From: ", Jarkko Sakkinen" <jarkko@kernel.org>
To: "Thomas Weißschuh" <linux@weissschuh.net>
Cc: "David Howells" <dhowells@redhat.com>,
"David Woodhouse" <dwmw2@infradead.org>,
"Paul Moore" <paul@paul-moore.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Mickaël Salaün" <mic@digikod.net>,
keyrings@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
"Paul Menzel" <pmenzel@molgen.mpg.de>,
"Mark Pearson" <markpearson@lenovo.com>
Subject: Re: [PATCH v4 2/3] KEYS: Add new function key_create()
Date: Wed, 4 Jan 2023 12:34:19 +0000 [thread overview]
Message-ID: <Y7VyS8ykmcglAgRv@kernel.org> (raw)
In-Reply-To: <20221212-keys-blacklist-v4-2-00afeb3137fb@weissschuh.net>
On Wed, Dec 21, 2022 at 02:08:23AM +0000, Thomas Weißschuh wrote:
> key_create() works like key_create_or_update() but does not allow
> updating an existing key, instead returning ERR_PTR(-EEXIST).
>
> key_create() will be used by the blacklist keyring which should not
> create duplicate entries or update existing entries.
> Instead a dedicated message with appropriate severity will be logged.
>
> Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
> ---
> include/linux/key.h | 8 +++
> security/keys/key.c | 149 +++++++++++++++++++++++++++++++++++++++-------------
> 2 files changed, 120 insertions(+), 37 deletions(-)
>
> diff --git a/include/linux/key.h b/include/linux/key.h
> index d27477faf00d..8dc7f7c3088b 100644
> --- a/include/linux/key.h
> +++ b/include/linux/key.h
> @@ -386,6 +386,14 @@ extern int wait_for_key_construction(struct key *key, bool intr);
>
> extern int key_validate(const struct key *key);
>
> +extern key_ref_t key_create(key_ref_t keyring,
> + const char *type,
> + const char *description,
> + const void *payload,
> + size_t plen,
> + key_perm_t perm,
> + unsigned long flags);
> +
> extern key_ref_t key_create_or_update(key_ref_t keyring,
> const char *type,
> const char *description,
> diff --git a/security/keys/key.c b/security/keys/key.c
> index c45afdd1dfbb..f84bcd8457f4 100644
> --- a/security/keys/key.c
> +++ b/security/keys/key.c
> @@ -788,38 +788,18 @@ static inline key_ref_t __key_update(key_ref_t key_ref,
> goto out;
> }
>
> -/**
> - * key_create_or_update - Update or create and instantiate a key.
> - * @keyring_ref: A pointer to the destination keyring with possession flag.
> - * @type: The type of key.
> - * @description: The searchable description for the key.
> - * @payload: The data to use to instantiate or update the key.
> - * @plen: The length of @payload.
> - * @perm: The permissions mask for a new key.
> - * @flags: The quota flags for a new key.
> - *
> - * Search the destination keyring for a key of the same description and if one
> - * is found, update it, otherwise create and instantiate a new one and create a
> - * link to it from that keyring.
> - *
> - * If perm is KEY_PERM_UNDEF then an appropriate key permissions mask will be
> - * concocted.
> - *
> - * Returns a pointer to the new key if successful, -ENODEV if the key type
> - * wasn't available, -ENOTDIR if the keyring wasn't a keyring, -EACCES if the
> - * caller isn't permitted to modify the keyring or the LSM did not permit
> - * creation of the key.
> - *
> - * On success, the possession flag from the keyring ref will be tacked on to
> - * the key ref before it is returned.
> +/*
> + * Create or potentially update a key. The combined logic behind
> + * key_create_or_update() and key_create()
> */
> -key_ref_t key_create_or_update(key_ref_t keyring_ref,
> - const char *type,
> - const char *description,
> - const void *payload,
> - size_t plen,
> - key_perm_t perm,
> - unsigned long flags)
> +static key_ref_t __key_create_or_update(key_ref_t keyring_ref,
> + const char *type,
> + const char *description,
> + const void *payload,
> + size_t plen,
> + key_perm_t perm,
> + unsigned long flags,
> + bool allow_update)
> {
> struct keyring_index_key index_key = {
> .description = description,
> @@ -906,14 +886,23 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
> goto error_link_end;
> }
>
> - /* if it's possible to update this type of key, search for an existing
> - * key of the same type and description in the destination keyring and
> - * update that instead if possible
> + /* if it's requested and possible to update this type of key, search
> + * for an existing key of the same type and description in the
> + * destination keyring and update that instead if possible
> */
> - if (index_key.type->update) {
> + if (allow_update) {
> + if (index_key.type->update) {
> + key_ref = find_key_to_update(keyring_ref, &index_key);
> + if (key_ref)
> + goto found_matching_key;
> + }
> + } else {
> key_ref = find_key_to_update(keyring_ref, &index_key);
> - if (key_ref)
> - goto found_matching_key;
> + if (key_ref) {
> + key_ref_put(key_ref);
> + key_ref = ERR_PTR(-EEXIST);
> + goto error_link_end;
> + }
> }
>
> /* if the client doesn't provide, decide on the permissions we want */
> @@ -985,8 +974,94 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
>
> goto error_free_prep;
> }
> +
> +/**
> + * key_create_or_update - Update or create and instantiate a key.
> + * @keyring_ref: A pointer to the destination keyring with possession flag.
> + * @type: The type of key.
> + * @description: The searchable description for the key.
> + * @payload: The data to use to instantiate or update the key.
> + * @plen: The length of @payload.
> + * @perm: The permissions mask for a new key.
> + * @flags: The quota flags for a new key.
> + *
> + * Search the destination keyring for a key of the same description and if one
> + * is found, update it, otherwise create and instantiate a new one and create a
> + * link to it from that keyring.
> + *
> + * If perm is KEY_PERM_UNDEF then an appropriate key permissions mask will be
> + * concocted.
> + *
> + * Returns a pointer to the new key if successful, -ENODEV if the key type
> + * wasn't available, -ENOTDIR if the keyring wasn't a keyring, -EACCES if the
> + * caller isn't permitted to modify the keyring or the LSM did not permit
> + * creation of the key.
> + *
> + * On success, the possession flag from the keyring ref will be tacked on to
> + * the key ref before it is returned.
> + */
> +key_ref_t key_create_or_update(key_ref_t keyring_ref,
> + const char *type,
> + const char *description,
> + const void *payload,
> + size_t plen,
> + key_perm_t perm,
> + unsigned long flags)
> +{
> + return __key_create_or_update(keyring_ref,
> + type,
> + description,
> + payload,
> + plen,
> + perm,
> + flags,
> + true);
> +}
> EXPORT_SYMBOL(key_create_or_update);
>
> +/**
> + * key_create - Create and instantiate a key.
> + * @keyring_ref: A pointer to the destination keyring with possession flag.
> + * @type: The type of key.
> + * @description: The searchable description for the key.
> + * @payload: The data to use to instantiate or update the key.
> + * @plen: The length of @payload.
> + * @perm: The permissions mask for a new key.
> + * @flags: The quota flags for a new key.
> + *
> + * Create and instantiate a new key and link to it from the destination keyring.
> + *
> + * If perm is KEY_PERM_UNDEF then an appropriate key permissions mask will be
> + * concocted.
> + *
> + * Returns a pointer to the new key if successful, -EEXIST if a key with the
> + * same description already exists, -ENODEV if the key type wasn't available,
> + * -ENOTDIR if the keyring wasn't a keyring, -EACCES if the caller isn't
> + * permitted to modify the keyring or the LSM did not permit creation of the
> + * key.
> + *
> + * On success, the possession flag from the keyring ref will be tacked on to
> + * the key ref before it is returned.
> + */
> +key_ref_t key_create(key_ref_t keyring_ref,
> + const char *type,
> + const char *description,
> + const void *payload,
> + size_t plen,
> + key_perm_t perm,
> + unsigned long flags)
> +{
> + return __key_create_or_update(keyring_ref,
> + type,
> + description,
> + payload,
> + plen,
> + perm,
> + flags,
> + false);
I'd consider:
return __key_create_or_update(keyring_ref, type, description, payload, plen, perm, flags,
false);
I don't see any logical reason to spread this to 8 lines.
> +}
> +EXPORT_SYMBOL(key_create);
> +
> /**
> * key_update - Update a key's contents.
> * @key_ref: The pointer (plus possession flag) to the key.
>
> --
> 2.39.0
BR, Jarkko
next prev parent reply other threads:[~2023-01-04 12:34 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20221212-keys-blacklist-v4-0-00afeb3137fb@weissschuh.net>
[not found] ` <20221212-keys-blacklist-v4-1-00afeb3137fb@weissschuh.net>
2023-01-04 12:31 ` [PATCH v4 1/3] certs: make blacklisted hash available in klog , Jarkko Sakkinen
[not found] ` <20221212-keys-blacklist-v4-2-00afeb3137fb@weissschuh.net>
2023-01-04 12:34 ` , Jarkko Sakkinen [this message]
[not found] ` <20221212-keys-blacklist-v4-3-00afeb3137fb@weissschuh.net>
2023-01-04 12:35 ` [PATCH v4 3/3] certs: don't try to update blacklist keys , Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y7VyS8ykmcglAgRv@kernel.org \
--to=jarkko@kernel.org \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux@weissschuh.net \
--cc=markpearson@lenovo.com \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=pmenzel@molgen.mpg.de \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.