mirror of https://gitee.com/openkylin/linux.git
Merge branch 'keys-devel' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into ra-next
This commit is contained in:
commit
42a20ba5c9
|
@ -1,12 +1,10 @@
|
||||||
#include <linux/export.h>
|
#include <linux/export.h>
|
||||||
#include <linux/init.h>
|
#include <linux/init.h>
|
||||||
|
|
||||||
#define GLOBAL(name) \
|
|
||||||
.globl VMLINUX_SYMBOL(name); \
|
|
||||||
VMLINUX_SYMBOL(name):
|
|
||||||
|
|
||||||
__INITRODATA
|
__INITRODATA
|
||||||
|
|
||||||
GLOBAL(system_certificate_list)
|
.globl VMLINUX_SYMBOL(system_certificate_list)
|
||||||
|
VMLINUX_SYMBOL(system_certificate_list):
|
||||||
.incbin "kernel/x509_certificate_list"
|
.incbin "kernel/x509_certificate_list"
|
||||||
GLOBAL(system_certificate_list_end)
|
.globl VMLINUX_SYMBOL(system_certificate_list_end)
|
||||||
|
VMLINUX_SYMBOL(system_certificate_list_end):
|
||||||
|
|
|
@ -38,7 +38,7 @@ config PERSISTENT_KEYRINGS
|
||||||
removed if they expire (a default timeout is set upon creation).
|
removed if they expire (a default timeout is set upon creation).
|
||||||
|
|
||||||
config BIG_KEYS
|
config BIG_KEYS
|
||||||
tristate "Large payload keys"
|
bool "Large payload keys"
|
||||||
depends on KEYS
|
depends on KEYS
|
||||||
depends on TMPFS
|
depends on TMPFS
|
||||||
help
|
help
|
||||||
|
|
|
@ -71,8 +71,10 @@ int big_key_instantiate(struct key *key, struct key_preparsed_payload *prep)
|
||||||
* TODO: Encrypt the stored data with a temporary key.
|
* TODO: Encrypt the stored data with a temporary key.
|
||||||
*/
|
*/
|
||||||
file = shmem_file_setup("", datalen, 0);
|
file = shmem_file_setup("", datalen, 0);
|
||||||
if (IS_ERR(file))
|
if (IS_ERR(file)) {
|
||||||
|
ret = PTR_ERR(file);
|
||||||
goto err_quota;
|
goto err_quota;
|
||||||
|
}
|
||||||
|
|
||||||
written = kernel_write(file, prep->data, prep->datalen, 0);
|
written = kernel_write(file, prep->data, prep->datalen, 0);
|
||||||
if (written != datalen) {
|
if (written != datalen) {
|
||||||
|
|
|
@ -557,9 +557,10 @@ int key_reject_and_link(struct key *key,
|
||||||
if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
|
if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
|
||||||
/* mark the key as being negatively instantiated */
|
/* mark the key as being negatively instantiated */
|
||||||
atomic_inc(&key->user->nikeys);
|
atomic_inc(&key->user->nikeys);
|
||||||
|
key->type_data.reject_error = -error;
|
||||||
|
smp_wmb();
|
||||||
set_bit(KEY_FLAG_NEGATIVE, &key->flags);
|
set_bit(KEY_FLAG_NEGATIVE, &key->flags);
|
||||||
set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
|
set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
|
||||||
key->type_data.reject_error = -error;
|
|
||||||
now = current_kernel_time();
|
now = current_kernel_time();
|
||||||
key->expiry = now.tv_sec + timeout;
|
key->expiry = now.tv_sec + timeout;
|
||||||
key_schedule_gc(key->expiry + key_gc_delay);
|
key_schedule_gc(key->expiry + key_gc_delay);
|
||||||
|
|
|
@ -551,6 +551,7 @@ static int keyring_search_iterator(const void *object, void *iterator_data)
|
||||||
if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) {
|
if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) {
|
||||||
/* we set a different error code if we pass a negative key */
|
/* we set a different error code if we pass a negative key */
|
||||||
if (kflags & (1 << KEY_FLAG_NEGATIVE)) {
|
if (kflags & (1 << KEY_FLAG_NEGATIVE)) {
|
||||||
|
smp_rmb();
|
||||||
ctx->result = ERR_PTR(key->type_data.reject_error);
|
ctx->result = ERR_PTR(key->type_data.reject_error);
|
||||||
kleave(" = %d [neg]", ctx->skipped_ret);
|
kleave(" = %d [neg]", ctx->skipped_ret);
|
||||||
goto skipped;
|
goto skipped;
|
||||||
|
@ -1062,12 +1063,6 @@ int __key_link_begin(struct key *keyring,
|
||||||
if (index_key->type == &key_type_keyring)
|
if (index_key->type == &key_type_keyring)
|
||||||
down_write(&keyring_serialise_link_sem);
|
down_write(&keyring_serialise_link_sem);
|
||||||
|
|
||||||
/* check that we aren't going to overrun the user's quota */
|
|
||||||
ret = key_payload_reserve(keyring,
|
|
||||||
keyring->datalen + KEYQUOTA_LINK_BYTES);
|
|
||||||
if (ret < 0)
|
|
||||||
goto error_sem;
|
|
||||||
|
|
||||||
/* Create an edit script that will insert/replace the key in the
|
/* Create an edit script that will insert/replace the key in the
|
||||||
* keyring tree.
|
* keyring tree.
|
||||||
*/
|
*/
|
||||||
|
@ -1077,17 +1072,25 @@ int __key_link_begin(struct key *keyring,
|
||||||
NULL);
|
NULL);
|
||||||
if (IS_ERR(edit)) {
|
if (IS_ERR(edit)) {
|
||||||
ret = PTR_ERR(edit);
|
ret = PTR_ERR(edit);
|
||||||
goto error_quota;
|
goto error_sem;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* If we're not replacing a link in-place then we're going to need some
|
||||||
|
* extra quota.
|
||||||
|
*/
|
||||||
|
if (!edit->dead_leaf) {
|
||||||
|
ret = key_payload_reserve(keyring,
|
||||||
|
keyring->datalen + KEYQUOTA_LINK_BYTES);
|
||||||
|
if (ret < 0)
|
||||||
|
goto error_cancel;
|
||||||
}
|
}
|
||||||
|
|
||||||
*_edit = edit;
|
*_edit = edit;
|
||||||
kleave(" = 0");
|
kleave(" = 0");
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
error_quota:
|
error_cancel:
|
||||||
/* undo the quota changes */
|
assoc_array_cancel_edit(edit);
|
||||||
key_payload_reserve(keyring,
|
|
||||||
keyring->datalen - KEYQUOTA_LINK_BYTES);
|
|
||||||
error_sem:
|
error_sem:
|
||||||
if (index_key->type == &key_type_keyring)
|
if (index_key->type == &key_type_keyring)
|
||||||
up_write(&keyring_serialise_link_sem);
|
up_write(&keyring_serialise_link_sem);
|
||||||
|
@ -1145,7 +1148,7 @@ void __key_link_end(struct key *keyring,
|
||||||
if (index_key->type == &key_type_keyring)
|
if (index_key->type == &key_type_keyring)
|
||||||
up_write(&keyring_serialise_link_sem);
|
up_write(&keyring_serialise_link_sem);
|
||||||
|
|
||||||
if (edit) {
|
if (edit && !edit->dead_leaf) {
|
||||||
key_payload_reserve(keyring,
|
key_payload_reserve(keyring,
|
||||||
keyring->datalen - KEYQUOTA_LINK_BYTES);
|
keyring->datalen - KEYQUOTA_LINK_BYTES);
|
||||||
assoc_array_cancel_edit(edit);
|
assoc_array_cancel_edit(edit);
|
||||||
|
@ -1242,6 +1245,7 @@ int key_unlink(struct key *keyring, struct key *key)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
assoc_array_apply_edit(edit);
|
assoc_array_apply_edit(edit);
|
||||||
|
key_payload_reserve(keyring, keyring->datalen - KEYQUOTA_LINK_BYTES);
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
||||||
error:
|
error:
|
||||||
|
|
|
@ -596,8 +596,10 @@ int wait_for_key_construction(struct key *key, bool intr)
|
||||||
intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
|
intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
return ret;
|
return ret;
|
||||||
if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))
|
if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
|
||||||
|
smp_rmb();
|
||||||
return key->type_data.reject_error;
|
return key->type_data.reject_error;
|
||||||
|
}
|
||||||
return key_validate(key);
|
return key_validate(key);
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(wait_for_key_construction);
|
EXPORT_SYMBOL(wait_for_key_construction);
|
||||||
|
|
Loading…
Reference in New Issue