Register process keyrings task watcher
Make the keyring code use a task watcher to initialize and free per-task data. NOTE: We can't make copy_thread_group_keys() in copy_signal() a task watcher because it needs the task's signal field (struct signal_struct). Signed-off-by: Matt Helsley <[EMAIL PROTECTED]> Cc: David Howells <[EMAIL PROTECTED]> --- include/linux/key.h |8 kernel/exit.c|2 -- kernel/fork.c|6 +- kernel/sys.c |8 security/keys/process_keys.c | 21 ++--- 5 files changed, 15 insertions(+), 30 deletions(-) Index: linux-2.6.19/include/linux/key.h === --- linux-2.6.19.orig/include/linux/key.h +++ linux-2.6.19/include/linux/key.h @@ -335,18 +335,14 @@ extern void keyring_replace_payload(stru */ extern struct key root_user_keyring, root_session_keyring; extern int alloc_uid_keyring(struct user_struct *user, struct task_struct *ctx); extern void switch_uid_keyring(struct user_struct *new_user); -extern int copy_keys(unsigned long clone_flags, struct task_struct *tsk); extern int copy_thread_group_keys(struct task_struct *tsk); -extern void exit_keys(struct task_struct *tsk); extern void exit_thread_group_keys(struct signal_struct *tg); extern int suid_keys(struct task_struct *tsk); extern int exec_keys(struct task_struct *tsk); -extern void key_fsuid_changed(struct task_struct *tsk); -extern void key_fsgid_changed(struct task_struct *tsk); extern void key_init(void); #define __install_session_keyring(tsk, keyring)\ ({ \ struct key *old_session = tsk->signal->session_keyring; \ @@ -365,18 +361,14 @@ extern void key_init(void); #define key_ref_to_ptr(k) ({ NULL; }) #define is_key_possessed(k)0 #define alloc_uid_keyring(u,c) 0 #define switch_uid_keyring(u) do { } while(0) #define __install_session_keyring(t, k)({ NULL; }) -#define copy_keys(f,t) 0 #define copy_thread_group_keys(t) 0 -#define exit_keys(t) do { } while(0) #define exit_thread_group_keys(tg) do { } while(0) #define suid_keys(t) do { } while(0) #define exec_keys(t) do { } while(0) -#define key_fsuid_changed(t) do { } while(0) -#define key_fsgid_changed(t) do { } while(0) #define key_init() do { } while(0) /* Initial keyrings */ extern struct key root_user_keyring; extern struct key root_session_keyring; Index: linux-2.6.19/kernel/fork.c === --- linux-2.6.19.orig/kernel/fork.c +++ linux-2.6.19/kernel/fork.c @@ -1077,14 +1077,12 @@ static struct task_struct *copy_process( goto bad_fork_cleanup_fs; if ((retval = copy_signal(clone_flags, p))) goto bad_fork_cleanup_sighand; if ((retval = copy_mm(clone_flags, p))) goto bad_fork_cleanup_signal; - if ((retval = copy_keys(clone_flags, p))) - goto bad_fork_cleanup_mm; if ((retval = copy_namespaces(clone_flags, p))) - goto bad_fork_cleanup_keys; + goto bad_fork_cleanup_mm; retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs); if (retval) goto bad_fork_cleanup_namespaces; p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL; @@ -1226,12 +1224,10 @@ static struct task_struct *copy_process( proc_fork_connector(p); return p; bad_fork_cleanup_namespaces: exit_task_namespaces(p); -bad_fork_cleanup_keys: - exit_keys(p); bad_fork_cleanup_mm: if (p->mm) mmput(p->mm); bad_fork_cleanup_signal: cleanup_signal(p); Index: linux-2.6.19/security/keys/process_keys.c === --- linux-2.6.19.orig/security/keys/process_keys.c +++ linux-2.6.19/security/keys/process_keys.c @@ -15,10 +15,11 @@ #include #include #include #include #include +#include #include #include "internal.h" /* session keyring create vs join semaphore */ static DEFINE_MUTEX(key_session_mutex); @@ -276,11 +277,12 @@ int copy_thread_group_keys(struct task_s /*/ /* * copy the keys for fork */ -int copy_keys(unsigned long clone_flags, struct task_struct *tsk) +static int __task_init copy_keys(unsigned long clone_flags, +struct task_struct *tsk) { key_check(tsk->thread_keyring); key_check(tsk->request_key_auth); /* no thread keyring yet */ @@ -290,10 +292,11 @@ int copy_keys(unsigned long clone_flags, key_get(tsk->request_key_auth); return 0;
Register process keyrings task watcher
Make the keyring code use a task watcher to initialize and free per-task data. NOTE: We can't make copy_thread_group_keys() in copy_signal() a task watcher because it needs the task's signal field (struct signal_struct). Signed-off-by: Matt Helsley [EMAIL PROTECTED] Cc: David Howells [EMAIL PROTECTED] --- include/linux/key.h |8 kernel/exit.c|2 -- kernel/fork.c|6 +- kernel/sys.c |8 security/keys/process_keys.c | 21 ++--- 5 files changed, 15 insertions(+), 30 deletions(-) Index: linux-2.6.19/include/linux/key.h === --- linux-2.6.19.orig/include/linux/key.h +++ linux-2.6.19/include/linux/key.h @@ -335,18 +335,14 @@ extern void keyring_replace_payload(stru */ extern struct key root_user_keyring, root_session_keyring; extern int alloc_uid_keyring(struct user_struct *user, struct task_struct *ctx); extern void switch_uid_keyring(struct user_struct *new_user); -extern int copy_keys(unsigned long clone_flags, struct task_struct *tsk); extern int copy_thread_group_keys(struct task_struct *tsk); -extern void exit_keys(struct task_struct *tsk); extern void exit_thread_group_keys(struct signal_struct *tg); extern int suid_keys(struct task_struct *tsk); extern int exec_keys(struct task_struct *tsk); -extern void key_fsuid_changed(struct task_struct *tsk); -extern void key_fsgid_changed(struct task_struct *tsk); extern void key_init(void); #define __install_session_keyring(tsk, keyring)\ ({ \ struct key *old_session = tsk-signal-session_keyring; \ @@ -365,18 +361,14 @@ extern void key_init(void); #define key_ref_to_ptr(k) ({ NULL; }) #define is_key_possessed(k)0 #define alloc_uid_keyring(u,c) 0 #define switch_uid_keyring(u) do { } while(0) #define __install_session_keyring(t, k)({ NULL; }) -#define copy_keys(f,t) 0 #define copy_thread_group_keys(t) 0 -#define exit_keys(t) do { } while(0) #define exit_thread_group_keys(tg) do { } while(0) #define suid_keys(t) do { } while(0) #define exec_keys(t) do { } while(0) -#define key_fsuid_changed(t) do { } while(0) -#define key_fsgid_changed(t) do { } while(0) #define key_init() do { } while(0) /* Initial keyrings */ extern struct key root_user_keyring; extern struct key root_session_keyring; Index: linux-2.6.19/kernel/fork.c === --- linux-2.6.19.orig/kernel/fork.c +++ linux-2.6.19/kernel/fork.c @@ -1077,14 +1077,12 @@ static struct task_struct *copy_process( goto bad_fork_cleanup_fs; if ((retval = copy_signal(clone_flags, p))) goto bad_fork_cleanup_sighand; if ((retval = copy_mm(clone_flags, p))) goto bad_fork_cleanup_signal; - if ((retval = copy_keys(clone_flags, p))) - goto bad_fork_cleanup_mm; if ((retval = copy_namespaces(clone_flags, p))) - goto bad_fork_cleanup_keys; + goto bad_fork_cleanup_mm; retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs); if (retval) goto bad_fork_cleanup_namespaces; p-set_child_tid = (clone_flags CLONE_CHILD_SETTID) ? child_tidptr : NULL; @@ -1226,12 +1224,10 @@ static struct task_struct *copy_process( proc_fork_connector(p); return p; bad_fork_cleanup_namespaces: exit_task_namespaces(p); -bad_fork_cleanup_keys: - exit_keys(p); bad_fork_cleanup_mm: if (p-mm) mmput(p-mm); bad_fork_cleanup_signal: cleanup_signal(p); Index: linux-2.6.19/security/keys/process_keys.c === --- linux-2.6.19.orig/security/keys/process_keys.c +++ linux-2.6.19/security/keys/process_keys.c @@ -15,10 +15,11 @@ #include linux/slab.h #include linux/keyctl.h #include linux/fs.h #include linux/err.h #include linux/mutex.h +#include linux/init.h #include asm/uaccess.h #include internal.h /* session keyring create vs join semaphore */ static DEFINE_MUTEX(key_session_mutex); @@ -276,11 +277,12 @@ int copy_thread_group_keys(struct task_s /*/ /* * copy the keys for fork */ -int copy_keys(unsigned long clone_flags, struct task_struct *tsk) +static int __task_init copy_keys(unsigned long clone_flags, +struct task_struct *tsk) { key_check(tsk-thread_keyring); key_check(tsk-request_key_auth); /* no thread keyring yet */ @@ -290,10 +292,11 @@ int copy_keys(unsigned long