This is the approach I proposed at <https://lore.kernel.org/all/CAG48ez2bnvuX8i-D=5DxmfzEOKTWAf-DkgQq6aNC4WzSGoEGHg@xxxxxxxxxxxxxx/> to get rid of the cred_transfer stuff. What do you think? Synchronously waiting for task work is a bit ugly, but at least this condenses the uglyness in the keys subsystem instead of making the rest of the security subsystem deal with this stuff. Another approach to simplify things further would be to try to move the session keyring out of the creds entirely and just let the child update it directly with appropriate locking, but I don't know enough about the keys subsystem to know if that would maybe break stuff that relies on override_creds() also overriding the keyrings, or something like that. Signed-off-by: Jann Horn <jannh@xxxxxxxxxx> --- Changes in v2: - use interruptible wait instead of killable - split into two patches (Jarkko) - Link to v1: https://lore.kernel.org/r/20240802-remove-cred-transfer-v1-1-b3fef1ef2ade@xxxxxxxxxx --- Jann Horn (2): KEYS: use synchronous task work for changing parent credentials security: remove unused cred_alloc_blank/cred_transfer helpers include/linux/cred.h | 1 - include/linux/lsm_hook_defs.h | 3 -- include/linux/security.h | 12 ----- kernel/cred.c | 23 --------- security/apparmor/lsm.c | 19 -------- security/keys/internal.h | 8 ++++ security/keys/keyctl.c | 107 +++++++++++++----------------------------- security/keys/process_keys.c | 86 +++++++++++++++++---------------- security/landlock/cred.c | 11 +---- security/security.c | 35 -------------- security/selinux/hooks.c | 12 ----- security/smack/smack_lsm.c | 32 ------------- 12 files changed, 89 insertions(+), 260 deletions(-) --- base-commit: c0ecd6388360d930440cc5554026818895199923 change-id: 20240802-remove-cred-transfer-493a3b696da2 -- Jann Horn <jannh@xxxxxxxxxx>
