1
2
3
4
5
6
7
8#include <linux/export.h>
9#include <linux/init.h>
10#include <linux/poison.h>
11#include <linux/sched.h>
12#include <linux/slab.h>
13#include <linux/security.h>
14#include <linux/workqueue.h>
15#include <linux/random.h>
16#include <linux/err.h>
17#include "internal.h"
18
19struct kmem_cache *key_jar;
20struct rb_root key_serial_tree;
21DEFINE_SPINLOCK(key_serial_lock);
22
23struct rb_root key_user_tree;
24DEFINE_SPINLOCK(key_user_lock);
25
26unsigned int key_quota_root_maxkeys = 1000000;
27unsigned int key_quota_root_maxbytes = 25000000;
28unsigned int key_quota_maxkeys = 200;
29unsigned int key_quota_maxbytes = 20000;
30
31static LIST_HEAD(key_types_list);
32static DECLARE_RWSEM(key_types_sem);
33
34
35DEFINE_MUTEX(key_construction_mutex);
36
37#ifdef KEY_DEBUGGING
38void __key_check(const struct key *key)
39{
40 printk("__key_check: key %p {%08x} should be {%08x}\n",
41 key, key->magic, KEY_DEBUG_MAGIC);
42 BUG();
43}
44#endif
45
46
47
48
49
50struct key_user *key_user_lookup(kuid_t uid)
51{
52 struct key_user *candidate = NULL, *user;
53 struct rb_node *parent, **p;
54
55try_again:
56 parent = NULL;
57 p = &key_user_tree.rb_node;
58 spin_lock(&key_user_lock);
59
60
61 while (*p) {
62 parent = *p;
63 user = rb_entry(parent, struct key_user, node);
64
65 if (uid_lt(uid, user->uid))
66 p = &(*p)->rb_left;
67 else if (uid_gt(uid, user->uid))
68 p = &(*p)->rb_right;
69 else
70 goto found;
71 }
72
73
74 if (!candidate) {
75
76
77 spin_unlock(&key_user_lock);
78
79 user = NULL;
80 candidate = kmalloc(sizeof(struct key_user), GFP_KERNEL);
81 if (unlikely(!candidate))
82 goto out;
83
84
85
86
87 goto try_again;
88 }
89
90
91
92 refcount_set(&candidate->usage, 1);
93 atomic_set(&candidate->nkeys, 0);
94 atomic_set(&candidate->nikeys, 0);
95 candidate->uid = uid;
96 candidate->qnkeys = 0;
97 candidate->qnbytes = 0;
98 spin_lock_init(&candidate->lock);
99 mutex_init(&candidate->cons_lock);
100
101 rb_link_node(&candidate->node, parent, p);
102 rb_insert_color(&candidate->node, &key_user_tree);
103 spin_unlock(&key_user_lock);
104 user = candidate;
105 goto out;
106
107
108found:
109 refcount_inc(&user->usage);
110 spin_unlock(&key_user_lock);
111 kfree(candidate);
112out:
113 return user;
114}
115
116
117
118
119void key_user_put(struct key_user *user)
120{
121 if (refcount_dec_and_lock(&user->usage, &key_user_lock)) {
122 rb_erase(&user->node, &key_user_tree);
123 spin_unlock(&key_user_lock);
124
125 kfree(user);
126 }
127}
128
129
130
131
132
133static inline void key_alloc_serial(struct key *key)
134{
135 struct rb_node *parent, **p;
136 struct key *xkey;
137
138
139
140 do {
141 get_random_bytes(&key->serial, sizeof(key->serial));
142
143 key->serial >>= 1;
144 } while (key->serial < 3);
145
146 spin_lock(&key_serial_lock);
147
148attempt_insertion:
149 parent = NULL;
150 p = &key_serial_tree.rb_node;
151
152 while (*p) {
153 parent = *p;
154 xkey = rb_entry(parent, struct key, serial_node);
155
156 if (key->serial < xkey->serial)
157 p = &(*p)->rb_left;
158 else if (key->serial > xkey->serial)
159 p = &(*p)->rb_right;
160 else
161 goto serial_exists;
162 }
163
164
165 rb_link_node(&key->serial_node, parent, p);
166 rb_insert_color(&key->serial_node, &key_serial_tree);
167
168 spin_unlock(&key_serial_lock);
169 return;
170
171
172
173serial_exists:
174 for (;;) {
175 key->serial++;
176 if (key->serial < 3) {
177 key->serial = 3;
178 goto attempt_insertion;
179 }
180
181 parent = rb_next(parent);
182 if (!parent)
183 goto attempt_insertion;
184
185 xkey = rb_entry(parent, struct key, serial_node);
186 if (key->serial < xkey->serial)
187 goto attempt_insertion;
188 }
189}
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224struct key *key_alloc(struct key_type *type, const char *desc,
225 kuid_t uid, kgid_t gid, const struct cred *cred,
226 key_perm_t perm, unsigned long flags,
227 struct key_restriction *restrict_link)
228{
229 struct key_user *user = NULL;
230 struct key *key;
231 size_t desclen, quotalen;
232 int ret;
233
234 key = ERR_PTR(-EINVAL);
235 if (!desc || !*desc)
236 goto error;
237
238 if (type->vet_description) {
239 ret = type->vet_description(desc);
240 if (ret < 0) {
241 key = ERR_PTR(ret);
242 goto error;
243 }
244 }
245
246 desclen = strlen(desc);
247 quotalen = desclen + 1 + type->def_datalen;
248
249
250 user = key_user_lookup(uid);
251 if (!user)
252 goto no_memory_1;
253
254
255
256 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
257 unsigned maxkeys = uid_eq(uid, GLOBAL_ROOT_UID) ?
258 key_quota_root_maxkeys : key_quota_maxkeys;
259 unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ?
260 key_quota_root_maxbytes : key_quota_maxbytes;
261
262 spin_lock(&user->lock);
263 if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) {
264 if (user->qnkeys + 1 > maxkeys ||
265 user->qnbytes + quotalen > maxbytes ||
266 user->qnbytes + quotalen < user->qnbytes)
267 goto no_quota;
268 }
269
270 user->qnkeys++;
271 user->qnbytes += quotalen;
272 spin_unlock(&user->lock);
273 }
274
275
276 key = kmem_cache_zalloc(key_jar, GFP_KERNEL);
277 if (!key)
278 goto no_memory_2;
279
280 key->index_key.desc_len = desclen;
281 key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL);
282 if (!key->index_key.description)
283 goto no_memory_3;
284 key->index_key.type = type;
285 key_set_index_key(&key->index_key);
286
287 refcount_set(&key->usage, 1);
288 init_rwsem(&key->sem);
289 lockdep_set_class(&key->sem, &type->lock_class);
290 key->user = user;
291 key->quotalen = quotalen;
292 key->datalen = type->def_datalen;
293 key->uid = uid;
294 key->gid = gid;
295 key->perm = perm;
296 key->restrict_link = restrict_link;
297 key->last_used_at = ktime_get_real_seconds();
298
299 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA))
300 key->flags |= 1 << KEY_FLAG_IN_QUOTA;
301 if (flags & KEY_ALLOC_BUILT_IN)
302 key->flags |= 1 << KEY_FLAG_BUILTIN;
303 if (flags & KEY_ALLOC_UID_KEYRING)
304 key->flags |= 1 << KEY_FLAG_UID_KEYRING;
305
306#ifdef KEY_DEBUGGING
307 key->magic = KEY_DEBUG_MAGIC;
308#endif
309
310
311 ret = security_key_alloc(key, cred, flags);
312 if (ret < 0)
313 goto security_error;
314
315
316 refcount_inc(&key->domain_tag->usage);
317 atomic_inc(&user->nkeys);
318 key_alloc_serial(key);
319
320error:
321 return key;
322
323security_error:
324 kfree(key->description);
325 kmem_cache_free(key_jar, key);
326 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
327 spin_lock(&user->lock);
328 user->qnkeys--;
329 user->qnbytes -= quotalen;
330 spin_unlock(&user->lock);
331 }
332 key_user_put(user);
333 key = ERR_PTR(ret);
334 goto error;
335
336no_memory_3:
337 kmem_cache_free(key_jar, key);
338no_memory_2:
339 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
340 spin_lock(&user->lock);
341 user->qnkeys--;
342 user->qnbytes -= quotalen;
343 spin_unlock(&user->lock);
344 }
345 key_user_put(user);
346no_memory_1:
347 key = ERR_PTR(-ENOMEM);
348 goto error;
349
350no_quota:
351 spin_unlock(&user->lock);
352 key_user_put(user);
353 key = ERR_PTR(-EDQUOT);
354 goto error;
355}
356EXPORT_SYMBOL(key_alloc);
357
358
359
360
361
362
363
364
365
366
367
368
369int key_payload_reserve(struct key *key, size_t datalen)
370{
371 int delta = (int)datalen - key->datalen;
372 int ret = 0;
373
374 key_check(key);
375
376
377 if (delta != 0 && test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
378 unsigned maxbytes = uid_eq(key->user->uid, GLOBAL_ROOT_UID) ?
379 key_quota_root_maxbytes : key_quota_maxbytes;
380
381 spin_lock(&key->user->lock);
382
383 if (delta > 0 &&
384 (key->user->qnbytes + delta >= maxbytes ||
385 key->user->qnbytes + delta < key->user->qnbytes)) {
386 ret = -EDQUOT;
387 }
388 else {
389 key->user->qnbytes += delta;
390 key->quotalen += delta;
391 }
392 spin_unlock(&key->user->lock);
393 }
394
395
396 if (ret == 0)
397 key->datalen = datalen;
398
399 return ret;
400}
401EXPORT_SYMBOL(key_payload_reserve);
402
403
404
405
406static void mark_key_instantiated(struct key *key, int reject_error)
407{
408
409
410
411 smp_store_release(&key->state,
412 (reject_error < 0) ? reject_error : KEY_IS_POSITIVE);
413}
414
415
416
417
418
419
420
421static int __key_instantiate_and_link(struct key *key,
422 struct key_preparsed_payload *prep,
423 struct key *keyring,
424 struct key *authkey,
425 struct assoc_array_edit **_edit)
426{
427 int ret, awaken;
428
429 key_check(key);
430 key_check(keyring);
431
432 awaken = 0;
433 ret = -EBUSY;
434
435 mutex_lock(&key_construction_mutex);
436
437
438 if (key->state == KEY_IS_UNINSTANTIATED) {
439
440 ret = key->type->instantiate(key, prep);
441
442 if (ret == 0) {
443
444 atomic_inc(&key->user->nikeys);
445 mark_key_instantiated(key, 0);
446
447 if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
448 awaken = 1;
449
450
451 if (keyring) {
452 if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
453 set_bit(KEY_FLAG_KEEP, &key->flags);
454
455 __key_link(key, _edit);
456 }
457
458
459 if (authkey)
460 key_invalidate(authkey);
461
462 if (prep->expiry != TIME64_MAX) {
463 key->expiry = prep->expiry;
464 key_schedule_gc(prep->expiry + key_gc_delay);
465 }
466 }
467 }
468
469 mutex_unlock(&key_construction_mutex);
470
471
472 if (awaken)
473 wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT);
474
475 return ret;
476}
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494int key_instantiate_and_link(struct key *key,
495 const void *data,
496 size_t datalen,
497 struct key *keyring,
498 struct key *authkey)
499{
500 struct key_preparsed_payload prep;
501 struct assoc_array_edit *edit = NULL;
502 int ret;
503
504 memset(&prep, 0, sizeof(prep));
505 prep.data = data;
506 prep.datalen = datalen;
507 prep.quotalen = key->type->def_datalen;
508 prep.expiry = TIME64_MAX;
509 if (key->type->preparse) {
510 ret = key->type->preparse(&prep);
511 if (ret < 0)
512 goto error;
513 }
514
515 if (keyring) {
516 ret = __key_link_lock(keyring, &key->index_key);
517 if (ret < 0)
518 goto error;
519
520 ret = __key_link_begin(keyring, &key->index_key, &edit);
521 if (ret < 0)
522 goto error_link_end;
523
524 if (keyring->restrict_link && keyring->restrict_link->check) {
525 struct key_restriction *keyres = keyring->restrict_link;
526
527 ret = keyres->check(keyring, key->type, &prep.payload,
528 keyres->key);
529 if (ret < 0)
530 goto error_link_end;
531 }
532 }
533
534 ret = __key_instantiate_and_link(key, &prep, keyring, authkey, &edit);
535
536error_link_end:
537 if (keyring)
538 __key_link_end(keyring, &key->index_key, edit);
539
540error:
541 if (key->type->preparse)
542 key->type->free_preparse(&prep);
543 return ret;
544}
545
546EXPORT_SYMBOL(key_instantiate_and_link);
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569int key_reject_and_link(struct key *key,
570 unsigned timeout,
571 unsigned error,
572 struct key *keyring,
573 struct key *authkey)
574{
575 struct assoc_array_edit *edit = NULL;
576 int ret, awaken, link_ret = 0;
577
578 key_check(key);
579 key_check(keyring);
580
581 awaken = 0;
582 ret = -EBUSY;
583
584 if (keyring) {
585 if (keyring->restrict_link)
586 return -EPERM;
587
588 link_ret = __key_link_lock(keyring, &key->index_key);
589 if (link_ret == 0) {
590 link_ret = __key_link_begin(keyring, &key->index_key, &edit);
591 if (link_ret < 0)
592 __key_link_end(keyring, &key->index_key, edit);
593 }
594 }
595
596 mutex_lock(&key_construction_mutex);
597
598
599 if (key->state == KEY_IS_UNINSTANTIATED) {
600
601 atomic_inc(&key->user->nikeys);
602 mark_key_instantiated(key, -error);
603 key->expiry = ktime_get_real_seconds() + timeout;
604 key_schedule_gc(key->expiry + key_gc_delay);
605
606 if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
607 awaken = 1;
608
609 ret = 0;
610
611
612 if (keyring && link_ret == 0)
613 __key_link(key, &edit);
614
615
616 if (authkey)
617 key_invalidate(authkey);
618 }
619
620 mutex_unlock(&key_construction_mutex);
621
622 if (keyring && link_ret == 0)
623 __key_link_end(keyring, &key->index_key, edit);
624
625
626 if (awaken)
627 wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT);
628
629 return ret == 0 ? link_ret : ret;
630}
631EXPORT_SYMBOL(key_reject_and_link);
632
633
634
635
636
637
638
639
640
641void key_put(struct key *key)
642{
643 if (key) {
644 key_check(key);
645
646 if (refcount_dec_and_test(&key->usage))
647 schedule_work(&key_gc_work);
648 }
649}
650EXPORT_SYMBOL(key_put);
651
652
653
654
655struct key *key_lookup(key_serial_t id)
656{
657 struct rb_node *n;
658 struct key *key;
659
660 spin_lock(&key_serial_lock);
661
662
663 n = key_serial_tree.rb_node;
664 while (n) {
665 key = rb_entry(n, struct key, serial_node);
666
667 if (id < key->serial)
668 n = n->rb_left;
669 else if (id > key->serial)
670 n = n->rb_right;
671 else
672 goto found;
673 }
674
675not_found:
676 key = ERR_PTR(-ENOKEY);
677 goto error;
678
679found:
680
681
682
683 if (!refcount_inc_not_zero(&key->usage))
684 goto not_found;
685
686error:
687 spin_unlock(&key_serial_lock);
688 return key;
689}
690
691
692
693
694
695
696
697struct key_type *key_type_lookup(const char *type)
698{
699 struct key_type *ktype;
700
701 down_read(&key_types_sem);
702
703
704
705 list_for_each_entry(ktype, &key_types_list, link) {
706 if (strcmp(ktype->name, type) == 0)
707 goto found_kernel_type;
708 }
709
710 up_read(&key_types_sem);
711 ktype = ERR_PTR(-ENOKEY);
712
713found_kernel_type:
714 return ktype;
715}
716
717void key_set_timeout(struct key *key, unsigned timeout)
718{
719 time64_t expiry = 0;
720
721
722 down_write(&key->sem);
723
724 if (timeout > 0)
725 expiry = ktime_get_real_seconds() + timeout;
726
727 key->expiry = expiry;
728 key_schedule_gc(key->expiry + key_gc_delay);
729
730 up_write(&key->sem);
731}
732EXPORT_SYMBOL_GPL(key_set_timeout);
733
734
735
736
737void key_type_put(struct key_type *ktype)
738{
739 up_read(&key_types_sem);
740}
741
742
743
744
745
746
747
748static inline key_ref_t __key_update(key_ref_t key_ref,
749 struct key_preparsed_payload *prep)
750{
751 struct key *key = key_ref_to_ptr(key_ref);
752 int ret;
753
754
755 ret = key_permission(key_ref, KEY_NEED_WRITE);
756 if (ret < 0)
757 goto error;
758
759 ret = -EEXIST;
760 if (!key->type->update)
761 goto error;
762
763 down_write(&key->sem);
764
765 ret = key->type->update(key, prep);
766 if (ret == 0)
767
768 mark_key_instantiated(key, 0);
769
770 up_write(&key->sem);
771
772 if (ret < 0)
773 goto error;
774out:
775 return key_ref;
776
777error:
778 key_put(key);
779 key_ref = ERR_PTR(ret);
780 goto out;
781}
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808key_ref_t key_create_or_update(key_ref_t keyring_ref,
809 const char *type,
810 const char *description,
811 const void *payload,
812 size_t plen,
813 key_perm_t perm,
814 unsigned long flags)
815{
816 struct keyring_index_key index_key = {
817 .description = description,
818 };
819 struct key_preparsed_payload prep;
820 struct assoc_array_edit *edit = NULL;
821 const struct cred *cred = current_cred();
822 struct key *keyring, *key = NULL;
823 key_ref_t key_ref;
824 int ret;
825 struct key_restriction *restrict_link = NULL;
826
827
828
829 index_key.type = key_type_lookup(type);
830 if (IS_ERR(index_key.type)) {
831 key_ref = ERR_PTR(-ENODEV);
832 goto error;
833 }
834
835 key_ref = ERR_PTR(-EINVAL);
836 if (!index_key.type->instantiate ||
837 (!index_key.description && !index_key.type->preparse))
838 goto error_put_type;
839
840 keyring = key_ref_to_ptr(keyring_ref);
841
842 key_check(keyring);
843
844 if (!(flags & KEY_ALLOC_BYPASS_RESTRICTION))
845 restrict_link = keyring->restrict_link;
846
847 key_ref = ERR_PTR(-ENOTDIR);
848 if (keyring->type != &key_type_keyring)
849 goto error_put_type;
850
851 memset(&prep, 0, sizeof(prep));
852 prep.data = payload;
853 prep.datalen = plen;
854 prep.quotalen = index_key.type->def_datalen;
855 prep.expiry = TIME64_MAX;
856 if (index_key.type->preparse) {
857 ret = index_key.type->preparse(&prep);
858 if (ret < 0) {
859 key_ref = ERR_PTR(ret);
860 goto error_free_prep;
861 }
862 if (!index_key.description)
863 index_key.description = prep.description;
864 key_ref = ERR_PTR(-EINVAL);
865 if (!index_key.description)
866 goto error_free_prep;
867 }
868 index_key.desc_len = strlen(index_key.description);
869 key_set_index_key(&index_key);
870
871 ret = __key_link_lock(keyring, &index_key);
872 if (ret < 0) {
873 key_ref = ERR_PTR(ret);
874 goto error_free_prep;
875 }
876
877 ret = __key_link_begin(keyring, &index_key, &edit);
878 if (ret < 0) {
879 key_ref = ERR_PTR(ret);
880 goto error_link_end;
881 }
882
883 if (restrict_link && restrict_link->check) {
884 ret = restrict_link->check(keyring, index_key.type,
885 &prep.payload, restrict_link->key);
886 if (ret < 0) {
887 key_ref = ERR_PTR(ret);
888 goto error_link_end;
889 }
890 }
891
892
893
894 ret = key_permission(keyring_ref, KEY_NEED_WRITE);
895 if (ret < 0) {
896 key_ref = ERR_PTR(ret);
897 goto error_link_end;
898 }
899
900
901
902
903
904 if (index_key.type->update) {
905 key_ref = find_key_to_update(keyring_ref, &index_key);
906 if (key_ref)
907 goto found_matching_key;
908 }
909
910
911 if (perm == KEY_PERM_UNDEF) {
912 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
913 perm |= KEY_USR_VIEW;
914
915 if (index_key.type->read)
916 perm |= KEY_POS_READ;
917
918 if (index_key.type == &key_type_keyring ||
919 index_key.type->update)
920 perm |= KEY_POS_WRITE;
921 }
922
923
924 key = key_alloc(index_key.type, index_key.description,
925 cred->fsuid, cred->fsgid, cred, perm, flags, NULL);
926 if (IS_ERR(key)) {
927 key_ref = ERR_CAST(key);
928 goto error_link_end;
929 }
930
931
932 ret = __key_instantiate_and_link(key, &prep, keyring, NULL, &edit);
933 if (ret < 0) {
934 key_put(key);
935 key_ref = ERR_PTR(ret);
936 goto error_link_end;
937 }
938
939 key_ref = make_key_ref(key, is_key_possessed(keyring_ref));
940
941error_link_end:
942 __key_link_end(keyring, &index_key, edit);
943error_free_prep:
944 if (index_key.type->preparse)
945 index_key.type->free_preparse(&prep);
946error_put_type:
947 key_type_put(index_key.type);
948error:
949 return key_ref;
950
951 found_matching_key:
952
953
954
955 __key_link_end(keyring, &index_key, edit);
956
957 key = key_ref_to_ptr(key_ref);
958 if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags)) {
959 ret = wait_for_key_construction(key, true);
960 if (ret < 0) {
961 key_ref_put(key_ref);
962 key_ref = ERR_PTR(ret);
963 goto error_free_prep;
964 }
965 }
966
967 key_ref = __key_update(key_ref, &prep);
968 goto error_free_prep;
969}
970EXPORT_SYMBOL(key_create_or_update);
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985int key_update(key_ref_t key_ref, const void *payload, size_t plen)
986{
987 struct key_preparsed_payload prep;
988 struct key *key = key_ref_to_ptr(key_ref);
989 int ret;
990
991 key_check(key);
992
993
994 ret = key_permission(key_ref, KEY_NEED_WRITE);
995 if (ret < 0)
996 return ret;
997
998
999 if (!key->type->update)
1000 return -EOPNOTSUPP;
1001
1002 memset(&prep, 0, sizeof(prep));
1003 prep.data = payload;
1004 prep.datalen = plen;
1005 prep.quotalen = key->type->def_datalen;
1006 prep.expiry = TIME64_MAX;
1007 if (key->type->preparse) {
1008 ret = key->type->preparse(&prep);
1009 if (ret < 0)
1010 goto error;
1011 }
1012
1013 down_write(&key->sem);
1014
1015 ret = key->type->update(key, &prep);
1016 if (ret == 0)
1017
1018 mark_key_instantiated(key, 0);
1019
1020 up_write(&key->sem);
1021
1022error:
1023 if (key->type->preparse)
1024 key->type->free_preparse(&prep);
1025 return ret;
1026}
1027EXPORT_SYMBOL(key_update);
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038void key_revoke(struct key *key)
1039{
1040 time64_t time;
1041
1042 key_check(key);
1043
1044
1045
1046
1047
1048
1049 down_write_nested(&key->sem, 1);
1050 if (!test_and_set_bit(KEY_FLAG_REVOKED, &key->flags) &&
1051 key->type->revoke)
1052 key->type->revoke(key);
1053
1054
1055 time = ktime_get_real_seconds();
1056 if (key->revoked_at == 0 || key->revoked_at > time) {
1057 key->revoked_at = time;
1058 key_schedule_gc(key->revoked_at + key_gc_delay);
1059 }
1060
1061 up_write(&key->sem);
1062}
1063EXPORT_SYMBOL(key_revoke);
1064
1065
1066
1067
1068
1069
1070
1071
1072void key_invalidate(struct key *key)
1073{
1074 kenter("%d", key_serial(key));
1075
1076 key_check(key);
1077
1078 if (!test_bit(KEY_FLAG_INVALIDATED, &key->flags)) {
1079 down_write_nested(&key->sem, 1);
1080 if (!test_and_set_bit(KEY_FLAG_INVALIDATED, &key->flags))
1081 key_schedule_gc_links();
1082 up_write(&key->sem);
1083 }
1084}
1085EXPORT_SYMBOL(key_invalidate);
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097int generic_key_instantiate(struct key *key, struct key_preparsed_payload *prep)
1098{
1099 int ret;
1100
1101 pr_devel("==>%s()\n", __func__);
1102
1103 ret = key_payload_reserve(key, prep->quotalen);
1104 if (ret == 0) {
1105 rcu_assign_keypointer(key, prep->payload.data[0]);
1106 key->payload.data[1] = prep->payload.data[1];
1107 key->payload.data[2] = prep->payload.data[2];
1108 key->payload.data[3] = prep->payload.data[3];
1109 prep->payload.data[0] = NULL;
1110 prep->payload.data[1] = NULL;
1111 prep->payload.data[2] = NULL;
1112 prep->payload.data[3] = NULL;
1113 }
1114 pr_devel("<==%s() = %d\n", __func__, ret);
1115 return ret;
1116}
1117EXPORT_SYMBOL(generic_key_instantiate);
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127int register_key_type(struct key_type *ktype)
1128{
1129 struct key_type *p;
1130 int ret;
1131
1132 memset(&ktype->lock_class, 0, sizeof(ktype->lock_class));
1133
1134 ret = -EEXIST;
1135 down_write(&key_types_sem);
1136
1137
1138 list_for_each_entry(p, &key_types_list, link) {
1139 if (strcmp(p->name, ktype->name) == 0)
1140 goto out;
1141 }
1142
1143
1144 list_add(&ktype->link, &key_types_list);
1145
1146 pr_notice("Key type %s registered\n", ktype->name);
1147 ret = 0;
1148
1149out:
1150 up_write(&key_types_sem);
1151 return ret;
1152}
1153EXPORT_SYMBOL(register_key_type);
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163void unregister_key_type(struct key_type *ktype)
1164{
1165 down_write(&key_types_sem);
1166 list_del_init(&ktype->link);
1167 downgrade_write(&key_types_sem);
1168 key_gc_keytype(ktype);
1169 pr_notice("Key type %s unregistered\n", ktype->name);
1170 up_read(&key_types_sem);
1171}
1172EXPORT_SYMBOL(unregister_key_type);
1173
1174
1175
1176
1177void __init key_init(void)
1178{
1179
1180 key_jar = kmem_cache_create("key_jar", sizeof(struct key),
1181 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
1182
1183
1184 list_add_tail(&key_type_keyring.link, &key_types_list);
1185 list_add_tail(&key_type_dead.link, &key_types_list);
1186 list_add_tail(&key_type_user.link, &key_types_list);
1187 list_add_tail(&key_type_logon.link, &key_types_list);
1188
1189
1190 rb_link_node(&root_key_user.node,
1191 NULL,
1192 &key_user_tree.rb_node);
1193
1194 rb_insert_color(&root_key_user.node,
1195 &key_user_tree);
1196}
1197