xref: /openbmc/linux/security/keys/process_keys.c (revision 79f08d9e)
1 /* Manage a process's keyrings
2  *
3  * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11 
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
15 #include <linux/keyctl.h>
16 #include <linux/fs.h>
17 #include <linux/err.h>
18 #include <linux/mutex.h>
19 #include <linux/security.h>
20 #include <linux/user_namespace.h>
21 #include <asm/uaccess.h>
22 #include "internal.h"
23 
24 /* Session keyring create vs join semaphore */
25 static DEFINE_MUTEX(key_session_mutex);
26 
27 /* User keyring creation semaphore */
28 static DEFINE_MUTEX(key_user_keyring_mutex);
29 
30 /* The root user's tracking struct */
31 struct key_user root_key_user = {
32 	.usage		= ATOMIC_INIT(3),
33 	.cons_lock	= __MUTEX_INITIALIZER(root_key_user.cons_lock),
34 	.lock		= __SPIN_LOCK_UNLOCKED(root_key_user.lock),
35 	.nkeys		= ATOMIC_INIT(2),
36 	.nikeys		= ATOMIC_INIT(2),
37 	.uid		= GLOBAL_ROOT_UID,
38 };
39 
40 /*
41  * Install the user and user session keyrings for the current process's UID.
42  */
43 int install_user_keyrings(void)
44 {
45 	struct user_struct *user;
46 	const struct cred *cred;
47 	struct key *uid_keyring, *session_keyring;
48 	key_perm_t user_keyring_perm;
49 	char buf[20];
50 	int ret;
51 	uid_t uid;
52 
53 	user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
54 	cred = current_cred();
55 	user = cred->user;
56 	uid = from_kuid(cred->user_ns, user->uid);
57 
58 	kenter("%p{%u}", user, uid);
59 
60 	if (user->uid_keyring && user->session_keyring) {
61 		kleave(" = 0 [exist]");
62 		return 0;
63 	}
64 
65 	mutex_lock(&key_user_keyring_mutex);
66 	ret = 0;
67 
68 	if (!user->uid_keyring) {
69 		/* get the UID-specific keyring
70 		 * - there may be one in existence already as it may have been
71 		 *   pinned by a session, but the user_struct pointing to it
72 		 *   may have been destroyed by setuid */
73 		sprintf(buf, "_uid.%u", uid);
74 
75 		uid_keyring = find_keyring_by_name(buf, true);
76 		if (IS_ERR(uid_keyring)) {
77 			uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID,
78 						    cred, user_keyring_perm,
79 						    KEY_ALLOC_IN_QUOTA, NULL);
80 			if (IS_ERR(uid_keyring)) {
81 				ret = PTR_ERR(uid_keyring);
82 				goto error;
83 			}
84 		}
85 
86 		/* get a default session keyring (which might also exist
87 		 * already) */
88 		sprintf(buf, "_uid_ses.%u", uid);
89 
90 		session_keyring = find_keyring_by_name(buf, true);
91 		if (IS_ERR(session_keyring)) {
92 			session_keyring =
93 				keyring_alloc(buf, user->uid, INVALID_GID,
94 					      cred, user_keyring_perm,
95 					      KEY_ALLOC_IN_QUOTA, NULL);
96 			if (IS_ERR(session_keyring)) {
97 				ret = PTR_ERR(session_keyring);
98 				goto error_release;
99 			}
100 
101 			/* we install a link from the user session keyring to
102 			 * the user keyring */
103 			ret = key_link(session_keyring, uid_keyring);
104 			if (ret < 0)
105 				goto error_release_both;
106 		}
107 
108 		/* install the keyrings */
109 		user->uid_keyring = uid_keyring;
110 		user->session_keyring = session_keyring;
111 	}
112 
113 	mutex_unlock(&key_user_keyring_mutex);
114 	kleave(" = 0");
115 	return 0;
116 
117 error_release_both:
118 	key_put(session_keyring);
119 error_release:
120 	key_put(uid_keyring);
121 error:
122 	mutex_unlock(&key_user_keyring_mutex);
123 	kleave(" = %d", ret);
124 	return ret;
125 }
126 
127 /*
128  * Install a fresh thread keyring directly to new credentials.  This keyring is
129  * allowed to overrun the quota.
130  */
131 int install_thread_keyring_to_cred(struct cred *new)
132 {
133 	struct key *keyring;
134 
135 	keyring = keyring_alloc("_tid", new->uid, new->gid, new,
136 				KEY_POS_ALL | KEY_USR_VIEW,
137 				KEY_ALLOC_QUOTA_OVERRUN, NULL);
138 	if (IS_ERR(keyring))
139 		return PTR_ERR(keyring);
140 
141 	new->thread_keyring = keyring;
142 	return 0;
143 }
144 
145 /*
146  * Install a fresh thread keyring, discarding the old one.
147  */
148 static int install_thread_keyring(void)
149 {
150 	struct cred *new;
151 	int ret;
152 
153 	new = prepare_creds();
154 	if (!new)
155 		return -ENOMEM;
156 
157 	BUG_ON(new->thread_keyring);
158 
159 	ret = install_thread_keyring_to_cred(new);
160 	if (ret < 0) {
161 		abort_creds(new);
162 		return ret;
163 	}
164 
165 	return commit_creds(new);
166 }
167 
168 /*
169  * Install a process keyring directly to a credentials struct.
170  *
171  * Returns -EEXIST if there was already a process keyring, 0 if one installed,
172  * and other value on any other error
173  */
174 int install_process_keyring_to_cred(struct cred *new)
175 {
176 	struct key *keyring;
177 
178 	if (new->process_keyring)
179 		return -EEXIST;
180 
181 	keyring = keyring_alloc("_pid", new->uid, new->gid, new,
182 				KEY_POS_ALL | KEY_USR_VIEW,
183 				KEY_ALLOC_QUOTA_OVERRUN, NULL);
184 	if (IS_ERR(keyring))
185 		return PTR_ERR(keyring);
186 
187 	new->process_keyring = keyring;
188 	return 0;
189 }
190 
191 /*
192  * Make sure a process keyring is installed for the current process.  The
193  * existing process keyring is not replaced.
194  *
195  * Returns 0 if there is a process keyring by the end of this function, some
196  * error otherwise.
197  */
198 static int install_process_keyring(void)
199 {
200 	struct cred *new;
201 	int ret;
202 
203 	new = prepare_creds();
204 	if (!new)
205 		return -ENOMEM;
206 
207 	ret = install_process_keyring_to_cred(new);
208 	if (ret < 0) {
209 		abort_creds(new);
210 		return ret != -EEXIST ? ret : 0;
211 	}
212 
213 	return commit_creds(new);
214 }
215 
216 /*
217  * Install a session keyring directly to a credentials struct.
218  */
219 int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
220 {
221 	unsigned long flags;
222 	struct key *old;
223 
224 	might_sleep();
225 
226 	/* create an empty session keyring */
227 	if (!keyring) {
228 		flags = KEY_ALLOC_QUOTA_OVERRUN;
229 		if (cred->session_keyring)
230 			flags = KEY_ALLOC_IN_QUOTA;
231 
232 		keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
233 					KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
234 					flags, NULL);
235 		if (IS_ERR(keyring))
236 			return PTR_ERR(keyring);
237 	} else {
238 		__key_get(keyring);
239 	}
240 
241 	/* install the keyring */
242 	old = cred->session_keyring;
243 	rcu_assign_pointer(cred->session_keyring, keyring);
244 
245 	if (old)
246 		key_put(old);
247 
248 	return 0;
249 }
250 
251 /*
252  * Install a session keyring, discarding the old one.  If a keyring is not
253  * supplied, an empty one is invented.
254  */
255 static int install_session_keyring(struct key *keyring)
256 {
257 	struct cred *new;
258 	int ret;
259 
260 	new = prepare_creds();
261 	if (!new)
262 		return -ENOMEM;
263 
264 	ret = install_session_keyring_to_cred(new, keyring);
265 	if (ret < 0) {
266 		abort_creds(new);
267 		return ret;
268 	}
269 
270 	return commit_creds(new);
271 }
272 
273 /*
274  * Handle the fsuid changing.
275  */
276 void key_fsuid_changed(struct task_struct *tsk)
277 {
278 	/* update the ownership of the thread keyring */
279 	BUG_ON(!tsk->cred);
280 	if (tsk->cred->thread_keyring) {
281 		down_write(&tsk->cred->thread_keyring->sem);
282 		tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
283 		up_write(&tsk->cred->thread_keyring->sem);
284 	}
285 }
286 
287 /*
288  * Handle the fsgid changing.
289  */
290 void key_fsgid_changed(struct task_struct *tsk)
291 {
292 	/* update the ownership of the thread keyring */
293 	BUG_ON(!tsk->cred);
294 	if (tsk->cred->thread_keyring) {
295 		down_write(&tsk->cred->thread_keyring->sem);
296 		tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
297 		up_write(&tsk->cred->thread_keyring->sem);
298 	}
299 }
300 
301 /*
302  * Search the process keyrings attached to the supplied cred for the first
303  * matching key.
304  *
305  * The search criteria are the type and the match function.  The description is
306  * given to the match function as a parameter, but doesn't otherwise influence
307  * the search.  Typically the match function will compare the description
308  * parameter to the key's description.
309  *
310  * This can only search keyrings that grant Search permission to the supplied
311  * credentials.  Keyrings linked to searched keyrings will also be searched if
312  * they grant Search permission too.  Keys can only be found if they grant
313  * Search permission to the credentials.
314  *
315  * Returns a pointer to the key with the key usage count incremented if
316  * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
317  * matched negative keys.
318  *
319  * In the case of a successful return, the possession attribute is set on the
320  * returned key reference.
321  */
322 key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
323 {
324 	key_ref_t key_ref, ret, err;
325 
326 	/* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
327 	 * searchable, but we failed to find a key or we found a negative key;
328 	 * otherwise we want to return a sample error (probably -EACCES) if
329 	 * none of the keyrings were searchable
330 	 *
331 	 * in terms of priority: success > -ENOKEY > -EAGAIN > other error
332 	 */
333 	key_ref = NULL;
334 	ret = NULL;
335 	err = ERR_PTR(-EAGAIN);
336 
337 	/* search the thread keyring first */
338 	if (ctx->cred->thread_keyring) {
339 		key_ref = keyring_search_aux(
340 			make_key_ref(ctx->cred->thread_keyring, 1), ctx);
341 		if (!IS_ERR(key_ref))
342 			goto found;
343 
344 		switch (PTR_ERR(key_ref)) {
345 		case -EAGAIN: /* no key */
346 		case -ENOKEY: /* negative key */
347 			ret = key_ref;
348 			break;
349 		default:
350 			err = key_ref;
351 			break;
352 		}
353 	}
354 
355 	/* search the process keyring second */
356 	if (ctx->cred->process_keyring) {
357 		key_ref = keyring_search_aux(
358 			make_key_ref(ctx->cred->process_keyring, 1), ctx);
359 		if (!IS_ERR(key_ref))
360 			goto found;
361 
362 		switch (PTR_ERR(key_ref)) {
363 		case -EAGAIN: /* no key */
364 			if (ret)
365 				break;
366 		case -ENOKEY: /* negative key */
367 			ret = key_ref;
368 			break;
369 		default:
370 			err = key_ref;
371 			break;
372 		}
373 	}
374 
375 	/* search the session keyring */
376 	if (ctx->cred->session_keyring) {
377 		rcu_read_lock();
378 		key_ref = keyring_search_aux(
379 			make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1),
380 			ctx);
381 		rcu_read_unlock();
382 
383 		if (!IS_ERR(key_ref))
384 			goto found;
385 
386 		switch (PTR_ERR(key_ref)) {
387 		case -EAGAIN: /* no key */
388 			if (ret)
389 				break;
390 		case -ENOKEY: /* negative key */
391 			ret = key_ref;
392 			break;
393 		default:
394 			err = key_ref;
395 			break;
396 		}
397 	}
398 	/* or search the user-session keyring */
399 	else if (ctx->cred->user->session_keyring) {
400 		key_ref = keyring_search_aux(
401 			make_key_ref(ctx->cred->user->session_keyring, 1),
402 			ctx);
403 		if (!IS_ERR(key_ref))
404 			goto found;
405 
406 		switch (PTR_ERR(key_ref)) {
407 		case -EAGAIN: /* no key */
408 			if (ret)
409 				break;
410 		case -ENOKEY: /* negative key */
411 			ret = key_ref;
412 			break;
413 		default:
414 			err = key_ref;
415 			break;
416 		}
417 	}
418 
419 	/* no key - decide on the error we're going to go for */
420 	key_ref = ret ? ret : err;
421 
422 found:
423 	return key_ref;
424 }
425 
426 /*
427  * Search the process keyrings attached to the supplied cred for the first
428  * matching key in the manner of search_my_process_keyrings(), but also search
429  * the keys attached to the assumed authorisation key using its credentials if
430  * one is available.
431  *
432  * Return same as search_my_process_keyrings().
433  */
434 key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
435 {
436 	struct request_key_auth *rka;
437 	key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
438 
439 	might_sleep();
440 
441 	key_ref = search_my_process_keyrings(ctx);
442 	if (!IS_ERR(key_ref))
443 		goto found;
444 	err = key_ref;
445 
446 	/* if this process has an instantiation authorisation key, then we also
447 	 * search the keyrings of the process mentioned there
448 	 * - we don't permit access to request_key auth keys via this method
449 	 */
450 	if (ctx->cred->request_key_auth &&
451 	    ctx->cred == current_cred() &&
452 	    ctx->index_key.type != &key_type_request_key_auth
453 	    ) {
454 		const struct cred *cred = ctx->cred;
455 
456 		/* defend against the auth key being revoked */
457 		down_read(&cred->request_key_auth->sem);
458 
459 		if (key_validate(ctx->cred->request_key_auth) == 0) {
460 			rka = ctx->cred->request_key_auth->payload.data;
461 
462 			ctx->cred = rka->cred;
463 			key_ref = search_process_keyrings(ctx);
464 			ctx->cred = cred;
465 
466 			up_read(&cred->request_key_auth->sem);
467 
468 			if (!IS_ERR(key_ref))
469 				goto found;
470 
471 			ret = key_ref;
472 		} else {
473 			up_read(&cred->request_key_auth->sem);
474 		}
475 	}
476 
477 	/* no key - decide on the error we're going to go for */
478 	if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
479 		key_ref = ERR_PTR(-ENOKEY);
480 	else if (err == ERR_PTR(-EACCES))
481 		key_ref = ret;
482 	else
483 		key_ref = err;
484 
485 found:
486 	return key_ref;
487 }
488 
489 /*
490  * See if the key we're looking at is the target key.
491  */
492 int lookup_user_key_possessed(const struct key *key, const void *target)
493 {
494 	return key == target;
495 }
496 
497 /*
498  * Look up a key ID given us by userspace with a given permissions mask to get
499  * the key it refers to.
500  *
501  * Flags can be passed to request that special keyrings be created if referred
502  * to directly, to permit partially constructed keys to be found and to skip
503  * validity and permission checks on the found key.
504  *
505  * Returns a pointer to the key with an incremented usage count if successful;
506  * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
507  * to a key or the best found key was a negative key; -EKEYREVOKED or
508  * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
509  * found key doesn't grant the requested permit or the LSM denied access to it;
510  * or -ENOMEM if a special keyring couldn't be created.
511  *
512  * In the case of a successful return, the possession attribute is set on the
513  * returned key reference.
514  */
515 key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
516 			  key_perm_t perm)
517 {
518 	struct keyring_search_context ctx = {
519 		.match	= lookup_user_key_possessed,
520 		.flags	= (KEYRING_SEARCH_NO_STATE_CHECK |
521 			   KEYRING_SEARCH_LOOKUP_DIRECT),
522 	};
523 	struct request_key_auth *rka;
524 	struct key *key;
525 	key_ref_t key_ref, skey_ref;
526 	int ret;
527 
528 try_again:
529 	ctx.cred = get_current_cred();
530 	key_ref = ERR_PTR(-ENOKEY);
531 
532 	switch (id) {
533 	case KEY_SPEC_THREAD_KEYRING:
534 		if (!ctx.cred->thread_keyring) {
535 			if (!(lflags & KEY_LOOKUP_CREATE))
536 				goto error;
537 
538 			ret = install_thread_keyring();
539 			if (ret < 0) {
540 				key_ref = ERR_PTR(ret);
541 				goto error;
542 			}
543 			goto reget_creds;
544 		}
545 
546 		key = ctx.cred->thread_keyring;
547 		__key_get(key);
548 		key_ref = make_key_ref(key, 1);
549 		break;
550 
551 	case KEY_SPEC_PROCESS_KEYRING:
552 		if (!ctx.cred->process_keyring) {
553 			if (!(lflags & KEY_LOOKUP_CREATE))
554 				goto error;
555 
556 			ret = install_process_keyring();
557 			if (ret < 0) {
558 				key_ref = ERR_PTR(ret);
559 				goto error;
560 			}
561 			goto reget_creds;
562 		}
563 
564 		key = ctx.cred->process_keyring;
565 		__key_get(key);
566 		key_ref = make_key_ref(key, 1);
567 		break;
568 
569 	case KEY_SPEC_SESSION_KEYRING:
570 		if (!ctx.cred->session_keyring) {
571 			/* always install a session keyring upon access if one
572 			 * doesn't exist yet */
573 			ret = install_user_keyrings();
574 			if (ret < 0)
575 				goto error;
576 			if (lflags & KEY_LOOKUP_CREATE)
577 				ret = join_session_keyring(NULL);
578 			else
579 				ret = install_session_keyring(
580 					ctx.cred->user->session_keyring);
581 
582 			if (ret < 0)
583 				goto error;
584 			goto reget_creds;
585 		} else if (ctx.cred->session_keyring ==
586 			   ctx.cred->user->session_keyring &&
587 			   lflags & KEY_LOOKUP_CREATE) {
588 			ret = join_session_keyring(NULL);
589 			if (ret < 0)
590 				goto error;
591 			goto reget_creds;
592 		}
593 
594 		rcu_read_lock();
595 		key = rcu_dereference(ctx.cred->session_keyring);
596 		__key_get(key);
597 		rcu_read_unlock();
598 		key_ref = make_key_ref(key, 1);
599 		break;
600 
601 	case KEY_SPEC_USER_KEYRING:
602 		if (!ctx.cred->user->uid_keyring) {
603 			ret = install_user_keyrings();
604 			if (ret < 0)
605 				goto error;
606 		}
607 
608 		key = ctx.cred->user->uid_keyring;
609 		__key_get(key);
610 		key_ref = make_key_ref(key, 1);
611 		break;
612 
613 	case KEY_SPEC_USER_SESSION_KEYRING:
614 		if (!ctx.cred->user->session_keyring) {
615 			ret = install_user_keyrings();
616 			if (ret < 0)
617 				goto error;
618 		}
619 
620 		key = ctx.cred->user->session_keyring;
621 		__key_get(key);
622 		key_ref = make_key_ref(key, 1);
623 		break;
624 
625 	case KEY_SPEC_GROUP_KEYRING:
626 		/* group keyrings are not yet supported */
627 		key_ref = ERR_PTR(-EINVAL);
628 		goto error;
629 
630 	case KEY_SPEC_REQKEY_AUTH_KEY:
631 		key = ctx.cred->request_key_auth;
632 		if (!key)
633 			goto error;
634 
635 		__key_get(key);
636 		key_ref = make_key_ref(key, 1);
637 		break;
638 
639 	case KEY_SPEC_REQUESTOR_KEYRING:
640 		if (!ctx.cred->request_key_auth)
641 			goto error;
642 
643 		down_read(&ctx.cred->request_key_auth->sem);
644 		if (test_bit(KEY_FLAG_REVOKED,
645 			     &ctx.cred->request_key_auth->flags)) {
646 			key_ref = ERR_PTR(-EKEYREVOKED);
647 			key = NULL;
648 		} else {
649 			rka = ctx.cred->request_key_auth->payload.data;
650 			key = rka->dest_keyring;
651 			__key_get(key);
652 		}
653 		up_read(&ctx.cred->request_key_auth->sem);
654 		if (!key)
655 			goto error;
656 		key_ref = make_key_ref(key, 1);
657 		break;
658 
659 	default:
660 		key_ref = ERR_PTR(-EINVAL);
661 		if (id < 1)
662 			goto error;
663 
664 		key = key_lookup(id);
665 		if (IS_ERR(key)) {
666 			key_ref = ERR_CAST(key);
667 			goto error;
668 		}
669 
670 		key_ref = make_key_ref(key, 0);
671 
672 		/* check to see if we possess the key */
673 		ctx.index_key.type		= key->type;
674 		ctx.index_key.description	= key->description;
675 		ctx.index_key.desc_len		= strlen(key->description);
676 		ctx.match_data			= key;
677 		kdebug("check possessed");
678 		skey_ref = search_process_keyrings(&ctx);
679 		kdebug("possessed=%p", skey_ref);
680 
681 		if (!IS_ERR(skey_ref)) {
682 			key_put(key);
683 			key_ref = skey_ref;
684 		}
685 
686 		break;
687 	}
688 
689 	/* unlink does not use the nominated key in any way, so can skip all
690 	 * the permission checks as it is only concerned with the keyring */
691 	if (lflags & KEY_LOOKUP_FOR_UNLINK) {
692 		ret = 0;
693 		goto error;
694 	}
695 
696 	if (!(lflags & KEY_LOOKUP_PARTIAL)) {
697 		ret = wait_for_key_construction(key, true);
698 		switch (ret) {
699 		case -ERESTARTSYS:
700 			goto invalid_key;
701 		default:
702 			if (perm)
703 				goto invalid_key;
704 		case 0:
705 			break;
706 		}
707 	} else if (perm) {
708 		ret = key_validate(key);
709 		if (ret < 0)
710 			goto invalid_key;
711 	}
712 
713 	ret = -EIO;
714 	if (!(lflags & KEY_LOOKUP_PARTIAL) &&
715 	    !test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
716 		goto invalid_key;
717 
718 	/* check the permissions */
719 	ret = key_task_permission(key_ref, ctx.cred, perm);
720 	if (ret < 0)
721 		goto invalid_key;
722 
723 	key->last_used_at = current_kernel_time().tv_sec;
724 
725 error:
726 	put_cred(ctx.cred);
727 	return key_ref;
728 
729 invalid_key:
730 	key_ref_put(key_ref);
731 	key_ref = ERR_PTR(ret);
732 	goto error;
733 
734 	/* if we attempted to install a keyring, then it may have caused new
735 	 * creds to be installed */
736 reget_creds:
737 	put_cred(ctx.cred);
738 	goto try_again;
739 }
740 
741 /*
742  * Join the named keyring as the session keyring if possible else attempt to
743  * create a new one of that name and join that.
744  *
745  * If the name is NULL, an empty anonymous keyring will be installed as the
746  * session keyring.
747  *
748  * Named session keyrings are joined with a semaphore held to prevent the
749  * keyrings from going away whilst the attempt is made to going them and also
750  * to prevent a race in creating compatible session keyrings.
751  */
752 long join_session_keyring(const char *name)
753 {
754 	const struct cred *old;
755 	struct cred *new;
756 	struct key *keyring;
757 	long ret, serial;
758 
759 	new = prepare_creds();
760 	if (!new)
761 		return -ENOMEM;
762 	old = current_cred();
763 
764 	/* if no name is provided, install an anonymous keyring */
765 	if (!name) {
766 		ret = install_session_keyring_to_cred(new, NULL);
767 		if (ret < 0)
768 			goto error;
769 
770 		serial = new->session_keyring->serial;
771 		ret = commit_creds(new);
772 		if (ret == 0)
773 			ret = serial;
774 		goto okay;
775 	}
776 
777 	/* allow the user to join or create a named keyring */
778 	mutex_lock(&key_session_mutex);
779 
780 	/* look for an existing keyring of this name */
781 	keyring = find_keyring_by_name(name, false);
782 	if (PTR_ERR(keyring) == -ENOKEY) {
783 		/* not found - try and create a new one */
784 		keyring = keyring_alloc(
785 			name, old->uid, old->gid, old,
786 			KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
787 			KEY_ALLOC_IN_QUOTA, NULL);
788 		if (IS_ERR(keyring)) {
789 			ret = PTR_ERR(keyring);
790 			goto error2;
791 		}
792 	} else if (IS_ERR(keyring)) {
793 		ret = PTR_ERR(keyring);
794 		goto error2;
795 	} else if (keyring == new->session_keyring) {
796 		ret = 0;
797 		goto error2;
798 	}
799 
800 	/* we've got a keyring - now to install it */
801 	ret = install_session_keyring_to_cred(new, keyring);
802 	if (ret < 0)
803 		goto error2;
804 
805 	commit_creds(new);
806 	mutex_unlock(&key_session_mutex);
807 
808 	ret = keyring->serial;
809 	key_put(keyring);
810 okay:
811 	return ret;
812 
813 error2:
814 	mutex_unlock(&key_session_mutex);
815 error:
816 	abort_creds(new);
817 	return ret;
818 }
819 
820 /*
821  * Replace a process's session keyring on behalf of one of its children when
822  * the target  process is about to resume userspace execution.
823  */
824 void key_change_session_keyring(struct callback_head *twork)
825 {
826 	const struct cred *old = current_cred();
827 	struct cred *new = container_of(twork, struct cred, rcu);
828 
829 	if (unlikely(current->flags & PF_EXITING)) {
830 		put_cred(new);
831 		return;
832 	}
833 
834 	new->  uid	= old->  uid;
835 	new-> euid	= old-> euid;
836 	new-> suid	= old-> suid;
837 	new->fsuid	= old->fsuid;
838 	new->  gid	= old->  gid;
839 	new-> egid	= old-> egid;
840 	new-> sgid	= old-> sgid;
841 	new->fsgid	= old->fsgid;
842 	new->user	= get_uid(old->user);
843 	new->user_ns	= get_user_ns(old->user_ns);
844 	new->group_info	= get_group_info(old->group_info);
845 
846 	new->securebits	= old->securebits;
847 	new->cap_inheritable	= old->cap_inheritable;
848 	new->cap_permitted	= old->cap_permitted;
849 	new->cap_effective	= old->cap_effective;
850 	new->cap_bset		= old->cap_bset;
851 
852 	new->jit_keyring	= old->jit_keyring;
853 	new->thread_keyring	= key_get(old->thread_keyring);
854 	new->process_keyring	= key_get(old->process_keyring);
855 
856 	security_transfer_creds(new, old);
857 
858 	commit_creds(new);
859 }
860 
861 /*
862  * Make sure that root's user and user-session keyrings exist.
863  */
864 static int __init init_root_keyring(void)
865 {
866 	return install_user_keyrings();
867 }
868 
869 late_initcall(init_root_keyring);
870