summaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2015-10-21 14:04:48 +0100
committerDavid Howells <dhowells@redhat.com>2015-10-21 15:18:36 +0100
commit146aa8b1453bd8f1ff2304ffb71b4ee0eb9acdcc (patch)
treea89ef2cd2e8029b0c09a58739cca0e7e2e68f4db /Documentation
parent4adc605edc5f744dcf432241b5996ff6a13d868c (diff)
KEYS: Merge the type-specific data with the payload data
Merge the type-specific data with the payload data into one four-word chunk as it seems pointless to keep them separate. Use user_key_payload() for accessing the payloads of overloaded user-defined keys. Signed-off-by: David Howells <dhowells@redhat.com> cc: linux-cifs@vger.kernel.org cc: ecryptfs@vger.kernel.org cc: linux-ext4@vger.kernel.org cc: linux-f2fs-devel@lists.sourceforge.net cc: linux-nfs@vger.kernel.org cc: ceph-devel@vger.kernel.org cc: linux-ima-devel@lists.sourceforge.net
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/crypto/asymmetric-keys.txt27
-rw-r--r--Documentation/security/keys.txt41
2 files changed, 39 insertions, 29 deletions
diff --git a/Documentation/crypto/asymmetric-keys.txt b/Documentation/crypto/asymmetric-keys.txt
index b7675904a747..8c07e0ea6bc0 100644
--- a/Documentation/crypto/asymmetric-keys.txt
+++ b/Documentation/crypto/asymmetric-keys.txt
@@ -186,7 +186,7 @@ and looks like the following:
const struct public_key_signature *sig);
};
-Asymmetric keys point to this with their type_data[0] member.
+Asymmetric keys point to this with their payload[asym_subtype] member.
The owner and name fields should be set to the owning module and the name of
the subtype. Currently, the name is only used for print statements.
@@ -269,8 +269,7 @@ mandatory:
struct key_preparsed_payload {
char *description;
- void *type_data[2];
- void *payload;
+ void *payload[4];
const void *data;
size_t datalen;
size_t quotalen;
@@ -283,16 +282,18 @@ mandatory:
not theirs.
If the parser is happy with the blob, it should propose a description for
- the key and attach it to ->description, ->type_data[0] should be set to
- point to the subtype to be used, ->payload should be set to point to the
- initialised data for that subtype, ->type_data[1] should point to a hex
- fingerprint and quotalen should be updated to indicate how much quota this
- key should account for.
-
- When clearing up, the data attached to ->type_data[1] and ->description
- will be kfree()'d and the data attached to ->payload will be passed to the
- subtype's ->destroy() method to be disposed of. A module reference for
- the subtype pointed to by ->type_data[0] will be put.
+ the key and attach it to ->description, ->payload[asym_subtype] should be
+ set to point to the subtype to be used, ->payload[asym_crypto] should be
+ set to point to the initialised data for that subtype,
+ ->payload[asym_key_ids] should point to one or more hex fingerprints and
+ quotalen should be updated to indicate how much quota this key should
+ account for.
+
+ When clearing up, the data attached to ->payload[asym_key_ids] and
+ ->description will be kfree()'d and the data attached to
+ ->payload[asm_crypto] will be passed to the subtype's ->destroy() method
+ to be disposed of. A module reference for the subtype pointed to by
+ ->payload[asym_subtype] will be put.
If the data format is not recognised, -EBADMSG should be returned. If it
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index c9e7f4f223a5..8c183873b2b7 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -1049,12 +1049,12 @@ search a specific keyring, so using keyrings in this way is of limited utility.
NOTES ON ACCESSING PAYLOAD CONTENTS
===================================
-The simplest payload is just a number in key->payload.value. In this case,
-there's no need to indulge in RCU or locking when accessing the payload.
+The simplest payload is just data stored in key->payload directly. In this
+case, there's no need to indulge in RCU or locking when accessing the payload.
-More complex payload contents must be allocated and a pointer to them set in
-key->payload.data. One of the following ways must be selected to access the
-data:
+More complex payload contents must be allocated and pointers to them set in the
+key->payload.data[] array. One of the following ways must be selected to
+access the data:
(1) Unmodifiable key type.
@@ -1092,6 +1092,13 @@ data:
the payload. key->datalen cannot be relied upon to be consistent with the
payload just dereferenced if the key's semaphore is not held.
+ Note that key->payload.data[0] has a shadow that is marked for __rcu
+ usage. This is called key->payload.rcu_data0. The following accessors
+ wrap the RCU calls to this element:
+
+ rcu_assign_keypointer(struct key *key, void *data);
+ void *rcu_dereference_key(struct key *key);
+
===================
DEFINING A KEY TYPE
@@ -1143,8 +1150,7 @@ The structure has a number of fields, some of which are mandatory:
struct key_preparsed_payload {
char *description;
- void *type_data[2];
- void *payload;
+ union key_payload payload;
const void *data;
size_t datalen;
size_t quotalen;
@@ -1160,10 +1166,9 @@ The structure has a number of fields, some of which are mandatory:
attached as a string to the description field. This will be used for the
key description if the caller of add_key() passes NULL or "".
- The method can attach anything it likes to type_data[] and payload. These
- are merely passed along to the instantiate() or update() operations. If
- set, the expiry time will be applied to the key if it is instantiated from
- this data.
+ The method can attach anything it likes to payload. This is merely passed
+ along to the instantiate() or update() operations. If set, the expiry
+ time will be applied to the key if it is instantiated from this data.
The method should return 0 if successful or a negative error code
otherwise.
@@ -1172,11 +1177,10 @@ The structure has a number of fields, some of which are mandatory:
(*) void (*free_preparse)(struct key_preparsed_payload *prep);
This method is only required if the preparse() method is provided,
- otherwise it is unused. It cleans up anything attached to the
- description, type_data and payload fields of the key_preparsed_payload
- struct as filled in by the preparse() method. It will always be called
- after preparse() returns successfully, even if instantiate() or update()
- succeed.
+ otherwise it is unused. It cleans up anything attached to the description
+ and payload fields of the key_preparsed_payload struct as filled in by the
+ preparse() method. It will always be called after preparse() returns
+ successfully, even if instantiate() or update() succeed.
(*) int (*instantiate)(struct key *key, struct key_preparsed_payload *prep);
@@ -1197,6 +1201,11 @@ The structure has a number of fields, some of which are mandatory:
It is safe to sleep in this method.
+ generic_key_instantiate() is provided to simply copy the data from
+ prep->payload.data[] to key->payload.data[], with RCU-safe assignment on
+ the first element. It will then clear prep->payload.data[] so that the
+ free_preparse method doesn't release the data.
+
(*) int (*update)(struct key *key, const void *data, size_t datalen);