1 /* keyring.c: keyring handling 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/security.h> 17 #include <linux/seq_file.h> 18 #include <linux/err.h> 19 #include <asm/uaccess.h> 20 #include "internal.h" 21 22 /* 23 * when plumbing the depths of the key tree, this sets a hard limit set on how 24 * deep we're willing to go 25 */ 26 #define KEYRING_SEARCH_MAX_DEPTH 6 27 28 /* 29 * we keep all named keyrings in a hash to speed looking them up 30 */ 31 #define KEYRING_NAME_HASH_SIZE (1 << 5) 32 33 static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE]; 34 static DEFINE_RWLOCK(keyring_name_lock); 35 36 static inline unsigned keyring_hash(const char *desc) 37 { 38 unsigned bucket = 0; 39 40 for (; *desc; desc++) 41 bucket += (unsigned char) *desc; 42 43 return bucket & (KEYRING_NAME_HASH_SIZE - 1); 44 } 45 46 /* 47 * the keyring type definition 48 */ 49 static int keyring_instantiate(struct key *keyring, 50 const void *data, size_t datalen); 51 static int keyring_match(const struct key *keyring, const void *criterion); 52 static void keyring_destroy(struct key *keyring); 53 static void keyring_describe(const struct key *keyring, struct seq_file *m); 54 static long keyring_read(const struct key *keyring, 55 char __user *buffer, size_t buflen); 56 57 struct key_type key_type_keyring = { 58 .name = "keyring", 59 .def_datalen = sizeof(struct keyring_list), 60 .instantiate = keyring_instantiate, 61 .match = keyring_match, 62 .destroy = keyring_destroy, 63 .describe = keyring_describe, 64 .read = keyring_read, 65 }; 66 67 /* 68 * semaphore to serialise link/link calls to prevent two link calls in parallel 69 * introducing a cycle 70 */ 71 static DECLARE_RWSEM(keyring_serialise_link_sem); 72 73 /*****************************************************************************/ 74 /* 75 * publish the name of a keyring so that it can be found by name (if it has 76 * one) 77 */ 78 void keyring_publish_name(struct key *keyring) 79 { 80 int bucket; 81 82 if (keyring->description) { 83 bucket = keyring_hash(keyring->description); 84 85 write_lock(&keyring_name_lock); 86 87 if (!keyring_name_hash[bucket].next) 88 INIT_LIST_HEAD(&keyring_name_hash[bucket]); 89 90 list_add_tail(&keyring->type_data.link, 91 &keyring_name_hash[bucket]); 92 93 write_unlock(&keyring_name_lock); 94 } 95 96 } /* end keyring_publish_name() */ 97 98 /*****************************************************************************/ 99 /* 100 * initialise a keyring 101 * - we object if we were given any data 102 */ 103 static int keyring_instantiate(struct key *keyring, 104 const void *data, size_t datalen) 105 { 106 int ret; 107 108 ret = -EINVAL; 109 if (datalen == 0) { 110 /* make the keyring available by name if it has one */ 111 keyring_publish_name(keyring); 112 ret = 0; 113 } 114 115 return ret; 116 117 } /* end keyring_instantiate() */ 118 119 /*****************************************************************************/ 120 /* 121 * match keyrings on their name 122 */ 123 static int keyring_match(const struct key *keyring, const void *description) 124 { 125 return keyring->description && 126 strcmp(keyring->description, description) == 0; 127 128 } /* end keyring_match() */ 129 130 /*****************************************************************************/ 131 /* 132 * dispose of the data dangling from the corpse of a keyring 133 */ 134 static void keyring_destroy(struct key *keyring) 135 { 136 struct keyring_list *klist; 137 int loop; 138 139 if (keyring->description) { 140 write_lock(&keyring_name_lock); 141 142 if (keyring->type_data.link.next != NULL && 143 !list_empty(&keyring->type_data.link)) 144 list_del(&keyring->type_data.link); 145 146 write_unlock(&keyring_name_lock); 147 } 148 149 klist = rcu_dereference(keyring->payload.subscriptions); 150 if (klist) { 151 for (loop = klist->nkeys - 1; loop >= 0; loop--) 152 key_put(klist->keys[loop]); 153 kfree(klist); 154 } 155 156 } /* end keyring_destroy() */ 157 158 /*****************************************************************************/ 159 /* 160 * describe the keyring 161 */ 162 static void keyring_describe(const struct key *keyring, struct seq_file *m) 163 { 164 struct keyring_list *klist; 165 166 if (keyring->description) { 167 seq_puts(m, keyring->description); 168 } 169 else { 170 seq_puts(m, "[anon]"); 171 } 172 173 rcu_read_lock(); 174 klist = rcu_dereference(keyring->payload.subscriptions); 175 if (klist) 176 seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys); 177 else 178 seq_puts(m, ": empty"); 179 rcu_read_unlock(); 180 181 } /* end keyring_describe() */ 182 183 /*****************************************************************************/ 184 /* 185 * read a list of key IDs from the keyring's contents 186 * - the keyring's semaphore is read-locked 187 */ 188 static long keyring_read(const struct key *keyring, 189 char __user *buffer, size_t buflen) 190 { 191 struct keyring_list *klist; 192 struct key *key; 193 size_t qty, tmp; 194 int loop, ret; 195 196 ret = 0; 197 klist = rcu_dereference(keyring->payload.subscriptions); 198 199 if (klist) { 200 /* calculate how much data we could return */ 201 qty = klist->nkeys * sizeof(key_serial_t); 202 203 if (buffer && buflen > 0) { 204 if (buflen > qty) 205 buflen = qty; 206 207 /* copy the IDs of the subscribed keys into the 208 * buffer */ 209 ret = -EFAULT; 210 211 for (loop = 0; loop < klist->nkeys; loop++) { 212 key = klist->keys[loop]; 213 214 tmp = sizeof(key_serial_t); 215 if (tmp > buflen) 216 tmp = buflen; 217 218 if (copy_to_user(buffer, 219 &key->serial, 220 tmp) != 0) 221 goto error; 222 223 buflen -= tmp; 224 if (buflen == 0) 225 break; 226 buffer += tmp; 227 } 228 } 229 230 ret = qty; 231 } 232 233 error: 234 return ret; 235 236 } /* end keyring_read() */ 237 238 /*****************************************************************************/ 239 /* 240 * allocate a keyring and link into the destination keyring 241 */ 242 struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, 243 int not_in_quota, struct key *dest) 244 { 245 struct key *keyring; 246 int ret; 247 248 keyring = key_alloc(&key_type_keyring, description, 249 uid, gid, 250 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, 251 not_in_quota); 252 253 if (!IS_ERR(keyring)) { 254 ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL); 255 if (ret < 0) { 256 key_put(keyring); 257 keyring = ERR_PTR(ret); 258 } 259 } 260 261 return keyring; 262 263 } /* end keyring_alloc() */ 264 265 /*****************************************************************************/ 266 /* 267 * search the supplied keyring tree for a key that matches the criterion 268 * - perform a breadth-then-depth search up to the prescribed limit 269 * - we only find keys on which we have search permission 270 * - we use the supplied match function to see if the description (or other 271 * feature of interest) matches 272 * - we rely on RCU to prevent the keyring lists from disappearing on us 273 * - we return -EAGAIN if we didn't find any matching key 274 * - we return -ENOKEY if we only found negative matching keys 275 * - we propagate the possession attribute from the keyring ref to the key ref 276 */ 277 key_ref_t keyring_search_aux(key_ref_t keyring_ref, 278 struct task_struct *context, 279 struct key_type *type, 280 const void *description, 281 key_match_func_t match) 282 { 283 struct { 284 struct keyring_list *keylist; 285 int kix; 286 } stack[KEYRING_SEARCH_MAX_DEPTH]; 287 288 struct keyring_list *keylist; 289 struct timespec now; 290 unsigned long possessed; 291 struct key *keyring, *key; 292 key_ref_t key_ref; 293 long err; 294 int sp, kix; 295 296 keyring = key_ref_to_ptr(keyring_ref); 297 possessed = is_key_possessed(keyring_ref); 298 key_check(keyring); 299 300 /* top keyring must have search permission to begin the search */ 301 err = key_task_permission(keyring_ref, context, KEY_SEARCH); 302 if (err < 0) { 303 key_ref = ERR_PTR(err); 304 goto error; 305 } 306 307 key_ref = ERR_PTR(-ENOTDIR); 308 if (keyring->type != &key_type_keyring) 309 goto error; 310 311 rcu_read_lock(); 312 313 now = current_kernel_time(); 314 err = -EAGAIN; 315 sp = 0; 316 317 /* start processing a new keyring */ 318 descend: 319 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) 320 goto not_this_keyring; 321 322 keylist = rcu_dereference(keyring->payload.subscriptions); 323 if (!keylist) 324 goto not_this_keyring; 325 326 /* iterate through the keys in this keyring first */ 327 for (kix = 0; kix < keylist->nkeys; kix++) { 328 key = keylist->keys[kix]; 329 330 /* ignore keys not of this type */ 331 if (key->type != type) 332 continue; 333 334 /* skip revoked keys and expired keys */ 335 if (test_bit(KEY_FLAG_REVOKED, &key->flags)) 336 continue; 337 338 if (key->expiry && now.tv_sec >= key->expiry) 339 continue; 340 341 /* keys that don't match */ 342 if (!match(key, description)) 343 continue; 344 345 /* key must have search permissions */ 346 if (key_task_permission(make_key_ref(key, possessed), 347 context, KEY_SEARCH) < 0) 348 continue; 349 350 /* we set a different error code if we find a negative key */ 351 if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) { 352 err = -ENOKEY; 353 continue; 354 } 355 356 goto found; 357 } 358 359 /* search through the keyrings nested in this one */ 360 kix = 0; 361 ascend: 362 for (; kix < keylist->nkeys; kix++) { 363 key = keylist->keys[kix]; 364 if (key->type != &key_type_keyring) 365 continue; 366 367 /* recursively search nested keyrings 368 * - only search keyrings for which we have search permission 369 */ 370 if (sp >= KEYRING_SEARCH_MAX_DEPTH) 371 continue; 372 373 if (key_task_permission(make_key_ref(key, possessed), 374 context, KEY_SEARCH) < 0) 375 continue; 376 377 /* stack the current position */ 378 stack[sp].keylist = keylist; 379 stack[sp].kix = kix; 380 sp++; 381 382 /* begin again with the new keyring */ 383 keyring = key; 384 goto descend; 385 } 386 387 /* the keyring we're looking at was disqualified or didn't contain a 388 * matching key */ 389 not_this_keyring: 390 if (sp > 0) { 391 /* resume the processing of a keyring higher up in the tree */ 392 sp--; 393 keylist = stack[sp].keylist; 394 kix = stack[sp].kix + 1; 395 goto ascend; 396 } 397 398 key_ref = ERR_PTR(err); 399 goto error_2; 400 401 /* we found a viable match */ 402 found: 403 atomic_inc(&key->usage); 404 key_check(key); 405 key_ref = make_key_ref(key, possessed); 406 error_2: 407 rcu_read_unlock(); 408 error: 409 return key_ref; 410 411 } /* end keyring_search_aux() */ 412 413 /*****************************************************************************/ 414 /* 415 * search the supplied keyring tree for a key that matches the criterion 416 * - perform a breadth-then-depth search up to the prescribed limit 417 * - we only find keys on which we have search permission 418 * - we readlock the keyrings as we search down the tree 419 * - we return -EAGAIN if we didn't find any matching key 420 * - we return -ENOKEY if we only found negative matching keys 421 */ 422 key_ref_t keyring_search(key_ref_t keyring, 423 struct key_type *type, 424 const char *description) 425 { 426 if (!type->match) 427 return ERR_PTR(-ENOKEY); 428 429 return keyring_search_aux(keyring, current, 430 type, description, type->match); 431 432 } /* end keyring_search() */ 433 434 EXPORT_SYMBOL(keyring_search); 435 436 /*****************************************************************************/ 437 /* 438 * search the given keyring only (no recursion) 439 * - keyring must be locked by caller 440 */ 441 key_ref_t __keyring_search_one(key_ref_t keyring_ref, 442 const struct key_type *ktype, 443 const char *description, 444 key_perm_t perm) 445 { 446 struct keyring_list *klist; 447 unsigned long possessed; 448 struct key *keyring, *key; 449 int loop; 450 451 keyring = key_ref_to_ptr(keyring_ref); 452 possessed = is_key_possessed(keyring_ref); 453 454 rcu_read_lock(); 455 456 klist = rcu_dereference(keyring->payload.subscriptions); 457 if (klist) { 458 for (loop = 0; loop < klist->nkeys; loop++) { 459 key = klist->keys[loop]; 460 461 if (key->type == ktype && 462 (!key->type->match || 463 key->type->match(key, description)) && 464 key_permission(make_key_ref(key, possessed), 465 perm) == 0 && 466 !test_bit(KEY_FLAG_REVOKED, &key->flags) 467 ) 468 goto found; 469 } 470 } 471 472 rcu_read_unlock(); 473 return ERR_PTR(-ENOKEY); 474 475 found: 476 atomic_inc(&key->usage); 477 rcu_read_unlock(); 478 return make_key_ref(key, possessed); 479 480 } /* end __keyring_search_one() */ 481 482 /*****************************************************************************/ 483 /* 484 * find a keyring with the specified name 485 * - all named keyrings are searched 486 * - only find keyrings with search permission for the process 487 * - only find keyrings with a serial number greater than the one specified 488 */ 489 struct key *find_keyring_by_name(const char *name, key_serial_t bound) 490 { 491 struct key *keyring; 492 int bucket; 493 494 keyring = ERR_PTR(-EINVAL); 495 if (!name) 496 goto error; 497 498 bucket = keyring_hash(name); 499 500 read_lock(&keyring_name_lock); 501 502 if (keyring_name_hash[bucket].next) { 503 /* search this hash bucket for a keyring with a matching name 504 * that's readable and that hasn't been revoked */ 505 list_for_each_entry(keyring, 506 &keyring_name_hash[bucket], 507 type_data.link 508 ) { 509 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) 510 continue; 511 512 if (strcmp(keyring->description, name) != 0) 513 continue; 514 515 if (key_permission(make_key_ref(keyring, 0), 516 KEY_SEARCH) < 0) 517 continue; 518 519 /* found a potential candidate, but we still need to 520 * check the serial number */ 521 if (keyring->serial <= bound) 522 continue; 523 524 /* we've got a match */ 525 atomic_inc(&keyring->usage); 526 read_unlock(&keyring_name_lock); 527 goto error; 528 } 529 } 530 531 read_unlock(&keyring_name_lock); 532 keyring = ERR_PTR(-ENOKEY); 533 534 error: 535 return keyring; 536 537 } /* end find_keyring_by_name() */ 538 539 /*****************************************************************************/ 540 /* 541 * see if a cycle will will be created by inserting acyclic tree B in acyclic 542 * tree A at the topmost level (ie: as a direct child of A) 543 * - since we are adding B to A at the top level, checking for cycles should 544 * just be a matter of seeing if node A is somewhere in tree B 545 */ 546 static int keyring_detect_cycle(struct key *A, struct key *B) 547 { 548 struct { 549 struct keyring_list *keylist; 550 int kix; 551 } stack[KEYRING_SEARCH_MAX_DEPTH]; 552 553 struct keyring_list *keylist; 554 struct key *subtree, *key; 555 int sp, kix, ret; 556 557 rcu_read_lock(); 558 559 ret = -EDEADLK; 560 if (A == B) 561 goto cycle_detected; 562 563 subtree = B; 564 sp = 0; 565 566 /* start processing a new keyring */ 567 descend: 568 if (test_bit(KEY_FLAG_REVOKED, &subtree->flags)) 569 goto not_this_keyring; 570 571 keylist = rcu_dereference(subtree->payload.subscriptions); 572 if (!keylist) 573 goto not_this_keyring; 574 kix = 0; 575 576 ascend: 577 /* iterate through the remaining keys in this keyring */ 578 for (; kix < keylist->nkeys; kix++) { 579 key = keylist->keys[kix]; 580 581 if (key == A) 582 goto cycle_detected; 583 584 /* recursively check nested keyrings */ 585 if (key->type == &key_type_keyring) { 586 if (sp >= KEYRING_SEARCH_MAX_DEPTH) 587 goto too_deep; 588 589 /* stack the current position */ 590 stack[sp].keylist = keylist; 591 stack[sp].kix = kix; 592 sp++; 593 594 /* begin again with the new keyring */ 595 subtree = key; 596 goto descend; 597 } 598 } 599 600 /* the keyring we're looking at was disqualified or didn't contain a 601 * matching key */ 602 not_this_keyring: 603 if (sp > 0) { 604 /* resume the checking of a keyring higher up in the tree */ 605 sp--; 606 keylist = stack[sp].keylist; 607 kix = stack[sp].kix + 1; 608 goto ascend; 609 } 610 611 ret = 0; /* no cycles detected */ 612 613 error: 614 rcu_read_unlock(); 615 return ret; 616 617 too_deep: 618 ret = -ELOOP; 619 goto error; 620 621 cycle_detected: 622 ret = -EDEADLK; 623 goto error; 624 625 } /* end keyring_detect_cycle() */ 626 627 /*****************************************************************************/ 628 /* 629 * dispose of a keyring list after the RCU grace period 630 */ 631 static void keyring_link_rcu_disposal(struct rcu_head *rcu) 632 { 633 struct keyring_list *klist = 634 container_of(rcu, struct keyring_list, rcu); 635 636 kfree(klist); 637 638 } /* end keyring_link_rcu_disposal() */ 639 640 /*****************************************************************************/ 641 /* 642 * dispose of a keyring list after the RCU grace period, freeing the unlinked 643 * key 644 */ 645 static void keyring_unlink_rcu_disposal(struct rcu_head *rcu) 646 { 647 struct keyring_list *klist = 648 container_of(rcu, struct keyring_list, rcu); 649 650 key_put(klist->keys[klist->delkey]); 651 kfree(klist); 652 653 } /* end keyring_unlink_rcu_disposal() */ 654 655 /*****************************************************************************/ 656 /* 657 * link a key into to a keyring 658 * - must be called with the keyring's semaphore write-locked 659 * - discard already extant link to matching key if there is one 660 */ 661 int __key_link(struct key *keyring, struct key *key) 662 { 663 struct keyring_list *klist, *nklist; 664 unsigned max; 665 size_t size; 666 int loop, ret; 667 668 ret = -EKEYREVOKED; 669 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) 670 goto error; 671 672 ret = -ENOTDIR; 673 if (keyring->type != &key_type_keyring) 674 goto error; 675 676 /* serialise link/link calls to prevent parallel calls causing a 677 * cycle when applied to two keyring in opposite orders */ 678 down_write(&keyring_serialise_link_sem); 679 680 /* check that we aren't going to create a cycle adding one keyring to 681 * another */ 682 if (key->type == &key_type_keyring) { 683 ret = keyring_detect_cycle(keyring, key); 684 if (ret < 0) 685 goto error2; 686 } 687 688 /* see if there's a matching key we can displace */ 689 klist = keyring->payload.subscriptions; 690 691 if (klist && klist->nkeys > 0) { 692 struct key_type *type = key->type; 693 694 for (loop = klist->nkeys - 1; loop >= 0; loop--) { 695 if (klist->keys[loop]->type == type && 696 strcmp(klist->keys[loop]->description, 697 key->description) == 0 698 ) { 699 /* found a match - replace with new key */ 700 size = sizeof(struct key *) * klist->maxkeys; 701 size += sizeof(*klist); 702 BUG_ON(size > PAGE_SIZE); 703 704 ret = -ENOMEM; 705 nklist = kmalloc(size, GFP_KERNEL); 706 if (!nklist) 707 goto error2; 708 709 memcpy(nklist, klist, size); 710 711 /* replace matched key */ 712 atomic_inc(&key->usage); 713 nklist->keys[loop] = key; 714 715 rcu_assign_pointer( 716 keyring->payload.subscriptions, 717 nklist); 718 719 /* dispose of the old keyring list and the 720 * displaced key */ 721 klist->delkey = loop; 722 call_rcu(&klist->rcu, 723 keyring_unlink_rcu_disposal); 724 725 goto done; 726 } 727 } 728 } 729 730 /* check that we aren't going to overrun the user's quota */ 731 ret = key_payload_reserve(keyring, 732 keyring->datalen + KEYQUOTA_LINK_BYTES); 733 if (ret < 0) 734 goto error2; 735 736 klist = keyring->payload.subscriptions; 737 738 if (klist && klist->nkeys < klist->maxkeys) { 739 /* there's sufficient slack space to add directly */ 740 atomic_inc(&key->usage); 741 742 klist->keys[klist->nkeys] = key; 743 smp_wmb(); 744 klist->nkeys++; 745 smp_wmb(); 746 } 747 else { 748 /* grow the key list */ 749 max = 4; 750 if (klist) 751 max += klist->maxkeys; 752 753 ret = -ENFILE; 754 if (max > 65535) 755 goto error3; 756 size = sizeof(*klist) + sizeof(struct key *) * max; 757 if (size > PAGE_SIZE) 758 goto error3; 759 760 ret = -ENOMEM; 761 nklist = kmalloc(size, GFP_KERNEL); 762 if (!nklist) 763 goto error3; 764 nklist->maxkeys = max; 765 nklist->nkeys = 0; 766 767 if (klist) { 768 nklist->nkeys = klist->nkeys; 769 memcpy(nklist->keys, 770 klist->keys, 771 sizeof(struct key *) * klist->nkeys); 772 } 773 774 /* add the key into the new space */ 775 atomic_inc(&key->usage); 776 nklist->keys[nklist->nkeys++] = key; 777 778 rcu_assign_pointer(keyring->payload.subscriptions, nklist); 779 780 /* dispose of the old keyring list */ 781 if (klist) 782 call_rcu(&klist->rcu, keyring_link_rcu_disposal); 783 } 784 785 done: 786 ret = 0; 787 error2: 788 up_write(&keyring_serialise_link_sem); 789 error: 790 return ret; 791 792 error3: 793 /* undo the quota changes */ 794 key_payload_reserve(keyring, 795 keyring->datalen - KEYQUOTA_LINK_BYTES); 796 goto error2; 797 798 } /* end __key_link() */ 799 800 /*****************************************************************************/ 801 /* 802 * link a key to a keyring 803 */ 804 int key_link(struct key *keyring, struct key *key) 805 { 806 int ret; 807 808 key_check(keyring); 809 key_check(key); 810 811 down_write(&keyring->sem); 812 ret = __key_link(keyring, key); 813 up_write(&keyring->sem); 814 815 return ret; 816 817 } /* end key_link() */ 818 819 EXPORT_SYMBOL(key_link); 820 821 /*****************************************************************************/ 822 /* 823 * unlink the first link to a key from a keyring 824 */ 825 int key_unlink(struct key *keyring, struct key *key) 826 { 827 struct keyring_list *klist, *nklist; 828 int loop, ret; 829 830 key_check(keyring); 831 key_check(key); 832 833 ret = -ENOTDIR; 834 if (keyring->type != &key_type_keyring) 835 goto error; 836 837 down_write(&keyring->sem); 838 839 klist = keyring->payload.subscriptions; 840 if (klist) { 841 /* search the keyring for the key */ 842 for (loop = 0; loop < klist->nkeys; loop++) 843 if (klist->keys[loop] == key) 844 goto key_is_present; 845 } 846 847 up_write(&keyring->sem); 848 ret = -ENOENT; 849 goto error; 850 851 key_is_present: 852 /* we need to copy the key list for RCU purposes */ 853 nklist = kmalloc(sizeof(*klist) + 854 sizeof(struct key *) * klist->maxkeys, 855 GFP_KERNEL); 856 if (!nklist) 857 goto nomem; 858 nklist->maxkeys = klist->maxkeys; 859 nklist->nkeys = klist->nkeys - 1; 860 861 if (loop > 0) 862 memcpy(&nklist->keys[0], 863 &klist->keys[0], 864 loop * sizeof(struct key *)); 865 866 if (loop < nklist->nkeys) 867 memcpy(&nklist->keys[loop], 868 &klist->keys[loop + 1], 869 (nklist->nkeys - loop) * sizeof(struct key *)); 870 871 /* adjust the user's quota */ 872 key_payload_reserve(keyring, 873 keyring->datalen - KEYQUOTA_LINK_BYTES); 874 875 rcu_assign_pointer(keyring->payload.subscriptions, nklist); 876 877 up_write(&keyring->sem); 878 879 /* schedule for later cleanup */ 880 klist->delkey = loop; 881 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal); 882 883 ret = 0; 884 885 error: 886 return ret; 887 nomem: 888 ret = -ENOMEM; 889 up_write(&keyring->sem); 890 goto error; 891 892 } /* end key_unlink() */ 893 894 EXPORT_SYMBOL(key_unlink); 895 896 /*****************************************************************************/ 897 /* 898 * dispose of a keyring list after the RCU grace period, releasing the keys it 899 * links to 900 */ 901 static void keyring_clear_rcu_disposal(struct rcu_head *rcu) 902 { 903 struct keyring_list *klist; 904 int loop; 905 906 klist = container_of(rcu, struct keyring_list, rcu); 907 908 for (loop = klist->nkeys - 1; loop >= 0; loop--) 909 key_put(klist->keys[loop]); 910 911 kfree(klist); 912 913 } /* end keyring_clear_rcu_disposal() */ 914 915 /*****************************************************************************/ 916 /* 917 * clear the specified process keyring 918 * - implements keyctl(KEYCTL_CLEAR) 919 */ 920 int keyring_clear(struct key *keyring) 921 { 922 struct keyring_list *klist; 923 int ret; 924 925 ret = -ENOTDIR; 926 if (keyring->type == &key_type_keyring) { 927 /* detach the pointer block with the locks held */ 928 down_write(&keyring->sem); 929 930 klist = keyring->payload.subscriptions; 931 if (klist) { 932 /* adjust the quota */ 933 key_payload_reserve(keyring, 934 sizeof(struct keyring_list)); 935 936 rcu_assign_pointer(keyring->payload.subscriptions, 937 NULL); 938 } 939 940 up_write(&keyring->sem); 941 942 /* free the keys after the locks have been dropped */ 943 if (klist) 944 call_rcu(&klist->rcu, keyring_clear_rcu_disposal); 945 946 ret = 0; 947 } 948 949 return ret; 950 951 } /* end keyring_clear() */ 952 953 EXPORT_SYMBOL(keyring_clear); 954