mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-04 20:19:47 +08:00 
			
		
		
		
	 028db3e290
			
		
	
	
		028db3e290
		
	
	
	
	
		
			
			This reverts merge0f75ef6a9c(and thus effectively commits7a1ade8475("keys: Provide KEYCTL_GRANT_PERMISSION")2e12256b9a("keys: Replace uid/gid/perm permissions checking with an ACL") that the merge brought in). It turns out that it breaks booting with an encrypted volume, and Eric biggers reports that it also breaks the fscrypt tests [1] and loading of in-kernel X.509 certificates [2]. The root cause of all the breakage is likely the same, but David Howells is off email so rather than try to work it out it's getting reverted in order to not impact the rest of the merge window. [1] https://lore.kernel.org/lkml/20190710011559.GA7973@sol.localdomain/ [2] https://lore.kernel.org/lkml/20190710013225.GB7973@sol.localdomain/ Link: https://lore.kernel.org/lkml/CAHk-=wjxoeMJfeBahnWH=9zShKp2bsVy527vo3_y8HfOdhwAAw@mail.gmail.com/ Reported-by: Eric Biggers <ebiggers@kernel.org> Cc: David Howells <dhowells@redhat.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
		
			
				
	
	
		
			44 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			44 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| // SPDX-License-Identifier: GPL-2.0-only
 | |
| /*
 | |
|  * Copyright (C) 2010 IBM Corporation
 | |
|  * Copyright (C) 2010 Politecnico di Torino, Italy
 | |
|  *                    TORSEC group -- http://security.polito.it
 | |
|  *
 | |
|  * Authors:
 | |
|  * Mimi Zohar <zohar@us.ibm.com>
 | |
|  * Roberto Sassu <roberto.sassu@polito.it>
 | |
|  *
 | |
|  * See Documentation/security/keys/trusted-encrypted.rst
 | |
|  */
 | |
| 
 | |
| #include <linux/uaccess.h>
 | |
| #include <linux/err.h>
 | |
| #include <keys/trusted-type.h>
 | |
| #include <keys/encrypted-type.h>
 | |
| #include "encrypted.h"
 | |
| 
 | |
| /*
 | |
|  * request_trusted_key - request the trusted key
 | |
|  *
 | |
|  * Trusted keys are sealed to PCRs and other metadata. Although userspace
 | |
|  * manages both trusted/encrypted key-types, like the encrypted key type
 | |
|  * data, trusted key type data is not visible decrypted from userspace.
 | |
|  */
 | |
| struct key *request_trusted_key(const char *trusted_desc,
 | |
| 				const u8 **master_key, size_t *master_keylen)
 | |
| {
 | |
| 	struct trusted_key_payload *tpayload;
 | |
| 	struct key *tkey;
 | |
| 
 | |
| 	tkey = request_key(&key_type_trusted, trusted_desc, NULL);
 | |
| 	if (IS_ERR(tkey))
 | |
| 		goto error;
 | |
| 
 | |
| 	down_read(&tkey->sem);
 | |
| 	tpayload = tkey->payload.data[0];
 | |
| 	*master_key = tpayload->key;
 | |
| 	*master_keylen = tpayload->key_len;
 | |
| error:
 | |
| 	return tkey;
 | |
| }
 |