Loading include/linux/key.h +13 −0 Original line number Original line Diff line number Diff line Loading @@ -276,6 +276,19 @@ static inline key_serial_t key_serial(struct key *key) return key ? key->serial : 0; return key ? key->serial : 0; } } /** * key_is_instantiated - Determine if a key has been positively instantiated * @key: The key to check. * * Return true if the specified key has been positively instantiated, false * otherwise. */ static inline bool key_is_instantiated(const struct key *key) { return test_bit(KEY_FLAG_INSTANTIATED, &key->flags) && !test_bit(KEY_FLAG_NEGATIVE, &key->flags); } #define rcu_dereference_key(KEY) \ #define rcu_dereference_key(KEY) \ (rcu_dereference_protected((KEY)->payload.rcudata, \ (rcu_dereference_protected((KEY)->payload.rcudata, \ rwsem_is_locked(&((struct key *)(KEY))->sem))) rwsem_is_locked(&((struct key *)(KEY))->sem))) Loading net/dns_resolver/dns_key.c +6 −4 Original line number Original line Diff line number Diff line Loading @@ -212,11 +212,13 @@ static void dns_resolver_describe(const struct key *key, struct seq_file *m) int err = key->type_data.x[0]; int err = key->type_data.x[0]; seq_puts(m, key->description); seq_puts(m, key->description); if (key_is_instantiated(key)) { if (err) if (err) seq_printf(m, ": %d", err); seq_printf(m, ": %d", err); else else seq_printf(m, ": %u", key->datalen); seq_printf(m, ": %u", key->datalen); } } } /* /* * read the DNS data * read the DNS data Loading security/Kconfig +1 −0 Original line number Original line Diff line number Diff line Loading @@ -167,6 +167,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX depends on SECURITY && SECURITY_SELINUX default 32768 if ARM default 65536 default 65536 help help This is the portion of low virtual memory which should be protected This is the portion of low virtual memory which should be protected Loading security/keys/internal.h +3 −1 Original line number Original line Diff line number Diff line Loading @@ -109,11 +109,13 @@ extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, const struct cred *cred, const struct cred *cred, struct key_type *type, struct key_type *type, const void *description, const void *description, key_match_func_t match); key_match_func_t match, bool no_state_check); extern key_ref_t search_my_process_keyrings(struct key_type *type, extern key_ref_t search_my_process_keyrings(struct key_type *type, const void *description, const void *description, key_match_func_t match, key_match_func_t match, bool no_state_check, const struct cred *cred); const struct cred *cred); extern key_ref_t search_process_keyrings(struct key_type *type, extern key_ref_t search_process_keyrings(struct key_type *type, const void *description, const void *description, Loading security/keys/keyctl.c +6 −0 Original line number Original line Diff line number Diff line Loading @@ -206,8 +206,14 @@ SYSCALL_DEFINE4(request_key, const char __user *, _type, goto error5; goto error5; } } /* wait for the key to finish being constructed */ ret = wait_for_key_construction(key, 1); if (ret < 0) goto error6; ret = key->serial; ret = key->serial; error6: key_put(key); key_put(key); error5: error5: key_type_put(ktype); key_type_put(ktype); Loading Loading
include/linux/key.h +13 −0 Original line number Original line Diff line number Diff line Loading @@ -276,6 +276,19 @@ static inline key_serial_t key_serial(struct key *key) return key ? key->serial : 0; return key ? key->serial : 0; } } /** * key_is_instantiated - Determine if a key has been positively instantiated * @key: The key to check. * * Return true if the specified key has been positively instantiated, false * otherwise. */ static inline bool key_is_instantiated(const struct key *key) { return test_bit(KEY_FLAG_INSTANTIATED, &key->flags) && !test_bit(KEY_FLAG_NEGATIVE, &key->flags); } #define rcu_dereference_key(KEY) \ #define rcu_dereference_key(KEY) \ (rcu_dereference_protected((KEY)->payload.rcudata, \ (rcu_dereference_protected((KEY)->payload.rcudata, \ rwsem_is_locked(&((struct key *)(KEY))->sem))) rwsem_is_locked(&((struct key *)(KEY))->sem))) Loading
net/dns_resolver/dns_key.c +6 −4 Original line number Original line Diff line number Diff line Loading @@ -212,11 +212,13 @@ static void dns_resolver_describe(const struct key *key, struct seq_file *m) int err = key->type_data.x[0]; int err = key->type_data.x[0]; seq_puts(m, key->description); seq_puts(m, key->description); if (key_is_instantiated(key)) { if (err) if (err) seq_printf(m, ": %d", err); seq_printf(m, ": %d", err); else else seq_printf(m, ": %u", key->datalen); seq_printf(m, ": %u", key->datalen); } } } /* /* * read the DNS data * read the DNS data Loading
security/Kconfig +1 −0 Original line number Original line Diff line number Diff line Loading @@ -167,6 +167,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX depends on SECURITY && SECURITY_SELINUX default 32768 if ARM default 65536 default 65536 help help This is the portion of low virtual memory which should be protected This is the portion of low virtual memory which should be protected Loading
security/keys/internal.h +3 −1 Original line number Original line Diff line number Diff line Loading @@ -109,11 +109,13 @@ extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, const struct cred *cred, const struct cred *cred, struct key_type *type, struct key_type *type, const void *description, const void *description, key_match_func_t match); key_match_func_t match, bool no_state_check); extern key_ref_t search_my_process_keyrings(struct key_type *type, extern key_ref_t search_my_process_keyrings(struct key_type *type, const void *description, const void *description, key_match_func_t match, key_match_func_t match, bool no_state_check, const struct cred *cred); const struct cred *cred); extern key_ref_t search_process_keyrings(struct key_type *type, extern key_ref_t search_process_keyrings(struct key_type *type, const void *description, const void *description, Loading
security/keys/keyctl.c +6 −0 Original line number Original line Diff line number Diff line Loading @@ -206,8 +206,14 @@ SYSCALL_DEFINE4(request_key, const char __user *, _type, goto error5; goto error5; } } /* wait for the key to finish being constructed */ ret = wait_for_key_construction(key, 1); if (ret < 0) goto error6; ret = key->serial; ret = key->serial; error6: key_put(key); key_put(key); error5: error5: key_type_put(ktype); key_type_put(ktype); Loading
