KEYS: Limit ABI change in 4.9.59

Commit 363b02dab09b ("KEYS: Fix race between updating and finding a
negative key") rearranged various state members in struct key, resulting
in an ABI change for all keys APIs.

Only the keys subsystem and key type implementation use this state
information, so we can limit the ABI break to them:

- Renumber the other flags back to their old values
- Hide the deletion of the reject_error field from genksyms (it was only
  used inside the keys subsystem)
- Move the new state field to the end of the structure and hide it from
  genksyms
- Rename the register_key_type() function, so newly built key type
  modules will only load on top of the new keys subsystem while old
  key type modules will only load on top of the old keys subsystem

Gbp-Pq: Topic debian
Gbp-Pq: Name keys-limit-abi-change-in-4.9.59.patch

diff --git a/include/linux/key-type.h b/include/linux/key-type.h
index eaee981c55584bc0aa8ee72365449e376713a536..147bfc9a3339bd459ae1518f6cbd254f3c258ad2 100644 (file)
--- a/include/linux/key-type.h
+++ b/include/linux/key-type.h
@@ -154,6 +154,12 @@ struct key_type {
 
 extern struct key_type key_type_keyring;
 
+/*
+ * ABI compat: Rename register function so newly built key type modules
+ * will require a new kernel and can then safely assume the existence of the
+ * key::state field.  Other keys users don't access it and are unaffected.
+ */
+#define register_key_type register_key_type_2
 extern int register_key_type(struct key_type *ktype);
 extern void unregister_key_type(struct key_type *ktype);
 

diff --git a/include/linux/key.h b/include/linux/key.h
index ed9b44fd9580efcca1a7b4757a77463fd6e0fbe0..e4a5cde06d2d4b5b78fde822504e7902bfde47ba 100644 (file)
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -162,7 +162,6 @@ struct key {
                                                 * - may not match RCU dereferenced payload
                                                 * - payload should contain own length
                                                 */
-       short                   state;          /* Key state (+) or rejection error (-) */
 
 #ifdef KEY_DEBUGGING
        unsigned                magic;
@@ -171,16 +170,16 @@ struct key {
 #endif
 
        unsigned long           flags;          /* status flags (change with bitops) */
-#define KEY_FLAG_DEAD          0       /* set if key type has been deleted */
-#define KEY_FLAG_REVOKED       1       /* set if key had been revoked */
-#define KEY_FLAG_IN_QUOTA      2       /* set if key consumes quota */
-#define KEY_FLAG_USER_CONSTRUCT        3       /* set if key is being constructed in userspace */
-#define KEY_FLAG_ROOT_CAN_CLEAR        4       /* set if key can be cleared by root without permission */
-#define KEY_FLAG_INVALIDATED   5       /* set if key has been invalidated */
-#define KEY_FLAG_BUILTIN       6       /* set if key is built in to the kernel */
-#define KEY_FLAG_ROOT_CAN_INVAL        7       /* set if key can be invalidated by root without permission */
-#define KEY_FLAG_KEEP          8       /* set if key should not be removed */
-#define KEY_FLAG_UID_KEYRING   9       /* set if key is a user or user session keyring */
+#define KEY_FLAG_DEAD          1       /* set if key type has been deleted */
+#define KEY_FLAG_REVOKED       2       /* set if key had been revoked */
+#define KEY_FLAG_IN_QUOTA      3       /* set if key consumes quota */
+#define KEY_FLAG_USER_CONSTRUCT        4       /* set if key is being constructed in userspace */
+#define KEY_FLAG_ROOT_CAN_CLEAR        6       /* set if key can be cleared by root without permission */
+#define KEY_FLAG_INVALIDATED   7       /* set if key has been invalidated */
+#define KEY_FLAG_BUILTIN       8       /* set if key is built in to the kernel */
+#define KEY_FLAG_ROOT_CAN_INVAL        9       /* set if key can be invalidated by root without permission */
+#define KEY_FLAG_KEEP          10      /* set if key should not be removed */
+#define KEY_FLAG_UID_KEYRING   11      /* set if key is a user or user session keyring */
 
        /* the key type and key description string
         * - the desc is used to match a key against search criteria
@@ -206,6 +205,9 @@ struct key {
                        struct list_head name_link;
                        struct assoc_array keys;
                };
+#ifdef __GENKSYMS__
+               int reject_error;
+#endif
        };
 
        /* This is set on a keyring to restrict the addition of a link to a key
@@ -221,6 +223,10 @@ struct key {
        int (*restrict_link)(struct key *keyring,
                             const struct key_type *type,
                             const union key_payload *payload);
+
+#ifndef __GENKSYMS__
+       short                   state;          /* Key state (+) or rejection error (-) */
+#endif
 };
 
 extern struct key *key_alloc(struct key_type *type,