96 lines
3.9 KiB
Diff
96 lines
3.9 KiB
Diff
|
From: Ben Hutchings <ben@decadent.org.uk>
|
||
|
Date: Sun, 29 Oct 2017 10:30:46 +0000
|
||
|
Subject: KEYS: Limit ABI change in 4.13.10
|
||
|
Forwarded: not-needed
|
||
|
|
||
|
Commit 363b02dab09b ("KEYS: Fix race between updating and finding a
|
||
|
negative key") rearranged various state members in struct key, resulting
|
||
|
in an ABI change for all keys APIs.
|
||
|
|
||
|
Only the keys subsystem and key type implementation use this state
|
||
|
information, so we can limit the ABI break to them:
|
||
|
|
||
|
- Renumber the other flags back to their old values
|
||
|
- Hide the deletion of the reject_error field from genksyms (it was only
|
||
|
used inside the keys subsystem)
|
||
|
- Move the new state field to the end of the structure and hide it from
|
||
|
genksyms
|
||
|
- Rename the register_key_type() function, so newly built key type
|
||
|
modules will only load on top of the new keys subsystem while old
|
||
|
key type modules will only load on top of the old keys subsystem
|
||
|
|
||
|
---
|
||
|
--- a/include/linux/key.h
|
||
|
+++ b/include/linux/key.h
|
||
|
@@ -174,7 +174,6 @@ struct key {
|
||
|
* - may not match RCU dereferenced payload
|
||
|
* - payload should contain own length
|
||
|
*/
|
||
|
- short state; /* Key state (+) or rejection error (-) */
|
||
|
|
||
|
#ifdef KEY_DEBUGGING
|
||
|
unsigned magic;
|
||
|
@@ -182,16 +181,16 @@ struct key {
|
||
|
#endif
|
||
|
|
||
|
unsigned long flags; /* status flags (change with bitops) */
|
||
|
-#define KEY_FLAG_DEAD 0 /* set if key type has been deleted */
|
||
|
-#define KEY_FLAG_REVOKED 1 /* set if key had been revoked */
|
||
|
-#define KEY_FLAG_IN_QUOTA 2 /* set if key consumes quota */
|
||
|
-#define KEY_FLAG_USER_CONSTRUCT 3 /* set if key is being constructed in userspace */
|
||
|
-#define KEY_FLAG_ROOT_CAN_CLEAR 4 /* set if key can be cleared by root without permission */
|
||
|
-#define KEY_FLAG_INVALIDATED 5 /* set if key has been invalidated */
|
||
|
-#define KEY_FLAG_BUILTIN 6 /* set if key is built in to the kernel */
|
||
|
-#define KEY_FLAG_ROOT_CAN_INVAL 7 /* set if key can be invalidated by root without permission */
|
||
|
-#define KEY_FLAG_KEEP 8 /* set if key should not be removed */
|
||
|
-#define KEY_FLAG_UID_KEYRING 9 /* set if key is a user or user session keyring */
|
||
|
+#define KEY_FLAG_DEAD 1 /* set if key type has been deleted */
|
||
|
+#define KEY_FLAG_REVOKED 2 /* set if key had been revoked */
|
||
|
+#define KEY_FLAG_IN_QUOTA 3 /* set if key consumes quota */
|
||
|
+#define KEY_FLAG_USER_CONSTRUCT 4 /* set if key is being constructed in userspace */
|
||
|
+#define KEY_FLAG_ROOT_CAN_CLEAR 6 /* set if key can be cleared by root without permission */
|
||
|
+#define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */
|
||
|
+#define KEY_FLAG_BUILTIN 8 /* set if key is built in to the kernel */
|
||
|
+#define KEY_FLAG_ROOT_CAN_INVAL 9 /* set if key can be invalidated by root without permission */
|
||
|
+#define KEY_FLAG_KEEP 10 /* set if key should not be removed */
|
||
|
+#define KEY_FLAG_UID_KEYRING 11 /* set if key is a user or user session keyring */
|
||
|
|
||
|
/* the key type and key description string
|
||
|
* - the desc is used to match a key against search criteria
|
||
|
@@ -217,6 +216,9 @@ struct key {
|
||
|
struct list_head name_link;
|
||
|
struct assoc_array keys;
|
||
|
};
|
||
|
+#ifdef __GENKSYMS__
|
||
|
+ int reject_error;
|
||
|
+#endif
|
||
|
};
|
||
|
|
||
|
/* This is set on a keyring to restrict the addition of a link to a key
|
||
|
@@ -231,6 +233,10 @@ struct key {
|
||
|
* restriction.
|
||
|
*/
|
||
|
struct key_restriction *restrict_link;
|
||
|
+
|
||
|
+#ifndef __GENKSYMS__
|
||
|
+ short state; /* Key state (+) or rejection error (-) */
|
||
|
+#endif
|
||
|
};
|
||
|
|
||
|
extern struct key *key_alloc(struct key_type *type,
|
||
|
--- a/include/linux/key-type.h
|
||
|
+++ b/include/linux/key-type.h
|
||
|
@@ -162,6 +162,12 @@ struct key_type {
|
||
|
|
||
|
extern struct key_type key_type_keyring;
|
||
|
|
||
|
+/*
|
||
|
+ * ABI compat: Rename register function so newly built key type modules
|
||
|
+ * will require a new kernel and can then safely assume the existence of the
|
||
|
+ * key::state field. Other keys users don't access it and are unaffected.
|
||
|
+ */
|
||
|
+#define register_key_type register_key_type_2
|
||
|
extern int register_key_type(struct key_type *ktype);
|
||
|
extern void unregister_key_type(struct key_type *ktype);
|
||
|
|