From: David Howells <dhowells@redhat.com>
To: keyrings@linux-nfs.org
Cc: linux-security-module@vger.kernel.org, linux-nfs@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH 08/10] KEYS: Define a __key_get() wrapper to use rather than atomic_inc()
Date: Wed, 17 Jul 2013 21:44:24 +0100 [thread overview]
Message-ID: <20130717204424.8591.33724.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <20130717204314.8591.52892.stgit@warthog.procyon.org.uk>
Define a __key_get() wrapper to use rather than atomic_inc() on the key usage
count as this makes it easier to hook in refcount error debugging.
Signed-off-by: David Howells <dhowells@redhat.com>
---
Documentation/security/keys.txt | 13 ++++++++-----
include/linux/key.h | 10 +++++++---
security/keys/key.c | 2 +-
security/keys/keyring.c | 6 +++---
security/keys/process_keys.c | 16 ++++++++--------
5 files changed, 27 insertions(+), 20 deletions(-)
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index 9ede670..a4c33f1 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -960,14 +960,17 @@ payload contents" for more information.
the argument will not be parsed.
-(*) Extra references can be made to a key by calling the following function:
+(*) Extra references can be made to a key by calling one of the following
+ functions:
+ struct key *__key_get(struct key *key);
struct key *key_get(struct key *key);
- These need to be disposed of by calling key_put() when they've been
- finished with. The key pointer passed in will be returned. If the pointer
- is NULL or CONFIG_KEYS is not set then the key will not be dereferenced and
- no increment will take place.
+ Keys so references will need to be disposed of by calling key_put() when
+ they've been finished with. The key pointer passed in will be returned.
+
+ In the case of key_get(), if the pointer is NULL or CONFIG_KEYS is not set
+ then the key will not be dereferenced and no increment will take place.
(*) A key's serial number can be obtained by calling:
diff --git a/include/linux/key.h b/include/linux/key.h
index d573e82..ef596c7 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -219,13 +219,17 @@ extern void key_revoke(struct key *key);
extern void key_invalidate(struct key *key);
extern void key_put(struct key *key);
-static inline struct key *key_get(struct key *key)
+static inline struct key *__key_get(struct key *key)
{
- if (key)
- atomic_inc(&key->usage);
+ atomic_inc(&key->usage);
return key;
}
+static inline struct key *key_get(struct key *key)
+{
+ return key ? __key_get(key) : key;
+}
+
static inline void key_ref_put(key_ref_t key_ref)
{
key_put(key_ref_to_ptr(key_ref));
diff --git a/security/keys/key.c b/security/keys/key.c
index 7e6bc39..1e23cc2 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -644,7 +644,7 @@ found:
/* this races with key_put(), but that doesn't matter since key_put()
* doesn't actually change the key
*/
- atomic_inc(&key->usage);
+ __key_get(key);
error:
spin_unlock(&key_serial_lock);
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 7d5b676..35e21d9 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -479,7 +479,7 @@ not_this_keyring:
/* we found a viable match */
found:
- atomic_inc(&key->usage);
+ __key_get(key);
key->last_used_at = ctx->now.tv_sec;
keyring->last_used_at = ctx->now.tv_sec;
while (sp > 0)
@@ -573,7 +573,7 @@ key_ref_t __keyring_search_one(key_ref_t keyring_ref,
return ERR_PTR(-ENOKEY);
found:
- atomic_inc(&key->usage);
+ __key_get(key);
keyring->last_used_at = key->last_used_at =
current_kernel_time().tv_sec;
rcu_read_unlock();
@@ -909,7 +909,7 @@ void __key_link(struct key *keyring, struct key *key,
klist = rcu_dereference_locked_keyring(keyring);
- atomic_inc(&key->usage);
+ __key_get(key);
keyring->last_used_at = key->last_used_at =
current_kernel_time().tv_sec;
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index e68a3e0..68548ea 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -235,7 +235,7 @@ int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
if (IS_ERR(keyring))
return PTR_ERR(keyring);
} else {
- atomic_inc(&keyring->usage);
+ __key_get(keyring);
}
/* install the keyring */
@@ -544,7 +544,7 @@ try_again:
}
key = ctx.cred->thread_keyring;
- atomic_inc(&key->usage);
+ __key_get(key);
key_ref = make_key_ref(key, 1);
break;
@@ -562,7 +562,7 @@ try_again:
}
key = ctx.cred->process_keyring;
- atomic_inc(&key->usage);
+ __key_get(key);
key_ref = make_key_ref(key, 1);
break;
@@ -593,7 +593,7 @@ try_again:
rcu_read_lock();
key = rcu_dereference(ctx.cred->session_keyring);
- atomic_inc(&key->usage);
+ __key_get(key);
rcu_read_unlock();
key_ref = make_key_ref(key, 1);
break;
@@ -606,7 +606,7 @@ try_again:
}
key = ctx.cred->user->uid_keyring;
- atomic_inc(&key->usage);
+ __key_get(key);
key_ref = make_key_ref(key, 1);
break;
@@ -618,7 +618,7 @@ try_again:
}
key = ctx.cred->user->session_keyring;
- atomic_inc(&key->usage);
+ __key_get(key);
key_ref = make_key_ref(key, 1);
break;
@@ -632,7 +632,7 @@ try_again:
if (!key)
goto error;
- atomic_inc(&key->usage);
+ __key_get(key);
key_ref = make_key_ref(key, 1);
break;
@@ -648,7 +648,7 @@ try_again:
} else {
rka = ctx.cred->request_key_auth->payload.data;
key = rka->dest_keyring;
- atomic_inc(&key->usage);
+ __key_get(key);
}
up_read(&ctx.cred->request_key_auth->sem);
if (!key)
next prev parent reply other threads:[~2013-07-17 20:44 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-17 20:43 [RFC][PATCH 00/10] Associative array & Massive expansion of keyring capacity David Howells
2013-07-17 20:43 ` [PATCH 01/10] KEYS: Skip key state checks when checking for possession David Howells
2013-07-17 20:43 ` [PATCH 02/10] Add a generic associative array implementation David Howells
2013-07-17 20:53 ` Joe Perches
2013-07-17 21:01 ` David Howells
2013-07-18 13:18 ` [PATCH] Assoc_array: Drop leaf-type concept David Howells
2013-07-18 21:31 ` George Spelvin
2013-07-19 14:37 ` David Howells
2013-07-17 20:43 ` [PATCH 03/10] KEYS: Use bool in make_key_ref() and is_key_possessed() David Howells
2013-07-17 20:43 ` [PATCH 04/10] KEYS: key_is_dead() should take a const key pointer argument David Howells
2013-07-17 20:43 ` [PATCH 05/10] KEYS: Consolidate the concept of an 'index key' for key access David Howells
2013-07-17 20:44 ` [PATCH 06/10] KEYS: Introduce a search context structure David Howells
2013-07-17 20:44 ` [PATCH 07/10] KEYS: Search for auth-key by name rather than targt key ID David Howells
2013-07-17 20:44 ` David Howells [this message]
2013-07-17 20:44 ` [PATCH 09/10] KEYS: Drop the permissions argument from __keyring_search_one() David Howells
2013-07-17 20:44 ` [PATCH 10/10] KEYS: Expand the capacity of a keyring David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130717204424.8591.33724.stgit@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.