security/keys/keyctl.c
Source file repositories/reference/linux-study-clean/security/keys/keyctl.c
File Facts
- System
- Linux kernel
- Corpus path
security/keys/keyctl.c- Extension
.c- Size
- 51063 bytes
- Lines
- 2039
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: syscall or user/kernel boundary
- Status
- core implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Defines or participates in a user/kernel boundary; inspect argument validation, copy_from_user/copy_to_user, credentials, and dispatch target.
- Touches user memory; correctness depends on fault-safe copying and privilege boundary handling.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/init.hlinux/sched.hlinux/sched/task.hlinux/slab.hlinux/syscalls.hlinux/key.hlinux/keyctl.hlinux/fs.hlinux/capability.hlinux/cred.hlinux/string.hlinux/err.hlinux/vmalloc.hlinux/security.hlinux/uio.hlinux/uaccess.hkeys/request_key_auth-type.hinternal.h
Detected Declarations
syscall add_keysyscall request_keysyscall keyctlfunction key_get_type_from_userfunction keyctl_get_keyring_IDfunction afunction keyctl_update_keyfunction timefunction keyctl_invalidate_keyfunction keyctl_keyring_clearfunction keyctl_keyring_linkfunction keyctl_keyring_unlinkfunction keyctl_keyring_movefunction keyctl_describe_keyfunction keyctl_keyring_searchfunction __keyctl_read_keyfunction keyctl_read_keyfunction changefunction keyctl_chown_keyfunction keyctl_setperm_keyfunction get_instantiation_keyringfunction keyfunction keyctl_change_reqkey_authfunction workfunction workfunction workfunction timeoutfunction timeoutfunction request_keyfunction keyctl_set_timeoutfunction Assumefunction copiedfunction keyctl_session_to_parentfunction keyctl_restrict_keyringfunction keyctl_watch_keyfunction keyctl_capabilities
Annotated Snippet
SYSCALL_DEFINE5(add_key, const char __user *, _type,
const char __user *, _description,
const void __user *, _payload,
size_t, plen,
key_serial_t, ringid)
{
key_ref_t keyring_ref, key_ref;
char type[32], *description;
void *payload;
long ret;
ret = -EINVAL;
if (plen > 1024 * 1024 - 1)
goto error;
/* draw all the data into kernel space */
ret = key_get_type_from_user(type, _type, sizeof(type));
if (ret < 0)
goto error;
description = NULL;
if (_description) {
description = strndup_user(_description, KEY_MAX_DESC_SIZE);
if (IS_ERR(description)) {
ret = PTR_ERR(description);
goto error;
}
if (!*description) {
kfree(description);
description = NULL;
} else if ((description[0] == '.') &&
(strncmp(type, "keyring", 7) == 0)) {
ret = -EPERM;
goto error2;
}
}
/* pull the payload in if one was supplied */
payload = NULL;
if (plen) {
ret = -ENOMEM;
payload = kvmalloc(plen, GFP_KERNEL);
if (!payload)
goto error2;
ret = -EFAULT;
if (copy_from_user(payload, _payload, plen) != 0)
goto error3;
}
/* find the target keyring (which must be writable) */
keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
if (IS_ERR(keyring_ref)) {
ret = PTR_ERR(keyring_ref);
goto error3;
}
/* create or update the requested key and add it to the target
* keyring */
key_ref = key_create_or_update(keyring_ref, type, description,
payload, plen, KEY_PERM_UNDEF,
KEY_ALLOC_IN_QUOTA);
if (!IS_ERR(key_ref)) {
ret = key_ref_to_ptr(key_ref)->serial;
key_ref_put(key_ref);
}
else {
ret = PTR_ERR(key_ref);
}
key_ref_put(keyring_ref);
error3:
kvfree_sensitive(payload, plen);
error2:
kfree(description);
error:
return ret;
}
/*
* Search the process keyrings and keyring trees linked from those for a
* matching key. Keyrings must have appropriate Search permission to be
* searched.
*
* If a key is found, it will be attached to the destination keyring if there's
* one specified and the serial number of the key will be returned.
*
* If no key is found, /sbin/request-key will be invoked if _callout_info is
* non-NULL in an attempt to create a key. The _callout_info string will be
Annotation
- Immediate include surface: `linux/init.h`, `linux/sched.h`, `linux/sched/task.h`, `linux/slab.h`, `linux/syscalls.h`, `linux/key.h`, `linux/keyctl.h`, `linux/fs.h`.
- Detected declarations: `syscall add_key`, `syscall request_key`, `syscall keyctl`, `function key_get_type_from_user`, `function keyctl_get_keyring_ID`, `function a`, `function keyctl_update_key`, `function time`, `function keyctl_invalidate_key`, `function keyctl_keyring_clear`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: core implementation candidate.
- This snippet crosses the user/kernel memory boundary; validate fault handling and access checks before translating the pattern.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.