, perm, flags, NULL); if (IS_ERR(key)) { key_ref = ERR_CAST(key); goto error_link_end; |