keys: change keyctl_session_to_parent() to use task_work_add()

Change keyctl_session_to_parent() to use task_work_add() and move
key_replace_session_keyring() logic into task_work->func().

Note that we do task_work_cancel() before task_work_add() to ensure that
only one work can be pending at any time.  This is important, we must not
allow user-space to abuse the parent's ->task_works list.

The callback, replace_session_keyring(), checks PF_EXITING.  I guess this
is not really needed but looks better.

As a side effect, this fixes the (unlikely) race.  The callers of
key_replace_session_keyring() and keyctl_session_to_parent() lack the
necessary barriers, the parent can miss the request.

Now we can remove task_struct->replacement_session_keyring and related
code.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: David Howells <dhowells@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Richard Kuo <rkuo@codeaurora.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Alexander Gordeev <agordeev@redhat.com>
Cc: Chris Zankel <chris@zankel.net>
Cc: David Smith <dsmith@redhat.com>
Cc: "Frank Ch. Eigler" <fche@redhat.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Larry Woodman <lwoodman@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Oleg Nesterov 2012-05-11 10:59:08 +10:00 committed by Al Viro
parent 4d1d61a6b2
commit 413cd3d9ab
4 changed files with 46 additions and 45 deletions

View File

@ -33,6 +33,8 @@ typedef uint32_t key_perm_t;
struct key; struct key;
#define key_replace_session_keyring() do { } while (0)
#ifdef CONFIG_KEYS #ifdef CONFIG_KEYS
#undef KEY_DEBUGGING #undef KEY_DEBUGGING
@ -308,9 +310,6 @@ static inline bool key_is_instantiated(const struct key *key)
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
extern ctl_table key_sysctls[]; extern ctl_table key_sysctls[];
#endif #endif
extern void key_replace_session_keyring(void);
/* /*
* the userspace interface * the userspace interface
*/ */
@ -334,7 +333,6 @@ extern void key_init(void);
#define key_fsuid_changed(t) do { } while(0) #define key_fsuid_changed(t) do { } while(0)
#define key_fsgid_changed(t) do { } while(0) #define key_fsgid_changed(t) do { } while(0)
#define key_init() do { } while(0) #define key_init() do { } while(0)
#define key_replace_session_keyring() do { } while(0)
#endif /* CONFIG_KEYS */ #endif /* CONFIG_KEYS */
#endif /* __KERNEL__ */ #endif /* __KERNEL__ */

View File

@ -14,6 +14,7 @@
#include <linux/sched.h> #include <linux/sched.h>
#include <linux/key-type.h> #include <linux/key-type.h>
#include <linux/task_work.h>
#ifdef __KDEBUG #ifdef __KDEBUG
#define kenter(FMT, ...) \ #define kenter(FMT, ...) \
@ -148,6 +149,7 @@ extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags,
#define KEY_LOOKUP_FOR_UNLINK 0x04 #define KEY_LOOKUP_FOR_UNLINK 0x04
extern long join_session_keyring(const char *name); extern long join_session_keyring(const char *name);
extern void key_change_session_keyring(struct task_work *twork);
extern struct work_struct key_gc_work; extern struct work_struct key_gc_work;
extern unsigned key_gc_delay; extern unsigned key_gc_delay;

View File

@ -1456,47 +1456,55 @@ long keyctl_session_to_parent(void)
{ {
struct task_struct *me, *parent; struct task_struct *me, *parent;
const struct cred *mycred, *pcred; const struct cred *mycred, *pcred;
struct cred *cred, *oldcred; struct task_work *newwork, *oldwork;
key_ref_t keyring_r; key_ref_t keyring_r;
struct cred *cred;
int ret; int ret;
keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK); keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK);
if (IS_ERR(keyring_r)) if (IS_ERR(keyring_r))
return PTR_ERR(keyring_r); return PTR_ERR(keyring_r);
ret = -ENOMEM;
newwork = kmalloc(sizeof(struct task_work), GFP_KERNEL);
if (!newwork)
goto error_keyring;
/* our parent is going to need a new cred struct, a new tgcred struct /* our parent is going to need a new cred struct, a new tgcred struct
* and new security data, so we allocate them here to prevent ENOMEM in * and new security data, so we allocate them here to prevent ENOMEM in
* our parent */ * our parent */
ret = -ENOMEM;
cred = cred_alloc_blank(); cred = cred_alloc_blank();
if (!cred) if (!cred)
goto error_keyring; goto error_newwork;
cred->tgcred->session_keyring = key_ref_to_ptr(keyring_r); cred->tgcred->session_keyring = key_ref_to_ptr(keyring_r);
keyring_r = NULL; init_task_work(newwork, key_change_session_keyring, cred);
me = current; me = current;
rcu_read_lock(); rcu_read_lock();
write_lock_irq(&tasklist_lock); write_lock_irq(&tasklist_lock);
parent = me->real_parent;
ret = -EPERM; ret = -EPERM;
oldwork = NULL;
parent = me->real_parent;
/* the parent mustn't be init and mustn't be a kernel thread */ /* the parent mustn't be init and mustn't be a kernel thread */
if (parent->pid <= 1 || !parent->mm) if (parent->pid <= 1 || !parent->mm)
goto not_permitted; goto unlock;
/* the parent must be single threaded */ /* the parent must be single threaded */
if (!thread_group_empty(parent)) if (!thread_group_empty(parent))
goto not_permitted; goto unlock;
/* the parent and the child must have different session keyrings or /* the parent and the child must have different session keyrings or
* there's no point */ * there's no point */
mycred = current_cred(); mycred = current_cred();
pcred = __task_cred(parent); pcred = __task_cred(parent);
if (mycred == pcred || if (mycred == pcred ||
mycred->tgcred->session_keyring == pcred->tgcred->session_keyring) mycred->tgcred->session_keyring == pcred->tgcred->session_keyring) {
goto already_same; ret = 0;
goto unlock;
}
/* the parent must have the same effective ownership and mustn't be /* the parent must have the same effective ownership and mustn't be
* SUID/SGID */ * SUID/SGID */
@ -1506,38 +1514,37 @@ long keyctl_session_to_parent(void)
pcred->gid != mycred->egid || pcred->gid != mycred->egid ||
pcred->egid != mycred->egid || pcred->egid != mycred->egid ||
pcred->sgid != mycred->egid) pcred->sgid != mycred->egid)
goto not_permitted; goto unlock;
/* the keyrings must have the same UID */ /* the keyrings must have the same UID */
if ((pcred->tgcred->session_keyring && if ((pcred->tgcred->session_keyring &&
pcred->tgcred->session_keyring->uid != mycred->euid) || pcred->tgcred->session_keyring->uid != mycred->euid) ||
mycred->tgcred->session_keyring->uid != mycred->euid) mycred->tgcred->session_keyring->uid != mycred->euid)
goto not_permitted; goto unlock;
/* if there's an already pending keyring replacement, then we replace /* cancel an already pending keyring replacement */
* that */ oldwork = task_work_cancel(parent, key_change_session_keyring);
oldcred = parent->replacement_session_keyring;
/* the replacement session keyring is applied just prior to userspace /* the replacement session keyring is applied just prior to userspace
* restarting */ * restarting */
parent->replacement_session_keyring = cred; ret = task_work_add(parent, newwork, true);
cred = NULL; if (!ret)
set_ti_thread_flag(task_thread_info(parent), TIF_NOTIFY_RESUME); newwork = NULL;
unlock:
write_unlock_irq(&tasklist_lock); write_unlock_irq(&tasklist_lock);
rcu_read_unlock(); rcu_read_unlock();
if (oldcred) if (oldwork) {
put_cred(oldcred); put_cred(oldwork->data);
return 0; kfree(oldwork);
}
already_same: if (newwork) {
ret = 0; put_cred(newwork->data);
not_permitted: kfree(newwork);
write_unlock_irq(&tasklist_lock); }
rcu_read_unlock();
put_cred(cred);
return ret; return ret;
error_newwork:
kfree(newwork);
error_keyring: error_keyring:
key_ref_put(keyring_r); key_ref_put(keyring_r);
return ret; return ret;

View File

@ -834,23 +834,17 @@ long join_session_keyring(const char *name)
* Replace a process's session keyring on behalf of one of its children when * Replace a process's session keyring on behalf of one of its children when
* the target process is about to resume userspace execution. * the target process is about to resume userspace execution.
*/ */
void key_replace_session_keyring(void) void key_change_session_keyring(struct task_work *twork)
{ {
const struct cred *old; const struct cred *old = current_cred();
struct cred *new; struct cred *new = twork->data;
if (!current->replacement_session_keyring) kfree(twork);
if (unlikely(current->flags & PF_EXITING)) {
put_cred(new);
return; return;
}
write_lock_irq(&tasklist_lock);
new = current->replacement_session_keyring;
current->replacement_session_keyring = NULL;
write_unlock_irq(&tasklist_lock);
if (!new)
return;
old = current_cred();
new-> uid = old-> uid; new-> uid = old-> uid;
new-> euid = old-> euid; new-> euid = old-> euid;
new-> suid = old-> suid; new-> suid = old-> suid;