1
2
3
4
5
6
7
8
9
10
11
12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/sched.h>
15#include <linux/slab.h>
16#include <linux/security.h>
17#include <linux/seq_file.h>
18#include <linux/err.h>
19#include <keys/keyring-type.h>
20#include <keys/user-type.h>
21#include <linux/assoc_array_priv.h>
22#include <linux/uaccess.h>
23#include "internal.h"
24
25
26
27
28
29#define KEYRING_SEARCH_MAX_DEPTH 6
30
31
32
33
34#define KEYRING_NAME_HASH_SIZE (1 << 5)
35
36
37
38
39
40#define KEYRING_PTR_SUBTYPE 0x2UL
41
42static inline bool keyring_ptr_is_keyring(const struct assoc_array_ptr *x)
43{
44 return (unsigned long)x & KEYRING_PTR_SUBTYPE;
45}
46static inline struct key *keyring_ptr_to_key(const struct assoc_array_ptr *x)
47{
48 void *object = assoc_array_ptr_to_leaf(x);
49 return (struct key *)((unsigned long)object & ~KEYRING_PTR_SUBTYPE);
50}
51static inline void *keyring_key_to_ptr(struct key *key)
52{
53 if (key->type == &key_type_keyring)
54 return (void *)((unsigned long)key | KEYRING_PTR_SUBTYPE);
55 return key;
56}
57
58static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE];
59static DEFINE_RWLOCK(keyring_name_lock);
60
61static inline unsigned keyring_hash(const char *desc)
62{
63 unsigned bucket = 0;
64
65 for (; *desc; desc++)
66 bucket += (unsigned char)*desc;
67
68 return bucket & (KEYRING_NAME_HASH_SIZE - 1);
69}
70
71
72
73
74
75
76static int keyring_preparse(struct key_preparsed_payload *prep);
77static void keyring_free_preparse(struct key_preparsed_payload *prep);
78static int keyring_instantiate(struct key *keyring,
79 struct key_preparsed_payload *prep);
80static void keyring_revoke(struct key *keyring);
81static void keyring_destroy(struct key *keyring);
82static void keyring_describe(const struct key *keyring, struct seq_file *m);
83static long keyring_read(const struct key *keyring,
84 char __user *buffer, size_t buflen);
85
86struct key_type key_type_keyring = {
87 .name = "keyring",
88 .def_datalen = 0,
89 .preparse = keyring_preparse,
90 .free_preparse = keyring_free_preparse,
91 .instantiate = keyring_instantiate,
92 .revoke = keyring_revoke,
93 .destroy = keyring_destroy,
94 .describe = keyring_describe,
95 .read = keyring_read,
96};
97EXPORT_SYMBOL(key_type_keyring);
98
99
100
101
102
103static DECLARE_RWSEM(keyring_serialise_link_sem);
104
105
106
107
108
109static void keyring_publish_name(struct key *keyring)
110{
111 int bucket;
112
113 if (keyring->description) {
114 bucket = keyring_hash(keyring->description);
115
116 write_lock(&keyring_name_lock);
117
118 if (!keyring_name_hash[bucket].next)
119 INIT_LIST_HEAD(&keyring_name_hash[bucket]);
120
121 list_add_tail(&keyring->type_data.link,
122 &keyring_name_hash[bucket]);
123
124 write_unlock(&keyring_name_lock);
125 }
126}
127
128
129
130
131static int keyring_preparse(struct key_preparsed_payload *prep)
132{
133 return prep->datalen != 0 ? -EINVAL : 0;
134}
135
136
137
138
139static void keyring_free_preparse(struct key_preparsed_payload *prep)
140{
141}
142
143
144
145
146
147
148static int keyring_instantiate(struct key *keyring,
149 struct key_preparsed_payload *prep)
150{
151 assoc_array_init(&keyring->keys);
152
153 keyring_publish_name(keyring);
154 return 0;
155}
156
157
158
159
160
161static u64 mult_64x32_and_fold(u64 x, u32 y)
162{
163 u64 hi = (u64)(u32)(x >> 32) * y;
164 u64 lo = (u64)(u32)(x) * y;
165 return lo + ((u64)(u32)hi << 32) + (u32)(hi >> 32);
166}
167
168
169
170
171static unsigned long hash_key_type_and_desc(const struct keyring_index_key *index_key)
172{
173 const unsigned level_shift = ASSOC_ARRAY_LEVEL_STEP;
174 const unsigned long fan_mask = ASSOC_ARRAY_FAN_MASK;
175 const char *description = index_key->description;
176 unsigned long hash, type;
177 u32 piece;
178 u64 acc;
179 int n, desc_len = index_key->desc_len;
180
181 type = (unsigned long)index_key->type;
182
183 acc = mult_64x32_and_fold(type, desc_len + 13);
184 acc = mult_64x32_and_fold(acc, 9207);
185 for (;;) {
186 n = desc_len;
187 if (n <= 0)
188 break;
189 if (n > 4)
190 n = 4;
191 piece = 0;
192 memcpy(&piece, description, n);
193 description += n;
194 desc_len -= n;
195 acc = mult_64x32_and_fold(acc, piece);
196 acc = mult_64x32_and_fold(acc, 9207);
197 }
198
199
200 hash = acc;
201 if (ASSOC_ARRAY_KEY_CHUNK_SIZE == 32)
202 hash ^= acc >> 32;
203
204
205
206
207
208 if (index_key->type != &key_type_keyring && (hash & fan_mask) == 0)
209 return hash | (hash >> (ASSOC_ARRAY_KEY_CHUNK_SIZE - level_shift)) | 1;
210 if (index_key->type == &key_type_keyring && (hash & fan_mask) != 0)
211 return (hash + (hash << level_shift)) & ~fan_mask;
212 return hash;
213}
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230static unsigned long keyring_get_key_chunk(const void *data, int level)
231{
232 const struct keyring_index_key *index_key = data;
233 unsigned long chunk = 0;
234 long offset = 0;
235 int desc_len = index_key->desc_len, n = sizeof(chunk);
236
237 level /= ASSOC_ARRAY_KEY_CHUNK_SIZE;
238 switch (level) {
239 case 0:
240 return hash_key_type_and_desc(index_key);
241 case 1:
242 return ((unsigned long)index_key->type << 8) | desc_len;
243 case 2:
244 if (desc_len == 0)
245 return (u8)((unsigned long)index_key->type >>
246 (ASSOC_ARRAY_KEY_CHUNK_SIZE - 8));
247 n--;
248 offset = 1;
249 default:
250 offset += sizeof(chunk) - 1;
251 offset += (level - 3) * sizeof(chunk);
252 if (offset >= desc_len)
253 return 0;
254 desc_len -= offset;
255 if (desc_len > n)
256 desc_len = n;
257 offset += desc_len;
258 do {
259 chunk <<= 8;
260 chunk |= ((u8*)index_key->description)[--offset];
261 } while (--desc_len > 0);
262
263 if (level == 2) {
264 chunk <<= 8;
265 chunk |= (u8)((unsigned long)index_key->type >>
266 (ASSOC_ARRAY_KEY_CHUNK_SIZE - 8));
267 }
268 return chunk;
269 }
270}
271
272static unsigned long keyring_get_object_key_chunk(const void *object, int level)
273{
274 const struct key *key = keyring_ptr_to_key(object);
275 return keyring_get_key_chunk(&key->index_key, level);
276}
277
278static bool keyring_compare_object(const void *object, const void *data)
279{
280 const struct keyring_index_key *index_key = data;
281 const struct key *key = keyring_ptr_to_key(object);
282
283 return key->index_key.type == index_key->type &&
284 key->index_key.desc_len == index_key->desc_len &&
285 memcmp(key->index_key.description, index_key->description,
286 index_key->desc_len) == 0;
287}
288
289
290
291
292
293static int keyring_diff_objects(const void *object, const void *data)
294{
295 const struct key *key_a = keyring_ptr_to_key(object);
296 const struct keyring_index_key *a = &key_a->index_key;
297 const struct keyring_index_key *b = data;
298 unsigned long seg_a, seg_b;
299 int level, i;
300
301 level = 0;
302 seg_a = hash_key_type_and_desc(a);
303 seg_b = hash_key_type_and_desc(b);
304 if ((seg_a ^ seg_b) != 0)
305 goto differ;
306
307
308
309
310
311 level += ASSOC_ARRAY_KEY_CHUNK_SIZE / 8;
312 seg_a = a->desc_len;
313 seg_b = b->desc_len;
314 if ((seg_a ^ seg_b) != 0)
315 goto differ;
316
317
318 level++;
319 seg_a = (unsigned long)a->type;
320 seg_b = (unsigned long)b->type;
321 if ((seg_a ^ seg_b) != 0)
322 goto differ;
323
324 level += sizeof(unsigned long);
325 if (a->desc_len == 0)
326 goto same;
327
328 i = 0;
329 if (((unsigned long)a->description | (unsigned long)b->description) &
330 (sizeof(unsigned long) - 1)) {
331 do {
332 seg_a = *(unsigned long *)(a->description + i);
333 seg_b = *(unsigned long *)(b->description + i);
334 if ((seg_a ^ seg_b) != 0)
335 goto differ_plus_i;
336 i += sizeof(unsigned long);
337 } while (i < (a->desc_len & (sizeof(unsigned long) - 1)));
338 }
339
340 for (; i < a->desc_len; i++) {
341 seg_a = *(unsigned char *)(a->description + i);
342 seg_b = *(unsigned char *)(b->description + i);
343 if ((seg_a ^ seg_b) != 0)
344 goto differ_plus_i;
345 }
346
347same:
348 return -1;
349
350differ_plus_i:
351 level += i;
352differ:
353 i = level * 8 + __ffs(seg_a ^ seg_b);
354 return i;
355}
356
357
358
359
360static void keyring_free_object(void *object)
361{
362 key_put(keyring_ptr_to_key(object));
363}
364
365
366
367
368static const struct assoc_array_ops keyring_assoc_array_ops = {
369 .get_key_chunk = keyring_get_key_chunk,
370 .get_object_key_chunk = keyring_get_object_key_chunk,
371 .compare_object = keyring_compare_object,
372 .diff_objects = keyring_diff_objects,
373 .free_object = keyring_free_object,
374};
375
376
377
378
379
380
381
382
383
384
385static void keyring_destroy(struct key *keyring)
386{
387 if (keyring->description) {
388 write_lock(&keyring_name_lock);
389
390 if (keyring->type_data.link.next != NULL &&
391 !list_empty(&keyring->type_data.link))
392 list_del(&keyring->type_data.link);
393
394 write_unlock(&keyring_name_lock);
395 }
396
397 assoc_array_destroy(&keyring->keys, &keyring_assoc_array_ops);
398}
399
400
401
402
403static void keyring_describe(const struct key *keyring, struct seq_file *m)
404{
405 if (keyring->description)
406 seq_puts(m, keyring->description);
407 else
408 seq_puts(m, "[anon]");
409
410 if (key_is_instantiated(keyring)) {
411 if (keyring->keys.nr_leaves_on_tree != 0)
412 seq_printf(m, ": %lu", keyring->keys.nr_leaves_on_tree);
413 else
414 seq_puts(m, ": empty");
415 }
416}
417
418struct keyring_read_iterator_context {
419 size_t qty;
420 size_t count;
421 key_serial_t __user *buffer;
422};
423
424static int keyring_read_iterator(const void *object, void *data)
425{
426 struct keyring_read_iterator_context *ctx = data;
427 const struct key *key = keyring_ptr_to_key(object);
428 int ret;
429
430 kenter("{%s,%d},,{%zu/%zu}",
431 key->type->name, key->serial, ctx->count, ctx->qty);
432
433 if (ctx->count >= ctx->qty)
434 return 1;
435
436 ret = put_user(key->serial, ctx->buffer);
437 if (ret < 0)
438 return ret;
439 ctx->buffer++;
440 ctx->count += sizeof(key->serial);
441 return 0;
442}
443
444
445
446
447
448
449
450
451static long keyring_read(const struct key *keyring,
452 char __user *buffer, size_t buflen)
453{
454 struct keyring_read_iterator_context ctx;
455 unsigned long nr_keys;
456 int ret;
457
458 kenter("{%d},,%zu", key_serial(keyring), buflen);
459
460 if (buflen & (sizeof(key_serial_t) - 1))
461 return -EINVAL;
462
463 nr_keys = keyring->keys.nr_leaves_on_tree;
464 if (nr_keys == 0)
465 return 0;
466
467
468 ctx.qty = nr_keys * sizeof(key_serial_t);
469
470 if (!buffer || !buflen)
471 return ctx.qty;
472
473 if (buflen > ctx.qty)
474 ctx.qty = buflen;
475
476
477 ctx.buffer = (key_serial_t __user *)buffer;
478 ctx.count = 0;
479 ret = assoc_array_iterate(&keyring->keys, keyring_read_iterator, &ctx);
480 if (ret < 0) {
481 kleave(" = %d [iterate]", ret);
482 return ret;
483 }
484
485 kleave(" = %zu [ok]", ctx.count);
486 return ctx.count;
487}
488
489
490
491
492struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
493 const struct cred *cred, key_perm_t perm,
494 unsigned long flags, struct key *dest)
495{
496 struct key *keyring;
497 int ret;
498
499 keyring = key_alloc(&key_type_keyring, description,
500 uid, gid, cred, perm, flags);
501 if (!IS_ERR(keyring)) {
502 ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);
503 if (ret < 0) {
504 key_put(keyring);
505 keyring = ERR_PTR(ret);
506 }
507 }
508
509 return keyring;
510}
511EXPORT_SYMBOL(keyring_alloc);
512
513
514
515
516bool key_default_cmp(const struct key *key,
517 const struct key_match_data *match_data)
518{
519 return strcmp(key->description, match_data->raw_data) == 0;
520}
521
522
523
524
525static int keyring_search_iterator(const void *object, void *iterator_data)
526{
527 struct keyring_search_context *ctx = iterator_data;
528 const struct key *key = keyring_ptr_to_key(object);
529 unsigned long kflags = key->flags;
530
531 kenter("{%d}", key->serial);
532
533
534 if (key->type != ctx->index_key.type) {
535 kleave(" = 0 [!type]");
536 return 0;
537 }
538
539
540 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) {
541 if (kflags & ((1 << KEY_FLAG_INVALIDATED) |
542 (1 << KEY_FLAG_REVOKED))) {
543 ctx->result = ERR_PTR(-EKEYREVOKED);
544 kleave(" = %d [invrev]", ctx->skipped_ret);
545 goto skipped;
546 }
547
548 if (key->expiry && ctx->now.tv_sec >= key->expiry) {
549 if (!(ctx->flags & KEYRING_SEARCH_SKIP_EXPIRED))
550 ctx->result = ERR_PTR(-EKEYEXPIRED);
551 kleave(" = %d [expire]", ctx->skipped_ret);
552 goto skipped;
553 }
554 }
555
556
557 if (!ctx->match_data.cmp(key, &ctx->match_data)) {
558 kleave(" = 0 [!match]");
559 return 0;
560 }
561
562
563 if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) &&
564 key_task_permission(make_key_ref(key, ctx->possessed),
565 ctx->cred, KEY_NEED_SEARCH) < 0) {
566 ctx->result = ERR_PTR(-EACCES);
567 kleave(" = %d [!perm]", ctx->skipped_ret);
568 goto skipped;
569 }
570
571 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) {
572
573 if (kflags & (1 << KEY_FLAG_NEGATIVE)) {
574 smp_rmb();
575 ctx->result = ERR_PTR(key->type_data.reject_error);
576 kleave(" = %d [neg]", ctx->skipped_ret);
577 goto skipped;
578 }
579 }
580
581
582 ctx->result = make_key_ref(key, ctx->possessed);
583 kleave(" = 1 [found]");
584 return 1;
585
586skipped:
587 return ctx->skipped_ret;
588}
589
590
591
592
593
594
595static int search_keyring(struct key *keyring, struct keyring_search_context *ctx)
596{
597 if (ctx->match_data.lookup_type == KEYRING_SEARCH_LOOKUP_DIRECT) {
598 const void *object;
599
600 object = assoc_array_find(&keyring->keys,
601 &keyring_assoc_array_ops,
602 &ctx->index_key);
603 return object ? ctx->iterator(object, ctx) : 0;
604 }
605 return assoc_array_iterate(&keyring->keys, ctx->iterator, ctx);
606}
607
608
609
610
611
612static bool search_nested_keyrings(struct key *keyring,
613 struct keyring_search_context *ctx)
614{
615 struct {
616 struct key *keyring;
617 struct assoc_array_node *node;
618 int slot;
619 } stack[KEYRING_SEARCH_MAX_DEPTH];
620
621 struct assoc_array_shortcut *shortcut;
622 struct assoc_array_node *node;
623 struct assoc_array_ptr *ptr;
624 struct key *key;
625 int sp = 0, slot;
626
627 kenter("{%d},{%s,%s}",
628 keyring->serial,
629 ctx->index_key.type->name,
630 ctx->index_key.description);
631
632#define STATE_CHECKS (KEYRING_SEARCH_NO_STATE_CHECK | KEYRING_SEARCH_DO_STATE_CHECK)
633 BUG_ON((ctx->flags & STATE_CHECKS) == 0 ||
634 (ctx->flags & STATE_CHECKS) == STATE_CHECKS);
635
636 if (ctx->index_key.description)
637 ctx->index_key.desc_len = strlen(ctx->index_key.description);
638
639
640
641
642 if (ctx->match_data.lookup_type == KEYRING_SEARCH_LOOKUP_ITERATE ||
643 keyring_compare_object(keyring, &ctx->index_key)) {
644 ctx->skipped_ret = 2;
645 switch (ctx->iterator(keyring_key_to_ptr(keyring), ctx)) {
646 case 1:
647 goto found;
648 case 2:
649 return false;
650 default:
651 break;
652 }
653 }
654
655 ctx->skipped_ret = 0;
656
657
658descend_to_keyring:
659 kdebug("descend to %d", keyring->serial);
660 if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) |
661 (1 << KEY_FLAG_REVOKED)))
662 goto not_this_keyring;
663
664
665
666
667 if (search_keyring(keyring, ctx))
668 goto found;
669
670
671
672
673
674
675
676
677
678 ptr = ACCESS_ONCE(keyring->keys.root);
679 if (!ptr)
680 goto not_this_keyring;
681
682 if (assoc_array_ptr_is_shortcut(ptr)) {
683
684
685
686
687 shortcut = assoc_array_ptr_to_shortcut(ptr);
688 smp_read_barrier_depends();
689 if ((shortcut->index_key[0] & ASSOC_ARRAY_FAN_MASK) != 0)
690 goto not_this_keyring;
691
692 ptr = ACCESS_ONCE(shortcut->next_node);
693 node = assoc_array_ptr_to_node(ptr);
694 goto begin_node;
695 }
696
697 node = assoc_array_ptr_to_node(ptr);
698 smp_read_barrier_depends();
699
700 ptr = node->slots[0];
701 if (!assoc_array_ptr_is_meta(ptr))
702 goto begin_node;
703
704descend_to_node:
705
706
707
708 kdebug("descend");
709 if (assoc_array_ptr_is_shortcut(ptr)) {
710 shortcut = assoc_array_ptr_to_shortcut(ptr);
711 smp_read_barrier_depends();
712 ptr = ACCESS_ONCE(shortcut->next_node);
713 BUG_ON(!assoc_array_ptr_is_node(ptr));
714 }
715 node = assoc_array_ptr_to_node(ptr);
716
717begin_node:
718 kdebug("begin_node");
719 smp_read_barrier_depends();
720 slot = 0;
721ascend_to_node:
722
723 for (; slot < ASSOC_ARRAY_FAN_OUT; slot++) {
724 ptr = ACCESS_ONCE(node->slots[slot]);
725
726 if (assoc_array_ptr_is_meta(ptr) && node->back_pointer)
727 goto descend_to_node;
728
729 if (!keyring_ptr_is_keyring(ptr))
730 continue;
731
732 key = keyring_ptr_to_key(ptr);
733
734 if (sp >= KEYRING_SEARCH_MAX_DEPTH) {
735 if (ctx->flags & KEYRING_SEARCH_DETECT_TOO_DEEP) {
736 ctx->result = ERR_PTR(-ELOOP);
737 return false;
738 }
739 goto not_this_keyring;
740 }
741
742
743 if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) &&
744 key_task_permission(make_key_ref(key, ctx->possessed),
745 ctx->cred, KEY_NEED_SEARCH) < 0)
746 continue;
747
748
749 stack[sp].keyring = keyring;
750 stack[sp].node = node;
751 stack[sp].slot = slot;
752 sp++;
753
754
755 keyring = key;
756 goto descend_to_keyring;
757 }
758
759
760
761
762 ptr = ACCESS_ONCE(node->back_pointer);
763 slot = node->parent_slot;
764
765 if (ptr && assoc_array_ptr_is_shortcut(ptr)) {
766 shortcut = assoc_array_ptr_to_shortcut(ptr);
767 smp_read_barrier_depends();
768 ptr = ACCESS_ONCE(shortcut->back_pointer);
769 slot = shortcut->parent_slot;
770 }
771 if (!ptr)
772 goto not_this_keyring;
773 node = assoc_array_ptr_to_node(ptr);
774 smp_read_barrier_depends();
775 slot++;
776
777
778
779
780
781 if (node->back_pointer) {
782 kdebug("ascend %d", slot);
783 goto ascend_to_node;
784 }
785
786
787
788
789not_this_keyring:
790 kdebug("not_this_keyring %d", sp);
791 if (sp <= 0) {
792 kleave(" = false");
793 return false;
794 }
795
796
797 sp--;
798 keyring = stack[sp].keyring;
799 node = stack[sp].node;
800 slot = stack[sp].slot + 1;
801 kdebug("ascend to %d [%d]", keyring->serial, slot);
802 goto ascend_to_node;
803
804
805found:
806 key = key_ref_to_ptr(ctx->result);
807 key_check(key);
808 if (!(ctx->flags & KEYRING_SEARCH_NO_UPDATE_TIME)) {
809 key->last_used_at = ctx->now.tv_sec;
810 keyring->last_used_at = ctx->now.tv_sec;
811 while (sp > 0)
812 stack[--sp].keyring->last_used_at = ctx->now.tv_sec;
813 }
814 kleave(" = true");
815 return true;
816}
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850key_ref_t keyring_search_aux(key_ref_t keyring_ref,
851 struct keyring_search_context *ctx)
852{
853 struct key *keyring;
854 long err;
855
856 ctx->iterator = keyring_search_iterator;
857 ctx->possessed = is_key_possessed(keyring_ref);
858 ctx->result = ERR_PTR(-EAGAIN);
859
860 keyring = key_ref_to_ptr(keyring_ref);
861 key_check(keyring);
862
863 if (keyring->type != &key_type_keyring)
864 return ERR_PTR(-ENOTDIR);
865
866 if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM)) {
867 err = key_task_permission(keyring_ref, ctx->cred, KEY_NEED_SEARCH);
868 if (err < 0)
869 return ERR_PTR(err);
870 }
871
872 rcu_read_lock();
873 ctx->now = current_kernel_time();
874 if (search_nested_keyrings(keyring, ctx))
875 __key_get(key_ref_to_ptr(ctx->result));
876 rcu_read_unlock();
877 return ctx->result;
878}
879
880
881
882
883
884
885
886
887
888
889key_ref_t keyring_search(key_ref_t keyring,
890 struct key_type *type,
891 const char *description)
892{
893 struct keyring_search_context ctx = {
894 .index_key.type = type,
895 .index_key.description = description,
896 .cred = current_cred(),
897 .match_data.cmp = key_default_cmp,
898 .match_data.raw_data = description,
899 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
900 .flags = KEYRING_SEARCH_DO_STATE_CHECK,
901 };
902 key_ref_t key;
903 int ret;
904
905 if (type->match_preparse) {
906 ret = type->match_preparse(&ctx.match_data);
907 if (ret < 0)
908 return ERR_PTR(ret);
909 }
910
911 key = keyring_search_aux(keyring, &ctx);
912
913 if (type->match_free)
914 type->match_free(&ctx.match_data);
915 return key;
916}
917EXPORT_SYMBOL(keyring_search);
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933key_ref_t find_key_to_update(key_ref_t keyring_ref,
934 const struct keyring_index_key *index_key)
935{
936 struct key *keyring, *key;
937 const void *object;
938
939 keyring = key_ref_to_ptr(keyring_ref);
940
941 kenter("{%d},{%s,%s}",
942 keyring->serial, index_key->type->name, index_key->description);
943
944 object = assoc_array_find(&keyring->keys, &keyring_assoc_array_ops,
945 index_key);
946
947 if (object)
948 goto found;
949
950 kleave(" = NULL");
951 return NULL;
952
953found:
954 key = keyring_ptr_to_key(object);
955 if (key->flags & ((1 << KEY_FLAG_INVALIDATED) |
956 (1 << KEY_FLAG_REVOKED))) {
957 kleave(" = NULL [x]");
958 return NULL;
959 }
960 __key_get(key);
961 kleave(" = {%d}", key->serial);
962 return make_key_ref(key, is_key_possessed(keyring_ref));
963}
964
965
966
967
968
969
970
971
972
973
974
975
976struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
977{
978 struct key *keyring;
979 int bucket;
980
981 if (!name)
982 return ERR_PTR(-EINVAL);
983
984 bucket = keyring_hash(name);
985
986 read_lock(&keyring_name_lock);
987
988 if (keyring_name_hash[bucket].next) {
989
990
991 list_for_each_entry(keyring,
992 &keyring_name_hash[bucket],
993 type_data.link
994 ) {
995 if (!kuid_has_mapping(current_user_ns(), keyring->user->uid))
996 continue;
997
998 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
999 continue;
1000
1001 if (strcmp(keyring->description, name) != 0)
1002 continue;
1003
1004 if (!skip_perm_check &&
1005 key_permission(make_key_ref(keyring, 0),
1006 KEY_NEED_SEARCH) < 0)
1007 continue;
1008
1009
1010
1011
1012 if (!atomic_inc_not_zero(&keyring->usage))
1013 continue;
1014 keyring->last_used_at = current_kernel_time().tv_sec;
1015 goto out;
1016 }
1017 }
1018
1019 keyring = ERR_PTR(-ENOKEY);
1020out:
1021 read_unlock(&keyring_name_lock);
1022 return keyring;
1023}
1024
1025static int keyring_detect_cycle_iterator(const void *object,
1026 void *iterator_data)
1027{
1028 struct keyring_search_context *ctx = iterator_data;
1029 const struct key *key = keyring_ptr_to_key(object);
1030
1031 kenter("{%d}", key->serial);
1032
1033
1034
1035 if (key != ctx->match_data.raw_data)
1036 return 0;
1037
1038 ctx->result = ERR_PTR(-EDEADLK);
1039 return 1;
1040}
1041
1042
1043
1044
1045
1046
1047
1048
1049static int keyring_detect_cycle(struct key *A, struct key *B)
1050{
1051 struct keyring_search_context ctx = {
1052 .index_key = A->index_key,
1053 .match_data.raw_data = A,
1054 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
1055 .iterator = keyring_detect_cycle_iterator,
1056 .flags = (KEYRING_SEARCH_NO_STATE_CHECK |
1057 KEYRING_SEARCH_NO_UPDATE_TIME |
1058 KEYRING_SEARCH_NO_CHECK_PERM |
1059 KEYRING_SEARCH_DETECT_TOO_DEEP),
1060 };
1061
1062 rcu_read_lock();
1063 search_nested_keyrings(B, &ctx);
1064 rcu_read_unlock();
1065 return PTR_ERR(ctx.result) == -EAGAIN ? 0 : PTR_ERR(ctx.result);
1066}
1067
1068
1069
1070
1071int __key_link_begin(struct key *keyring,
1072 const struct keyring_index_key *index_key,
1073 struct assoc_array_edit **_edit)
1074 __acquires(&keyring->sem)
1075 __acquires(&keyring_serialise_link_sem)
1076{
1077 struct assoc_array_edit *edit;
1078 int ret;
1079
1080 kenter("%d,%s,%s,",
1081 keyring->serial, index_key->type->name, index_key->description);
1082
1083 BUG_ON(index_key->desc_len == 0);
1084
1085 if (keyring->type != &key_type_keyring)
1086 return -ENOTDIR;
1087
1088 down_write(&keyring->sem);
1089
1090 ret = -EKEYREVOKED;
1091 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
1092 goto error_krsem;
1093
1094
1095
1096 if (index_key->type == &key_type_keyring)
1097 down_write(&keyring_serialise_link_sem);
1098
1099
1100
1101
1102 edit = assoc_array_insert(&keyring->keys,
1103 &keyring_assoc_array_ops,
1104 index_key,
1105 NULL);
1106 if (IS_ERR(edit)) {
1107 ret = PTR_ERR(edit);
1108 goto error_sem;
1109 }
1110
1111
1112
1113
1114 if (!edit->dead_leaf) {
1115 ret = key_payload_reserve(keyring,
1116 keyring->datalen + KEYQUOTA_LINK_BYTES);
1117 if (ret < 0)
1118 goto error_cancel;
1119 }
1120
1121 *_edit = edit;
1122 kleave(" = 0");
1123 return 0;
1124
1125error_cancel:
1126 assoc_array_cancel_edit(edit);
1127error_sem:
1128 if (index_key->type == &key_type_keyring)
1129 up_write(&keyring_serialise_link_sem);
1130error_krsem:
1131 up_write(&keyring->sem);
1132 kleave(" = %d", ret);
1133 return ret;
1134}
1135
1136
1137
1138
1139
1140
1141
1142int __key_link_check_live_key(struct key *keyring, struct key *key)
1143{
1144 if (key->type == &key_type_keyring)
1145
1146
1147 return keyring_detect_cycle(keyring, key);
1148 return 0;
1149}
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159void __key_link(struct key *key, struct assoc_array_edit **_edit)
1160{
1161 __key_get(key);
1162 assoc_array_insert_set_object(*_edit, keyring_key_to_ptr(key));
1163 assoc_array_apply_edit(*_edit);
1164 *_edit = NULL;
1165}
1166
1167
1168
1169
1170
1171
1172void __key_link_end(struct key *keyring,
1173 const struct keyring_index_key *index_key,
1174 struct assoc_array_edit *edit)
1175 __releases(&keyring->sem)
1176 __releases(&keyring_serialise_link_sem)
1177{
1178 BUG_ON(index_key->type == NULL);
1179 kenter("%d,%s,", keyring->serial, index_key->type->name);
1180
1181 if (index_key->type == &key_type_keyring)
1182 up_write(&keyring_serialise_link_sem);
1183
1184 if (edit && !edit->dead_leaf) {
1185 key_payload_reserve(keyring,
1186 keyring->datalen - KEYQUOTA_LINK_BYTES);
1187 assoc_array_cancel_edit(edit);
1188 }
1189 up_write(&keyring->sem);
1190}
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212int key_link(struct key *keyring, struct key *key)
1213{
1214 struct assoc_array_edit *edit;
1215 int ret;
1216
1217 kenter("{%d,%d}", keyring->serial, atomic_read(&keyring->usage));
1218
1219 key_check(keyring);
1220 key_check(key);
1221
1222 if (test_bit(KEY_FLAG_TRUSTED_ONLY, &keyring->flags) &&
1223 !test_bit(KEY_FLAG_TRUSTED, &key->flags))
1224 return -EPERM;
1225
1226 ret = __key_link_begin(keyring, &key->index_key, &edit);
1227 if (ret == 0) {
1228 kdebug("begun {%d,%d}", keyring->serial, atomic_read(&keyring->usage));
1229 ret = __key_link_check_live_key(keyring, key);
1230 if (ret == 0)
1231 __key_link(key, &edit);
1232 __key_link_end(keyring, &key->index_key, edit);
1233 }
1234
1235 kleave(" = %d {%d,%d}", ret, keyring->serial, atomic_read(&keyring->usage));
1236 return ret;
1237}
1238EXPORT_SYMBOL(key_link);
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257int key_unlink(struct key *keyring, struct key *key)
1258{
1259 struct assoc_array_edit *edit;
1260 int ret;
1261
1262 key_check(keyring);
1263 key_check(key);
1264
1265 if (keyring->type != &key_type_keyring)
1266 return -ENOTDIR;
1267
1268 down_write(&keyring->sem);
1269
1270 edit = assoc_array_delete(&keyring->keys, &keyring_assoc_array_ops,
1271 &key->index_key);
1272 if (IS_ERR(edit)) {
1273 ret = PTR_ERR(edit);
1274 goto error;
1275 }
1276 ret = -ENOENT;
1277 if (edit == NULL)
1278 goto error;
1279
1280 assoc_array_apply_edit(edit);
1281 key_payload_reserve(keyring, keyring->datalen - KEYQUOTA_LINK_BYTES);
1282 ret = 0;
1283
1284error:
1285 up_write(&keyring->sem);
1286 return ret;
1287}
1288EXPORT_SYMBOL(key_unlink);
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298int keyring_clear(struct key *keyring)
1299{
1300 struct assoc_array_edit *edit;
1301 int ret;
1302
1303 if (keyring->type != &key_type_keyring)
1304 return -ENOTDIR;
1305
1306 down_write(&keyring->sem);
1307
1308 edit = assoc_array_clear(&keyring->keys, &keyring_assoc_array_ops);
1309 if (IS_ERR(edit)) {
1310 ret = PTR_ERR(edit);
1311 } else {
1312 if (edit)
1313 assoc_array_apply_edit(edit);
1314 key_payload_reserve(keyring, 0);
1315 ret = 0;
1316 }
1317
1318 up_write(&keyring->sem);
1319 return ret;
1320}
1321EXPORT_SYMBOL(keyring_clear);
1322
1323
1324
1325
1326
1327
1328static void keyring_revoke(struct key *keyring)
1329{
1330 struct assoc_array_edit *edit;
1331
1332 edit = assoc_array_clear(&keyring->keys, &keyring_assoc_array_ops);
1333 if (!IS_ERR(edit)) {
1334 if (edit)
1335 assoc_array_apply_edit(edit);
1336 key_payload_reserve(keyring, 0);
1337 }
1338}
1339
1340static bool keyring_gc_select_iterator(void *object, void *iterator_data)
1341{
1342 struct key *key = keyring_ptr_to_key(object);
1343 time_t *limit = iterator_data;
1344
1345 if (key_is_dead(key, *limit))
1346 return false;
1347 key_get(key);
1348 return true;
1349}
1350
1351static int keyring_gc_check_iterator(const void *object, void *iterator_data)
1352{
1353 const struct key *key = keyring_ptr_to_key(object);
1354 time_t *limit = iterator_data;
1355
1356 key_check(key);
1357 return key_is_dead(key, *limit);
1358}
1359
1360
1361
1362
1363
1364
1365
1366void keyring_gc(struct key *keyring, time_t limit)
1367{
1368 int result;
1369
1370 kenter("%x{%s}", keyring->serial, keyring->description ?: "");
1371
1372 if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) |
1373 (1 << KEY_FLAG_REVOKED)))
1374 goto dont_gc;
1375
1376
1377 rcu_read_lock();
1378 result = assoc_array_iterate(&keyring->keys,
1379 keyring_gc_check_iterator, &limit);
1380 rcu_read_unlock();
1381 if (result == true)
1382 goto do_gc;
1383
1384dont_gc:
1385 kleave(" [no gc]");
1386 return;
1387
1388do_gc:
1389 down_write(&keyring->sem);
1390 assoc_array_gc(&keyring->keys, &keyring_assoc_array_ops,
1391 keyring_gc_select_iterator, &limit);
1392 up_write(&keyring->sem);
1393 kleave(" [gc]");
1394}
1395