[OpenAFS-devel] [LKML] Re: In-kernel Authentication Tokens (PAGs)

[David Howells]

Hi Kyle,

> >>> KEYCTL_SHLOCK
> >>> KEYCTL_EXLOCK
> >>> KEYCTL_UNLOCK:	A mandatory lock on the key/key-ring
> >>
> > Be careful with those :)
> > Are the locks connected to the open file, and discarded on close?
> 
> Probably only privileged processes (CAP_LINUX_KEYRING?) or maybe
> those with write privileges will be able to use those (Even the SHLOCK).

I would very much advise against this... otherwise you could end up with a
kernel vs userspace deadlock very easily. Furthermore, my current patch
controls read access using a spinlock only - this means that stuff in
interrupt context can access keys; I think it'd be unwise to do otherwise.

Have you looked at the locking stuff the VFS does? It finds its way into all
sorts of nooks and crannies because it has to make sure locks are discarded
when their owner goes away - whatever "owner" means to the system.

I think you don't really need locking anyway. You just have to be aware that
what you're dealing with may change under you.

> This leaves all decisions of policy to a PAM module and some 
> configurable programs.  (Like key-sh or something :-D)

I think that's probably a good idea... now we just have to sell Linus on it.

> > Kyle: are you in sync with dhowells on this?
> 
> He and I worked out a lot of the concepts for the patch, but I haven't 
> talked with him recently.

I'm trying to get through a whole load of things I really need to get done
before I go to OLS:-)

I'll see what I can do.

David