Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\keys\key.c Create Date:2022-07-28 18:15:57
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:key_put - Discard a reference to a key.*@key: The key to discard a reference from.* Discard a reference to a key, and when all the references are gone, we* schedule the cleanup task to come and pull it out of the tree in process

Proto:void key_put(struct key *key)

Type:void

Parameter:

TypeParameterName
struct key *key
643  If key Then
644  key_check(key)
646  If _dec_and_test - decrement a refcount and test if it is 0*@r: the refcount* Similar to atomic_dec_and_test(), it will WARN on underflow and fail to* decrement when saturated at REFCOUNT_SATURATED Then schedule_work - put work task in global workqueue*@work: job to be done* Returns %false if @work was already on the kernel-global workqueue and* %true otherwise
Caller
NameDescribe
put_cred_rcuThe RCU callback to actually dispose of a set of credentials
prepare_exec_credsPrepare credentials for current to perform an execve()* - The caller must hold ->cred_guard_mutex
copy_credsCopy a certificate
set_cred_user_ns
create_user_nsCreate a new user namespace, deriving the creator from the user in the* passed credentials, and replacing that user with the new root user for the* new namespace.* This is called by copy_creds(), which will finish setting the target task's* credentials.
__key_updateAttempt to update an existing key.* The key is given to us with an incremented refcount that we need to discard* if we get an error.
key_create_or_updatekey_create_or_update - Update or create and instantiate a key.*@keyring_ref: A pointer to the destination keyring with possession flag.*@type: The type of key.*@description: The searchable description for the key.
key_free_user_nsClean up the bits of user_namespace that belong to us.
keyring_free_objectFree an object after stripping the keyring flag off of the pointer.
keyring_destroy
keyring_allocAllocate a keyring and link into the destination keyring.
keyring_restrictkeyring_restrict - Look up and apply a restriction to a keyring*@keyring_ref: The keyring to be restricted*@type: The key type that will provide the restriction checker.*@restriction: The restriction options to apply to the keyring
keyring_restriction_gcGarbage collect restriction pointers from a keyring
SYSCALL_DEFINE4Search the process keyrings and keyring trees linked from those for a* matching key. Keyrings must have appropriate Search permission to be* searched.* If a key is found, it will be attached to the destination keyring if there's
keyctl_describe_keyReturn a description of a key to userspace
keyctl_read_keyRead a key's payload
keyctl_chown_keyChange the ownership of a key* The key must grant the caller Setattr permission for this to work, though* the key need not be fully instantiated yet. For the UID to be changed, or* for the GID to be changed to a group the caller is not a member of, the
keyctl_setperm_keyChange the permission mask on a key.* The key must grant the caller Setattr permission for this to work, though* the key need not be fully instantiated yet. If the caller does not have
keyctl_change_reqkey_authChange the request_key authorisation key on the current process.
keyctl_instantiate_key_commonInstantiate a key with the specified payload and link the key into the* destination keyring if one is given.* The caller must have the appropriate instantiation permit set for this to* work (see keyctl_assume_authority). No other permissions are required.
keyctl_reject_keyNegatively instantiate the key with the given timeout (in seconds) and error* code and link the key into the destination keyring if one is given.* The caller must have the appropriate instantiation permit set for this to
keyctl_set_timeoutSet or clear the timeout on a key.* Either the key must grant the caller Setattr permission or else the caller* must hold an instantiation authorisation token for the key.* The timeout is either 0 to clear the timeout, or a number of seconds from
keyctl_assume_authorityAssume (or clear) the authority to instantiate the specified key
keyctl_get_securityGet a key's the LSM security label.* The key must grant the caller View permission for this to work.* If there's a buffer, then up to buflen bytes of data will be placed into it.* If successful, the amount of information available will be returned,
look_up_user_keyringsLook up the user and user session keyrings for the current process's UID,* creating them if they don't exist.
install_session_keyring_to_credInstall the given keyring as the session keyring of the given credentials* struct, replacing the existing one if any. If the given keyring is NULL,* then install a new anonymous session keyring.*@cred can not be in use by any task yet.
search_cred_keyrings_rcuSearch the process keyrings attached to the supplied cred for the first* matching key under RCU conditions (the caller must be holding the RCU read* lock)
lookup_user_keyLook up a key ID given us by userspace with a given permissions mask to get* the key it refers to.* Flags can be passed to request that special keyrings be created if referred* to directly, to permit partially constructed keys to be found and to skip
join_session_keyringJoin the named keyring as the session keyring if possible else attempt to* create a new one of that name and join that
umh_keys_cleanupClean up a usermode helper with session keyring.
call_sbin_request_keyRequest userspace finish the construction of a key* - execute "/sbin/request-key "
construct_keyCall out to userspace for key construction.* Program failure is ignored in favour of key status.
construct_get_dest_keyringGet the appropriate destination keyring for the request.* The keyring selected is returned with an extra reference upon it which the* caller must release.
construct_alloc_keyAllocate a new key in under-construction state and attempt to link it in to* the requested keyring.* May return a key that's already under construction instead if there was a* race between two thread calling request_key().
construct_key_and_linkCommence key construction.
request_key_and_linkquest_key_and_link - Request a key and cache it in a keyring.*@type: The type of key we want.*@description: The searchable description of the key.*@domain_tag: The domain in which the key operates.
request_key_tagquest_key_tag - Request a key and wait for construction*@type: Type of key
request_key_with_auxdataquest_key_with_auxdata - Request a key with auxiliary data for the upcaller*@type: The type of key we want.*@description: The searchable description of the key.*@domain_tag: The domain in which the key operates.
free_request_key_auth
request_key_auth_newCreate an authorisation token for /sbin/request-key or whoever to gain* access to the caller's security data.
key_get_instantiation_authkeySearch the current process's keyrings for the authorisation key for* instantiation of a key.
dh_data_from_key
keyctl_pkey_params_free
request_user_keyquest_user_key - request the user key* Use a user provided key to encrypt/decrypt an encrypted-key.
encrypted_key_decrypt
encrypted_readrypted_read - format and copy the encrypted data to userspace* The resulting datablob format is:* * On success, return to userspace the encrypted key datablob size.
asymmetric_verify
evm_init_keyGet the key from the TPM for the SHA1-HMAC
fscrypt_sb_free
add_master_key_userGive the current user a "key" in ->mk_users. This charges the user's quota* and marks the master key as added by the current user, so that it cannot be* removed by another user with the key. Either the master key's key->sem must
remove_master_key_userRemove the current user's "key" from ->mk_users.* The master key's key->sem must be held for write.* Returns 0 if removed, -ENOKEY if not found, or another -errno code.
add_new_master_keyAllocate a new fscrypt_master_key which contains the given secret, set it as* the payload of a new 'struct key' of type fscrypt, and link the 'struct key'* into the given keyring. Synchronized by fscrypt_add_key_mutex.
add_existing_master_key
add_master_key
fscrypt_verify_key_addedVerify that the current user has added a master key with the given identifier* (returns -ENOKEY if not)
do_remove_keyTry to remove an fscrypt master encryption key
fscrypt_ioctl_get_key_statusRetrieve the status of an fscrypt master encryption key
setup_file_encryption_keyFind the master key, then set up the inode's actual encryption key.* If the master key is found in the filesystem-level keyring, then the* corresponding 'struct key' is returned in *master_key_ret with* ->mk_secret_sem read-locked
put_crypt_info
fscrypt_get_encryption_info
find_and_lock_process_keySearch the current task's subscribed keyrings for a "logon" key with* description prefix:descriptor, and if found acquire a read lock on it and* return a pointer to its validated payload in *payload_ret.
fscrypt_setup_v1_file_key_via_subscribed_keyrings
fsverity_init_signature
key_ref_put
digsig_verifydigsig_verify() - digital signature verification with public key*@keyring: keyring to search key in*@sig: digital signature*@siglen: length of the signature*@data: data*@datalen: length of the data* Returns 0 on success, -EINVAL otherwise