/*
 * Generator for GIMPLE pass related boilerplate code/data
 *
 * Supports gcc 4.5-6
 *
 * Usage:
 *
 * 1. before inclusion define PASS_NAME
 * 2. before inclusion define NO_* for unimplemented callbacks
 *    NO_GATE
 *    NO_EXECUTE
 * 3. before inclusion define PROPERTIES_* and TODO_FLAGS_* to override
 *    the default 0 values
 * 4. for convenience, all the above will be undefined after inclusion!
 * 5. the only exported name is make_PASS_NAME_pass() to register with gcc
 */

#ifndef PASS_NAME
#error at least PASS_NAME must be defined
#else
#define __GCC_PLUGIN_STRINGIFY(n)	#n
#define _GCC_PLUGIN_STRINGIFY(n)	__GCC_PLUGIN_STRINGIFY(n)
#define _GCC_PLUGIN_CONCAT2(x, y)	x ## y
#define _GCC_PLUGIN_CONCAT3(x, y, z)	x ## y ## z

#define __PASS_NAME_PASS_DATA(n)	_GCC_PLUGIN_CONCAT2(n, _pass_data)
#define _PASS_NAME_PASS_DATA		__PASS_NAME_PASS_DATA(PASS_NAME)

#define __PASS_NAME_PASS(n)		_GCC_PLUGIN_CONCAT2(n, _pass)
#define _PASS_NAME_PASS			__PASS_NAME_PASS(PASS_NAME)

#define _PASS_NAME_NAME			_GCC_PLUGIN_STRINGIFY(PASS_NAME)

#define __MAKE_PASS_NAME_PASS(n)	_GCC_PLUGIN_CONCAT3(make_, n, _pass)
#define _MAKE_PASS_NAME_PASS		__MAKE_PASS_NAME_PASS(PASS_NAME)

#ifdef NO_GATE
#define _GATE NULL
#define _HAS_GATE false
#else
#define __GATE(n)			_GCC_PLUGIN_CONCAT2(n, _gate)
#define _GATE				__GATE(PASS_NAME)
#define _HAS_GATE true
#endif

#ifdef NO_EXECUTE
#define _EXECUTE NULL
#define _HAS_EXECUTE false
#else
#define __EXECUTE(n)			_GCC_PLUGIN_CONCAT2(n, _execute)
#define _EXECUTE			__EXECUTE(PASS_NAME)
#define _HAS_EXECUTE true
#endif

#ifndef PROPERTIES_REQUIRED
#define PROPERTIES_REQUIRED 0
#endif

#ifndef PROPERTIES_PROVIDED
#define PROPERTIES_PROVIDED 0
#endif

#ifndef PROPERTIES_DESTROYED
#define PROPERTIES_DESTROYED 0
#endif

#ifndef TODO_FLAGS_START
#define TODO_FLAGS_START 0
#endif

#ifndef TODO_FLAGS_FINISH
#define TODO_FLAGS_FINISH 0
#endif

#if BUILDING_GCC_VERSION >= 4009
namespace {
static const pass_data _PASS_NAME_PASS_DATA = {
#else
static struct gimple_opt_pass _PASS_NAME_PASS = {
	.pass = {
#endif
		.type			= GIMPLE_PASS,
		.name			= _PASS_NAME_NAME,
#if BUILDING_GCC_VERSION >= 4008
		.optinfo_flags		= OPTGROUP_NONE,
#endif
#if BUILDING_GCC_VERSION >= 5000
#elif BUILDING_GCC_VERSION == 4009
		.has_gate		= _HAS_GATE,
		.has_execute		= _HAS_EXECUTE,
#else
		.gate			= _GATE,
		.execute		= _EXECUTE,
		.sub			= NULL,
		.next			= NULL,
		.static_pass_number	= 0,
#endif
		.tv_id			= TV_NONE,
		.properties_required	= PROPERTIES_REQUIRED,
		.properties_provided	= PROPERTIES_PROVIDED,
		.properties_destroyed	= PROPERTIES_DESTROYED,
		.todo_flags_start	= TODO_FLAGS_START,
		.todo_flags_finish	= TODO_FLAGS_FINISH,
#if BUILDING_GCC_VERSION < 4009
	}
#endif
};

#if BUILDING_GCC_VERSION >= 4009
class _PASS_NAME_PASS : public gimple_opt_pass {
public:
	_PASS_NAME_PASS() : gimple_opt_pass(_PASS_NAME_PASS_DATA, g) {}

#ifndef NO_GATE
#if BUILDING_GCC_VERSION >= 5000
	virtual bool gate(function *) { return _GATE(); }
#else
	virtual bool gate(void) { return _GATE(); }
#endif
#endif

	virtual opt_pass * clone () { return new _PASS_NAME_PASS(); }

#ifndef NO_EXECUTE
#if BUILDING_GCC_VERSION >= 5000
	virtual unsigned int execute(function *) { return _EXECUTE(); }
#else
	virtual unsigned int execute(void) { return _EXECUTE(); }
#endif
#endif
};
}

opt_pass *_MAKE_PASS_NAME_PASS(void)
{
	return new _PASS_NAME_PASS();
}
#else
struct opt_pass *_MAKE_PASS_NAME_PASS(void)
{
	return &_PASS_NAME_PASS.pass;
}
#endif

/* clean up user provided defines */
#undef PASS_NAME
#undef NO_GATE
#undef NO_EXECUTE

#undef PROPERTIES_DESTROYED
#undef PROPERTIES_PROVIDED
#undef PROPERTIES_REQUIRED
#undef TODO_FLAGS_FINISH
#undef TODO_FLAGS_START

/* clean up generated defines */
#undef _EXECUTE
#undef __EXECUTE
#undef _GATE
#undef __GATE
#undef _GCC_PLUGIN_CONCAT2
#undef _GCC_PLUGIN_CONCAT3
#undef _GCC_PLUGIN_STRINGIFY
#undef __GCC_PLUGIN_STRINGIFY
#undef _HAS_EXECUTE
#undef _HAS_GATE
#undef _MAKE_PASS_NAME_PASS
#undef __MAKE_PASS_NAME_PASS
#undef _PASS_NAME_NAME
#undef _PASS_NAME_PASS
#undef __PASS_NAME_PASS
#undef _PASS_NAME_PASS_DATA
#undef __PASS_NAME_PASS_DATA

#endif /* PASS_NAME */
35:19 +0100</td></tr>
<tr><th>commit</th><td colspan='2' class='oid'><a href='/cgit.cgi/linux/net-next.git/commit/?id=f36f8c75ae2e7d4da34f4c908cebdb4aa42c977e'>f36f8c75ae2e7d4da34f4c908cebdb4aa42c977e</a> (<a href='/cgit.cgi/linux/net-next.git/patch/?id=f36f8c75ae2e7d4da34f4c908cebdb4aa42c977e'>patch</a>)</td></tr>
<tr><th>tree</th><td colspan='2' class='oid'><a href='/cgit.cgi/linux/net-next.git/tree/?id=f36f8c75ae2e7d4da34f4c908cebdb4aa42c977e'>09d5dd4ffe2e8cc499f97b0fc3895b7e3f35ccbf</a></td></tr>
<tr><th>parent</th><td colspan='2' class='oid'><a href='/cgit.cgi/linux/net-next.git/commit/?id=ab3c3587f8cda9083209a61dbe3a4407d3cada10'>ab3c3587f8cda9083209a61dbe3a4407d3cada10</a> (<a href='/cgit.cgi/linux/net-next.git/diff/?id=f36f8c75ae2e7d4da34f4c908cebdb4aa42c977e&amp;id2=ab3c3587f8cda9083209a61dbe3a4407d3cada10'>diff</a>)</td></tr></table>
<div class='commit-subject'>KEYS: Add per-user_namespace registers for persistent per-UID kerberos caches</div><div class='commit-msg'>Add support for per-user_namespace registers of persistent per-UID kerberos
caches held within the kernel.

This allows the kerberos cache to be retained beyond the life of all a user's
processes so that the user's cron jobs can work.

The kerberos cache is envisioned as a keyring/key tree looking something like:

	struct user_namespace
	  \___ .krb_cache keyring		- The register
		\___ _krb.0 keyring		- Root's Kerberos cache
		\___ _krb.5000 keyring		- User 5000's Kerberos cache
		\___ _krb.5001 keyring		- User 5001's Kerberos cache
			\___ tkt785 big_key	- A ccache blob
			\___ tkt12345 big_key	- Another ccache blob

Or possibly:

	struct user_namespace
	  \___ .krb_cache keyring		- The register
		\___ _krb.0 keyring		- Root's Kerberos cache
		\___ _krb.5000 keyring		- User 5000's Kerberos cache
		\___ _krb.5001 keyring		- User 5001's Kerberos cache
			\___ tkt785 keyring	- A ccache
				\___ krbtgt/REDHAT.COM@REDHAT.COM big_key
				\___ http/REDHAT.COM@REDHAT.COM user
				\___ afs/REDHAT.COM@REDHAT.COM user
				\___ nfs/REDHAT.COM@REDHAT.COM user
				\___ krbtgt/KERNEL.ORG@KERNEL.ORG big_key
				\___ http/KERNEL.ORG@KERNEL.ORG big_key

What goes into a particular Kerberos cache is entirely up to userspace.  Kernel
support is limited to giving you the Kerberos cache keyring that you want.

The user asks for their Kerberos cache by:

	krb_cache = keyctl_get_krbcache(uid, dest_keyring);

The uid is -1 or the user's own UID for the user's own cache or the uid of some
other user's cache (requires CAP_SETUID).  This permits rpc.gssd or whatever to
mess with the cache.

The cache returned is a keyring named "_krb.&lt;uid&gt;" that the possessor can read,
search, clear, invalidate, unlink from and add links to.  Active LSMs get a
chance to rule on whether the caller is permitted to make a link.

Each uid's cache keyring is created when it first accessed and is given a
timeout that is extended each time this function is called so that the keyring
goes away after a while.  The timeout is configurable by sysctl but defaults to
three days.

Each user_namespace struct gets a lazily-created keyring that serves as the
register.  The cache keyrings are added to it.  This means that standard key
search and garbage collection facilities are available.

The user_namespace struct's register goes away when it does and anything left
in it is then automatically gc'd.

Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
Tested-by: Simo Sorce &lt;simo@redhat.com&gt;
cc: Serge E. Hallyn &lt;serge.hallyn@ubuntu.com&gt;
cc: Eric W. Biederman &lt;ebiederm@xmission.com&gt;
</div><div class='diffstat-header'><a href='/cgit.cgi/linux/net-next.git/diff/?id=f36f8c75ae2e7d4da34f4c908cebdb4aa42c977e'>Diffstat</a></div><table summary='diffstat' class='diffstat'>