From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "David Howells" <dhowells@redhat.com>
Cc: <keyrings@vger.kernel.org>,
<linux-security-module@vger.kernel.org>,
<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 5/7] keys: Use key_get() instead of __key_get()
Date: Tue, 27 Aug 2024 21:24:18 +0300 [thread overview]
Message-ID: <D3QWKEINML37.2DGN2KEH1N173@kernel.org> (raw)
In-Reply-To: <20240821123616.60401-6-dhowells@redhat.com>
On Wed Aug 21, 2024 at 3:36 PM EEST, David Howells wrote:
> Switch users of __key_get() over to key_get() so that they benefit from the
> future tracepointage thereof also and remove __key_get().
>
> Signed-off-by: David Howells <dhowells@redhat.com>
> cc: Jarkko Sakkinen <jarkko@kernel.org>
> cc: keyrings@vger.kernel.org
> cc: linux-security-module@vger.kernel.org
> ---
> Documentation/security/keys/core.rst | 1 -
> crypto/asymmetric_keys/restrict.c | 6 +++---
> include/linux/key.h | 6 ------
> security/keys/keyring.c | 4 ++--
> security/keys/process_keys.c | 15 ++++++---------
> 5 files changed, 11 insertions(+), 21 deletions(-)
>
> diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst
> index 326b8a973828..0b179540d885 100644
> --- a/Documentation/security/keys/core.rst
> +++ b/Documentation/security/keys/core.rst
> @@ -1217,7 +1217,6 @@ payload contents" for more information.
> * Extra references can be made to a key by calling one of the following
> functions::
>
> - struct key *__key_get(struct key *key);
> struct key *key_get(struct key *key);
>
> Keys so references will need to be disposed of by calling key_put() when
> diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c
> index afcd4d101ac5..1ea7bfd4e5d7 100644
> --- a/crypto/asymmetric_keys/restrict.c
> +++ b/crypto/asymmetric_keys/restrict.c
> @@ -267,20 +267,20 @@ static int key_or_keyring_common(struct key *dest_keyring,
> if (!sig->auth_ids[0] && !sig->auth_ids[1]) {
> if (asymmetric_key_id_same(signer_ids[2],
> sig->auth_ids[2]))
> - key = __key_get(trusted);
> + key = key_get(trusted);
>
> } else if (!sig->auth_ids[0] || !sig->auth_ids[1]) {
> const struct asymmetric_key_id *auth_id;
>
> auth_id = sig->auth_ids[0] ?: sig->auth_ids[1];
> if (match_either_id(signer_ids, auth_id))
> - key = __key_get(trusted);
> + key = key_get(trusted);
>
> } else if (asymmetric_key_id_same(signer_ids[1],
> sig->auth_ids[1]) &&
> match_either_id(signer_ids,
> sig->auth_ids[0])) {
> - key = __key_get(trusted);
> + key = key_get(trusted);
> }
> } else {
> return -EOPNOTSUPP;
> diff --git a/include/linux/key.h b/include/linux/key.h
> index 50a19e5f9e45..80d736813b89 100644
> --- a/include/linux/key.h
> +++ b/include/linux/key.h
> @@ -304,12 +304,6 @@ extern void key_put(struct key *key);
> extern bool key_put_tag(struct key_tag *tag);
> extern void key_remove_domain(struct key_tag *domain_tag);
>
> -static inline struct key *__key_get(struct key *key)
> -{
> - refcount_inc(&key->usage);
> - return key;
> -}
> -
> static inline void key_ref_put(key_ref_t key_ref)
> {
> key_put(key_ref_to_ptr(key_ref));
> diff --git a/security/keys/keyring.c b/security/keys/keyring.c
> index 7f02b913c560..e77d927f1d4d 100644
> --- a/security/keys/keyring.c
> +++ b/security/keys/keyring.c
> @@ -1122,7 +1122,7 @@ key_ref_t find_key_to_update(key_ref_t keyring_ref,
> kleave(" = NULL [x]");
> return NULL;
> }
> - __key_get(key);
> + key_get(key);
> kleave(" = {%d}", key->serial);
> return make_key_ref(key, is_key_possessed(keyring_ref));
> }
> @@ -1367,7 +1367,7 @@ int __key_link_check_live_key(struct key *keyring, struct key *key)
> void __key_link(struct key *keyring, struct key *key,
> struct assoc_array_edit **_edit)
> {
> - __key_get(key);
> + key_get(key);
> assoc_array_insert_set_object(*_edit, keyring_key_to_ptr(key));
> assoc_array_apply_edit(*_edit);
> *_edit = NULL;
> diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
> index b5d5333ab330..01291b2d0888 100644
> --- a/security/keys/process_keys.c
> +++ b/security/keys/process_keys.c
> @@ -333,7 +333,7 @@ int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
> if (IS_ERR(keyring))
> return PTR_ERR(keyring);
> } else {
> - __key_get(keyring);
> + key_get(keyring);
> }
>
> /* install the keyring */
> @@ -641,7 +641,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
> }
>
> key = ctx.cred->thread_keyring;
> - __key_get(key);
> + key_get(key);
> key_ref = make_key_ref(key, 1);
> break;
>
> @@ -658,8 +658,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
> goto reget_creds;
> }
>
> - key = ctx.cred->process_keyring;
> - __key_get(key);
> + key = key_get(ctx.cred->process_keyring);
> key_ref = make_key_ref(key, 1);
> break;
>
> @@ -688,8 +687,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
> goto reget_creds;
> }
>
> - key = ctx.cred->session_keyring;
> - __key_get(key);
> + key = key_get(ctx.cred->session_keyring);
> key_ref = make_key_ref(key, 1);
> break;
>
> @@ -717,7 +715,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
> if (!key)
> goto error;
>
> - __key_get(key);
> + key_get(key);
> key_ref = make_key_ref(key, 1);
> break;
>
> @@ -732,8 +730,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
> key = NULL;
> } else {
> rka = ctx.cred->request_key_auth->payload.data[0];
> - key = rka->dest_keyring;
> - __key_get(key);
> + key = key_get(rka->dest_keyring);
> }
> up_read(&ctx.cred->request_key_auth->sem);
> if (!key)
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
BR, Jarkko
next prev parent reply other threads:[~2024-08-27 18:24 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-21 12:36 [PATCH 0/7] keys: Add tracepoints David Howells
2024-08-21 12:36 ` [PATCH 1/7] keys: Out of line key_is_dead() so it can have tracepoints added in David Howells
2024-08-27 18:22 ` Jarkko Sakkinen
2024-08-21 12:36 ` [PATCH 2/7] keys: Extract struct key_user to its own header for tracing purposes David Howells
2024-08-27 18:23 ` Jarkko Sakkinen
2024-08-21 12:36 ` [PATCH 3/7] keys: Move key_get() out of line so a tracepoint can be added David Howells
2024-08-27 18:23 ` Jarkko Sakkinen
2024-08-21 12:36 ` [PATCH 4/7] keys: Add a key_ref_get() wrapper David Howells
2024-08-27 18:23 ` Jarkko Sakkinen
2024-08-21 12:36 ` [PATCH 5/7] keys: Use key_get() instead of __key_get() David Howells
2024-08-27 18:24 ` Jarkko Sakkinen [this message]
2024-08-21 12:36 ` [PATCH 6/7] keys: Provide a key_try_get() function and use it David Howells
2024-08-27 18:24 ` Jarkko Sakkinen
2024-08-21 12:36 ` [PATCH 7/7] keys: Add tracepoints for the keyrings facility David Howells
2024-08-27 18:27 ` Jarkko Sakkinen
2024-09-28 2:03 ` Justin Stitt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D3QWKEINML37.2DGN2KEH1N173@kernel.org \
--to=jarkko@kernel.org \
--cc=dhowells@redhat.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.