From: David Howells <dhowells@redhat.com>
To: keyrings@linux-nfs.org
Cc: linux-security-module@vger.kernel.org, linux-nfs@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH 08/10] KEYS: Define a __key_get() wrapper to use rather than atomic_inc()
Date: Wed, 17 Jul 2013 21:44:24 +0100 [thread overview]
Message-ID: <20130717204424.8591.33724.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <20130717204314.8591.52892.stgit@warthog.procyon.org.uk>
Define a __key_get() wrapper to use rather than atomic_inc() on the key usage
count as this makes it easier to hook in refcount error debugging.
Signed-off-by: David Howells <dhowells@redhat.com>
---
Documentation/security/keys.txt | 13 ++++++++-----
include/linux/key.h | 10 +++++++---
security/keys/key.c | 2 +-
security/keys/keyring.c | 6 +++---
security/keys/process_keys.c | 16 ++++++++--------
5 files changed, 27 insertions(+), 20 deletions(-)
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index 9ede670..a4c33f1 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -960,14 +960,17 @@ payload contents" for more information.
the argument will not be parsed.
-(*) Extra references can be made to a key by calling the following function:
+(*) Extra references can be made to a key by calling one of the following
+ functions:
+ struct key *__key_get(struct key *key);
struct key *key_get(struct key *key);
- These need to be disposed of by calling key_put() when they've been
- finished with. The key pointer passed in will be returned. If the pointer
- is NULL or CONFIG_KEYS is not set then the key will not be dereferenced and
- no increment will take place.
+ Keys so references will need to be disposed of by calling key_put() when
+ they've been finished with. The key pointer passed in will be returned.
+
+ In the case of key_get(), if the pointer is NULL or CONFIG_KEYS is not set
+ then the key will not be dereferenced and no increment will take place.
(*) A key's serial number can be obtained by calling:
diff --git a/include/linux/key.h b/include/linux/key.h
index d573e82..ef596c7 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -219,13 +219,17 @@ extern void key_revoke(struct key *key);
extern void key_invalidate(struct key *key);
extern void key_put(struct key *key);
-static inline struct key *key_get(struct key *key)
+static inline struct key *__key_get(struct key *key)
{
- if (key)
- atomic_inc(&key->usage);
+ atomic_inc(&key->usage);
return key;
}
+static inline struct key *key_get(struct key *key)
+{
+ return key ? __key_get(key) : key;
+}
+
static inline void key_ref_put(key_ref_t key_ref)
{
key_put(key_ref_to_ptr(key_ref));
diff --git a/security/keys/key.c b/security/keys/key.c
index 7e6bc39..1e23cc2 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -644,7 +644,7 @@ found:
/* this races with key_put(), but that doesn't matter since key_put()
* doesn't actually change the key
*/
- atomic_inc(&key->usage);
+ __key_get(key);
error:
spin_unlock(&key_serial_lock);
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 7d5b676..35e21d9 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -479,7 +479,7 @@ not_this_keyring:
/* we found a viable match */
found:
- atomic_inc(&key->usage);
+ __key_get(key);
key->last_used_at = ctx->now.tv_sec;
keyring->last_used_at = ctx->now.tv_sec;
while (sp > 0)
@@ -573,7 +573,7 @@ key_ref_t __keyring_search_one(key_ref_t keyring_ref,
return ERR_PTR(-ENOKEY);
found:
- atomic_inc(&key->usage);
+ __key_get(key);
keyring->last_used_at = key->last_used_at =
current_kernel_time().tv_sec;
rcu_read_unlock();
@@ -909,7 +909,7 @@ void __key_link(struct key *keyring, struct key *key,
klist = rcu_dereference_locked_keyring(keyring);
- atomic_inc(&key->usage);
+ __key_get(key);
keyring->last_used_at = key->last_used_at =
current_kernel_time().tv_sec;
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index e68a3e0..68548ea 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -235,7 +235,7 @@ int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
if (IS_ERR(keyring))
return PTR_ERR(keyring);
} else {
- atomic_inc(&keyring->usage);
+ __key_get(keyring);
}
/* install the keyring */
@@ -544,7 +544,7 @@ try_again:
}
key = ctx.cred->thread_keyring;
- atomic_inc(&key->usage);
+ __key_get(key);
key_ref = make_key_ref(key, 1);
break;
@@ -562,7 +562,7 @@ try_again:
}
key = ctx.cred->process_keyring;
- atomic_inc(&key->usage);
+ __key_get(key);
key_ref = make_key_ref(key, 1);
break;
@@ -593,7 +593,7 @@ try_again:
rcu_read_lock();
key = rcu_dereference(ctx.cred->session_keyring);
- atomic_inc(&key->usage);
+ __key_get(key);
rcu_read_unlock();
key_ref = make_key_ref(key, 1);
break;
@@ -606,7 +606,7 @@ try_again:
}
key = ctx.cred->user->uid_keyring;
- atomic_inc(&key->usage);
+ __key_get(key);
key_ref = make_key_ref(key, 1);
break;
@@ -618,7 +618,7 @@ try_again:
}
key = ctx.cred->user->session_keyring;
- atomic_inc(&key->usage);
+ __key_get(key);
key_ref = make_key_ref(key, 1);
break;
@@ -632,7 +632,7 @@ try_again:
if (!key)
goto error;
- atomic_inc(&key->usage);
+ __key_get(key);
key_ref = make_key_ref(key, 1);
break;
@@ -648,7 +648,7 @@ try_again:
} else {
rka = ctx.cred->request_key_auth->payload.data;
key = rka->dest_keyring;
- atomic_inc(&key->usage);
+ __key_get(key);
}
up_read(&ctx.cred->request_key_auth->sem);
if (!key)
next prev parent reply other threads:[~2013-07-17 20:44 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-17 20:43 [RFC][PATCH 00/10] Associative array & Massive expansion of keyring capacity David Howells
2013-07-17 20:43 ` [PATCH 01/10] KEYS: Skip key state checks when checking for possession David Howells
2013-07-17 20:43 ` [PATCH 02/10] Add a generic associative array implementation David Howells
2013-07-17 20:53 ` Joe Perches
2013-07-17 21:01 ` David Howells
2013-07-18 13:18 ` [PATCH] Assoc_array: Drop leaf-type concept David Howells
2013-07-18 21:31 ` George Spelvin
2013-07-19 14:37 ` David Howells
2013-07-17 20:43 ` [PATCH 03/10] KEYS: Use bool in make_key_ref() and is_key_possessed() David Howells
2013-07-17 20:43 ` [PATCH 04/10] KEYS: key_is_dead() should take a const key pointer argument David Howells
2013-07-17 20:43 ` [PATCH 05/10] KEYS: Consolidate the concept of an 'index key' for key access David Howells
2013-07-17 20:44 ` [PATCH 06/10] KEYS: Introduce a search context structure David Howells
2013-07-17 20:44 ` [PATCH 07/10] KEYS: Search for auth-key by name rather than targt key ID David Howells
2013-07-17 20:44 ` David Howells [this message]
2013-07-17 20:44 ` [PATCH 09/10] KEYS: Drop the permissions argument from __keyring_search_one() David Howells
2013-07-17 20:44 ` [PATCH 10/10] KEYS: Expand the capacity of a keyring David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130717204424.8591.33724.stgit@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).