Merge tag 'keys-misc-20190619' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs

     added.

  *  Move a key from one keyring to another::

	long keyctl(KEYCTL_MOVE,

		    key_serial_t id,

		    key_serial_t from_ring_id,

		    key_serial_t to_ring_id,

		    unsigned int flags);

     Move the key specified by "id" from the keyring specified by

     "from_ring_id" to the keyring specified by "to_ring_id".  If the two

     keyrings are the same, nothing is done.

     "flags" can have KEYCTL_MOVE_EXCL set in it to cause the operation to fail

     with EEXIST if a matching key exists in the destination keyring, otherwise

     such a key will be replaced.

     A process must have link permission on the key for this function to be

     successful and write permission on both keyrings.  Any errors that can

     occur from KEYCTL_LINK also apply on the destination keyring here.

  *  Unlink a key or keyring from another keyring::

	long keyctl(KEYCTL_UNLINK, key_serial_t keyring, key_serial_t key);

extern int key_link(struct key *keyring,

		    struct key *key);

extern int key_move(struct key *key,

		    struct key *from_keyring,

		    struct key *to_keyring,

		    unsigned int flags);

extern int key_unlink(struct key *keyring,

		      struct key *key);

 * the userspace interface

 */

extern int install_thread_keyring_to_cred(struct cred *cred);

extern void key_fsuid_changed(struct task_struct *tsk);

extern void key_fsgid_changed(struct task_struct *tsk);

extern void key_fsuid_changed(struct cred *new_cred);

extern void key_fsgid_changed(struct cred *new_cred);

extern void key_init(void);

#else /* CONFIG_KEYS */

#define make_key_ref(k, p)		NULL

#define key_ref_to_ptr(k)		NULL

#define is_key_possessed(k)		0

#define key_fsuid_changed(t)		do { } while(0)

#define key_fsgid_changed(t)		do { } while(0)

#define key_fsuid_changed(c)		do { } while(0)

#define key_fsgid_changed(c)		do { } while(0)

#define key_init()			do { } while(0)

#endif /* CONFIG_KEYS */

#define KEYCTL_PKEY_SIGN		27	/* Create a public key signature */

#define KEYCTL_PKEY_VERIFY		28	/* Verify a public key signature */

#define KEYCTL_RESTRICT_KEYRING		29	/* Restrict keys allowed to link to a keyring */

#define KEYCTL_MOVE			30	/* Move keys between keyrings */

#define KEYCTL_CAPABILITIES		31	/* Find capabilities of keyrings subsystem */

/* keyctl structures */

struct keyctl_dh_params {

	__u32		__spare[7];

};

#define KEYCTL_MOVE_EXCL	0x00000001 /* Do not displace from the to-keyring */

/*

 * Capabilities flags.  The capabilities list is an array of 8-bit integers;

 * each integer can carry up to 8 flags.

 */

#define KEYCTL_CAPS0_CAPABILITIES	0x01 /* KEYCTL_CAPABILITIES supported */

#define KEYCTL_CAPS0_PERSISTENT_KEYRINGS 0x02 /* Persistent keyrings enabled */

#define KEYCTL_CAPS0_DIFFIE_HELLMAN	0x04 /* Diffie-Hellman computation enabled */

#define KEYCTL_CAPS0_PUBLIC_KEY		0x08 /* Public key ops enabled */

#define KEYCTL_CAPS0_BIG_KEY		0x10 /* big_key-type enabled */

#define KEYCTL_CAPS0_INVALIDATE		0x20 /* KEYCTL_INVALIDATE supported */

#define KEYCTL_CAPS0_RESTRICT_KEYRING	0x40 /* KEYCTL_RESTRICT_KEYRING supported */

#define KEYCTL_CAPS0_MOVE		0x80 /* KEYCTL_MOVE supported */

#endif /*  _LINUX_KEYCTL_H */

	/* alter the thread keyring */

	if (!uid_eq(new->fsuid, old->fsuid))

		key_fsuid_changed(task);

		key_fsuid_changed(new);

	if (!gid_eq(new->fsgid, old->fsgid))

		key_fsgid_changed(task);

		key_fsgid_changed(new);

	/* do it

	 * RLIMIT_NPROC limits on user->processes have already been checked

		return keyctl_pkey_verify(compat_ptr(arg2), compat_ptr(arg3),

					  compat_ptr(arg4), compat_ptr(arg5));

	case KEYCTL_MOVE:

		return keyctl_keyring_move(arg2, arg3, arg4, arg5);

	case KEYCTL_CAPABILITIES:

		return keyctl_capabilities(compat_ptr(arg2), arg3);

	default:

		return -EOPNOTSUPP;

	}