1
2
3
4
5
6
7
8
9
10
11
12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/poison.h>
15#include <linux/sched.h>
16#include <linux/slab.h>
17#include <linux/security.h>
18#include <linux/workqueue.h>
19#include <linux/random.h>
20#include <linux/err.h>
21#include "internal.h"
22
23struct kmem_cache *key_jar;
24struct rb_root key_serial_tree;
25DEFINE_SPINLOCK(key_serial_lock);
26
27struct rb_root key_user_tree;
28DEFINE_SPINLOCK(key_user_lock);
29
30unsigned int key_quota_root_maxkeys = 200;
31unsigned int key_quota_root_maxbytes = 20000;
32unsigned int key_quota_maxkeys = 200;
33unsigned int key_quota_maxbytes = 20000;
34
35static LIST_HEAD(key_types_list);
36static DECLARE_RWSEM(key_types_sem);
37
38
39DEFINE_MUTEX(key_construction_mutex);
40
41#ifdef KEY_DEBUGGING
42void __key_check(const struct key *key)
43{
44 printk("__key_check: key %p {%08x} should be {%08x}\n",
45 key, key->magic, KEY_DEBUG_MAGIC);
46 BUG();
47}
48#endif
49
50
51
52
53
54struct key_user *key_user_lookup(kuid_t uid)
55{
56 struct key_user *candidate = NULL, *user;
57 struct rb_node *parent = NULL;
58 struct rb_node **p;
59
60try_again:
61 p = &key_user_tree.rb_node;
62 spin_lock(&key_user_lock);
63
64
65 while (*p) {
66 parent = *p;
67 user = rb_entry(parent, struct key_user, node);
68
69 if (uid_lt(uid, user->uid))
70 p = &(*p)->rb_left;
71 else if (uid_gt(uid, user->uid))
72 p = &(*p)->rb_right;
73 else
74 goto found;
75 }
76
77
78 if (!candidate) {
79
80
81 spin_unlock(&key_user_lock);
82
83 user = NULL;
84 candidate = kmalloc(sizeof(struct key_user), GFP_KERNEL);
85 if (unlikely(!candidate))
86 goto out;
87
88
89
90
91 goto try_again;
92 }
93
94
95
96 atomic_set(&candidate->usage, 1);
97 atomic_set(&candidate->nkeys, 0);
98 atomic_set(&candidate->nikeys, 0);
99 candidate->uid = uid;
100 candidate->qnkeys = 0;
101 candidate->qnbytes = 0;
102 spin_lock_init(&candidate->lock);
103 mutex_init(&candidate->cons_lock);
104
105 rb_link_node(&candidate->node, parent, p);
106 rb_insert_color(&candidate->node, &key_user_tree);
107 spin_unlock(&key_user_lock);
108 user = candidate;
109 goto out;
110
111
112found:
113 atomic_inc(&user->usage);
114 spin_unlock(&key_user_lock);
115 kfree(candidate);
116out:
117 return user;
118}
119
120
121
122
123void key_user_put(struct key_user *user)
124{
125 if (atomic_dec_and_lock(&user->usage, &key_user_lock)) {
126 rb_erase(&user->node, &key_user_tree);
127 spin_unlock(&key_user_lock);
128
129 kfree(user);
130 }
131}
132
133
134
135
136
137static inline void key_alloc_serial(struct key *key)
138{
139 struct rb_node *parent, **p;
140 struct key *xkey;
141
142
143
144 do {
145 get_random_bytes(&key->serial, sizeof(key->serial));
146
147 key->serial >>= 1;
148 } while (key->serial < 3);
149
150 spin_lock(&key_serial_lock);
151
152attempt_insertion:
153 parent = NULL;
154 p = &key_serial_tree.rb_node;
155
156 while (*p) {
157 parent = *p;
158 xkey = rb_entry(parent, struct key, serial_node);
159
160 if (key->serial < xkey->serial)
161 p = &(*p)->rb_left;
162 else if (key->serial > xkey->serial)
163 p = &(*p)->rb_right;
164 else
165 goto serial_exists;
166 }
167
168
169 rb_link_node(&key->serial_node, parent, p);
170 rb_insert_color(&key->serial_node, &key_serial_tree);
171
172 spin_unlock(&key_serial_lock);
173 return;
174
175
176
177serial_exists:
178 for (;;) {
179 key->serial++;
180 if (key->serial < 3) {
181 key->serial = 3;
182 goto attempt_insertion;
183 }
184
185 parent = rb_next(parent);
186 if (!parent)
187 goto attempt_insertion;
188
189 xkey = rb_entry(parent, struct key, serial_node);
190 if (key->serial < xkey->serial)
191 goto attempt_insertion;
192 }
193}
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224struct key *key_alloc(struct key_type *type, const char *desc,
225 kuid_t uid, kgid_t gid, const struct cred *cred,
226 key_perm_t perm, unsigned long flags)
227{
228 struct key_user *user = NULL;
229 struct key *key;
230 size_t desclen, quotalen;
231 int ret;
232
233 key = ERR_PTR(-EINVAL);
234 if (!desc || !*desc)
235 goto error;
236
237 if (type->vet_description) {
238 ret = type->vet_description(desc);
239 if (ret < 0) {
240 key = ERR_PTR(ret);
241 goto error;
242 }
243 }
244
245 desclen = strlen(desc) + 1;
246 quotalen = desclen + type->def_datalen;
247
248
249 user = key_user_lookup(uid);
250 if (!user)
251 goto no_memory_1;
252
253
254
255 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
256 unsigned maxkeys = uid_eq(uid, GLOBAL_ROOT_UID) ?
257 key_quota_root_maxkeys : key_quota_maxkeys;
258 unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ?
259 key_quota_root_maxbytes : key_quota_maxbytes;
260
261 spin_lock(&user->lock);
262 if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) {
263 if (user->qnkeys + 1 >= maxkeys ||
264 user->qnbytes + quotalen >= maxbytes ||
265 user->qnbytes + quotalen < user->qnbytes)
266 goto no_quota;
267 }
268
269 user->qnkeys++;
270 user->qnbytes += quotalen;
271 spin_unlock(&user->lock);
272 }
273
274
275 key = kmem_cache_alloc(key_jar, GFP_KERNEL);
276 if (!key)
277 goto no_memory_2;
278
279 if (desc) {
280 key->description = kmemdup(desc, desclen, GFP_KERNEL);
281 if (!key->description)
282 goto no_memory_3;
283 }
284
285 atomic_set(&key->usage, 1);
286 init_rwsem(&key->sem);
287 lockdep_set_class(&key->sem, &type->lock_class);
288 key->type = type;
289 key->user = user;
290 key->quotalen = quotalen;
291 key->datalen = type->def_datalen;
292 key->uid = uid;
293 key->gid = gid;
294 key->perm = perm;
295 key->flags = 0;
296 key->expiry = 0;
297 key->payload.data = NULL;
298 key->security = NULL;
299
300 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA))
301 key->flags |= 1 << KEY_FLAG_IN_QUOTA;
302
303 memset(&key->type_data, 0, sizeof(key->type_data));
304
305#ifdef KEY_DEBUGGING
306 key->magic = KEY_DEBUG_MAGIC;
307#endif
308
309
310 ret = security_key_alloc(key, cred, flags);
311 if (ret < 0)
312 goto security_error;
313
314
315 atomic_inc(&user->nkeys);
316 key_alloc_serial(key);
317
318error:
319 return key;
320
321security_error:
322 kfree(key->description);
323 kmem_cache_free(key_jar, key);
324 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
325 spin_lock(&user->lock);
326 user->qnkeys--;
327 user->qnbytes -= quotalen;
328 spin_unlock(&user->lock);
329 }
330 key_user_put(user);
331 key = ERR_PTR(ret);
332 goto error;
333
334no_memory_3:
335 kmem_cache_free(key_jar, key);
336no_memory_2:
337 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
338 spin_lock(&user->lock);
339 user->qnkeys--;
340 user->qnbytes -= quotalen;
341 spin_unlock(&user->lock);
342 }
343 key_user_put(user);
344no_memory_1:
345 key = ERR_PTR(-ENOMEM);
346 goto error;
347
348no_quota:
349 spin_unlock(&user->lock);
350 key_user_put(user);
351 key = ERR_PTR(-EDQUOT);
352 goto error;
353}
354EXPORT_SYMBOL(key_alloc);
355
356
357
358
359
360
361
362
363
364
365
366
367int key_payload_reserve(struct key *key, size_t datalen)
368{
369 int delta = (int)datalen - key->datalen;
370 int ret = 0;
371
372 key_check(key);
373
374
375 if (delta != 0 && test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
376 unsigned maxbytes = uid_eq(key->user->uid, GLOBAL_ROOT_UID) ?
377 key_quota_root_maxbytes : key_quota_maxbytes;
378
379 spin_lock(&key->user->lock);
380
381 if (delta > 0 &&
382 (key->user->qnbytes + delta >= maxbytes ||
383 key->user->qnbytes + delta < key->user->qnbytes)) {
384 ret = -EDQUOT;
385 }
386 else {
387 key->user->qnbytes += delta;
388 key->quotalen += delta;
389 }
390 spin_unlock(&key->user->lock);
391 }
392
393
394 if (ret == 0)
395 key->datalen = datalen;
396
397 return ret;
398}
399EXPORT_SYMBOL(key_payload_reserve);
400
401
402
403
404
405
406
407static int __key_instantiate_and_link(struct key *key,
408 struct key_preparsed_payload *prep,
409 struct key *keyring,
410 struct key *authkey,
411 unsigned long *_prealloc)
412{
413 int ret, awaken;
414
415 key_check(key);
416 key_check(keyring);
417
418 awaken = 0;
419 ret = -EBUSY;
420
421 mutex_lock(&key_construction_mutex);
422
423
424 if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
425
426 ret = key->type->instantiate(key, prep);
427
428 if (ret == 0) {
429
430 atomic_inc(&key->user->nikeys);
431 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
432
433 if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
434 awaken = 1;
435
436
437 if (keyring)
438 __key_link(keyring, key, _prealloc);
439
440
441 if (authkey)
442 key_revoke(authkey);
443 }
444 }
445
446 mutex_unlock(&key_construction_mutex);
447
448
449 if (awaken)
450 wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT);
451
452 return ret;
453}
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471int key_instantiate_and_link(struct key *key,
472 const void *data,
473 size_t datalen,
474 struct key *keyring,
475 struct key *authkey)
476{
477 struct key_preparsed_payload prep;
478 unsigned long prealloc;
479 int ret;
480
481 memset(&prep, 0, sizeof(prep));
482 prep.data = data;
483 prep.datalen = datalen;
484 prep.quotalen = key->type->def_datalen;
485 if (key->type->preparse) {
486 ret = key->type->preparse(&prep);
487 if (ret < 0)
488 goto error;
489 }
490
491 if (keyring) {
492 ret = __key_link_begin(keyring, key->type, key->description,
493 &prealloc);
494 if (ret < 0)
495 goto error_free_preparse;
496 }
497
498 ret = __key_instantiate_and_link(key, &prep, keyring, authkey,
499 &prealloc);
500
501 if (keyring)
502 __key_link_end(keyring, key->type, prealloc);
503
504error_free_preparse:
505 if (key->type->preparse)
506 key->type->free_preparse(&prep);
507error:
508 return ret;
509}
510
511EXPORT_SYMBOL(key_instantiate_and_link);
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534int key_reject_and_link(struct key *key,
535 unsigned timeout,
536 unsigned error,
537 struct key *keyring,
538 struct key *authkey)
539{
540 unsigned long prealloc;
541 struct timespec now;
542 int ret, awaken, link_ret = 0;
543
544 key_check(key);
545 key_check(keyring);
546
547 awaken = 0;
548 ret = -EBUSY;
549
550 if (keyring)
551 link_ret = __key_link_begin(keyring, key->type,
552 key->description, &prealloc);
553
554 mutex_lock(&key_construction_mutex);
555
556
557 if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
558
559 atomic_inc(&key->user->nikeys);
560 set_bit(KEY_FLAG_NEGATIVE, &key->flags);
561 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
562 key->type_data.reject_error = -error;
563 now = current_kernel_time();
564 key->expiry = now.tv_sec + timeout;
565 key_schedule_gc(key->expiry + key_gc_delay);
566
567 if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
568 awaken = 1;
569
570 ret = 0;
571
572
573 if (keyring && link_ret == 0)
574 __key_link(keyring, key, &prealloc);
575
576
577 if (authkey)
578 key_revoke(authkey);
579 }
580
581 mutex_unlock(&key_construction_mutex);
582
583 if (keyring)
584 __key_link_end(keyring, key->type, prealloc);
585
586
587 if (awaken)
588 wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT);
589
590 return ret == 0 ? link_ret : ret;
591}
592EXPORT_SYMBOL(key_reject_and_link);
593
594
595
596
597
598
599
600
601
602void key_put(struct key *key)
603{
604 if (key) {
605 key_check(key);
606
607 if (atomic_dec_and_test(&key->usage))
608 schedule_work(&key_gc_work);
609 }
610}
611EXPORT_SYMBOL(key_put);
612
613
614
615
616struct key *key_lookup(key_serial_t id)
617{
618 struct rb_node *n;
619 struct key *key;
620
621 spin_lock(&key_serial_lock);
622
623
624 n = key_serial_tree.rb_node;
625 while (n) {
626 key = rb_entry(n, struct key, serial_node);
627
628 if (id < key->serial)
629 n = n->rb_left;
630 else if (id > key->serial)
631 n = n->rb_right;
632 else
633 goto found;
634 }
635
636not_found:
637 key = ERR_PTR(-ENOKEY);
638 goto error;
639
640found:
641
642 if (atomic_read(&key->usage) == 0)
643 goto not_found;
644
645
646
647
648 atomic_inc(&key->usage);
649
650error:
651 spin_unlock(&key_serial_lock);
652 return key;
653}
654
655
656
657
658
659
660
661struct key_type *key_type_lookup(const char *type)
662{
663 struct key_type *ktype;
664
665 down_read(&key_types_sem);
666
667
668
669 list_for_each_entry(ktype, &key_types_list, link) {
670 if (strcmp(ktype->name, type) == 0)
671 goto found_kernel_type;
672 }
673
674 up_read(&key_types_sem);
675 ktype = ERR_PTR(-ENOKEY);
676
677found_kernel_type:
678 return ktype;
679}
680
681void key_set_timeout(struct key *key, unsigned timeout)
682{
683 struct timespec now;
684 time_t expiry = 0;
685
686
687 down_write(&key->sem);
688
689 if (timeout > 0) {
690 now = current_kernel_time();
691 expiry = now.tv_sec + timeout;
692 }
693
694 key->expiry = expiry;
695 key_schedule_gc(key->expiry + key_gc_delay);
696
697 up_write(&key->sem);
698}
699EXPORT_SYMBOL_GPL(key_set_timeout);
700
701
702
703
704void key_type_put(struct key_type *ktype)
705{
706 up_read(&key_types_sem);
707}
708
709
710
711
712
713
714
715static inline key_ref_t __key_update(key_ref_t key_ref,
716 struct key_preparsed_payload *prep)
717{
718 struct key *key = key_ref_to_ptr(key_ref);
719 int ret;
720
721
722 ret = key_permission(key_ref, KEY_WRITE);
723 if (ret < 0)
724 goto error;
725
726 ret = -EEXIST;
727 if (!key->type->update)
728 goto error;
729
730 down_write(&key->sem);
731
732 ret = key->type->update(key, prep);
733 if (ret == 0)
734
735 clear_bit(KEY_FLAG_NEGATIVE, &key->flags);
736
737 up_write(&key->sem);
738
739 if (ret < 0)
740 goto error;
741out:
742 return key_ref;
743
744error:
745 key_put(key);
746 key_ref = ERR_PTR(ret);
747 goto out;
748}
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775key_ref_t key_create_or_update(key_ref_t keyring_ref,
776 const char *type,
777 const char *description,
778 const void *payload,
779 size_t plen,
780 key_perm_t perm,
781 unsigned long flags)
782{
783 unsigned long prealloc;
784 struct key_preparsed_payload prep;
785 const struct cred *cred = current_cred();
786 struct key_type *ktype;
787 struct key *keyring, *key = NULL;
788 key_ref_t key_ref;
789 int ret;
790
791
792
793 ktype = key_type_lookup(type);
794 if (IS_ERR(ktype)) {
795 key_ref = ERR_PTR(-ENODEV);
796 goto error;
797 }
798
799 key_ref = ERR_PTR(-EINVAL);
800 if (!ktype->match || !ktype->instantiate ||
801 (!description && !ktype->preparse))
802 goto error_put_type;
803
804 keyring = key_ref_to_ptr(keyring_ref);
805
806 key_check(keyring);
807
808 key_ref = ERR_PTR(-ENOTDIR);
809 if (keyring->type != &key_type_keyring)
810 goto error_put_type;
811
812 memset(&prep, 0, sizeof(prep));
813 prep.data = payload;
814 prep.datalen = plen;
815 prep.quotalen = ktype->def_datalen;
816 if (ktype->preparse) {
817 ret = ktype->preparse(&prep);
818 if (ret < 0) {
819 key_ref = ERR_PTR(ret);
820 goto error_put_type;
821 }
822 if (!description)
823 description = prep.description;
824 key_ref = ERR_PTR(-EINVAL);
825 if (!description)
826 goto error_free_prep;
827 }
828
829 ret = __key_link_begin(keyring, ktype, description, &prealloc);
830 if (ret < 0) {
831 key_ref = ERR_PTR(ret);
832 goto error_free_prep;
833 }
834
835
836
837 ret = key_permission(keyring_ref, KEY_WRITE);
838 if (ret < 0) {
839 key_ref = ERR_PTR(ret);
840 goto error_link_end;
841 }
842
843
844
845
846
847 if (ktype->update) {
848 key_ref = __keyring_search_one(keyring_ref, ktype, description,
849 0);
850 if (!IS_ERR(key_ref))
851 goto found_matching_key;
852 }
853
854
855 if (perm == KEY_PERM_UNDEF) {
856 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
857 perm |= KEY_USR_VIEW;
858
859 if (ktype->read)
860 perm |= KEY_POS_READ;
861
862 if (ktype == &key_type_keyring || ktype->update)
863 perm |= KEY_POS_WRITE;
864 }
865
866
867 key = key_alloc(ktype, description, cred->fsuid, cred->fsgid, cred,
868 perm, flags);
869 if (IS_ERR(key)) {
870 key_ref = ERR_CAST(key);
871 goto error_link_end;
872 }
873
874
875 ret = __key_instantiate_and_link(key, &prep, keyring, NULL, &prealloc);
876 if (ret < 0) {
877 key_put(key);
878 key_ref = ERR_PTR(ret);
879 goto error_link_end;
880 }
881
882 key_ref = make_key_ref(key, is_key_possessed(keyring_ref));
883
884error_link_end:
885 __key_link_end(keyring, ktype, prealloc);
886error_free_prep:
887 if (ktype->preparse)
888 ktype->free_preparse(&prep);
889error_put_type:
890 key_type_put(ktype);
891error:
892 return key_ref;
893
894 found_matching_key:
895
896
897
898 __key_link_end(keyring, ktype, prealloc);
899
900 key_ref = __key_update(key_ref, &prep);
901 goto error_free_prep;
902}
903EXPORT_SYMBOL(key_create_or_update);
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918int key_update(key_ref_t key_ref, const void *payload, size_t plen)
919{
920 struct key_preparsed_payload prep;
921 struct key *key = key_ref_to_ptr(key_ref);
922 int ret;
923
924 key_check(key);
925
926
927 ret = key_permission(key_ref, KEY_WRITE);
928 if (ret < 0)
929 goto error;
930
931
932 ret = -EOPNOTSUPP;
933 if (!key->type->update)
934 goto error;
935
936 memset(&prep, 0, sizeof(prep));
937 prep.data = payload;
938 prep.datalen = plen;
939 prep.quotalen = key->type->def_datalen;
940 if (key->type->preparse) {
941 ret = key->type->preparse(&prep);
942 if (ret < 0)
943 goto error;
944 }
945
946 down_write(&key->sem);
947
948 ret = key->type->update(key, &prep);
949 if (ret == 0)
950
951 clear_bit(KEY_FLAG_NEGATIVE, &key->flags);
952
953 up_write(&key->sem);
954
955 if (key->type->preparse)
956 key->type->free_preparse(&prep);
957error:
958 return ret;
959}
960EXPORT_SYMBOL(key_update);
961
962
963
964
965
966
967
968
969
970
971void key_revoke(struct key *key)
972{
973 struct timespec now;
974 time_t time;
975
976 key_check(key);
977
978
979
980
981
982
983 down_write_nested(&key->sem, 1);
984 if (!test_and_set_bit(KEY_FLAG_REVOKED, &key->flags) &&
985 key->type->revoke)
986 key->type->revoke(key);
987
988
989 now = current_kernel_time();
990 time = now.tv_sec;
991 if (key->revoked_at == 0 || key->revoked_at > time) {
992 key->revoked_at = time;
993 key_schedule_gc(key->revoked_at + key_gc_delay);
994 }
995
996 up_write(&key->sem);
997}
998EXPORT_SYMBOL(key_revoke);
999
1000
1001
1002
1003
1004
1005
1006
1007void key_invalidate(struct key *key)
1008{
1009 kenter("%d", key_serial(key));
1010
1011 key_check(key);
1012
1013 if (!test_bit(KEY_FLAG_INVALIDATED, &key->flags)) {
1014 down_write_nested(&key->sem, 1);
1015 if (!test_and_set_bit(KEY_FLAG_INVALIDATED, &key->flags))
1016 key_schedule_gc_links();
1017 up_write(&key->sem);
1018 }
1019}
1020EXPORT_SYMBOL(key_invalidate);
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030int register_key_type(struct key_type *ktype)
1031{
1032 struct key_type *p;
1033 int ret;
1034
1035 memset(&ktype->lock_class, 0, sizeof(ktype->lock_class));
1036
1037 ret = -EEXIST;
1038 down_write(&key_types_sem);
1039
1040
1041 list_for_each_entry(p, &key_types_list, link) {
1042 if (strcmp(p->name, ktype->name) == 0)
1043 goto out;
1044 }
1045
1046
1047 list_add(&ktype->link, &key_types_list);
1048
1049 pr_notice("Key type %s registered\n", ktype->name);
1050 ret = 0;
1051
1052out:
1053 up_write(&key_types_sem);
1054 return ret;
1055}
1056EXPORT_SYMBOL(register_key_type);
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066void unregister_key_type(struct key_type *ktype)
1067{
1068 down_write(&key_types_sem);
1069 list_del_init(&ktype->link);
1070 downgrade_write(&key_types_sem);
1071 key_gc_keytype(ktype);
1072 pr_notice("Key type %s unregistered\n", ktype->name);
1073 up_read(&key_types_sem);
1074}
1075EXPORT_SYMBOL(unregister_key_type);
1076
1077
1078
1079
1080void __init key_init(void)
1081{
1082
1083 key_jar = kmem_cache_create("key_jar", sizeof(struct key),
1084 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
1085
1086
1087 list_add_tail(&key_type_keyring.link, &key_types_list);
1088 list_add_tail(&key_type_dead.link, &key_types_list);
1089 list_add_tail(&key_type_user.link, &key_types_list);
1090 list_add_tail(&key_type_logon.link, &key_types_list);
1091
1092
1093 rb_link_node(&root_key_user.node,
1094 NULL,
1095 &key_user_tree.rb_node);
1096
1097 rb_insert_color(&root_key_user.node,
1098 &key_user_tree);
1099}
1100