xref: /openbmc/linux/security/keys/process_keys.c (revision 6774def6)
1 /* Manage a process's keyrings
2  *
3  * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11 
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
15 #include <linux/keyctl.h>
16 #include <linux/fs.h>
17 #include <linux/err.h>
18 #include <linux/mutex.h>
19 #include <linux/security.h>
20 #include <linux/user_namespace.h>
21 #include <asm/uaccess.h>
22 #include "internal.h"
23 
24 /* Session keyring create vs join semaphore */
25 static DEFINE_MUTEX(key_session_mutex);
26 
27 /* User keyring creation semaphore */
28 static DEFINE_MUTEX(key_user_keyring_mutex);
29 
30 /* The root user's tracking struct */
31 struct key_user root_key_user = {
32 	.usage		= ATOMIC_INIT(3),
33 	.cons_lock	= __MUTEX_INITIALIZER(root_key_user.cons_lock),
34 	.lock		= __SPIN_LOCK_UNLOCKED(root_key_user.lock),
35 	.nkeys		= ATOMIC_INIT(2),
36 	.nikeys		= ATOMIC_INIT(2),
37 	.uid		= GLOBAL_ROOT_UID,
38 };
39 
40 /*
41  * Install the user and user session keyrings for the current process's UID.
42  */
43 int install_user_keyrings(void)
44 {
45 	struct user_struct *user;
46 	const struct cred *cred;
47 	struct key *uid_keyring, *session_keyring;
48 	key_perm_t user_keyring_perm;
49 	char buf[20];
50 	int ret;
51 	uid_t uid;
52 
53 	user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
54 	cred = current_cred();
55 	user = cred->user;
56 	uid = from_kuid(cred->user_ns, user->uid);
57 
58 	kenter("%p{%u}", user, uid);
59 
60 	if (user->uid_keyring && user->session_keyring) {
61 		kleave(" = 0 [exist]");
62 		return 0;
63 	}
64 
65 	mutex_lock(&key_user_keyring_mutex);
66 	ret = 0;
67 
68 	if (!user->uid_keyring) {
69 		/* get the UID-specific keyring
70 		 * - there may be one in existence already as it may have been
71 		 *   pinned by a session, but the user_struct pointing to it
72 		 *   may have been destroyed by setuid */
73 		sprintf(buf, "_uid.%u", uid);
74 
75 		uid_keyring = find_keyring_by_name(buf, true);
76 		if (IS_ERR(uid_keyring)) {
77 			uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID,
78 						    cred, user_keyring_perm,
79 						    KEY_ALLOC_IN_QUOTA, NULL);
80 			if (IS_ERR(uid_keyring)) {
81 				ret = PTR_ERR(uid_keyring);
82 				goto error;
83 			}
84 		}
85 
86 		/* get a default session keyring (which might also exist
87 		 * already) */
88 		sprintf(buf, "_uid_ses.%u", uid);
89 
90 		session_keyring = find_keyring_by_name(buf, true);
91 		if (IS_ERR(session_keyring)) {
92 			session_keyring =
93 				keyring_alloc(buf, user->uid, INVALID_GID,
94 					      cred, user_keyring_perm,
95 					      KEY_ALLOC_IN_QUOTA, NULL);
96 			if (IS_ERR(session_keyring)) {
97 				ret = PTR_ERR(session_keyring);
98 				goto error_release;
99 			}
100 
101 			/* we install a link from the user session keyring to
102 			 * the user keyring */
103 			ret = key_link(session_keyring, uid_keyring);
104 			if (ret < 0)
105 				goto error_release_both;
106 		}
107 
108 		/* install the keyrings */
109 		user->uid_keyring = uid_keyring;
110 		user->session_keyring = session_keyring;
111 	}
112 
113 	mutex_unlock(&key_user_keyring_mutex);
114 	kleave(" = 0");
115 	return 0;
116 
117 error_release_both:
118 	key_put(session_keyring);
119 error_release:
120 	key_put(uid_keyring);
121 error:
122 	mutex_unlock(&key_user_keyring_mutex);
123 	kleave(" = %d", ret);
124 	return ret;
125 }
126 
127 /*
128  * Install a fresh thread keyring directly to new credentials.  This keyring is
129  * allowed to overrun the quota.
130  */
131 int install_thread_keyring_to_cred(struct cred *new)
132 {
133 	struct key *keyring;
134 
135 	keyring = keyring_alloc("_tid", new->uid, new->gid, new,
136 				KEY_POS_ALL | KEY_USR_VIEW,
137 				KEY_ALLOC_QUOTA_OVERRUN, NULL);
138 	if (IS_ERR(keyring))
139 		return PTR_ERR(keyring);
140 
141 	new->thread_keyring = keyring;
142 	return 0;
143 }
144 
145 /*
146  * Install a fresh thread keyring, discarding the old one.
147  */
148 static int install_thread_keyring(void)
149 {
150 	struct cred *new;
151 	int ret;
152 
153 	new = prepare_creds();
154 	if (!new)
155 		return -ENOMEM;
156 
157 	BUG_ON(new->thread_keyring);
158 
159 	ret = install_thread_keyring_to_cred(new);
160 	if (ret < 0) {
161 		abort_creds(new);
162 		return ret;
163 	}
164 
165 	return commit_creds(new);
166 }
167 
168 /*
169  * Install a process keyring directly to a credentials struct.
170  *
171  * Returns -EEXIST if there was already a process keyring, 0 if one installed,
172  * and other value on any other error
173  */
174 int install_process_keyring_to_cred(struct cred *new)
175 {
176 	struct key *keyring;
177 
178 	if (new->process_keyring)
179 		return -EEXIST;
180 
181 	keyring = keyring_alloc("_pid", new->uid, new->gid, new,
182 				KEY_POS_ALL | KEY_USR_VIEW,
183 				KEY_ALLOC_QUOTA_OVERRUN, NULL);
184 	if (IS_ERR(keyring))
185 		return PTR_ERR(keyring);
186 
187 	new->process_keyring = keyring;
188 	return 0;
189 }
190 
191 /*
192  * Make sure a process keyring is installed for the current process.  The
193  * existing process keyring is not replaced.
194  *
195  * Returns 0 if there is a process keyring by the end of this function, some
196  * error otherwise.
197  */
198 static int install_process_keyring(void)
199 {
200 	struct cred *new;
201 	int ret;
202 
203 	new = prepare_creds();
204 	if (!new)
205 		return -ENOMEM;
206 
207 	ret = install_process_keyring_to_cred(new);
208 	if (ret < 0) {
209 		abort_creds(new);
210 		return ret != -EEXIST ? ret : 0;
211 	}
212 
213 	return commit_creds(new);
214 }
215 
216 /*
217  * Install a session keyring directly to a credentials struct.
218  */
219 int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
220 {
221 	unsigned long flags;
222 	struct key *old;
223 
224 	might_sleep();
225 
226 	/* create an empty session keyring */
227 	if (!keyring) {
228 		flags = KEY_ALLOC_QUOTA_OVERRUN;
229 		if (cred->session_keyring)
230 			flags = KEY_ALLOC_IN_QUOTA;
231 
232 		keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
233 					KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
234 					flags, NULL);
235 		if (IS_ERR(keyring))
236 			return PTR_ERR(keyring);
237 	} else {
238 		__key_get(keyring);
239 	}
240 
241 	/* install the keyring */
242 	old = cred->session_keyring;
243 	rcu_assign_pointer(cred->session_keyring, keyring);
244 
245 	if (old)
246 		key_put(old);
247 
248 	return 0;
249 }
250 
251 /*
252  * Install a session keyring, discarding the old one.  If a keyring is not
253  * supplied, an empty one is invented.
254  */
255 static int install_session_keyring(struct key *keyring)
256 {
257 	struct cred *new;
258 	int ret;
259 
260 	new = prepare_creds();
261 	if (!new)
262 		return -ENOMEM;
263 
264 	ret = install_session_keyring_to_cred(new, keyring);
265 	if (ret < 0) {
266 		abort_creds(new);
267 		return ret;
268 	}
269 
270 	return commit_creds(new);
271 }
272 
273 /*
274  * Handle the fsuid changing.
275  */
276 void key_fsuid_changed(struct task_struct *tsk)
277 {
278 	/* update the ownership of the thread keyring */
279 	BUG_ON(!tsk->cred);
280 	if (tsk->cred->thread_keyring) {
281 		down_write(&tsk->cred->thread_keyring->sem);
282 		tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
283 		up_write(&tsk->cred->thread_keyring->sem);
284 	}
285 }
286 
287 /*
288  * Handle the fsgid changing.
289  */
290 void key_fsgid_changed(struct task_struct *tsk)
291 {
292 	/* update the ownership of the thread keyring */
293 	BUG_ON(!tsk->cred);
294 	if (tsk->cred->thread_keyring) {
295 		down_write(&tsk->cred->thread_keyring->sem);
296 		tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
297 		up_write(&tsk->cred->thread_keyring->sem);
298 	}
299 }
300 
301 /*
302  * Search the process keyrings attached to the supplied cred for the first
303  * matching key.
304  *
305  * The search criteria are the type and the match function.  The description is
306  * given to the match function as a parameter, but doesn't otherwise influence
307  * the search.  Typically the match function will compare the description
308  * parameter to the key's description.
309  *
310  * This can only search keyrings that grant Search permission to the supplied
311  * credentials.  Keyrings linked to searched keyrings will also be searched if
312  * they grant Search permission too.  Keys can only be found if they grant
313  * Search permission to the credentials.
314  *
315  * Returns a pointer to the key with the key usage count incremented if
316  * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
317  * matched negative keys.
318  *
319  * In the case of a successful return, the possession attribute is set on the
320  * returned key reference.
321  */
322 key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
323 {
324 	key_ref_t key_ref, ret, err;
325 
326 	/* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
327 	 * searchable, but we failed to find a key or we found a negative key;
328 	 * otherwise we want to return a sample error (probably -EACCES) if
329 	 * none of the keyrings were searchable
330 	 *
331 	 * in terms of priority: success > -ENOKEY > -EAGAIN > other error
332 	 */
333 	key_ref = NULL;
334 	ret = NULL;
335 	err = ERR_PTR(-EAGAIN);
336 
337 	/* search the thread keyring first */
338 	if (ctx->cred->thread_keyring) {
339 		key_ref = keyring_search_aux(
340 			make_key_ref(ctx->cred->thread_keyring, 1), ctx);
341 		if (!IS_ERR(key_ref))
342 			goto found;
343 
344 		switch (PTR_ERR(key_ref)) {
345 		case -EAGAIN: /* no key */
346 		case -ENOKEY: /* negative key */
347 			ret = key_ref;
348 			break;
349 		default:
350 			err = key_ref;
351 			break;
352 		}
353 	}
354 
355 	/* search the process keyring second */
356 	if (ctx->cred->process_keyring) {
357 		key_ref = keyring_search_aux(
358 			make_key_ref(ctx->cred->process_keyring, 1), ctx);
359 		if (!IS_ERR(key_ref))
360 			goto found;
361 
362 		switch (PTR_ERR(key_ref)) {
363 		case -EAGAIN: /* no key */
364 			if (ret)
365 				break;
366 		case -ENOKEY: /* negative key */
367 			ret = key_ref;
368 			break;
369 		default:
370 			err = key_ref;
371 			break;
372 		}
373 	}
374 
375 	/* search the session keyring */
376 	if (ctx->cred->session_keyring) {
377 		rcu_read_lock();
378 		key_ref = keyring_search_aux(
379 			make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1),
380 			ctx);
381 		rcu_read_unlock();
382 
383 		if (!IS_ERR(key_ref))
384 			goto found;
385 
386 		switch (PTR_ERR(key_ref)) {
387 		case -EAGAIN: /* no key */
388 			if (ret)
389 				break;
390 		case -ENOKEY: /* negative key */
391 			ret = key_ref;
392 			break;
393 		default:
394 			err = key_ref;
395 			break;
396 		}
397 	}
398 	/* or search the user-session keyring */
399 	else if (ctx->cred->user->session_keyring) {
400 		key_ref = keyring_search_aux(
401 			make_key_ref(ctx->cred->user->session_keyring, 1),
402 			ctx);
403 		if (!IS_ERR(key_ref))
404 			goto found;
405 
406 		switch (PTR_ERR(key_ref)) {
407 		case -EAGAIN: /* no key */
408 			if (ret)
409 				break;
410 		case -ENOKEY: /* negative key */
411 			ret = key_ref;
412 			break;
413 		default:
414 			err = key_ref;
415 			break;
416 		}
417 	}
418 
419 	/* no key - decide on the error we're going to go for */
420 	key_ref = ret ? ret : err;
421 
422 found:
423 	return key_ref;
424 }
425 
426 /*
427  * Search the process keyrings attached to the supplied cred for the first
428  * matching key in the manner of search_my_process_keyrings(), but also search
429  * the keys attached to the assumed authorisation key using its credentials if
430  * one is available.
431  *
432  * Return same as search_my_process_keyrings().
433  */
434 key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
435 {
436 	struct request_key_auth *rka;
437 	key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
438 
439 	might_sleep();
440 
441 	key_ref = search_my_process_keyrings(ctx);
442 	if (!IS_ERR(key_ref))
443 		goto found;
444 	err = key_ref;
445 
446 	/* if this process has an instantiation authorisation key, then we also
447 	 * search the keyrings of the process mentioned there
448 	 * - we don't permit access to request_key auth keys via this method
449 	 */
450 	if (ctx->cred->request_key_auth &&
451 	    ctx->cred == current_cred() &&
452 	    ctx->index_key.type != &key_type_request_key_auth
453 	    ) {
454 		const struct cred *cred = ctx->cred;
455 
456 		/* defend against the auth key being revoked */
457 		down_read(&cred->request_key_auth->sem);
458 
459 		if (key_validate(ctx->cred->request_key_auth) == 0) {
460 			rka = ctx->cred->request_key_auth->payload.data;
461 
462 			ctx->cred = rka->cred;
463 			key_ref = search_process_keyrings(ctx);
464 			ctx->cred = cred;
465 
466 			up_read(&cred->request_key_auth->sem);
467 
468 			if (!IS_ERR(key_ref))
469 				goto found;
470 
471 			ret = key_ref;
472 		} else {
473 			up_read(&cred->request_key_auth->sem);
474 		}
475 	}
476 
477 	/* no key - decide on the error we're going to go for */
478 	if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
479 		key_ref = ERR_PTR(-ENOKEY);
480 	else if (err == ERR_PTR(-EACCES))
481 		key_ref = ret;
482 	else
483 		key_ref = err;
484 
485 found:
486 	return key_ref;
487 }
488 
489 /*
490  * See if the key we're looking at is the target key.
491  */
492 bool lookup_user_key_possessed(const struct key *key,
493 			       const struct key_match_data *match_data)
494 {
495 	return key == match_data->raw_data;
496 }
497 
498 /*
499  * Look up a key ID given us by userspace with a given permissions mask to get
500  * the key it refers to.
501  *
502  * Flags can be passed to request that special keyrings be created if referred
503  * to directly, to permit partially constructed keys to be found and to skip
504  * validity and permission checks on the found key.
505  *
506  * Returns a pointer to the key with an incremented usage count if successful;
507  * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
508  * to a key or the best found key was a negative key; -EKEYREVOKED or
509  * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
510  * found key doesn't grant the requested permit or the LSM denied access to it;
511  * or -ENOMEM if a special keyring couldn't be created.
512  *
513  * In the case of a successful return, the possession attribute is set on the
514  * returned key reference.
515  */
516 key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
517 			  key_perm_t perm)
518 {
519 	struct keyring_search_context ctx = {
520 		.match_data.cmp		= lookup_user_key_possessed,
521 		.match_data.lookup_type	= KEYRING_SEARCH_LOOKUP_DIRECT,
522 		.flags			= KEYRING_SEARCH_NO_STATE_CHECK,
523 	};
524 	struct request_key_auth *rka;
525 	struct key *key;
526 	key_ref_t key_ref, skey_ref;
527 	int ret;
528 
529 try_again:
530 	ctx.cred = get_current_cred();
531 	key_ref = ERR_PTR(-ENOKEY);
532 
533 	switch (id) {
534 	case KEY_SPEC_THREAD_KEYRING:
535 		if (!ctx.cred->thread_keyring) {
536 			if (!(lflags & KEY_LOOKUP_CREATE))
537 				goto error;
538 
539 			ret = install_thread_keyring();
540 			if (ret < 0) {
541 				key_ref = ERR_PTR(ret);
542 				goto error;
543 			}
544 			goto reget_creds;
545 		}
546 
547 		key = ctx.cred->thread_keyring;
548 		__key_get(key);
549 		key_ref = make_key_ref(key, 1);
550 		break;
551 
552 	case KEY_SPEC_PROCESS_KEYRING:
553 		if (!ctx.cred->process_keyring) {
554 			if (!(lflags & KEY_LOOKUP_CREATE))
555 				goto error;
556 
557 			ret = install_process_keyring();
558 			if (ret < 0) {
559 				key_ref = ERR_PTR(ret);
560 				goto error;
561 			}
562 			goto reget_creds;
563 		}
564 
565 		key = ctx.cred->process_keyring;
566 		__key_get(key);
567 		key_ref = make_key_ref(key, 1);
568 		break;
569 
570 	case KEY_SPEC_SESSION_KEYRING:
571 		if (!ctx.cred->session_keyring) {
572 			/* always install a session keyring upon access if one
573 			 * doesn't exist yet */
574 			ret = install_user_keyrings();
575 			if (ret < 0)
576 				goto error;
577 			if (lflags & KEY_LOOKUP_CREATE)
578 				ret = join_session_keyring(NULL);
579 			else
580 				ret = install_session_keyring(
581 					ctx.cred->user->session_keyring);
582 
583 			if (ret < 0)
584 				goto error;
585 			goto reget_creds;
586 		} else if (ctx.cred->session_keyring ==
587 			   ctx.cred->user->session_keyring &&
588 			   lflags & KEY_LOOKUP_CREATE) {
589 			ret = join_session_keyring(NULL);
590 			if (ret < 0)
591 				goto error;
592 			goto reget_creds;
593 		}
594 
595 		rcu_read_lock();
596 		key = rcu_dereference(ctx.cred->session_keyring);
597 		__key_get(key);
598 		rcu_read_unlock();
599 		key_ref = make_key_ref(key, 1);
600 		break;
601 
602 	case KEY_SPEC_USER_KEYRING:
603 		if (!ctx.cred->user->uid_keyring) {
604 			ret = install_user_keyrings();
605 			if (ret < 0)
606 				goto error;
607 		}
608 
609 		key = ctx.cred->user->uid_keyring;
610 		__key_get(key);
611 		key_ref = make_key_ref(key, 1);
612 		break;
613 
614 	case KEY_SPEC_USER_SESSION_KEYRING:
615 		if (!ctx.cred->user->session_keyring) {
616 			ret = install_user_keyrings();
617 			if (ret < 0)
618 				goto error;
619 		}
620 
621 		key = ctx.cred->user->session_keyring;
622 		__key_get(key);
623 		key_ref = make_key_ref(key, 1);
624 		break;
625 
626 	case KEY_SPEC_GROUP_KEYRING:
627 		/* group keyrings are not yet supported */
628 		key_ref = ERR_PTR(-EINVAL);
629 		goto error;
630 
631 	case KEY_SPEC_REQKEY_AUTH_KEY:
632 		key = ctx.cred->request_key_auth;
633 		if (!key)
634 			goto error;
635 
636 		__key_get(key);
637 		key_ref = make_key_ref(key, 1);
638 		break;
639 
640 	case KEY_SPEC_REQUESTOR_KEYRING:
641 		if (!ctx.cred->request_key_auth)
642 			goto error;
643 
644 		down_read(&ctx.cred->request_key_auth->sem);
645 		if (test_bit(KEY_FLAG_REVOKED,
646 			     &ctx.cred->request_key_auth->flags)) {
647 			key_ref = ERR_PTR(-EKEYREVOKED);
648 			key = NULL;
649 		} else {
650 			rka = ctx.cred->request_key_auth->payload.data;
651 			key = rka->dest_keyring;
652 			__key_get(key);
653 		}
654 		up_read(&ctx.cred->request_key_auth->sem);
655 		if (!key)
656 			goto error;
657 		key_ref = make_key_ref(key, 1);
658 		break;
659 
660 	default:
661 		key_ref = ERR_PTR(-EINVAL);
662 		if (id < 1)
663 			goto error;
664 
665 		key = key_lookup(id);
666 		if (IS_ERR(key)) {
667 			key_ref = ERR_CAST(key);
668 			goto error;
669 		}
670 
671 		key_ref = make_key_ref(key, 0);
672 
673 		/* check to see if we possess the key */
674 		ctx.index_key.type		= key->type;
675 		ctx.index_key.description	= key->description;
676 		ctx.index_key.desc_len		= strlen(key->description);
677 		ctx.match_data.raw_data		= key;
678 		kdebug("check possessed");
679 		skey_ref = search_process_keyrings(&ctx);
680 		kdebug("possessed=%p", skey_ref);
681 
682 		if (!IS_ERR(skey_ref)) {
683 			key_put(key);
684 			key_ref = skey_ref;
685 		}
686 
687 		break;
688 	}
689 
690 	/* unlink does not use the nominated key in any way, so can skip all
691 	 * the permission checks as it is only concerned with the keyring */
692 	if (lflags & KEY_LOOKUP_FOR_UNLINK) {
693 		ret = 0;
694 		goto error;
695 	}
696 
697 	if (!(lflags & KEY_LOOKUP_PARTIAL)) {
698 		ret = wait_for_key_construction(key, true);
699 		switch (ret) {
700 		case -ERESTARTSYS:
701 			goto invalid_key;
702 		default:
703 			if (perm)
704 				goto invalid_key;
705 		case 0:
706 			break;
707 		}
708 	} else if (perm) {
709 		ret = key_validate(key);
710 		if (ret < 0)
711 			goto invalid_key;
712 	}
713 
714 	ret = -EIO;
715 	if (!(lflags & KEY_LOOKUP_PARTIAL) &&
716 	    !test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
717 		goto invalid_key;
718 
719 	/* check the permissions */
720 	ret = key_task_permission(key_ref, ctx.cred, perm);
721 	if (ret < 0)
722 		goto invalid_key;
723 
724 	key->last_used_at = current_kernel_time().tv_sec;
725 
726 error:
727 	put_cred(ctx.cred);
728 	return key_ref;
729 
730 invalid_key:
731 	key_ref_put(key_ref);
732 	key_ref = ERR_PTR(ret);
733 	goto error;
734 
735 	/* if we attempted to install a keyring, then it may have caused new
736 	 * creds to be installed */
737 reget_creds:
738 	put_cred(ctx.cred);
739 	goto try_again;
740 }
741 
742 /*
743  * Join the named keyring as the session keyring if possible else attempt to
744  * create a new one of that name and join that.
745  *
746  * If the name is NULL, an empty anonymous keyring will be installed as the
747  * session keyring.
748  *
749  * Named session keyrings are joined with a semaphore held to prevent the
750  * keyrings from going away whilst the attempt is made to going them and also
751  * to prevent a race in creating compatible session keyrings.
752  */
753 long join_session_keyring(const char *name)
754 {
755 	const struct cred *old;
756 	struct cred *new;
757 	struct key *keyring;
758 	long ret, serial;
759 
760 	new = prepare_creds();
761 	if (!new)
762 		return -ENOMEM;
763 	old = current_cred();
764 
765 	/* if no name is provided, install an anonymous keyring */
766 	if (!name) {
767 		ret = install_session_keyring_to_cred(new, NULL);
768 		if (ret < 0)
769 			goto error;
770 
771 		serial = new->session_keyring->serial;
772 		ret = commit_creds(new);
773 		if (ret == 0)
774 			ret = serial;
775 		goto okay;
776 	}
777 
778 	/* allow the user to join or create a named keyring */
779 	mutex_lock(&key_session_mutex);
780 
781 	/* look for an existing keyring of this name */
782 	keyring = find_keyring_by_name(name, false);
783 	if (PTR_ERR(keyring) == -ENOKEY) {
784 		/* not found - try and create a new one */
785 		keyring = keyring_alloc(
786 			name, old->uid, old->gid, old,
787 			KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
788 			KEY_ALLOC_IN_QUOTA, NULL);
789 		if (IS_ERR(keyring)) {
790 			ret = PTR_ERR(keyring);
791 			goto error2;
792 		}
793 	} else if (IS_ERR(keyring)) {
794 		ret = PTR_ERR(keyring);
795 		goto error2;
796 	} else if (keyring == new->session_keyring) {
797 		ret = 0;
798 		goto error2;
799 	}
800 
801 	/* we've got a keyring - now to install it */
802 	ret = install_session_keyring_to_cred(new, keyring);
803 	if (ret < 0)
804 		goto error2;
805 
806 	commit_creds(new);
807 	mutex_unlock(&key_session_mutex);
808 
809 	ret = keyring->serial;
810 	key_put(keyring);
811 okay:
812 	return ret;
813 
814 error2:
815 	mutex_unlock(&key_session_mutex);
816 error:
817 	abort_creds(new);
818 	return ret;
819 }
820 
821 /*
822  * Replace a process's session keyring on behalf of one of its children when
823  * the target  process is about to resume userspace execution.
824  */
825 void key_change_session_keyring(struct callback_head *twork)
826 {
827 	const struct cred *old = current_cred();
828 	struct cred *new = container_of(twork, struct cred, rcu);
829 
830 	if (unlikely(current->flags & PF_EXITING)) {
831 		put_cred(new);
832 		return;
833 	}
834 
835 	new->  uid	= old->  uid;
836 	new-> euid	= old-> euid;
837 	new-> suid	= old-> suid;
838 	new->fsuid	= old->fsuid;
839 	new->  gid	= old->  gid;
840 	new-> egid	= old-> egid;
841 	new-> sgid	= old-> sgid;
842 	new->fsgid	= old->fsgid;
843 	new->user	= get_uid(old->user);
844 	new->user_ns	= get_user_ns(old->user_ns);
845 	new->group_info	= get_group_info(old->group_info);
846 
847 	new->securebits	= old->securebits;
848 	new->cap_inheritable	= old->cap_inheritable;
849 	new->cap_permitted	= old->cap_permitted;
850 	new->cap_effective	= old->cap_effective;
851 	new->cap_bset		= old->cap_bset;
852 
853 	new->jit_keyring	= old->jit_keyring;
854 	new->thread_keyring	= key_get(old->thread_keyring);
855 	new->process_keyring	= key_get(old->process_keyring);
856 
857 	security_transfer_creds(new, old);
858 
859 	commit_creds(new);
860 }
861 
862 /*
863  * Make sure that root's user and user-session keyrings exist.
864  */
865 static int __init init_root_keyring(void)
866 {
867 	return install_user_keyrings();
868 }
869 
870 late_initcall(init_root_keyring);
871