函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\keys\process_keys.c Create Date:2022-07-27 19:57:13
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:Look up a key ID given us by userspace with a given permissions mask to get* the key it refers to.* Flags can be passed to request that special keyrings be created if referred* to directly, to permit partially constructed keys to be found and to skip

函数原型:key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, key_perm_t perm)

返回类型:key_ref_t

参数:

类型参数名称
key_serial_tid
unsigned longlflags
key_perm_tperm
614  struct keyring_search_context ctx = {cmp = See if the key we're looking at is the target key., Type of lookup for this search. = Direct lookup by description. , flags = (Skip state checks | Search child keyrings also ), }
625  try_again :
626  cred等于get_current_cred - Get the current task's subjective credentials* Get the subjective credentials of the current task, pinning them so that* they can't go away. Accessing the current task's credentials directly is* not permitted.()
627  key_ref等于错误号
630  :id恒等于- key ID for thread-specific keyring
631  如果非 keyring private to this thread
632  如果非lflags按位与KEY_LOOKUP_CREATE的值则转到:error
635  ret等于Install a thread keyring to the current task if it didn't have one already.* Return: 0 if a thread keyring is now present; -errno on failure.
636  如果ret小于0则
637  key_ref等于错误号
638  转到:error
640  转到:reget_creds
643  key等于 keyring private to this thread
644  __key_get(key)
645  key_ref等于make_key_ref(key, 1)
646  退出
648  :id恒等于- key ID for process-specific keyring
649  如果非 keyring private to this process
650  如果非lflags按位与KEY_LOOKUP_CREATE的值则转到:error
653  ret等于Install a process keyring to the current task if it didn't have one already.* Return: 0 if a process keyring is now present; -errno on failure.
654  如果ret小于0则
655  key_ref等于错误号
656  转到:error
658  转到:reget_creds
661  key等于 keyring private to this process
662  __key_get(key)
663  key_ref等于make_key_ref(key, 1)
664  退出
666  :id恒等于- key ID for session-specific keyring
667  如果非 keyring inherited over fork
670  ret等于Look up the user and user session keyrings for the current process's UID,* creating them if they don't exist.
671  如果ret小于0则转到:error
673  如果lflags按位与KEY_LOOKUP_CREATEret等于Join the named keyring as the session keyring if possible else attempt to* create a new one of that name and join that
675  否则ret等于Install the given keyring as the session keyring of the current task,* replacing the existing one if any. If the given keyring is NULL, then* install a new anonymous session keyring.* Return: 0 on success; -errno on failure.
678  key_put - Discard a reference to a key.*@key: The key to discard a reference from.* Discard a reference to a key, and when all the references are gone, we* schedule the cleanup task to come and pull it out of the tree in process
679  如果ret小于0则转到:error
681  转到:reget_creds
682  否则如果st_bit - Determine whether a bit is set*@nr: bit number to test*@addr: Address to start counting fromlflags按位与KEY_LOOKUP_CREATE
685  ret等于Join the named keyring as the session keyring if possible else attempt to* create a new one of that name and join that
686  如果ret小于0则转到:error
688  转到:reget_creds
691  key等于 keyring inherited over fork
692  __key_get(key)
693  key_ref等于make_key_ref(key, 1)
694  退出
696  :id恒等于- key ID for UID-specific keyring
697  ret等于Look up the user and user session keyrings for the current process's UID,* creating them if they don't exist.
698  如果ret小于0则转到:error
700  key_ref等于make_key_ref(key, 1)
701  退出
703  :id恒等于- key ID for UID-session keyring
704  ret等于Look up the user and user session keyrings for the current process's UID,* creating them if they don't exist.
705  如果ret小于0则转到:error
707  key_ref等于make_key_ref(key, 1)
708  退出
710  :id恒等于- key ID for GID-specific keyring
712  key_ref等于错误号
713  转到:error
715  :id恒等于- key ID for assumed request_key auth key
716  key等于 assumed request_key authority
717  如果非key则转到:error
720  __key_get(key)
721  key_ref等于make_key_ref(key, 1)
722  退出
724  :id恒等于- key ID for request_key() dest keyring
725  如果非 assumed request_key authority 则转到:error
728  lock for reading
729  如果st_bit - Determine whether a bit is set*@nr: bit number to test*@addr: Address to start counting from
731  key_ref等于错误号
732  key = NULL
733  否则
734  rka等于data[0]
735  key等于dest_keyring
736  __key_get(key)
738  lease a read lock
739  如果非key则转到:error
741  key_ref等于make_key_ref(key, 1)
742  退出
744  默认
745  key_ref等于错误号
746  如果id小于1则转到:error
749  key等于Find a key by its serial number.
750  如果是错误
751  key_ref等于错误指示
752  转到:error
755  key_ref等于make_key_ref(key, 0)
758  index_key等于index_key
759  Raw match data 等于key
760  kdebug("check possessed")
761  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
762  skey_ref等于Search the process keyrings attached to the supplied cred for the first* matching key in the manner of search_my_process_keyrings(), but also search* the keys attached to the assumed authorisation key using its credentials if* one is available.
763  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
764  kdebug("possessed=%p", skey_ref)
766  如果非是错误
767  key_put - Discard a reference to a key.*@key: The key to discard a reference from.* Discard a reference to a key, and when all the references are gone, we* schedule the cleanup task to come and pull it out of the tree in process
768  key_ref等于skey_ref
771  退出
776  如果lflags按位与KEY_LOOKUP_FOR_UNLINK
777  ret等于0
778  转到:error
781  如果非lflags按位与KEY_LOOKUP_PARTIAL的值则
782  ret等于wait_for_key_construction - Wait for construction of a key to complete*@key: The key being waited for
784  :ret恒等于负These should never be seen by user programs. To return one of ERESTART** codes, signal_pending() MUST be set. Note that ptrace can observe these* at syscall exit tracing, but they will never be left for the debugged user* process to see.
785  转到:invalid_key
786  默认
787  如果perm则转到:invalid_key
789  :ret恒等于0
790  退出
792  否则如果perm
793  ret等于key_validate - Validate a key.*@key: The key to be validated.* Check that a key is valid, returning 0 if the key is okay, -ENOKEY if the* key is invalidated, -EKEYREVOKED if the key's type has been removed or if
794  如果ret小于0则转到:invalid_key
798  ret等于负EIO
799  如果非lflags按位与KEY_LOOKUP_PARTIAL的值且key_read_state(key)恒等于KEY_IS_UNINSTANTIATED则转到:invalid_key
804  ret等于key_task_permission - Check a key can be used*@key_ref: The key to check.*@cred: The credentials to use.*@perm: The permissions to check for.* Check to see whether permission is granted to use a key in the desired way,
805  如果ret小于0则转到:invalid_key
808  last time used for LRU keyring discard 等于ktime_get_real_seconds - Get the seconds portion of CLOCK_REALTIME* Returns the wall clock seconds since 1970. This replaces the* get_seconds() interface which is not y2038 safe on 32bit systems.
810  error :
811  put_cred - Release a reference to a set of credentials*@cred: The credentials to release* Release a reference to a set of credentials, deleting them when the last ref* is released
812  返回:key_ref
814  invalid_key :
815  key_ref_put(key_ref)
816  key_ref等于错误号
817  转到:error
821  reget_creds :
822  put_cred - Release a reference to a set of credentials*@cred: The credentials to release* Release a reference to a set of credentials, deleting them when the last ref* is released
823  转到:try_again
调用者
名称描述
SYSCALL_DEFINE4Search the process keyrings and keyring trees linked from those for a* matching key. Keyrings must have appropriate Search permission to be* searched.* If a key is found, it will be attached to the destination keyring if there's
keyctl_get_keyring_IDGet the ID of the specified process keyring.* The requested keyring must have search permission to be found.* If successful, the ID of the requested keyring will be returned.
keyctl_update_keyUpdate a key's data payload from the given data.* The key must grant the caller Write permission and the key type must support* updating for this to work. A negative key can be positively instantiated* with this call.* If successful, 0 will be returned
keyctl_revoke_keyRevoke a key.* The key must be grant the caller Write or Setattr permission for this to* work. The key type should give up its quota claim when revoked. The key* and any links to the key will be automatically garbage collected after a
keyctl_invalidate_keyInvalidate a key.* The key must be grant the caller Invalidate permission for this to work.* The key and any links to the key will be automatically garbage collected* immediately.* Keys with KEY_FLAG_KEEP set should not be invalidated.
keyctl_keyring_clearClear the specified keyring, creating an empty process keyring if one of the* special keyring IDs is used.* The keyring must grant the caller Write permission and not have* KEY_FLAG_KEEP set for this to work. If successful, 0 will be returned.
keyctl_keyring_linkCreate a link from a keyring to a key if there's no matching key in the* keyring, otherwise replace the link to the matching key with a link to the* new key.* The key must grant the caller Link permission and the the keyring must grant
keyctl_keyring_unlinkUnlink a key from a keyring.* The keyring must grant the caller Write permission for this to work; the key* itself need not grant the caller anything. If the last link to a key is* removed then that key will be scheduled for destruction.
keyctl_keyring_moveMove a link to a key from one keyring to another, displacing any matching* key from the destination keyring.* The key must grant the caller Link permission and both keyrings must grant* the caller Write permission
keyctl_describe_keyReturn a description of a key to userspace
keyctl_keyring_searchSearch the specified keyring and any keyrings it links to for a matching* key
keyctl_read_keyRead a key's payload
keyctl_chown_keyChange the ownership of a key* The key must grant the caller Setattr permission for this to work, though* the key need not be fully instantiated yet. For the UID to be changed, or* for the GID to be changed to a group the caller is not a member of, the
keyctl_setperm_keyChange the permission mask on a key.* The key must grant the caller Setattr permission for this to work, though* the key need not be fully instantiated yet. If the caller does not have
get_instantiation_keyringGet the destination keyring for instantiation and check that the caller has* Write permission on it.
keyctl_set_timeoutSet or clear the timeout on a key.* Either the key must grant the caller Setattr permission or else the caller* must hold an instantiation authorisation token for the key.* The timeout is either 0 to clear the timeout, or a number of seconds from
keyctl_get_securityGet a key's the LSM security label.* The key must grant the caller View permission for this to work.* If there's a buffer, then up to buflen bytes of data will be placed into it.* If successful, the amount of information available will be returned,
keyctl_session_to_parentAttempt to install the calling process's session keyring on the process's* parent process.* The keyring must exist and must grant the caller LINK permission, and the* parent process must be single-threaded and must have the same effective
keyctl_restrict_keyringApply a restriction to a given keyring.* The caller must have Setattr permission to change keyring restrictions.* The requested type name may be a NULL pointer to reject all attempts* to link to the keyring. In this case, _restriction must also be NULL.
keyctl_get_persistentGet the persistent keyring for a specific UID and link it to the nominated* keyring.
dh_data_from_key
keyctl_pkey_params_getInterpret parameters. Callers must always call the free function* on params, even if an error is returned.
SYSCALL_DEFINE5Extract the description of a new key from userspace and either add it as a* new key to the specified keyring or update a matching key in that keyring.* If the description is NULL or an empty string, the key type is asked to* generate one from the payload.