mirror of https://gitee.com/openkylin/linux.git
keys: change keyctl_session_to_parent() to use task_work_add()
Change keyctl_session_to_parent() to use task_work_add() and move key_replace_session_keyring() logic into task_work->func(). Note that we do task_work_cancel() before task_work_add() to ensure that only one work can be pending at any time. This is important, we must not allow user-space to abuse the parent's ->task_works list. The callback, replace_session_keyring(), checks PF_EXITING. I guess this is not really needed but looks better. As a side effect, this fixes the (unlikely) race. The callers of key_replace_session_keyring() and keyctl_session_to_parent() lack the necessary barriers, the parent can miss the request. Now we can remove task_struct->replacement_session_keyring and related code. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Acked-by: David Howells <dhowells@redhat.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Richard Kuo <rkuo@codeaurora.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Alexander Gordeev <agordeev@redhat.com> Cc: Chris Zankel <chris@zankel.net> Cc: David Smith <dsmith@redhat.com> Cc: "Frank Ch. Eigler" <fche@redhat.com> Cc: Geert Uytterhoeven <geert@linux-m68k.org> Cc: Larry Woodman <lwoodman@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Tejun Heo <tj@kernel.org> Cc: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
4d1d61a6b2
commit
413cd3d9ab
|
@ -33,6 +33,8 @@ typedef uint32_t key_perm_t;
|
||||||
|
|
||||||
struct key;
|
struct key;
|
||||||
|
|
||||||
|
#define key_replace_session_keyring() do { } while (0)
|
||||||
|
|
||||||
#ifdef CONFIG_KEYS
|
#ifdef CONFIG_KEYS
|
||||||
|
|
||||||
#undef KEY_DEBUGGING
|
#undef KEY_DEBUGGING
|
||||||
|
@ -308,9 +310,6 @@ static inline bool key_is_instantiated(const struct key *key)
|
||||||
#ifdef CONFIG_SYSCTL
|
#ifdef CONFIG_SYSCTL
|
||||||
extern ctl_table key_sysctls[];
|
extern ctl_table key_sysctls[];
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
extern void key_replace_session_keyring(void);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* the userspace interface
|
* the userspace interface
|
||||||
*/
|
*/
|
||||||
|
@ -334,7 +333,6 @@ extern void key_init(void);
|
||||||
#define key_fsuid_changed(t) do { } while(0)
|
#define key_fsuid_changed(t) do { } while(0)
|
||||||
#define key_fsgid_changed(t) do { } while(0)
|
#define key_fsgid_changed(t) do { } while(0)
|
||||||
#define key_init() do { } while(0)
|
#define key_init() do { } while(0)
|
||||||
#define key_replace_session_keyring() do { } while(0)
|
|
||||||
|
|
||||||
#endif /* CONFIG_KEYS */
|
#endif /* CONFIG_KEYS */
|
||||||
#endif /* __KERNEL__ */
|
#endif /* __KERNEL__ */
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
|
|
||||||
#include <linux/sched.h>
|
#include <linux/sched.h>
|
||||||
#include <linux/key-type.h>
|
#include <linux/key-type.h>
|
||||||
|
#include <linux/task_work.h>
|
||||||
|
|
||||||
#ifdef __KDEBUG
|
#ifdef __KDEBUG
|
||||||
#define kenter(FMT, ...) \
|
#define kenter(FMT, ...) \
|
||||||
|
@ -148,6 +149,7 @@ extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags,
|
||||||
#define KEY_LOOKUP_FOR_UNLINK 0x04
|
#define KEY_LOOKUP_FOR_UNLINK 0x04
|
||||||
|
|
||||||
extern long join_session_keyring(const char *name);
|
extern long join_session_keyring(const char *name);
|
||||||
|
extern void key_change_session_keyring(struct task_work *twork);
|
||||||
|
|
||||||
extern struct work_struct key_gc_work;
|
extern struct work_struct key_gc_work;
|
||||||
extern unsigned key_gc_delay;
|
extern unsigned key_gc_delay;
|
||||||
|
|
|
@ -1456,47 +1456,55 @@ long keyctl_session_to_parent(void)
|
||||||
{
|
{
|
||||||
struct task_struct *me, *parent;
|
struct task_struct *me, *parent;
|
||||||
const struct cred *mycred, *pcred;
|
const struct cred *mycred, *pcred;
|
||||||
struct cred *cred, *oldcred;
|
struct task_work *newwork, *oldwork;
|
||||||
key_ref_t keyring_r;
|
key_ref_t keyring_r;
|
||||||
|
struct cred *cred;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK);
|
keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK);
|
||||||
if (IS_ERR(keyring_r))
|
if (IS_ERR(keyring_r))
|
||||||
return PTR_ERR(keyring_r);
|
return PTR_ERR(keyring_r);
|
||||||
|
|
||||||
|
ret = -ENOMEM;
|
||||||
|
newwork = kmalloc(sizeof(struct task_work), GFP_KERNEL);
|
||||||
|
if (!newwork)
|
||||||
|
goto error_keyring;
|
||||||
|
|
||||||
/* our parent is going to need a new cred struct, a new tgcred struct
|
/* our parent is going to need a new cred struct, a new tgcred struct
|
||||||
* and new security data, so we allocate them here to prevent ENOMEM in
|
* and new security data, so we allocate them here to prevent ENOMEM in
|
||||||
* our parent */
|
* our parent */
|
||||||
ret = -ENOMEM;
|
|
||||||
cred = cred_alloc_blank();
|
cred = cred_alloc_blank();
|
||||||
if (!cred)
|
if (!cred)
|
||||||
goto error_keyring;
|
goto error_newwork;
|
||||||
|
|
||||||
cred->tgcred->session_keyring = key_ref_to_ptr(keyring_r);
|
cred->tgcred->session_keyring = key_ref_to_ptr(keyring_r);
|
||||||
keyring_r = NULL;
|
init_task_work(newwork, key_change_session_keyring, cred);
|
||||||
|
|
||||||
me = current;
|
me = current;
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
write_lock_irq(&tasklist_lock);
|
write_lock_irq(&tasklist_lock);
|
||||||
|
|
||||||
parent = me->real_parent;
|
|
||||||
ret = -EPERM;
|
ret = -EPERM;
|
||||||
|
oldwork = NULL;
|
||||||
|
parent = me->real_parent;
|
||||||
|
|
||||||
/* the parent mustn't be init and mustn't be a kernel thread */
|
/* the parent mustn't be init and mustn't be a kernel thread */
|
||||||
if (parent->pid <= 1 || !parent->mm)
|
if (parent->pid <= 1 || !parent->mm)
|
||||||
goto not_permitted;
|
goto unlock;
|
||||||
|
|
||||||
/* the parent must be single threaded */
|
/* the parent must be single threaded */
|
||||||
if (!thread_group_empty(parent))
|
if (!thread_group_empty(parent))
|
||||||
goto not_permitted;
|
goto unlock;
|
||||||
|
|
||||||
/* the parent and the child must have different session keyrings or
|
/* the parent and the child must have different session keyrings or
|
||||||
* there's no point */
|
* there's no point */
|
||||||
mycred = current_cred();
|
mycred = current_cred();
|
||||||
pcred = __task_cred(parent);
|
pcred = __task_cred(parent);
|
||||||
if (mycred == pcred ||
|
if (mycred == pcred ||
|
||||||
mycred->tgcred->session_keyring == pcred->tgcred->session_keyring)
|
mycred->tgcred->session_keyring == pcred->tgcred->session_keyring) {
|
||||||
goto already_same;
|
ret = 0;
|
||||||
|
goto unlock;
|
||||||
|
}
|
||||||
|
|
||||||
/* the parent must have the same effective ownership and mustn't be
|
/* the parent must have the same effective ownership and mustn't be
|
||||||
* SUID/SGID */
|
* SUID/SGID */
|
||||||
|
@ -1506,38 +1514,37 @@ long keyctl_session_to_parent(void)
|
||||||
pcred->gid != mycred->egid ||
|
pcred->gid != mycred->egid ||
|
||||||
pcred->egid != mycred->egid ||
|
pcred->egid != mycred->egid ||
|
||||||
pcred->sgid != mycred->egid)
|
pcred->sgid != mycred->egid)
|
||||||
goto not_permitted;
|
goto unlock;
|
||||||
|
|
||||||
/* the keyrings must have the same UID */
|
/* the keyrings must have the same UID */
|
||||||
if ((pcred->tgcred->session_keyring &&
|
if ((pcred->tgcred->session_keyring &&
|
||||||
pcred->tgcred->session_keyring->uid != mycred->euid) ||
|
pcred->tgcred->session_keyring->uid != mycred->euid) ||
|
||||||
mycred->tgcred->session_keyring->uid != mycred->euid)
|
mycred->tgcred->session_keyring->uid != mycred->euid)
|
||||||
goto not_permitted;
|
goto unlock;
|
||||||
|
|
||||||
/* if there's an already pending keyring replacement, then we replace
|
/* cancel an already pending keyring replacement */
|
||||||
* that */
|
oldwork = task_work_cancel(parent, key_change_session_keyring);
|
||||||
oldcred = parent->replacement_session_keyring;
|
|
||||||
|
|
||||||
/* the replacement session keyring is applied just prior to userspace
|
/* the replacement session keyring is applied just prior to userspace
|
||||||
* restarting */
|
* restarting */
|
||||||
parent->replacement_session_keyring = cred;
|
ret = task_work_add(parent, newwork, true);
|
||||||
cred = NULL;
|
if (!ret)
|
||||||
set_ti_thread_flag(task_thread_info(parent), TIF_NOTIFY_RESUME);
|
newwork = NULL;
|
||||||
|
unlock:
|
||||||
write_unlock_irq(&tasklist_lock);
|
write_unlock_irq(&tasklist_lock);
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
if (oldcred)
|
if (oldwork) {
|
||||||
put_cred(oldcred);
|
put_cred(oldwork->data);
|
||||||
return 0;
|
kfree(oldwork);
|
||||||
|
}
|
||||||
already_same:
|
if (newwork) {
|
||||||
ret = 0;
|
put_cred(newwork->data);
|
||||||
not_permitted:
|
kfree(newwork);
|
||||||
write_unlock_irq(&tasklist_lock);
|
}
|
||||||
rcu_read_unlock();
|
|
||||||
put_cred(cred);
|
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
error_newwork:
|
||||||
|
kfree(newwork);
|
||||||
error_keyring:
|
error_keyring:
|
||||||
key_ref_put(keyring_r);
|
key_ref_put(keyring_r);
|
||||||
return ret;
|
return ret;
|
||||||
|
|
|
@ -834,23 +834,17 @@ long join_session_keyring(const char *name)
|
||||||
* Replace a process's session keyring on behalf of one of its children when
|
* Replace a process's session keyring on behalf of one of its children when
|
||||||
* the target process is about to resume userspace execution.
|
* the target process is about to resume userspace execution.
|
||||||
*/
|
*/
|
||||||
void key_replace_session_keyring(void)
|
void key_change_session_keyring(struct task_work *twork)
|
||||||
{
|
{
|
||||||
const struct cred *old;
|
const struct cred *old = current_cred();
|
||||||
struct cred *new;
|
struct cred *new = twork->data;
|
||||||
|
|
||||||
if (!current->replacement_session_keyring)
|
kfree(twork);
|
||||||
|
if (unlikely(current->flags & PF_EXITING)) {
|
||||||
|
put_cred(new);
|
||||||
return;
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
write_lock_irq(&tasklist_lock);
|
|
||||||
new = current->replacement_session_keyring;
|
|
||||||
current->replacement_session_keyring = NULL;
|
|
||||||
write_unlock_irq(&tasklist_lock);
|
|
||||||
|
|
||||||
if (!new)
|
|
||||||
return;
|
|
||||||
|
|
||||||
old = current_cred();
|
|
||||||
new-> uid = old-> uid;
|
new-> uid = old-> uid;
|
||||||
new-> euid = old-> euid;
|
new-> euid = old-> euid;
|
||||||
new-> suid = old-> suid;
|
new-> suid = old-> suid;
|
||||||
|
|
Loading…
Reference in New Issue