3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
15 #include <linux/slab.h>
16 #include <linux/security.h>
17 #include <linux/seq_file.h>
18 #include <linux/err.h>
19 #include <keys/keyring-type.h>
20 #include <linux/uaccess.h>
23 #define rcu_dereference_locked_keyring(keyring) \
24 (rcu_dereference_protected( \
25 (keyring)->payload.subscriptions, \
26 rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))
29 * When plumbing the depths of the key tree, this sets a hard limit
30 * set on how deep we're willing to go.
32 #define KEYRING_SEARCH_MAX_DEPTH 6
35 * We keep all named keyrings in a hash to speed looking them up.
37 #define KEYRING_NAME_HASH_SIZE (1 << 5)
39 static struct list_head keyring_name_hash
[KEYRING_NAME_HASH_SIZE
];
40 static DEFINE_RWLOCK(keyring_name_lock
);
42 static inline unsigned keyring_hash(const char *desc
)
47 bucket
+= (unsigned char)*desc
;
49 return bucket
& (KEYRING_NAME_HASH_SIZE
- 1);
53 * The keyring key type definition. Keyrings are simply keys of this type and
54 * can be treated as ordinary keys in addition to having their own special
57 static int keyring_instantiate(struct key
*keyring
,
58 const void *data
, size_t datalen
);
59 static int keyring_match(const struct key
*keyring
, const void *criterion
);
60 static void keyring_revoke(struct key
*keyring
);
61 static void keyring_destroy(struct key
*keyring
);
62 static void keyring_describe(const struct key
*keyring
, struct seq_file
*m
);
63 static long keyring_read(const struct key
*keyring
,
64 char __user
*buffer
, size_t buflen
);
66 struct key_type key_type_keyring
= {
68 .def_datalen
= sizeof(struct keyring_list
),
69 .instantiate
= keyring_instantiate
,
70 .match
= keyring_match
,
71 .revoke
= keyring_revoke
,
72 .destroy
= keyring_destroy
,
73 .describe
= keyring_describe
,
76 EXPORT_SYMBOL(key_type_keyring
);
79 * Semaphore to serialise link/link calls to prevent two link calls in parallel
80 * introducing a cycle.
82 static DECLARE_RWSEM(keyring_serialise_link_sem
);
85 * Publish the name of a keyring so that it can be found by name (if it has
88 static void keyring_publish_name(struct key
*keyring
)
92 if (keyring
->description
) {
93 bucket
= keyring_hash(keyring
->description
);
95 write_lock(&keyring_name_lock
);
97 if (!keyring_name_hash
[bucket
].next
)
98 INIT_LIST_HEAD(&keyring_name_hash
[bucket
]);
100 list_add_tail(&keyring
->type_data
.link
,
101 &keyring_name_hash
[bucket
]);
103 write_unlock(&keyring_name_lock
);
108 * Initialise a keyring.
110 * Returns 0 on success, -EINVAL if given any data.
112 static int keyring_instantiate(struct key
*keyring
,
113 const void *data
, size_t datalen
)
119 /* make the keyring available by name if it has one */
120 keyring_publish_name(keyring
);
128 * Match keyrings on their name
130 static int keyring_match(const struct key
*keyring
, const void *description
)
132 return keyring
->description
&&
133 strcmp(keyring
->description
, description
) == 0;
137 * Clean up a keyring when it is destroyed. Unpublish its name if it had one
138 * and dispose of its data.
140 static void keyring_destroy(struct key
*keyring
)
142 struct keyring_list
*klist
;
145 if (keyring
->description
) {
146 write_lock(&keyring_name_lock
);
148 if (keyring
->type_data
.link
.next
!= NULL
&&
149 !list_empty(&keyring
->type_data
.link
))
150 list_del(&keyring
->type_data
.link
);
152 write_unlock(&keyring_name_lock
);
155 klist
= rcu_dereference_check(keyring
->payload
.subscriptions
,
156 rcu_read_lock_held() ||
157 atomic_read(&keyring
->usage
) == 0);
159 for (loop
= klist
->nkeys
- 1; loop
>= 0; loop
--)
160 key_put(klist
->keys
[loop
]);
166 * Describe a keyring for /proc.
168 static void keyring_describe(const struct key
*keyring
, struct seq_file
*m
)
170 struct keyring_list
*klist
;
172 if (keyring
->description
)
173 seq_puts(m
, keyring
->description
);
175 seq_puts(m
, "[anon]");
178 klist
= rcu_dereference(keyring
->payload
.subscriptions
);
180 seq_printf(m
, ": %u/%u", klist
->nkeys
, klist
->maxkeys
);
182 seq_puts(m
, ": empty");
187 * Read a list of key IDs from the keyring's contents in binary form
189 * The keyring's semaphore is read-locked by the caller.
191 static long keyring_read(const struct key
*keyring
,
192 char __user
*buffer
, size_t buflen
)
194 struct keyring_list
*klist
;
200 klist
= rcu_dereference_locked_keyring(keyring
);
202 /* calculate how much data we could return */
203 qty
= klist
->nkeys
* sizeof(key_serial_t
);
205 if (buffer
&& buflen
> 0) {
209 /* copy the IDs of the subscribed keys into the
213 for (loop
= 0; loop
< klist
->nkeys
; loop
++) {
214 key
= klist
->keys
[loop
];
216 tmp
= sizeof(key_serial_t
);
220 if (copy_to_user(buffer
,
240 * Allocate a keyring and link into the destination keyring.
242 struct key
*keyring_alloc(const char *description
, uid_t uid
, gid_t gid
,
243 const struct cred
*cred
, unsigned long flags
,
249 keyring
= key_alloc(&key_type_keyring
, description
,
251 (KEY_POS_ALL
& ~KEY_POS_SETATTR
) | KEY_USR_ALL
,
254 if (!IS_ERR(keyring
)) {
255 ret
= key_instantiate_and_link(keyring
, NULL
, 0, dest
, NULL
);
258 keyring
= ERR_PTR(ret
);
266 * keyring_search_aux - Search a keyring tree for a key matching some criteria
267 * @keyring_ref: A pointer to the keyring with possession indicator.
268 * @cred: The credentials to use for permissions checks.
269 * @type: The type of key to search for.
270 * @description: Parameter for @match.
271 * @match: Function to rule on whether or not a key is the one required.
273 * Search the supplied keyring tree for a key that matches the criteria given.
274 * The root keyring and any linked keyrings must grant Search permission to the
275 * caller to be searchable and keys can only be found if they too grant Search
276 * to the caller. The possession flag on the root keyring pointer controls use
277 * of the possessor bits in permissions checking of the entire tree. In
278 * addition, the LSM gets to forbid keyring searches and key matches.
280 * The search is performed as a breadth-then-depth search up to the prescribed
281 * limit (KEYRING_SEARCH_MAX_DEPTH).
283 * Keys are matched to the type provided and are then filtered by the match
284 * function, which is given the description to use in any way it sees fit. The
285 * match function may use any attributes of a key that it wishes to to
286 * determine the match. Normally the match function from the key type would be
289 * RCU is used to prevent the keyring key lists from disappearing without the
290 * need to take lots of locks.
292 * Returns a pointer to the found key and increments the key usage count if
293 * successful; -EAGAIN if no matching keys were found, or if expired or revoked
294 * keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the
295 * specified keyring wasn't a keyring.
297 * In the case of a successful return, the possession attribute from
298 * @keyring_ref is propagated to the returned key reference.
300 key_ref_t
keyring_search_aux(key_ref_t keyring_ref
,
301 const struct cred
*cred
,
302 struct key_type
*type
,
303 const void *description
,
304 key_match_func_t match
)
307 struct keyring_list
*keylist
;
309 } stack
[KEYRING_SEARCH_MAX_DEPTH
];
311 struct keyring_list
*keylist
;
313 unsigned long possessed
, kflags
;
314 struct key
*keyring
, *key
;
319 keyring
= key_ref_to_ptr(keyring_ref
);
320 possessed
= is_key_possessed(keyring_ref
);
323 /* top keyring must have search permission to begin the search */
324 err
= key_task_permission(keyring_ref
, cred
, KEY_SEARCH
);
326 key_ref
= ERR_PTR(err
);
330 key_ref
= ERR_PTR(-ENOTDIR
);
331 if (keyring
->type
!= &key_type_keyring
)
336 now
= current_kernel_time();
340 /* firstly we should check to see if this top-level keyring is what we
342 key_ref
= ERR_PTR(-EAGAIN
);
343 kflags
= keyring
->flags
;
344 if (keyring
->type
== type
&& match(keyring
, description
)) {
347 /* check it isn't negative and hasn't expired or been
349 if (kflags
& (1 << KEY_FLAG_REVOKED
))
351 if (key
->expiry
&& now
.tv_sec
>= key
->expiry
)
353 key_ref
= ERR_PTR(-ENOKEY
);
354 if (kflags
& (1 << KEY_FLAG_NEGATIVE
))
359 /* otherwise, the top keyring must not be revoked, expired, or
360 * negatively instantiated if we are to search it */
361 key_ref
= ERR_PTR(-EAGAIN
);
362 if (kflags
& ((1 << KEY_FLAG_REVOKED
) | (1 << KEY_FLAG_NEGATIVE
)) ||
363 (keyring
->expiry
&& now
.tv_sec
>= keyring
->expiry
))
366 /* start processing a new keyring */
368 if (test_bit(KEY_FLAG_REVOKED
, &keyring
->flags
))
369 goto not_this_keyring
;
371 keylist
= rcu_dereference(keyring
->payload
.subscriptions
);
373 goto not_this_keyring
;
375 /* iterate through the keys in this keyring first */
376 for (kix
= 0; kix
< keylist
->nkeys
; kix
++) {
377 key
= keylist
->keys
[kix
];
380 /* ignore keys not of this type */
381 if (key
->type
!= type
)
384 /* skip revoked keys and expired keys */
385 if (kflags
& (1 << KEY_FLAG_REVOKED
))
388 if (key
->expiry
&& now
.tv_sec
>= key
->expiry
)
391 /* keys that don't match */
392 if (!match(key
, description
))
395 /* key must have search permissions */
396 if (key_task_permission(make_key_ref(key
, possessed
),
397 cred
, KEY_SEARCH
) < 0)
400 /* we set a different error code if we pass a negative key */
401 if (kflags
& (1 << KEY_FLAG_NEGATIVE
)) {
409 /* search through the keyrings nested in this one */
412 for (; kix
< keylist
->nkeys
; kix
++) {
413 key
= keylist
->keys
[kix
];
414 if (key
->type
!= &key_type_keyring
)
417 /* recursively search nested keyrings
418 * - only search keyrings for which we have search permission
420 if (sp
>= KEYRING_SEARCH_MAX_DEPTH
)
423 if (key_task_permission(make_key_ref(key
, possessed
),
424 cred
, KEY_SEARCH
) < 0)
427 /* stack the current position */
428 stack
[sp
].keylist
= keylist
;
432 /* begin again with the new keyring */
437 /* the keyring we're looking at was disqualified or didn't contain a
441 /* resume the processing of a keyring higher up in the tree */
443 keylist
= stack
[sp
].keylist
;
444 kix
= stack
[sp
].kix
+ 1;
448 key_ref
= ERR_PTR(err
);
451 /* we found a viable match */
453 atomic_inc(&key
->usage
);
455 key_ref
= make_key_ref(key
, possessed
);
463 * keyring_search - Search the supplied keyring tree for a matching key
464 * @keyring: The root of the keyring tree to be searched.
465 * @type: The type of keyring we want to find.
466 * @description: The name of the keyring we want to find.
468 * As keyring_search_aux() above, but using the current task's credentials and
469 * type's default matching function.
471 key_ref_t
keyring_search(key_ref_t keyring
,
472 struct key_type
*type
,
473 const char *description
)
476 return ERR_PTR(-ENOKEY
);
478 return keyring_search_aux(keyring
, current
->cred
,
479 type
, description
, type
->match
);
481 EXPORT_SYMBOL(keyring_search
);
484 * Search the given keyring only (no recursion).
486 * The caller must guarantee that the keyring is a keyring and that the
487 * permission is granted to search the keyring as no check is made here.
489 * RCU is used to make it unnecessary to lock the keyring key list here.
491 * Returns a pointer to the found key with usage count incremented if
492 * successful and returns -ENOKEY if not found. Revoked keys and keys not
493 * providing the requested permission are skipped over.
495 * If successful, the possession indicator is propagated from the keyring ref
496 * to the returned key reference.
498 key_ref_t
__keyring_search_one(key_ref_t keyring_ref
,
499 const struct key_type
*ktype
,
500 const char *description
,
503 struct keyring_list
*klist
;
504 unsigned long possessed
;
505 struct key
*keyring
, *key
;
508 keyring
= key_ref_to_ptr(keyring_ref
);
509 possessed
= is_key_possessed(keyring_ref
);
513 klist
= rcu_dereference(keyring
->payload
.subscriptions
);
515 for (loop
= 0; loop
< klist
->nkeys
; loop
++) {
516 key
= klist
->keys
[loop
];
518 if (key
->type
== ktype
&&
519 (!key
->type
->match
||
520 key
->type
->match(key
, description
)) &&
521 key_permission(make_key_ref(key
, possessed
),
523 !test_bit(KEY_FLAG_REVOKED
, &key
->flags
)
530 return ERR_PTR(-ENOKEY
);
533 atomic_inc(&key
->usage
);
535 return make_key_ref(key
, possessed
);
539 * Find a keyring with the specified name.
541 * All named keyrings in the current user namespace are searched, provided they
542 * grant Search permission directly to the caller (unless this check is
543 * skipped). Keyrings whose usage points have reached zero or who have been
544 * revoked are skipped.
546 * Returns a pointer to the keyring with the keyring's refcount having being
547 * incremented on success. -ENOKEY is returned if a key could not be found.
549 struct key
*find_keyring_by_name(const char *name
, bool skip_perm_check
)
555 return ERR_PTR(-EINVAL
);
557 bucket
= keyring_hash(name
);
559 read_lock(&keyring_name_lock
);
561 if (keyring_name_hash
[bucket
].next
) {
562 /* search this hash bucket for a keyring with a matching name
563 * that's readable and that hasn't been revoked */
564 list_for_each_entry(keyring
,
565 &keyring_name_hash
[bucket
],
568 if (keyring
->user
->user_ns
!= current_user_ns())
571 if (test_bit(KEY_FLAG_REVOKED
, &keyring
->flags
))
574 if (strcmp(keyring
->description
, name
) != 0)
577 if (!skip_perm_check
&&
578 key_permission(make_key_ref(keyring
, 0),
582 /* we've got a match but we might end up racing with
583 * key_cleanup() if the keyring is currently 'dead'
584 * (ie. it has a zero usage count) */
585 if (!atomic_inc_not_zero(&keyring
->usage
))
591 keyring
= ERR_PTR(-ENOKEY
);
593 read_unlock(&keyring_name_lock
);
598 * See if a cycle will will be created by inserting acyclic tree B in acyclic
599 * tree A at the topmost level (ie: as a direct child of A).
601 * Since we are adding B to A at the top level, checking for cycles should just
602 * be a matter of seeing if node A is somewhere in tree B.
604 static int keyring_detect_cycle(struct key
*A
, struct key
*B
)
607 struct keyring_list
*keylist
;
609 } stack
[KEYRING_SEARCH_MAX_DEPTH
];
611 struct keyring_list
*keylist
;
612 struct key
*subtree
, *key
;
624 /* start processing a new keyring */
626 if (test_bit(KEY_FLAG_REVOKED
, &subtree
->flags
))
627 goto not_this_keyring
;
629 keylist
= rcu_dereference(subtree
->payload
.subscriptions
);
631 goto not_this_keyring
;
635 /* iterate through the remaining keys in this keyring */
636 for (; kix
< keylist
->nkeys
; kix
++) {
637 key
= keylist
->keys
[kix
];
642 /* recursively check nested keyrings */
643 if (key
->type
== &key_type_keyring
) {
644 if (sp
>= KEYRING_SEARCH_MAX_DEPTH
)
647 /* stack the current position */
648 stack
[sp
].keylist
= keylist
;
652 /* begin again with the new keyring */
658 /* the keyring we're looking at was disqualified or didn't contain a
662 /* resume the checking of a keyring higher up in the tree */
664 keylist
= stack
[sp
].keylist
;
665 kix
= stack
[sp
].kix
+ 1;
669 ret
= 0; /* no cycles detected */
685 * Dispose of a keyring list after the RCU grace period, freeing the unlinked
688 static void keyring_unlink_rcu_disposal(struct rcu_head
*rcu
)
690 struct keyring_list
*klist
=
691 container_of(rcu
, struct keyring_list
, rcu
);
693 if (klist
->delkey
!= USHRT_MAX
)
694 key_put(klist
->keys
[klist
->delkey
]);
699 * Preallocate memory so that a key can be linked into to a keyring.
701 int __key_link_begin(struct key
*keyring
, const struct key_type
*type
,
702 const char *description
,
703 struct keyring_list
**_prealloc
)
704 __acquires(&keyring
->sem
)
706 struct keyring_list
*klist
, *nklist
;
711 kenter("%d,%s,%s,", key_serial(keyring
), type
->name
, description
);
713 if (keyring
->type
!= &key_type_keyring
)
716 down_write(&keyring
->sem
);
719 if (test_bit(KEY_FLAG_REVOKED
, &keyring
->flags
))
722 /* serialise link/link calls to prevent parallel calls causing a cycle
723 * when linking two keyring in opposite orders */
724 if (type
== &key_type_keyring
)
725 down_write(&keyring_serialise_link_sem
);
727 klist
= rcu_dereference_locked_keyring(keyring
);
729 /* see if there's a matching key we can displace */
730 if (klist
&& klist
->nkeys
> 0) {
731 for (loop
= klist
->nkeys
- 1; loop
>= 0; loop
--) {
732 if (klist
->keys
[loop
]->type
== type
&&
733 strcmp(klist
->keys
[loop
]->description
,
736 /* found a match - we'll replace this one with
738 size
= sizeof(struct key
*) * klist
->maxkeys
;
739 size
+= sizeof(*klist
);
740 BUG_ON(size
> PAGE_SIZE
);
743 nklist
= kmemdup(klist
, size
, GFP_KERNEL
);
747 /* note replacement slot */
748 klist
->delkey
= nklist
->delkey
= loop
;
754 /* check that we aren't going to overrun the user's quota */
755 ret
= key_payload_reserve(keyring
,
756 keyring
->datalen
+ KEYQUOTA_LINK_BYTES
);
760 if (klist
&& klist
->nkeys
< klist
->maxkeys
) {
761 /* there's sufficient slack space to append directly */
764 /* grow the key list */
767 max
+= klist
->maxkeys
;
770 if (max
> USHRT_MAX
- 1)
772 size
= sizeof(*klist
) + sizeof(struct key
*) * max
;
773 if (size
> PAGE_SIZE
)
777 nklist
= kmalloc(size
, GFP_KERNEL
);
781 nklist
->maxkeys
= max
;
783 memcpy(nklist
->keys
, klist
->keys
,
784 sizeof(struct key
*) * klist
->nkeys
);
785 nklist
->delkey
= klist
->nkeys
;
786 nklist
->nkeys
= klist
->nkeys
+ 1;
787 klist
->delkey
= USHRT_MAX
;
793 /* add the key into the new space */
794 nklist
->keys
[nklist
->delkey
] = NULL
;
803 /* undo the quota changes */
804 key_payload_reserve(keyring
,
805 keyring
->datalen
- KEYQUOTA_LINK_BYTES
);
807 if (type
== &key_type_keyring
)
808 up_write(&keyring_serialise_link_sem
);
810 up_write(&keyring
->sem
);
811 kleave(" = %d", ret
);
816 * Check already instantiated keys aren't going to be a problem.
818 * The caller must have called __key_link_begin(). Don't need to call this for
819 * keys that were created since __key_link_begin() was called.
821 int __key_link_check_live_key(struct key
*keyring
, struct key
*key
)
823 if (key
->type
== &key_type_keyring
)
824 /* check that we aren't going to create a cycle by linking one
825 * keyring to another */
826 return keyring_detect_cycle(keyring
, key
);
831 * Link a key into to a keyring.
833 * Must be called with __key_link_begin() having being called. Discards any
834 * already extant link to matching key if there is one, so that each keyring
835 * holds at most one link to any given key of a particular type+description
838 void __key_link(struct key
*keyring
, struct key
*key
,
839 struct keyring_list
**_prealloc
)
841 struct keyring_list
*klist
, *nklist
;
846 kenter("%d,%d,%p", keyring
->serial
, key
->serial
, nklist
);
848 klist
= rcu_dereference_protected(keyring
->payload
.subscriptions
,
849 rwsem_is_locked(&keyring
->sem
));
851 atomic_inc(&key
->usage
);
853 /* there's a matching key we can displace or an empty slot in a newly
854 * allocated list we can fill */
856 kdebug("replace %hu/%hu/%hu",
857 nklist
->delkey
, nklist
->nkeys
, nklist
->maxkeys
);
859 nklist
->keys
[nklist
->delkey
] = key
;
861 rcu_assign_pointer(keyring
->payload
.subscriptions
, nklist
);
863 /* dispose of the old keyring list and, if there was one, the
866 kdebug("dispose %hu/%hu/%hu",
867 klist
->delkey
, klist
->nkeys
, klist
->maxkeys
);
868 call_rcu(&klist
->rcu
, keyring_unlink_rcu_disposal
);
871 /* there's sufficient slack space to append directly */
872 klist
->keys
[klist
->nkeys
] = key
;
879 * Finish linking a key into to a keyring.
881 * Must be called with __key_link_begin() having being called.
883 void __key_link_end(struct key
*keyring
, struct key_type
*type
,
884 struct keyring_list
*prealloc
)
885 __releases(&keyring
->sem
)
887 BUG_ON(type
== NULL
);
888 BUG_ON(type
->name
== NULL
);
889 kenter("%d,%s,%p", keyring
->serial
, type
->name
, prealloc
);
891 if (type
== &key_type_keyring
)
892 up_write(&keyring_serialise_link_sem
);
896 key_payload_reserve(keyring
,
897 keyring
->datalen
- KEYQUOTA_LINK_BYTES
);
899 up_write(&keyring
->sem
);
903 * key_link - Link a key to a keyring
904 * @keyring: The keyring to make the link in.
905 * @key: The key to link to.
907 * Make a link in a keyring to a key, such that the keyring holds a reference
908 * on that key and the key can potentially be found by searching that keyring.
910 * This function will write-lock the keyring's semaphore and will consume some
911 * of the user's key data quota to hold the link.
913 * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring,
914 * -EKEYREVOKED if the keyring has been revoked, -ENFILE if the keyring is
915 * full, -EDQUOT if there is insufficient key data quota remaining to add
916 * another link or -ENOMEM if there's insufficient memory.
918 * It is assumed that the caller has checked that it is permitted for a link to
919 * be made (the keyring should have Write permission and the key Link
922 int key_link(struct key
*keyring
, struct key
*key
)
924 struct keyring_list
*prealloc
;
930 ret
= __key_link_begin(keyring
, key
->type
, key
->description
, &prealloc
);
932 ret
= __key_link_check_live_key(keyring
, key
);
934 __key_link(keyring
, key
, &prealloc
);
935 __key_link_end(keyring
, key
->type
, prealloc
);
940 EXPORT_SYMBOL(key_link
);
943 * key_unlink - Unlink the first link to a key from a keyring.
944 * @keyring: The keyring to remove the link from.
945 * @key: The key the link is to.
947 * Remove a link from a keyring to a key.
949 * This function will write-lock the keyring's semaphore.
951 * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring, -ENOENT if
952 * the key isn't linked to by the keyring or -ENOMEM if there's insufficient
955 * It is assumed that the caller has checked that it is permitted for a link to
956 * be removed (the keyring should have Write permission; no permissions are
957 * required on the key).
959 int key_unlink(struct key
*keyring
, struct key
*key
)
961 struct keyring_list
*klist
, *nklist
;
968 if (keyring
->type
!= &key_type_keyring
)
971 down_write(&keyring
->sem
);
973 klist
= rcu_dereference_locked_keyring(keyring
);
975 /* search the keyring for the key */
976 for (loop
= 0; loop
< klist
->nkeys
; loop
++)
977 if (klist
->keys
[loop
] == key
)
981 up_write(&keyring
->sem
);
986 /* we need to copy the key list for RCU purposes */
987 nklist
= kmalloc(sizeof(*klist
) +
988 sizeof(struct key
*) * klist
->maxkeys
,
992 nklist
->maxkeys
= klist
->maxkeys
;
993 nklist
->nkeys
= klist
->nkeys
- 1;
996 memcpy(&nklist
->keys
[0],
998 loop
* sizeof(struct key
*));
1000 if (loop
< nklist
->nkeys
)
1001 memcpy(&nklist
->keys
[loop
],
1002 &klist
->keys
[loop
+ 1],
1003 (nklist
->nkeys
- loop
) * sizeof(struct key
*));
1005 /* adjust the user's quota */
1006 key_payload_reserve(keyring
,
1007 keyring
->datalen
- KEYQUOTA_LINK_BYTES
);
1009 rcu_assign_pointer(keyring
->payload
.subscriptions
, nklist
);
1011 up_write(&keyring
->sem
);
1013 /* schedule for later cleanup */
1014 klist
->delkey
= loop
;
1015 call_rcu(&klist
->rcu
, keyring_unlink_rcu_disposal
);
1023 up_write(&keyring
->sem
);
1026 EXPORT_SYMBOL(key_unlink
);
1029 * Dispose of a keyring list after the RCU grace period, releasing the keys it
1032 static void keyring_clear_rcu_disposal(struct rcu_head
*rcu
)
1034 struct keyring_list
*klist
;
1037 klist
= container_of(rcu
, struct keyring_list
, rcu
);
1039 for (loop
= klist
->nkeys
- 1; loop
>= 0; loop
--)
1040 key_put(klist
->keys
[loop
]);
1046 * keyring_clear - Clear a keyring
1047 * @keyring: The keyring to clear.
1049 * Clear the contents of the specified keyring.
1051 * Returns 0 if successful or -ENOTDIR if the keyring isn't a keyring.
1053 int keyring_clear(struct key
*keyring
)
1055 struct keyring_list
*klist
;
1059 if (keyring
->type
== &key_type_keyring
) {
1060 /* detach the pointer block with the locks held */
1061 down_write(&keyring
->sem
);
1063 klist
= rcu_dereference_locked_keyring(keyring
);
1065 /* adjust the quota */
1066 key_payload_reserve(keyring
,
1067 sizeof(struct keyring_list
));
1069 rcu_assign_pointer(keyring
->payload
.subscriptions
,
1073 up_write(&keyring
->sem
);
1075 /* free the keys after the locks have been dropped */
1077 call_rcu(&klist
->rcu
, keyring_clear_rcu_disposal
);
1084 EXPORT_SYMBOL(keyring_clear
);
1087 * Dispose of the links from a revoked keyring.
1089 * This is called with the key sem write-locked.
1091 static void keyring_revoke(struct key
*keyring
)
1093 struct keyring_list
*klist
;
1095 klist
= rcu_dereference_locked_keyring(keyring
);
1097 /* adjust the quota */
1098 key_payload_reserve(keyring
, 0);
1101 rcu_assign_pointer(keyring
->payload
.subscriptions
, NULL
);
1102 call_rcu(&klist
->rcu
, keyring_clear_rcu_disposal
);
1107 * Determine whether a key is dead.
1109 static bool key_is_dead(struct key
*key
, time_t limit
)
1111 return test_bit(KEY_FLAG_DEAD
, &key
->flags
) ||
1112 (key
->expiry
> 0 && key
->expiry
<= limit
);
1116 * Collect garbage from the contents of a keyring, replacing the old list with
1117 * a new one with the pointers all shuffled down.
1119 * Dead keys are classed as oned that are flagged as being dead or are revoked,
1120 * expired or negative keys that were revoked or expired before the specified
1123 void keyring_gc(struct key
*keyring
, time_t limit
)
1125 struct keyring_list
*klist
, *new;
1127 int loop
, keep
, max
;
1129 kenter("{%x,%s}", key_serial(keyring
), keyring
->description
);
1131 down_write(&keyring
->sem
);
1133 klist
= rcu_dereference_locked_keyring(keyring
);
1137 /* work out how many subscriptions we're keeping */
1139 for (loop
= klist
->nkeys
- 1; loop
>= 0; loop
--)
1140 if (!key_is_dead(klist
->keys
[loop
], limit
))
1143 if (keep
== klist
->nkeys
)
1146 /* allocate a new keyring payload */
1147 max
= roundup(keep
, 4);
1148 new = kmalloc(sizeof(struct keyring_list
) + max
* sizeof(struct key
*),
1156 /* install the live keys
1157 * - must take care as expired keys may be updated back to life
1160 for (loop
= klist
->nkeys
- 1; loop
>= 0; loop
--) {
1161 key
= klist
->keys
[loop
];
1162 if (!key_is_dead(key
, limit
)) {
1165 new->keys
[keep
++] = key_get(key
);
1170 /* adjust the quota */
1171 key_payload_reserve(keyring
,
1172 sizeof(struct keyring_list
) +
1173 KEYQUOTA_LINK_BYTES
* keep
);
1176 rcu_assign_pointer(keyring
->payload
.subscriptions
, NULL
);
1179 rcu_assign_pointer(keyring
->payload
.subscriptions
, new);
1182 up_write(&keyring
->sem
);
1184 call_rcu(&klist
->rcu
, keyring_clear_rcu_disposal
);
1190 keyring_clear_rcu_disposal(&new->rcu
);
1191 up_write(&keyring
->sem
);
1192 kleave(" [discard]");
1196 up_write(&keyring
->sem
);
1197 kleave(" [no dead]");
1201 up_write(&keyring
->sem
);
1202 kleave(" [no_klist]");
1206 up_write(&keyring
->sem
);