Merge branch 'keys-devel' of...

#include <linux/export.h>

#include <linux/init.h>

#define GLOBAL(name)	\

	.globl VMLINUX_SYMBOL(name);	\

	VMLINUX_SYMBOL(name):

	__INITRODATA

GLOBAL(system_certificate_list)

	.globl VMLINUX_SYMBOL(system_certificate_list)

VMLINUX_SYMBOL(system_certificate_list):

	.incbin "kernel/x509_certificate_list"

GLOBAL(system_certificate_list_end)

	.globl VMLINUX_SYMBOL(system_certificate_list_end)

VMLINUX_SYMBOL(system_certificate_list_end):

	  removed if they expire (a default timeout is set upon creation).

config BIG_KEYS

	tristate "Large payload keys"

	bool "Large payload keys"

	depends on KEYS

	depends on TMPFS

	help

		 * TODO: Encrypt the stored data with a temporary key.

		 */

		file = shmem_file_setup("", datalen, 0);

		if (IS_ERR(file))

		if (IS_ERR(file)) {

			ret = PTR_ERR(file);

			goto err_quota;

		}

		written = kernel_write(file, prep->data, prep->datalen, 0);

		if (written != datalen) {

	if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {

		/* mark the key as being negatively instantiated */

		atomic_inc(&key->user->nikeys);

		key->type_data.reject_error = -error;

		smp_wmb();

		set_bit(KEY_FLAG_NEGATIVE, &key->flags);

		set_bit(KEY_FLAG_INSTANTIATED, &key->flags);

		key->type_data.reject_error = -error;

		now = current_kernel_time();

		key->expiry = now.tv_sec + timeout;

		key_schedule_gc(key->expiry + key_gc_delay);

	if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) {

		/* we set a different error code if we pass a negative key */

		if (kflags & (1 << KEY_FLAG_NEGATIVE)) {

			smp_rmb();

			ctx->result = ERR_PTR(key->type_data.reject_error);

			kleave(" = %d [neg]", ctx->skipped_ret);

			goto skipped;

	if (index_key->type == &key_type_keyring)

		down_write(&keyring_serialise_link_sem);

	/* check that we aren't going to overrun the user's quota */

	ret = key_payload_reserve(keyring,

				  keyring->datalen + KEYQUOTA_LINK_BYTES);

	if (ret < 0)

		goto error_sem;

	/* Create an edit script that will insert/replace the key in the

	 * keyring tree.

	 */

				  NULL);

	if (IS_ERR(edit)) {

		ret = PTR_ERR(edit);

		goto error_quota;

		goto error_sem;

	}

	/* If we're not replacing a link in-place then we're going to need some

	 * extra quota.

	 */

	if (!edit->dead_leaf) {

		ret = key_payload_reserve(keyring,

					  keyring->datalen + KEYQUOTA_LINK_BYTES);

		if (ret < 0)

			goto error_cancel;

	}

	*_edit = edit;

	kleave(" = 0");

	return 0;

error_quota:

	/* undo the quota changes */

	key_payload_reserve(keyring,

			    keyring->datalen - KEYQUOTA_LINK_BYTES);

error_cancel:

	assoc_array_cancel_edit(edit);

error_sem:

	if (index_key->type == &key_type_keyring)

		up_write(&keyring_serialise_link_sem);

	if (index_key->type == &key_type_keyring)

		up_write(&keyring_serialise_link_sem);

	if (edit) {

	if (edit && !edit->dead_leaf) {

		key_payload_reserve(keyring,

				    keyring->datalen - KEYQUOTA_LINK_BYTES);

		assoc_array_cancel_edit(edit);

		goto error;

	assoc_array_apply_edit(edit);

	key_payload_reserve(keyring, keyring->datalen - KEYQUOTA_LINK_BYTES);

	ret = 0;

error: