xref: /openbmc/linux/security/keys/process_keys.c (revision e23feb16)
1 /* Manage a process's keyrings
2  *
3  * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11 
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
15 #include <linux/keyctl.h>
16 #include <linux/fs.h>
17 #include <linux/err.h>
18 #include <linux/mutex.h>
19 #include <linux/security.h>
20 #include <linux/user_namespace.h>
21 #include <asm/uaccess.h>
22 #include "internal.h"
23 
24 /* Session keyring create vs join semaphore */
25 static DEFINE_MUTEX(key_session_mutex);
26 
27 /* User keyring creation semaphore */
28 static DEFINE_MUTEX(key_user_keyring_mutex);
29 
30 /* The root user's tracking struct */
31 struct key_user root_key_user = {
32 	.usage		= ATOMIC_INIT(3),
33 	.cons_lock	= __MUTEX_INITIALIZER(root_key_user.cons_lock),
34 	.lock		= __SPIN_LOCK_UNLOCKED(root_key_user.lock),
35 	.nkeys		= ATOMIC_INIT(2),
36 	.nikeys		= ATOMIC_INIT(2),
37 	.uid		= GLOBAL_ROOT_UID,
38 };
39 
40 /*
41  * Install the user and user session keyrings for the current process's UID.
42  */
43 int install_user_keyrings(void)
44 {
45 	struct user_struct *user;
46 	const struct cred *cred;
47 	struct key *uid_keyring, *session_keyring;
48 	key_perm_t user_keyring_perm;
49 	char buf[20];
50 	int ret;
51 	uid_t uid;
52 
53 	user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
54 	cred = current_cred();
55 	user = cred->user;
56 	uid = from_kuid(cred->user_ns, user->uid);
57 
58 	kenter("%p{%u}", user, uid);
59 
60 	if (user->uid_keyring && user->session_keyring) {
61 		kleave(" = 0 [exist]");
62 		return 0;
63 	}
64 
65 	mutex_lock(&key_user_keyring_mutex);
66 	ret = 0;
67 
68 	if (!user->uid_keyring) {
69 		/* get the UID-specific keyring
70 		 * - there may be one in existence already as it may have been
71 		 *   pinned by a session, but the user_struct pointing to it
72 		 *   may have been destroyed by setuid */
73 		sprintf(buf, "_uid.%u", uid);
74 
75 		uid_keyring = find_keyring_by_name(buf, true);
76 		if (IS_ERR(uid_keyring)) {
77 			uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID,
78 						    cred, user_keyring_perm,
79 						    KEY_ALLOC_IN_QUOTA, NULL);
80 			if (IS_ERR(uid_keyring)) {
81 				ret = PTR_ERR(uid_keyring);
82 				goto error;
83 			}
84 		}
85 
86 		/* get a default session keyring (which might also exist
87 		 * already) */
88 		sprintf(buf, "_uid_ses.%u", uid);
89 
90 		session_keyring = find_keyring_by_name(buf, true);
91 		if (IS_ERR(session_keyring)) {
92 			session_keyring =
93 				keyring_alloc(buf, user->uid, INVALID_GID,
94 					      cred, user_keyring_perm,
95 					      KEY_ALLOC_IN_QUOTA, NULL);
96 			if (IS_ERR(session_keyring)) {
97 				ret = PTR_ERR(session_keyring);
98 				goto error_release;
99 			}
100 
101 			/* we install a link from the user session keyring to
102 			 * the user keyring */
103 			ret = key_link(session_keyring, uid_keyring);
104 			if (ret < 0)
105 				goto error_release_both;
106 		}
107 
108 		/* install the keyrings */
109 		user->uid_keyring = uid_keyring;
110 		user->session_keyring = session_keyring;
111 	}
112 
113 	mutex_unlock(&key_user_keyring_mutex);
114 	kleave(" = 0");
115 	return 0;
116 
117 error_release_both:
118 	key_put(session_keyring);
119 error_release:
120 	key_put(uid_keyring);
121 error:
122 	mutex_unlock(&key_user_keyring_mutex);
123 	kleave(" = %d", ret);
124 	return ret;
125 }
126 
127 /*
128  * Install a fresh thread keyring directly to new credentials.  This keyring is
129  * allowed to overrun the quota.
130  */
131 int install_thread_keyring_to_cred(struct cred *new)
132 {
133 	struct key *keyring;
134 
135 	keyring = keyring_alloc("_tid", new->uid, new->gid, new,
136 				KEY_POS_ALL | KEY_USR_VIEW,
137 				KEY_ALLOC_QUOTA_OVERRUN, NULL);
138 	if (IS_ERR(keyring))
139 		return PTR_ERR(keyring);
140 
141 	new->thread_keyring = keyring;
142 	return 0;
143 }
144 
145 /*
146  * Install a fresh thread keyring, discarding the old one.
147  */
148 static int install_thread_keyring(void)
149 {
150 	struct cred *new;
151 	int ret;
152 
153 	new = prepare_creds();
154 	if (!new)
155 		return -ENOMEM;
156 
157 	BUG_ON(new->thread_keyring);
158 
159 	ret = install_thread_keyring_to_cred(new);
160 	if (ret < 0) {
161 		abort_creds(new);
162 		return ret;
163 	}
164 
165 	return commit_creds(new);
166 }
167 
168 /*
169  * Install a process keyring directly to a credentials struct.
170  *
171  * Returns -EEXIST if there was already a process keyring, 0 if one installed,
172  * and other value on any other error
173  */
174 int install_process_keyring_to_cred(struct cred *new)
175 {
176 	struct key *keyring;
177 
178 	if (new->process_keyring)
179 		return -EEXIST;
180 
181 	keyring = keyring_alloc("_pid", new->uid, new->gid, new,
182 				KEY_POS_ALL | KEY_USR_VIEW,
183 				KEY_ALLOC_QUOTA_OVERRUN, NULL);
184 	if (IS_ERR(keyring))
185 		return PTR_ERR(keyring);
186 
187 	new->process_keyring = keyring;
188 	return 0;
189 }
190 
191 /*
192  * Make sure a process keyring is installed for the current process.  The
193  * existing process keyring is not replaced.
194  *
195  * Returns 0 if there is a process keyring by the end of this function, some
196  * error otherwise.
197  */
198 static int install_process_keyring(void)
199 {
200 	struct cred *new;
201 	int ret;
202 
203 	new = prepare_creds();
204 	if (!new)
205 		return -ENOMEM;
206 
207 	ret = install_process_keyring_to_cred(new);
208 	if (ret < 0) {
209 		abort_creds(new);
210 		return ret != -EEXIST ? ret : 0;
211 	}
212 
213 	return commit_creds(new);
214 }
215 
216 /*
217  * Install a session keyring directly to a credentials struct.
218  */
219 int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
220 {
221 	unsigned long flags;
222 	struct key *old;
223 
224 	might_sleep();
225 
226 	/* create an empty session keyring */
227 	if (!keyring) {
228 		flags = KEY_ALLOC_QUOTA_OVERRUN;
229 		if (cred->session_keyring)
230 			flags = KEY_ALLOC_IN_QUOTA;
231 
232 		keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
233 					KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
234 					flags, NULL);
235 		if (IS_ERR(keyring))
236 			return PTR_ERR(keyring);
237 	} else {
238 		atomic_inc(&keyring->usage);
239 	}
240 
241 	/* install the keyring */
242 	old = cred->session_keyring;
243 	rcu_assign_pointer(cred->session_keyring, keyring);
244 
245 	if (old)
246 		key_put(old);
247 
248 	return 0;
249 }
250 
251 /*
252  * Install a session keyring, discarding the old one.  If a keyring is not
253  * supplied, an empty one is invented.
254  */
255 static int install_session_keyring(struct key *keyring)
256 {
257 	struct cred *new;
258 	int ret;
259 
260 	new = prepare_creds();
261 	if (!new)
262 		return -ENOMEM;
263 
264 	ret = install_session_keyring_to_cred(new, keyring);
265 	if (ret < 0) {
266 		abort_creds(new);
267 		return ret;
268 	}
269 
270 	return commit_creds(new);
271 }
272 
273 /*
274  * Handle the fsuid changing.
275  */
276 void key_fsuid_changed(struct task_struct *tsk)
277 {
278 	/* update the ownership of the thread keyring */
279 	BUG_ON(!tsk->cred);
280 	if (tsk->cred->thread_keyring) {
281 		down_write(&tsk->cred->thread_keyring->sem);
282 		tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
283 		up_write(&tsk->cred->thread_keyring->sem);
284 	}
285 }
286 
287 /*
288  * Handle the fsgid changing.
289  */
290 void key_fsgid_changed(struct task_struct *tsk)
291 {
292 	/* update the ownership of the thread keyring */
293 	BUG_ON(!tsk->cred);
294 	if (tsk->cred->thread_keyring) {
295 		down_write(&tsk->cred->thread_keyring->sem);
296 		tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
297 		up_write(&tsk->cred->thread_keyring->sem);
298 	}
299 }
300 
301 /*
302  * Search the process keyrings attached to the supplied cred for the first
303  * matching key.
304  *
305  * The search criteria are the type and the match function.  The description is
306  * given to the match function as a parameter, but doesn't otherwise influence
307  * the search.  Typically the match function will compare the description
308  * parameter to the key's description.
309  *
310  * This can only search keyrings that grant Search permission to the supplied
311  * credentials.  Keyrings linked to searched keyrings will also be searched if
312  * they grant Search permission too.  Keys can only be found if they grant
313  * Search permission to the credentials.
314  *
315  * Returns a pointer to the key with the key usage count incremented if
316  * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
317  * matched negative keys.
318  *
319  * In the case of a successful return, the possession attribute is set on the
320  * returned key reference.
321  */
322 key_ref_t search_my_process_keyrings(struct key_type *type,
323 				     const void *description,
324 				     key_match_func_t match,
325 				     bool no_state_check,
326 				     const struct cred *cred)
327 {
328 	key_ref_t key_ref, ret, err;
329 
330 	/* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
331 	 * searchable, but we failed to find a key or we found a negative key;
332 	 * otherwise we want to return a sample error (probably -EACCES) if
333 	 * none of the keyrings were searchable
334 	 *
335 	 * in terms of priority: success > -ENOKEY > -EAGAIN > other error
336 	 */
337 	key_ref = NULL;
338 	ret = NULL;
339 	err = ERR_PTR(-EAGAIN);
340 
341 	/* search the thread keyring first */
342 	if (cred->thread_keyring) {
343 		key_ref = keyring_search_aux(
344 			make_key_ref(cred->thread_keyring, 1),
345 			cred, type, description, match, no_state_check);
346 		if (!IS_ERR(key_ref))
347 			goto found;
348 
349 		switch (PTR_ERR(key_ref)) {
350 		case -EAGAIN: /* no key */
351 		case -ENOKEY: /* negative key */
352 			ret = key_ref;
353 			break;
354 		default:
355 			err = key_ref;
356 			break;
357 		}
358 	}
359 
360 	/* search the process keyring second */
361 	if (cred->process_keyring) {
362 		key_ref = keyring_search_aux(
363 			make_key_ref(cred->process_keyring, 1),
364 			cred, type, description, match, no_state_check);
365 		if (!IS_ERR(key_ref))
366 			goto found;
367 
368 		switch (PTR_ERR(key_ref)) {
369 		case -EAGAIN: /* no key */
370 			if (ret)
371 				break;
372 		case -ENOKEY: /* negative key */
373 			ret = key_ref;
374 			break;
375 		default:
376 			err = key_ref;
377 			break;
378 		}
379 	}
380 
381 	/* search the session keyring */
382 	if (cred->session_keyring) {
383 		rcu_read_lock();
384 		key_ref = keyring_search_aux(
385 			make_key_ref(rcu_dereference(cred->session_keyring), 1),
386 			cred, type, description, match, no_state_check);
387 		rcu_read_unlock();
388 
389 		if (!IS_ERR(key_ref))
390 			goto found;
391 
392 		switch (PTR_ERR(key_ref)) {
393 		case -EAGAIN: /* no key */
394 			if (ret)
395 				break;
396 		case -ENOKEY: /* negative key */
397 			ret = key_ref;
398 			break;
399 		default:
400 			err = key_ref;
401 			break;
402 		}
403 	}
404 	/* or search the user-session keyring */
405 	else if (cred->user->session_keyring) {
406 		key_ref = keyring_search_aux(
407 			make_key_ref(cred->user->session_keyring, 1),
408 			cred, type, description, match, no_state_check);
409 		if (!IS_ERR(key_ref))
410 			goto found;
411 
412 		switch (PTR_ERR(key_ref)) {
413 		case -EAGAIN: /* no key */
414 			if (ret)
415 				break;
416 		case -ENOKEY: /* negative key */
417 			ret = key_ref;
418 			break;
419 		default:
420 			err = key_ref;
421 			break;
422 		}
423 	}
424 
425 	/* no key - decide on the error we're going to go for */
426 	key_ref = ret ? ret : err;
427 
428 found:
429 	return key_ref;
430 }
431 
432 /*
433  * Search the process keyrings attached to the supplied cred for the first
434  * matching key in the manner of search_my_process_keyrings(), but also search
435  * the keys attached to the assumed authorisation key using its credentials if
436  * one is available.
437  *
438  * Return same as search_my_process_keyrings().
439  */
440 key_ref_t search_process_keyrings(struct key_type *type,
441 				  const void *description,
442 				  key_match_func_t match,
443 				  const struct cred *cred)
444 {
445 	struct request_key_auth *rka;
446 	key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
447 
448 	might_sleep();
449 
450 	key_ref = search_my_process_keyrings(type, description, match,
451 					     false, cred);
452 	if (!IS_ERR(key_ref))
453 		goto found;
454 	err = key_ref;
455 
456 	/* if this process has an instantiation authorisation key, then we also
457 	 * search the keyrings of the process mentioned there
458 	 * - we don't permit access to request_key auth keys via this method
459 	 */
460 	if (cred->request_key_auth &&
461 	    cred == current_cred() &&
462 	    type != &key_type_request_key_auth
463 	    ) {
464 		/* defend against the auth key being revoked */
465 		down_read(&cred->request_key_auth->sem);
466 
467 		if (key_validate(cred->request_key_auth) == 0) {
468 			rka = cred->request_key_auth->payload.data;
469 
470 			key_ref = search_process_keyrings(type, description,
471 							  match, rka->cred);
472 
473 			up_read(&cred->request_key_auth->sem);
474 
475 			if (!IS_ERR(key_ref))
476 				goto found;
477 
478 			ret = key_ref;
479 		} else {
480 			up_read(&cred->request_key_auth->sem);
481 		}
482 	}
483 
484 	/* no key - decide on the error we're going to go for */
485 	if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
486 		key_ref = ERR_PTR(-ENOKEY);
487 	else if (err == ERR_PTR(-EACCES))
488 		key_ref = ret;
489 	else
490 		key_ref = err;
491 
492 found:
493 	return key_ref;
494 }
495 
496 /*
497  * See if the key we're looking at is the target key.
498  */
499 int lookup_user_key_possessed(const struct key *key, const void *target)
500 {
501 	return key == target;
502 }
503 
504 /*
505  * Look up a key ID given us by userspace with a given permissions mask to get
506  * the key it refers to.
507  *
508  * Flags can be passed to request that special keyrings be created if referred
509  * to directly, to permit partially constructed keys to be found and to skip
510  * validity and permission checks on the found key.
511  *
512  * Returns a pointer to the key with an incremented usage count if successful;
513  * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
514  * to a key or the best found key was a negative key; -EKEYREVOKED or
515  * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
516  * found key doesn't grant the requested permit or the LSM denied access to it;
517  * or -ENOMEM if a special keyring couldn't be created.
518  *
519  * In the case of a successful return, the possession attribute is set on the
520  * returned key reference.
521  */
522 key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
523 			  key_perm_t perm)
524 {
525 	struct request_key_auth *rka;
526 	const struct cred *cred;
527 	struct key *key;
528 	key_ref_t key_ref, skey_ref;
529 	int ret;
530 
531 try_again:
532 	cred = get_current_cred();
533 	key_ref = ERR_PTR(-ENOKEY);
534 
535 	switch (id) {
536 	case KEY_SPEC_THREAD_KEYRING:
537 		if (!cred->thread_keyring) {
538 			if (!(lflags & KEY_LOOKUP_CREATE))
539 				goto error;
540 
541 			ret = install_thread_keyring();
542 			if (ret < 0) {
543 				key_ref = ERR_PTR(ret);
544 				goto error;
545 			}
546 			goto reget_creds;
547 		}
548 
549 		key = cred->thread_keyring;
550 		atomic_inc(&key->usage);
551 		key_ref = make_key_ref(key, 1);
552 		break;
553 
554 	case KEY_SPEC_PROCESS_KEYRING:
555 		if (!cred->process_keyring) {
556 			if (!(lflags & KEY_LOOKUP_CREATE))
557 				goto error;
558 
559 			ret = install_process_keyring();
560 			if (ret < 0) {
561 				key_ref = ERR_PTR(ret);
562 				goto error;
563 			}
564 			goto reget_creds;
565 		}
566 
567 		key = cred->process_keyring;
568 		atomic_inc(&key->usage);
569 		key_ref = make_key_ref(key, 1);
570 		break;
571 
572 	case KEY_SPEC_SESSION_KEYRING:
573 		if (!cred->session_keyring) {
574 			/* always install a session keyring upon access if one
575 			 * doesn't exist yet */
576 			ret = install_user_keyrings();
577 			if (ret < 0)
578 				goto error;
579 			if (lflags & KEY_LOOKUP_CREATE)
580 				ret = join_session_keyring(NULL);
581 			else
582 				ret = install_session_keyring(
583 					cred->user->session_keyring);
584 
585 			if (ret < 0)
586 				goto error;
587 			goto reget_creds;
588 		} else if (cred->session_keyring ==
589 			   cred->user->session_keyring &&
590 			   lflags & KEY_LOOKUP_CREATE) {
591 			ret = join_session_keyring(NULL);
592 			if (ret < 0)
593 				goto error;
594 			goto reget_creds;
595 		}
596 
597 		rcu_read_lock();
598 		key = rcu_dereference(cred->session_keyring);
599 		atomic_inc(&key->usage);
600 		rcu_read_unlock();
601 		key_ref = make_key_ref(key, 1);
602 		break;
603 
604 	case KEY_SPEC_USER_KEYRING:
605 		if (!cred->user->uid_keyring) {
606 			ret = install_user_keyrings();
607 			if (ret < 0)
608 				goto error;
609 		}
610 
611 		key = cred->user->uid_keyring;
612 		atomic_inc(&key->usage);
613 		key_ref = make_key_ref(key, 1);
614 		break;
615 
616 	case KEY_SPEC_USER_SESSION_KEYRING:
617 		if (!cred->user->session_keyring) {
618 			ret = install_user_keyrings();
619 			if (ret < 0)
620 				goto error;
621 		}
622 
623 		key = cred->user->session_keyring;
624 		atomic_inc(&key->usage);
625 		key_ref = make_key_ref(key, 1);
626 		break;
627 
628 	case KEY_SPEC_GROUP_KEYRING:
629 		/* group keyrings are not yet supported */
630 		key_ref = ERR_PTR(-EINVAL);
631 		goto error;
632 
633 	case KEY_SPEC_REQKEY_AUTH_KEY:
634 		key = cred->request_key_auth;
635 		if (!key)
636 			goto error;
637 
638 		atomic_inc(&key->usage);
639 		key_ref = make_key_ref(key, 1);
640 		break;
641 
642 	case KEY_SPEC_REQUESTOR_KEYRING:
643 		if (!cred->request_key_auth)
644 			goto error;
645 
646 		down_read(&cred->request_key_auth->sem);
647 		if (test_bit(KEY_FLAG_REVOKED,
648 			     &cred->request_key_auth->flags)) {
649 			key_ref = ERR_PTR(-EKEYREVOKED);
650 			key = NULL;
651 		} else {
652 			rka = cred->request_key_auth->payload.data;
653 			key = rka->dest_keyring;
654 			atomic_inc(&key->usage);
655 		}
656 		up_read(&cred->request_key_auth->sem);
657 		if (!key)
658 			goto error;
659 		key_ref = make_key_ref(key, 1);
660 		break;
661 
662 	default:
663 		key_ref = ERR_PTR(-EINVAL);
664 		if (id < 1)
665 			goto error;
666 
667 		key = key_lookup(id);
668 		if (IS_ERR(key)) {
669 			key_ref = ERR_CAST(key);
670 			goto error;
671 		}
672 
673 		key_ref = make_key_ref(key, 0);
674 
675 		/* check to see if we possess the key */
676 		skey_ref = search_process_keyrings(key->type, key,
677 						   lookup_user_key_possessed,
678 						   cred);
679 
680 		if (!IS_ERR(skey_ref)) {
681 			key_put(key);
682 			key_ref = skey_ref;
683 		}
684 
685 		break;
686 	}
687 
688 	/* unlink does not use the nominated key in any way, so can skip all
689 	 * the permission checks as it is only concerned with the keyring */
690 	if (lflags & KEY_LOOKUP_FOR_UNLINK) {
691 		ret = 0;
692 		goto error;
693 	}
694 
695 	if (!(lflags & KEY_LOOKUP_PARTIAL)) {
696 		ret = wait_for_key_construction(key, true);
697 		switch (ret) {
698 		case -ERESTARTSYS:
699 			goto invalid_key;
700 		default:
701 			if (perm)
702 				goto invalid_key;
703 		case 0:
704 			break;
705 		}
706 	} else if (perm) {
707 		ret = key_validate(key);
708 		if (ret < 0)
709 			goto invalid_key;
710 	}
711 
712 	ret = -EIO;
713 	if (!(lflags & KEY_LOOKUP_PARTIAL) &&
714 	    !test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
715 		goto invalid_key;
716 
717 	/* check the permissions */
718 	ret = key_task_permission(key_ref, cred, perm);
719 	if (ret < 0)
720 		goto invalid_key;
721 
722 	key->last_used_at = current_kernel_time().tv_sec;
723 
724 error:
725 	put_cred(cred);
726 	return key_ref;
727 
728 invalid_key:
729 	key_ref_put(key_ref);
730 	key_ref = ERR_PTR(ret);
731 	goto error;
732 
733 	/* if we attempted to install a keyring, then it may have caused new
734 	 * creds to be installed */
735 reget_creds:
736 	put_cred(cred);
737 	goto try_again;
738 }
739 
740 /*
741  * Join the named keyring as the session keyring if possible else attempt to
742  * create a new one of that name and join that.
743  *
744  * If the name is NULL, an empty anonymous keyring will be installed as the
745  * session keyring.
746  *
747  * Named session keyrings are joined with a semaphore held to prevent the
748  * keyrings from going away whilst the attempt is made to going them and also
749  * to prevent a race in creating compatible session keyrings.
750  */
751 long join_session_keyring(const char *name)
752 {
753 	const struct cred *old;
754 	struct cred *new;
755 	struct key *keyring;
756 	long ret, serial;
757 
758 	new = prepare_creds();
759 	if (!new)
760 		return -ENOMEM;
761 	old = current_cred();
762 
763 	/* if no name is provided, install an anonymous keyring */
764 	if (!name) {
765 		ret = install_session_keyring_to_cred(new, NULL);
766 		if (ret < 0)
767 			goto error;
768 
769 		serial = new->session_keyring->serial;
770 		ret = commit_creds(new);
771 		if (ret == 0)
772 			ret = serial;
773 		goto okay;
774 	}
775 
776 	/* allow the user to join or create a named keyring */
777 	mutex_lock(&key_session_mutex);
778 
779 	/* look for an existing keyring of this name */
780 	keyring = find_keyring_by_name(name, false);
781 	if (PTR_ERR(keyring) == -ENOKEY) {
782 		/* not found - try and create a new one */
783 		keyring = keyring_alloc(
784 			name, old->uid, old->gid, old,
785 			KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
786 			KEY_ALLOC_IN_QUOTA, NULL);
787 		if (IS_ERR(keyring)) {
788 			ret = PTR_ERR(keyring);
789 			goto error2;
790 		}
791 	} else if (IS_ERR(keyring)) {
792 		ret = PTR_ERR(keyring);
793 		goto error2;
794 	} else if (keyring == new->session_keyring) {
795 		ret = 0;
796 		goto error2;
797 	}
798 
799 	/* we've got a keyring - now to install it */
800 	ret = install_session_keyring_to_cred(new, keyring);
801 	if (ret < 0)
802 		goto error2;
803 
804 	commit_creds(new);
805 	mutex_unlock(&key_session_mutex);
806 
807 	ret = keyring->serial;
808 	key_put(keyring);
809 okay:
810 	return ret;
811 
812 error2:
813 	mutex_unlock(&key_session_mutex);
814 error:
815 	abort_creds(new);
816 	return ret;
817 }
818 
819 /*
820  * Replace a process's session keyring on behalf of one of its children when
821  * the target  process is about to resume userspace execution.
822  */
823 void key_change_session_keyring(struct callback_head *twork)
824 {
825 	const struct cred *old = current_cred();
826 	struct cred *new = container_of(twork, struct cred, rcu);
827 
828 	if (unlikely(current->flags & PF_EXITING)) {
829 		put_cred(new);
830 		return;
831 	}
832 
833 	new->  uid	= old->  uid;
834 	new-> euid	= old-> euid;
835 	new-> suid	= old-> suid;
836 	new->fsuid	= old->fsuid;
837 	new->  gid	= old->  gid;
838 	new-> egid	= old-> egid;
839 	new-> sgid	= old-> sgid;
840 	new->fsgid	= old->fsgid;
841 	new->user	= get_uid(old->user);
842 	new->user_ns	= get_user_ns(old->user_ns);
843 	new->group_info	= get_group_info(old->group_info);
844 
845 	new->securebits	= old->securebits;
846 	new->cap_inheritable	= old->cap_inheritable;
847 	new->cap_permitted	= old->cap_permitted;
848 	new->cap_effective	= old->cap_effective;
849 	new->cap_bset		= old->cap_bset;
850 
851 	new->jit_keyring	= old->jit_keyring;
852 	new->thread_keyring	= key_get(old->thread_keyring);
853 	new->process_keyring	= key_get(old->process_keyring);
854 
855 	security_transfer_creds(new, old);
856 
857 	commit_creds(new);
858 }
859