KEYS: Limit ABI change in 4.13.10

Commit 363b02dab09b ("KEYS: Fix race between updating and finding a
negative key") rearranged various state members in struct key, resulting
in an ABI change for all keys APIs.

Only the keys subsystem and key type implementation use this state
information, so we can limit the ABI break to them:

- Renumber the other flags back to their old values
- Hide the deletion of the reject_error field from genksyms (it was only
  used inside the keys subsystem)
- Move the new state field to the end of the structure and hide it from
  genksyms
- Rename the register_key_type() function, so newly built key type
  modules will only load on top of the new keys subsystem while old
  key type modules will only load on top of the old keys subsystem

Gbp-Pq: Topic debian
Gbp-Pq: Name keys-limit-abi-change-in-4.13.10.patch

diff --git a/include/linux/key-type.h b/include/linux/key-type.h
index 9520fc3c3b9ab376ae571cb9895d0dc838212ffc..6721fac51e7e734bcaa43a4d86e5a66fdd8663a6 100644 (file)
--- a/include/linux/key-type.h
+++ b/include/linux/key-type.h
@@ -162,6 +162,12 @@ struct key_type {
 
 extern struct key_type key_type_keyring;
 
+/*
+ * ABI compat: Rename register function so newly built key type modules
+ * will require a new kernel and can then safely assume the existence of the
+ * key::state field.  Other keys users don't access it and are unaffected.
+ */
+#define register_key_type register_key_type_2
 extern int register_key_type(struct key_type *ktype);
 extern void unregister_key_type(struct key_type *ktype);
 

diff --git a/include/linux/key.h b/include/linux/key.h
index 8a15cabe928d0ee282742f0c44be26e7af01851d..31239229c31870e698e62498c391a23464429133 100644 (file)
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -174,7 +174,6 @@ struct key {
                                                 * - may not match RCU dereferenced payload
                                                 * - payload should contain own length
                                                 */
-       short                   state;          /* Key state (+) or rejection error (-) */
 
 #ifdef KEY_DEBUGGING
        unsigned                magic;
@@ -182,16 +181,16 @@ struct key {
 #endif
 
        unsigned long           flags;          /* status flags (change with bitops) */
-#define KEY_FLAG_DEAD          0       /* set if key type has been deleted */
-#define KEY_FLAG_REVOKED       1       /* set if key had been revoked */
-#define KEY_FLAG_IN_QUOTA      2       /* set if key consumes quota */
-#define KEY_FLAG_USER_CONSTRUCT        3       /* set if key is being constructed in userspace */
-#define KEY_FLAG_ROOT_CAN_CLEAR        4       /* set if key can be cleared by root without permission */
-#define KEY_FLAG_INVALIDATED   5       /* set if key has been invalidated */
-#define KEY_FLAG_BUILTIN       6       /* set if key is built in to the kernel */
-#define KEY_FLAG_ROOT_CAN_INVAL        7       /* set if key can be invalidated by root without permission */
-#define KEY_FLAG_KEEP          8       /* set if key should not be removed */
-#define KEY_FLAG_UID_KEYRING   9       /* set if key is a user or user session keyring */
+#define KEY_FLAG_DEAD          1       /* set if key type has been deleted */
+#define KEY_FLAG_REVOKED       2       /* set if key had been revoked */
+#define KEY_FLAG_IN_QUOTA      3       /* set if key consumes quota */
+#define KEY_FLAG_USER_CONSTRUCT        4       /* set if key is being constructed in userspace */
+#define KEY_FLAG_ROOT_CAN_CLEAR        6       /* set if key can be cleared by root without permission */
+#define KEY_FLAG_INVALIDATED   7       /* set if key has been invalidated */
+#define KEY_FLAG_BUILTIN       8       /* set if key is built in to the kernel */
+#define KEY_FLAG_ROOT_CAN_INVAL        9       /* set if key can be invalidated by root without permission */
+#define KEY_FLAG_KEEP          10      /* set if key should not be removed */
+#define KEY_FLAG_UID_KEYRING   11      /* set if key is a user or user session keyring */
 
        /* the key type and key description string
         * - the desc is used to match a key against search criteria
@@ -217,6 +216,9 @@ struct key {
                        struct list_head name_link;
                        struct assoc_array keys;
                };
+#ifdef __GENKSYMS__
+               int reject_error;
+#endif
        };
 
        /* This is set on a keyring to restrict the addition of a link to a key
@@ -231,6 +233,10 @@ struct key {
         * restriction.
         */
        struct key_restriction *restrict_link;
+
+#ifndef __GENKSYMS__
+       short                   state;          /* Key state (+) or rejection error (-) */
+#endif
 };
 
 extern struct key *key_alloc(struct key_type *type,