1
2
3
4
5
6
7
8
9
10
11
12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/sched.h>
15#include <linux/slab.h>
16#include <linux/security.h>
17#include <linux/seq_file.h>
18#include <linux/err.h>
19#include <keys/keyring-type.h>
20#include <linux/uaccess.h>
21#include "internal.h"
22
23#define rcu_dereference_locked_keyring(keyring) \
24 (rcu_dereference_protected( \
25 (keyring)->payload.subscriptions, \
26 rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))
27
28#define rcu_deref_link_locked(klist, index, keyring) \
29 (rcu_dereference_protected( \
30 (klist)->keys[index], \
31 rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))
32
33#define MAX_KEYRING_LINKS \
34 min_t(size_t, USHRT_MAX - 1, \
35 ((PAGE_SIZE - sizeof(struct keyring_list)) / sizeof(struct key *)))
36
37#define KEY_LINK_FIXQUOTA 1UL
38
39
40
41
42
43#define KEYRING_SEARCH_MAX_DEPTH 6
44
45
46
47
48#define KEYRING_NAME_HASH_SIZE (1 << 5)
49
50static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE];
51static DEFINE_RWLOCK(keyring_name_lock);
52
53static inline unsigned keyring_hash(const char *desc)
54{
55 unsigned bucket = 0;
56
57 for (; *desc; desc++)
58 bucket += (unsigned char)*desc;
59
60 return bucket & (KEYRING_NAME_HASH_SIZE - 1);
61}
62
63
64
65
66
67
68static int keyring_instantiate(struct key *keyring,
69 struct key_preparsed_payload *prep);
70static int keyring_match(const struct key *keyring, const void *criterion);
71static void keyring_revoke(struct key *keyring);
72static void keyring_destroy(struct key *keyring);
73static void keyring_describe(const struct key *keyring, struct seq_file *m);
74static long keyring_read(const struct key *keyring,
75 char __user *buffer, size_t buflen);
76
77struct key_type key_type_keyring = {
78 .name = "keyring",
79 .def_datalen = sizeof(struct keyring_list),
80 .instantiate = keyring_instantiate,
81 .match = keyring_match,
82 .revoke = keyring_revoke,
83 .destroy = keyring_destroy,
84 .describe = keyring_describe,
85 .read = keyring_read,
86};
87EXPORT_SYMBOL(key_type_keyring);
88
89
90
91
92
93static DECLARE_RWSEM(keyring_serialise_link_sem);
94
95
96
97
98
99static void keyring_publish_name(struct key *keyring)
100{
101 int bucket;
102
103 if (keyring->description) {
104 bucket = keyring_hash(keyring->description);
105
106 write_lock(&keyring_name_lock);
107
108 if (!keyring_name_hash[bucket].next)
109 INIT_LIST_HEAD(&keyring_name_hash[bucket]);
110
111 list_add_tail(&keyring->type_data.link,
112 &keyring_name_hash[bucket]);
113
114 write_unlock(&keyring_name_lock);
115 }
116}
117
118
119
120
121
122
123static int keyring_instantiate(struct key *keyring,
124 struct key_preparsed_payload *prep)
125{
126 int ret;
127
128 ret = -EINVAL;
129 if (prep->datalen == 0) {
130
131 keyring_publish_name(keyring);
132 ret = 0;
133 }
134
135 return ret;
136}
137
138
139
140
141static int keyring_match(const struct key *keyring, const void *description)
142{
143 return keyring->description &&
144 strcmp(keyring->description, description) == 0;
145}
146
147
148
149
150
151
152
153
154
155
156static void keyring_destroy(struct key *keyring)
157{
158 struct keyring_list *klist;
159 int loop;
160
161 if (keyring->description) {
162 write_lock(&keyring_name_lock);
163
164 if (keyring->type_data.link.next != NULL &&
165 !list_empty(&keyring->type_data.link))
166 list_del(&keyring->type_data.link);
167
168 write_unlock(&keyring_name_lock);
169 }
170
171 klist = rcu_access_pointer(keyring->payload.subscriptions);
172 if (klist) {
173 for (loop = klist->nkeys - 1; loop >= 0; loop--)
174 key_put(rcu_access_pointer(klist->keys[loop]));
175 kfree(klist);
176 }
177}
178
179
180
181
182static void keyring_describe(const struct key *keyring, struct seq_file *m)
183{
184 struct keyring_list *klist;
185
186 if (keyring->description)
187 seq_puts(m, keyring->description);
188 else
189 seq_puts(m, "[anon]");
190
191 if (key_is_instantiated(keyring)) {
192 rcu_read_lock();
193 klist = rcu_dereference(keyring->payload.subscriptions);
194 if (klist)
195 seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys);
196 else
197 seq_puts(m, ": empty");
198 rcu_read_unlock();
199 }
200}
201
202
203
204
205
206
207static long keyring_read(const struct key *keyring,
208 char __user *buffer, size_t buflen)
209{
210 struct keyring_list *klist;
211 struct key *key;
212 size_t qty, tmp;
213 int loop, ret;
214
215 ret = 0;
216 klist = rcu_dereference_locked_keyring(keyring);
217 if (klist) {
218
219 qty = klist->nkeys * sizeof(key_serial_t);
220
221 if (buffer && buflen > 0) {
222 if (buflen > qty)
223 buflen = qty;
224
225
226
227 ret = -EFAULT;
228
229 for (loop = 0; loop < klist->nkeys; loop++) {
230 key = rcu_deref_link_locked(klist, loop,
231 keyring);
232
233 tmp = sizeof(key_serial_t);
234 if (tmp > buflen)
235 tmp = buflen;
236
237 if (copy_to_user(buffer,
238 &key->serial,
239 tmp) != 0)
240 goto error;
241
242 buflen -= tmp;
243 if (buflen == 0)
244 break;
245 buffer += tmp;
246 }
247 }
248
249 ret = qty;
250 }
251
252error:
253 return ret;
254}
255
256
257
258
259struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
260 const struct cred *cred, key_perm_t perm,
261 unsigned long flags, struct key *dest)
262{
263 struct key *keyring;
264 int ret;
265
266 keyring = key_alloc(&key_type_keyring, description,
267 uid, gid, cred, perm, flags);
268 if (!IS_ERR(keyring)) {
269 ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);
270 if (ret < 0) {
271 key_put(keyring);
272 keyring = ERR_PTR(ret);
273 }
274 }
275
276 return keyring;
277}
278EXPORT_SYMBOL(keyring_alloc);
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316key_ref_t keyring_search_aux(key_ref_t keyring_ref,
317 const struct cred *cred,
318 struct key_type *type,
319 const void *description,
320 key_match_func_t match,
321 bool no_state_check)
322{
323 struct {
324
325 struct key *keyring;
326 struct keyring_list *keylist;
327 int kix;
328 } stack[KEYRING_SEARCH_MAX_DEPTH];
329
330 struct keyring_list *keylist;
331 struct timespec now;
332 unsigned long possessed, kflags;
333 struct key *keyring, *key;
334 key_ref_t key_ref;
335 long err;
336 int sp, nkeys, kix;
337
338 keyring = key_ref_to_ptr(keyring_ref);
339 possessed = is_key_possessed(keyring_ref);
340 key_check(keyring);
341
342
343 err = key_task_permission(keyring_ref, cred, KEY_SEARCH);
344 if (err < 0) {
345 key_ref = ERR_PTR(err);
346 goto error;
347 }
348
349 key_ref = ERR_PTR(-ENOTDIR);
350 if (keyring->type != &key_type_keyring)
351 goto error;
352
353 rcu_read_lock();
354
355 now = current_kernel_time();
356 err = -EAGAIN;
357 sp = 0;
358
359
360
361 key_ref = ERR_PTR(-EAGAIN);
362 kflags = keyring->flags;
363 if (keyring->type == type && match(keyring, description)) {
364 key = keyring;
365 if (no_state_check)
366 goto found;
367
368
369
370 if (kflags & (1 << KEY_FLAG_REVOKED))
371 goto error_2;
372 if (key->expiry && now.tv_sec >= key->expiry)
373 goto error_2;
374 key_ref = ERR_PTR(key->type_data.reject_error);
375 if (kflags & (1 << KEY_FLAG_NEGATIVE))
376 goto error_2;
377 goto found;
378 }
379
380
381
382 key_ref = ERR_PTR(-EAGAIN);
383 if (kflags & ((1 << KEY_FLAG_INVALIDATED) |
384 (1 << KEY_FLAG_REVOKED) |
385 (1 << KEY_FLAG_NEGATIVE)) ||
386 (keyring->expiry && now.tv_sec >= keyring->expiry))
387 goto error_2;
388
389
390descend:
391 kflags = keyring->flags;
392 if (kflags & ((1 << KEY_FLAG_INVALIDATED) |
393 (1 << KEY_FLAG_REVOKED)))
394 goto not_this_keyring;
395
396 keylist = rcu_dereference(keyring->payload.subscriptions);
397 if (!keylist)
398 goto not_this_keyring;
399
400
401 nkeys = keylist->nkeys;
402 smp_rmb();
403 for (kix = 0; kix < nkeys; kix++) {
404 key = rcu_dereference(keylist->keys[kix]);
405 kflags = key->flags;
406
407
408 if (key->type != type)
409 continue;
410
411
412 if (!no_state_check) {
413 if (kflags & ((1 << KEY_FLAG_INVALIDATED) |
414 (1 << KEY_FLAG_REVOKED)))
415 continue;
416
417 if (key->expiry && now.tv_sec >= key->expiry)
418 continue;
419 }
420
421
422 if (!match(key, description))
423 continue;
424
425
426 if (key_task_permission(make_key_ref(key, possessed),
427 cred, KEY_SEARCH) < 0)
428 continue;
429
430 if (no_state_check)
431 goto found;
432
433
434 if (kflags & (1 << KEY_FLAG_NEGATIVE)) {
435 err = key->type_data.reject_error;
436 continue;
437 }
438
439 goto found;
440 }
441
442
443 kix = 0;
444ascend:
445 nkeys = keylist->nkeys;
446 smp_rmb();
447 for (; kix < nkeys; kix++) {
448 key = rcu_dereference(keylist->keys[kix]);
449 if (key->type != &key_type_keyring)
450 continue;
451
452
453
454
455 if (sp >= KEYRING_SEARCH_MAX_DEPTH)
456 continue;
457
458 if (key_task_permission(make_key_ref(key, possessed),
459 cred, KEY_SEARCH) < 0)
460 continue;
461
462
463 stack[sp].keyring = keyring;
464 stack[sp].keylist = keylist;
465 stack[sp].kix = kix;
466 sp++;
467
468
469 keyring = key;
470 goto descend;
471 }
472
473
474
475not_this_keyring:
476 if (sp > 0) {
477
478 sp--;
479 keyring = stack[sp].keyring;
480 keylist = stack[sp].keylist;
481 kix = stack[sp].kix + 1;
482 goto ascend;
483 }
484
485 key_ref = ERR_PTR(err);
486 goto error_2;
487
488
489found:
490 atomic_inc(&key->usage);
491 key->last_used_at = now.tv_sec;
492 keyring->last_used_at = now.tv_sec;
493 while (sp > 0)
494 stack[--sp].keyring->last_used_at = now.tv_sec;
495 key_check(key);
496 key_ref = make_key_ref(key, possessed);
497error_2:
498 rcu_read_unlock();
499error:
500 return key_ref;
501}
502
503
504
505
506
507
508
509
510
511
512key_ref_t keyring_search(key_ref_t keyring,
513 struct key_type *type,
514 const char *description)
515{
516 if (!type->match)
517 return ERR_PTR(-ENOKEY);
518
519 return keyring_search_aux(keyring, current->cred,
520 type, description, type->match, false);
521}
522EXPORT_SYMBOL(keyring_search);
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539key_ref_t __keyring_search_one(key_ref_t keyring_ref,
540 const struct key_type *ktype,
541 const char *description,
542 key_perm_t perm)
543{
544 struct keyring_list *klist;
545 unsigned long possessed;
546 struct key *keyring, *key;
547 int nkeys, loop;
548
549 keyring = key_ref_to_ptr(keyring_ref);
550 possessed = is_key_possessed(keyring_ref);
551
552 rcu_read_lock();
553
554 klist = rcu_dereference(keyring->payload.subscriptions);
555 if (klist) {
556 nkeys = klist->nkeys;
557 smp_rmb();
558 for (loop = 0; loop < nkeys ; loop++) {
559 key = rcu_dereference(klist->keys[loop]);
560 if (key->type == ktype &&
561 (!key->type->match ||
562 key->type->match(key, description)) &&
563 key_permission(make_key_ref(key, possessed),
564 perm) == 0 &&
565 !(key->flags & ((1 << KEY_FLAG_INVALIDATED) |
566 (1 << KEY_FLAG_REVOKED)))
567 )
568 goto found;
569 }
570 }
571
572 rcu_read_unlock();
573 return ERR_PTR(-ENOKEY);
574
575found:
576 atomic_inc(&key->usage);
577 keyring->last_used_at = key->last_used_at =
578 current_kernel_time().tv_sec;
579 rcu_read_unlock();
580 return make_key_ref(key, possessed);
581}
582
583
584
585
586
587
588
589
590
591
592
593
594struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
595{
596 struct key *keyring;
597 int bucket;
598
599 if (!name)
600 return ERR_PTR(-EINVAL);
601
602 bucket = keyring_hash(name);
603
604 read_lock(&keyring_name_lock);
605
606 if (keyring_name_hash[bucket].next) {
607
608
609 list_for_each_entry(keyring,
610 &keyring_name_hash[bucket],
611 type_data.link
612 ) {
613 if (!kuid_has_mapping(current_user_ns(), keyring->user->uid))
614 continue;
615
616 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
617 continue;
618
619 if (strcmp(keyring->description, name) != 0)
620 continue;
621
622 if (!skip_perm_check &&
623 key_permission(make_key_ref(keyring, 0),
624 KEY_SEARCH) < 0)
625 continue;
626
627
628
629
630 if (!atomic_inc_not_zero(&keyring->usage))
631 continue;
632 keyring->last_used_at = current_kernel_time().tv_sec;
633 goto out;
634 }
635 }
636
637 keyring = ERR_PTR(-ENOKEY);
638out:
639 read_unlock(&keyring_name_lock);
640 return keyring;
641}
642
643
644
645
646
647
648
649
650static int keyring_detect_cycle(struct key *A, struct key *B)
651{
652 struct {
653 struct keyring_list *keylist;
654 int kix;
655 } stack[KEYRING_SEARCH_MAX_DEPTH];
656
657 struct keyring_list *keylist;
658 struct key *subtree, *key;
659 int sp, nkeys, kix, ret;
660
661 rcu_read_lock();
662
663 ret = -EDEADLK;
664 if (A == B)
665 goto cycle_detected;
666
667 subtree = B;
668 sp = 0;
669
670
671descend:
672 if (test_bit(KEY_FLAG_REVOKED, &subtree->flags))
673 goto not_this_keyring;
674
675 keylist = rcu_dereference(subtree->payload.subscriptions);
676 if (!keylist)
677 goto not_this_keyring;
678 kix = 0;
679
680ascend:
681
682 nkeys = keylist->nkeys;
683 smp_rmb();
684 for (; kix < nkeys; kix++) {
685 key = rcu_dereference(keylist->keys[kix]);
686
687 if (key == A)
688 goto cycle_detected;
689
690
691 if (key->type == &key_type_keyring) {
692 if (sp >= KEYRING_SEARCH_MAX_DEPTH)
693 goto too_deep;
694
695
696 stack[sp].keylist = keylist;
697 stack[sp].kix = kix;
698 sp++;
699
700
701 subtree = key;
702 goto descend;
703 }
704 }
705
706
707
708not_this_keyring:
709 if (sp > 0) {
710
711 sp--;
712 keylist = stack[sp].keylist;
713 kix = stack[sp].kix + 1;
714 goto ascend;
715 }
716
717 ret = 0;
718
719error:
720 rcu_read_unlock();
721 return ret;
722
723too_deep:
724 ret = -ELOOP;
725 goto error;
726
727cycle_detected:
728 ret = -EDEADLK;
729 goto error;
730}
731
732
733
734
735
736static void keyring_unlink_rcu_disposal(struct rcu_head *rcu)
737{
738 struct keyring_list *klist =
739 container_of(rcu, struct keyring_list, rcu);
740
741 if (klist->delkey != USHRT_MAX)
742 key_put(rcu_access_pointer(klist->keys[klist->delkey]));
743 kfree(klist);
744}
745
746
747
748
749int __key_link_begin(struct key *keyring, const struct key_type *type,
750 const char *description, unsigned long *_prealloc)
751 __acquires(&keyring->sem)
752 __acquires(&keyring_serialise_link_sem)
753{
754 struct keyring_list *klist, *nklist;
755 unsigned long prealloc;
756 unsigned max;
757 time_t lowest_lru;
758 size_t size;
759 int loop, lru, ret;
760
761 kenter("%d,%s,%s,", key_serial(keyring), type->name, description);
762
763 if (keyring->type != &key_type_keyring)
764 return -ENOTDIR;
765
766 down_write(&keyring->sem);
767
768 ret = -EKEYREVOKED;
769 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
770 goto error_krsem;
771
772
773
774 if (type == &key_type_keyring)
775 down_write(&keyring_serialise_link_sem);
776
777 klist = rcu_dereference_locked_keyring(keyring);
778
779
780 lru = -1;
781 if (klist && klist->nkeys > 0) {
782 lowest_lru = TIME_T_MAX;
783 for (loop = klist->nkeys - 1; loop >= 0; loop--) {
784 struct key *key = rcu_deref_link_locked(klist, loop,
785 keyring);
786 if (key->type == type &&
787 strcmp(key->description, description) == 0) {
788
789
790
791
792 klist->delkey = loop;
793 prealloc = 0;
794 goto done;
795 }
796 if (key->last_used_at < lowest_lru) {
797 lowest_lru = key->last_used_at;
798 lru = loop;
799 }
800 }
801 }
802
803
804 if (klist &&
805 klist->nkeys == klist->maxkeys &&
806 klist->maxkeys >= MAX_KEYRING_LINKS) {
807 kdebug("LRU discard %d\n", lru);
808 klist->delkey = lru;
809 prealloc = 0;
810 goto done;
811 }
812
813
814 ret = key_payload_reserve(keyring,
815 keyring->datalen + KEYQUOTA_LINK_BYTES);
816 if (ret < 0)
817 goto error_sem;
818
819 if (klist && klist->nkeys < klist->maxkeys) {
820
821 klist->delkey = klist->nkeys;
822 prealloc = KEY_LINK_FIXQUOTA;
823 } else {
824
825 max = 4;
826 if (klist) {
827 max += klist->maxkeys;
828 if (max > MAX_KEYRING_LINKS)
829 max = MAX_KEYRING_LINKS;
830 BUG_ON(max <= klist->maxkeys);
831 }
832
833 size = sizeof(*klist) + sizeof(struct key *) * max;
834
835 ret = -ENOMEM;
836 nklist = kmalloc(size, GFP_KERNEL);
837 if (!nklist)
838 goto error_quota;
839
840 nklist->maxkeys = max;
841 if (klist) {
842 memcpy(nklist->keys, klist->keys,
843 sizeof(struct key *) * klist->nkeys);
844 nklist->delkey = klist->nkeys;
845 nklist->nkeys = klist->nkeys + 1;
846 klist->delkey = USHRT_MAX;
847 } else {
848 nklist->nkeys = 1;
849 nklist->delkey = 0;
850 }
851
852
853 RCU_INIT_POINTER(nklist->keys[nklist->delkey], NULL);
854 prealloc = (unsigned long)nklist | KEY_LINK_FIXQUOTA;
855 }
856
857done:
858 *_prealloc = prealloc;
859 kleave(" = 0");
860 return 0;
861
862error_quota:
863
864 key_payload_reserve(keyring,
865 keyring->datalen - KEYQUOTA_LINK_BYTES);
866error_sem:
867 if (type == &key_type_keyring)
868 up_write(&keyring_serialise_link_sem);
869error_krsem:
870 up_write(&keyring->sem);
871 kleave(" = %d", ret);
872 return ret;
873}
874
875
876
877
878
879
880
881int __key_link_check_live_key(struct key *keyring, struct key *key)
882{
883 if (key->type == &key_type_keyring)
884
885
886 return keyring_detect_cycle(keyring, key);
887 return 0;
888}
889
890
891
892
893
894
895
896
897
898void __key_link(struct key *keyring, struct key *key,
899 unsigned long *_prealloc)
900{
901 struct keyring_list *klist, *nklist;
902 struct key *discard;
903
904 nklist = (struct keyring_list *)(*_prealloc & ~KEY_LINK_FIXQUOTA);
905 *_prealloc = 0;
906
907 kenter("%d,%d,%p", keyring->serial, key->serial, nklist);
908
909 klist = rcu_dereference_locked_keyring(keyring);
910
911 atomic_inc(&key->usage);
912 keyring->last_used_at = key->last_used_at =
913 current_kernel_time().tv_sec;
914
915
916
917 if (nklist) {
918 kdebug("reissue %hu/%hu/%hu",
919 nklist->delkey, nklist->nkeys, nklist->maxkeys);
920
921 RCU_INIT_POINTER(nklist->keys[nklist->delkey], key);
922
923 rcu_assign_pointer(keyring->payload.subscriptions, nklist);
924
925
926
927 if (klist) {
928 kdebug("dispose %hu/%hu/%hu",
929 klist->delkey, klist->nkeys, klist->maxkeys);
930 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
931 }
932 } else if (klist->delkey < klist->nkeys) {
933 kdebug("replace %hu/%hu/%hu",
934 klist->delkey, klist->nkeys, klist->maxkeys);
935
936 discard = rcu_dereference_protected(
937 klist->keys[klist->delkey],
938 rwsem_is_locked(&keyring->sem));
939 rcu_assign_pointer(klist->keys[klist->delkey], key);
940
941
942 key_put(discard);
943 } else {
944
945 kdebug("append %hu/%hu/%hu",
946 klist->delkey, klist->nkeys, klist->maxkeys);
947
948 RCU_INIT_POINTER(klist->keys[klist->delkey], key);
949 smp_wmb();
950 klist->nkeys++;
951 }
952}
953
954
955
956
957
958
959void __key_link_end(struct key *keyring, struct key_type *type,
960 unsigned long prealloc)
961 __releases(&keyring->sem)
962 __releases(&keyring_serialise_link_sem)
963{
964 BUG_ON(type == NULL);
965 BUG_ON(type->name == NULL);
966 kenter("%d,%s,%lx", keyring->serial, type->name, prealloc);
967
968 if (type == &key_type_keyring)
969 up_write(&keyring_serialise_link_sem);
970
971 if (prealloc) {
972 if (prealloc & KEY_LINK_FIXQUOTA)
973 key_payload_reserve(keyring,
974 keyring->datalen -
975 KEYQUOTA_LINK_BYTES);
976 kfree((struct keyring_list *)(prealloc & ~KEY_LINK_FIXQUOTA));
977 }
978 up_write(&keyring->sem);
979}
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001int key_link(struct key *keyring, struct key *key)
1002{
1003 unsigned long prealloc;
1004 int ret;
1005
1006 key_check(keyring);
1007 key_check(key);
1008
1009 ret = __key_link_begin(keyring, key->type, key->description, &prealloc);
1010 if (ret == 0) {
1011 ret = __key_link_check_live_key(keyring, key);
1012 if (ret == 0)
1013 __key_link(keyring, key, &prealloc);
1014 __key_link_end(keyring, key->type, prealloc);
1015 }
1016
1017 return ret;
1018}
1019EXPORT_SYMBOL(key_link);
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038int key_unlink(struct key *keyring, struct key *key)
1039{
1040 struct keyring_list *klist, *nklist;
1041 int loop, ret;
1042
1043 key_check(keyring);
1044 key_check(key);
1045
1046 ret = -ENOTDIR;
1047 if (keyring->type != &key_type_keyring)
1048 goto error;
1049
1050 down_write(&keyring->sem);
1051
1052 klist = rcu_dereference_locked_keyring(keyring);
1053 if (klist) {
1054
1055 for (loop = 0; loop < klist->nkeys; loop++)
1056 if (rcu_access_pointer(klist->keys[loop]) == key)
1057 goto key_is_present;
1058 }
1059
1060 up_write(&keyring->sem);
1061 ret = -ENOENT;
1062 goto error;
1063
1064key_is_present:
1065
1066 nklist = kmalloc(sizeof(*klist) +
1067 sizeof(struct key *) * klist->maxkeys,
1068 GFP_KERNEL);
1069 if (!nklist)
1070 goto nomem;
1071 nklist->maxkeys = klist->maxkeys;
1072 nklist->nkeys = klist->nkeys - 1;
1073
1074 if (loop > 0)
1075 memcpy(&nklist->keys[0],
1076 &klist->keys[0],
1077 loop * sizeof(struct key *));
1078
1079 if (loop < nklist->nkeys)
1080 memcpy(&nklist->keys[loop],
1081 &klist->keys[loop + 1],
1082 (nklist->nkeys - loop) * sizeof(struct key *));
1083
1084
1085 key_payload_reserve(keyring,
1086 keyring->datalen - KEYQUOTA_LINK_BYTES);
1087
1088 rcu_assign_pointer(keyring->payload.subscriptions, nklist);
1089
1090 up_write(&keyring->sem);
1091
1092
1093 klist->delkey = loop;
1094 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
1095
1096 ret = 0;
1097
1098error:
1099 return ret;
1100nomem:
1101 ret = -ENOMEM;
1102 up_write(&keyring->sem);
1103 goto error;
1104}
1105EXPORT_SYMBOL(key_unlink);
1106
1107
1108
1109
1110
1111static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
1112{
1113 struct keyring_list *klist;
1114 int loop;
1115
1116 klist = container_of(rcu, struct keyring_list, rcu);
1117
1118 for (loop = klist->nkeys - 1; loop >= 0; loop--)
1119 key_put(rcu_access_pointer(klist->keys[loop]));
1120
1121 kfree(klist);
1122}
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132int keyring_clear(struct key *keyring)
1133{
1134 struct keyring_list *klist;
1135 int ret;
1136
1137 ret = -ENOTDIR;
1138 if (keyring->type == &key_type_keyring) {
1139
1140 down_write(&keyring->sem);
1141
1142 klist = rcu_dereference_locked_keyring(keyring);
1143 if (klist) {
1144
1145 key_payload_reserve(keyring,
1146 sizeof(struct keyring_list));
1147
1148 rcu_assign_pointer(keyring->payload.subscriptions,
1149 NULL);
1150 }
1151
1152 up_write(&keyring->sem);
1153
1154
1155 if (klist)
1156 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1157
1158 ret = 0;
1159 }
1160
1161 return ret;
1162}
1163EXPORT_SYMBOL(keyring_clear);
1164
1165
1166
1167
1168
1169
1170static void keyring_revoke(struct key *keyring)
1171{
1172 struct keyring_list *klist;
1173
1174 klist = rcu_dereference_locked_keyring(keyring);
1175
1176
1177 key_payload_reserve(keyring, 0);
1178
1179 if (klist) {
1180 rcu_assign_pointer(keyring->payload.subscriptions, NULL);
1181 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1182 }
1183}
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193void keyring_gc(struct key *keyring, time_t limit)
1194{
1195 struct keyring_list *klist, *new;
1196 struct key *key;
1197 int loop, keep, max;
1198
1199 kenter("{%x,%s}", key_serial(keyring), keyring->description);
1200
1201 down_write(&keyring->sem);
1202
1203 klist = rcu_dereference_locked_keyring(keyring);
1204 if (!klist)
1205 goto no_klist;
1206
1207
1208 keep = 0;
1209 for (loop = klist->nkeys - 1; loop >= 0; loop--)
1210 if (!key_is_dead(rcu_deref_link_locked(klist, loop, keyring),
1211 limit))
1212 keep++;
1213
1214 if (keep == klist->nkeys)
1215 goto just_return;
1216
1217
1218 max = roundup(keep, 4);
1219 new = kmalloc(sizeof(struct keyring_list) + max * sizeof(struct key *),
1220 GFP_KERNEL);
1221 if (!new)
1222 goto nomem;
1223 new->maxkeys = max;
1224 new->nkeys = 0;
1225 new->delkey = 0;
1226
1227
1228
1229
1230 keep = 0;
1231 for (loop = klist->nkeys - 1; loop >= 0; loop--) {
1232 key = rcu_deref_link_locked(klist, loop, keyring);
1233 if (!key_is_dead(key, limit)) {
1234 if (keep >= max)
1235 goto discard_new;
1236 RCU_INIT_POINTER(new->keys[keep++], key_get(key));
1237 }
1238 }
1239 new->nkeys = keep;
1240
1241
1242 key_payload_reserve(keyring,
1243 sizeof(struct keyring_list) +
1244 KEYQUOTA_LINK_BYTES * keep);
1245
1246 if (keep == 0) {
1247 rcu_assign_pointer(keyring->payload.subscriptions, NULL);
1248 kfree(new);
1249 } else {
1250 rcu_assign_pointer(keyring->payload.subscriptions, new);
1251 }
1252
1253 up_write(&keyring->sem);
1254
1255 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1256 kleave(" [yes]");
1257 return;
1258
1259discard_new:
1260 new->nkeys = keep;
1261 keyring_clear_rcu_disposal(&new->rcu);
1262 up_write(&keyring->sem);
1263 kleave(" [discard]");
1264 return;
1265
1266just_return:
1267 up_write(&keyring->sem);
1268 kleave(" [no dead]");
1269 return;
1270
1271no_klist:
1272 up_write(&keyring->sem);
1273 kleave(" [no_klist]");
1274 return;
1275
1276nomem:
1277 up_write(&keyring->sem);
1278 kleave(" [oom]");
1279}
1280