linux/arch/arm/kernel
David Howells ee18d64c1f KEYS: Add a keyctl to install a process's session keyring on its parent [try #6]
Add a keyctl to install a process's session keyring onto its parent.  This
replaces the parent's session keyring.  Because the COW credential code does
not permit one process to change another process's credentials directly, the
change is deferred until userspace next starts executing again.  Normally this
will be after a wait*() syscall.

To support this, three new security hooks have been provided:
cred_alloc_blank() to allocate unset security creds, cred_transfer() to fill in
the blank security creds and key_session_to_parent() - which asks the LSM if
the process may replace its parent's session keyring.

The replacement may only happen if the process has the same ownership details
as its parent, and the process has LINK permission on the session keyring, and
the session keyring is owned by the process, and the LSM permits it.

Note that this requires alteration to each architecture's notify_resume path.
This has been done for all arches barring blackfin, m68k* and xtensa, all of
which need assembly alteration to support TIF_NOTIFY_RESUME.  This allows the
replacement to be performed at the point the parent process resumes userspace
execution.

This allows the userspace AFS pioctl emulation to fully emulate newpag() and
the VIOCSETTOK and VIOCSETTOK2 pioctls, all of which require the ability to
alter the parent process's PAG membership.  However, since kAFS doesn't use
PAGs per se, but rather dumps the keys into the session keyring, the session
keyring of the parent must be replaced if, for example, VIOCSETTOK is passed
the newpag flag.

This can be tested with the following program:

	#include <stdio.h>
	#include <stdlib.h>
	#include <keyutils.h>

	#define KEYCTL_SESSION_TO_PARENT	18

	#define OSERROR(X, S) do { if ((long)(X) == -1) { perror(S); exit(1); } } while(0)

	int main(int argc, char **argv)
	{
		key_serial_t keyring, key;
		long ret;

		keyring = keyctl_join_session_keyring(argv[1]);
		OSERROR(keyring, "keyctl_join_session_keyring");

		key = add_key("user", "a", "b", 1, keyring);
		OSERROR(key, "add_key");

		ret = keyctl(KEYCTL_SESSION_TO_PARENT);
		OSERROR(ret, "KEYCTL_SESSION_TO_PARENT");

		return 0;
	}

Compiled and linked with -lkeyutils, you should see something like:

	[dhowells@andromeda ~]$ keyctl show
	Session Keyring
	       -3 --alswrv   4043  4043  keyring: _ses
	355907932 --alswrv   4043    -1   \_ keyring: _uid.4043
	[dhowells@andromeda ~]$ /tmp/newpag
	[dhowells@andromeda ~]$ keyctl show
	Session Keyring
	       -3 --alswrv   4043  4043  keyring: _ses
	1055658746 --alswrv   4043  4043   \_ user: a
	[dhowells@andromeda ~]$ /tmp/newpag hello
	[dhowells@andromeda ~]$ keyctl show
	Session Keyring
	       -3 --alswrv   4043  4043  keyring: hello
	340417692 --alswrv   4043  4043   \_ user: a

Where the test program creates a new session keyring, sticks a user key named
'a' into it and then installs it on its parent.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-09-02 21:29:22 +10:00
..
.gitignore [ARM] 5194/1: update .gitignore 2008-08-12 19:54:09 +01:00
armksyms.c Merge branch 'mxc-pu-imxfb' of git://pasiphae.extern.pengutronix.de/git/imx/linux-2.6 into devel 2008-12-17 20:04:45 +00:00
arthur.c [ARM] arm/kernel/arthur.c: add MODULE_LICENSE 2008-05-17 22:55:16 +01:00
asm-offsets.c arm: use kbuild.h instead of macros in asm-offsets.c 2008-04-29 08:06:29 -07:00
atags.c clean up atags exporting code 2008-05-30 10:33:49 +02:00
atags.h [ARM] 4736/1: Export atags to userspace and allow kexec to use customised atags 2008-02-04 13:21:03 +00:00
bios32.c PCI: arm: use generic INTx swizzle from PCI core 2009-01-07 11:13:13 -08:00
calls.S [ARM] wire up rt_tgsigqueueinfo and perf_counter_open 2009-06-20 22:25:45 +01:00
compat.c
compat.h
crunch-bits.S [ARM] Move include/asm-arm/arch-* to arch/arm/*/include/mach 2008-08-07 09:55:48 +01:00
crunch.c [ARM] Convert asm/io.h to linux/io.h 2008-09-06 12:10:45 +01:00
debug.S [ARM] 5412/1: XSCALE: add ice dcc support 2009-02-27 20:57:46 +00:00
dma-isa.c [ARM] dma: make DMA_MODE_xxx reflect ISA DMA settings 2009-01-02 12:18:53 +00:00
dma.c [ARM] dma: remove dmamode_t typedef 2009-01-02 12:34:55 +00:00
ecard.c arm: struct device - replace bus_id with dev_name(), dev_set_name() 2009-01-06 10:44:43 -08:00
ecard.h [ARM] rpc: ecard: remove deprecated ecard_address() and relatives 2008-07-03 14:25:58 +01:00
elf.c [ARM] disable NX support for OABI-supporting kernels 2009-05-23 11:36:20 +01:00
entry-armv.S Merge branch 'for-rmk' of git://linux-arm.org/linux-2.6 into devel 2009-06-11 15:35:00 +01:00
entry-common.S KEYS: Extend TIF_NOTIFY_RESUME to (almost) all architectures [try #6] 2009-09-02 21:29:19 +10:00
entry-header.S
fiq.c [ARM] 5421/1: ftrace: fix crash due to tracing of __naked functions 2009-03-12 21:33:03 +00:00
ftrace.c small doc fix: ftrace_dyn_arch_init is called by ftrace_init 2008-12-12 11:15:45 +01:00
head-common.S [ARM] use asm/sections.h 2008-12-01 11:53:07 +00:00
head-nommu.S [ARM] 5227/1: Add the ENDPROC declarations to the .S files 2008-09-01 12:06:34 +01:00
head.S [ARM] 5227/1: Add the ENDPROC declarations to the .S files 2008-09-01 12:06:34 +01:00
init_task.c mm: consolidate init_mm definition 2009-06-16 19:47:28 -07:00
io.c [ARM] Convert asm/io.h to linux/io.h 2008-09-06 12:10:45 +01:00
irq.c [ARM] 5560/1: Avoid buffer overrun in case of an invalid IRQ 2009-06-25 14:00:59 +01:00
isa.c [ARM] arch/arm/kernel/isa.c: missing definition of register_isa_ports 2009-01-08 15:53:08 +00:00
iwmmxt.S
kgdb.c kgdb, x86, arm, mips, powerpc: ignore user space single stepping 2008-09-26 10:36:41 -05:00
kprobes-decode.c [ARM] 5221/1: fix ldm/stm emulation for kprobes 2008-09-01 12:06:33 +01:00
kprobes.c kprobes: add kprobe_insn_mutex and cleanup arch_remove_kprobe() 2009-01-06 15:59:20 -08:00
machine_kexec.c [ARM] Storage class should be before const qualifier 2009-02-10 09:59:19 +00:00
Makefile [ARM] smp: allow re-use of realview localtimer TWD support 2009-05-17 19:16:41 +01:00
module.c [ARM] 5507/1: support R_ARM_MOVW_ABS_NC and MOVT_ABS relocation types 2009-05-07 17:21:01 +01:00
process.c [ARM] idle: clean up pm_idle calling, obey hlt_counter 2009-06-22 22:34:55 +01:00
ptrace.c [ARM] 5387/1: Add ptrace VFP support on ARM 2009-02-12 10:59:43 +00:00
ptrace.h [ARM] ptrace: clean up single stepping support 2007-04-21 20:34:58 +01:00
relocate_kernel.S [ARM] 4736/1: Export atags to userspace and allow kexec to use customised atags 2008-02-04 13:21:03 +00:00
setup.c Merge branch 'for-rmk' of git://git.pengutronix.de/git/imx/linux-2.6 into devel 2009-03-13 21:44:51 +00:00
signal.c KEYS: Add a keyctl to install a process's session keyring on its parent [try #6] 2009-09-02 21:29:22 +10:00
signal.h
smp_scu.c [ARM] 5516/1: Flush the D-cache after initialising the SCU 2009-05-28 13:52:05 +01:00
smp_twd.c [ARM] smp: fix style issues in smp_twd.c 2009-05-17 19:16:41 +01:00
smp.c Merge branch 'for-rmk' of git://linux-arm.org/linux-2.6 into devel 2009-06-11 15:35:00 +01:00
stacktrace.c [ARM] 5382/1: unwind: Reorganise the stacktrace support 2009-02-12 13:21:17 +00:00
sys_arm.c [ARM] Convert asm/uaccess.h to linux/uaccess.h 2008-09-06 11:35:55 +01:00
sys_oabi-compat.c Separate out common fstatat code into vfs_fstatat 2009-04-20 23:02:51 -04:00
thumbee.c Fix the teehbr_read function prototype 2008-11-10 14:14:11 +00:00
time.c [ARM] 5382/1: unwind: Reorganise the stacktrace support 2009-02-12 13:21:17 +00:00
traps.c [ARM] 5383/2: unwind: Add core support for ARM stack unwinding 2009-02-19 11:26:24 +00:00
unwind.c [ARM] 5558/1: Add extra checks to ARM unwinder to avoid tracing corrupt stacks 2009-06-19 16:44:22 +01:00
vmlinux.lds.S [ARM] 5565/2: Use PAGE_SIZE and RO_DATA() in link script 2009-06-25 14:00:59 +01:00
xscale-cp0.c [ARM] Convert asm/io.h to linux/io.h 2008-09-06 12:10:45 +01:00