xref: /openbmc/linux/security/keys/process_keys.c (revision 98ddec80)
1 /* Manage a process's keyrings
2  *
3  * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11 
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
15 #include <linux/sched/user.h>
16 #include <linux/keyctl.h>
17 #include <linux/fs.h>
18 #include <linux/err.h>
19 #include <linux/mutex.h>
20 #include <linux/security.h>
21 #include <linux/user_namespace.h>
22 #include <linux/uaccess.h>
23 #include "internal.h"
24 
25 /* Session keyring create vs join semaphore */
26 static DEFINE_MUTEX(key_session_mutex);
27 
28 /* User keyring creation semaphore */
29 static DEFINE_MUTEX(key_user_keyring_mutex);
30 
31 /* The root user's tracking struct */
32 struct key_user root_key_user = {
33 	.usage		= REFCOUNT_INIT(3),
34 	.cons_lock	= __MUTEX_INITIALIZER(root_key_user.cons_lock),
35 	.lock		= __SPIN_LOCK_UNLOCKED(root_key_user.lock),
36 	.nkeys		= ATOMIC_INIT(2),
37 	.nikeys		= ATOMIC_INIT(2),
38 	.uid		= GLOBAL_ROOT_UID,
39 };
40 
41 /*
42  * Install the user and user session keyrings for the current process's UID.
43  */
44 int install_user_keyrings(void)
45 {
46 	struct user_struct *user;
47 	const struct cred *cred;
48 	struct key *uid_keyring, *session_keyring;
49 	key_perm_t user_keyring_perm;
50 	char buf[20];
51 	int ret;
52 	uid_t uid;
53 
54 	user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
55 	cred = current_cred();
56 	user = cred->user;
57 	uid = from_kuid(cred->user_ns, user->uid);
58 
59 	kenter("%p{%u}", user, uid);
60 
61 	if (user->uid_keyring && user->session_keyring) {
62 		kleave(" = 0 [exist]");
63 		return 0;
64 	}
65 
66 	mutex_lock(&key_user_keyring_mutex);
67 	ret = 0;
68 
69 	if (!user->uid_keyring) {
70 		/* get the UID-specific keyring
71 		 * - there may be one in existence already as it may have been
72 		 *   pinned by a session, but the user_struct pointing to it
73 		 *   may have been destroyed by setuid */
74 		sprintf(buf, "_uid.%u", uid);
75 
76 		uid_keyring = find_keyring_by_name(buf, true);
77 		if (IS_ERR(uid_keyring)) {
78 			uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID,
79 						    cred, user_keyring_perm,
80 						    KEY_ALLOC_UID_KEYRING |
81 							KEY_ALLOC_IN_QUOTA,
82 						    NULL, NULL);
83 			if (IS_ERR(uid_keyring)) {
84 				ret = PTR_ERR(uid_keyring);
85 				goto error;
86 			}
87 		}
88 
89 		/* get a default session keyring (which might also exist
90 		 * already) */
91 		sprintf(buf, "_uid_ses.%u", uid);
92 
93 		session_keyring = find_keyring_by_name(buf, true);
94 		if (IS_ERR(session_keyring)) {
95 			session_keyring =
96 				keyring_alloc(buf, user->uid, INVALID_GID,
97 					      cred, user_keyring_perm,
98 					      KEY_ALLOC_UID_KEYRING |
99 						  KEY_ALLOC_IN_QUOTA,
100 					      NULL, NULL);
101 			if (IS_ERR(session_keyring)) {
102 				ret = PTR_ERR(session_keyring);
103 				goto error_release;
104 			}
105 
106 			/* we install a link from the user session keyring to
107 			 * the user keyring */
108 			ret = key_link(session_keyring, uid_keyring);
109 			if (ret < 0)
110 				goto error_release_both;
111 		}
112 
113 		/* install the keyrings */
114 		user->uid_keyring = uid_keyring;
115 		user->session_keyring = session_keyring;
116 	}
117 
118 	mutex_unlock(&key_user_keyring_mutex);
119 	kleave(" = 0");
120 	return 0;
121 
122 error_release_both:
123 	key_put(session_keyring);
124 error_release:
125 	key_put(uid_keyring);
126 error:
127 	mutex_unlock(&key_user_keyring_mutex);
128 	kleave(" = %d", ret);
129 	return ret;
130 }
131 
132 /*
133  * Install a thread keyring to the given credentials struct if it didn't have
134  * one already.  This is allowed to overrun the quota.
135  *
136  * Return: 0 if a thread keyring is now present; -errno on failure.
137  */
138 int install_thread_keyring_to_cred(struct cred *new)
139 {
140 	struct key *keyring;
141 
142 	if (new->thread_keyring)
143 		return 0;
144 
145 	keyring = keyring_alloc("_tid", new->uid, new->gid, new,
146 				KEY_POS_ALL | KEY_USR_VIEW,
147 				KEY_ALLOC_QUOTA_OVERRUN,
148 				NULL, NULL);
149 	if (IS_ERR(keyring))
150 		return PTR_ERR(keyring);
151 
152 	new->thread_keyring = keyring;
153 	return 0;
154 }
155 
156 /*
157  * Install a thread keyring to the current task if it didn't have one already.
158  *
159  * Return: 0 if a thread keyring is now present; -errno on failure.
160  */
161 static int install_thread_keyring(void)
162 {
163 	struct cred *new;
164 	int ret;
165 
166 	new = prepare_creds();
167 	if (!new)
168 		return -ENOMEM;
169 
170 	ret = install_thread_keyring_to_cred(new);
171 	if (ret < 0) {
172 		abort_creds(new);
173 		return ret;
174 	}
175 
176 	return commit_creds(new);
177 }
178 
179 /*
180  * Install a process keyring to the given credentials struct if it didn't have
181  * one already.  This is allowed to overrun the quota.
182  *
183  * Return: 0 if a process keyring is now present; -errno on failure.
184  */
185 int install_process_keyring_to_cred(struct cred *new)
186 {
187 	struct key *keyring;
188 
189 	if (new->process_keyring)
190 		return 0;
191 
192 	keyring = keyring_alloc("_pid", new->uid, new->gid, new,
193 				KEY_POS_ALL | KEY_USR_VIEW,
194 				KEY_ALLOC_QUOTA_OVERRUN,
195 				NULL, NULL);
196 	if (IS_ERR(keyring))
197 		return PTR_ERR(keyring);
198 
199 	new->process_keyring = keyring;
200 	return 0;
201 }
202 
203 /*
204  * Install a process keyring to the current task if it didn't have one already.
205  *
206  * Return: 0 if a process keyring is now present; -errno on failure.
207  */
208 static int install_process_keyring(void)
209 {
210 	struct cred *new;
211 	int ret;
212 
213 	new = prepare_creds();
214 	if (!new)
215 		return -ENOMEM;
216 
217 	ret = install_process_keyring_to_cred(new);
218 	if (ret < 0) {
219 		abort_creds(new);
220 		return ret;
221 	}
222 
223 	return commit_creds(new);
224 }
225 
226 /*
227  * Install the given keyring as the session keyring of the given credentials
228  * struct, replacing the existing one if any.  If the given keyring is NULL,
229  * then install a new anonymous session keyring.
230  *
231  * Return: 0 on success; -errno on failure.
232  */
233 int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
234 {
235 	unsigned long flags;
236 	struct key *old;
237 
238 	might_sleep();
239 
240 	/* create an empty session keyring */
241 	if (!keyring) {
242 		flags = KEY_ALLOC_QUOTA_OVERRUN;
243 		if (cred->session_keyring)
244 			flags = KEY_ALLOC_IN_QUOTA;
245 
246 		keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
247 					KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
248 					flags, NULL, NULL);
249 		if (IS_ERR(keyring))
250 			return PTR_ERR(keyring);
251 	} else {
252 		__key_get(keyring);
253 	}
254 
255 	/* install the keyring */
256 	old = cred->session_keyring;
257 	rcu_assign_pointer(cred->session_keyring, keyring);
258 
259 	if (old)
260 		key_put(old);
261 
262 	return 0;
263 }
264 
265 /*
266  * Install the given keyring as the session keyring of the current task,
267  * replacing the existing one if any.  If the given keyring is NULL, then
268  * install a new anonymous session keyring.
269  *
270  * Return: 0 on success; -errno on failure.
271  */
272 static int install_session_keyring(struct key *keyring)
273 {
274 	struct cred *new;
275 	int ret;
276 
277 	new = prepare_creds();
278 	if (!new)
279 		return -ENOMEM;
280 
281 	ret = install_session_keyring_to_cred(new, keyring);
282 	if (ret < 0) {
283 		abort_creds(new);
284 		return ret;
285 	}
286 
287 	return commit_creds(new);
288 }
289 
290 /*
291  * Handle the fsuid changing.
292  */
293 void key_fsuid_changed(struct task_struct *tsk)
294 {
295 	/* update the ownership of the thread keyring */
296 	BUG_ON(!tsk->cred);
297 	if (tsk->cred->thread_keyring) {
298 		down_write(&tsk->cred->thread_keyring->sem);
299 		tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
300 		up_write(&tsk->cred->thread_keyring->sem);
301 	}
302 }
303 
304 /*
305  * Handle the fsgid changing.
306  */
307 void key_fsgid_changed(struct task_struct *tsk)
308 {
309 	/* update the ownership of the thread keyring */
310 	BUG_ON(!tsk->cred);
311 	if (tsk->cred->thread_keyring) {
312 		down_write(&tsk->cred->thread_keyring->sem);
313 		tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
314 		up_write(&tsk->cred->thread_keyring->sem);
315 	}
316 }
317 
318 /*
319  * Search the process keyrings attached to the supplied cred for the first
320  * matching key.
321  *
322  * The search criteria are the type and the match function.  The description is
323  * given to the match function as a parameter, but doesn't otherwise influence
324  * the search.  Typically the match function will compare the description
325  * parameter to the key's description.
326  *
327  * This can only search keyrings that grant Search permission to the supplied
328  * credentials.  Keyrings linked to searched keyrings will also be searched if
329  * they grant Search permission too.  Keys can only be found if they grant
330  * Search permission to the credentials.
331  *
332  * Returns a pointer to the key with the key usage count incremented if
333  * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
334  * matched negative keys.
335  *
336  * In the case of a successful return, the possession attribute is set on the
337  * returned key reference.
338  */
339 key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
340 {
341 	key_ref_t key_ref, ret, err;
342 
343 	/* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
344 	 * searchable, but we failed to find a key or we found a negative key;
345 	 * otherwise we want to return a sample error (probably -EACCES) if
346 	 * none of the keyrings were searchable
347 	 *
348 	 * in terms of priority: success > -ENOKEY > -EAGAIN > other error
349 	 */
350 	key_ref = NULL;
351 	ret = NULL;
352 	err = ERR_PTR(-EAGAIN);
353 
354 	/* search the thread keyring first */
355 	if (ctx->cred->thread_keyring) {
356 		key_ref = keyring_search_aux(
357 			make_key_ref(ctx->cred->thread_keyring, 1), ctx);
358 		if (!IS_ERR(key_ref))
359 			goto found;
360 
361 		switch (PTR_ERR(key_ref)) {
362 		case -EAGAIN: /* no key */
363 		case -ENOKEY: /* negative key */
364 			ret = key_ref;
365 			break;
366 		default:
367 			err = key_ref;
368 			break;
369 		}
370 	}
371 
372 	/* search the process keyring second */
373 	if (ctx->cred->process_keyring) {
374 		key_ref = keyring_search_aux(
375 			make_key_ref(ctx->cred->process_keyring, 1), ctx);
376 		if (!IS_ERR(key_ref))
377 			goto found;
378 
379 		switch (PTR_ERR(key_ref)) {
380 		case -EAGAIN: /* no key */
381 			if (ret)
382 				break;
383 		case -ENOKEY: /* negative key */
384 			ret = key_ref;
385 			break;
386 		default:
387 			err = key_ref;
388 			break;
389 		}
390 	}
391 
392 	/* search the session keyring */
393 	if (ctx->cred->session_keyring) {
394 		rcu_read_lock();
395 		key_ref = keyring_search_aux(
396 			make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1),
397 			ctx);
398 		rcu_read_unlock();
399 
400 		if (!IS_ERR(key_ref))
401 			goto found;
402 
403 		switch (PTR_ERR(key_ref)) {
404 		case -EAGAIN: /* no key */
405 			if (ret)
406 				break;
407 		case -ENOKEY: /* negative key */
408 			ret = key_ref;
409 			break;
410 		default:
411 			err = key_ref;
412 			break;
413 		}
414 	}
415 	/* or search the user-session keyring */
416 	else if (ctx->cred->user->session_keyring) {
417 		key_ref = keyring_search_aux(
418 			make_key_ref(ctx->cred->user->session_keyring, 1),
419 			ctx);
420 		if (!IS_ERR(key_ref))
421 			goto found;
422 
423 		switch (PTR_ERR(key_ref)) {
424 		case -EAGAIN: /* no key */
425 			if (ret)
426 				break;
427 		case -ENOKEY: /* negative key */
428 			ret = key_ref;
429 			break;
430 		default:
431 			err = key_ref;
432 			break;
433 		}
434 	}
435 
436 	/* no key - decide on the error we're going to go for */
437 	key_ref = ret ? ret : err;
438 
439 found:
440 	return key_ref;
441 }
442 
443 /*
444  * Search the process keyrings attached to the supplied cred for the first
445  * matching key in the manner of search_my_process_keyrings(), but also search
446  * the keys attached to the assumed authorisation key using its credentials if
447  * one is available.
448  *
449  * Return same as search_my_process_keyrings().
450  */
451 key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
452 {
453 	struct request_key_auth *rka;
454 	key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
455 
456 	might_sleep();
457 
458 	key_ref = search_my_process_keyrings(ctx);
459 	if (!IS_ERR(key_ref))
460 		goto found;
461 	err = key_ref;
462 
463 	/* if this process has an instantiation authorisation key, then we also
464 	 * search the keyrings of the process mentioned there
465 	 * - we don't permit access to request_key auth keys via this method
466 	 */
467 	if (ctx->cred->request_key_auth &&
468 	    ctx->cred == current_cred() &&
469 	    ctx->index_key.type != &key_type_request_key_auth
470 	    ) {
471 		const struct cred *cred = ctx->cred;
472 
473 		/* defend against the auth key being revoked */
474 		down_read(&cred->request_key_auth->sem);
475 
476 		if (key_validate(ctx->cred->request_key_auth) == 0) {
477 			rka = ctx->cred->request_key_auth->payload.data[0];
478 
479 			ctx->cred = rka->cred;
480 			key_ref = search_process_keyrings(ctx);
481 			ctx->cred = cred;
482 
483 			up_read(&cred->request_key_auth->sem);
484 
485 			if (!IS_ERR(key_ref))
486 				goto found;
487 
488 			ret = key_ref;
489 		} else {
490 			up_read(&cred->request_key_auth->sem);
491 		}
492 	}
493 
494 	/* no key - decide on the error we're going to go for */
495 	if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
496 		key_ref = ERR_PTR(-ENOKEY);
497 	else if (err == ERR_PTR(-EACCES))
498 		key_ref = ret;
499 	else
500 		key_ref = err;
501 
502 found:
503 	return key_ref;
504 }
505 
506 /*
507  * See if the key we're looking at is the target key.
508  */
509 bool lookup_user_key_possessed(const struct key *key,
510 			       const struct key_match_data *match_data)
511 {
512 	return key == match_data->raw_data;
513 }
514 
515 /*
516  * Look up a key ID given us by userspace with a given permissions mask to get
517  * the key it refers to.
518  *
519  * Flags can be passed to request that special keyrings be created if referred
520  * to directly, to permit partially constructed keys to be found and to skip
521  * validity and permission checks on the found key.
522  *
523  * Returns a pointer to the key with an incremented usage count if successful;
524  * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
525  * to a key or the best found key was a negative key; -EKEYREVOKED or
526  * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
527  * found key doesn't grant the requested permit or the LSM denied access to it;
528  * or -ENOMEM if a special keyring couldn't be created.
529  *
530  * In the case of a successful return, the possession attribute is set on the
531  * returned key reference.
532  */
533 key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
534 			  key_perm_t perm)
535 {
536 	struct keyring_search_context ctx = {
537 		.match_data.cmp		= lookup_user_key_possessed,
538 		.match_data.lookup_type	= KEYRING_SEARCH_LOOKUP_DIRECT,
539 		.flags			= KEYRING_SEARCH_NO_STATE_CHECK,
540 	};
541 	struct request_key_auth *rka;
542 	struct key *key;
543 	key_ref_t key_ref, skey_ref;
544 	int ret;
545 
546 try_again:
547 	ctx.cred = get_current_cred();
548 	key_ref = ERR_PTR(-ENOKEY);
549 
550 	switch (id) {
551 	case KEY_SPEC_THREAD_KEYRING:
552 		if (!ctx.cred->thread_keyring) {
553 			if (!(lflags & KEY_LOOKUP_CREATE))
554 				goto error;
555 
556 			ret = install_thread_keyring();
557 			if (ret < 0) {
558 				key_ref = ERR_PTR(ret);
559 				goto error;
560 			}
561 			goto reget_creds;
562 		}
563 
564 		key = ctx.cred->thread_keyring;
565 		__key_get(key);
566 		key_ref = make_key_ref(key, 1);
567 		break;
568 
569 	case KEY_SPEC_PROCESS_KEYRING:
570 		if (!ctx.cred->process_keyring) {
571 			if (!(lflags & KEY_LOOKUP_CREATE))
572 				goto error;
573 
574 			ret = install_process_keyring();
575 			if (ret < 0) {
576 				key_ref = ERR_PTR(ret);
577 				goto error;
578 			}
579 			goto reget_creds;
580 		}
581 
582 		key = ctx.cred->process_keyring;
583 		__key_get(key);
584 		key_ref = make_key_ref(key, 1);
585 		break;
586 
587 	case KEY_SPEC_SESSION_KEYRING:
588 		if (!ctx.cred->session_keyring) {
589 			/* always install a session keyring upon access if one
590 			 * doesn't exist yet */
591 			ret = install_user_keyrings();
592 			if (ret < 0)
593 				goto error;
594 			if (lflags & KEY_LOOKUP_CREATE)
595 				ret = join_session_keyring(NULL);
596 			else
597 				ret = install_session_keyring(
598 					ctx.cred->user->session_keyring);
599 
600 			if (ret < 0)
601 				goto error;
602 			goto reget_creds;
603 		} else if (ctx.cred->session_keyring ==
604 			   ctx.cred->user->session_keyring &&
605 			   lflags & KEY_LOOKUP_CREATE) {
606 			ret = join_session_keyring(NULL);
607 			if (ret < 0)
608 				goto error;
609 			goto reget_creds;
610 		}
611 
612 		rcu_read_lock();
613 		key = rcu_dereference(ctx.cred->session_keyring);
614 		__key_get(key);
615 		rcu_read_unlock();
616 		key_ref = make_key_ref(key, 1);
617 		break;
618 
619 	case KEY_SPEC_USER_KEYRING:
620 		if (!ctx.cred->user->uid_keyring) {
621 			ret = install_user_keyrings();
622 			if (ret < 0)
623 				goto error;
624 		}
625 
626 		key = ctx.cred->user->uid_keyring;
627 		__key_get(key);
628 		key_ref = make_key_ref(key, 1);
629 		break;
630 
631 	case KEY_SPEC_USER_SESSION_KEYRING:
632 		if (!ctx.cred->user->session_keyring) {
633 			ret = install_user_keyrings();
634 			if (ret < 0)
635 				goto error;
636 		}
637 
638 		key = ctx.cred->user->session_keyring;
639 		__key_get(key);
640 		key_ref = make_key_ref(key, 1);
641 		break;
642 
643 	case KEY_SPEC_GROUP_KEYRING:
644 		/* group keyrings are not yet supported */
645 		key_ref = ERR_PTR(-EINVAL);
646 		goto error;
647 
648 	case KEY_SPEC_REQKEY_AUTH_KEY:
649 		key = ctx.cred->request_key_auth;
650 		if (!key)
651 			goto error;
652 
653 		__key_get(key);
654 		key_ref = make_key_ref(key, 1);
655 		break;
656 
657 	case KEY_SPEC_REQUESTOR_KEYRING:
658 		if (!ctx.cred->request_key_auth)
659 			goto error;
660 
661 		down_read(&ctx.cred->request_key_auth->sem);
662 		if (test_bit(KEY_FLAG_REVOKED,
663 			     &ctx.cred->request_key_auth->flags)) {
664 			key_ref = ERR_PTR(-EKEYREVOKED);
665 			key = NULL;
666 		} else {
667 			rka = ctx.cred->request_key_auth->payload.data[0];
668 			key = rka->dest_keyring;
669 			__key_get(key);
670 		}
671 		up_read(&ctx.cred->request_key_auth->sem);
672 		if (!key)
673 			goto error;
674 		key_ref = make_key_ref(key, 1);
675 		break;
676 
677 	default:
678 		key_ref = ERR_PTR(-EINVAL);
679 		if (id < 1)
680 			goto error;
681 
682 		key = key_lookup(id);
683 		if (IS_ERR(key)) {
684 			key_ref = ERR_CAST(key);
685 			goto error;
686 		}
687 
688 		key_ref = make_key_ref(key, 0);
689 
690 		/* check to see if we possess the key */
691 		ctx.index_key.type		= key->type;
692 		ctx.index_key.description	= key->description;
693 		ctx.index_key.desc_len		= strlen(key->description);
694 		ctx.match_data.raw_data		= key;
695 		kdebug("check possessed");
696 		skey_ref = search_process_keyrings(&ctx);
697 		kdebug("possessed=%p", skey_ref);
698 
699 		if (!IS_ERR(skey_ref)) {
700 			key_put(key);
701 			key_ref = skey_ref;
702 		}
703 
704 		break;
705 	}
706 
707 	/* unlink does not use the nominated key in any way, so can skip all
708 	 * the permission checks as it is only concerned with the keyring */
709 	if (lflags & KEY_LOOKUP_FOR_UNLINK) {
710 		ret = 0;
711 		goto error;
712 	}
713 
714 	if (!(lflags & KEY_LOOKUP_PARTIAL)) {
715 		ret = wait_for_key_construction(key, true);
716 		switch (ret) {
717 		case -ERESTARTSYS:
718 			goto invalid_key;
719 		default:
720 			if (perm)
721 				goto invalid_key;
722 		case 0:
723 			break;
724 		}
725 	} else if (perm) {
726 		ret = key_validate(key);
727 		if (ret < 0)
728 			goto invalid_key;
729 	}
730 
731 	ret = -EIO;
732 	if (!(lflags & KEY_LOOKUP_PARTIAL) &&
733 	    key_read_state(key) == KEY_IS_UNINSTANTIATED)
734 		goto invalid_key;
735 
736 	/* check the permissions */
737 	ret = key_task_permission(key_ref, ctx.cred, perm);
738 	if (ret < 0)
739 		goto invalid_key;
740 
741 	key->last_used_at = ktime_get_real_seconds();
742 
743 error:
744 	put_cred(ctx.cred);
745 	return key_ref;
746 
747 invalid_key:
748 	key_ref_put(key_ref);
749 	key_ref = ERR_PTR(ret);
750 	goto error;
751 
752 	/* if we attempted to install a keyring, then it may have caused new
753 	 * creds to be installed */
754 reget_creds:
755 	put_cred(ctx.cred);
756 	goto try_again;
757 }
758 
759 /*
760  * Join the named keyring as the session keyring if possible else attempt to
761  * create a new one of that name and join that.
762  *
763  * If the name is NULL, an empty anonymous keyring will be installed as the
764  * session keyring.
765  *
766  * Named session keyrings are joined with a semaphore held to prevent the
767  * keyrings from going away whilst the attempt is made to going them and also
768  * to prevent a race in creating compatible session keyrings.
769  */
770 long join_session_keyring(const char *name)
771 {
772 	const struct cred *old;
773 	struct cred *new;
774 	struct key *keyring;
775 	long ret, serial;
776 
777 	new = prepare_creds();
778 	if (!new)
779 		return -ENOMEM;
780 	old = current_cred();
781 
782 	/* if no name is provided, install an anonymous keyring */
783 	if (!name) {
784 		ret = install_session_keyring_to_cred(new, NULL);
785 		if (ret < 0)
786 			goto error;
787 
788 		serial = new->session_keyring->serial;
789 		ret = commit_creds(new);
790 		if (ret == 0)
791 			ret = serial;
792 		goto okay;
793 	}
794 
795 	/* allow the user to join or create a named keyring */
796 	mutex_lock(&key_session_mutex);
797 
798 	/* look for an existing keyring of this name */
799 	keyring = find_keyring_by_name(name, false);
800 	if (PTR_ERR(keyring) == -ENOKEY) {
801 		/* not found - try and create a new one */
802 		keyring = keyring_alloc(
803 			name, old->uid, old->gid, old,
804 			KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
805 			KEY_ALLOC_IN_QUOTA, NULL, NULL);
806 		if (IS_ERR(keyring)) {
807 			ret = PTR_ERR(keyring);
808 			goto error2;
809 		}
810 	} else if (IS_ERR(keyring)) {
811 		ret = PTR_ERR(keyring);
812 		goto error2;
813 	} else if (keyring == new->session_keyring) {
814 		ret = 0;
815 		goto error3;
816 	}
817 
818 	/* we've got a keyring - now to install it */
819 	ret = install_session_keyring_to_cred(new, keyring);
820 	if (ret < 0)
821 		goto error3;
822 
823 	commit_creds(new);
824 	mutex_unlock(&key_session_mutex);
825 
826 	ret = keyring->serial;
827 	key_put(keyring);
828 okay:
829 	return ret;
830 
831 error3:
832 	key_put(keyring);
833 error2:
834 	mutex_unlock(&key_session_mutex);
835 error:
836 	abort_creds(new);
837 	return ret;
838 }
839 
840 /*
841  * Replace a process's session keyring on behalf of one of its children when
842  * the target  process is about to resume userspace execution.
843  */
844 void key_change_session_keyring(struct callback_head *twork)
845 {
846 	const struct cred *old = current_cred();
847 	struct cred *new = container_of(twork, struct cred, rcu);
848 
849 	if (unlikely(current->flags & PF_EXITING)) {
850 		put_cred(new);
851 		return;
852 	}
853 
854 	new->  uid	= old->  uid;
855 	new-> euid	= old-> euid;
856 	new-> suid	= old-> suid;
857 	new->fsuid	= old->fsuid;
858 	new->  gid	= old->  gid;
859 	new-> egid	= old-> egid;
860 	new-> sgid	= old-> sgid;
861 	new->fsgid	= old->fsgid;
862 	new->user	= get_uid(old->user);
863 	new->user_ns	= get_user_ns(old->user_ns);
864 	new->group_info	= get_group_info(old->group_info);
865 
866 	new->securebits	= old->securebits;
867 	new->cap_inheritable	= old->cap_inheritable;
868 	new->cap_permitted	= old->cap_permitted;
869 	new->cap_effective	= old->cap_effective;
870 	new->cap_ambient	= old->cap_ambient;
871 	new->cap_bset		= old->cap_bset;
872 
873 	new->jit_keyring	= old->jit_keyring;
874 	new->thread_keyring	= key_get(old->thread_keyring);
875 	new->process_keyring	= key_get(old->process_keyring);
876 
877 	security_transfer_creds(new, old);
878 
879 	commit_creds(new);
880 }
881 
882 /*
883  * Make sure that root's user and user-session keyrings exist.
884  */
885 static int __init init_root_keyring(void)
886 {
887 	return install_user_keyrings();
888 }
889 
890 late_initcall(init_root_keyring);
891