diff options
Diffstat (limited to 'Documentation/security/keys')
-rw-r--r-- | Documentation/security/keys/core.rst | 10 | ||||
-rw-r--r-- | Documentation/security/keys/request-key.rst | 9 |
2 files changed, 19 insertions, 0 deletions
diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst index 82dd457ff78d..003f1452a5b7 100644 --- a/Documentation/security/keys/core.rst +++ b/Documentation/security/keys/core.rst @@ -1147,6 +1147,16 @@ payload contents" for more information. case error ERESTARTSYS will be returned. + * To search for a key under RCU conditions, call:: + + struct key *request_key_rcu(const struct key_type *type, + const char *description); + + which is similar to request_key() except that it does not check for keys + that are under construction and it will not call out to userspace to + construct a key if it can't find a match. + + * When it is no longer required, the key should be released using:: void key_put(struct key *key); diff --git a/Documentation/security/keys/request-key.rst b/Documentation/security/keys/request-key.rst index 07af991463b5..7caedc4d29f1 100644 --- a/Documentation/security/keys/request-key.rst +++ b/Documentation/security/keys/request-key.rst @@ -36,6 +36,11 @@ or:: size_t callout_len, void *aux); +or:: + + struct key *request_key_rcu(const struct key_type *type, + const char *description); + Or by userspace invoking the request_key system call:: key_serial_t request_key(const char *type, @@ -57,6 +62,10 @@ The two async in-kernel calls may return keys that are still in the process of being constructed. The two non-async ones will wait for construction to complete first. +The request_key_rcu() call is like the in-kernel request_key() call, except +that it doesn't check for keys that are under construction and doesn't attempt +to construct missing keys. + The userspace interface links the key to a keyring associated with the process to prevent the key from going away, and returns the serial number of the key to the caller. |