tmp_suning_uos_patched/security/keys
David Howells 7743c48e54 keys: Cache result of request_key*() temporarily in task_struct
If a filesystem uses keys to hold authentication tokens, then it needs a
token for each VFS operation that might perform an authentication check -
either by passing it to the server, or using to perform a check based on
authentication data cached locally.

For open files this isn't a problem, since the key should be cached in the
file struct since it represents the subject performing operations on that
file descriptor.

During pathwalk, however, there isn't anywhere to cache the key, except
perhaps in the nameidata struct - but that isn't exposed to the
filesystems.  Further, a pathwalk can incur a lot of operations, calling
one or more of the following, for instance:

	->lookup()
	->permission()
	->d_revalidate()
	->d_automount()
	->get_acl()
	->getxattr()

on each dentry/inode it encounters - and each one may need to call
request_key().  And then, at the end of pathwalk, it will call the actual
operation:

	->mkdir()
	->mknod()
	->getattr()
	->open()
	...

which may need to go and get the token again.

However, it is very likely that all of the operations on a single
dentry/inode - and quite possibly a sequence of them - will all want to use
the same authentication token, which suggests that caching it would be a
good idea.

To this end:

 (1) Make it so that a positive result of request_key() and co. that didn't
     require upcalling to userspace is cached temporarily in task_struct.

 (2) The cache is 1 deep, so a new result displaces the old one.

 (3) The key is released by exit and by notify-resume.

 (4) The cache is cleared in a newly forked process.

Signed-off-by: David Howells <dhowells@redhat.com>
2019-06-19 16:10:15 +01:00
..
encrypted-keys crypto: shash - remove shash_desc::flags 2019-04-25 15:38:12 +08:00
big_key.c big key: get rid of stack array allocation 2018-05-11 13:07:45 -07:00
compat_dh.c KEYS: DH: validate __spare field 2017-07-14 11:01:38 +10:00
compat.c keys: Add capability-checking keyctl function 2019-06-19 13:27:45 +01:00
dh.c crypto: shash - remove shash_desc::flags 2019-04-25 15:38:12 +08:00
gc.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00
internal.h keys: Move the RCU locks outwards from the keyring search functions 2019-06-19 16:10:15 +01:00
Kconfig keys: Cache result of request_key*() temporarily in task_struct 2019-06-19 16:10:15 +01:00
key.c keys: Invalidate used request_key authentication keys 2019-06-19 16:10:15 +01:00
keyctl_pkey.c KEYS: fix parsing invalid pkey info string 2019-01-01 13:13:19 -08:00
keyctl.c keys: Add capability-checking keyctl function 2019-06-19 13:27:45 +01:00
keyring.c keys: Move the RCU locks outwards from the keyring search functions 2019-06-19 16:10:15 +01:00
Makefile KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2] 2018-10-26 09:30:46 +01:00
permission.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00
persistent.c sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h> 2017-03-02 08:42:31 +01:00
proc.c keys: Move the RCU locks outwards from the keyring search functions 2019-06-19 16:10:15 +01:00
process_keys.c keys: Move the RCU locks outwards from the keyring search functions 2019-06-19 16:10:15 +01:00
request_key_auth.c keys: Move the RCU locks outwards from the keyring search functions 2019-06-19 16:10:15 +01:00
request_key.c keys: Cache result of request_key*() temporarily in task_struct 2019-06-19 16:10:15 +01:00
sysctl.c security: Convert use of typedef ctl_table to struct ctl_table 2014-04-15 13:39:58 +10:00
trusted.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-05-06 20:15:06 -07:00
user_defined.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00