Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

keys: change keyctl_session_to_parent() to use task_work_add()

Change keyctl_session_to_parent() to use task_work_add() and move
key_replace_session_keyring() logic into task_work->func().

Note that we do task_work_cancel() before task_work_add() to ensure that
only one work can be pending at any time.  This is important, we must not
allow user-space to abuse the parent's ->task_works list.

The callback, replace_session_keyring(), checks PF_EXITING.  I guess this
is not really needed but looks better.

As a side effect, this fixes the (unlikely) race.  The callers of
key_replace_session_keyring() and keyctl_session_to_parent() lack the
necessary barriers, the parent can miss the request.

Now we can remove task_struct->replacement_session_keyring and related
code.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: David Howells <dhowells@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Richard Kuo <rkuo@codeaurora.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Alexander Gordeev <agordeev@redhat.com>
Cc: Chris Zankel <chris@zankel.net>
Cc: David Smith <dsmith@redhat.com>
Cc: "Frank Ch. Eigler" <fche@redhat.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Larry Woodman <lwoodman@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Oleg Nesterov 13 years ago
parent
4d1d61a6b2
commit
413cd3d9ab
4 changed files with 46 additions and 45 deletions
Split View Show Diff Stats
  1. 2 4
      include/linux/key.h
  2. 2 0
      security/keys/internal.h
  3. 35 28
      security/keys/keyctl.c
  4. 7 13
      security/keys/process_keys.c

+ 2 - 4
include/linux/key.h
View File 

@@ -33,6 +33,8 @@ typedef uint32_t key_perm_t;
 
 
 struct key;
 
 
+#define key_replace_session_keyring()	do { } while (0)
 
+
 
 #ifdef CONFIG_KEYS
 
 
 #undef KEY_DEBUGGING
 
@@ -308,9 +310,6 @@ static inline bool key_is_instantiated(const struct key *key)
 
 #ifdef CONFIG_SYSCTL
 
 extern ctl_table key_sysctls[];
 
 #endif
 
-
 
-extern void key_replace_session_keyring(void);
 
-
 
 /*
 
  * the userspace interface
 
  */
 
@@ -334,7 +333,6 @@ extern void key_init(void);
 
 #define key_fsuid_changed(t)		do { } while(0)
 
 #define key_fsgid_changed(t)		do { } while(0)
 
 #define key_init()			do { } while(0)
 
-#define key_replace_session_keyring()	do { } while(0)
 
 
 #endif /* CONFIG_KEYS */
 
 #endif /* __KERNEL__ */

+ 2 - 0
security/keys/internal.h
View File 

@@ -14,6 +14,7 @@
 
 
 #include <linux/sched.h>
 
 #include <linux/key-type.h>
 
+#include <linux/task_work.h>
 
 
 #ifdef __KDEBUG
 
 #define kenter(FMT, ...) \
 
@@ -148,6 +149,7 @@ extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags,
 
 #define KEY_LOOKUP_FOR_UNLINK	0x04
 
 
 extern long join_session_keyring(const char *name);
 
+extern void key_change_session_keyring(struct task_work *twork);
 
 
 extern struct work_struct key_gc_work;
 
 extern unsigned key_gc_delay;

+ 35 - 28
security/keys/keyctl.c
View File 

@@ -1456,47 +1456,55 @@ long keyctl_session_to_parent(void)
 
 {
 
 	struct task_struct *me, *parent;
 
 	const struct cred *mycred, *pcred;
 
-	struct cred *cred, *oldcred;
 
+	struct task_work *newwork, *oldwork;
 
 	key_ref_t keyring_r;
 
+	struct cred *cred;
 
 	int ret;
 
 
 	keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK);
 
 	if (IS_ERR(keyring_r))
 
 		return PTR_ERR(keyring_r);
 
 
+	ret = -ENOMEM;
 
+	newwork = kmalloc(sizeof(struct task_work), GFP_KERNEL);
 
+	if (!newwork)
 
+		goto error_keyring;
 
+
 
 	/* our parent is going to need a new cred struct, a new tgcred struct
 
 	 * and new security data, so we allocate them here to prevent ENOMEM in
 
 	 * our parent */
 
-	ret = -ENOMEM;
 
 	cred = cred_alloc_blank();
 
 	if (!cred)
 
-		goto error_keyring;
 
+		goto error_newwork;
 
 
 	cred->tgcred->session_keyring = key_ref_to_ptr(keyring_r);
 
-	keyring_r = NULL;
 
+	init_task_work(newwork, key_change_session_keyring, cred);
 
 
 	me = current;
 
 	rcu_read_lock();
 
 	write_lock_irq(&tasklist_lock);
 
 
-	parent = me->real_parent;
 
 	ret = -EPERM;
 
+	oldwork = NULL;
 
+	parent = me->real_parent;
 
 
 	/* the parent mustn't be init and mustn't be a kernel thread */
 
 	if (parent->pid <= 1 || !parent->mm)
 
-		goto not_permitted;
 
+		goto unlock;
 
 
 	/* the parent must be single threaded */
 
 	if (!thread_group_empty(parent))
 
-		goto not_permitted;
 
+		goto unlock;
 
 
 	/* the parent and the child must have different session keyrings or
 
 	 * there's no point */
 
 	mycred = current_cred();
 
 	pcred = __task_cred(parent);
 
 	if (mycred == pcred ||
 
-	    mycred->tgcred->session_keyring == pcred->tgcred->session_keyring)
 
-		goto already_same;
 
+	    mycred->tgcred->session_keyring == pcred->tgcred->session_keyring) {
 
+		ret = 0;
 
+		goto unlock;
 
+	}
 
 
 	/* the parent must have the same effective ownership and mustn't be
 
 	 * SUID/SGID */
 
@@ -1506,38 +1514,37 @@ long keyctl_session_to_parent(void)
 
 	    pcred->gid	!= mycred->egid	||
 
 	    pcred->egid	!= mycred->egid	||
 
 	    pcred->sgid	!= mycred->egid)
 
-		goto not_permitted;
 
+		goto unlock;
 
 
 	/* the keyrings must have the same UID */
 
 	if ((pcred->tgcred->session_keyring &&
 
 	     pcred->tgcred->session_keyring->uid != mycred->euid) ||
 
 	    mycred->tgcred->session_keyring->uid != mycred->euid)
 
-		goto not_permitted;
 
+		goto unlock;
 
 
-	/* if there's an already pending keyring replacement, then we replace
 
-	 * that */
 
-	oldcred = parent->replacement_session_keyring;
 
+	/* cancel an already pending keyring replacement */
 
+	oldwork = task_work_cancel(parent, key_change_session_keyring);
 
 
 	/* the replacement session keyring is applied just prior to userspace
 
 	 * restarting */
 
-	parent->replacement_session_keyring = cred;
 
-	cred = NULL;
 
-	set_ti_thread_flag(task_thread_info(parent), TIF_NOTIFY_RESUME);
 
-
 
-	write_unlock_irq(&tasklist_lock);
 
-	rcu_read_unlock();
 
-	if (oldcred)
 
-		put_cred(oldcred);
 
-	return 0;
 
-
 
-already_same:
 
-	ret = 0;
 
-not_permitted:
 
+	ret = task_work_add(parent, newwork, true);
 
+	if (!ret)
 
+		newwork = NULL;
 
+unlock:
 
 	write_unlock_irq(&tasklist_lock);
 
 	rcu_read_unlock();
 
-	put_cred(cred);
 
+	if (oldwork) {
 
+		put_cred(oldwork->data);
 
+		kfree(oldwork);
 
+	}
 
+	if (newwork) {
 
+		put_cred(newwork->data);
 
+		kfree(newwork);
 
+	}
 
 	return ret;
 
 
+error_newwork:
 
+	kfree(newwork);
 
 error_keyring:
 
 	key_ref_put(keyring_r);
 
 	return ret;

+ 7 - 13
security/keys/process_keys.c
View File 

@@ -834,23 +834,17 @@ error:
 
  * Replace a process's session keyring on behalf of one of its children when
 
  * the target  process is about to resume userspace execution.
 
  */
 
-void key_replace_session_keyring(void)
 
+void key_change_session_keyring(struct task_work *twork)
 
 {
 
-	const struct cred *old;
 
-	struct cred *new;
 
-
 
-	if (!current->replacement_session_keyring)
 
-		return;
 
+	const struct cred *old = current_cred();
 
+	struct cred *new = twork->data;
 
 
-	write_lock_irq(&tasklist_lock);
 
-	new = current->replacement_session_keyring;
 
-	current->replacement_session_keyring = NULL;
 
-	write_unlock_irq(&tasklist_lock);
 
-
 
-	if (!new)
 
+	kfree(twork);
 
+	if (unlikely(current->flags & PF_EXITING)) {
 
+		put_cred(new);
 
 		return;
 
+	}
 
 
-	old = current_cred();
 
 	new->  uid	= old->  uid;
 
 	new-> euid	= old-> euid;
 
 	new-> suid	= old-> suid;