xref: /openbmc/linux/security/keys/process_keys.c (revision f7c35abe)
1 /* Manage a process's keyrings
2  *
3  * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11 
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
15 #include <linux/sched/user.h>
16 #include <linux/keyctl.h>
17 #include <linux/fs.h>
18 #include <linux/err.h>
19 #include <linux/mutex.h>
20 #include <linux/security.h>
21 #include <linux/user_namespace.h>
22 #include <linux/uaccess.h>
23 #include "internal.h"
24 
25 /* Session keyring create vs join semaphore */
26 static DEFINE_MUTEX(key_session_mutex);
27 
28 /* User keyring creation semaphore */
29 static DEFINE_MUTEX(key_user_keyring_mutex);
30 
31 /* The root user's tracking struct */
32 struct key_user root_key_user = {
33 	.usage		= ATOMIC_INIT(3),
34 	.cons_lock	= __MUTEX_INITIALIZER(root_key_user.cons_lock),
35 	.lock		= __SPIN_LOCK_UNLOCKED(root_key_user.lock),
36 	.nkeys		= ATOMIC_INIT(2),
37 	.nikeys		= ATOMIC_INIT(2),
38 	.uid		= GLOBAL_ROOT_UID,
39 };
40 
41 /*
42  * Install the user and user session keyrings for the current process's UID.
43  */
44 int install_user_keyrings(void)
45 {
46 	struct user_struct *user;
47 	const struct cred *cred;
48 	struct key *uid_keyring, *session_keyring;
49 	key_perm_t user_keyring_perm;
50 	char buf[20];
51 	int ret;
52 	uid_t uid;
53 
54 	user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
55 	cred = current_cred();
56 	user = cred->user;
57 	uid = from_kuid(cred->user_ns, user->uid);
58 
59 	kenter("%p{%u}", user, uid);
60 
61 	if (user->uid_keyring && user->session_keyring) {
62 		kleave(" = 0 [exist]");
63 		return 0;
64 	}
65 
66 	mutex_lock(&key_user_keyring_mutex);
67 	ret = 0;
68 
69 	if (!user->uid_keyring) {
70 		/* get the UID-specific keyring
71 		 * - there may be one in existence already as it may have been
72 		 *   pinned by a session, but the user_struct pointing to it
73 		 *   may have been destroyed by setuid */
74 		sprintf(buf, "_uid.%u", uid);
75 
76 		uid_keyring = find_keyring_by_name(buf, true);
77 		if (IS_ERR(uid_keyring)) {
78 			uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID,
79 						    cred, user_keyring_perm,
80 						    KEY_ALLOC_IN_QUOTA,
81 						    NULL, NULL);
82 			if (IS_ERR(uid_keyring)) {
83 				ret = PTR_ERR(uid_keyring);
84 				goto error;
85 			}
86 		}
87 
88 		/* get a default session keyring (which might also exist
89 		 * already) */
90 		sprintf(buf, "_uid_ses.%u", uid);
91 
92 		session_keyring = find_keyring_by_name(buf, true);
93 		if (IS_ERR(session_keyring)) {
94 			session_keyring =
95 				keyring_alloc(buf, user->uid, INVALID_GID,
96 					      cred, user_keyring_perm,
97 					      KEY_ALLOC_IN_QUOTA,
98 					      NULL, NULL);
99 			if (IS_ERR(session_keyring)) {
100 				ret = PTR_ERR(session_keyring);
101 				goto error_release;
102 			}
103 
104 			/* we install a link from the user session keyring to
105 			 * the user keyring */
106 			ret = key_link(session_keyring, uid_keyring);
107 			if (ret < 0)
108 				goto error_release_both;
109 		}
110 
111 		/* install the keyrings */
112 		user->uid_keyring = uid_keyring;
113 		user->session_keyring = session_keyring;
114 	}
115 
116 	mutex_unlock(&key_user_keyring_mutex);
117 	kleave(" = 0");
118 	return 0;
119 
120 error_release_both:
121 	key_put(session_keyring);
122 error_release:
123 	key_put(uid_keyring);
124 error:
125 	mutex_unlock(&key_user_keyring_mutex);
126 	kleave(" = %d", ret);
127 	return ret;
128 }
129 
130 /*
131  * Install a fresh thread keyring directly to new credentials.  This keyring is
132  * allowed to overrun the quota.
133  */
134 int install_thread_keyring_to_cred(struct cred *new)
135 {
136 	struct key *keyring;
137 
138 	keyring = keyring_alloc("_tid", new->uid, new->gid, new,
139 				KEY_POS_ALL | KEY_USR_VIEW,
140 				KEY_ALLOC_QUOTA_OVERRUN,
141 				NULL, NULL);
142 	if (IS_ERR(keyring))
143 		return PTR_ERR(keyring);
144 
145 	new->thread_keyring = keyring;
146 	return 0;
147 }
148 
149 /*
150  * Install a fresh thread keyring, discarding the old one.
151  */
152 static int install_thread_keyring(void)
153 {
154 	struct cred *new;
155 	int ret;
156 
157 	new = prepare_creds();
158 	if (!new)
159 		return -ENOMEM;
160 
161 	BUG_ON(new->thread_keyring);
162 
163 	ret = install_thread_keyring_to_cred(new);
164 	if (ret < 0) {
165 		abort_creds(new);
166 		return ret;
167 	}
168 
169 	return commit_creds(new);
170 }
171 
172 /*
173  * Install a process keyring directly to a credentials struct.
174  *
175  * Returns -EEXIST if there was already a process keyring, 0 if one installed,
176  * and other value on any other error
177  */
178 int install_process_keyring_to_cred(struct cred *new)
179 {
180 	struct key *keyring;
181 
182 	if (new->process_keyring)
183 		return -EEXIST;
184 
185 	keyring = keyring_alloc("_pid", new->uid, new->gid, new,
186 				KEY_POS_ALL | KEY_USR_VIEW,
187 				KEY_ALLOC_QUOTA_OVERRUN,
188 				NULL, NULL);
189 	if (IS_ERR(keyring))
190 		return PTR_ERR(keyring);
191 
192 	new->process_keyring = keyring;
193 	return 0;
194 }
195 
196 /*
197  * Make sure a process keyring is installed for the current process.  The
198  * existing process keyring is not replaced.
199  *
200  * Returns 0 if there is a process keyring by the end of this function, some
201  * error otherwise.
202  */
203 static int install_process_keyring(void)
204 {
205 	struct cred *new;
206 	int ret;
207 
208 	new = prepare_creds();
209 	if (!new)
210 		return -ENOMEM;
211 
212 	ret = install_process_keyring_to_cred(new);
213 	if (ret < 0) {
214 		abort_creds(new);
215 		return ret != -EEXIST ? ret : 0;
216 	}
217 
218 	return commit_creds(new);
219 }
220 
221 /*
222  * Install a session keyring directly to a credentials struct.
223  */
224 int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
225 {
226 	unsigned long flags;
227 	struct key *old;
228 
229 	might_sleep();
230 
231 	/* create an empty session keyring */
232 	if (!keyring) {
233 		flags = KEY_ALLOC_QUOTA_OVERRUN;
234 		if (cred->session_keyring)
235 			flags = KEY_ALLOC_IN_QUOTA;
236 
237 		keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
238 					KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
239 					flags, NULL, NULL);
240 		if (IS_ERR(keyring))
241 			return PTR_ERR(keyring);
242 	} else {
243 		__key_get(keyring);
244 	}
245 
246 	/* install the keyring */
247 	old = cred->session_keyring;
248 	rcu_assign_pointer(cred->session_keyring, keyring);
249 
250 	if (old)
251 		key_put(old);
252 
253 	return 0;
254 }
255 
256 /*
257  * Install a session keyring, discarding the old one.  If a keyring is not
258  * supplied, an empty one is invented.
259  */
260 static int install_session_keyring(struct key *keyring)
261 {
262 	struct cred *new;
263 	int ret;
264 
265 	new = prepare_creds();
266 	if (!new)
267 		return -ENOMEM;
268 
269 	ret = install_session_keyring_to_cred(new, keyring);
270 	if (ret < 0) {
271 		abort_creds(new);
272 		return ret;
273 	}
274 
275 	return commit_creds(new);
276 }
277 
278 /*
279  * Handle the fsuid changing.
280  */
281 void key_fsuid_changed(struct task_struct *tsk)
282 {
283 	/* update the ownership of the thread keyring */
284 	BUG_ON(!tsk->cred);
285 	if (tsk->cred->thread_keyring) {
286 		down_write(&tsk->cred->thread_keyring->sem);
287 		tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
288 		up_write(&tsk->cred->thread_keyring->sem);
289 	}
290 }
291 
292 /*
293  * Handle the fsgid changing.
294  */
295 void key_fsgid_changed(struct task_struct *tsk)
296 {
297 	/* update the ownership of the thread keyring */
298 	BUG_ON(!tsk->cred);
299 	if (tsk->cred->thread_keyring) {
300 		down_write(&tsk->cred->thread_keyring->sem);
301 		tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
302 		up_write(&tsk->cred->thread_keyring->sem);
303 	}
304 }
305 
306 /*
307  * Search the process keyrings attached to the supplied cred for the first
308  * matching key.
309  *
310  * The search criteria are the type and the match function.  The description is
311  * given to the match function as a parameter, but doesn't otherwise influence
312  * the search.  Typically the match function will compare the description
313  * parameter to the key's description.
314  *
315  * This can only search keyrings that grant Search permission to the supplied
316  * credentials.  Keyrings linked to searched keyrings will also be searched if
317  * they grant Search permission too.  Keys can only be found if they grant
318  * Search permission to the credentials.
319  *
320  * Returns a pointer to the key with the key usage count incremented if
321  * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
322  * matched negative keys.
323  *
324  * In the case of a successful return, the possession attribute is set on the
325  * returned key reference.
326  */
327 key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
328 {
329 	key_ref_t key_ref, ret, err;
330 
331 	/* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
332 	 * searchable, but we failed to find a key or we found a negative key;
333 	 * otherwise we want to return a sample error (probably -EACCES) if
334 	 * none of the keyrings were searchable
335 	 *
336 	 * in terms of priority: success > -ENOKEY > -EAGAIN > other error
337 	 */
338 	key_ref = NULL;
339 	ret = NULL;
340 	err = ERR_PTR(-EAGAIN);
341 
342 	/* search the thread keyring first */
343 	if (ctx->cred->thread_keyring) {
344 		key_ref = keyring_search_aux(
345 			make_key_ref(ctx->cred->thread_keyring, 1), ctx);
346 		if (!IS_ERR(key_ref))
347 			goto found;
348 
349 		switch (PTR_ERR(key_ref)) {
350 		case -EAGAIN: /* no key */
351 		case -ENOKEY: /* negative key */
352 			ret = key_ref;
353 			break;
354 		default:
355 			err = key_ref;
356 			break;
357 		}
358 	}
359 
360 	/* search the process keyring second */
361 	if (ctx->cred->process_keyring) {
362 		key_ref = keyring_search_aux(
363 			make_key_ref(ctx->cred->process_keyring, 1), ctx);
364 		if (!IS_ERR(key_ref))
365 			goto found;
366 
367 		switch (PTR_ERR(key_ref)) {
368 		case -EAGAIN: /* no key */
369 			if (ret)
370 				break;
371 		case -ENOKEY: /* negative key */
372 			ret = key_ref;
373 			break;
374 		default:
375 			err = key_ref;
376 			break;
377 		}
378 	}
379 
380 	/* search the session keyring */
381 	if (ctx->cred->session_keyring) {
382 		rcu_read_lock();
383 		key_ref = keyring_search_aux(
384 			make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1),
385 			ctx);
386 		rcu_read_unlock();
387 
388 		if (!IS_ERR(key_ref))
389 			goto found;
390 
391 		switch (PTR_ERR(key_ref)) {
392 		case -EAGAIN: /* no key */
393 			if (ret)
394 				break;
395 		case -ENOKEY: /* negative key */
396 			ret = key_ref;
397 			break;
398 		default:
399 			err = key_ref;
400 			break;
401 		}
402 	}
403 	/* or search the user-session keyring */
404 	else if (ctx->cred->user->session_keyring) {
405 		key_ref = keyring_search_aux(
406 			make_key_ref(ctx->cred->user->session_keyring, 1),
407 			ctx);
408 		if (!IS_ERR(key_ref))
409 			goto found;
410 
411 		switch (PTR_ERR(key_ref)) {
412 		case -EAGAIN: /* no key */
413 			if (ret)
414 				break;
415 		case -ENOKEY: /* negative key */
416 			ret = key_ref;
417 			break;
418 		default:
419 			err = key_ref;
420 			break;
421 		}
422 	}
423 
424 	/* no key - decide on the error we're going to go for */
425 	key_ref = ret ? ret : err;
426 
427 found:
428 	return key_ref;
429 }
430 
431 /*
432  * Search the process keyrings attached to the supplied cred for the first
433  * matching key in the manner of search_my_process_keyrings(), but also search
434  * the keys attached to the assumed authorisation key using its credentials if
435  * one is available.
436  *
437  * Return same as search_my_process_keyrings().
438  */
439 key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
440 {
441 	struct request_key_auth *rka;
442 	key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
443 
444 	might_sleep();
445 
446 	key_ref = search_my_process_keyrings(ctx);
447 	if (!IS_ERR(key_ref))
448 		goto found;
449 	err = key_ref;
450 
451 	/* if this process has an instantiation authorisation key, then we also
452 	 * search the keyrings of the process mentioned there
453 	 * - we don't permit access to request_key auth keys via this method
454 	 */
455 	if (ctx->cred->request_key_auth &&
456 	    ctx->cred == current_cred() &&
457 	    ctx->index_key.type != &key_type_request_key_auth
458 	    ) {
459 		const struct cred *cred = ctx->cred;
460 
461 		/* defend against the auth key being revoked */
462 		down_read(&cred->request_key_auth->sem);
463 
464 		if (key_validate(ctx->cred->request_key_auth) == 0) {
465 			rka = ctx->cred->request_key_auth->payload.data[0];
466 
467 			ctx->cred = rka->cred;
468 			key_ref = search_process_keyrings(ctx);
469 			ctx->cred = cred;
470 
471 			up_read(&cred->request_key_auth->sem);
472 
473 			if (!IS_ERR(key_ref))
474 				goto found;
475 
476 			ret = key_ref;
477 		} else {
478 			up_read(&cred->request_key_auth->sem);
479 		}
480 	}
481 
482 	/* no key - decide on the error we're going to go for */
483 	if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
484 		key_ref = ERR_PTR(-ENOKEY);
485 	else if (err == ERR_PTR(-EACCES))
486 		key_ref = ret;
487 	else
488 		key_ref = err;
489 
490 found:
491 	return key_ref;
492 }
493 
494 /*
495  * See if the key we're looking at is the target key.
496  */
497 bool lookup_user_key_possessed(const struct key *key,
498 			       const struct key_match_data *match_data)
499 {
500 	return key == match_data->raw_data;
501 }
502 
503 /*
504  * Look up a key ID given us by userspace with a given permissions mask to get
505  * the key it refers to.
506  *
507  * Flags can be passed to request that special keyrings be created if referred
508  * to directly, to permit partially constructed keys to be found and to skip
509  * validity and permission checks on the found key.
510  *
511  * Returns a pointer to the key with an incremented usage count if successful;
512  * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
513  * to a key or the best found key was a negative key; -EKEYREVOKED or
514  * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
515  * found key doesn't grant the requested permit or the LSM denied access to it;
516  * or -ENOMEM if a special keyring couldn't be created.
517  *
518  * In the case of a successful return, the possession attribute is set on the
519  * returned key reference.
520  */
521 key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
522 			  key_perm_t perm)
523 {
524 	struct keyring_search_context ctx = {
525 		.match_data.cmp		= lookup_user_key_possessed,
526 		.match_data.lookup_type	= KEYRING_SEARCH_LOOKUP_DIRECT,
527 		.flags			= KEYRING_SEARCH_NO_STATE_CHECK,
528 	};
529 	struct request_key_auth *rka;
530 	struct key *key;
531 	key_ref_t key_ref, skey_ref;
532 	int ret;
533 
534 try_again:
535 	ctx.cred = get_current_cred();
536 	key_ref = ERR_PTR(-ENOKEY);
537 
538 	switch (id) {
539 	case KEY_SPEC_THREAD_KEYRING:
540 		if (!ctx.cred->thread_keyring) {
541 			if (!(lflags & KEY_LOOKUP_CREATE))
542 				goto error;
543 
544 			ret = install_thread_keyring();
545 			if (ret < 0) {
546 				key_ref = ERR_PTR(ret);
547 				goto error;
548 			}
549 			goto reget_creds;
550 		}
551 
552 		key = ctx.cred->thread_keyring;
553 		__key_get(key);
554 		key_ref = make_key_ref(key, 1);
555 		break;
556 
557 	case KEY_SPEC_PROCESS_KEYRING:
558 		if (!ctx.cred->process_keyring) {
559 			if (!(lflags & KEY_LOOKUP_CREATE))
560 				goto error;
561 
562 			ret = install_process_keyring();
563 			if (ret < 0) {
564 				key_ref = ERR_PTR(ret);
565 				goto error;
566 			}
567 			goto reget_creds;
568 		}
569 
570 		key = ctx.cred->process_keyring;
571 		__key_get(key);
572 		key_ref = make_key_ref(key, 1);
573 		break;
574 
575 	case KEY_SPEC_SESSION_KEYRING:
576 		if (!ctx.cred->session_keyring) {
577 			/* always install a session keyring upon access if one
578 			 * doesn't exist yet */
579 			ret = install_user_keyrings();
580 			if (ret < 0)
581 				goto error;
582 			if (lflags & KEY_LOOKUP_CREATE)
583 				ret = join_session_keyring(NULL);
584 			else
585 				ret = install_session_keyring(
586 					ctx.cred->user->session_keyring);
587 
588 			if (ret < 0)
589 				goto error;
590 			goto reget_creds;
591 		} else if (ctx.cred->session_keyring ==
592 			   ctx.cred->user->session_keyring &&
593 			   lflags & KEY_LOOKUP_CREATE) {
594 			ret = join_session_keyring(NULL);
595 			if (ret < 0)
596 				goto error;
597 			goto reget_creds;
598 		}
599 
600 		rcu_read_lock();
601 		key = rcu_dereference(ctx.cred->session_keyring);
602 		__key_get(key);
603 		rcu_read_unlock();
604 		key_ref = make_key_ref(key, 1);
605 		break;
606 
607 	case KEY_SPEC_USER_KEYRING:
608 		if (!ctx.cred->user->uid_keyring) {
609 			ret = install_user_keyrings();
610 			if (ret < 0)
611 				goto error;
612 		}
613 
614 		key = ctx.cred->user->uid_keyring;
615 		__key_get(key);
616 		key_ref = make_key_ref(key, 1);
617 		break;
618 
619 	case KEY_SPEC_USER_SESSION_KEYRING:
620 		if (!ctx.cred->user->session_keyring) {
621 			ret = install_user_keyrings();
622 			if (ret < 0)
623 				goto error;
624 		}
625 
626 		key = ctx.cred->user->session_keyring;
627 		__key_get(key);
628 		key_ref = make_key_ref(key, 1);
629 		break;
630 
631 	case KEY_SPEC_GROUP_KEYRING:
632 		/* group keyrings are not yet supported */
633 		key_ref = ERR_PTR(-EINVAL);
634 		goto error;
635 
636 	case KEY_SPEC_REQKEY_AUTH_KEY:
637 		key = ctx.cred->request_key_auth;
638 		if (!key)
639 			goto error;
640 
641 		__key_get(key);
642 		key_ref = make_key_ref(key, 1);
643 		break;
644 
645 	case KEY_SPEC_REQUESTOR_KEYRING:
646 		if (!ctx.cred->request_key_auth)
647 			goto error;
648 
649 		down_read(&ctx.cred->request_key_auth->sem);
650 		if (test_bit(KEY_FLAG_REVOKED,
651 			     &ctx.cred->request_key_auth->flags)) {
652 			key_ref = ERR_PTR(-EKEYREVOKED);
653 			key = NULL;
654 		} else {
655 			rka = ctx.cred->request_key_auth->payload.data[0];
656 			key = rka->dest_keyring;
657 			__key_get(key);
658 		}
659 		up_read(&ctx.cred->request_key_auth->sem);
660 		if (!key)
661 			goto error;
662 		key_ref = make_key_ref(key, 1);
663 		break;
664 
665 	default:
666 		key_ref = ERR_PTR(-EINVAL);
667 		if (id < 1)
668 			goto error;
669 
670 		key = key_lookup(id);
671 		if (IS_ERR(key)) {
672 			key_ref = ERR_CAST(key);
673 			goto error;
674 		}
675 
676 		key_ref = make_key_ref(key, 0);
677 
678 		/* check to see if we possess the key */
679 		ctx.index_key.type		= key->type;
680 		ctx.index_key.description	= key->description;
681 		ctx.index_key.desc_len		= strlen(key->description);
682 		ctx.match_data.raw_data		= key;
683 		kdebug("check possessed");
684 		skey_ref = search_process_keyrings(&ctx);
685 		kdebug("possessed=%p", skey_ref);
686 
687 		if (!IS_ERR(skey_ref)) {
688 			key_put(key);
689 			key_ref = skey_ref;
690 		}
691 
692 		break;
693 	}
694 
695 	/* unlink does not use the nominated key in any way, so can skip all
696 	 * the permission checks as it is only concerned with the keyring */
697 	if (lflags & KEY_LOOKUP_FOR_UNLINK) {
698 		ret = 0;
699 		goto error;
700 	}
701 
702 	if (!(lflags & KEY_LOOKUP_PARTIAL)) {
703 		ret = wait_for_key_construction(key, true);
704 		switch (ret) {
705 		case -ERESTARTSYS:
706 			goto invalid_key;
707 		default:
708 			if (perm)
709 				goto invalid_key;
710 		case 0:
711 			break;
712 		}
713 	} else if (perm) {
714 		ret = key_validate(key);
715 		if (ret < 0)
716 			goto invalid_key;
717 	}
718 
719 	ret = -EIO;
720 	if (!(lflags & KEY_LOOKUP_PARTIAL) &&
721 	    !test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
722 		goto invalid_key;
723 
724 	/* check the permissions */
725 	ret = key_task_permission(key_ref, ctx.cred, perm);
726 	if (ret < 0)
727 		goto invalid_key;
728 
729 	key->last_used_at = current_kernel_time().tv_sec;
730 
731 error:
732 	put_cred(ctx.cred);
733 	return key_ref;
734 
735 invalid_key:
736 	key_ref_put(key_ref);
737 	key_ref = ERR_PTR(ret);
738 	goto error;
739 
740 	/* if we attempted to install a keyring, then it may have caused new
741 	 * creds to be installed */
742 reget_creds:
743 	put_cred(ctx.cred);
744 	goto try_again;
745 }
746 
747 /*
748  * Join the named keyring as the session keyring if possible else attempt to
749  * create a new one of that name and join that.
750  *
751  * If the name is NULL, an empty anonymous keyring will be installed as the
752  * session keyring.
753  *
754  * Named session keyrings are joined with a semaphore held to prevent the
755  * keyrings from going away whilst the attempt is made to going them and also
756  * to prevent a race in creating compatible session keyrings.
757  */
758 long join_session_keyring(const char *name)
759 {
760 	const struct cred *old;
761 	struct cred *new;
762 	struct key *keyring;
763 	long ret, serial;
764 
765 	new = prepare_creds();
766 	if (!new)
767 		return -ENOMEM;
768 	old = current_cred();
769 
770 	/* if no name is provided, install an anonymous keyring */
771 	if (!name) {
772 		ret = install_session_keyring_to_cred(new, NULL);
773 		if (ret < 0)
774 			goto error;
775 
776 		serial = new->session_keyring->serial;
777 		ret = commit_creds(new);
778 		if (ret == 0)
779 			ret = serial;
780 		goto okay;
781 	}
782 
783 	/* allow the user to join or create a named keyring */
784 	mutex_lock(&key_session_mutex);
785 
786 	/* look for an existing keyring of this name */
787 	keyring = find_keyring_by_name(name, false);
788 	if (PTR_ERR(keyring) == -ENOKEY) {
789 		/* not found - try and create a new one */
790 		keyring = keyring_alloc(
791 			name, old->uid, old->gid, old,
792 			KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
793 			KEY_ALLOC_IN_QUOTA, NULL, NULL);
794 		if (IS_ERR(keyring)) {
795 			ret = PTR_ERR(keyring);
796 			goto error2;
797 		}
798 	} else if (IS_ERR(keyring)) {
799 		ret = PTR_ERR(keyring);
800 		goto error2;
801 	} else if (keyring == new->session_keyring) {
802 		key_put(keyring);
803 		ret = 0;
804 		goto error2;
805 	}
806 
807 	/* we've got a keyring - now to install it */
808 	ret = install_session_keyring_to_cred(new, keyring);
809 	if (ret < 0)
810 		goto error2;
811 
812 	commit_creds(new);
813 	mutex_unlock(&key_session_mutex);
814 
815 	ret = keyring->serial;
816 	key_put(keyring);
817 okay:
818 	return ret;
819 
820 error2:
821 	mutex_unlock(&key_session_mutex);
822 error:
823 	abort_creds(new);
824 	return ret;
825 }
826 
827 /*
828  * Replace a process's session keyring on behalf of one of its children when
829  * the target  process is about to resume userspace execution.
830  */
831 void key_change_session_keyring(struct callback_head *twork)
832 {
833 	const struct cred *old = current_cred();
834 	struct cred *new = container_of(twork, struct cred, rcu);
835 
836 	if (unlikely(current->flags & PF_EXITING)) {
837 		put_cred(new);
838 		return;
839 	}
840 
841 	new->  uid	= old->  uid;
842 	new-> euid	= old-> euid;
843 	new-> suid	= old-> suid;
844 	new->fsuid	= old->fsuid;
845 	new->  gid	= old->  gid;
846 	new-> egid	= old-> egid;
847 	new-> sgid	= old-> sgid;
848 	new->fsgid	= old->fsgid;
849 	new->user	= get_uid(old->user);
850 	new->user_ns	= get_user_ns(old->user_ns);
851 	new->group_info	= get_group_info(old->group_info);
852 
853 	new->securebits	= old->securebits;
854 	new->cap_inheritable	= old->cap_inheritable;
855 	new->cap_permitted	= old->cap_permitted;
856 	new->cap_effective	= old->cap_effective;
857 	new->cap_ambient	= old->cap_ambient;
858 	new->cap_bset		= old->cap_bset;
859 
860 	new->jit_keyring	= old->jit_keyring;
861 	new->thread_keyring	= key_get(old->thread_keyring);
862 	new->process_keyring	= key_get(old->process_keyring);
863 
864 	security_transfer_creds(new, old);
865 
866 	commit_creds(new);
867 }
868 
869 /*
870  * Make sure that root's user and user-session keyrings exist.
871  */
872 static int __init init_root_keyring(void)
873 {
874 	return install_user_keyrings();
875 }
876 
877 late_initcall(init_root_keyring);
878