diff options
author | Mat Martineau <mathew.j.martineau@linux.intel.com> | 2016-08-31 16:05:43 -0700 |
---|---|---|
committer | Mat Martineau <mathew.j.martineau@linux.intel.com> | 2017-04-04 14:10:10 -0700 |
commit | 2b6aa412ff23a02ac777ad307249c60a839cfd25 (patch) | |
tree | 317dced64727a10b3ce09ca84ac8e153c7dabf77 /security/keys/gc.c | |
parent | e9cc0f689a7c0c9be6fed6861b3a3f49ad0e7a52 (diff) | |
download | linux-stable-2b6aa412ff23a02ac777ad307249c60a839cfd25.tar.gz linux-stable-2b6aa412ff23a02ac777ad307249c60a839cfd25.tar.bz2 linux-stable-2b6aa412ff23a02ac777ad307249c60a839cfd25.zip |
KEYS: Use structure to capture key restriction function and data
Replace struct key's restrict_link function pointer with a pointer to
the new struct key_restriction. The structure contains pointers to the
restriction function as well as relevant data for evaluating the
restriction.
The garbage collector checks restrict_link->keytype when key types are
unregistered. Restrictions involving a removed key type are converted
to use restrict_link_reject so that restrictions cannot be removed by
unregistering key types.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Diffstat (limited to 'security/keys/gc.c')
-rw-r--r-- | security/keys/gc.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/security/keys/gc.c b/security/keys/gc.c index 44789256c88c..15b9ddf510e4 100644 --- a/security/keys/gc.c +++ b/security/keys/gc.c @@ -229,6 +229,9 @@ continue_scanning: set_bit(KEY_FLAG_DEAD, &key->flags); key->perm = 0; goto skip_dead_key; + } else if (key->type == &key_type_keyring && + key->restrict_link) { + goto found_restricted_keyring; } } @@ -334,6 +337,14 @@ found_unreferenced_key: gc_state |= KEY_GC_REAP_AGAIN; goto maybe_resched; + /* We found a restricted keyring and need to update the restriction if + * it is associated with the dead key type. + */ +found_restricted_keyring: + spin_unlock(&key_serial_lock); + keyring_restriction_gc(key, key_gc_dead_keytype); + goto maybe_resched; + /* We found a keyring and we need to check the payload for links to * dead or expired keys. We don't flag another reap immediately as we * have to wait for the old payload to be destroyed by RCU before we |