From nobody Mon Jun 8 07:26:15 2026 Received: from SY2PR01CU004.outbound.protection.outlook.com (mail-australiaeastazolkn19011031.outbound.protection.outlook.com [52.103.72.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 589F93438A8; Sun, 31 May 2026 20:51:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.103.72.31 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780260714; cv=fail; b=mP0o22LcGnafIf35rvidASgXtdxvf7ECGUptpVyBrjrMEAHjbt+6YL5P6tB4oEU6ErO+JPx3goMxJvkvIxgcxCW0DovVOI6lUUAiKRGYRwxwFQxHGMlwV0CH7zljXYQynHH6p63865GPMMAwQRbgRJGTfRhR3Gy0GtmhLA0MmmM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780260714; c=relaxed/simple; bh=woHBLWWaUtQAntiuDiGR+ZJ+68QJuqQHdQVHyoP1yAA=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:MIME-Version; b=fNh8xWYHnPygUjgwCf5glLAFbdIttxFjABMdyPt8U1wkFjVeVLZfB35Dld9EA9AsyOua85UlvzRG8KS6/OzFI0JOOWssKcktCV0JxLs/vb472ZLSvG+ln5kDIMg8uPyE0wbcrEjnOOdOhg9XMNjFpOaaMT0Bvpam0SiIIyujZr8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=outlook.com; spf=pass smtp.mailfrom=outlook.com; dkim=pass (2048-bit key) header.d=outlook.com header.i=@outlook.com header.b=HqByfeRo; arc=fail smtp.client-ip=52.103.72.31 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=outlook.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=outlook.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=outlook.com header.i=@outlook.com header.b="HqByfeRo" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=a76vnoFFa9fE8cvkmDx1lGogad7+A8c32XTQ7K+WNToIebxarQBk/xSNJ4KakhX5muHbkeR3ODEiHn1YmjfKOxkc5L9Ej5AuaGubxDlnjWVKE2+Rso4a62gHNNP6cuERO4Aywo6M+t/KYp9eCvLmEiDjfMSOxVkpscUQtqWTzdDjufUfoiUNkMRxGfrBvqyCWHDHtKhjGqQXQ0Q0n8ZL0V8SBybBsm5cZ+ePH5V/8k52jsDzv4LEXCZyTkUpE1YV2LReFz0Sa0oYe0oRgnjgb29kWhHtoR7hhJw4FypQCwWl8rhiBs79qQ8VhTNWRYi9iOBCDhheCG3JXqllEZc7Jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=woHBLWWaUtQAntiuDiGR+ZJ+68QJuqQHdQVHyoP1yAA=; b=IWI/ex+sYkFsF1Eg1D3exqMTQyAvRl2irwyMrX1sUB6Lq3RnqN/sG1XAR/PqHeF7aEAuevkUXI9dJQdaBlP1C5loXioeVoSwXx7ebEsM3/yM0ulTBvCPfT/2DTmW5kLRhNFbzmYkykE8rh+uOzt+TJE47EFlNY53lN6w7b08txIhP88VitQ58MKmYUAkkxZ2OYIhkpa2GF6RD5vuNG+Wjaj7LX8dpdbVnYkVX0X+rhst69a0ZfZivg6Qdr98FSsnD+FlEWtSNYZvMXE/OdpjPm2yI1WROi71cB9kfmZTLqxpgNLjH395EWWf+7QtEa30Y79CSdrXJDUtnpOZK0NJFA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=woHBLWWaUtQAntiuDiGR+ZJ+68QJuqQHdQVHyoP1yAA=; b=HqByfeRofCWfFJ2Zrc3g6QqEGX/hIgf4aOYs6YWQ+8HcHcFmIPP0+ZDeh+m2Fmrjx5kKC/notORxSZhPwasA/er7DAcvNIXncAweWsHhQP8DxhF0z6JMtQwk41ecqLu7yABDdlwOcxsjmkVuDXdrC/UtMyeRGOnuqjBqy1EwL8FHsZ+OgHrTZYyds9ExRcs+Ao7JDfhwBRyW2/+1oWmhmDHww46nQpqCkW76mxoGCAr1b3Jh9LEHq2nt0CM1X07vVZ4xj8n8RAiyUDd+tV0yK8+be/NlP0Z3h5e/jTFIopun8LLcdRJGd39qj0TjhOa6DVns9iGJlw3wJU4WC5kyCg== Received: from ME0P300MB0618.AUSP300.PROD.OUTLOOK.COM (2603:10c6:220:22c::12) by SY8P300MB0252.AUSP300.PROD.OUTLOOK.COM (2603:10c6:10:265::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.17; Sun, 31 May 2026 20:51:49 +0000 Received: from ME0P300MB0618.AUSP300.PROD.OUTLOOK.COM ([fe80::40c:1bbb:6484:38c]) by ME0P300MB0618.AUSP300.PROD.OUTLOOK.COM ([fe80::40c:1bbb:6484:38c%6]) with mapi id 15.21.0071.015; Sun, 31 May 2026 20:51:49 +0000 From: Liu Mingyu To: David Howells , Jarkko Sakkinen CC: "keyrings@vger.kernel.org" , "linux-kernel@vger.kernel.org" , Eric Biggers , Kees Cook , Mimi Zohar , Randy Dunlap Subject: [PATCH v2 1/2] keys: Enforce keep guard when moving keys Thread-Topic: [PATCH v2 1/2] keys: Enforce keep guard when moving keys Thread-Index: AQHc8T9Nz7kg76WGQUaSkw/c42Z5Qw== Date: Sun, 31 May 2026 20:51:49 +0000 Message-ID: <20260531205059.mliu-keyrings-v2-1@outlook.com> References: <20260531205059.mliu-keyrings-v2-0@outlook.com> In-Reply-To: <20260531205059.mliu-keyrings-v2-0@outlook.com> Accept-Language: zh-CN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: ME0P300MB0618:EE_|SY8P300MB0252:EE_ x-ms-office365-filtering-correlation-id: 7009ae8b-994d-4168-4acc-08debf566fb6 x-microsoft-antispam: BCL:0;ARA:14566002|31061999003|51005399006|24021099003|12121999013|38102599003|41001999006|8060799015|15080799012|8062599012|19110799012|40105399003|3412199025|440099028|102099032; x-microsoft-antispam-message-info: =?utf-8?B?eUJGSENoY1RQTWhoaWV4eDl2RlBRc05KcjJOaXZzUnBRZnIwc3NvMEhwdXk5?= =?utf-8?B?TmxPY0ZudkxzMDFQR3g3Vm9hcjE3N1Z3VFk1RGFqeHpPRjdyaWxjVWRIRklw?= =?utf-8?B?bUd6WHAxSWV4ZFRrdzZxeGdra0RGRVk5ZnIrUWxaVkxkZjgwSXpmY2ZyNlRu?= =?utf-8?B?RUVJUmhQcFNkT3hyWU1lcW1ScllpQXJtVWRjUmdyYmFrN3h6V2JMak0zb1pv?= =?utf-8?B?ZStlQzNDNm9XN2lmSFljNTcrT1pZQWl1TlJzdXRsK0pORDFmTUtmcjRQRnJk?= =?utf-8?B?S0RyMXlhUUpKRGd1bWlYNFJobW9lN3R0WWNqUDR5cEEwKzN5L3FhS2Yyd3dt?= =?utf-8?B?WUQvaDhPZmxhVjIzVTNySTk5U3piTTRzYTNHYmdpSVg3M3dVMUs5SjFRYTV2?= =?utf-8?B?SzljdTVFZTNsemoyV0hTOVlCK2toamRMSkxYdHh2aGkrQytpVG5WYVZLenFW?= =?utf-8?B?T0VMVzRyd01taWZkbnpyNy80eXB5YkhLQ2ZLMUgxMldBc0pad3JmenlYbEtY?= =?utf-8?B?TlRQeWg0QWxFMkg4bTRHSGpqUElIRHFuNDRNOFFvMmVPSzNXbzJLZEZuUUZh?= =?utf-8?B?WVNaMlpBemtYWVlwWE9uUklaemlPbUxFV3R4RGtKODEwR1RYUmZqWHZqTFg0?= =?utf-8?B?RStsWHphSUhPMFhhdkFRV3U0V3FFeU14UlpYWVR6OEpGQkZkT1JSZTVmRlNo?= =?utf-8?B?azIyMWFGNHcvdlVBS3pxbkpNK1BQWTA1M1hvNkZ3VzlBMjMzOENjUWJpcHND?= =?utf-8?B?L0tZM1ArZnZMYzR0Rjh2L3FROU9CNDhRK2phcFNiMlBHUXhibmF6ZVBiNEJG?= =?utf-8?B?NkNiRFhFbzJ5YkFNcXpycDVhRklxRFQwTkFQN1MzWXRWVEgraUpKY0lEMVdE?= =?utf-8?B?MjNGMWh2dFZQd1ArTDRpY2VSeGpQZkwwT0w1T1lxUUlzR0Z0R1pMTlZNUElr?= =?utf-8?B?SGI2Sm5VMnc3M2p1dGRMMFNjVzZwakd2OHRJcHl3RnFoMW9nSHpVZWtIdlBy?= =?utf-8?B?TjBxM0NXVkdnQndRTzNNazBEVCs1RU5KZHRJQTA4cEwwSVZWdk4yc1FyMG84?= =?utf-8?B?bjJXeEtyQlJEL0JMbzdINEtjZzRPelJXRElXQXZCQjhxZU1jZTU1SUxXbmxv?= =?utf-8?B?OTVob0ZXTE96M1BxMFE0QXpUN1ViT0I3SlRhYkpTelpTYU9nWTNBOEhQRVJD?= =?utf-8?B?NWhjZEdONkdXWm5nQVZHbEl2cEJCRXBOWUZQZW1zM1RBN091d0J1WE91ZXhY?= =?utf-8?B?aWNPdndBbDBudVc1U1NWZytwRDJNSGx6WktPc0VzcDM5TlllY2FMZVhuenNy?= =?utf-8?B?Q2d1TzFWQWIrOGEzb2VxcWczMkE1TkJtY1JPOFRLMU85SDE3dGg1bldHbUpD?= =?utf-8?Q?0xtIGbUwG7Udj5/W+Awi0aIq6OGC7XzA=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?WS90VUh2RUZsOEszb0Noc1NvSzJldy9qcGZieUY3TFRIUElDdk1tWVM0czRB?= =?utf-8?B?NGMvRXZwMXhRbDRMR3E1a2FGNUtZbWQ5bm5zY0tkenp5eVExRm9kQmpVR0JY?= =?utf-8?B?K1lDN1VYQWFkNDJxUXl3dThKL1llZm5BZG5PclZMcEMrZGowbTJxSmtpekY5?= =?utf-8?B?Qll1am53Z1VQV0lka1hJeTB0YVN0TFdyUy9IR1VMSE9RYlJ1S2hZL3FTcXkz?= =?utf-8?B?cHJOMXJ0bDY5VW9zaUd6dVFFZ0RiN0NSUmdmRGd5WlJkYmZmTUUxbHVlMEZE?= =?utf-8?B?Q3oybUZjUUtVTlNhUENYbklkU1c0bFhra2JhMm8rR3RJYWhyVW9lVUFkeCtN?= =?utf-8?B?TEdoTWx3ZmN6Sm1aVHVnbmtxazBGQUtZamoxWVJDSzVvdkNZNCt0aXpEQlpZ?= =?utf-8?B?UWtPZWcvMVVlYlZEbGJJTWlxYmFQL2gyVzJ3SC9sNkJEcjJReWhyRk5yOExy?= =?utf-8?B?dndXM1psU2NSaFNPd0FuNktLRUg1Nld1ck45dXpPK0RJZVhYcWszaDFmNnBF?= =?utf-8?B?VEx6Sy92ZWdVK3hyT0lLbEdWUHo4WUNvd1NyL0RwY1lXRXh3N0E2a1pjbjlW?= =?utf-8?B?WDQ1NkloUjFyejZDV1JxUU9tbHdLTWs1dGRoSDRNK3l3Z3VZRjdhNTQ2QzRz?= =?utf-8?B?cHdLcE8wL3FrT0R4b1VEdVYzQnV4NEZ4UzdIeEYydnVvN1NyMGd1NnRWdVlP?= =?utf-8?B?VE5LSFI4TXRSNlZ4bGN4ZlQ1ODNNTVIwN0lLL1dWQnRCT3owdldXbUhsd2Vz?= =?utf-8?B?VTRSbXJWeVVOSDQyU3lzSVpleGtlelB6a3lWRXM4OU5CZEVDWmk5QXN1NEt3?= =?utf-8?B?R1hJOU02aElTUzd1THBtUHlUNHMvUzgwZVJQSEpJNW9wQ0wweTRMaFNWaXVD?= =?utf-8?B?WStqalcvU2tjVktrdTlqOTJDcGxLTkM0b29lZVpKdDZ5cEFSdlU1WFcwQ2pr?= =?utf-8?B?YW9RcUJUbytuWDU4RzMwaXFqS0VKVEovY2hkSW9BNXM4K3pJZkJnVTRtM0xs?= =?utf-8?B?THpjK25CdkJrb1hNUWxSUHZPK205aEdMbVZpRGl4ZVRqdzk5SWRGM24yVnlI?= =?utf-8?B?cnpIYk9hSkJvdXk3R01vQlg5WWdsQm5yZldmVVlrN2kzY3RkNjNhN1JNaDhF?= =?utf-8?B?ZExtZzhYcm9hRGtabWxjQUoydHQ0cXdXRXBtUFRKL09CeDJ3ZTBnTTZ2Q0NJ?= =?utf-8?B?UUw1KzVGeW8rbGQ2Q3AxdFBuekppNXlsMUROcHFCb3Y0enZPOUNvZUNUUFh2?= =?utf-8?B?WFVFNmFkZW1HRmpmSk9kbnVkQTBIVCtnM0tBdnNvTTFTVGlxazlMRTZwRGxC?= =?utf-8?B?WSsvdlBPZEJJb2pUc21ac3REbmdVVys3MGF0ZDZHT0VZZzlVa3RwYlVRYjZm?= =?utf-8?B?UUZqRkhTYjB2ODJPOFlHWWRROXFKWGRQVDRNKzRvcG1vNjJMZktQSzRzUVhE?= =?utf-8?B?OXV6L29yeXJxSGM0MTFtVm5PaXRiTEc5SXpzZ25pVnEwaUZ0d1R4RXVjL1lV?= =?utf-8?B?VDFtUTBhUS9veTNpNlhMc3ZPenhHZ1c4TW5oVldDOVNQVXZEcUpBYW9BUWNt?= =?utf-8?B?dFViUStXRjlSc25HdFgvWFFlN256UFQ2SGVLUW9mUW5QKzVSR0tJTmp2VXZI?= =?utf-8?B?Zk1HYm9YUjlqUW1LamQ2eTVrV3Z4ZzF5ZHVna0VZaC9YRCs3amhIcmx4REhx?= =?utf-8?B?OTcwMUZJUmNLWnhFbnVTNGE0azhhQllvSldITzdwcEV5YVYrMDhCM08ydzFz?= =?utf-8?B?a1R6ZWZSVHExS1ZidDVoQVBjRDdvNVk1bkZEa1haY2huWnJzUGJaQjRuUklF?= =?utf-8?B?RWo3VHBTSmdjbUJLRHhXbXY3d0xjTUROd1hOS1ovN2tveWhUYXM4LzEvMEtj?= =?utf-8?Q?Qe4yjzQllwUKM?= Content-Type: text/plain; charset="utf-8" Content-ID: <15852B0736284C46AF7DA17CB277DD7A@AUSP300.PROD.OUTLOOK.COM> Content-Transfer-Encoding: quoted-printable Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: ME0P300MB0618.AUSP300.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 7009ae8b-994d-4168-4acc-08debf566fb6 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 May 2026 20:51:49.5011 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY8P300MB0252 KEYCTL_MOVE removes the source link as part of moving a key between keyrings. key_unlink() rejects removal of a KEY_FLAG_KEEP-protected key from a KEY_FLAG_KEEP-protected keyring, but key_move() did not enforce the same rule. Reject such moves with -EPERM when both the source keyring and key are protected. Leave same-keyring moves as a no-op so callers can continue to use KEYCTL_MOVE idempotently. Document the errno so callers can distinguish the protected removal case. Fixes: ed0ac5c7ec37 ("keys: Add a keyctl to move a key between keyrings") Cc: stable@vger.kernel.org Signed-off-by: Mingyu Liu --- Documentation/security/keys/core.rst | 1 + security/keys/keyctl.c | 2 ++ security/keys/keyring.c | 7 ++++++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Documentation/security/keys/core.rst b/Documentation/security/= keys/core.rst index 326b8a973828..6096ce6c63da 100644 --- a/Documentation/security/keys/core.rst +++ b/Documentation/security/keys/core.rst @@ -600,6 +600,7 @@ The keyctl syscall functions are: A process must have link permission on the key for this function to be successful and write permission on both keyrings. Any errors that can occur from KEYCTL_LINK also apply on the destination keyring here. + If the key and source keyring are protected, EPERM will be returned. =20 =20 * Unlink a key or keyring from another keyring:: diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index ef855d69c97a..b37bf1505ec5 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -590,6 +590,8 @@ long keyctl_keyring_unlink(key_serial_t id, key_serial_= t ringid) * the caller Write permission. There must also be a link in the from key= ring * to the key. If both keyrings are the same, nothing is done. * + * If the key and source keyring are protected, -EPERM will be returned. + * * If successful, 0 will be returned. */ long keyctl_keyring_move(key_serial_t id, key_serial_t from_ringid, diff --git a/security/keys/keyring.c b/security/keys/keyring.c index 5a9887d6b7be..60c184bd9a8d 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -1582,7 +1582,8 @@ EXPORT_SYMBOL(key_unlink); * * Returns 0 if successful, -ENOTDIR if either keyring isn't a keyring, * -EKEYREVOKED if either keyring has been revoked, -ENFILE if the second - * keyring is full, -EDQUOT if there is insufficient key data quota remain= ing + * keyring is full, -EPERM if this would remove a protected key from a + * protected keyring, -EDQUOT if there is insufficient key data quota rema= ining * to add another link or -ENOMEM if there's insufficient memory. If * KEYCTL_MOVE_EXCL is set, then -EEXIST will be returned if there's alrea= dy a * matching key in @to_keyring. @@ -1608,6 +1609,10 @@ int key_move(struct key *key, key_check(from_keyring); key_check(to_keyring); =20 + if (test_bit(KEY_FLAG_KEEP, &from_keyring->flags) && + test_bit(KEY_FLAG_KEEP, &key->flags)) + return -EPERM; + ret =3D __key_move_lock(from_keyring, to_keyring, &key->index_key); if (ret < 0) goto out; --=20 2.51.2.windows.1 From nobody Mon Jun 8 07:26:15 2026 Received: from SY2PR01CU004.outbound.protection.outlook.com (mail-australiaeastazolkn19011031.outbound.protection.outlook.com [52.103.72.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0A84A369D79; Sun, 31 May 2026 20:51:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.103.72.31 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780260716; cv=fail; b=ph0lVGqKgAdE6iUW0gcY7zBlspj1re5W88CjkUpE1gwBoyYv/SXT505vNkVY1SRS6bB9cPst4MqFW2IqWhZwSaBVVGVYYWYIjGcv+FGIEcc2ITR00hwzJ9rJ3VZG0ikt0I4LrdLVDNi948BI9RVLENNoiHhpJCEWZVjvR/ZlThg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780260716; c=relaxed/simple; bh=BGz7aA3Uw1Y0v8ZgmPswroJhFpl0jaQFtEEPkXgnjMo=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:MIME-Version; b=If7zvnFFF60DqsOLFyCtmjMBQ5XXW/S4o3LBKdBy+Z1fIuC3+EExU55ZXVDpNTjCJBN96HKvtpFiWuM02fHpRj5rgb+a0FO9fwByF09fiUIz2ublM43dgM68wJmCxeWGgupIYyhzFkh4LJJfBh/3SFsfTtn5HTn95I83NqTGe2U= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=outlook.com; spf=pass smtp.mailfrom=outlook.com; dkim=pass (2048-bit key) header.d=outlook.com header.i=@outlook.com header.b=gsNruSX8; arc=fail smtp.client-ip=52.103.72.31 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=outlook.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=outlook.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=outlook.com header.i=@outlook.com header.b="gsNruSX8" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Tob86ckTZ4zTtqoPqR1unud9JMl0/IFoTm3TDHLXf8L9KAA7KX+Xj7HlpFEAtj5v/wYlPsPCJfg9noIFcsH2xh+/6tzf2JCEjYnII8TsMatl/ROMWrLLnzGcZKWhz418M0TeZ1AIjcwkwT+lXJJf+MNNoc3qrf2l/w/oOS2utSryVPFTtyebdqTRGPcEhRdcLW3p+E/HMt88wYztqxUwo4M/BuPmIkj/jqlgFohk3u7ZnXJp+eX4lQplewIYcW5CWeZKDW3tlcFQSKwaXvkYlB+RRyHWKspnAgl3s/id3bj0LuhKbXlg2dq8HUe66ZnRVsHMQzx8eIOzShXd7/R9vA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BGz7aA3Uw1Y0v8ZgmPswroJhFpl0jaQFtEEPkXgnjMo=; b=ieBpcggMOhwBYpmt7Fel4nV7pUEu06NtXbtbrXXL7XRoLygBjxGn/x13xBrVsPoeMC2pyg+QLlvR5UN3Qrb0bP38M+eIH0kvSAkCTO0mNY+I5pThByHOs6RtKjzldPuZj+UId8cx88okWmGfKzP0VuEJj2epELfuM4i/sXkwAp3q84w6g+/iORjNR5KJ5pTXUrs7JWkW2zJgHw+vNcNT8C9Krki6843chXm+A9fulBHtvn3kMFt7tVEJVsaBP/6zFpPn3ls/1a9OVxoEILJ/6STSwwZuwdDPq/biwB0YPZ0f9N/e7AjCg72PTbT1z1FlHldw2WKNu7akjcFuoA1KRA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BGz7aA3Uw1Y0v8ZgmPswroJhFpl0jaQFtEEPkXgnjMo=; b=gsNruSX8l/ROyQjidn5PlylnLD5N1kYfRTP7+esSt0iTsdvYYWv+d77IXSS4pQxFr0G1ohwEqNz+MKPXDvDq0a2WIy8DMZ/5vDF+WwYTKvK2+DV6TxZf0JFdtso9LuZNjHpBUrh3zzKRbeztCkbKDLu1cku9VF0dIVBsXE9b0rVs4Zbvkv23Hwj8JMEFLwLuMCVc0t7NWppVzAMKpvxmcZyx6RBjnOQ7xxV2Th+HVs5X8GzDYn5M1r7IOxwcot0TJ4R5Hd98/kUO2fo1ImZC5nFHej9xZBYy4s8jZ+AWYnW8Lif1hZn3dsJIknNvs9A8uCAmZa8LFlJLQBo+uuw8eQ== Received: from ME0P300MB0618.AUSP300.PROD.OUTLOOK.COM (2603:10c6:220:22c::12) by SY8P300MB0252.AUSP300.PROD.OUTLOOK.COM (2603:10c6:10:265::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.17; Sun, 31 May 2026 20:51:52 +0000 Received: from ME0P300MB0618.AUSP300.PROD.OUTLOOK.COM ([fe80::40c:1bbb:6484:38c]) by ME0P300MB0618.AUSP300.PROD.OUTLOOK.COM ([fe80::40c:1bbb:6484:38c%6]) with mapi id 15.21.0071.015; Sun, 31 May 2026 20:51:52 +0000 From: Liu Mingyu To: David Howells , Jarkko Sakkinen CC: "keyrings@vger.kernel.org" , "linux-kernel@vger.kernel.org" , Eric Biggers , Kees Cook , Mimi Zohar , Randy Dunlap Subject: [PATCH v2 2/2] keys: Add KUnit coverage for KEYCTL_MOVE keep guard Thread-Topic: [PATCH v2 2/2] keys: Add KUnit coverage for KEYCTL_MOVE keep guard Thread-Index: AQHc8T9OOvSg23XrRUKn32oBM2MpFQ== Date: Sun, 31 May 2026 20:51:51 +0000 Message-ID: <20260531205059.mliu-keyrings-v2-2@outlook.com> References: <20260531205059.mliu-keyrings-v2-0@outlook.com> In-Reply-To: <20260531205059.mliu-keyrings-v2-0@outlook.com> Accept-Language: zh-CN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: ME0P300MB0618:EE_|SY8P300MB0252:EE_ x-ms-office365-filtering-correlation-id: ae397894-ebed-499d-b376-08debf567132 x-microsoft-antispam: BCL:0;ARA:14566002|31061999003|51005399006|24021099003|38102599003|41001999006|8060799015|15080799012|8062599012|19110799012|40105399003|3412199025|440099028|102099032; x-microsoft-antispam-message-info: =?utf-8?B?eXBKcVBUSjhEVkVURGRCK3czanB6WE1jMmx4ZE9YU2JwU1o4ZStZYk5INUhN?= =?utf-8?B?Vm5XZjJkVjlYQnhuNDB3dVBVOE54RTFYNzZEa0VjMlg1L0t6cUoyWURoQWEv?= =?utf-8?B?NmJDeGtld2E1c3NRQnViZXpwQmpJdm5od1kxYXl1aUEvZnJzekprMkxPM1o3?= =?utf-8?B?U1VYMFQ2c3RhNitQQ2JPSklYY1dUbVZXM0lIQmtKWWg5Tk5EZFpKQjlGb1ZQ?= =?utf-8?B?dytpcTduOFVXWncvM2ZiSm5YZ3ZkZFBmRmx6Z0EyL1NzaHpWSllEWFlJWFpN?= =?utf-8?B?eDM4QXNWdjNpcHZFcnJIM1FlZkU5d200NmQ4OC9VOHNVaFYveXhtT3J3QkUr?= =?utf-8?B?Mkl2NHR3ZHExeU52enVTbTNJVHpBN1NhN3NWM2x2MkEwV2I5dWlZTklGY3ha?= =?utf-8?B?eHhWOEMxdVRiSE9rVWcvY3YzZ3MrWmxUTFdGUzZsQysxanlWUUt0NDY0Z2JF?= =?utf-8?B?eGVkWE4vWWc3QktERlYyQnhyZ0hLNy9rdEVJbmJYWVlnUm1PU3FuSllHTnhP?= =?utf-8?B?Z2lFbTlRWUFTYjV3ZlhxTjZNa204MEd5YitycTJNOXpQOEpoTytUZnVYcFBV?= =?utf-8?B?UUNNR3E5UWNWZUJBdTJ5TnJSNC9QUlkwSGphV3ZZVWo4REhYVnBDZis3ZU5l?= =?utf-8?B?UVZMVkthOEkwUS9maHZCZEJqVy9yY0EzOXR0THNBTjBMRmtqc2taT25UOUhq?= =?utf-8?B?a0JJcm1hUDFSV0M5RVlOekxadytWSHN2Zk5Fa2dmMUJoYnpIcGdRZmNna0k0?= =?utf-8?B?THZ4M0NSL1haQk8ydWdiaDFNNWZLZlRhTTdOL1JSSnpaOXVkMDl2T2xYbU5S?= =?utf-8?B?Tll0dDJSUTVLNFJxaFVaZEIvMGp3TjA3NG1ZbS9YNWZYNVNuSXljaWRheXpS?= =?utf-8?B?ZkFFM0srUVFJMUQ0UUlIb2hCS04rT1h6Uk1KYzhhUjhlMHFodG81UGxtTnE2?= =?utf-8?B?REhMYzVwYnQ2ME94ajBrQ1NnNi8wbFBjZFFnM2wxczdDbExteWhwbHlNbnh3?= =?utf-8?B?a0Q5QmJLMm96QkdlUjRSTjJ6OU5BRk9henlPN2ZkSTFrbnl0NVNxOHpFdjNO?= =?utf-8?B?RVJhU1RmSXo2Nk4ycjlaK3B3V1UvMWZkRXA1NTY0bDFxajUrVVJqd0pDMi9D?= =?utf-8?B?RzRvZFY0SmpUL0wvNGNVQ25aWDVmcXBvK0FJYnFQVTQ3NURiZ1VtdEdZUkwr?= =?utf-8?B?UUh4ODNRY0JVY1ZCTmduM2lYcGNGdjdwUHFFZVJxTmNXaUZsbS8ybVJXN0tY?= =?utf-8?B?dlk2T2xWMThaczMzdThEbjQ2QWMzZWtnK0NycFliRkJCeDZLR2VMNnFrUUE4?= =?utf-8?Q?8VAX8hZEHr4vJRwlXFCqaIG+b9a9d9Gu45?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?UHMyazVVT1VTcWJkNk52WTlhZFBDTXRoWm9VaGRsTDRMY2xGM1owM0N0NUlj?= =?utf-8?B?dkVOcC9aZDhPajlRZjhpbGhvWjRsV2lrK2FTUDBJQ0tsZktkR1UxSEg4Qmpj?= =?utf-8?B?K2dQY1JhOE9NWHk3ZTF0a1I4SU1zaUJGNTVpTFk1WTVCaVFEZWwxZHhveE5N?= =?utf-8?B?SVp2UDlIRk5JTng0TUVib1lDUjR1b00vSEpJcEg0RDBEY0xhU0RwQm5obFUx?= =?utf-8?B?cXI2UHFBbUNtMk4xUjRYWklYdXROVjZEY2YyM05yRTg5SjNMV2gzS28wbGpj?= =?utf-8?B?M05GdVBzODlVa2tSVHU0WUx6T1JHd3lGNzhZcGtXRzFvUjlZK0N5L00rSkdm?= =?utf-8?B?aDhIWkFLdnJZeDFXakNqa3hqZWQ1akJ1S2lMNGg3VGdmSHNsZUhSbWxzRytI?= =?utf-8?B?L1hBOWdvc2dxOUI0OWJTc3lqZ3NhaGV0RVUyQnZJb0NwZnlFSWRXYWNMSzZq?= =?utf-8?B?eU1JV1UwRnJidkpFazc3TDNLQjE1blNyQU00SFBTdXA2MWxQSWhtMlYySnpa?= =?utf-8?B?OEcyZytNUVBQR2diR2tLajRMaHNaZERwVGJZRi92R0Zwck5qQnNaY3dQTkkw?= =?utf-8?B?d0NzUFhrWWVRSk9sNnhvMm5EOG5sUWZHUnhvY1hhRXdKSWxzM0JVR3ppQzMx?= =?utf-8?B?NUNlWkJZVUdNWll5VjllSFpJWGdLTlBGekR1b1I2UCtyVkJLdFMvZTdjcHRC?= =?utf-8?B?VzNUaTgwT2kxNlJFWis5cW0zNEhWaWYyT1ptVks1cnVlZUsyQmlLMGF5YjVN?= =?utf-8?B?NGp2ZmROcEZoR0IzdUUwZ0YweHU1dnF0U3NBY1BoREgzbjhicjdrVHJYRGVj?= =?utf-8?B?N2ZpbXRQRDVLeFI3cUhCZWJWaVZuVCtFN2dBempVeGtBNm1NNU92bEhCYUlm?= =?utf-8?B?cGptZmxhdmJOVFB4YnRBdjk4TlMyTnBrNTR4MlFLMTNUTnJXMmoxdjV3UThr?= =?utf-8?B?L3MzODNhMHQrcVA2MDg0SG1Ja1crZWNZRHoycDZGWXBaYlZ0dGpTUmh4TWc3?= =?utf-8?B?Ni82UXFsR0Z1YWloc2d0dmdvei9YdlVmd1RGaklMVlZkNTlkUGxJUXhPemhw?= =?utf-8?B?OVdMVDVFZVFVT2VCZEZEUTRHbGw2UVkrWFhOeXAzOUZnMm01NnlpbDNHUWJS?= =?utf-8?B?WVdBQzhiWURQTnprUExIL0tJWGhFQ0RYemNBSCtjYXh2UWVvaThrd283YzAr?= =?utf-8?B?TGVuSm1KRUtYeVgwNkVoUnhxL3ZqeTVaVkEvcXMxN3U5dENvaFl4dnhpRS93?= =?utf-8?B?ZU82OWNHOFlvV1hjdTJqWWVpbndCRmR2eCt3UUtsRHBBUk51OWVCd2V1a1dF?= =?utf-8?B?bGRZK2VHNWlTL1JEeVFuNUp3NmRFR3JaOUMzRUVsMGp6eGtodU1tRUxGcnBz?= =?utf-8?B?bzd6eWdmbHNSR2RXclFTTDZlWDJGTzV5VTR2SW5MdnY5bWI1TDdjSml2UUVa?= =?utf-8?B?K1Qvb0lwRmoyeFJxUGMvUU5hZk1rZXF4Mm5LQlNiQXpwVlFadjlJZTlkckRI?= =?utf-8?B?VDJaSGkwQUZkdnBXUml0RnlBNmVqVTJxck9mcEZONFJqelFrWkEwQXp4QXVx?= =?utf-8?B?UWc1WFlVSWNNVDFDTWkzWjdyczk5SElXS09weENxZ3lwdHRXblVkK3pWRmxq?= =?utf-8?B?Y1liYVEydCt1dkY4VWoyQi92NlR1SmdVY0k5SFZueHBzc3ZKSWE1aHpqR1Vl?= =?utf-8?B?SUVoa1k1N1B0NDloWUkyc01GM2FvdE9IOTFldkFhYUE4ak5XemJLOEJEWG1B?= =?utf-8?B?VlZsREpycmYzOEc3WUVuMGM4aG1PZEl6TmdRQW83U0hZT1V4SlZic1U1N2tr?= =?utf-8?B?clQ4Q2V4MDFWQlNraTNFWC9HclFaNmx2RkhTYWloK1hlcS9HSHpWVXdGVHNi?= =?utf-8?Q?J4YKHvM45S8G5?= Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: quoted-printable Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: ME0P300MB0618.AUSP300.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: ae397894-ebed-499d-b376-08debf567132 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 May 2026 20:51:51.9908 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY8P300MB0252 Add keyring KUnit tests that exercise successful key_move(), rejection of moving a protected key out of a protected source keyring, and the same-keyring no-op path. Keep the test-only infrastructure separate from the KEYCTL_MOVE fix so the fix can be backported without pulling in the KUnit module. Signed-off-by: Mingyu Liu --- security/keys/Kconfig | 13 ++++ security/keys/Makefile | 1 + security/keys/keyring_test.c | 121 +++++++++++++++++++++++++++++++++++ 3 files changed, 135 insertions(+) create mode 100644 security/keys/keyring_test.c diff --git a/security/keys/Kconfig b/security/keys/Kconfig index 84f39e50ca36..acffb5f7385c 100644 --- a/security/keys/Kconfig +++ b/security/keys/Kconfig @@ -129,4 +129,17 @@ config KEY_NOTIFICATIONS This makes use of pipes to handle the notification buffer and provides KEYCTL_WATCH_KEY to enable/disable watches. =20 +config KEYS_KUNIT_TEST + tristate "KUnit tests for keyrings" if !KUNIT_ALL_TESTS + depends on KUNIT + default KUNIT_ALL_TESTS + help + Build KUnit tests for keyring operations. + These tests exercise keyring link and move behavior, including + protection of KEY_FLAG_KEEP entries. + They are intended for KUnit runs on developer kernels and are not + needed for normal systems. + + If you are unsure how to answer this question, answer N. + endif # KEYS diff --git a/security/keys/Makefile b/security/keys/Makefile index 5f40807f05b3..fa583a4ea945 100644 --- a/security/keys/Makefile +++ b/security/keys/Makefile @@ -23,6 +23,7 @@ obj-$(CONFIG_SYSCTL) +=3D sysctl.o obj-$(CONFIG_PERSISTENT_KEYRINGS) +=3D persistent.o obj-$(CONFIG_KEY_DH_OPERATIONS) +=3D dh.o obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) +=3D keyctl_pkey.o +obj-$(CONFIG_KEYS_KUNIT_TEST) +=3D keyring_test.o =20 # # Key types diff --git a/security/keys/keyring_test.c b/security/keys/keyring_test.c new file mode 100644 index 000000000000..0055b50224e9 --- /dev/null +++ b/security/keys/keyring_test.c @@ -0,0 +1,121 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * KUnit tests for keyring operations. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static void keyring_test_key_put(void *data) +{ + key_put(data); +} + +static struct key *test_keyring_alloc(struct kunit *test, const char *desc, + unsigned long flags) +{ + struct key *keyring; + + keyring =3D keyring_alloc(desc, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, + current_cred(), KEY_POS_ALL | KEY_USR_ALL, + KEY_ALLOC_NOT_IN_QUOTA | flags, NULL, NULL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, keyring); + KUNIT_ASSERT_EQ(test, kunit_add_action_or_reset(test, + keyring_test_key_put, + keyring), 0); + + return keyring; +} + +static struct key *test_user_key_alloc(struct kunit *test, const char *des= c, + struct key *keyring, + unsigned long flags) +{ + static const char payload[] =3D "payload"; + struct key *key; + int ret; + + key =3D key_alloc(&key_type_user, desc, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, + current_cred(), KEY_POS_ALL | KEY_USR_ALL, + KEY_ALLOC_NOT_IN_QUOTA | flags, NULL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, key); + KUNIT_ASSERT_EQ(test, kunit_add_action_or_reset(test, + keyring_test_key_put, + key), 0); + + ret =3D key_instantiate_and_link(key, payload, sizeof(payload), + keyring, NULL); + KUNIT_ASSERT_EQ(test, ret, 0); + + return key; +} + +static void keyring_move_user_key(struct kunit *test) +{ + struct key *from, *to, *key; + int ret; + + from =3D test_keyring_alloc(test, "move-from", 0); + to =3D test_keyring_alloc(test, "move-to", 0); + key =3D test_user_key_alloc(test, "move-key", from, 0); + + ret =3D key_move(key, from, to, 0); + KUNIT_EXPECT_EQ(test, ret, 0); + + ret =3D key_move(key, to, from, 0); + KUNIT_EXPECT_EQ(test, ret, 0); +} + +static void keyring_move_keep_key_fails(struct kunit *test) +{ + struct key *from, *to, *key; + int ret; + + from =3D test_keyring_alloc(test, "keep-from", KEY_ALLOC_SET_KEEP); + to =3D test_keyring_alloc(test, "keep-to", 0); + key =3D test_user_key_alloc(test, "keep-key", from, 0); + + KUNIT_ASSERT_TRUE(test, test_bit(KEY_FLAG_KEEP, &from->flags)); + KUNIT_ASSERT_TRUE(test, test_bit(KEY_FLAG_KEEP, &key->flags)); + + ret =3D key_move(key, from, to, 0); + KUNIT_EXPECT_EQ(test, ret, -EPERM); + + ret =3D key_move(key, to, from, 0); + KUNIT_EXPECT_EQ(test, ret, -ENOENT); +} + +static void keyring_move_keep_same_keyring(struct kunit *test) +{ + struct key *keyring, *key; + int ret; + + keyring =3D test_keyring_alloc(test, "keep-same", KEY_ALLOC_SET_KEEP); + key =3D test_user_key_alloc(test, "keep-same-key", keyring, 0); + + ret =3D key_move(key, keyring, keyring, 0); + KUNIT_EXPECT_EQ(test, ret, 0); +} + +static struct kunit_case keyring_test_cases[] =3D { + KUNIT_CASE(keyring_move_user_key), + KUNIT_CASE(keyring_move_keep_key_fails), + KUNIT_CASE(keyring_move_keep_same_keyring), + {} +}; + +static struct kunit_suite keyring_test_suite =3D { + .name =3D "keyring", + .test_cases =3D keyring_test_cases, +}; + +kunit_test_suite(keyring_test_suite); + +MODULE_LICENSE("GPL"); --=20 2.51.2.windows.1