1 /* Key garbage collector
3 * Copyright (C) 2009 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
12 #include <linux/module.h>
13 #include <linux/slab.h>
14 #include <linux/security.h>
15 #include <keys/keyring-type.h>
19 * Delay between key revocation/expiry in seconds
21 unsigned key_gc_delay
= 5 * 60;
24 * Reaper for unused keys.
26 static void key_gc_unused_keys(struct work_struct
*work
);
27 DECLARE_WORK(key_gc_unused_work
, key_gc_unused_keys
);
30 * Reaper for links from keyrings to dead keys.
32 static void key_gc_timer_func(unsigned long);
33 static void key_gc_dead_links(struct work_struct
*);
34 static DEFINE_TIMER(key_gc_timer
, key_gc_timer_func
, 0, 0);
35 static DECLARE_WORK(key_gc_work
, key_gc_dead_links
);
36 static key_serial_t key_gc_cursor
; /* the last key the gc considered */
37 static bool key_gc_again
;
38 static unsigned long key_gc_executing
;
39 static time_t key_gc_next_run
= LONG_MAX
;
40 static time_t key_gc_new_timer
;
43 * Schedule a garbage collection run.
44 * - time precision isn't particularly important
46 void key_schedule_gc(time_t gc_at
)
48 unsigned long expires
;
49 time_t now
= current_kernel_time().tv_sec
;
51 kenter("%ld", gc_at
- now
);
54 schedule_work(&key_gc_work
);
55 } else if (gc_at
< key_gc_next_run
) {
56 expires
= jiffies
+ (gc_at
- now
) * HZ
;
57 mod_timer(&key_gc_timer
, expires
);
62 * The garbage collector timer kicked off
64 static void key_gc_timer_func(unsigned long data
)
67 key_gc_next_run
= LONG_MAX
;
68 schedule_work(&key_gc_work
);
72 * Garbage collect pointers from a keyring.
74 * Return true if we altered the keyring.
76 static bool key_gc_keyring(struct key
*keyring
, time_t limit
)
77 __releases(key_serial_lock
)
79 struct keyring_list
*klist
;
83 kenter("%x", key_serial(keyring
));
85 if (test_bit(KEY_FLAG_REVOKED
, &keyring
->flags
))
88 /* scan the keyring looking for dead keys */
90 klist
= rcu_dereference(keyring
->payload
.subscriptions
);
94 for (loop
= klist
->nkeys
- 1; loop
>= 0; loop
--) {
95 key
= klist
->keys
[loop
];
96 if (test_bit(KEY_FLAG_DEAD
, &key
->flags
) ||
97 (key
->expiry
> 0 && key
->expiry
<= limit
))
109 key_gc_cursor
= keyring
->serial
;
111 spin_unlock(&key_serial_lock
);
112 keyring_gc(keyring
, limit
);
119 * Garbage collector for links to dead keys.
121 * This involves scanning the keyrings for dead, expired and revoked keys that
122 * have overstayed their welcome
124 static void key_gc_dead_links(struct work_struct
*work
)
128 struct key
*key
, *xkey
;
129 time_t new_timer
= LONG_MAX
, limit
, now
;
131 now
= current_kernel_time().tv_sec
;
132 kenter("[%x,%ld]", key_gc_cursor
, key_gc_new_timer
- now
);
134 if (test_and_set_bit(0, &key_gc_executing
)) {
135 key_schedule_gc(current_kernel_time().tv_sec
+ 1);
136 kleave(" [busy; deferring]");
141 if (limit
> key_gc_delay
)
142 limit
-= key_gc_delay
;
144 limit
= key_gc_delay
;
146 spin_lock(&key_serial_lock
);
148 if (unlikely(RB_EMPTY_ROOT(&key_serial_tree
))) {
149 spin_unlock(&key_serial_lock
);
150 clear_bit(0, &key_gc_executing
);
154 cursor
= key_gc_cursor
;
158 new_timer
= key_gc_new_timer
;
160 key_gc_again
= false;
162 /* find the first key above the cursor */
164 rb
= key_serial_tree
.rb_node
;
166 xkey
= rb_entry(rb
, struct key
, serial_node
);
167 if (cursor
< xkey
->serial
) {
170 } else if (cursor
> xkey
->serial
) {
175 goto reached_the_end
;
176 key
= rb_entry(rb
, struct key
, serial_node
);
182 goto reached_the_end
;
184 /* trawl through the keys looking for keyrings */
186 if (key
->expiry
> limit
&& key
->expiry
< new_timer
) {
187 kdebug("will expire %x in %ld",
188 key_serial(key
), key
->expiry
- limit
);
189 new_timer
= key
->expiry
;
192 if (key
->type
== &key_type_keyring
&&
193 key_gc_keyring(key
, limit
))
194 /* the gc had to release our lock so that the keyring
195 * could be modified, so we have to get it again */
196 goto gc_released_our_lock
;
198 rb
= rb_next(&key
->serial_node
);
200 goto reached_the_end
;
201 key
= rb_entry(rb
, struct key
, serial_node
);
204 gc_released_our_lock
:
205 kdebug("gc_released_our_lock");
206 key_gc_new_timer
= new_timer
;
208 clear_bit(0, &key_gc_executing
);
209 schedule_work(&key_gc_work
);
210 kleave(" [continue]");
213 /* when we reach the end of the run, we set the timer for the next one */
215 kdebug("reached_the_end");
216 spin_unlock(&key_serial_lock
);
217 key_gc_new_timer
= new_timer
;
219 clear_bit(0, &key_gc_executing
);
222 /* there may have been a key that expired whilst we were
223 * scanning, so if we discarded any links we should do another
226 key_schedule_gc(new_timer
);
227 } else if (new_timer
< LONG_MAX
) {
228 new_timer
+= key_gc_delay
;
229 key_schedule_gc(new_timer
);
235 * Garbage collector for unused keys.
237 * This is done in process context so that we don't have to disable interrupts
238 * all over the place. key_put() schedules this rather than trying to do the
239 * cleanup itself, which means key_put() doesn't have to sleep.
241 static void key_gc_unused_keys(struct work_struct
*work
)
247 /* look for a dead key in the tree */
248 spin_lock(&key_serial_lock
);
250 for (_n
= rb_first(&key_serial_tree
); _n
; _n
= rb_next(_n
)) {
251 key
= rb_entry(_n
, struct key
, serial_node
);
253 if (atomic_read(&key
->usage
) == 0)
257 spin_unlock(&key_serial_lock
);
261 /* we found a dead key - once we've removed it from the tree, we can
263 rb_erase(&key
->serial_node
, &key_serial_tree
);
264 spin_unlock(&key_serial_lock
);
268 security_key_free(key
);
270 /* deal with the user's key tracking and quota */
271 if (test_bit(KEY_FLAG_IN_QUOTA
, &key
->flags
)) {
272 spin_lock(&key
->user
->lock
);
274 key
->user
->qnbytes
-= key
->quotalen
;
275 spin_unlock(&key
->user
->lock
);
278 atomic_dec(&key
->user
->nkeys
);
279 if (test_bit(KEY_FLAG_INSTANTIATED
, &key
->flags
))
280 atomic_dec(&key
->user
->nikeys
);
282 key_user_put(key
->user
);
284 /* now throw away the key memory */
285 if (key
->type
->destroy
)
286 key
->type
->destroy(key
);
288 kfree(key
->description
);
291 key
->magic
= KEY_DEBUG_MAGIC_X
;
293 kmem_cache_free(key_jar
, key
);
295 /* there may, of course, be more than one key to destroy */