1 /* Keyring handling 2 * 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/security.h> 17 #include <linux/seq_file.h> 18 #include <linux/err.h> 19 #include <keys/keyring-type.h> 20 #include <asm/uaccess.h> 21 #include "internal.h" 22 23 #define rcu_dereference_locked_keyring(keyring) \ 24 (rcu_dereference_protected( \ 25 (keyring)->payload.subscriptions, \ 26 rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem))) 27 28 /* 29 * when plumbing the depths of the key tree, this sets a hard limit set on how 30 * deep we're willing to go 31 */ 32 #define KEYRING_SEARCH_MAX_DEPTH 6 33 34 /* 35 * we keep all named keyrings in a hash to speed looking them up 36 */ 37 #define KEYRING_NAME_HASH_SIZE (1 << 5) 38 39 static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE]; 40 static DEFINE_RWLOCK(keyring_name_lock); 41 42 static inline unsigned keyring_hash(const char *desc) 43 { 44 unsigned bucket = 0; 45 46 for (; *desc; desc++) 47 bucket += (unsigned char) *desc; 48 49 return bucket & (KEYRING_NAME_HASH_SIZE - 1); 50 } 51 52 /* 53 * the keyring type definition 54 */ 55 static int keyring_instantiate(struct key *keyring, 56 const void *data, size_t datalen); 57 static int keyring_match(const struct key *keyring, const void *criterion); 58 static void keyring_revoke(struct key *keyring); 59 static void keyring_destroy(struct key *keyring); 60 static void keyring_describe(const struct key *keyring, struct seq_file *m); 61 static long keyring_read(const struct key *keyring, 62 char __user *buffer, size_t buflen); 63 64 struct key_type key_type_keyring = { 65 .name = "keyring", 66 .def_datalen = sizeof(struct keyring_list), 67 .instantiate = keyring_instantiate, 68 .match = keyring_match, 69 .revoke = keyring_revoke, 70 .destroy = keyring_destroy, 71 .describe = keyring_describe, 72 .read = keyring_read, 73 }; 74 75 EXPORT_SYMBOL(key_type_keyring); 76 77 /* 78 * semaphore to serialise link/link calls to prevent two link calls in parallel 79 * introducing a cycle 80 */ 81 static DECLARE_RWSEM(keyring_serialise_link_sem); 82 83 /*****************************************************************************/ 84 /* 85 * publish the name of a keyring so that it can be found by name (if it has 86 * one) 87 */ 88 static void keyring_publish_name(struct key *keyring) 89 { 90 int bucket; 91 92 if (keyring->description) { 93 bucket = keyring_hash(keyring->description); 94 95 write_lock(&keyring_name_lock); 96 97 if (!keyring_name_hash[bucket].next) 98 INIT_LIST_HEAD(&keyring_name_hash[bucket]); 99 100 list_add_tail(&keyring->type_data.link, 101 &keyring_name_hash[bucket]); 102 103 write_unlock(&keyring_name_lock); 104 } 105 106 } /* end keyring_publish_name() */ 107 108 /*****************************************************************************/ 109 /* 110 * initialise a keyring 111 * - we object if we were given any data 112 */ 113 static int keyring_instantiate(struct key *keyring, 114 const void *data, size_t datalen) 115 { 116 int ret; 117 118 ret = -EINVAL; 119 if (datalen == 0) { 120 /* make the keyring available by name if it has one */ 121 keyring_publish_name(keyring); 122 ret = 0; 123 } 124 125 return ret; 126 127 } /* end keyring_instantiate() */ 128 129 /*****************************************************************************/ 130 /* 131 * match keyrings on their name 132 */ 133 static int keyring_match(const struct key *keyring, const void *description) 134 { 135 return keyring->description && 136 strcmp(keyring->description, description) == 0; 137 138 } /* end keyring_match() */ 139 140 /*****************************************************************************/ 141 /* 142 * dispose of the data dangling from the corpse of a keyring 143 */ 144 static void keyring_destroy(struct key *keyring) 145 { 146 struct keyring_list *klist; 147 int loop; 148 149 if (keyring->description) { 150 write_lock(&keyring_name_lock); 151 152 if (keyring->type_data.link.next != NULL && 153 !list_empty(&keyring->type_data.link)) 154 list_del(&keyring->type_data.link); 155 156 write_unlock(&keyring_name_lock); 157 } 158 159 klist = rcu_dereference_check(keyring->payload.subscriptions, 160 rcu_read_lock_held() || 161 atomic_read(&keyring->usage) == 0); 162 if (klist) { 163 for (loop = klist->nkeys - 1; loop >= 0; loop--) 164 key_put(klist->keys[loop]); 165 kfree(klist); 166 } 167 168 } /* end keyring_destroy() */ 169 170 /*****************************************************************************/ 171 /* 172 * describe the keyring 173 */ 174 static void keyring_describe(const struct key *keyring, struct seq_file *m) 175 { 176 struct keyring_list *klist; 177 178 if (keyring->description) { 179 seq_puts(m, keyring->description); 180 } 181 else { 182 seq_puts(m, "[anon]"); 183 } 184 185 rcu_read_lock(); 186 klist = rcu_dereference(keyring->payload.subscriptions); 187 if (klist) 188 seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys); 189 else 190 seq_puts(m, ": empty"); 191 rcu_read_unlock(); 192 193 } /* end keyring_describe() */ 194 195 /*****************************************************************************/ 196 /* 197 * read a list of key IDs from the keyring's contents 198 * - the keyring's semaphore is read-locked 199 */ 200 static long keyring_read(const struct key *keyring, 201 char __user *buffer, size_t buflen) 202 { 203 struct keyring_list *klist; 204 struct key *key; 205 size_t qty, tmp; 206 int loop, ret; 207 208 ret = 0; 209 klist = rcu_dereference_locked_keyring(keyring); 210 if (klist) { 211 /* calculate how much data we could return */ 212 qty = klist->nkeys * sizeof(key_serial_t); 213 214 if (buffer && buflen > 0) { 215 if (buflen > qty) 216 buflen = qty; 217 218 /* copy the IDs of the subscribed keys into the 219 * buffer */ 220 ret = -EFAULT; 221 222 for (loop = 0; loop < klist->nkeys; loop++) { 223 key = klist->keys[loop]; 224 225 tmp = sizeof(key_serial_t); 226 if (tmp > buflen) 227 tmp = buflen; 228 229 if (copy_to_user(buffer, 230 &key->serial, 231 tmp) != 0) 232 goto error; 233 234 buflen -= tmp; 235 if (buflen == 0) 236 break; 237 buffer += tmp; 238 } 239 } 240 241 ret = qty; 242 } 243 244 error: 245 return ret; 246 247 } /* end keyring_read() */ 248 249 /*****************************************************************************/ 250 /* 251 * allocate a keyring and link into the destination keyring 252 */ 253 struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, 254 const struct cred *cred, unsigned long flags, 255 struct key *dest) 256 { 257 struct key *keyring; 258 int ret; 259 260 keyring = key_alloc(&key_type_keyring, description, 261 uid, gid, cred, 262 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, 263 flags); 264 265 if (!IS_ERR(keyring)) { 266 ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL); 267 if (ret < 0) { 268 key_put(keyring); 269 keyring = ERR_PTR(ret); 270 } 271 } 272 273 return keyring; 274 275 } /* end keyring_alloc() */ 276 277 /*****************************************************************************/ 278 /* 279 * search the supplied keyring tree for a key that matches the criterion 280 * - perform a breadth-then-depth search up to the prescribed limit 281 * - we only find keys on which we have search permission 282 * - we use the supplied match function to see if the description (or other 283 * feature of interest) matches 284 * - we rely on RCU to prevent the keyring lists from disappearing on us 285 * - we return -EAGAIN if we didn't find any matching key 286 * - we return -ENOKEY if we only found negative matching keys 287 * - we propagate the possession attribute from the keyring ref to the key ref 288 */ 289 key_ref_t keyring_search_aux(key_ref_t keyring_ref, 290 const struct cred *cred, 291 struct key_type *type, 292 const void *description, 293 key_match_func_t match) 294 { 295 struct { 296 struct keyring_list *keylist; 297 int kix; 298 } stack[KEYRING_SEARCH_MAX_DEPTH]; 299 300 struct keyring_list *keylist; 301 struct timespec now; 302 unsigned long possessed, kflags; 303 struct key *keyring, *key; 304 key_ref_t key_ref; 305 long err; 306 int sp, kix; 307 308 keyring = key_ref_to_ptr(keyring_ref); 309 possessed = is_key_possessed(keyring_ref); 310 key_check(keyring); 311 312 /* top keyring must have search permission to begin the search */ 313 err = key_task_permission(keyring_ref, cred, KEY_SEARCH); 314 if (err < 0) { 315 key_ref = ERR_PTR(err); 316 goto error; 317 } 318 319 key_ref = ERR_PTR(-ENOTDIR); 320 if (keyring->type != &key_type_keyring) 321 goto error; 322 323 rcu_read_lock(); 324 325 now = current_kernel_time(); 326 err = -EAGAIN; 327 sp = 0; 328 329 /* firstly we should check to see if this top-level keyring is what we 330 * are looking for */ 331 key_ref = ERR_PTR(-EAGAIN); 332 kflags = keyring->flags; 333 if (keyring->type == type && match(keyring, description)) { 334 key = keyring; 335 336 /* check it isn't negative and hasn't expired or been 337 * revoked */ 338 if (kflags & (1 << KEY_FLAG_REVOKED)) 339 goto error_2; 340 if (key->expiry && now.tv_sec >= key->expiry) 341 goto error_2; 342 key_ref = ERR_PTR(-ENOKEY); 343 if (kflags & (1 << KEY_FLAG_NEGATIVE)) 344 goto error_2; 345 goto found; 346 } 347 348 /* otherwise, the top keyring must not be revoked, expired, or 349 * negatively instantiated if we are to search it */ 350 key_ref = ERR_PTR(-EAGAIN); 351 if (kflags & ((1 << KEY_FLAG_REVOKED) | (1 << KEY_FLAG_NEGATIVE)) || 352 (keyring->expiry && now.tv_sec >= keyring->expiry)) 353 goto error_2; 354 355 /* start processing a new keyring */ 356 descend: 357 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) 358 goto not_this_keyring; 359 360 keylist = rcu_dereference(keyring->payload.subscriptions); 361 if (!keylist) 362 goto not_this_keyring; 363 364 /* iterate through the keys in this keyring first */ 365 for (kix = 0; kix < keylist->nkeys; kix++) { 366 key = keylist->keys[kix]; 367 kflags = key->flags; 368 369 /* ignore keys not of this type */ 370 if (key->type != type) 371 continue; 372 373 /* skip revoked keys and expired keys */ 374 if (kflags & (1 << KEY_FLAG_REVOKED)) 375 continue; 376 377 if (key->expiry && now.tv_sec >= key->expiry) 378 continue; 379 380 /* keys that don't match */ 381 if (!match(key, description)) 382 continue; 383 384 /* key must have search permissions */ 385 if (key_task_permission(make_key_ref(key, possessed), 386 cred, KEY_SEARCH) < 0) 387 continue; 388 389 /* we set a different error code if we pass a negative key */ 390 if (kflags & (1 << KEY_FLAG_NEGATIVE)) { 391 err = -ENOKEY; 392 continue; 393 } 394 395 goto found; 396 } 397 398 /* search through the keyrings nested in this one */ 399 kix = 0; 400 ascend: 401 for (; kix < keylist->nkeys; kix++) { 402 key = keylist->keys[kix]; 403 if (key->type != &key_type_keyring) 404 continue; 405 406 /* recursively search nested keyrings 407 * - only search keyrings for which we have search permission 408 */ 409 if (sp >= KEYRING_SEARCH_MAX_DEPTH) 410 continue; 411 412 if (key_task_permission(make_key_ref(key, possessed), 413 cred, KEY_SEARCH) < 0) 414 continue; 415 416 /* stack the current position */ 417 stack[sp].keylist = keylist; 418 stack[sp].kix = kix; 419 sp++; 420 421 /* begin again with the new keyring */ 422 keyring = key; 423 goto descend; 424 } 425 426 /* the keyring we're looking at was disqualified or didn't contain a 427 * matching key */ 428 not_this_keyring: 429 if (sp > 0) { 430 /* resume the processing of a keyring higher up in the tree */ 431 sp--; 432 keylist = stack[sp].keylist; 433 kix = stack[sp].kix + 1; 434 goto ascend; 435 } 436 437 key_ref = ERR_PTR(err); 438 goto error_2; 439 440 /* we found a viable match */ 441 found: 442 atomic_inc(&key->usage); 443 key_check(key); 444 key_ref = make_key_ref(key, possessed); 445 error_2: 446 rcu_read_unlock(); 447 error: 448 return key_ref; 449 450 } /* end keyring_search_aux() */ 451 452 /*****************************************************************************/ 453 /* 454 * search the supplied keyring tree for a key that matches the criterion 455 * - perform a breadth-then-depth search up to the prescribed limit 456 * - we only find keys on which we have search permission 457 * - we readlock the keyrings as we search down the tree 458 * - we return -EAGAIN if we didn't find any matching key 459 * - we return -ENOKEY if we only found negative matching keys 460 */ 461 key_ref_t keyring_search(key_ref_t keyring, 462 struct key_type *type, 463 const char *description) 464 { 465 if (!type->match) 466 return ERR_PTR(-ENOKEY); 467 468 return keyring_search_aux(keyring, current->cred, 469 type, description, type->match); 470 471 } /* end keyring_search() */ 472 473 EXPORT_SYMBOL(keyring_search); 474 475 /*****************************************************************************/ 476 /* 477 * search the given keyring only (no recursion) 478 * - keyring must be locked by caller 479 * - caller must guarantee that the keyring is a keyring 480 */ 481 key_ref_t __keyring_search_one(key_ref_t keyring_ref, 482 const struct key_type *ktype, 483 const char *description, 484 key_perm_t perm) 485 { 486 struct keyring_list *klist; 487 unsigned long possessed; 488 struct key *keyring, *key; 489 int loop; 490 491 keyring = key_ref_to_ptr(keyring_ref); 492 possessed = is_key_possessed(keyring_ref); 493 494 rcu_read_lock(); 495 496 klist = rcu_dereference(keyring->payload.subscriptions); 497 if (klist) { 498 for (loop = 0; loop < klist->nkeys; loop++) { 499 key = klist->keys[loop]; 500 501 if (key->type == ktype && 502 (!key->type->match || 503 key->type->match(key, description)) && 504 key_permission(make_key_ref(key, possessed), 505 perm) == 0 && 506 !test_bit(KEY_FLAG_REVOKED, &key->flags) 507 ) 508 goto found; 509 } 510 } 511 512 rcu_read_unlock(); 513 return ERR_PTR(-ENOKEY); 514 515 found: 516 atomic_inc(&key->usage); 517 rcu_read_unlock(); 518 return make_key_ref(key, possessed); 519 520 } /* end __keyring_search_one() */ 521 522 /*****************************************************************************/ 523 /* 524 * find a keyring with the specified name 525 * - all named keyrings are searched 526 * - normally only finds keyrings with search permission for the current process 527 */ 528 struct key *find_keyring_by_name(const char *name, bool skip_perm_check) 529 { 530 struct key *keyring; 531 int bucket; 532 533 if (!name) 534 return ERR_PTR(-EINVAL); 535 536 bucket = keyring_hash(name); 537 538 read_lock(&keyring_name_lock); 539 540 if (keyring_name_hash[bucket].next) { 541 /* search this hash bucket for a keyring with a matching name 542 * that's readable and that hasn't been revoked */ 543 list_for_each_entry(keyring, 544 &keyring_name_hash[bucket], 545 type_data.link 546 ) { 547 if (keyring->user->user_ns != current_user_ns()) 548 continue; 549 550 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) 551 continue; 552 553 if (strcmp(keyring->description, name) != 0) 554 continue; 555 556 if (!skip_perm_check && 557 key_permission(make_key_ref(keyring, 0), 558 KEY_SEARCH) < 0) 559 continue; 560 561 /* we've got a match but we might end up racing with 562 * key_cleanup() if the keyring is currently 'dead' 563 * (ie. it has a zero usage count) */ 564 if (!atomic_inc_not_zero(&keyring->usage)) 565 continue; 566 goto out; 567 } 568 } 569 570 keyring = ERR_PTR(-ENOKEY); 571 out: 572 read_unlock(&keyring_name_lock); 573 return keyring; 574 575 } /* end find_keyring_by_name() */ 576 577 /*****************************************************************************/ 578 /* 579 * see if a cycle will will be created by inserting acyclic tree B in acyclic 580 * tree A at the topmost level (ie: as a direct child of A) 581 * - since we are adding B to A at the top level, checking for cycles should 582 * just be a matter of seeing if node A is somewhere in tree B 583 */ 584 static int keyring_detect_cycle(struct key *A, struct key *B) 585 { 586 struct { 587 struct keyring_list *keylist; 588 int kix; 589 } stack[KEYRING_SEARCH_MAX_DEPTH]; 590 591 struct keyring_list *keylist; 592 struct key *subtree, *key; 593 int sp, kix, ret; 594 595 rcu_read_lock(); 596 597 ret = -EDEADLK; 598 if (A == B) 599 goto cycle_detected; 600 601 subtree = B; 602 sp = 0; 603 604 /* start processing a new keyring */ 605 descend: 606 if (test_bit(KEY_FLAG_REVOKED, &subtree->flags)) 607 goto not_this_keyring; 608 609 keylist = rcu_dereference(subtree->payload.subscriptions); 610 if (!keylist) 611 goto not_this_keyring; 612 kix = 0; 613 614 ascend: 615 /* iterate through the remaining keys in this keyring */ 616 for (; kix < keylist->nkeys; kix++) { 617 key = keylist->keys[kix]; 618 619 if (key == A) 620 goto cycle_detected; 621 622 /* recursively check nested keyrings */ 623 if (key->type == &key_type_keyring) { 624 if (sp >= KEYRING_SEARCH_MAX_DEPTH) 625 goto too_deep; 626 627 /* stack the current position */ 628 stack[sp].keylist = keylist; 629 stack[sp].kix = kix; 630 sp++; 631 632 /* begin again with the new keyring */ 633 subtree = key; 634 goto descend; 635 } 636 } 637 638 /* the keyring we're looking at was disqualified or didn't contain a 639 * matching key */ 640 not_this_keyring: 641 if (sp > 0) { 642 /* resume the checking of a keyring higher up in the tree */ 643 sp--; 644 keylist = stack[sp].keylist; 645 kix = stack[sp].kix + 1; 646 goto ascend; 647 } 648 649 ret = 0; /* no cycles detected */ 650 651 error: 652 rcu_read_unlock(); 653 return ret; 654 655 too_deep: 656 ret = -ELOOP; 657 goto error; 658 659 cycle_detected: 660 ret = -EDEADLK; 661 goto error; 662 663 } /* end keyring_detect_cycle() */ 664 665 /*****************************************************************************/ 666 /* 667 * dispose of a keyring list after the RCU grace period 668 */ 669 static void keyring_link_rcu_disposal(struct rcu_head *rcu) 670 { 671 struct keyring_list *klist = 672 container_of(rcu, struct keyring_list, rcu); 673 674 kfree(klist); 675 676 } /* end keyring_link_rcu_disposal() */ 677 678 /*****************************************************************************/ 679 /* 680 * dispose of a keyring list after the RCU grace period, freeing the unlinked 681 * key 682 */ 683 static void keyring_unlink_rcu_disposal(struct rcu_head *rcu) 684 { 685 struct keyring_list *klist = 686 container_of(rcu, struct keyring_list, rcu); 687 688 key_put(klist->keys[klist->delkey]); 689 kfree(klist); 690 691 } /* end keyring_unlink_rcu_disposal() */ 692 693 /*****************************************************************************/ 694 /* 695 * link a key into to a keyring 696 * - must be called with the keyring's semaphore write-locked 697 * - discard already extant link to matching key if there is one 698 */ 699 int __key_link(struct key *keyring, struct key *key) 700 { 701 struct keyring_list *klist, *nklist; 702 unsigned max; 703 size_t size; 704 int loop, ret; 705 706 ret = -EKEYREVOKED; 707 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) 708 goto error; 709 710 ret = -ENOTDIR; 711 if (keyring->type != &key_type_keyring) 712 goto error; 713 714 /* serialise link/link calls to prevent parallel calls causing a 715 * cycle when applied to two keyring in opposite orders */ 716 down_write(&keyring_serialise_link_sem); 717 718 /* check that we aren't going to create a cycle adding one keyring to 719 * another */ 720 if (key->type == &key_type_keyring) { 721 ret = keyring_detect_cycle(keyring, key); 722 if (ret < 0) 723 goto error2; 724 } 725 726 /* see if there's a matching key we can displace */ 727 klist = rcu_dereference_locked_keyring(keyring); 728 if (klist && klist->nkeys > 0) { 729 struct key_type *type = key->type; 730 731 for (loop = klist->nkeys - 1; loop >= 0; loop--) { 732 if (klist->keys[loop]->type == type && 733 strcmp(klist->keys[loop]->description, 734 key->description) == 0 735 ) { 736 /* found a match - replace with new key */ 737 size = sizeof(struct key *) * klist->maxkeys; 738 size += sizeof(*klist); 739 BUG_ON(size > PAGE_SIZE); 740 741 ret = -ENOMEM; 742 nklist = kmemdup(klist, size, GFP_KERNEL); 743 if (!nklist) 744 goto error2; 745 746 /* replace matched key */ 747 atomic_inc(&key->usage); 748 nklist->keys[loop] = key; 749 750 rcu_assign_pointer( 751 keyring->payload.subscriptions, 752 nklist); 753 754 /* dispose of the old keyring list and the 755 * displaced key */ 756 klist->delkey = loop; 757 call_rcu(&klist->rcu, 758 keyring_unlink_rcu_disposal); 759 760 goto done; 761 } 762 } 763 } 764 765 /* check that we aren't going to overrun the user's quota */ 766 ret = key_payload_reserve(keyring, 767 keyring->datalen + KEYQUOTA_LINK_BYTES); 768 if (ret < 0) 769 goto error2; 770 771 if (klist && klist->nkeys < klist->maxkeys) { 772 /* there's sufficient slack space to add directly */ 773 atomic_inc(&key->usage); 774 775 klist->keys[klist->nkeys] = key; 776 smp_wmb(); 777 klist->nkeys++; 778 smp_wmb(); 779 } 780 else { 781 /* grow the key list */ 782 max = 4; 783 if (klist) 784 max += klist->maxkeys; 785 786 ret = -ENFILE; 787 if (max > 65535) 788 goto error3; 789 size = sizeof(*klist) + sizeof(struct key *) * max; 790 if (size > PAGE_SIZE) 791 goto error3; 792 793 ret = -ENOMEM; 794 nklist = kmalloc(size, GFP_KERNEL); 795 if (!nklist) 796 goto error3; 797 nklist->maxkeys = max; 798 nklist->nkeys = 0; 799 800 if (klist) { 801 nklist->nkeys = klist->nkeys; 802 memcpy(nklist->keys, 803 klist->keys, 804 sizeof(struct key *) * klist->nkeys); 805 } 806 807 /* add the key into the new space */ 808 atomic_inc(&key->usage); 809 nklist->keys[nklist->nkeys++] = key; 810 811 rcu_assign_pointer(keyring->payload.subscriptions, nklist); 812 813 /* dispose of the old keyring list */ 814 if (klist) 815 call_rcu(&klist->rcu, keyring_link_rcu_disposal); 816 } 817 818 done: 819 ret = 0; 820 error2: 821 up_write(&keyring_serialise_link_sem); 822 error: 823 return ret; 824 825 error3: 826 /* undo the quota changes */ 827 key_payload_reserve(keyring, 828 keyring->datalen - KEYQUOTA_LINK_BYTES); 829 goto error2; 830 831 } /* end __key_link() */ 832 833 /*****************************************************************************/ 834 /* 835 * link a key to a keyring 836 */ 837 int key_link(struct key *keyring, struct key *key) 838 { 839 int ret; 840 841 key_check(keyring); 842 key_check(key); 843 844 down_write(&keyring->sem); 845 ret = __key_link(keyring, key); 846 up_write(&keyring->sem); 847 848 return ret; 849 850 } /* end key_link() */ 851 852 EXPORT_SYMBOL(key_link); 853 854 /*****************************************************************************/ 855 /* 856 * unlink the first link to a key from a keyring 857 */ 858 int key_unlink(struct key *keyring, struct key *key) 859 { 860 struct keyring_list *klist, *nklist; 861 int loop, ret; 862 863 key_check(keyring); 864 key_check(key); 865 866 ret = -ENOTDIR; 867 if (keyring->type != &key_type_keyring) 868 goto error; 869 870 down_write(&keyring->sem); 871 872 klist = rcu_dereference_locked_keyring(keyring); 873 if (klist) { 874 /* search the keyring for the key */ 875 for (loop = 0; loop < klist->nkeys; loop++) 876 if (klist->keys[loop] == key) 877 goto key_is_present; 878 } 879 880 up_write(&keyring->sem); 881 ret = -ENOENT; 882 goto error; 883 884 key_is_present: 885 /* we need to copy the key list for RCU purposes */ 886 nklist = kmalloc(sizeof(*klist) + 887 sizeof(struct key *) * klist->maxkeys, 888 GFP_KERNEL); 889 if (!nklist) 890 goto nomem; 891 nklist->maxkeys = klist->maxkeys; 892 nklist->nkeys = klist->nkeys - 1; 893 894 if (loop > 0) 895 memcpy(&nklist->keys[0], 896 &klist->keys[0], 897 loop * sizeof(struct key *)); 898 899 if (loop < nklist->nkeys) 900 memcpy(&nklist->keys[loop], 901 &klist->keys[loop + 1], 902 (nklist->nkeys - loop) * sizeof(struct key *)); 903 904 /* adjust the user's quota */ 905 key_payload_reserve(keyring, 906 keyring->datalen - KEYQUOTA_LINK_BYTES); 907 908 rcu_assign_pointer(keyring->payload.subscriptions, nklist); 909 910 up_write(&keyring->sem); 911 912 /* schedule for later cleanup */ 913 klist->delkey = loop; 914 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal); 915 916 ret = 0; 917 918 error: 919 return ret; 920 nomem: 921 ret = -ENOMEM; 922 up_write(&keyring->sem); 923 goto error; 924 925 } /* end key_unlink() */ 926 927 EXPORT_SYMBOL(key_unlink); 928 929 /*****************************************************************************/ 930 /* 931 * dispose of a keyring list after the RCU grace period, releasing the keys it 932 * links to 933 */ 934 static void keyring_clear_rcu_disposal(struct rcu_head *rcu) 935 { 936 struct keyring_list *klist; 937 int loop; 938 939 klist = container_of(rcu, struct keyring_list, rcu); 940 941 for (loop = klist->nkeys - 1; loop >= 0; loop--) 942 key_put(klist->keys[loop]); 943 944 kfree(klist); 945 946 } /* end keyring_clear_rcu_disposal() */ 947 948 /*****************************************************************************/ 949 /* 950 * clear the specified process keyring 951 * - implements keyctl(KEYCTL_CLEAR) 952 */ 953 int keyring_clear(struct key *keyring) 954 { 955 struct keyring_list *klist; 956 int ret; 957 958 ret = -ENOTDIR; 959 if (keyring->type == &key_type_keyring) { 960 /* detach the pointer block with the locks held */ 961 down_write(&keyring->sem); 962 963 klist = rcu_dereference_locked_keyring(keyring); 964 if (klist) { 965 /* adjust the quota */ 966 key_payload_reserve(keyring, 967 sizeof(struct keyring_list)); 968 969 rcu_assign_pointer(keyring->payload.subscriptions, 970 NULL); 971 } 972 973 up_write(&keyring->sem); 974 975 /* free the keys after the locks have been dropped */ 976 if (klist) 977 call_rcu(&klist->rcu, keyring_clear_rcu_disposal); 978 979 ret = 0; 980 } 981 982 return ret; 983 984 } /* end keyring_clear() */ 985 986 EXPORT_SYMBOL(keyring_clear); 987 988 /*****************************************************************************/ 989 /* 990 * dispose of the links from a revoked keyring 991 * - called with the key sem write-locked 992 */ 993 static void keyring_revoke(struct key *keyring) 994 { 995 struct keyring_list *klist; 996 997 klist = rcu_dereference_locked_keyring(keyring); 998 999 /* adjust the quota */ 1000 key_payload_reserve(keyring, 0); 1001 1002 if (klist) { 1003 rcu_assign_pointer(keyring->payload.subscriptions, NULL); 1004 call_rcu(&klist->rcu, keyring_clear_rcu_disposal); 1005 } 1006 1007 } /* end keyring_revoke() */ 1008 1009 /* 1010 * Determine whether a key is dead 1011 */ 1012 static bool key_is_dead(struct key *key, time_t limit) 1013 { 1014 return test_bit(KEY_FLAG_DEAD, &key->flags) || 1015 (key->expiry > 0 && key->expiry <= limit); 1016 } 1017 1018 /* 1019 * Collect garbage from the contents of a keyring 1020 */ 1021 void keyring_gc(struct key *keyring, time_t limit) 1022 { 1023 struct keyring_list *klist, *new; 1024 struct key *key; 1025 int loop, keep, max; 1026 1027 kenter("{%x,%s}", key_serial(keyring), keyring->description); 1028 1029 down_write(&keyring->sem); 1030 1031 klist = rcu_dereference_locked_keyring(keyring); 1032 if (!klist) 1033 goto no_klist; 1034 1035 /* work out how many subscriptions we're keeping */ 1036 keep = 0; 1037 for (loop = klist->nkeys - 1; loop >= 0; loop--) 1038 if (!key_is_dead(klist->keys[loop], limit)) 1039 keep++; 1040 1041 if (keep == klist->nkeys) 1042 goto just_return; 1043 1044 /* allocate a new keyring payload */ 1045 max = roundup(keep, 4); 1046 new = kmalloc(sizeof(struct keyring_list) + max * sizeof(struct key *), 1047 GFP_KERNEL); 1048 if (!new) 1049 goto nomem; 1050 new->maxkeys = max; 1051 new->nkeys = 0; 1052 new->delkey = 0; 1053 1054 /* install the live keys 1055 * - must take care as expired keys may be updated back to life 1056 */ 1057 keep = 0; 1058 for (loop = klist->nkeys - 1; loop >= 0; loop--) { 1059 key = klist->keys[loop]; 1060 if (!key_is_dead(key, limit)) { 1061 if (keep >= max) 1062 goto discard_new; 1063 new->keys[keep++] = key_get(key); 1064 } 1065 } 1066 new->nkeys = keep; 1067 1068 /* adjust the quota */ 1069 key_payload_reserve(keyring, 1070 sizeof(struct keyring_list) + 1071 KEYQUOTA_LINK_BYTES * keep); 1072 1073 if (keep == 0) { 1074 rcu_assign_pointer(keyring->payload.subscriptions, NULL); 1075 kfree(new); 1076 } else { 1077 rcu_assign_pointer(keyring->payload.subscriptions, new); 1078 } 1079 1080 up_write(&keyring->sem); 1081 1082 call_rcu(&klist->rcu, keyring_clear_rcu_disposal); 1083 kleave(" [yes]"); 1084 return; 1085 1086 discard_new: 1087 new->nkeys = keep; 1088 keyring_clear_rcu_disposal(&new->rcu); 1089 up_write(&keyring->sem); 1090 kleave(" [discard]"); 1091 return; 1092 1093 just_return: 1094 up_write(&keyring->sem); 1095 kleave(" [no dead]"); 1096 return; 1097 1098 no_klist: 1099 up_write(&keyring->sem); 1100 kleave(" [no_klist]"); 1101 return; 1102 1103 nomem: 1104 up_write(&keyring->sem); 1105 kleave(" [oom]"); 1106 } 1107