1
2
3
4
5
6
7
8
9
10
11
12#include <linux/export.h>
13#include <linux/init.h>
14#include <linux/poison.h>
15#include <linux/sched.h>
16#include <linux/slab.h>
17#include <linux/security.h>
18#include <linux/workqueue.h>
19#include <linux/random.h>
20#include <linux/err.h>
21#include "internal.h"
22
23struct kmem_cache *key_jar;
24struct rb_root key_serial_tree;
25DEFINE_SPINLOCK(key_serial_lock);
26
27struct rb_root key_user_tree;
28DEFINE_SPINLOCK(key_user_lock);
29
30unsigned int key_quota_root_maxkeys = 1000000;
31unsigned int key_quota_root_maxbytes = 25000000;
32unsigned int key_quota_maxkeys = 200;
33unsigned int key_quota_maxbytes = 20000;
34
35static LIST_HEAD(key_types_list);
36static DECLARE_RWSEM(key_types_sem);
37
38
39DEFINE_MUTEX(key_construction_mutex);
40
41#ifdef KEY_DEBUGGING
42void __key_check(const struct key *key)
43{
44 printk("__key_check: key %p {%08x} should be {%08x}\n",
45 key, key->magic, KEY_DEBUG_MAGIC);
46 BUG();
47}
48#endif
49
50
51
52
53
54struct key_user *key_user_lookup(kuid_t uid)
55{
56 struct key_user *candidate = NULL, *user;
57 struct rb_node *parent, **p;
58
59try_again:
60 parent = NULL;
61 p = &key_user_tree.rb_node;
62 spin_lock(&key_user_lock);
63
64
65 while (*p) {
66 parent = *p;
67 user = rb_entry(parent, struct key_user, node);
68
69 if (uid_lt(uid, user->uid))
70 p = &(*p)->rb_left;
71 else if (uid_gt(uid, user->uid))
72 p = &(*p)->rb_right;
73 else
74 goto found;
75 }
76
77
78 if (!candidate) {
79
80
81 spin_unlock(&key_user_lock);
82
83 user = NULL;
84 candidate = kmalloc(sizeof(struct key_user), GFP_KERNEL);
85 if (unlikely(!candidate))
86 goto out;
87
88
89
90
91 goto try_again;
92 }
93
94
95
96 refcount_set(&candidate->usage, 1);
97 atomic_set(&candidate->nkeys, 0);
98 atomic_set(&candidate->nikeys, 0);
99 candidate->uid = uid;
100 candidate->qnkeys = 0;
101 candidate->qnbytes = 0;
102 spin_lock_init(&candidate->lock);
103 mutex_init(&candidate->cons_lock);
104
105 rb_link_node(&candidate->node, parent, p);
106 rb_insert_color(&candidate->node, &key_user_tree);
107 spin_unlock(&key_user_lock);
108 user = candidate;
109 goto out;
110
111
112found:
113 refcount_inc(&user->usage);
114 spin_unlock(&key_user_lock);
115 kfree(candidate);
116out:
117 return user;
118}
119
120
121
122
123void key_user_put(struct key_user *user)
124{
125 if (refcount_dec_and_lock(&user->usage, &key_user_lock)) {
126 rb_erase(&user->node, &key_user_tree);
127 spin_unlock(&key_user_lock);
128
129 kfree(user);
130 }
131}
132
133
134
135
136
137static inline void key_alloc_serial(struct key *key)
138{
139 struct rb_node *parent, **p;
140 struct key *xkey;
141
142
143
144 do {
145 get_random_bytes(&key->serial, sizeof(key->serial));
146
147 key->serial >>= 1;
148 } while (key->serial < 3);
149
150 spin_lock(&key_serial_lock);
151
152attempt_insertion:
153 parent = NULL;
154 p = &key_serial_tree.rb_node;
155
156 while (*p) {
157 parent = *p;
158 xkey = rb_entry(parent, struct key, serial_node);
159
160 if (key->serial < xkey->serial)
161 p = &(*p)->rb_left;
162 else if (key->serial > xkey->serial)
163 p = &(*p)->rb_right;
164 else
165 goto serial_exists;
166 }
167
168
169 rb_link_node(&key->serial_node, parent, p);
170 rb_insert_color(&key->serial_node, &key_serial_tree);
171
172 spin_unlock(&key_serial_lock);
173 return;
174
175
176
177serial_exists:
178 for (;;) {
179 key->serial++;
180 if (key->serial < 3) {
181 key->serial = 3;
182 goto attempt_insertion;
183 }
184
185 parent = rb_next(parent);
186 if (!parent)
187 goto attempt_insertion;
188
189 xkey = rb_entry(parent, struct key, serial_node);
190 if (key->serial < xkey->serial)
191 goto attempt_insertion;
192 }
193}
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228struct key *key_alloc(struct key_type *type, const char *desc,
229 kuid_t uid, kgid_t gid, const struct cred *cred,
230 key_perm_t perm, unsigned long flags,
231 struct key_restriction *restrict_link)
232{
233 struct key_user *user = NULL;
234 struct key *key;
235 size_t desclen, quotalen;
236 int ret;
237
238 key = ERR_PTR(-EINVAL);
239 if (!desc || !*desc)
240 goto error;
241
242 if (type->vet_description) {
243 ret = type->vet_description(desc);
244 if (ret < 0) {
245 key = ERR_PTR(ret);
246 goto error;
247 }
248 }
249
250 desclen = strlen(desc);
251 quotalen = desclen + 1 + type->def_datalen;
252
253
254 user = key_user_lookup(uid);
255 if (!user)
256 goto no_memory_1;
257
258
259
260 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
261 unsigned maxkeys = uid_eq(uid, GLOBAL_ROOT_UID) ?
262 key_quota_root_maxkeys : key_quota_maxkeys;
263 unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ?
264 key_quota_root_maxbytes : key_quota_maxbytes;
265
266 spin_lock(&user->lock);
267 if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) {
268 if (user->qnkeys + 1 > maxkeys ||
269 user->qnbytes + quotalen > maxbytes ||
270 user->qnbytes + quotalen < user->qnbytes)
271 goto no_quota;
272 }
273
274 user->qnkeys++;
275 user->qnbytes += quotalen;
276 spin_unlock(&user->lock);
277 }
278
279
280 key = kmem_cache_zalloc(key_jar, GFP_KERNEL);
281 if (!key)
282 goto no_memory_2;
283
284 key->index_key.desc_len = desclen;
285 key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL);
286 if (!key->index_key.description)
287 goto no_memory_3;
288
289 refcount_set(&key->usage, 1);
290 init_rwsem(&key->sem);
291 lockdep_set_class(&key->sem, &type->lock_class);
292 key->index_key.type = type;
293 key->user = user;
294 key->quotalen = quotalen;
295 key->datalen = type->def_datalen;
296 key->uid = uid;
297 key->gid = gid;
298 key->perm = perm;
299 key->restrict_link = restrict_link;
300 key->last_used_at = ktime_get_real_seconds();
301
302 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA))
303 key->flags |= 1 << KEY_FLAG_IN_QUOTA;
304 if (flags & KEY_ALLOC_BUILT_IN)
305 key->flags |= 1 << KEY_FLAG_BUILTIN;
306 if (flags & KEY_ALLOC_UID_KEYRING)
307 key->flags |= 1 << KEY_FLAG_UID_KEYRING;
308
309#ifdef KEY_DEBUGGING
310 key->magic = KEY_DEBUG_MAGIC;
311#endif
312
313
314 ret = security_key_alloc(key, cred, flags);
315 if (ret < 0)
316 goto security_error;
317
318
319 atomic_inc(&user->nkeys);
320 key_alloc_serial(key);
321
322error:
323 return key;
324
325security_error:
326 kfree(key->description);
327 kmem_cache_free(key_jar, key);
328 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
329 spin_lock(&user->lock);
330 user->qnkeys--;
331 user->qnbytes -= quotalen;
332 spin_unlock(&user->lock);
333 }
334 key_user_put(user);
335 key = ERR_PTR(ret);
336 goto error;
337
338no_memory_3:
339 kmem_cache_free(key_jar, key);
340no_memory_2:
341 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
342 spin_lock(&user->lock);
343 user->qnkeys--;
344 user->qnbytes -= quotalen;
345 spin_unlock(&user->lock);
346 }
347 key_user_put(user);
348no_memory_1:
349 key = ERR_PTR(-ENOMEM);
350 goto error;
351
352no_quota:
353 spin_unlock(&user->lock);
354 key_user_put(user);
355 key = ERR_PTR(-EDQUOT);
356 goto error;
357}
358EXPORT_SYMBOL(key_alloc);
359
360
361
362
363
364
365
366
367
368
369
370
371int key_payload_reserve(struct key *key, size_t datalen)
372{
373 int delta = (int)datalen - key->datalen;
374 int ret = 0;
375
376 key_check(key);
377
378
379 if (delta != 0 && test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
380 unsigned maxbytes = uid_eq(key->user->uid, GLOBAL_ROOT_UID) ?
381 key_quota_root_maxbytes : key_quota_maxbytes;
382
383 spin_lock(&key->user->lock);
384
385 if (delta > 0 &&
386 (key->user->qnbytes + delta >= maxbytes ||
387 key->user->qnbytes + delta < key->user->qnbytes)) {
388 ret = -EDQUOT;
389 }
390 else {
391 key->user->qnbytes += delta;
392 key->quotalen += delta;
393 }
394 spin_unlock(&key->user->lock);
395 }
396
397
398 if (ret == 0)
399 key->datalen = datalen;
400
401 return ret;
402}
403EXPORT_SYMBOL(key_payload_reserve);
404
405
406
407
408static void mark_key_instantiated(struct key *key, int reject_error)
409{
410
411
412
413 smp_store_release(&key->state,
414 (reject_error < 0) ? reject_error : KEY_IS_POSITIVE);
415}
416
417
418
419
420
421
422
423static int __key_instantiate_and_link(struct key *key,
424 struct key_preparsed_payload *prep,
425 struct key *keyring,
426 struct key *authkey,
427 struct assoc_array_edit **_edit)
428{
429 int ret, awaken;
430
431 key_check(key);
432 key_check(keyring);
433
434 awaken = 0;
435 ret = -EBUSY;
436
437 mutex_lock(&key_construction_mutex);
438
439
440 if (key->state == KEY_IS_UNINSTANTIATED) {
441
442 ret = key->type->instantiate(key, prep);
443
444 if (ret == 0) {
445
446 atomic_inc(&key->user->nikeys);
447 mark_key_instantiated(key, 0);
448
449 if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
450 awaken = 1;
451
452
453 if (keyring) {
454 if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
455 set_bit(KEY_FLAG_KEEP, &key->flags);
456
457 __key_link(key, _edit);
458 }
459
460
461 if (authkey)
462 key_revoke(authkey);
463
464 if (prep->expiry != TIME64_MAX) {
465 key->expiry = prep->expiry;
466 key_schedule_gc(prep->expiry + key_gc_delay);
467 }
468 }
469 }
470
471 mutex_unlock(&key_construction_mutex);
472
473
474 if (awaken)
475 wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT);
476
477 return ret;
478}
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496int key_instantiate_and_link(struct key *key,
497 const void *data,
498 size_t datalen,
499 struct key *keyring,
500 struct key *authkey)
501{
502 struct key_preparsed_payload prep;
503 struct assoc_array_edit *edit;
504 int ret;
505
506 memset(&prep, 0, sizeof(prep));
507 prep.data = data;
508 prep.datalen = datalen;
509 prep.quotalen = key->type->def_datalen;
510 prep.expiry = TIME64_MAX;
511 if (key->type->preparse) {
512 ret = key->type->preparse(&prep);
513 if (ret < 0)
514 goto error;
515 }
516
517 if (keyring) {
518 ret = __key_link_begin(keyring, &key->index_key, &edit);
519 if (ret < 0)
520 goto error;
521
522 if (keyring->restrict_link && keyring->restrict_link->check) {
523 struct key_restriction *keyres = keyring->restrict_link;
524
525 ret = keyres->check(keyring, key->type, &prep.payload,
526 keyres->key);
527 if (ret < 0)
528 goto error_link_end;
529 }
530 }
531
532 ret = __key_instantiate_and_link(key, &prep, keyring, authkey, &edit);
533
534error_link_end:
535 if (keyring)
536 __key_link_end(keyring, &key->index_key, edit);
537
538error:
539 if (key->type->preparse)
540 key->type->free_preparse(&prep);
541 return ret;
542}
543
544EXPORT_SYMBOL(key_instantiate_and_link);
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567int key_reject_and_link(struct key *key,
568 unsigned timeout,
569 unsigned error,
570 struct key *keyring,
571 struct key *authkey)
572{
573 struct assoc_array_edit *edit;
574 int ret, awaken, link_ret = 0;
575
576 key_check(key);
577 key_check(keyring);
578
579 awaken = 0;
580 ret = -EBUSY;
581
582 if (keyring) {
583 if (keyring->restrict_link)
584 return -EPERM;
585
586 link_ret = __key_link_begin(keyring, &key->index_key, &edit);
587 }
588
589 mutex_lock(&key_construction_mutex);
590
591
592 if (key->state == KEY_IS_UNINSTANTIATED) {
593
594 atomic_inc(&key->user->nikeys);
595 mark_key_instantiated(key, -error);
596 key->expiry = ktime_get_real_seconds() + timeout;
597 key_schedule_gc(key->expiry + key_gc_delay);
598
599 if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
600 awaken = 1;
601
602 ret = 0;
603
604
605 if (keyring && link_ret == 0)
606 __key_link(key, &edit);
607
608
609 if (authkey)
610 key_revoke(authkey);
611 }
612
613 mutex_unlock(&key_construction_mutex);
614
615 if (keyring && link_ret == 0)
616 __key_link_end(keyring, &key->index_key, edit);
617
618
619 if (awaken)
620 wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT);
621
622 return ret == 0 ? link_ret : ret;
623}
624EXPORT_SYMBOL(key_reject_and_link);
625
626
627
628
629
630
631
632
633
634void key_put(struct key *key)
635{
636 if (key) {
637 key_check(key);
638
639 if (refcount_dec_and_test(&key->usage))
640 schedule_work(&key_gc_work);
641 }
642}
643EXPORT_SYMBOL(key_put);
644
645
646
647
648struct key *key_lookup(key_serial_t id)
649{
650 struct rb_node *n;
651 struct key *key;
652
653 spin_lock(&key_serial_lock);
654
655
656 n = key_serial_tree.rb_node;
657 while (n) {
658 key = rb_entry(n, struct key, serial_node);
659
660 if (id < key->serial)
661 n = n->rb_left;
662 else if (id > key->serial)
663 n = n->rb_right;
664 else
665 goto found;
666 }
667
668not_found:
669 key = ERR_PTR(-ENOKEY);
670 goto error;
671
672found:
673
674
675
676 if (!refcount_inc_not_zero(&key->usage))
677 goto not_found;
678
679error:
680 spin_unlock(&key_serial_lock);
681 return key;
682}
683
684
685
686
687
688
689
690struct key_type *key_type_lookup(const char *type)
691{
692 struct key_type *ktype;
693
694 down_read(&key_types_sem);
695
696
697
698 list_for_each_entry(ktype, &key_types_list, link) {
699 if (strcmp(ktype->name, type) == 0)
700 goto found_kernel_type;
701 }
702
703 up_read(&key_types_sem);
704 ktype = ERR_PTR(-ENOKEY);
705
706found_kernel_type:
707 return ktype;
708}
709
710void key_set_timeout(struct key *key, unsigned timeout)
711{
712 time64_t expiry = 0;
713
714
715 down_write(&key->sem);
716
717 if (timeout > 0)
718 expiry = ktime_get_real_seconds() + timeout;
719
720 key->expiry = expiry;
721 key_schedule_gc(key->expiry + key_gc_delay);
722
723 up_write(&key->sem);
724}
725EXPORT_SYMBOL_GPL(key_set_timeout);
726
727
728
729
730void key_type_put(struct key_type *ktype)
731{
732 up_read(&key_types_sem);
733}
734
735
736
737
738
739
740
741static inline key_ref_t __key_update(key_ref_t key_ref,
742 struct key_preparsed_payload *prep)
743{
744 struct key *key = key_ref_to_ptr(key_ref);
745 int ret;
746
747
748 ret = key_permission(key_ref, KEY_NEED_WRITE);
749 if (ret < 0)
750 goto error;
751
752 ret = -EEXIST;
753 if (!key->type->update)
754 goto error;
755
756 down_write(&key->sem);
757
758 ret = key->type->update(key, prep);
759 if (ret == 0)
760
761 mark_key_instantiated(key, 0);
762
763 up_write(&key->sem);
764
765 if (ret < 0)
766 goto error;
767out:
768 return key_ref;
769
770error:
771 key_put(key);
772 key_ref = ERR_PTR(ret);
773 goto out;
774}
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801key_ref_t key_create_or_update(key_ref_t keyring_ref,
802 const char *type,
803 const char *description,
804 const void *payload,
805 size_t plen,
806 key_perm_t perm,
807 unsigned long flags)
808{
809 struct keyring_index_key index_key = {
810 .description = description,
811 };
812 struct key_preparsed_payload prep;
813 struct assoc_array_edit *edit;
814 const struct cred *cred = current_cred();
815 struct key *keyring, *key = NULL;
816 key_ref_t key_ref;
817 int ret;
818 struct key_restriction *restrict_link = NULL;
819
820
821
822 index_key.type = key_type_lookup(type);
823 if (IS_ERR(index_key.type)) {
824 key_ref = ERR_PTR(-ENODEV);
825 goto error;
826 }
827
828 key_ref = ERR_PTR(-EINVAL);
829 if (!index_key.type->instantiate ||
830 (!index_key.description && !index_key.type->preparse))
831 goto error_put_type;
832
833 keyring = key_ref_to_ptr(keyring_ref);
834
835 key_check(keyring);
836
837 if (!(flags & KEY_ALLOC_BYPASS_RESTRICTION))
838 restrict_link = keyring->restrict_link;
839
840 key_ref = ERR_PTR(-ENOTDIR);
841 if (keyring->type != &key_type_keyring)
842 goto error_put_type;
843
844 memset(&prep, 0, sizeof(prep));
845 prep.data = payload;
846 prep.datalen = plen;
847 prep.quotalen = index_key.type->def_datalen;
848 prep.expiry = TIME64_MAX;
849 if (index_key.type->preparse) {
850 ret = index_key.type->preparse(&prep);
851 if (ret < 0) {
852 key_ref = ERR_PTR(ret);
853 goto error_free_prep;
854 }
855 if (!index_key.description)
856 index_key.description = prep.description;
857 key_ref = ERR_PTR(-EINVAL);
858 if (!index_key.description)
859 goto error_free_prep;
860 }
861 index_key.desc_len = strlen(index_key.description);
862
863 ret = __key_link_begin(keyring, &index_key, &edit);
864 if (ret < 0) {
865 key_ref = ERR_PTR(ret);
866 goto error_free_prep;
867 }
868
869 if (restrict_link && restrict_link->check) {
870 ret = restrict_link->check(keyring, index_key.type,
871 &prep.payload, restrict_link->key);
872 if (ret < 0) {
873 key_ref = ERR_PTR(ret);
874 goto error_link_end;
875 }
876 }
877
878
879
880 ret = key_permission(keyring_ref, KEY_NEED_WRITE);
881 if (ret < 0) {
882 key_ref = ERR_PTR(ret);
883 goto error_link_end;
884 }
885
886
887
888
889
890 if (index_key.type->update) {
891 key_ref = find_key_to_update(keyring_ref, &index_key);
892 if (key_ref)
893 goto found_matching_key;
894 }
895
896
897 if (perm == KEY_PERM_UNDEF) {
898 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
899 perm |= KEY_USR_VIEW;
900
901 if (index_key.type->read)
902 perm |= KEY_POS_READ;
903
904 if (index_key.type == &key_type_keyring ||
905 index_key.type->update)
906 perm |= KEY_POS_WRITE;
907 }
908
909
910 key = key_alloc(index_key.type, index_key.description,
911 cred->fsuid, cred->fsgid, cred, perm, flags, NULL);
912 if (IS_ERR(key)) {
913 key_ref = ERR_CAST(key);
914 goto error_link_end;
915 }
916
917
918 ret = __key_instantiate_and_link(key, &prep, keyring, NULL, &edit);
919 if (ret < 0) {
920 key_put(key);
921 key_ref = ERR_PTR(ret);
922 goto error_link_end;
923 }
924
925 key_ref = make_key_ref(key, is_key_possessed(keyring_ref));
926
927error_link_end:
928 __key_link_end(keyring, &index_key, edit);
929error_free_prep:
930 if (index_key.type->preparse)
931 index_key.type->free_preparse(&prep);
932error_put_type:
933 key_type_put(index_key.type);
934error:
935 return key_ref;
936
937 found_matching_key:
938
939
940
941 __key_link_end(keyring, &index_key, edit);
942
943 key = key_ref_to_ptr(key_ref);
944 if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags)) {
945 ret = wait_for_key_construction(key, true);
946 if (ret < 0) {
947 key_ref_put(key_ref);
948 key_ref = ERR_PTR(ret);
949 goto error_free_prep;
950 }
951 }
952
953 key_ref = __key_update(key_ref, &prep);
954 goto error_free_prep;
955}
956EXPORT_SYMBOL(key_create_or_update);
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971int key_update(key_ref_t key_ref, const void *payload, size_t plen)
972{
973 struct key_preparsed_payload prep;
974 struct key *key = key_ref_to_ptr(key_ref);
975 int ret;
976
977 key_check(key);
978
979
980 ret = key_permission(key_ref, KEY_NEED_WRITE);
981 if (ret < 0)
982 return ret;
983
984
985 if (!key->type->update)
986 return -EOPNOTSUPP;
987
988 memset(&prep, 0, sizeof(prep));
989 prep.data = payload;
990 prep.datalen = plen;
991 prep.quotalen = key->type->def_datalen;
992 prep.expiry = TIME64_MAX;
993 if (key->type->preparse) {
994 ret = key->type->preparse(&prep);
995 if (ret < 0)
996 goto error;
997 }
998
999 down_write(&key->sem);
1000
1001 ret = key->type->update(key, &prep);
1002 if (ret == 0)
1003
1004 mark_key_instantiated(key, 0);
1005
1006 up_write(&key->sem);
1007
1008error:
1009 if (key->type->preparse)
1010 key->type->free_preparse(&prep);
1011 return ret;
1012}
1013EXPORT_SYMBOL(key_update);
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024void key_revoke(struct key *key)
1025{
1026 time64_t time;
1027
1028 key_check(key);
1029
1030
1031
1032
1033
1034
1035 down_write_nested(&key->sem, 1);
1036 if (!test_and_set_bit(KEY_FLAG_REVOKED, &key->flags) &&
1037 key->type->revoke)
1038 key->type->revoke(key);
1039
1040
1041 time = ktime_get_real_seconds();
1042 if (key->revoked_at == 0 || key->revoked_at > time) {
1043 key->revoked_at = time;
1044 key_schedule_gc(key->revoked_at + key_gc_delay);
1045 }
1046
1047 up_write(&key->sem);
1048}
1049EXPORT_SYMBOL(key_revoke);
1050
1051
1052
1053
1054
1055
1056
1057
1058void key_invalidate(struct key *key)
1059{
1060 kenter("%d", key_serial(key));
1061
1062 key_check(key);
1063
1064 if (!test_bit(KEY_FLAG_INVALIDATED, &key->flags)) {
1065 down_write_nested(&key->sem, 1);
1066 if (!test_and_set_bit(KEY_FLAG_INVALIDATED, &key->flags))
1067 key_schedule_gc_links();
1068 up_write(&key->sem);
1069 }
1070}
1071EXPORT_SYMBOL(key_invalidate);
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083int generic_key_instantiate(struct key *key, struct key_preparsed_payload *prep)
1084{
1085 int ret;
1086
1087 pr_devel("==>%s()\n", __func__);
1088
1089 ret = key_payload_reserve(key, prep->quotalen);
1090 if (ret == 0) {
1091 rcu_assign_keypointer(key, prep->payload.data[0]);
1092 key->payload.data[1] = prep->payload.data[1];
1093 key->payload.data[2] = prep->payload.data[2];
1094 key->payload.data[3] = prep->payload.data[3];
1095 prep->payload.data[0] = NULL;
1096 prep->payload.data[1] = NULL;
1097 prep->payload.data[2] = NULL;
1098 prep->payload.data[3] = NULL;
1099 }
1100 pr_devel("<==%s() = %d\n", __func__, ret);
1101 return ret;
1102}
1103EXPORT_SYMBOL(generic_key_instantiate);
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113int register_key_type(struct key_type *ktype)
1114{
1115 struct key_type *p;
1116 int ret;
1117
1118 memset(&ktype->lock_class, 0, sizeof(ktype->lock_class));
1119
1120 ret = -EEXIST;
1121 down_write(&key_types_sem);
1122
1123
1124 list_for_each_entry(p, &key_types_list, link) {
1125 if (strcmp(p->name, ktype->name) == 0)
1126 goto out;
1127 }
1128
1129
1130 list_add(&ktype->link, &key_types_list);
1131
1132 pr_notice("Key type %s registered\n", ktype->name);
1133 ret = 0;
1134
1135out:
1136 up_write(&key_types_sem);
1137 return ret;
1138}
1139EXPORT_SYMBOL(register_key_type);
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149void unregister_key_type(struct key_type *ktype)
1150{
1151 down_write(&key_types_sem);
1152 list_del_init(&ktype->link);
1153 downgrade_write(&key_types_sem);
1154 key_gc_keytype(ktype);
1155 pr_notice("Key type %s unregistered\n", ktype->name);
1156 up_read(&key_types_sem);
1157}
1158EXPORT_SYMBOL(unregister_key_type);
1159
1160
1161
1162
1163void __init key_init(void)
1164{
1165
1166 key_jar = kmem_cache_create("key_jar", sizeof(struct key),
1167 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
1168
1169
1170 list_add_tail(&key_type_keyring.link, &key_types_list);
1171 list_add_tail(&key_type_dead.link, &key_types_list);
1172 list_add_tail(&key_type_user.link, &key_types_list);
1173 list_add_tail(&key_type_logon.link, &key_types_list);
1174
1175
1176 rb_link_node(&root_key_user.node,
1177 NULL,
1178 &key_user_tree.rb_node);
1179
1180 rb_insert_color(&root_key_user.node,
1181 &key_user_tree);
1182}
1183