Merge branch 'keys-devel' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into ra-next

This commit is contained in:
James Morris 2013-10-31 09:46:36 +11:00
commit 42a20ba5c9
6 changed files with 29 additions and 22 deletions

View File

@ -1,12 +1,10 @@
#include <linux/export.h> #include <linux/export.h>
#include <linux/init.h> #include <linux/init.h>
#define GLOBAL(name) \
.globl VMLINUX_SYMBOL(name); \
VMLINUX_SYMBOL(name):
__INITRODATA __INITRODATA
GLOBAL(system_certificate_list) .globl VMLINUX_SYMBOL(system_certificate_list)
VMLINUX_SYMBOL(system_certificate_list):
.incbin "kernel/x509_certificate_list" .incbin "kernel/x509_certificate_list"
GLOBAL(system_certificate_list_end) .globl VMLINUX_SYMBOL(system_certificate_list_end)
VMLINUX_SYMBOL(system_certificate_list_end):

View File

@ -38,7 +38,7 @@ config PERSISTENT_KEYRINGS
removed if they expire (a default timeout is set upon creation). removed if they expire (a default timeout is set upon creation).
config BIG_KEYS config BIG_KEYS
tristate "Large payload keys" bool "Large payload keys"
depends on KEYS depends on KEYS
depends on TMPFS depends on TMPFS
help help

View File

@ -71,8 +71,10 @@ int big_key_instantiate(struct key *key, struct key_preparsed_payload *prep)
* TODO: Encrypt the stored data with a temporary key. * TODO: Encrypt the stored data with a temporary key.
*/ */
file = shmem_file_setup("", datalen, 0); file = shmem_file_setup("", datalen, 0);
if (IS_ERR(file)) if (IS_ERR(file)) {
ret = PTR_ERR(file);
goto err_quota; goto err_quota;
}
written = kernel_write(file, prep->data, prep->datalen, 0); written = kernel_write(file, prep->data, prep->datalen, 0);
if (written != datalen) { if (written != datalen) {

View File

@ -557,9 +557,10 @@ int key_reject_and_link(struct key *key,
if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
/* mark the key as being negatively instantiated */ /* mark the key as being negatively instantiated */
atomic_inc(&key->user->nikeys); atomic_inc(&key->user->nikeys);
key->type_data.reject_error = -error;
smp_wmb();
set_bit(KEY_FLAG_NEGATIVE, &key->flags); set_bit(KEY_FLAG_NEGATIVE, &key->flags);
set_bit(KEY_FLAG_INSTANTIATED, &key->flags); set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
key->type_data.reject_error = -error;
now = current_kernel_time(); now = current_kernel_time();
key->expiry = now.tv_sec + timeout; key->expiry = now.tv_sec + timeout;
key_schedule_gc(key->expiry + key_gc_delay); key_schedule_gc(key->expiry + key_gc_delay);

View File

@ -551,6 +551,7 @@ static int keyring_search_iterator(const void *object, void *iterator_data)
if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) { if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) {
/* we set a different error code if we pass a negative key */ /* we set a different error code if we pass a negative key */
if (kflags & (1 << KEY_FLAG_NEGATIVE)) { if (kflags & (1 << KEY_FLAG_NEGATIVE)) {
smp_rmb();
ctx->result = ERR_PTR(key->type_data.reject_error); ctx->result = ERR_PTR(key->type_data.reject_error);
kleave(" = %d [neg]", ctx->skipped_ret); kleave(" = %d [neg]", ctx->skipped_ret);
goto skipped; goto skipped;
@ -1062,12 +1063,6 @@ int __key_link_begin(struct key *keyring,
if (index_key->type == &key_type_keyring) if (index_key->type == &key_type_keyring)
down_write(&keyring_serialise_link_sem); down_write(&keyring_serialise_link_sem);
/* check that we aren't going to overrun the user's quota */
ret = key_payload_reserve(keyring,
keyring->datalen + KEYQUOTA_LINK_BYTES);
if (ret < 0)
goto error_sem;
/* Create an edit script that will insert/replace the key in the /* Create an edit script that will insert/replace the key in the
* keyring tree. * keyring tree.
*/ */
@ -1077,17 +1072,25 @@ int __key_link_begin(struct key *keyring,
NULL); NULL);
if (IS_ERR(edit)) { if (IS_ERR(edit)) {
ret = PTR_ERR(edit); ret = PTR_ERR(edit);
goto error_quota; goto error_sem;
}
/* If we're not replacing a link in-place then we're going to need some
* extra quota.
*/
if (!edit->dead_leaf) {
ret = key_payload_reserve(keyring,
keyring->datalen + KEYQUOTA_LINK_BYTES);
if (ret < 0)
goto error_cancel;
} }
*_edit = edit; *_edit = edit;
kleave(" = 0"); kleave(" = 0");
return 0; return 0;
error_quota: error_cancel:
/* undo the quota changes */ assoc_array_cancel_edit(edit);
key_payload_reserve(keyring,
keyring->datalen - KEYQUOTA_LINK_BYTES);
error_sem: error_sem:
if (index_key->type == &key_type_keyring) if (index_key->type == &key_type_keyring)
up_write(&keyring_serialise_link_sem); up_write(&keyring_serialise_link_sem);
@ -1145,7 +1148,7 @@ void __key_link_end(struct key *keyring,
if (index_key->type == &key_type_keyring) if (index_key->type == &key_type_keyring)
up_write(&keyring_serialise_link_sem); up_write(&keyring_serialise_link_sem);
if (edit) { if (edit && !edit->dead_leaf) {
key_payload_reserve(keyring, key_payload_reserve(keyring,
keyring->datalen - KEYQUOTA_LINK_BYTES); keyring->datalen - KEYQUOTA_LINK_BYTES);
assoc_array_cancel_edit(edit); assoc_array_cancel_edit(edit);
@ -1242,6 +1245,7 @@ int key_unlink(struct key *keyring, struct key *key)
goto error; goto error;
assoc_array_apply_edit(edit); assoc_array_apply_edit(edit);
key_payload_reserve(keyring, keyring->datalen - KEYQUOTA_LINK_BYTES);
ret = 0; ret = 0;
error: error:

View File

@ -596,8 +596,10 @@ int wait_for_key_construction(struct key *key, bool intr)
intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE); intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
if (ret < 0) if (ret < 0)
return ret; return ret;
if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
smp_rmb();
return key->type_data.reject_error; return key->type_data.reject_error;
}
return key_validate(key); return key_validate(key);
} }
EXPORT_SYMBOL(wait_for_key_construction); EXPORT_SYMBOL(wait_for_key_construction);