From 028db3e290f15ac509084c0fc3b9d021f668f877 Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Wed, 10 Jul 2019 18:43:43 -0700 Subject: Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs" This reverts merge 0f75ef6a9cff49ff612f7ce0578bced9d0b38325 (and thus effectively commits 7a1ade847596 ("keys: Provide KEYCTL_GRANT_PERMISSION") 2e12256b9a76 ("keys: Replace uid/gid/perm permissions checking with an ACL") that the merge brought in). It turns out that it breaks booting with an encrypted volume, and Eric biggers reports that it also breaks the fscrypt tests [1] and loading of in-kernel X.509 certificates [2]. The root cause of all the breakage is likely the same, but David Howells is off email so rather than try to work it out it's getting reverted in order to not impact the rest of the merge window. [1] https://lore.kernel.org/lkml/20190710011559.GA7973@sol.localdomain/ [2] https://lore.kernel.org/lkml/20190710013225.GB7973@sol.localdomain/ Link: https://lore.kernel.org/lkml/CAHk-=wjxoeMJfeBahnWH=9zShKp2bsVy527vo3_y8HfOdhwAAw@mail.gmail.com/ Reported-by: Eric Biggers Cc: David Howells Cc: James Morris Signed-off-by: Linus Torvalds --- security/keys/internal.h | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) (limited to 'security/keys/internal.h') diff --git a/security/keys/internal.h b/security/keys/internal.h index e0c5bb8b1685..c039373488bd 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h @@ -84,11 +84,8 @@ extern struct rb_root key_serial_tree; extern spinlock_t key_serial_lock; extern struct mutex key_construction_mutex; extern wait_queue_head_t request_key_conswq; -extern struct key_acl default_key_acl; -extern struct key_acl joinable_keyring_acl; extern void key_set_index_key(struct keyring_index_key *index_key); - extern struct key_type *key_type_lookup(const char *type); extern void key_type_put(struct key_type *ktype); @@ -159,7 +156,6 @@ extern struct key *request_key_and_link(struct key_type *type, const void *callout_info, size_t callout_len, void *aux, - struct key_acl *acl, struct key *dest_keyring, unsigned long flags); @@ -183,10 +179,7 @@ extern void key_gc_keytype(struct key_type *ktype); extern int key_task_permission(const key_ref_t key_ref, const struct cred *cred, - u32 desired_perm); -extern unsigned int key_acl_to_perm(const struct key_acl *acl); -extern long key_set_acl(struct key *key, struct key_acl *acl); -extern void key_put_acl(struct key_acl *acl); + key_perm_t perm); /* * Check to see whether permission is granted to use a key in the desired way. @@ -233,7 +226,7 @@ extern long keyctl_keyring_search(key_serial_t, const char __user *, const char __user *, key_serial_t); extern long keyctl_read_key(key_serial_t, char __user *, size_t); extern long keyctl_chown_key(key_serial_t, uid_t, gid_t); -extern long keyctl_setperm_key(key_serial_t, unsigned int); +extern long keyctl_setperm_key(key_serial_t, key_perm_t); extern long keyctl_instantiate_key(key_serial_t, const void __user *, size_t, key_serial_t); extern long keyctl_negate_key(key_serial_t, unsigned, key_serial_t); @@ -338,11 +331,6 @@ static inline long keyctl_pkey_e_d_s(int op, extern long keyctl_capabilities(unsigned char __user *_buffer, size_t buflen); -extern long keyctl_grant_permission(key_serial_t keyid, - enum key_ace_subject_type type, - unsigned int subject, - unsigned int perm); - /* * Debugging key validation */ -- cgit v1.2.3