- /* make the call */
- actor = call_sbin_request_key;
- if (type->request_key)
- actor = type->request_key;
- ret = actor(key, authkey, "create");
- if (ret < 0)
- goto request_failed;
-
- /* if the key wasn't instantiated, then we want to give an error */
- ret = -ENOKEY;
- if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
- goto request_failed;
-
- key_revoke(authkey);
- key_put(authkey);
-
- down_write(&key_construction_sem);
- list_del(&cons.link);
- up_write(&key_construction_sem);
-
- /* also give an error if the key was negatively instantiated */
-check_not_negative:
- if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
- key_put(key);
- key = ERR_PTR(-ENOKEY);
- }
-
-out:
- kleave(" = %p", key);
- return key;
-
-request_failed:
- key_revoke(authkey);
- key_put(authkey);
-
-alloc_authkey_failed:
- /* it wasn't instantiated
- * - remove from construction queue
- * - mark the key as dead
- */
- negated = 0;
- down_write(&key_construction_sem);
-
- list_del(&cons.link);
-
- /* check it didn't get instantiated between the check and the down */
- if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
- set_bit(KEY_FLAG_NEGATIVE, &key->flags);
- set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
- negated = 1;
- }
-
- clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
-
- up_write(&key_construction_sem);
-
- if (!negated)
- goto check_not_negative; /* surprisingly, the key got
- * instantiated */
-
- /* set the timeout and store in the session keyring if we can */
- now = current_kernel_time();
- key->expiry = now.tv_sec + key_negative_timeout;
-
- if (current->signal->session_keyring) {
- struct key *keyring;
-
- rcu_read_lock();
- keyring = rcu_dereference(current->signal->session_keyring);
- atomic_inc(&keyring->usage);
- rcu_read_unlock();
-
- key_link(keyring, key);
- key_put(keyring);
- }
-
- key_put(key);
-
- /* notify anyone who was waiting */
- wake_up_all(&request_key_conswq);
-
- key = ERR_PTR(ret);
- goto out;
-
-alloc_failed:
- up_write(&key_construction_sem);
- goto out;
-
-} /* end __request_key_construction() */
-
-/*****************************************************************************/
-/*
- * call out to userspace to request the key
- * - we check the construction queue first to see if an appropriate key is
- * already being constructed by userspace
- */
-static struct key *request_key_construction(struct key_type *type,
- const char *description,
- struct key_user *user,
- const char *callout_info,
- unsigned long flags)
-{
- struct key_construction *pcons;
- struct key *key, *ckey;
-
- DECLARE_WAITQUEUE(myself, current);
-
- kenter("%s,%s,{%d},%s,%lx",
- type->name, description, user->uid, callout_info, flags);
-
- /* see if there's such a key under construction already */
- down_write(&key_construction_sem);
-
- list_for_each_entry(pcons, &user->consq, link) {
- ckey = pcons->key;
-
- if (ckey->type != type)
- continue;
-
- if (type->match(ckey, description))
- goto found_key_under_construction;
- }
-
- /* see about getting userspace to construct the key */
- key = __request_key_construction(type, description, callout_info,
- flags);
- error:
- kleave(" = %p", key);
- return key;
-
- /* someone else has the same key under construction
- * - we want to keep an eye on their key
- */
- found_key_under_construction:
- atomic_inc(&ckey->usage);
- up_write(&key_construction_sem);
-
- /* wait for the key to be completed one way or another */
- add_wait_queue(&request_key_conswq, &myself);
-
- for (;;) {
- set_current_state(TASK_INTERRUPTIBLE);
- if (!test_bit(KEY_FLAG_USER_CONSTRUCT, &ckey->flags))
- break;
- if (signal_pending(current))
- break;
- schedule();
- }
-
- set_current_state(TASK_RUNNING);
- remove_wait_queue(&request_key_conswq, &myself);
-
- /* we'll need to search this process's keyrings to see if the key is
- * now there since we can't automatically assume it's also available
- * there */
- key_put(ckey);
- ckey = NULL;
-
- key = NULL; /* request a retry */
- goto error;
-
-} /* end request_key_construction() */