Commit 87268f7a authored by Christoph Hellwig's avatar Christoph Hellwig Committed by Trond Myklebust
Browse files

nfs: create a kernel keyring 



Create a kernel .nfs keyring similar to the nvme .nvme one.  Unlike for
a userspace-created keyrind, tlshd is a possesor of the keys with this
and thus the keys don't need user read permissions.

Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
Reviewed-by: default avatarSagi Grimberg <sagi@grimberg.me>
Link: https://lore.kernel.org/r/20250515115107.33052-3-hch@lst.de


Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
parent 90c9550a

fs/nfs/inode.c

+35 −0
Original line number Diff line number Diff line
@@ -2649,6 +2649,35 @@ static struct pernet_operations nfs_net_ops = { 
	.size = sizeof(struct nfs_net),

};



#ifdef CONFIG_KEYS

static struct key *nfs_keyring;



static int __init nfs_init_keyring(void)

{

	nfs_keyring = keyring_alloc(".nfs",

			     GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,

			     current_cred(),

			     (KEY_POS_ALL & ~KEY_POS_SETATTR) |

			     (KEY_USR_ALL & ~KEY_USR_SETATTR),

			     KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);

	return PTR_ERR_OR_ZERO(nfs_keyring);

}



static void __exit nfs_exit_keyring(void)

{

	key_put(nfs_keyring);

}

#else

static inline int nfs_init_keyring(void)

{

	return 0;

}



static inline void nfs_exit_keyring(void)

{

}

#endif /* CONFIG_KEYS */



/*

 * Initialize NFS

 */
@@ -2656,6 +2685,10 @@ static int __init init_nfs_fs(void) 
{

	int err;



	err = nfs_init_keyring();

	if (err)

		return err;



	err = nfs_sysfs_init();

	if (err < 0)

		goto out10;
@@ -2716,6 +2749,7 @@ static int __init init_nfs_fs(void) 
out9:

	nfs_sysfs_exit();

out10:

	nfs_exit_keyring();

	return err;

}
@@ -2731,6 +2765,7 @@ static void __exit exit_nfs_fs(void) 
	nfs_fs_proc_exit();

	nfsiod_stop();

	nfs_sysfs_exit();

	nfs_exit_keyring();

}



/* Not quite true; I just maintain it */