Lines Matching +full:no +full:- +full:ref +full:- +full:current +full:- +full:limit
1 // SPDX-License-Identifier: GPL-2.0-or-later
4 * Copyright (C) 2004-2005, 2008, 2013 Red Hat, Inc. All Rights Reserved.
17 #include <keys/keyring-type.h>
18 #include <keys/user-type.h>
25 * When plumbing the depths of the key tree, this sets a hard limit
47 if (key->type == &key_type_keyring) in keyring_key_to_ptr()
60 list_del_init(&ns->keyring_name_list); in key_free_user_ns()
63 key_put(ns->user_keyring_register); in key_free_user_ns()
65 key_put(ns->persistent_keyring_register); in key_free_user_ns()
111 if (keyring->description && in keyring_publish_name()
112 keyring->description[0] && in keyring_publish_name()
113 keyring->description[0] != '.') { in keyring_publish_name()
115 list_add_tail(&keyring->name_link, &ns->keyring_name_list); in keyring_publish_name()
125 return prep->datalen != 0 ? -EINVAL : 0; in keyring_preparse()
138 * Returns 0 on success, -EINVAL if given any data.
143 assoc_array_init(&keyring->keys); in keyring_instantiate()
150 * Multiply 64-bits by 32-bits to 96-bits and fold back to 64-bit. Ideally we'd
167 const char *description = index_key->description; in hash_key_type_and_desc()
171 int n, desc_len = index_key->desc_len; in hash_key_type_and_desc()
173 type = (unsigned long)index_key->type; in hash_key_type_and_desc()
176 piece = (unsigned long)index_key->domain_tag; in hash_key_type_and_desc()
189 desc_len -= n; in hash_key_type_and_desc()
201 * zero for keyrings and non-zero otherwise. in hash_key_type_and_desc()
203 if (index_key->type != &key_type_keyring && (hash & fan_mask) == 0) in hash_key_type_and_desc()
204 hash |= (hash >> (ASSOC_ARRAY_KEY_CHUNK_SIZE - level_shift)) | 1; in hash_key_type_and_desc()
205 else if (index_key->type == &key_type_keyring && (hash & fan_mask) != 0) in hash_key_type_and_desc()
207 index_key->hash = hash; in hash_key_type_and_desc()
217 size_t n = min_t(size_t, index_key->desc_len, sizeof(index_key->desc)); in key_set_index_key()
219 memcpy(index_key->desc, index_key->description, n); in key_set_index_key()
221 if (!index_key->domain_tag) { in key_set_index_key()
222 if (index_key->type->flags & KEY_TYPE_NET_DOMAIN) in key_set_index_key()
223 index_key->domain_tag = current->nsproxy->net_ns->key_domain; in key_set_index_key()
225 index_key->domain_tag = &default_domain_tag; in key_set_index_key()
232 * key_put_tag - Release a ref on a tag.
235 * This releases a reference the given tag and returns true if that ref was the
240 if (refcount_dec_and_test(&tag->usage)) { in key_put_tag()
249 * key_remove_domain - Kill off a key domain and gc its keys
252 * This marks a domain tag as being dead and releases a ref on it. If that
258 domain_tag->removed = true; in key_remove_domain()
266 * We return it one word-sized chunk at a time.
273 int desc_len = index_key->desc_len, n = sizeof(chunk); in keyring_get_key_chunk()
278 return index_key->hash; in keyring_get_key_chunk()
280 return index_key->x; in keyring_get_key_chunk()
282 return (unsigned long)index_key->type; in keyring_get_key_chunk()
284 return (unsigned long)index_key->domain_tag; in keyring_get_key_chunk()
286 level -= 4; in keyring_get_key_chunk()
287 if (desc_len <= sizeof(index_key->desc)) in keyring_get_key_chunk()
290 d = index_key->description + sizeof(index_key->desc); in keyring_get_key_chunk()
292 desc_len -= sizeof(index_key->desc); in keyring_get_key_chunk()
298 } while (--desc_len > 0); in keyring_get_key_chunk()
306 return keyring_get_key_chunk(&key->index_key, level); in keyring_get_object_key_chunk()
314 return key->index_key.type == index_key->type && in keyring_compare_object()
315 key->index_key.domain_tag == index_key->domain_tag && in keyring_compare_object()
316 key->index_key.desc_len == index_key->desc_len && in keyring_compare_object()
317 memcmp(key->index_key.description, index_key->description, in keyring_compare_object()
318 index_key->desc_len) == 0; in keyring_compare_object()
323 * at which they differ - if they differ.
328 const struct keyring_index_key *a = &key_a->index_key; in keyring_diff_objects()
334 seg_a = a->hash; in keyring_diff_objects()
335 seg_b = b->hash; in keyring_diff_objects()
342 * can deal with as being machine word-size dependent. in keyring_diff_objects()
344 seg_a = a->x; in keyring_diff_objects()
345 seg_b = b->x; in keyring_diff_objects()
351 seg_a = (unsigned long)a->type; in keyring_diff_objects()
352 seg_b = (unsigned long)b->type; in keyring_diff_objects()
357 seg_a = (unsigned long)a->domain_tag; in keyring_diff_objects()
358 seg_b = (unsigned long)b->domain_tag; in keyring_diff_objects()
363 i = sizeof(a->desc); in keyring_diff_objects()
364 if (a->desc_len <= i) in keyring_diff_objects()
367 for (; i < a->desc_len; i++) { in keyring_diff_objects()
368 seg_a = *(unsigned char *)(a->description + i); in keyring_diff_objects()
369 seg_b = *(unsigned char *)(b->description + i); in keyring_diff_objects()
375 return -1; in keyring_diff_objects()
393 * Operations for keyring management by the index-tree routines.
414 if (keyring->description) { in keyring_destroy()
417 if (keyring->name_link.next != NULL && in keyring_destroy()
418 !list_empty(&keyring->name_link)) in keyring_destroy()
419 list_del(&keyring->name_link); in keyring_destroy()
424 if (keyring->restrict_link) { in keyring_destroy()
425 struct key_restriction *keyres = keyring->restrict_link; in keyring_destroy()
427 key_put(keyres->key); in keyring_destroy()
431 assoc_array_destroy(&keyring->keys, &keyring_assoc_array_ops); in keyring_destroy()
439 if (keyring->description) in keyring_describe()
440 seq_puts(m, keyring->description); in keyring_describe()
445 if (keyring->keys.nr_leaves_on_tree != 0) in keyring_describe()
446 seq_printf(m, ": %lu", keyring->keys.nr_leaves_on_tree); in keyring_describe()
464 key->type->name, key->serial, ctx->count, ctx->buflen); in keyring_read_iterator()
466 if (ctx->count >= ctx->buflen) in keyring_read_iterator()
469 *ctx->buffer++ = key->serial; in keyring_read_iterator()
470 ctx->count += sizeof(key->serial); in keyring_read_iterator()
477 * The keyring's semaphore is read-locked by the caller. This prevents someone
478 * from modifying it under us - which could cause us to read key IDs multiple
489 if (buflen & (sizeof(key_serial_t) - 1)) in keyring_read()
490 return -EINVAL; in keyring_read()
497 ret = assoc_array_iterate(&keyring->keys, in keyring_read()
506 ret = keyring->keys.nr_leaves_on_tree * sizeof(key_serial_t); in keyring_read()
541 * restrict_link_reject - Give -EPERM to restrict link
559 return -EPERM; in restrict_link_reject()
568 return strcmp(key->description, match_data->raw_data) == 0; in key_default_cmp()
578 unsigned long kflags = READ_ONCE(key->flags); in keyring_search_iterator()
579 short state = READ_ONCE(key->state); in keyring_search_iterator()
581 kenter("{%d}", key->serial); in keyring_search_iterator()
584 if (key->type != ctx->index_key.type) { in keyring_search_iterator()
590 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) { in keyring_search_iterator()
591 time64_t expiry = READ_ONCE(key->expiry); in keyring_search_iterator()
595 ctx->result = ERR_PTR(-EKEYREVOKED); in keyring_search_iterator()
596 kleave(" = %d [invrev]", ctx->skipped_ret); in keyring_search_iterator()
600 if (expiry && ctx->now >= expiry) { in keyring_search_iterator()
601 if (!(ctx->flags & KEYRING_SEARCH_SKIP_EXPIRED)) in keyring_search_iterator()
602 ctx->result = ERR_PTR(-EKEYEXPIRED); in keyring_search_iterator()
603 kleave(" = %d [expire]", ctx->skipped_ret); in keyring_search_iterator()
609 if (!ctx->match_data.cmp(key, &ctx->match_data)) { in keyring_search_iterator()
615 if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) && in keyring_search_iterator()
616 key_task_permission(make_key_ref(key, ctx->possessed), in keyring_search_iterator()
617 ctx->cred, KEY_NEED_SEARCH) < 0) { in keyring_search_iterator()
618 ctx->result = ERR_PTR(-EACCES); in keyring_search_iterator()
619 kleave(" = %d [!perm]", ctx->skipped_ret); in keyring_search_iterator()
623 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) { in keyring_search_iterator()
626 ctx->result = ERR_PTR(state); in keyring_search_iterator()
627 kleave(" = %d [neg]", ctx->skipped_ret); in keyring_search_iterator()
633 ctx->result = make_key_ref(key, ctx->possessed); in keyring_search_iterator()
638 return ctx->skipped_ret; in keyring_search_iterator()
643 * directly based on its index-key or we can iterate over the entire
648 if (ctx->match_data.lookup_type == KEYRING_SEARCH_LOOKUP_DIRECT) { in search_keyring()
651 object = assoc_array_find(&keyring->keys, in search_keyring()
653 &ctx->index_key); in search_keyring()
654 return object ? ctx->iterator(object, ctx) : 0; in search_keyring()
656 return assoc_array_iterate(&keyring->keys, ctx->iterator, ctx); in search_keyring()
679 keyring->serial, in search_nested_keyrings()
680 ctx->index_key.type->name, in search_nested_keyrings()
681 ctx->index_key.description); in search_nested_keyrings()
684 BUG_ON((ctx->flags & STATE_CHECKS) == 0 || in search_nested_keyrings()
685 (ctx->flags & STATE_CHECKS) == STATE_CHECKS); in search_nested_keyrings()
687 if (ctx->index_key.description) in search_nested_keyrings()
688 key_set_index_key(&ctx->index_key); in search_nested_keyrings()
690 /* Check to see if this top-level keyring is what we are looking for in search_nested_keyrings()
693 if (ctx->match_data.lookup_type == KEYRING_SEARCH_LOOKUP_ITERATE || in search_nested_keyrings()
694 keyring_compare_object(keyring, &ctx->index_key)) { in search_nested_keyrings()
695 ctx->skipped_ret = 2; in search_nested_keyrings()
696 switch (ctx->iterator(keyring_key_to_ptr(keyring), ctx)) { in search_nested_keyrings()
706 ctx->skipped_ret = 0; in search_nested_keyrings()
710 kdebug("descend to %d", keyring->serial); in search_nested_keyrings()
711 if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) | in search_nested_keyrings()
726 * Non-keyrings avoid the leftmost branch of the root entirely (root in search_nested_keyrings()
727 * slots 1-15). in search_nested_keyrings()
729 if (!(ctx->flags & KEYRING_SEARCH_RECURSE)) in search_nested_keyrings()
732 ptr = READ_ONCE(keyring->keys.root); in search_nested_keyrings()
742 if ((shortcut->index_key[0] & ASSOC_ARRAY_FAN_MASK) != 0) in search_nested_keyrings()
745 ptr = READ_ONCE(shortcut->next_node); in search_nested_keyrings()
751 ptr = node->slots[0]; in search_nested_keyrings()
762 ptr = READ_ONCE(shortcut->next_node); in search_nested_keyrings()
773 ptr = READ_ONCE(node->slots[slot]); in search_nested_keyrings()
776 if (node->back_pointer || in search_nested_keyrings()
787 if (ctx->flags & KEYRING_SEARCH_DETECT_TOO_DEEP) { in search_nested_keyrings()
788 ctx->result = ERR_PTR(-ELOOP); in search_nested_keyrings()
795 if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) && in search_nested_keyrings()
796 key_task_permission(make_key_ref(key, ctx->possessed), in search_nested_keyrings()
797 ctx->cred, KEY_NEED_SEARCH) < 0) in search_nested_keyrings()
800 /* stack the current position */ in search_nested_keyrings()
811 /* We've dealt with all the slots in the current node, so now we need in search_nested_keyrings()
814 ptr = READ_ONCE(node->back_pointer); in search_nested_keyrings()
815 slot = node->parent_slot; in search_nested_keyrings()
819 ptr = READ_ONCE(shortcut->back_pointer); in search_nested_keyrings()
820 slot = shortcut->parent_slot; in search_nested_keyrings()
828 * finished processing the leftmost branch rather than the root slots - in search_nested_keyrings()
831 if (node->back_pointer) { in search_nested_keyrings()
847 sp--; in search_nested_keyrings()
851 kdebug("ascend to %d [%d]", keyring->serial, slot); in search_nested_keyrings()
856 key = key_ref_to_ptr(ctx->result); in search_nested_keyrings()
858 if (!(ctx->flags & KEYRING_SEARCH_NO_UPDATE_TIME)) { in search_nested_keyrings()
859 key->last_used_at = ctx->now; in search_nested_keyrings()
860 keyring->last_used_at = ctx->now; in search_nested_keyrings()
862 stack[--sp].keyring->last_used_at = ctx->now; in search_nested_keyrings()
869 * keyring_search_rcu - Search a keyring tree for a matching key under RCU
880 * The search is performed as a breadth-then-depth search up to the prescribed
881 * limit (KEYRING_SEARCH_MAX_DEPTH). The caller must hold the RCU read lock to
895 * successful; -EAGAIN if no matching keys were found, or if expired or revoked
896 * keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the
908 ctx->iterator = keyring_search_iterator; in keyring_search_rcu()
909 ctx->possessed = is_key_possessed(keyring_ref); in keyring_search_rcu()
910 ctx->result = ERR_PTR(-EAGAIN); in keyring_search_rcu()
915 if (keyring->type != &key_type_keyring) in keyring_search_rcu()
916 return ERR_PTR(-ENOTDIR); in keyring_search_rcu()
918 if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM)) { in keyring_search_rcu()
919 err = key_task_permission(keyring_ref, ctx->cred, KEY_NEED_SEARCH); in keyring_search_rcu()
924 ctx->now = ktime_get_real_seconds(); in keyring_search_rcu()
926 __key_get(key_ref_to_ptr(ctx->result)); in keyring_search_rcu()
927 return ctx->result; in keyring_search_rcu()
931 * keyring_search - Search the supplied keyring tree for a matching key
937 * As keyring_search_rcu() above, but using the current task's credentials and
960 if (type->match_preparse) { in keyring_search()
961 ret = type->match_preparse(&ctx.match_data); in keyring_search()
970 if (type->match_free) in keyring_search()
971 type->match_free(&ctx.match_data); in keyring_search()
983 return ERR_PTR(-ENOMEM); in keyring_restriction_alloc()
985 keyres->check = check; in keyring_restriction_alloc()
1003 while (keyres && keyres->key && in keyring_detect_restriction_cycle()
1004 keyres->key->type == &key_type_keyring) { in keyring_detect_restriction_cycle()
1005 if (keyres->key == dest_keyring) in keyring_detect_restriction_cycle()
1008 keyres = keyres->key->restrict_link; in keyring_detect_restriction_cycle()
1015 * keyring_restrict - Look up and apply a restriction to a keyring
1035 if (keyring->type != &key_type_keyring) in keyring_restrict()
1036 return -ENOTDIR; in keyring_restrict()
1046 if (!restrict_type->lookup_restriction) { in keyring_restrict()
1047 ret = -ENOENT; in keyring_restrict()
1051 restrict_link = restrict_type->lookup_restriction(restriction); in keyring_restrict()
1059 down_write(&keyring->sem); in keyring_restrict()
1062 if (keyring->restrict_link) { in keyring_restrict()
1063 ret = -EEXIST; in keyring_restrict()
1065 ret = -EDEADLK; in keyring_restrict()
1067 keyring->restrict_link = restrict_link; in keyring_restrict()
1072 up_write(&keyring->sem); in keyring_restrict()
1075 key_put(restrict_link->key); in keyring_restrict()
1091 * permission is granted to modify the keyring as no check is made here. The
1098 * If successful, the possession indicator is propagated from the keyring ref
1110 keyring->serial, index_key->type->name, index_key->description); in find_key_to_update()
1112 object = assoc_array_find(&keyring->keys, &keyring_assoc_array_ops, in find_key_to_update()
1123 if (key->flags & ((1 << KEY_FLAG_INVALIDATED) | in find_key_to_update()
1129 kleave(" = {%d}", key->serial); in find_key_to_update()
1137 * user in the current user namespace are considered. If @uid_keyring is %true,
1142 * incremented on success. -ENOKEY is returned if a key could not be found.
1150 return ERR_PTR(-EINVAL); in find_keyring_by_name()
1157 list_for_each_entry(keyring, &ns->keyring_name_list, name_link) { in find_keyring_by_name()
1158 if (!kuid_has_mapping(ns, keyring->user->uid)) in find_keyring_by_name()
1161 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) in find_keyring_by_name()
1164 if (strcmp(keyring->description, name) != 0) in find_keyring_by_name()
1169 &keyring->flags)) in find_keyring_by_name()
1180 if (!refcount_inc_not_zero(&keyring->usage)) in find_keyring_by_name()
1182 keyring->last_used_at = ktime_get_real_seconds(); in find_keyring_by_name()
1186 keyring = ERR_PTR(-ENOKEY); in find_keyring_by_name()
1198 kenter("{%d}", key->serial); in keyring_detect_cycle_iterator()
1200 /* We might get a keyring with matching index-key that is nonetheless a in keyring_detect_cycle_iterator()
1202 if (key != ctx->match_data.raw_data) in keyring_detect_cycle_iterator()
1205 ctx->result = ERR_PTR(-EDEADLK); in keyring_detect_cycle_iterator()
1219 .index_key = A->index_key, in keyring_detect_cycle()
1233 return PTR_ERR(ctx.result) == -EAGAIN ? 0 : PTR_ERR(ctx.result); in keyring_detect_cycle()
1241 __acquires(&keyring->sem) in __key_link_lock()
1244 if (keyring->type != &key_type_keyring) in __key_link_lock()
1245 return -ENOTDIR; in __key_link_lock()
1247 down_write(&keyring->sem); in __key_link_lock()
1252 if (index_key->type == &key_type_keyring) in __key_link_lock()
1263 __acquires(&l_keyring->sem) in __key_move_lock()
1264 __acquires(&u_keyring->sem) in __key_move_lock()
1267 if (l_keyring->type != &key_type_keyring || in __key_move_lock()
1268 u_keyring->type != &key_type_keyring) in __key_move_lock()
1269 return -ENOTDIR; in __key_move_lock()
1276 down_write(&l_keyring->sem); in __key_move_lock()
1277 down_write_nested(&u_keyring->sem, 1); in __key_move_lock()
1279 down_write(&u_keyring->sem); in __key_move_lock()
1280 down_write_nested(&l_keyring->sem, 1); in __key_move_lock()
1286 if (index_key->type == &key_type_keyring) in __key_move_lock()
1303 keyring->serial, index_key->type->name, index_key->description); in __key_link_begin()
1305 BUG_ON(index_key->desc_len == 0); in __key_link_begin()
1310 ret = -EKEYREVOKED; in __key_link_begin()
1311 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) in __key_link_begin()
1317 edit = assoc_array_insert(&keyring->keys, in __key_link_begin()
1326 /* If we're not replacing a link in-place then we're going to need some in __key_link_begin()
1329 if (!edit->dead_leaf) { in __key_link_begin()
1331 keyring->datalen + KEYQUOTA_LINK_BYTES); in __key_link_begin()
1355 if (key->type == &key_type_keyring) in __key_link_check_live_key()
1388 __releases(&keyring->sem) in __key_link_end()
1391 BUG_ON(index_key->type == NULL); in __key_link_end()
1392 kenter("%d,%s,", keyring->serial, index_key->type->name); in __key_link_end()
1395 if (!edit->dead_leaf) { in __key_link_end()
1397 keyring->datalen - KEYQUOTA_LINK_BYTES); in __key_link_end()
1401 up_write(&keyring->sem); in __key_link_end()
1403 if (index_key->type == &key_type_keyring) in __key_link_end()
1412 if (!keyring->restrict_link || !keyring->restrict_link->check) in __key_link_check_restriction()
1414 return keyring->restrict_link->check(keyring, key->type, &key->payload, in __key_link_check_restriction()
1415 keyring->restrict_link->key); in __key_link_check_restriction()
1419 * key_link - Link a key to a keyring
1426 * This function will write-lock the keyring's semaphore and will consume some
1429 * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring,
1430 * -EKEYREVOKED if the keyring has been revoked, -ENFILE if the keyring is
1431 * full, -EDQUOT if there is insufficient key data quota remaining to add
1432 * another link or -ENOMEM if there's insufficient memory.
1443 kenter("{%d,%d}", keyring->serial, refcount_read(&keyring->usage)); in key_link()
1448 ret = __key_link_lock(keyring, &key->index_key); in key_link()
1452 ret = __key_link_begin(keyring, &key->index_key, &edit); in key_link()
1456 kdebug("begun {%d,%d}", keyring->serial, refcount_read(&keyring->usage)); in key_link()
1464 __key_link_end(keyring, &key->index_key, edit); in key_link()
1466 kleave(" = %d {%d,%d}", ret, keyring->serial, refcount_read(&keyring->usage)); in key_link()
1475 __acquires(&keyring->sem) in __key_unlink_lock()
1477 if (keyring->type != &key_type_keyring) in __key_unlink_lock()
1478 return -ENOTDIR; in __key_unlink_lock()
1480 down_write(&keyring->sem); in __key_unlink_lock()
1494 edit = assoc_array_delete(&keyring->keys, &keyring_assoc_array_ops, in __key_unlink_begin()
1495 &key->index_key); in __key_unlink_begin()
1500 return -ENOENT; in __key_unlink_begin()
1515 key_payload_reserve(keyring, keyring->datalen - KEYQUOTA_LINK_BYTES); in __key_unlink()
1524 __releases(&keyring->sem) in __key_unlink_end()
1528 up_write(&keyring->sem); in __key_unlink_end()
1532 * key_unlink - Unlink the first link to a key from a keyring.
1538 * This function will write-lock the keyring's semaphore.
1540 * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring, -ENOENT if
1541 * the key isn't linked to by the keyring or -ENOMEM if there's insufficient
1545 * be removed (the keyring should have Write permission; no permissions are
1569 * key_move - Move a key from one keyring to another
1579 * This function will write-lock both keyring's semaphores and will consume
1582 * Returns 0 if successful, -ENOTDIR if either keyring isn't a keyring,
1583 * -EKEYREVOKED if either keyring has been revoked, -ENFILE if the second
1584 * keyring is full, -EDQUOT if there is insufficient key data quota remaining
1585 * to add another link or -ENOMEM if there's insufficient memory. If
1586 * KEYCTL_MOVE_EXCL is set, then -EEXIST will be returned if there's already a
1601 kenter("%d,%d,%d", key->serial, from_keyring->serial, to_keyring->serial); in key_move()
1610 ret = __key_move_lock(from_keyring, to_keyring, &key->index_key); in key_move()
1616 ret = __key_link_begin(to_keyring, &key->index_key, &to_edit); in key_move()
1620 ret = -EEXIST; in key_move()
1621 if (to_edit->dead_leaf && (flags & KEYCTL_MOVE_EXCL)) in key_move()
1634 __key_link_end(to_keyring, &key->index_key, to_edit); in key_move()
1643 * keyring_clear - Clear a keyring
1648 * Returns 0 if successful or -ENOTDIR if the keyring isn't a keyring.
1655 if (keyring->type != &key_type_keyring) in keyring_clear()
1656 return -ENOTDIR; in keyring_clear()
1658 down_write(&keyring->sem); in keyring_clear()
1660 edit = assoc_array_clear(&keyring->keys, &keyring_assoc_array_ops); in keyring_clear()
1671 up_write(&keyring->sem); in keyring_clear()
1679 * This is called with the key sem write-locked.
1685 edit = assoc_array_clear(&keyring->keys, &keyring_assoc_array_ops); in keyring_revoke()
1696 time64_t *limit = iterator_data; in keyring_gc_select_iterator() local
1698 if (key_is_dead(key, *limit)) in keyring_gc_select_iterator()
1707 time64_t *limit = iterator_data; in keyring_gc_check_iterator() local
1710 return key_is_dead(key, *limit); in keyring_gc_check_iterator()
1719 void keyring_gc(struct key *keyring, time64_t limit) in keyring_gc() argument
1723 kenter("%x{%s}", keyring->serial, keyring->description ?: ""); in keyring_gc()
1725 if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) | in keyring_gc()
1731 result = assoc_array_iterate(&keyring->keys, in keyring_gc()
1732 keyring_gc_check_iterator, &limit); in keyring_gc()
1738 kleave(" [no gc]"); in keyring_gc()
1742 down_write(&keyring->sem); in keyring_gc()
1743 assoc_array_gc(&keyring->keys, &keyring_assoc_array_ops, in keyring_gc()
1744 keyring_gc_select_iterator, &limit); in keyring_gc()
1745 up_write(&keyring->sem); in keyring_gc()
1760 * The caller is required to hold key_types_sem and dead_type->sem. This is
1768 kenter("%x{%s}", keyring->serial, keyring->description ?: ""); in keyring_restriction_gc()
1771 * keyring->restrict_link is only assigned at key allocation time in keyring_restriction_gc()
1773 * concurrently assigned to keyring->restrict_link are for key in keyring_restriction_gc()
1775 * the key type before acquiring keyring->sem. in keyring_restriction_gc()
1777 if (!dead_type || !keyring->restrict_link || in keyring_restriction_gc()
1778 keyring->restrict_link->keytype != dead_type) { in keyring_restriction_gc()
1779 kleave(" [no restriction gc]"); in keyring_restriction_gc()
1784 down_write(&keyring->sem); in keyring_restriction_gc()
1786 keyres = keyring->restrict_link; in keyring_restriction_gc()
1788 keyres->check = restrict_link_reject; in keyring_restriction_gc()
1790 key_put(keyres->key); in keyring_restriction_gc()
1791 keyres->key = NULL; in keyring_restriction_gc()
1792 keyres->keytype = NULL; in keyring_restriction_gc()
1794 up_write(&keyring->sem); in keyring_restriction_gc()