The patch titled umh: creds: convert call_usermodehelper_keys() to use subprocess_info->init() has been added to the -mm tree. Its filename is umh-creds-convert-call_usermodehelper_keys-to-use-subprocess_info-init.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/SubmitChecklist when testing your code *** See http://userweb.kernel.org/~akpm/stuff/added-to-mm.txt to find out what to do about this The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/ ------------------------------------------------------ Subject: umh: creds: convert call_usermodehelper_keys() to use subprocess_info->init() From: Oleg Nesterov <oleg@xxxxxxxxxx> call_usermodehelper_keys() uses call_usermodehelper_setkeys() to change subprocess_info->cred in advance. Now that we have info->init() we can change this code to set tgcred->session_keyring in context of execing kernel thread. Note: since currently call_usermodehelper_keys() is never called with UMH_NO_WAIT, call_usermodehelper_keys()->key_get() and umh_keys_cleanup() are not really needed, we could rely on install_session_keyring_to_cred() which does key_get() on success. Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx> Acked-by: Neil Horman <nhorman@xxxxxxxxxxxxx> Acked-by: David Howells <dhowells@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- include/linux/kmod.h | 17 ----------------- kernel/kmod.c | 18 ------------------ security/keys/internal.h | 1 + security/keys/process_keys.c | 3 +-- security/keys/request_key.c | 32 ++++++++++++++++++++++++++++++++ 5 files changed, 34 insertions(+), 37 deletions(-) diff -puN include/linux/kmod.h~umh-creds-convert-call_usermodehelper_keys-to-use-subprocess_info-init include/linux/kmod.h --- a/include/linux/kmod.h~umh-creds-convert-call_usermodehelper_keys-to-use-subprocess_info-init +++ a/include/linux/kmod.h @@ -72,8 +72,6 @@ struct subprocess_info *call_usermodehel char **envp, gfp_t gfp_mask); /* Set various pieces of state into the subprocess_info structure */ -void call_usermodehelper_setkeys(struct subprocess_info *info, - struct key *session_keyring); void call_usermodehelper_setfns(struct subprocess_info *info, int (*init)(struct subprocess_info *info), void (*cleanup)(struct subprocess_info *info), @@ -112,21 +110,6 @@ call_usermodehelper(char *path, char **a NULL, NULL, NULL); } -static inline int -call_usermodehelper_keys(char *path, char **argv, char **envp, - struct key *session_keyring, enum umh_wait wait) -{ - struct subprocess_info *info; - gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL; - - info = call_usermodehelper_setup(path, argv, envp, gfp_mask); - if (info == NULL) - return -ENOMEM; - - call_usermodehelper_setkeys(info, session_keyring); - return call_usermodehelper_exec(info, wait); -} - extern void usermodehelper_init(void); extern int usermodehelper_disable(void); diff -puN kernel/kmod.c~umh-creds-convert-call_usermodehelper_keys-to-use-subprocess_info-init kernel/kmod.c --- a/kernel/kmod.c~umh-creds-convert-call_usermodehelper_keys-to-use-subprocess_info-init +++ a/kernel/kmod.c @@ -367,24 +367,6 @@ struct subprocess_info *call_usermodehel EXPORT_SYMBOL(call_usermodehelper_setup); /** - * call_usermodehelper_setkeys - set the session keys for usermode helper - * @info: a subprocess_info returned by call_usermodehelper_setup - * @session_keyring: the session keyring for the process - */ -void call_usermodehelper_setkeys(struct subprocess_info *info, - struct key *session_keyring) -{ -#ifdef CONFIG_KEYS - struct thread_group_cred *tgcred = info->cred->tgcred; - key_put(tgcred->session_keyring); - tgcred->session_keyring = key_get(session_keyring); -#else - BUG(); -#endif -} -EXPORT_SYMBOL(call_usermodehelper_setkeys); - -/** * call_usermodehelper_setfns - set a cleanup/init function * @info: a subprocess_info returned by call_usermodehelper_setup * @cleanup: a cleanup function diff -puN security/keys/internal.h~umh-creds-convert-call_usermodehelper_keys-to-use-subprocess_info-init security/keys/internal.h --- a/security/keys/internal.h~umh-creds-convert-call_usermodehelper_keys-to-use-subprocess_info-init +++ a/security/keys/internal.h @@ -115,6 +115,7 @@ extern struct key *find_keyring_by_name( extern int install_user_keyrings(void); extern int install_thread_keyring_to_cred(struct cred *); extern int install_process_keyring_to_cred(struct cred *); +extern int install_session_keyring_to_cred(struct cred *, struct key *); extern struct key *request_key_and_link(struct key_type *type, const char *description, diff -puN security/keys/process_keys.c~umh-creds-convert-call_usermodehelper_keys-to-use-subprocess_info-init security/keys/process_keys.c --- a/security/keys/process_keys.c~umh-creds-convert-call_usermodehelper_keys-to-use-subprocess_info-init +++ a/security/keys/process_keys.c @@ -217,8 +217,7 @@ static int install_process_keyring(void) /* * install a session keyring directly to a credentials struct */ -static int install_session_keyring_to_cred(struct cred *cred, - struct key *keyring) +int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) { unsigned long flags; struct key *old; diff -puN security/keys/request_key.c~umh-creds-convert-call_usermodehelper_keys-to-use-subprocess_info-init security/keys/request_key.c --- a/security/keys/request_key.c~umh-creds-convert-call_usermodehelper_keys-to-use-subprocess_info-init +++ a/security/keys/request_key.c @@ -58,6 +58,38 @@ void complete_request_key(struct key_con } EXPORT_SYMBOL(complete_request_key); +static int umh_keys_init(struct subprocess_info *info) +{ + struct cred *cred = (struct cred*)current_cred(); + struct key *keyring = info->data; + /* + * This is called in context of freshly forked kthread before + * kernel_execve(), we can just change our ->session_keyring. + */ + return install_session_keyring_to_cred(cred, keyring); +} + +static void umh_keys_cleanup(struct subprocess_info *info) +{ + struct key *keyring = info->data; + key_put(keyring); +} + +static int call_usermodehelper_keys(char *path, char **argv, char **envp, + struct key *session_keyring, enum umh_wait wait) +{ + gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL; + struct subprocess_info *info = + call_usermodehelper_setup(path, argv, envp, gfp_mask); + + if (!info) + return -ENOMEM; + + call_usermodehelper_setfns(info, umh_keys_init, umh_keys_cleanup, + key_get(session_keyring)); + return call_usermodehelper_exec(info, wait); +} + /* * request userspace finish the construction of a key * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>" _ Patches currently in -mm which might be from oleg@xxxxxxxxxx are origin.patch linux-next.patch posix-cpu-timers-reset-expire-cache-when-no-timer-is-running.patch cpu-timers-simplify-rlimit_cpu-handling.patch cpu-timers-cleanup-arm_timer.patch cpu-timers-return-correct-previous-timer-reload-value.patch cpu-timers-change-sigev_none-timer-implementation.patch cpu-timers-assure-to-not-iterate-over-all-threads-in-fastpath_timer_check.patch cpu-timers-optimize-run_posix_cpu_timers.patch proc-cleanup-remove-unused-assignments.patch kmod-add-init-function-to-usermodehelper.patch exec-replace-call_usermodehelper_pipe-with-use-of-umh-init-function-and-resolve-limit.patch umh-creds-convert-call_usermodehelper_keys-to-use-subprocess_info-init.patch umh-creds-kill-subprocess_info-cred-logic.patch call_usermodehelper-no-need-to-unblock-signals.patch wait_for_helper-sigchld-from-user-space-can-lead-to-use-after-free.patch call_usermodehelper-simplify-fix-umh_no_wait-case.patch call_usermodehelper-umh_wait_exec-ignores-kernel_thread-failure.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html