Merge branch 'fixes-v4.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull key handling fixes from James Morris:
"This includes a fix for the capabilities code from Colin King, and a
set of further fixes for the keys subsystem. From David:
- Fix a bunch of places where kernel drivers may access revoked
user-type keys and don't do it correctly.
- Fix some ecryptfs bits.
- Fix big_key to require CONFIG_CRYPTO.
- Fix a couple of bugs in the asymmetric key type.
- Fix a race between updating and finding negative keys.
- Prevent add_key() from updating uninstantiated keys.
- Make loading of key flags and expiry time atomic when not holding
locks"
* 'fixes-v4.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
commoncap: move assignment of fs_ns to avoid null pointer dereference
pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.
KEYS: load key flags and expiry time atomically in proc_keys_show()
KEYS: Load key expiry time atomically in keyring_search_iterator()
KEYS: load key flags and expiry time atomically in key_validate()
KEYS: don't let add_key() update an uninstantiated key
KEYS: Fix race between updating and finding a negative key
KEYS: checking the input id parameters before finding asymmetric key
KEYS: Fix the wrong index when checking the existence of second id
security/keys: BIG_KEY requires CONFIG_CRYPTO
ecryptfs: fix dereference of NULL user_key_payload
fscrypt: fix dereference of NULL user_key_payload
lib/digsig: fix dereference of NULL user_key_payload
FS-Cache: fix dereference of NULL user_key_payload
KEYS: encrypted: fix dereference of NULL user_key_payload
This commit is contained in:
Linus Torvalds
commit
03b652e5c0
24 changed files with 170 additions and 81 deletions
|
|
@ -138,6 +138,11 @@ struct key_restriction {
|
|||
struct key_type *keytype;
|
||||
};
|
||||
|
||||
enum key_state {
|
||||
KEY_IS_UNINSTANTIATED,
|
||||
KEY_IS_POSITIVE, /* Positively instantiated */
|
||||
};
|
||||
|
||||
/*****************************************************************************/
|
||||
/*
|
||||
* authentication token / access credential / keyring
|
||||
|
|
@ -169,6 +174,7 @@ struct key {
|
|||
* - may not match RCU dereferenced payload
|
||||
* - payload should contain own length
|
||||
*/
|
||||
short state; /* Key state (+) or rejection error (-) */
|
||||
|
||||
#ifdef KEY_DEBUGGING
|
||||
unsigned magic;
|
||||
|
|
@ -176,18 +182,16 @@ struct key {
|
|||
#endif
|
||||
|
||||
unsigned long flags; /* status flags (change with bitops) */
|
||||
#define KEY_FLAG_INSTANTIATED 0 /* set if key has been instantiated */
|
||||
#define KEY_FLAG_DEAD 1 /* set if key type has been deleted */
|
||||
#define KEY_FLAG_REVOKED 2 /* set if key had been revoked */
|
||||
#define KEY_FLAG_IN_QUOTA 3 /* set if key consumes quota */
|
||||
#define KEY_FLAG_USER_CONSTRUCT 4 /* set if key is being constructed in userspace */
|
||||
#define KEY_FLAG_NEGATIVE 5 /* set if key is negative */
|
||||
#define KEY_FLAG_ROOT_CAN_CLEAR 6 /* set if key can be cleared by root without permission */
|
||||
#define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */
|
||||
#define KEY_FLAG_BUILTIN 8 /* set if key is built in to the kernel */
|
||||
#define KEY_FLAG_ROOT_CAN_INVAL 9 /* set if key can be invalidated by root without permission */
|
||||
#define KEY_FLAG_KEEP 10 /* set if key should not be removed */
|
||||
#define KEY_FLAG_UID_KEYRING 11 /* set if key is a user or user session keyring */
|
||||
#define KEY_FLAG_DEAD 0 /* set if key type has been deleted */
|
||||
#define KEY_FLAG_REVOKED 1 /* set if key had been revoked */
|
||||
#define KEY_FLAG_IN_QUOTA 2 /* set if key consumes quota */
|
||||
#define KEY_FLAG_USER_CONSTRUCT 3 /* set if key is being constructed in userspace */
|
||||
#define KEY_FLAG_ROOT_CAN_CLEAR 4 /* set if key can be cleared by root without permission */
|
||||
#define KEY_FLAG_INVALIDATED 5 /* set if key has been invalidated */
|
||||
#define KEY_FLAG_BUILTIN 6 /* set if key is built in to the kernel */
|
||||
#define KEY_FLAG_ROOT_CAN_INVAL 7 /* set if key can be invalidated by root without permission */
|
||||
#define KEY_FLAG_KEEP 8 /* set if key should not be removed */
|
||||
#define KEY_FLAG_UID_KEYRING 9 /* set if key is a user or user session keyring */
|
||||
|
||||
/* the key type and key description string
|
||||
* - the desc is used to match a key against search criteria
|
||||
|
|
@ -213,7 +217,6 @@ struct key {
|
|||
struct list_head name_link;
|
||||
struct assoc_array keys;
|
||||
};
|
||||
int reject_error;
|
||||
};
|
||||
|
||||
/* This is set on a keyring to restrict the addition of a link to a key
|
||||
|
|
@ -353,17 +356,27 @@ extern void key_set_timeout(struct key *, unsigned);
|
|||
#define KEY_NEED_SETATTR 0x20 /* Require permission to change attributes */
|
||||
#define KEY_NEED_ALL 0x3f /* All the above permissions */
|
||||
|
||||
static inline short key_read_state(const struct key *key)
|
||||
{
|
||||
/* Barrier versus mark_key_instantiated(). */
|
||||
return smp_load_acquire(&key->state);
|
||||
}
|
||||
|
||||
/**
|
||||
* key_is_instantiated - Determine if a key has been positively instantiated
|
||||
* key_is_positive - Determine if a key has been positively instantiated
|
||||
* @key: The key to check.
|
||||
*
|
||||
* Return true if the specified key has been positively instantiated, false
|
||||
* otherwise.
|
||||
*/
|
||||
static inline bool key_is_instantiated(const struct key *key)
|
||||
static inline bool key_is_positive(const struct key *key)
|
||||
{
|
||||
return test_bit(KEY_FLAG_INSTANTIATED, &key->flags) &&
|
||||
!test_bit(KEY_FLAG_NEGATIVE, &key->flags);
|
||||
return key_read_state(key) == KEY_IS_POSITIVE;
|
||||
}
|
||||
|
||||
static inline bool key_is_negative(const struct key *key)
|
||||
{
|
||||
return key_read_state(key) < 0;
|
||||
}
|
||||
|
||||
#define dereference_key_rcu(KEY) \
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue