xref: /openbmc/linux/security/keys/process_keys.c (revision c2cd9d04)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* Manage a process's keyrings
3  *
4  * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
5  * Written by David Howells (dhowells@redhat.com)
6  */
7 
8 #include <linux/init.h>
9 #include <linux/sched.h>
10 #include <linux/sched/user.h>
11 #include <linux/keyctl.h>
12 #include <linux/fs.h>
13 #include <linux/err.h>
14 #include <linux/mutex.h>
15 #include <linux/security.h>
16 #include <linux/user_namespace.h>
17 #include <linux/uaccess.h>
18 #include <keys/request_key_auth-type.h>
19 #include "internal.h"
20 
21 /* Session keyring create vs join semaphore */
22 static DEFINE_MUTEX(key_session_mutex);
23 
24 /* User keyring creation semaphore */
25 static DEFINE_MUTEX(key_user_keyring_mutex);
26 
27 /* The root user's tracking struct */
28 struct key_user root_key_user = {
29 	.usage		= REFCOUNT_INIT(3),
30 	.cons_lock	= __MUTEX_INITIALIZER(root_key_user.cons_lock),
31 	.lock		= __SPIN_LOCK_UNLOCKED(root_key_user.lock),
32 	.nkeys		= ATOMIC_INIT(2),
33 	.nikeys		= ATOMIC_INIT(2),
34 	.uid		= GLOBAL_ROOT_UID,
35 };
36 
37 /*
38  * Install the user and user session keyrings for the current process's UID.
39  */
40 int install_user_keyrings(void)
41 {
42 	struct user_struct *user;
43 	const struct cred *cred;
44 	struct key *uid_keyring, *session_keyring;
45 	key_perm_t user_keyring_perm;
46 	char buf[20];
47 	int ret;
48 	uid_t uid;
49 
50 	user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
51 	cred = current_cred();
52 	user = cred->user;
53 	uid = from_kuid(cred->user_ns, user->uid);
54 
55 	kenter("%p{%u}", user, uid);
56 
57 	if (READ_ONCE(user->uid_keyring) && READ_ONCE(user->session_keyring)) {
58 		kleave(" = 0 [exist]");
59 		return 0;
60 	}
61 
62 	mutex_lock(&key_user_keyring_mutex);
63 	ret = 0;
64 
65 	if (!user->uid_keyring) {
66 		/* get the UID-specific keyring
67 		 * - there may be one in existence already as it may have been
68 		 *   pinned by a session, but the user_struct pointing to it
69 		 *   may have been destroyed by setuid */
70 		sprintf(buf, "_uid.%u", uid);
71 
72 		uid_keyring = find_keyring_by_name(buf, true);
73 		if (IS_ERR(uid_keyring)) {
74 			uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID,
75 						    cred, user_keyring_perm,
76 						    KEY_ALLOC_UID_KEYRING |
77 							KEY_ALLOC_IN_QUOTA,
78 						    NULL, NULL);
79 			if (IS_ERR(uid_keyring)) {
80 				ret = PTR_ERR(uid_keyring);
81 				goto error;
82 			}
83 		}
84 
85 		/* get a default session keyring (which might also exist
86 		 * already) */
87 		sprintf(buf, "_uid_ses.%u", uid);
88 
89 		session_keyring = find_keyring_by_name(buf, true);
90 		if (IS_ERR(session_keyring)) {
91 			session_keyring =
92 				keyring_alloc(buf, user->uid, INVALID_GID,
93 					      cred, user_keyring_perm,
94 					      KEY_ALLOC_UID_KEYRING |
95 						  KEY_ALLOC_IN_QUOTA,
96 					      NULL, NULL);
97 			if (IS_ERR(session_keyring)) {
98 				ret = PTR_ERR(session_keyring);
99 				goto error_release;
100 			}
101 
102 			/* we install a link from the user session keyring to
103 			 * the user keyring */
104 			ret = key_link(session_keyring, uid_keyring);
105 			if (ret < 0)
106 				goto error_release_both;
107 		}
108 
109 		/* install the keyrings */
110 		/* paired with READ_ONCE() */
111 		smp_store_release(&user->uid_keyring, uid_keyring);
112 		/* paired with READ_ONCE() */
113 		smp_store_release(&user->session_keyring, session_keyring);
114 	}
115 
116 	mutex_unlock(&key_user_keyring_mutex);
117 	kleave(" = 0");
118 	return 0;
119 
120 error_release_both:
121 	key_put(session_keyring);
122 error_release:
123 	key_put(uid_keyring);
124 error:
125 	mutex_unlock(&key_user_keyring_mutex);
126 	kleave(" = %d", ret);
127 	return ret;
128 }
129 
130 /*
131  * Install a thread keyring to the given credentials struct if it didn't have
132  * one already.  This is allowed to overrun the quota.
133  *
134  * Return: 0 if a thread keyring is now present; -errno on failure.
135  */
136 int install_thread_keyring_to_cred(struct cred *new)
137 {
138 	struct key *keyring;
139 
140 	if (new->thread_keyring)
141 		return 0;
142 
143 	keyring = keyring_alloc("_tid", new->uid, new->gid, new,
144 				KEY_POS_ALL | KEY_USR_VIEW,
145 				KEY_ALLOC_QUOTA_OVERRUN,
146 				NULL, NULL);
147 	if (IS_ERR(keyring))
148 		return PTR_ERR(keyring);
149 
150 	new->thread_keyring = keyring;
151 	return 0;
152 }
153 
154 /*
155  * Install a thread keyring to the current task if it didn't have one already.
156  *
157  * Return: 0 if a thread keyring is now present; -errno on failure.
158  */
159 static int install_thread_keyring(void)
160 {
161 	struct cred *new;
162 	int ret;
163 
164 	new = prepare_creds();
165 	if (!new)
166 		return -ENOMEM;
167 
168 	ret = install_thread_keyring_to_cred(new);
169 	if (ret < 0) {
170 		abort_creds(new);
171 		return ret;
172 	}
173 
174 	return commit_creds(new);
175 }
176 
177 /*
178  * Install a process keyring to the given credentials struct if it didn't have
179  * one already.  This is allowed to overrun the quota.
180  *
181  * Return: 0 if a process keyring is now present; -errno on failure.
182  */
183 int install_process_keyring_to_cred(struct cred *new)
184 {
185 	struct key *keyring;
186 
187 	if (new->process_keyring)
188 		return 0;
189 
190 	keyring = keyring_alloc("_pid", new->uid, new->gid, new,
191 				KEY_POS_ALL | KEY_USR_VIEW,
192 				KEY_ALLOC_QUOTA_OVERRUN,
193 				NULL, NULL);
194 	if (IS_ERR(keyring))
195 		return PTR_ERR(keyring);
196 
197 	new->process_keyring = keyring;
198 	return 0;
199 }
200 
201 /*
202  * Install a process keyring to the current task if it didn't have one already.
203  *
204  * Return: 0 if a process keyring is now present; -errno on failure.
205  */
206 static int install_process_keyring(void)
207 {
208 	struct cred *new;
209 	int ret;
210 
211 	new = prepare_creds();
212 	if (!new)
213 		return -ENOMEM;
214 
215 	ret = install_process_keyring_to_cred(new);
216 	if (ret < 0) {
217 		abort_creds(new);
218 		return ret;
219 	}
220 
221 	return commit_creds(new);
222 }
223 
224 /*
225  * Install the given keyring as the session keyring of the given credentials
226  * struct, replacing the existing one if any.  If the given keyring is NULL,
227  * then install a new anonymous session keyring.
228  * @cred can not be in use by any task yet.
229  *
230  * Return: 0 on success; -errno on failure.
231  */
232 int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
233 {
234 	unsigned long flags;
235 	struct key *old;
236 
237 	might_sleep();
238 
239 	/* create an empty session keyring */
240 	if (!keyring) {
241 		flags = KEY_ALLOC_QUOTA_OVERRUN;
242 		if (cred->session_keyring)
243 			flags = KEY_ALLOC_IN_QUOTA;
244 
245 		keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
246 					KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
247 					flags, NULL, NULL);
248 		if (IS_ERR(keyring))
249 			return PTR_ERR(keyring);
250 	} else {
251 		__key_get(keyring);
252 	}
253 
254 	/* install the keyring */
255 	old = cred->session_keyring;
256 	cred->session_keyring = keyring;
257 
258 	if (old)
259 		key_put(old);
260 
261 	return 0;
262 }
263 
264 /*
265  * Install the given keyring as the session keyring of the current task,
266  * replacing the existing one if any.  If the given keyring is NULL, then
267  * install a new anonymous session keyring.
268  *
269  * Return: 0 on success; -errno on failure.
270  */
271 static int install_session_keyring(struct key *keyring)
272 {
273 	struct cred *new;
274 	int ret;
275 
276 	new = prepare_creds();
277 	if (!new)
278 		return -ENOMEM;
279 
280 	ret = install_session_keyring_to_cred(new, keyring);
281 	if (ret < 0) {
282 		abort_creds(new);
283 		return ret;
284 	}
285 
286 	return commit_creds(new);
287 }
288 
289 /*
290  * Handle the fsuid changing.
291  */
292 void key_fsuid_changed(struct task_struct *tsk)
293 {
294 	/* update the ownership of the thread keyring */
295 	BUG_ON(!tsk->cred);
296 	if (tsk->cred->thread_keyring) {
297 		down_write(&tsk->cred->thread_keyring->sem);
298 		tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
299 		up_write(&tsk->cred->thread_keyring->sem);
300 	}
301 }
302 
303 /*
304  * Handle the fsgid changing.
305  */
306 void key_fsgid_changed(struct task_struct *tsk)
307 {
308 	/* update the ownership of the thread keyring */
309 	BUG_ON(!tsk->cred);
310 	if (tsk->cred->thread_keyring) {
311 		down_write(&tsk->cred->thread_keyring->sem);
312 		tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
313 		up_write(&tsk->cred->thread_keyring->sem);
314 	}
315 }
316 
317 /*
318  * Search the process keyrings attached to the supplied cred for the first
319  * matching key.
320  *
321  * The search criteria are the type and the match function.  The description is
322  * given to the match function as a parameter, but doesn't otherwise influence
323  * the search.  Typically the match function will compare the description
324  * parameter to the key's description.
325  *
326  * This can only search keyrings that grant Search permission to the supplied
327  * credentials.  Keyrings linked to searched keyrings will also be searched if
328  * they grant Search permission too.  Keys can only be found if they grant
329  * Search permission to the credentials.
330  *
331  * Returns a pointer to the key with the key usage count incremented if
332  * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
333  * matched negative keys.
334  *
335  * In the case of a successful return, the possession attribute is set on the
336  * returned key reference.
337  */
338 key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
339 {
340 	key_ref_t key_ref, ret, err;
341 	const struct cred *cred = ctx->cred;
342 
343 	/* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
344 	 * searchable, but we failed to find a key or we found a negative key;
345 	 * otherwise we want to return a sample error (probably -EACCES) if
346 	 * none of the keyrings were searchable
347 	 *
348 	 * in terms of priority: success > -ENOKEY > -EAGAIN > other error
349 	 */
350 	key_ref = NULL;
351 	ret = NULL;
352 	err = ERR_PTR(-EAGAIN);
353 
354 	/* search the thread keyring first */
355 	if (cred->thread_keyring) {
356 		key_ref = keyring_search_aux(
357 			make_key_ref(cred->thread_keyring, 1), ctx);
358 		if (!IS_ERR(key_ref))
359 			goto found;
360 
361 		switch (PTR_ERR(key_ref)) {
362 		case -EAGAIN: /* no key */
363 		case -ENOKEY: /* negative key */
364 			ret = key_ref;
365 			break;
366 		default:
367 			err = key_ref;
368 			break;
369 		}
370 	}
371 
372 	/* search the process keyring second */
373 	if (cred->process_keyring) {
374 		key_ref = keyring_search_aux(
375 			make_key_ref(cred->process_keyring, 1), ctx);
376 		if (!IS_ERR(key_ref))
377 			goto found;
378 
379 		switch (PTR_ERR(key_ref)) {
380 		case -EAGAIN: /* no key */
381 			if (ret)
382 				break;
383 			/* fall through */
384 		case -ENOKEY: /* negative key */
385 			ret = key_ref;
386 			break;
387 		default:
388 			err = key_ref;
389 			break;
390 		}
391 	}
392 
393 	/* search the session keyring */
394 	if (cred->session_keyring) {
395 		key_ref = keyring_search_aux(
396 			make_key_ref(cred->session_keyring, 1), ctx);
397 
398 		if (!IS_ERR(key_ref))
399 			goto found;
400 
401 		switch (PTR_ERR(key_ref)) {
402 		case -EAGAIN: /* no key */
403 			if (ret)
404 				break;
405 			/* fall through */
406 		case -ENOKEY: /* negative key */
407 			ret = key_ref;
408 			break;
409 		default:
410 			err = key_ref;
411 			break;
412 		}
413 	}
414 	/* or search the user-session keyring */
415 	else if (READ_ONCE(cred->user->session_keyring)) {
416 		key_ref = keyring_search_aux(
417 			make_key_ref(READ_ONCE(cred->user->session_keyring), 1),
418 			ctx);
419 		if (!IS_ERR(key_ref))
420 			goto found;
421 
422 		switch (PTR_ERR(key_ref)) {
423 		case -EAGAIN: /* no key */
424 			if (ret)
425 				break;
426 			/* fall through */
427 		case -ENOKEY: /* negative key */
428 			ret = key_ref;
429 			break;
430 		default:
431 			err = key_ref;
432 			break;
433 		}
434 	}
435 
436 	/* no key - decide on the error we're going to go for */
437 	key_ref = ret ? ret : err;
438 
439 found:
440 	return key_ref;
441 }
442 
443 /*
444  * Search the process keyrings attached to the supplied cred for the first
445  * matching key in the manner of search_my_process_keyrings(), but also search
446  * the keys attached to the assumed authorisation key using its credentials if
447  * one is available.
448  *
449  * Return same as search_my_process_keyrings().
450  */
451 key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
452 {
453 	struct request_key_auth *rka;
454 	key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
455 
456 	might_sleep();
457 
458 	key_ref = search_my_process_keyrings(ctx);
459 	if (!IS_ERR(key_ref))
460 		goto found;
461 	err = key_ref;
462 
463 	/* if this process has an instantiation authorisation key, then we also
464 	 * search the keyrings of the process mentioned there
465 	 * - we don't permit access to request_key auth keys via this method
466 	 */
467 	if (ctx->cred->request_key_auth &&
468 	    ctx->cred == current_cred() &&
469 	    ctx->index_key.type != &key_type_request_key_auth
470 	    ) {
471 		const struct cred *cred = ctx->cred;
472 
473 		/* defend against the auth key being revoked */
474 		down_read(&cred->request_key_auth->sem);
475 
476 		if (key_validate(ctx->cred->request_key_auth) == 0) {
477 			rka = ctx->cred->request_key_auth->payload.data[0];
478 
479 			ctx->cred = rka->cred;
480 			key_ref = search_process_keyrings(ctx);
481 			ctx->cred = cred;
482 
483 			up_read(&cred->request_key_auth->sem);
484 
485 			if (!IS_ERR(key_ref))
486 				goto found;
487 
488 			ret = key_ref;
489 		} else {
490 			up_read(&cred->request_key_auth->sem);
491 		}
492 	}
493 
494 	/* no key - decide on the error we're going to go for */
495 	if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
496 		key_ref = ERR_PTR(-ENOKEY);
497 	else if (err == ERR_PTR(-EACCES))
498 		key_ref = ret;
499 	else
500 		key_ref = err;
501 
502 found:
503 	return key_ref;
504 }
505 
506 /*
507  * See if the key we're looking at is the target key.
508  */
509 bool lookup_user_key_possessed(const struct key *key,
510 			       const struct key_match_data *match_data)
511 {
512 	return key == match_data->raw_data;
513 }
514 
515 /*
516  * Look up a key ID given us by userspace with a given permissions mask to get
517  * the key it refers to.
518  *
519  * Flags can be passed to request that special keyrings be created if referred
520  * to directly, to permit partially constructed keys to be found and to skip
521  * validity and permission checks on the found key.
522  *
523  * Returns a pointer to the key with an incremented usage count if successful;
524  * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
525  * to a key or the best found key was a negative key; -EKEYREVOKED or
526  * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
527  * found key doesn't grant the requested permit or the LSM denied access to it;
528  * or -ENOMEM if a special keyring couldn't be created.
529  *
530  * In the case of a successful return, the possession attribute is set on the
531  * returned key reference.
532  */
533 key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
534 			  key_perm_t perm)
535 {
536 	struct keyring_search_context ctx = {
537 		.match_data.cmp		= lookup_user_key_possessed,
538 		.match_data.lookup_type	= KEYRING_SEARCH_LOOKUP_DIRECT,
539 		.flags			= KEYRING_SEARCH_NO_STATE_CHECK,
540 	};
541 	struct request_key_auth *rka;
542 	struct key *key;
543 	key_ref_t key_ref, skey_ref;
544 	int ret;
545 
546 try_again:
547 	ctx.cred = get_current_cred();
548 	key_ref = ERR_PTR(-ENOKEY);
549 
550 	switch (id) {
551 	case KEY_SPEC_THREAD_KEYRING:
552 		if (!ctx.cred->thread_keyring) {
553 			if (!(lflags & KEY_LOOKUP_CREATE))
554 				goto error;
555 
556 			ret = install_thread_keyring();
557 			if (ret < 0) {
558 				key_ref = ERR_PTR(ret);
559 				goto error;
560 			}
561 			goto reget_creds;
562 		}
563 
564 		key = ctx.cred->thread_keyring;
565 		__key_get(key);
566 		key_ref = make_key_ref(key, 1);
567 		break;
568 
569 	case KEY_SPEC_PROCESS_KEYRING:
570 		if (!ctx.cred->process_keyring) {
571 			if (!(lflags & KEY_LOOKUP_CREATE))
572 				goto error;
573 
574 			ret = install_process_keyring();
575 			if (ret < 0) {
576 				key_ref = ERR_PTR(ret);
577 				goto error;
578 			}
579 			goto reget_creds;
580 		}
581 
582 		key = ctx.cred->process_keyring;
583 		__key_get(key);
584 		key_ref = make_key_ref(key, 1);
585 		break;
586 
587 	case KEY_SPEC_SESSION_KEYRING:
588 		if (!ctx.cred->session_keyring) {
589 			/* always install a session keyring upon access if one
590 			 * doesn't exist yet */
591 			ret = install_user_keyrings();
592 			if (ret < 0)
593 				goto error;
594 			if (lflags & KEY_LOOKUP_CREATE)
595 				ret = join_session_keyring(NULL);
596 			else
597 				ret = install_session_keyring(
598 					ctx.cred->user->session_keyring);
599 
600 			if (ret < 0)
601 				goto error;
602 			goto reget_creds;
603 		} else if (ctx.cred->session_keyring ==
604 			   READ_ONCE(ctx.cred->user->session_keyring) &&
605 			   lflags & KEY_LOOKUP_CREATE) {
606 			ret = join_session_keyring(NULL);
607 			if (ret < 0)
608 				goto error;
609 			goto reget_creds;
610 		}
611 
612 		key = ctx.cred->session_keyring;
613 		__key_get(key);
614 		key_ref = make_key_ref(key, 1);
615 		break;
616 
617 	case KEY_SPEC_USER_KEYRING:
618 		if (!READ_ONCE(ctx.cred->user->uid_keyring)) {
619 			ret = install_user_keyrings();
620 			if (ret < 0)
621 				goto error;
622 		}
623 
624 		key = ctx.cred->user->uid_keyring;
625 		__key_get(key);
626 		key_ref = make_key_ref(key, 1);
627 		break;
628 
629 	case KEY_SPEC_USER_SESSION_KEYRING:
630 		if (!READ_ONCE(ctx.cred->user->session_keyring)) {
631 			ret = install_user_keyrings();
632 			if (ret < 0)
633 				goto error;
634 		}
635 
636 		key = ctx.cred->user->session_keyring;
637 		__key_get(key);
638 		key_ref = make_key_ref(key, 1);
639 		break;
640 
641 	case KEY_SPEC_GROUP_KEYRING:
642 		/* group keyrings are not yet supported */
643 		key_ref = ERR_PTR(-EINVAL);
644 		goto error;
645 
646 	case KEY_SPEC_REQKEY_AUTH_KEY:
647 		key = ctx.cred->request_key_auth;
648 		if (!key)
649 			goto error;
650 
651 		__key_get(key);
652 		key_ref = make_key_ref(key, 1);
653 		break;
654 
655 	case KEY_SPEC_REQUESTOR_KEYRING:
656 		if (!ctx.cred->request_key_auth)
657 			goto error;
658 
659 		down_read(&ctx.cred->request_key_auth->sem);
660 		if (test_bit(KEY_FLAG_REVOKED,
661 			     &ctx.cred->request_key_auth->flags)) {
662 			key_ref = ERR_PTR(-EKEYREVOKED);
663 			key = NULL;
664 		} else {
665 			rka = ctx.cred->request_key_auth->payload.data[0];
666 			key = rka->dest_keyring;
667 			__key_get(key);
668 		}
669 		up_read(&ctx.cred->request_key_auth->sem);
670 		if (!key)
671 			goto error;
672 		key_ref = make_key_ref(key, 1);
673 		break;
674 
675 	default:
676 		key_ref = ERR_PTR(-EINVAL);
677 		if (id < 1)
678 			goto error;
679 
680 		key = key_lookup(id);
681 		if (IS_ERR(key)) {
682 			key_ref = ERR_CAST(key);
683 			goto error;
684 		}
685 
686 		key_ref = make_key_ref(key, 0);
687 
688 		/* check to see if we possess the key */
689 		ctx.index_key.type		= key->type;
690 		ctx.index_key.description	= key->description;
691 		ctx.index_key.desc_len		= strlen(key->description);
692 		ctx.match_data.raw_data		= key;
693 		kdebug("check possessed");
694 		skey_ref = search_process_keyrings(&ctx);
695 		kdebug("possessed=%p", skey_ref);
696 
697 		if (!IS_ERR(skey_ref)) {
698 			key_put(key);
699 			key_ref = skey_ref;
700 		}
701 
702 		break;
703 	}
704 
705 	/* unlink does not use the nominated key in any way, so can skip all
706 	 * the permission checks as it is only concerned with the keyring */
707 	if (lflags & KEY_LOOKUP_FOR_UNLINK) {
708 		ret = 0;
709 		goto error;
710 	}
711 
712 	if (!(lflags & KEY_LOOKUP_PARTIAL)) {
713 		ret = wait_for_key_construction(key, true);
714 		switch (ret) {
715 		case -ERESTARTSYS:
716 			goto invalid_key;
717 		default:
718 			if (perm)
719 				goto invalid_key;
720 		case 0:
721 			break;
722 		}
723 	} else if (perm) {
724 		ret = key_validate(key);
725 		if (ret < 0)
726 			goto invalid_key;
727 	}
728 
729 	ret = -EIO;
730 	if (!(lflags & KEY_LOOKUP_PARTIAL) &&
731 	    key_read_state(key) == KEY_IS_UNINSTANTIATED)
732 		goto invalid_key;
733 
734 	/* check the permissions */
735 	ret = key_task_permission(key_ref, ctx.cred, perm);
736 	if (ret < 0)
737 		goto invalid_key;
738 
739 	key->last_used_at = ktime_get_real_seconds();
740 
741 error:
742 	put_cred(ctx.cred);
743 	return key_ref;
744 
745 invalid_key:
746 	key_ref_put(key_ref);
747 	key_ref = ERR_PTR(ret);
748 	goto error;
749 
750 	/* if we attempted to install a keyring, then it may have caused new
751 	 * creds to be installed */
752 reget_creds:
753 	put_cred(ctx.cred);
754 	goto try_again;
755 }
756 EXPORT_SYMBOL(lookup_user_key);
757 
758 /*
759  * Join the named keyring as the session keyring if possible else attempt to
760  * create a new one of that name and join that.
761  *
762  * If the name is NULL, an empty anonymous keyring will be installed as the
763  * session keyring.
764  *
765  * Named session keyrings are joined with a semaphore held to prevent the
766  * keyrings from going away whilst the attempt is made to going them and also
767  * to prevent a race in creating compatible session keyrings.
768  */
769 long join_session_keyring(const char *name)
770 {
771 	const struct cred *old;
772 	struct cred *new;
773 	struct key *keyring;
774 	long ret, serial;
775 
776 	new = prepare_creds();
777 	if (!new)
778 		return -ENOMEM;
779 	old = current_cred();
780 
781 	/* if no name is provided, install an anonymous keyring */
782 	if (!name) {
783 		ret = install_session_keyring_to_cred(new, NULL);
784 		if (ret < 0)
785 			goto error;
786 
787 		serial = new->session_keyring->serial;
788 		ret = commit_creds(new);
789 		if (ret == 0)
790 			ret = serial;
791 		goto okay;
792 	}
793 
794 	/* allow the user to join or create a named keyring */
795 	mutex_lock(&key_session_mutex);
796 
797 	/* look for an existing keyring of this name */
798 	keyring = find_keyring_by_name(name, false);
799 	if (PTR_ERR(keyring) == -ENOKEY) {
800 		/* not found - try and create a new one */
801 		keyring = keyring_alloc(
802 			name, old->uid, old->gid, old,
803 			KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
804 			KEY_ALLOC_IN_QUOTA, NULL, NULL);
805 		if (IS_ERR(keyring)) {
806 			ret = PTR_ERR(keyring);
807 			goto error2;
808 		}
809 	} else if (IS_ERR(keyring)) {
810 		ret = PTR_ERR(keyring);
811 		goto error2;
812 	} else if (keyring == new->session_keyring) {
813 		ret = 0;
814 		goto error3;
815 	}
816 
817 	/* we've got a keyring - now to install it */
818 	ret = install_session_keyring_to_cred(new, keyring);
819 	if (ret < 0)
820 		goto error3;
821 
822 	commit_creds(new);
823 	mutex_unlock(&key_session_mutex);
824 
825 	ret = keyring->serial;
826 	key_put(keyring);
827 okay:
828 	return ret;
829 
830 error3:
831 	key_put(keyring);
832 error2:
833 	mutex_unlock(&key_session_mutex);
834 error:
835 	abort_creds(new);
836 	return ret;
837 }
838 
839 /*
840  * Replace a process's session keyring on behalf of one of its children when
841  * the target  process is about to resume userspace execution.
842  */
843 void key_change_session_keyring(struct callback_head *twork)
844 {
845 	const struct cred *old = current_cred();
846 	struct cred *new = container_of(twork, struct cred, rcu);
847 
848 	if (unlikely(current->flags & PF_EXITING)) {
849 		put_cred(new);
850 		return;
851 	}
852 
853 	new->  uid	= old->  uid;
854 	new-> euid	= old-> euid;
855 	new-> suid	= old-> suid;
856 	new->fsuid	= old->fsuid;
857 	new->  gid	= old->  gid;
858 	new-> egid	= old-> egid;
859 	new-> sgid	= old-> sgid;
860 	new->fsgid	= old->fsgid;
861 	new->user	= get_uid(old->user);
862 	new->user_ns	= get_user_ns(old->user_ns);
863 	new->group_info	= get_group_info(old->group_info);
864 
865 	new->securebits	= old->securebits;
866 	new->cap_inheritable	= old->cap_inheritable;
867 	new->cap_permitted	= old->cap_permitted;
868 	new->cap_effective	= old->cap_effective;
869 	new->cap_ambient	= old->cap_ambient;
870 	new->cap_bset		= old->cap_bset;
871 
872 	new->jit_keyring	= old->jit_keyring;
873 	new->thread_keyring	= key_get(old->thread_keyring);
874 	new->process_keyring	= key_get(old->process_keyring);
875 
876 	security_transfer_creds(new, old);
877 
878 	commit_creds(new);
879 }
880 
881 /*
882  * Make sure that root's user and user-session keyrings exist.
883  */
884 static int __init init_root_keyring(void)
885 {
886 	return install_user_keyrings();
887 }
888 
889 late_initcall(init_root_keyring);
890