[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <D3QWKEINML37.2DGN2KEH1N173@kernel.org>
Date: Tue, 27 Aug 2024 21:24:18 +0300
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "David Howells" <dhowells@...hat.com>
Cc: <keyrings@...r.kernel.org>, <linux-security-module@...r.kernel.org>,
<linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 5/7] keys: Use key_get() instead of __key_get()
On Wed Aug 21, 2024 at 3:36 PM EEST, David Howells wrote:
> Switch users of __key_get() over to key_get() so that they benefit from the
> future tracepointage thereof also and remove __key_get().
>
> Signed-off-by: David Howells <dhowells@...hat.com>
> cc: Jarkko Sakkinen <jarkko@...nel.org>
> cc: keyrings@...r.kernel.org
> cc: linux-security-module@...r.kernel.org
> ---
> Documentation/security/keys/core.rst | 1 -
> crypto/asymmetric_keys/restrict.c | 6 +++---
> include/linux/key.h | 6 ------
> security/keys/keyring.c | 4 ++--
> security/keys/process_keys.c | 15 ++++++---------
> 5 files changed, 11 insertions(+), 21 deletions(-)
>
> diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst
> index 326b8a973828..0b179540d885 100644
> --- a/Documentation/security/keys/core.rst
> +++ b/Documentation/security/keys/core.rst
> @@ -1217,7 +1217,6 @@ payload contents" for more information.
> * Extra references can be made to a key by calling one of the following
> functions::
>
> - struct key *__key_get(struct key *key);
> struct key *key_get(struct key *key);
>
> Keys so references will need to be disposed of by calling key_put() when
> diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c
> index afcd4d101ac5..1ea7bfd4e5d7 100644
> --- a/crypto/asymmetric_keys/restrict.c
> +++ b/crypto/asymmetric_keys/restrict.c
> @@ -267,20 +267,20 @@ static int key_or_keyring_common(struct key *dest_keyring,
> if (!sig->auth_ids[0] && !sig->auth_ids[1]) {
> if (asymmetric_key_id_same(signer_ids[2],
> sig->auth_ids[2]))
> - key = __key_get(trusted);
> + key = key_get(trusted);
>
> } else if (!sig->auth_ids[0] || !sig->auth_ids[1]) {
> const struct asymmetric_key_id *auth_id;
>
> auth_id = sig->auth_ids[0] ?: sig->auth_ids[1];
> if (match_either_id(signer_ids, auth_id))
> - key = __key_get(trusted);
> + key = key_get(trusted);
>
> } else if (asymmetric_key_id_same(signer_ids[1],
> sig->auth_ids[1]) &&
> match_either_id(signer_ids,
> sig->auth_ids[0])) {
> - key = __key_get(trusted);
> + key = key_get(trusted);
> }
> } else {
> return -EOPNOTSUPP;
> diff --git a/include/linux/key.h b/include/linux/key.h
> index 50a19e5f9e45..80d736813b89 100644
> --- a/include/linux/key.h
> +++ b/include/linux/key.h
> @@ -304,12 +304,6 @@ extern void key_put(struct key *key);
> extern bool key_put_tag(struct key_tag *tag);
> extern void key_remove_domain(struct key_tag *domain_tag);
>
> -static inline struct key *__key_get(struct key *key)
> -{
> - refcount_inc(&key->usage);
> - return key;
> -}
> -
> static inline void key_ref_put(key_ref_t key_ref)
> {
> key_put(key_ref_to_ptr(key_ref));
> diff --git a/security/keys/keyring.c b/security/keys/keyring.c
> index 7f02b913c560..e77d927f1d4d 100644
> --- a/security/keys/keyring.c
> +++ b/security/keys/keyring.c
> @@ -1122,7 +1122,7 @@ key_ref_t find_key_to_update(key_ref_t keyring_ref,
> kleave(" = NULL [x]");
> return NULL;
> }
> - __key_get(key);
> + key_get(key);
> kleave(" = {%d}", key->serial);
> return make_key_ref(key, is_key_possessed(keyring_ref));
> }
> @@ -1367,7 +1367,7 @@ int __key_link_check_live_key(struct key *keyring, struct key *key)
> void __key_link(struct key *keyring, struct key *key,
> struct assoc_array_edit **_edit)
> {
> - __key_get(key);
> + key_get(key);
> assoc_array_insert_set_object(*_edit, keyring_key_to_ptr(key));
> assoc_array_apply_edit(*_edit);
> *_edit = NULL;
> diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
> index b5d5333ab330..01291b2d0888 100644
> --- a/security/keys/process_keys.c
> +++ b/security/keys/process_keys.c
> @@ -333,7 +333,7 @@ int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
> if (IS_ERR(keyring))
> return PTR_ERR(keyring);
> } else {
> - __key_get(keyring);
> + key_get(keyring);
> }
>
> /* install the keyring */
> @@ -641,7 +641,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
> }
>
> key = ctx.cred->thread_keyring;
> - __key_get(key);
> + key_get(key);
> key_ref = make_key_ref(key, 1);
> break;
>
> @@ -658,8 +658,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
> goto reget_creds;
> }
>
> - key = ctx.cred->process_keyring;
> - __key_get(key);
> + key = key_get(ctx.cred->process_keyring);
> key_ref = make_key_ref(key, 1);
> break;
>
> @@ -688,8 +687,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
> goto reget_creds;
> }
>
> - key = ctx.cred->session_keyring;
> - __key_get(key);
> + key = key_get(ctx.cred->session_keyring);
> key_ref = make_key_ref(key, 1);
> break;
>
> @@ -717,7 +715,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
> if (!key)
> goto error;
>
> - __key_get(key);
> + key_get(key);
> key_ref = make_key_ref(key, 1);
> break;
>
> @@ -732,8 +730,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
> key = NULL;
> } else {
> rka = ctx.cred->request_key_auth->payload.data[0];
> - key = rka->dest_keyring;
> - __key_get(key);
> + key = key_get(rka->dest_keyring);
> }
> up_read(&ctx.cred->request_key_auth->sem);
> if (!key)
Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org>
BR, Jarkko
Powered by blists - more mailing lists