From: Oleg Nesterov <oleg@redhat.com>
To: David Howells <dhowells@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>
Cc: Andi Kleen <andi@firstfloor.org>,
Neil Horman <nhorman@tuxdriver.com>,
linux-kernel@vger.kernel.org
Subject: [PATCH v2 -mm 1/2] umh && creds: convert call_usermodehelper_keys() to use subprocess_info->init()
Date: Fri, 26 Feb 2010 21:03:57 +0100 [thread overview]
Message-ID: <20100226200357.GB16092@redhat.com> (raw)
In-Reply-To: <20100226200313.GA16092@redhat.com>
call_usermodehelper_keys() uses call_usermodehelper_setkeys() to change
subprocess_info->cred in advance. Now that we have info->init() we can
change this code to set tgcred->session_keyring in context of execing
kernel thread.
Note: since currently call_usermodehelper_keys() is never called with
UMH_NO_WAIT, call_usermodehelper_keys()->key_get() and umh_keys_cleanup()
are not really needed, we could rely on install_session_keyring_to_cred()
which does key_get() on success.
Compile tested.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
---
include/linux/kmod.h | 17 -----------------
kernel/kmod.c | 18 ------------------
security/keys/internal.h | 1 +
security/keys/process_keys.c | 3 +--
security/keys/request_key.c | 33 +++++++++++++++++++++++++++++++++
5 files changed, 35 insertions(+), 37 deletions(-)
--- mm/include/linux/kmod.h~1_CONVERT_KEYS 2010-02-25 17:37:41.000000000 +0100
+++ mm/include/linux/kmod.h 2010-02-26 20:18:48.000000000 +0100
@@ -71,8 +71,6 @@ struct subprocess_info *call_usermodehel
char **envp, gfp_t gfp_mask);
/* Set various pieces of state into the subprocess_info structure */
-void call_usermodehelper_setkeys(struct subprocess_info *info,
- struct key *session_keyring);
void call_usermodehelper_setfns(struct subprocess_info *info,
int (*init)(struct subprocess_info *info),
void (*cleanup)(struct subprocess_info *info),
@@ -108,21 +106,6 @@ call_usermodehelper(char *path, char **a
wait, NULL, NULL, NULL);
}
-static inline int
-call_usermodehelper_keys(char *path, char **argv, char **envp,
- struct key *session_keyring, enum umh_wait wait)
-{
- struct subprocess_info *info;
- gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL;
-
- info = call_usermodehelper_setup(path, argv, envp, gfp_mask);
- if (info == NULL)
- return -ENOMEM;
-
- call_usermodehelper_setkeys(info, session_keyring);
- return call_usermodehelper_exec(info, wait);
-}
-
extern void usermodehelper_init(void);
extern int usermodehelper_disable(void);
--- mm/kernel/kmod.c~1_CONVERT_KEYS 2010-02-25 17:37:41.000000000 +0100
+++ mm/kernel/kmod.c 2010-02-26 20:18:48.000000000 +0100
@@ -386,24 +386,6 @@ struct subprocess_info *call_usermodehel
EXPORT_SYMBOL(call_usermodehelper_setup);
/**
- * call_usermodehelper_setkeys - set the session keys for usermode helper
- * @info: a subprocess_info returned by call_usermodehelper_setup
- * @session_keyring: the session keyring for the process
- */
-void call_usermodehelper_setkeys(struct subprocess_info *info,
- struct key *session_keyring)
-{
-#ifdef CONFIG_KEYS
- struct thread_group_cred *tgcred = info->cred->tgcred;
- key_put(tgcred->session_keyring);
- tgcred->session_keyring = key_get(session_keyring);
-#else
- BUG();
-#endif
-}
-EXPORT_SYMBOL(call_usermodehelper_setkeys);
-
-/**
* call_usermodehelper_setfns - set a cleanup/init function
* @info: a subprocess_info returned by call_usermodehelper_setup
* @cleanup: a cleanup function
--- mm/security/keys/internal.h~1_CONVERT_KEYS 2010-02-25 15:22:14.000000000 +0100
+++ mm/security/keys/internal.h 2010-02-26 20:30:52.000000000 +0100
@@ -115,6 +115,7 @@ extern struct key *find_keyring_by_name(
extern int install_user_keyrings(void);
extern int install_thread_keyring_to_cred(struct cred *);
extern int install_process_keyring_to_cred(struct cred *);
+extern int install_session_keyring_to_cred(struct cred *, struct key *);
extern struct key *request_key_and_link(struct key_type *type,
const char *description,
--- mm/security/keys/process_keys.c~1_CONVERT_KEYS 2010-02-25 15:22:14.000000000 +0100
+++ mm/security/keys/process_keys.c 2010-02-26 20:22:14.000000000 +0100
@@ -217,8 +217,7 @@ static int install_process_keyring(void)
/*
* install a session keyring directly to a credentials struct
*/
-static int install_session_keyring_to_cred(struct cred *cred,
- struct key *keyring)
+int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
{
unsigned long flags;
struct key *old;
--- mm/security/keys/request_key.c~1_CONVERT_KEYS 2010-02-25 17:37:41.000000000 +0100
+++ mm/security/keys/request_key.c 2010-02-26 20:42:56.000000000 +0100
@@ -58,6 +58,39 @@ void complete_request_key(struct key_con
}
EXPORT_SYMBOL(complete_request_key);
+static int umh_keys_init(struct subprocess_info *info)
+{
+ struct cred *cred = (struct cred*)current_cred();
+ struct key *keyring = info->data;
+ /*
+ * This is called in context of freshly forked kthread before
+ * kernel_execve(), we can just change our ->session_keyring.
+ */
+ return install_session_keyring_to_cred(cred, keyring);
+}
+
+static void umh_keys_cleanup(struct subprocess_info *info)
+{
+ struct key *keyring = info->data;
+ key_put(keyring);
+}
+
+static inline int
+call_usermodehelper_keys(char *path, char **argv, char **envp,
+ struct key *session_keyring, enum umh_wait wait)
+{
+ gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL;
+ struct subprocess_info *info =
+ call_usermodehelper_setup(path, argv, envp, gfp_mask);
+
+ if (!info)
+ return -ENOMEM;
+
+ call_usermodehelper_setfns(info, umh_keys_init, umh_keys_cleanup,
+ key_get(session_keyring));
+ return call_usermodehelper_exec(info, wait);
+}
+
/*
* request userspace finish the construction of a key
* - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
next prev parent reply other threads:[~2010-02-26 20:05 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-25 18:15 [PATCH -mm 1/2] umh && creds: convert call_usermodehelper_keys() to use subprocess_info->init() Oleg Nesterov
2010-02-26 18:00 ` David Howells
2010-02-26 18:23 ` Oleg Nesterov
2010-02-26 18:41 ` David Howells
2010-02-26 18:52 ` Oleg Nesterov
2010-02-26 20:03 ` [PATCH v2 -mm 0/2] umh && creds: kill sub_info->cred Oleg Nesterov
2010-02-26 20:03 ` Oleg Nesterov [this message]
2010-02-26 20:28 ` [PATCH v2 -mm 1/2] umh && creds: convert call_usermodehelper_keys() to use subprocess_info->init() Neil Horman
2010-02-26 20:42 ` David Howells
2010-02-26 20:53 ` Oleg Nesterov
2010-02-26 23:24 ` David Howells
2010-03-05 22:52 ` Oleg Nesterov
2010-03-05 23:09 ` [PATCH,RESEND " Oleg Nesterov
2010-03-08 13:19 ` David Howells
2010-03-08 17:44 ` Neil Horman
2010-03-05 23:10 ` [PATCH,RESEND -mm 2/2] umh && creds: kill subprocess_info->cred logic Oleg Nesterov
2010-03-08 13:19 ` David Howells
2010-03-08 17:47 ` Neil Horman
2010-02-26 20:04 ` [PATCH v2 " Oleg Nesterov
2010-02-26 20:29 ` Neil Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100226200357.GB16092@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=andi@firstfloor.org \
--cc=dhowells@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.