cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

process_keys.c (24233B)


      1// SPDX-License-Identifier: GPL-2.0-or-later
      2/* Manage a process's keyrings
      3 *
      4 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
      5 * Written by David Howells (dhowells@redhat.com)
      6 */
      7
      8#include <linux/init.h>
      9#include <linux/sched.h>
     10#include <linux/sched/user.h>
     11#include <linux/keyctl.h>
     12#include <linux/fs.h>
     13#include <linux/err.h>
     14#include <linux/mutex.h>
     15#include <linux/security.h>
     16#include <linux/user_namespace.h>
     17#include <linux/uaccess.h>
     18#include <linux/init_task.h>
     19#include <keys/request_key_auth-type.h>
     20#include "internal.h"
     21
     22/* Session keyring create vs join semaphore */
     23static DEFINE_MUTEX(key_session_mutex);
     24
     25/* The root user's tracking struct */
     26struct key_user root_key_user = {
     27	.usage		= REFCOUNT_INIT(3),
     28	.cons_lock	= __MUTEX_INITIALIZER(root_key_user.cons_lock),
     29	.lock		= __SPIN_LOCK_UNLOCKED(root_key_user.lock),
     30	.nkeys		= ATOMIC_INIT(2),
     31	.nikeys		= ATOMIC_INIT(2),
     32	.uid		= GLOBAL_ROOT_UID,
     33};
     34
     35/*
     36 * Get or create a user register keyring.
     37 */
     38static struct key *get_user_register(struct user_namespace *user_ns)
     39{
     40	struct key *reg_keyring = READ_ONCE(user_ns->user_keyring_register);
     41
     42	if (reg_keyring)
     43		return reg_keyring;
     44
     45	down_write(&user_ns->keyring_sem);
     46
     47	/* Make sure there's a register keyring.  It gets owned by the
     48	 * user_namespace's owner.
     49	 */
     50	reg_keyring = user_ns->user_keyring_register;
     51	if (!reg_keyring) {
     52		reg_keyring = keyring_alloc(".user_reg",
     53					    user_ns->owner, INVALID_GID,
     54					    &init_cred,
     55					    KEY_POS_WRITE | KEY_POS_SEARCH |
     56					    KEY_USR_VIEW | KEY_USR_READ,
     57					    0,
     58					    NULL, NULL);
     59		if (!IS_ERR(reg_keyring))
     60			smp_store_release(&user_ns->user_keyring_register,
     61					  reg_keyring);
     62	}
     63
     64	up_write(&user_ns->keyring_sem);
     65
     66	/* We don't return a ref since the keyring is pinned by the user_ns */
     67	return reg_keyring;
     68}
     69
     70/*
     71 * Look up the user and user session keyrings for the current process's UID,
     72 * creating them if they don't exist.
     73 */
     74int look_up_user_keyrings(struct key **_user_keyring,
     75			  struct key **_user_session_keyring)
     76{
     77	const struct cred *cred = current_cred();
     78	struct user_namespace *user_ns = current_user_ns();
     79	struct key *reg_keyring, *uid_keyring, *session_keyring;
     80	key_perm_t user_keyring_perm;
     81	key_ref_t uid_keyring_r, session_keyring_r;
     82	uid_t uid = from_kuid(user_ns, cred->user->uid);
     83	char buf[20];
     84	int ret;
     85
     86	user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
     87
     88	kenter("%u", uid);
     89
     90	reg_keyring = get_user_register(user_ns);
     91	if (IS_ERR(reg_keyring))
     92		return PTR_ERR(reg_keyring);
     93
     94	down_write(&user_ns->keyring_sem);
     95	ret = 0;
     96
     97	/* Get the user keyring.  Note that there may be one in existence
     98	 * already as it may have been pinned by a session, but the user_struct
     99	 * pointing to it may have been destroyed by setuid.
    100	 */
    101	snprintf(buf, sizeof(buf), "_uid.%u", uid);
    102	uid_keyring_r = keyring_search(make_key_ref(reg_keyring, true),
    103				       &key_type_keyring, buf, false);
    104	kdebug("_uid %p", uid_keyring_r);
    105	if (uid_keyring_r == ERR_PTR(-EAGAIN)) {
    106		uid_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID,
    107					    cred, user_keyring_perm,
    108					    KEY_ALLOC_UID_KEYRING |
    109					    KEY_ALLOC_IN_QUOTA,
    110					    NULL, reg_keyring);
    111		if (IS_ERR(uid_keyring)) {
    112			ret = PTR_ERR(uid_keyring);
    113			goto error;
    114		}
    115	} else if (IS_ERR(uid_keyring_r)) {
    116		ret = PTR_ERR(uid_keyring_r);
    117		goto error;
    118	} else {
    119		uid_keyring = key_ref_to_ptr(uid_keyring_r);
    120	}
    121
    122	/* Get a default session keyring (which might also exist already) */
    123	snprintf(buf, sizeof(buf), "_uid_ses.%u", uid);
    124	session_keyring_r = keyring_search(make_key_ref(reg_keyring, true),
    125					   &key_type_keyring, buf, false);
    126	kdebug("_uid_ses %p", session_keyring_r);
    127	if (session_keyring_r == ERR_PTR(-EAGAIN)) {
    128		session_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID,
    129						cred, user_keyring_perm,
    130						KEY_ALLOC_UID_KEYRING |
    131						KEY_ALLOC_IN_QUOTA,
    132						NULL, NULL);
    133		if (IS_ERR(session_keyring)) {
    134			ret = PTR_ERR(session_keyring);
    135			goto error_release;
    136		}
    137
    138		/* We install a link from the user session keyring to
    139		 * the user keyring.
    140		 */
    141		ret = key_link(session_keyring, uid_keyring);
    142		if (ret < 0)
    143			goto error_release_session;
    144
    145		/* And only then link the user-session keyring to the
    146		 * register.
    147		 */
    148		ret = key_link(reg_keyring, session_keyring);
    149		if (ret < 0)
    150			goto error_release_session;
    151	} else if (IS_ERR(session_keyring_r)) {
    152		ret = PTR_ERR(session_keyring_r);
    153		goto error_release;
    154	} else {
    155		session_keyring = key_ref_to_ptr(session_keyring_r);
    156	}
    157
    158	up_write(&user_ns->keyring_sem);
    159
    160	if (_user_session_keyring)
    161		*_user_session_keyring = session_keyring;
    162	else
    163		key_put(session_keyring);
    164	if (_user_keyring)
    165		*_user_keyring = uid_keyring;
    166	else
    167		key_put(uid_keyring);
    168	kleave(" = 0");
    169	return 0;
    170
    171error_release_session:
    172	key_put(session_keyring);
    173error_release:
    174	key_put(uid_keyring);
    175error:
    176	up_write(&user_ns->keyring_sem);
    177	kleave(" = %d", ret);
    178	return ret;
    179}
    180
    181/*
    182 * Get the user session keyring if it exists, but don't create it if it
    183 * doesn't.
    184 */
    185struct key *get_user_session_keyring_rcu(const struct cred *cred)
    186{
    187	struct key *reg_keyring = READ_ONCE(cred->user_ns->user_keyring_register);
    188	key_ref_t session_keyring_r;
    189	char buf[20];
    190
    191	struct keyring_search_context ctx = {
    192		.index_key.type		= &key_type_keyring,
    193		.index_key.description	= buf,
    194		.cred			= cred,
    195		.match_data.cmp		= key_default_cmp,
    196		.match_data.raw_data	= buf,
    197		.match_data.lookup_type	= KEYRING_SEARCH_LOOKUP_DIRECT,
    198		.flags			= KEYRING_SEARCH_DO_STATE_CHECK,
    199	};
    200
    201	if (!reg_keyring)
    202		return NULL;
    203
    204	ctx.index_key.desc_len = snprintf(buf, sizeof(buf), "_uid_ses.%u",
    205					  from_kuid(cred->user_ns,
    206						    cred->user->uid));
    207
    208	session_keyring_r = keyring_search_rcu(make_key_ref(reg_keyring, true),
    209					       &ctx);
    210	if (IS_ERR(session_keyring_r))
    211		return NULL;
    212	return key_ref_to_ptr(session_keyring_r);
    213}
    214
    215/*
    216 * Install a thread keyring to the given credentials struct if it didn't have
    217 * one already.  This is allowed to overrun the quota.
    218 *
    219 * Return: 0 if a thread keyring is now present; -errno on failure.
    220 */
    221int install_thread_keyring_to_cred(struct cred *new)
    222{
    223	struct key *keyring;
    224
    225	if (new->thread_keyring)
    226		return 0;
    227
    228	keyring = keyring_alloc("_tid", new->uid, new->gid, new,
    229				KEY_POS_ALL | KEY_USR_VIEW,
    230				KEY_ALLOC_QUOTA_OVERRUN,
    231				NULL, NULL);
    232	if (IS_ERR(keyring))
    233		return PTR_ERR(keyring);
    234
    235	new->thread_keyring = keyring;
    236	return 0;
    237}
    238
    239/*
    240 * Install a thread keyring to the current task if it didn't have one already.
    241 *
    242 * Return: 0 if a thread keyring is now present; -errno on failure.
    243 */
    244static int install_thread_keyring(void)
    245{
    246	struct cred *new;
    247	int ret;
    248
    249	new = prepare_creds();
    250	if (!new)
    251		return -ENOMEM;
    252
    253	ret = install_thread_keyring_to_cred(new);
    254	if (ret < 0) {
    255		abort_creds(new);
    256		return ret;
    257	}
    258
    259	return commit_creds(new);
    260}
    261
    262/*
    263 * Install a process keyring to the given credentials struct if it didn't have
    264 * one already.  This is allowed to overrun the quota.
    265 *
    266 * Return: 0 if a process keyring is now present; -errno on failure.
    267 */
    268int install_process_keyring_to_cred(struct cred *new)
    269{
    270	struct key *keyring;
    271
    272	if (new->process_keyring)
    273		return 0;
    274
    275	keyring = keyring_alloc("_pid", new->uid, new->gid, new,
    276				KEY_POS_ALL | KEY_USR_VIEW,
    277				KEY_ALLOC_QUOTA_OVERRUN,
    278				NULL, NULL);
    279	if (IS_ERR(keyring))
    280		return PTR_ERR(keyring);
    281
    282	new->process_keyring = keyring;
    283	return 0;
    284}
    285
    286/*
    287 * Install a process keyring to the current task if it didn't have one already.
    288 *
    289 * Return: 0 if a process keyring is now present; -errno on failure.
    290 */
    291static int install_process_keyring(void)
    292{
    293	struct cred *new;
    294	int ret;
    295
    296	new = prepare_creds();
    297	if (!new)
    298		return -ENOMEM;
    299
    300	ret = install_process_keyring_to_cred(new);
    301	if (ret < 0) {
    302		abort_creds(new);
    303		return ret;
    304	}
    305
    306	return commit_creds(new);
    307}
    308
    309/*
    310 * Install the given keyring as the session keyring of the given credentials
    311 * struct, replacing the existing one if any.  If the given keyring is NULL,
    312 * then install a new anonymous session keyring.
    313 * @cred can not be in use by any task yet.
    314 *
    315 * Return: 0 on success; -errno on failure.
    316 */
    317int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
    318{
    319	unsigned long flags;
    320	struct key *old;
    321
    322	might_sleep();
    323
    324	/* create an empty session keyring */
    325	if (!keyring) {
    326		flags = KEY_ALLOC_QUOTA_OVERRUN;
    327		if (cred->session_keyring)
    328			flags = KEY_ALLOC_IN_QUOTA;
    329
    330		keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
    331					KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
    332					flags, NULL, NULL);
    333		if (IS_ERR(keyring))
    334			return PTR_ERR(keyring);
    335	} else {
    336		__key_get(keyring);
    337	}
    338
    339	/* install the keyring */
    340	old = cred->session_keyring;
    341	cred->session_keyring = keyring;
    342
    343	if (old)
    344		key_put(old);
    345
    346	return 0;
    347}
    348
    349/*
    350 * Install the given keyring as the session keyring of the current task,
    351 * replacing the existing one if any.  If the given keyring is NULL, then
    352 * install a new anonymous session keyring.
    353 *
    354 * Return: 0 on success; -errno on failure.
    355 */
    356static int install_session_keyring(struct key *keyring)
    357{
    358	struct cred *new;
    359	int ret;
    360
    361	new = prepare_creds();
    362	if (!new)
    363		return -ENOMEM;
    364
    365	ret = install_session_keyring_to_cred(new, keyring);
    366	if (ret < 0) {
    367		abort_creds(new);
    368		return ret;
    369	}
    370
    371	return commit_creds(new);
    372}
    373
    374/*
    375 * Handle the fsuid changing.
    376 */
    377void key_fsuid_changed(struct cred *new_cred)
    378{
    379	/* update the ownership of the thread keyring */
    380	if (new_cred->thread_keyring) {
    381		down_write(&new_cred->thread_keyring->sem);
    382		new_cred->thread_keyring->uid = new_cred->fsuid;
    383		up_write(&new_cred->thread_keyring->sem);
    384	}
    385}
    386
    387/*
    388 * Handle the fsgid changing.
    389 */
    390void key_fsgid_changed(struct cred *new_cred)
    391{
    392	/* update the ownership of the thread keyring */
    393	if (new_cred->thread_keyring) {
    394		down_write(&new_cred->thread_keyring->sem);
    395		new_cred->thread_keyring->gid = new_cred->fsgid;
    396		up_write(&new_cred->thread_keyring->sem);
    397	}
    398}
    399
    400/*
    401 * Search the process keyrings attached to the supplied cred for the first
    402 * matching key under RCU conditions (the caller must be holding the RCU read
    403 * lock).
    404 *
    405 * The search criteria are the type and the match function.  The description is
    406 * given to the match function as a parameter, but doesn't otherwise influence
    407 * the search.  Typically the match function will compare the description
    408 * parameter to the key's description.
    409 *
    410 * This can only search keyrings that grant Search permission to the supplied
    411 * credentials.  Keyrings linked to searched keyrings will also be searched if
    412 * they grant Search permission too.  Keys can only be found if they grant
    413 * Search permission to the credentials.
    414 *
    415 * Returns a pointer to the key with the key usage count incremented if
    416 * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
    417 * matched negative keys.
    418 *
    419 * In the case of a successful return, the possession attribute is set on the
    420 * returned key reference.
    421 */
    422key_ref_t search_cred_keyrings_rcu(struct keyring_search_context *ctx)
    423{
    424	struct key *user_session;
    425	key_ref_t key_ref, ret, err;
    426	const struct cred *cred = ctx->cred;
    427
    428	/* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
    429	 * searchable, but we failed to find a key or we found a negative key;
    430	 * otherwise we want to return a sample error (probably -EACCES) if
    431	 * none of the keyrings were searchable
    432	 *
    433	 * in terms of priority: success > -ENOKEY > -EAGAIN > other error
    434	 */
    435	key_ref = NULL;
    436	ret = NULL;
    437	err = ERR_PTR(-EAGAIN);
    438
    439	/* search the thread keyring first */
    440	if (cred->thread_keyring) {
    441		key_ref = keyring_search_rcu(
    442			make_key_ref(cred->thread_keyring, 1), ctx);
    443		if (!IS_ERR(key_ref))
    444			goto found;
    445
    446		switch (PTR_ERR(key_ref)) {
    447		case -EAGAIN: /* no key */
    448		case -ENOKEY: /* negative key */
    449			ret = key_ref;
    450			break;
    451		default:
    452			err = key_ref;
    453			break;
    454		}
    455	}
    456
    457	/* search the process keyring second */
    458	if (cred->process_keyring) {
    459		key_ref = keyring_search_rcu(
    460			make_key_ref(cred->process_keyring, 1), ctx);
    461		if (!IS_ERR(key_ref))
    462			goto found;
    463
    464		switch (PTR_ERR(key_ref)) {
    465		case -EAGAIN: /* no key */
    466			if (ret)
    467				break;
    468			fallthrough;
    469		case -ENOKEY: /* negative key */
    470			ret = key_ref;
    471			break;
    472		default:
    473			err = key_ref;
    474			break;
    475		}
    476	}
    477
    478	/* search the session keyring */
    479	if (cred->session_keyring) {
    480		key_ref = keyring_search_rcu(
    481			make_key_ref(cred->session_keyring, 1), ctx);
    482
    483		if (!IS_ERR(key_ref))
    484			goto found;
    485
    486		switch (PTR_ERR(key_ref)) {
    487		case -EAGAIN: /* no key */
    488			if (ret)
    489				break;
    490			fallthrough;
    491		case -ENOKEY: /* negative key */
    492			ret = key_ref;
    493			break;
    494		default:
    495			err = key_ref;
    496			break;
    497		}
    498	}
    499	/* or search the user-session keyring */
    500	else if ((user_session = get_user_session_keyring_rcu(cred))) {
    501		key_ref = keyring_search_rcu(make_key_ref(user_session, 1),
    502					     ctx);
    503		key_put(user_session);
    504
    505		if (!IS_ERR(key_ref))
    506			goto found;
    507
    508		switch (PTR_ERR(key_ref)) {
    509		case -EAGAIN: /* no key */
    510			if (ret)
    511				break;
    512			fallthrough;
    513		case -ENOKEY: /* negative key */
    514			ret = key_ref;
    515			break;
    516		default:
    517			err = key_ref;
    518			break;
    519		}
    520	}
    521
    522	/* no key - decide on the error we're going to go for */
    523	key_ref = ret ? ret : err;
    524
    525found:
    526	return key_ref;
    527}
    528
    529/*
    530 * Search the process keyrings attached to the supplied cred for the first
    531 * matching key in the manner of search_my_process_keyrings(), but also search
    532 * the keys attached to the assumed authorisation key using its credentials if
    533 * one is available.
    534 *
    535 * The caller must be holding the RCU read lock.
    536 *
    537 * Return same as search_cred_keyrings_rcu().
    538 */
    539key_ref_t search_process_keyrings_rcu(struct keyring_search_context *ctx)
    540{
    541	struct request_key_auth *rka;
    542	key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
    543
    544	key_ref = search_cred_keyrings_rcu(ctx);
    545	if (!IS_ERR(key_ref))
    546		goto found;
    547	err = key_ref;
    548
    549	/* if this process has an instantiation authorisation key, then we also
    550	 * search the keyrings of the process mentioned there
    551	 * - we don't permit access to request_key auth keys via this method
    552	 */
    553	if (ctx->cred->request_key_auth &&
    554	    ctx->cred == current_cred() &&
    555	    ctx->index_key.type != &key_type_request_key_auth
    556	    ) {
    557		const struct cred *cred = ctx->cred;
    558
    559		if (key_validate(cred->request_key_auth) == 0) {
    560			rka = ctx->cred->request_key_auth->payload.data[0];
    561
    562			//// was search_process_keyrings() [ie. recursive]
    563			ctx->cred = rka->cred;
    564			key_ref = search_cred_keyrings_rcu(ctx);
    565			ctx->cred = cred;
    566
    567			if (!IS_ERR(key_ref))
    568				goto found;
    569			ret = key_ref;
    570		}
    571	}
    572
    573	/* no key - decide on the error we're going to go for */
    574	if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
    575		key_ref = ERR_PTR(-ENOKEY);
    576	else if (err == ERR_PTR(-EACCES))
    577		key_ref = ret;
    578	else
    579		key_ref = err;
    580
    581found:
    582	return key_ref;
    583}
    584/*
    585 * See if the key we're looking at is the target key.
    586 */
    587bool lookup_user_key_possessed(const struct key *key,
    588			       const struct key_match_data *match_data)
    589{
    590	return key == match_data->raw_data;
    591}
    592
    593/*
    594 * Look up a key ID given us by userspace with a given permissions mask to get
    595 * the key it refers to.
    596 *
    597 * Flags can be passed to request that special keyrings be created if referred
    598 * to directly, to permit partially constructed keys to be found and to skip
    599 * validity and permission checks on the found key.
    600 *
    601 * Returns a pointer to the key with an incremented usage count if successful;
    602 * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
    603 * to a key or the best found key was a negative key; -EKEYREVOKED or
    604 * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
    605 * found key doesn't grant the requested permit or the LSM denied access to it;
    606 * or -ENOMEM if a special keyring couldn't be created.
    607 *
    608 * In the case of a successful return, the possession attribute is set on the
    609 * returned key reference.
    610 */
    611key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
    612			  enum key_need_perm need_perm)
    613{
    614	struct keyring_search_context ctx = {
    615		.match_data.cmp		= lookup_user_key_possessed,
    616		.match_data.lookup_type	= KEYRING_SEARCH_LOOKUP_DIRECT,
    617		.flags			= (KEYRING_SEARCH_NO_STATE_CHECK |
    618					   KEYRING_SEARCH_RECURSE),
    619	};
    620	struct request_key_auth *rka;
    621	struct key *key, *user_session;
    622	key_ref_t key_ref, skey_ref;
    623	int ret;
    624
    625try_again:
    626	ctx.cred = get_current_cred();
    627	key_ref = ERR_PTR(-ENOKEY);
    628
    629	switch (id) {
    630	case KEY_SPEC_THREAD_KEYRING:
    631		if (!ctx.cred->thread_keyring) {
    632			if (!(lflags & KEY_LOOKUP_CREATE))
    633				goto error;
    634
    635			ret = install_thread_keyring();
    636			if (ret < 0) {
    637				key_ref = ERR_PTR(ret);
    638				goto error;
    639			}
    640			goto reget_creds;
    641		}
    642
    643		key = ctx.cred->thread_keyring;
    644		__key_get(key);
    645		key_ref = make_key_ref(key, 1);
    646		break;
    647
    648	case KEY_SPEC_PROCESS_KEYRING:
    649		if (!ctx.cred->process_keyring) {
    650			if (!(lflags & KEY_LOOKUP_CREATE))
    651				goto error;
    652
    653			ret = install_process_keyring();
    654			if (ret < 0) {
    655				key_ref = ERR_PTR(ret);
    656				goto error;
    657			}
    658			goto reget_creds;
    659		}
    660
    661		key = ctx.cred->process_keyring;
    662		__key_get(key);
    663		key_ref = make_key_ref(key, 1);
    664		break;
    665
    666	case KEY_SPEC_SESSION_KEYRING:
    667		if (!ctx.cred->session_keyring) {
    668			/* always install a session keyring upon access if one
    669			 * doesn't exist yet */
    670			ret = look_up_user_keyrings(NULL, &user_session);
    671			if (ret < 0)
    672				goto error;
    673			if (lflags & KEY_LOOKUP_CREATE)
    674				ret = join_session_keyring(NULL);
    675			else
    676				ret = install_session_keyring(user_session);
    677
    678			key_put(user_session);
    679			if (ret < 0)
    680				goto error;
    681			goto reget_creds;
    682		} else if (test_bit(KEY_FLAG_UID_KEYRING,
    683				    &ctx.cred->session_keyring->flags) &&
    684			   lflags & KEY_LOOKUP_CREATE) {
    685			ret = join_session_keyring(NULL);
    686			if (ret < 0)
    687				goto error;
    688			goto reget_creds;
    689		}
    690
    691		key = ctx.cred->session_keyring;
    692		__key_get(key);
    693		key_ref = make_key_ref(key, 1);
    694		break;
    695
    696	case KEY_SPEC_USER_KEYRING:
    697		ret = look_up_user_keyrings(&key, NULL);
    698		if (ret < 0)
    699			goto error;
    700		key_ref = make_key_ref(key, 1);
    701		break;
    702
    703	case KEY_SPEC_USER_SESSION_KEYRING:
    704		ret = look_up_user_keyrings(NULL, &key);
    705		if (ret < 0)
    706			goto error;
    707		key_ref = make_key_ref(key, 1);
    708		break;
    709
    710	case KEY_SPEC_GROUP_KEYRING:
    711		/* group keyrings are not yet supported */
    712		key_ref = ERR_PTR(-EINVAL);
    713		goto error;
    714
    715	case KEY_SPEC_REQKEY_AUTH_KEY:
    716		key = ctx.cred->request_key_auth;
    717		if (!key)
    718			goto error;
    719
    720		__key_get(key);
    721		key_ref = make_key_ref(key, 1);
    722		break;
    723
    724	case KEY_SPEC_REQUESTOR_KEYRING:
    725		if (!ctx.cred->request_key_auth)
    726			goto error;
    727
    728		down_read(&ctx.cred->request_key_auth->sem);
    729		if (test_bit(KEY_FLAG_REVOKED,
    730			     &ctx.cred->request_key_auth->flags)) {
    731			key_ref = ERR_PTR(-EKEYREVOKED);
    732			key = NULL;
    733		} else {
    734			rka = ctx.cred->request_key_auth->payload.data[0];
    735			key = rka->dest_keyring;
    736			__key_get(key);
    737		}
    738		up_read(&ctx.cred->request_key_auth->sem);
    739		if (!key)
    740			goto error;
    741		key_ref = make_key_ref(key, 1);
    742		break;
    743
    744	default:
    745		key_ref = ERR_PTR(-EINVAL);
    746		if (id < 1)
    747			goto error;
    748
    749		key = key_lookup(id);
    750		if (IS_ERR(key)) {
    751			key_ref = ERR_CAST(key);
    752			goto error;
    753		}
    754
    755		key_ref = make_key_ref(key, 0);
    756
    757		/* check to see if we possess the key */
    758		ctx.index_key			= key->index_key;
    759		ctx.match_data.raw_data		= key;
    760		kdebug("check possessed");
    761		rcu_read_lock();
    762		skey_ref = search_process_keyrings_rcu(&ctx);
    763		rcu_read_unlock();
    764		kdebug("possessed=%p", skey_ref);
    765
    766		if (!IS_ERR(skey_ref)) {
    767			key_put(key);
    768			key_ref = skey_ref;
    769		}
    770
    771		break;
    772	}
    773
    774	/* unlink does not use the nominated key in any way, so can skip all
    775	 * the permission checks as it is only concerned with the keyring */
    776	if (need_perm != KEY_NEED_UNLINK) {
    777		if (!(lflags & KEY_LOOKUP_PARTIAL)) {
    778			ret = wait_for_key_construction(key, true);
    779			switch (ret) {
    780			case -ERESTARTSYS:
    781				goto invalid_key;
    782			default:
    783				if (need_perm != KEY_AUTHTOKEN_OVERRIDE &&
    784				    need_perm != KEY_DEFER_PERM_CHECK)
    785					goto invalid_key;
    786				break;
    787			case 0:
    788				break;
    789			}
    790		} else if (need_perm != KEY_DEFER_PERM_CHECK) {
    791			ret = key_validate(key);
    792			if (ret < 0)
    793				goto invalid_key;
    794		}
    795
    796		ret = -EIO;
    797		if (!(lflags & KEY_LOOKUP_PARTIAL) &&
    798		    key_read_state(key) == KEY_IS_UNINSTANTIATED)
    799			goto invalid_key;
    800	}
    801
    802	/* check the permissions */
    803	ret = key_task_permission(key_ref, ctx.cred, need_perm);
    804	if (ret < 0)
    805		goto invalid_key;
    806
    807	key->last_used_at = ktime_get_real_seconds();
    808
    809error:
    810	put_cred(ctx.cred);
    811	return key_ref;
    812
    813invalid_key:
    814	key_ref_put(key_ref);
    815	key_ref = ERR_PTR(ret);
    816	goto error;
    817
    818	/* if we attempted to install a keyring, then it may have caused new
    819	 * creds to be installed */
    820reget_creds:
    821	put_cred(ctx.cred);
    822	goto try_again;
    823}
    824EXPORT_SYMBOL(lookup_user_key);
    825
    826/*
    827 * Join the named keyring as the session keyring if possible else attempt to
    828 * create a new one of that name and join that.
    829 *
    830 * If the name is NULL, an empty anonymous keyring will be installed as the
    831 * session keyring.
    832 *
    833 * Named session keyrings are joined with a semaphore held to prevent the
    834 * keyrings from going away whilst the attempt is made to going them and also
    835 * to prevent a race in creating compatible session keyrings.
    836 */
    837long join_session_keyring(const char *name)
    838{
    839	const struct cred *old;
    840	struct cred *new;
    841	struct key *keyring;
    842	long ret, serial;
    843
    844	new = prepare_creds();
    845	if (!new)
    846		return -ENOMEM;
    847	old = current_cred();
    848
    849	/* if no name is provided, install an anonymous keyring */
    850	if (!name) {
    851		ret = install_session_keyring_to_cred(new, NULL);
    852		if (ret < 0)
    853			goto error;
    854
    855		serial = new->session_keyring->serial;
    856		ret = commit_creds(new);
    857		if (ret == 0)
    858			ret = serial;
    859		goto okay;
    860	}
    861
    862	/* allow the user to join or create a named keyring */
    863	mutex_lock(&key_session_mutex);
    864
    865	/* look for an existing keyring of this name */
    866	keyring = find_keyring_by_name(name, false);
    867	if (PTR_ERR(keyring) == -ENOKEY) {
    868		/* not found - try and create a new one */
    869		keyring = keyring_alloc(
    870			name, old->uid, old->gid, old,
    871			KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
    872			KEY_ALLOC_IN_QUOTA, NULL, NULL);
    873		if (IS_ERR(keyring)) {
    874			ret = PTR_ERR(keyring);
    875			goto error2;
    876		}
    877	} else if (IS_ERR(keyring)) {
    878		ret = PTR_ERR(keyring);
    879		goto error2;
    880	} else if (keyring == new->session_keyring) {
    881		ret = 0;
    882		goto error3;
    883	}
    884
    885	/* we've got a keyring - now to install it */
    886	ret = install_session_keyring_to_cred(new, keyring);
    887	if (ret < 0)
    888		goto error3;
    889
    890	commit_creds(new);
    891	mutex_unlock(&key_session_mutex);
    892
    893	ret = keyring->serial;
    894	key_put(keyring);
    895okay:
    896	return ret;
    897
    898error3:
    899	key_put(keyring);
    900error2:
    901	mutex_unlock(&key_session_mutex);
    902error:
    903	abort_creds(new);
    904	return ret;
    905}
    906
    907/*
    908 * Replace a process's session keyring on behalf of one of its children when
    909 * the target  process is about to resume userspace execution.
    910 */
    911void key_change_session_keyring(struct callback_head *twork)
    912{
    913	const struct cred *old = current_cred();
    914	struct cred *new = container_of(twork, struct cred, rcu);
    915
    916	if (unlikely(current->flags & PF_EXITING)) {
    917		put_cred(new);
    918		return;
    919	}
    920
    921	/* If get_ucounts fails more bits are needed in the refcount */
    922	if (unlikely(!get_ucounts(old->ucounts))) {
    923		WARN_ONCE(1, "In %s get_ucounts failed\n", __func__);
    924		put_cred(new);
    925		return;
    926	}
    927
    928	new->  uid	= old->  uid;
    929	new-> euid	= old-> euid;
    930	new-> suid	= old-> suid;
    931	new->fsuid	= old->fsuid;
    932	new->  gid	= old->  gid;
    933	new-> egid	= old-> egid;
    934	new-> sgid	= old-> sgid;
    935	new->fsgid	= old->fsgid;
    936	new->user	= get_uid(old->user);
    937	new->ucounts	= old->ucounts;
    938	new->user_ns	= get_user_ns(old->user_ns);
    939	new->group_info	= get_group_info(old->group_info);
    940
    941	new->securebits	= old->securebits;
    942	new->cap_inheritable	= old->cap_inheritable;
    943	new->cap_permitted	= old->cap_permitted;
    944	new->cap_effective	= old->cap_effective;
    945	new->cap_ambient	= old->cap_ambient;
    946	new->cap_bset		= old->cap_bset;
    947
    948	new->jit_keyring	= old->jit_keyring;
    949	new->thread_keyring	= key_get(old->thread_keyring);
    950	new->process_keyring	= key_get(old->process_keyring);
    951
    952	security_transfer_creds(new, old);
    953
    954	commit_creds(new);
    955}
    956
    957/*
    958 * Make sure that root's user and user-session keyrings exist.
    959 */
    960static int __init init_root_keyring(void)
    961{
    962	return look_up_user_keyrings(NULL, NULL);
    963}
    964
    965late_initcall(init_root_keyring);