Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
keyring.c
Go to the documentation of this file.
1 /* Keyring handling
2  *
3  * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells ([email protected])
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11 
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
15 #include <linux/slab.h>
16 #include <linux/security.h>
17 #include <linux/seq_file.h>
18 #include <linux/err.h>
19 #include <keys/keyring-type.h>
20 #include <linux/uaccess.h>
21 #include "internal.h"
22 
23 #define rcu_dereference_locked_keyring(keyring) \
24  (rcu_dereference_protected( \
25  (keyring)->payload.subscriptions, \
26  rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))
27 
28 #define rcu_deref_link_locked(klist, index, keyring) \
29  (rcu_dereference_protected( \
30  (klist)->keys[index], \
31  rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))
32 
33 #define MAX_KEYRING_LINKS \
34  min_t(size_t, USHRT_MAX - 1, \
35  ((PAGE_SIZE - sizeof(struct keyring_list)) / sizeof(struct key *)))
36 
37 #define KEY_LINK_FIXQUOTA 1UL
38 
39 /*
40  * When plumbing the depths of the key tree, this sets a hard limit
41  * set on how deep we're willing to go.
42  */
43 #define KEYRING_SEARCH_MAX_DEPTH 6
44 
45 /*
46  * We keep all named keyrings in a hash to speed looking them up.
47  */
48 #define KEYRING_NAME_HASH_SIZE (1 << 5)
49 
50 static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE];
51 static DEFINE_RWLOCK(keyring_name_lock);
52 
53 static inline unsigned keyring_hash(const char *desc)
54 {
55  unsigned bucket = 0;
56 
57  for (; *desc; desc++)
58  bucket += (unsigned char)*desc;
59 
60  return bucket & (KEYRING_NAME_HASH_SIZE - 1);
61 }
62 
63 /*
64  * The keyring key type definition. Keyrings are simply keys of this type and
65  * can be treated as ordinary keys in addition to having their own special
66  * operations.
67  */
68 static int keyring_instantiate(struct key *keyring,
69  struct key_preparsed_payload *prep);
70 static int keyring_match(const struct key *keyring, const void *criterion);
71 static void keyring_revoke(struct key *keyring);
72 static void keyring_destroy(struct key *keyring);
73 static void keyring_describe(const struct key *keyring, struct seq_file *m);
74 static long keyring_read(const struct key *keyring,
75  char __user *buffer, size_t buflen);
76 
77 struct key_type key_type_keyring = {
78  .name = "keyring",
79  .def_datalen = sizeof(struct keyring_list),
80  .instantiate = keyring_instantiate,
81  .match = keyring_match,
82  .revoke = keyring_revoke,
83  .destroy = keyring_destroy,
84  .describe = keyring_describe,
85  .read = keyring_read,
86 };
87 EXPORT_SYMBOL(key_type_keyring);
88 
89 /*
90  * Semaphore to serialise link/link calls to prevent two link calls in parallel
91  * introducing a cycle.
92  */
93 static DECLARE_RWSEM(keyring_serialise_link_sem);
94 
95 /*
96  * Publish the name of a keyring so that it can be found by name (if it has
97  * one).
98  */
99 static void keyring_publish_name(struct key *keyring)
100 {
101  int bucket;
102 
103  if (keyring->description) {
104  bucket = keyring_hash(keyring->description);
105 
106  write_lock(&keyring_name_lock);
107 
108  if (!keyring_name_hash[bucket].next)
109  INIT_LIST_HEAD(&keyring_name_hash[bucket]);
110 
111  list_add_tail(&keyring->type_data.link,
112  &keyring_name_hash[bucket]);
113 
114  write_unlock(&keyring_name_lock);
115  }
116 }
117 
118 /*
119  * Initialise a keyring.
120  *
121  * Returns 0 on success, -EINVAL if given any data.
122  */
123 static int keyring_instantiate(struct key *keyring,
124  struct key_preparsed_payload *prep)
125 {
126  int ret;
127 
128  ret = -EINVAL;
129  if (prep->datalen == 0) {
130  /* make the keyring available by name if it has one */
131  keyring_publish_name(keyring);
132  ret = 0;
133  }
134 
135  return ret;
136 }
137 
138 /*
139  * Match keyrings on their name
140  */
141 static int keyring_match(const struct key *keyring, const void *description)
142 {
143  return keyring->description &&
144  strcmp(keyring->description, description) == 0;
145 }
146 
147 /*
148  * Clean up a keyring when it is destroyed. Unpublish its name if it had one
149  * and dispose of its data.
150  *
151  * The garbage collector detects the final key_put(), removes the keyring from
152  * the serial number tree and then does RCU synchronisation before coming here,
153  * so we shouldn't need to worry about code poking around here with the RCU
154  * readlock held by this time.
155  */
156 static void keyring_destroy(struct key *keyring)
157 {
158  struct keyring_list *klist;
159  int loop;
160 
161  if (keyring->description) {
162  write_lock(&keyring_name_lock);
163 
164  if (keyring->type_data.link.next != NULL &&
165  !list_empty(&keyring->type_data.link))
166  list_del(&keyring->type_data.link);
167 
168  write_unlock(&keyring_name_lock);
169  }
170 
171  klist = rcu_access_pointer(keyring->payload.subscriptions);
172  if (klist) {
173  for (loop = klist->nkeys - 1; loop >= 0; loop--)
174  key_put(rcu_access_pointer(klist->keys[loop]));
175  kfree(klist);
176  }
177 }
178 
179 /*
180  * Describe a keyring for /proc.
181  */
182 static void keyring_describe(const struct key *keyring, struct seq_file *m)
183 {
184  struct keyring_list *klist;
185 
186  if (keyring->description)
187  seq_puts(m, keyring->description);
188  else
189  seq_puts(m, "[anon]");
190 
191  if (key_is_instantiated(keyring)) {
192  rcu_read_lock();
193  klist = rcu_dereference(keyring->payload.subscriptions);
194  if (klist)
195  seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys);
196  else
197  seq_puts(m, ": empty");
198  rcu_read_unlock();
199  }
200 }
201 
202 /*
203  * Read a list of key IDs from the keyring's contents in binary form
204  *
205  * The keyring's semaphore is read-locked by the caller.
206  */
207 static long keyring_read(const struct key *keyring,
208  char __user *buffer, size_t buflen)
209 {
210  struct keyring_list *klist;
211  struct key *key;
212  size_t qty, tmp;
213  int loop, ret;
214 
215  ret = 0;
216  klist = rcu_dereference_locked_keyring(keyring);
217  if (klist) {
218  /* calculate how much data we could return */
219  qty = klist->nkeys * sizeof(key_serial_t);
220 
221  if (buffer && buflen > 0) {
222  if (buflen > qty)
223  buflen = qty;
224 
225  /* copy the IDs of the subscribed keys into the
226  * buffer */
227  ret = -EFAULT;
228 
229  for (loop = 0; loop < klist->nkeys; loop++) {
230  key = rcu_deref_link_locked(klist, loop,
231  keyring);
232 
233  tmp = sizeof(key_serial_t);
234  if (tmp > buflen)
235  tmp = buflen;
236 
237  if (copy_to_user(buffer,
238  &key->serial,
239  tmp) != 0)
240  goto error;
241 
242  buflen -= tmp;
243  if (buflen == 0)
244  break;
245  buffer += tmp;
246  }
247  }
248 
249  ret = qty;
250  }
251 
252 error:
253  return ret;
254 }
255 
256 /*
257  * Allocate a keyring and link into the destination keyring.
258  */
259 struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
260  const struct cred *cred, unsigned long flags,
261  struct key *dest)
262 {
263  struct key *keyring;
264  int ret;
265 
266  keyring = key_alloc(&key_type_keyring, description,
267  uid, gid, cred,
268  (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL,
269  flags);
270 
271  if (!IS_ERR(keyring)) {
272  ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);
273  if (ret < 0) {
274  key_put(keyring);
275  keyring = ERR_PTR(ret);
276  }
277  }
278 
279  return keyring;
280 }
281 
318 key_ref_t keyring_search_aux(key_ref_t keyring_ref,
319  const struct cred *cred,
320  struct key_type *type,
321  const void *description,
323  bool no_state_check)
324 {
325  struct {
326  /* Need a separate keylist pointer for RCU purposes */
327  struct key *keyring;
328  struct keyring_list *keylist;
329  int kix;
331 
332  struct keyring_list *keylist;
333  struct timespec now;
334  unsigned long possessed, kflags;
335  struct key *keyring, *key;
336  key_ref_t key_ref;
337  long err;
338  int sp, nkeys, kix;
339 
340  keyring = key_ref_to_ptr(keyring_ref);
341  possessed = is_key_possessed(keyring_ref);
342  key_check(keyring);
343 
344  /* top keyring must have search permission to begin the search */
345  err = key_task_permission(keyring_ref, cred, KEY_SEARCH);
346  if (err < 0) {
347  key_ref = ERR_PTR(err);
348  goto error;
349  }
350 
351  key_ref = ERR_PTR(-ENOTDIR);
352  if (keyring->type != &key_type_keyring)
353  goto error;
354 
355  rcu_read_lock();
356 
357  now = current_kernel_time();
358  err = -EAGAIN;
359  sp = 0;
360 
361  /* firstly we should check to see if this top-level keyring is what we
362  * are looking for */
363  key_ref = ERR_PTR(-EAGAIN);
364  kflags = keyring->flags;
365  if (keyring->type == type && match(keyring, description)) {
366  key = keyring;
367  if (no_state_check)
368  goto found;
369 
370  /* check it isn't negative and hasn't expired or been
371  * revoked */
372  if (kflags & (1 << KEY_FLAG_REVOKED))
373  goto error_2;
374  if (key->expiry && now.tv_sec >= key->expiry)
375  goto error_2;
376  key_ref = ERR_PTR(key->type_data.reject_error);
377  if (kflags & (1 << KEY_FLAG_NEGATIVE))
378  goto error_2;
379  goto found;
380  }
381 
382  /* otherwise, the top keyring must not be revoked, expired, or
383  * negatively instantiated if we are to search it */
384  key_ref = ERR_PTR(-EAGAIN);
385  if (kflags & ((1 << KEY_FLAG_INVALIDATED) |
386  (1 << KEY_FLAG_REVOKED) |
387  (1 << KEY_FLAG_NEGATIVE)) ||
388  (keyring->expiry && now.tv_sec >= keyring->expiry))
389  goto error_2;
390 
391  /* start processing a new keyring */
392 descend:
393  kflags = keyring->flags;
394  if (kflags & ((1 << KEY_FLAG_INVALIDATED) |
395  (1 << KEY_FLAG_REVOKED)))
396  goto not_this_keyring;
397 
398  keylist = rcu_dereference(keyring->payload.subscriptions);
399  if (!keylist)
400  goto not_this_keyring;
401 
402  /* iterate through the keys in this keyring first */
403  nkeys = keylist->nkeys;
404  smp_rmb();
405  for (kix = 0; kix < nkeys; kix++) {
406  key = rcu_dereference(keylist->keys[kix]);
407  kflags = key->flags;
408 
409  /* ignore keys not of this type */
410  if (key->type != type)
411  continue;
412 
413  /* skip invalidated, revoked and expired keys */
414  if (!no_state_check) {
415  if (kflags & ((1 << KEY_FLAG_INVALIDATED) |
416  (1 << KEY_FLAG_REVOKED)))
417  continue;
418 
419  if (key->expiry && now.tv_sec >= key->expiry)
420  continue;
421  }
422 
423  /* keys that don't match */
424  if (!match(key, description))
425  continue;
426 
427  /* key must have search permissions */
428  if (key_task_permission(make_key_ref(key, possessed),
429  cred, KEY_SEARCH) < 0)
430  continue;
431 
432  if (no_state_check)
433  goto found;
434 
435  /* we set a different error code if we pass a negative key */
436  if (kflags & (1 << KEY_FLAG_NEGATIVE)) {
437  err = key->type_data.reject_error;
438  continue;
439  }
440 
441  goto found;
442  }
443 
444  /* search through the keyrings nested in this one */
445  kix = 0;
446 ascend:
447  nkeys = keylist->nkeys;
448  smp_rmb();
449  for (; kix < nkeys; kix++) {
450  key = rcu_dereference(keylist->keys[kix]);
451  if (key->type != &key_type_keyring)
452  continue;
453 
454  /* recursively search nested keyrings
455  * - only search keyrings for which we have search permission
456  */
457  if (sp >= KEYRING_SEARCH_MAX_DEPTH)
458  continue;
459 
460  if (key_task_permission(make_key_ref(key, possessed),
461  cred, KEY_SEARCH) < 0)
462  continue;
463 
464  /* stack the current position */
465  stack[sp].keyring = keyring;
466  stack[sp].keylist = keylist;
467  stack[sp].kix = kix;
468  sp++;
469 
470  /* begin again with the new keyring */
471  keyring = key;
472  goto descend;
473  }
474 
475  /* the keyring we're looking at was disqualified or didn't contain a
476  * matching key */
477 not_this_keyring:
478  if (sp > 0) {
479  /* resume the processing of a keyring higher up in the tree */
480  sp--;
481  keyring = stack[sp].keyring;
482  keylist = stack[sp].keylist;
483  kix = stack[sp].kix + 1;
484  goto ascend;
485  }
486 
487  key_ref = ERR_PTR(err);
488  goto error_2;
489 
490  /* we found a viable match */
491 found:
492  atomic_inc(&key->usage);
493  key->last_used_at = now.tv_sec;
494  keyring->last_used_at = now.tv_sec;
495  while (sp > 0)
496  stack[--sp].keyring->last_used_at = now.tv_sec;
497  key_check(key);
498  key_ref = make_key_ref(key, possessed);
499 error_2:
500  rcu_read_unlock();
501 error:
502  return key_ref;
503 }
504 
514 key_ref_t keyring_search(key_ref_t keyring,
515  struct key_type *type,
516  const char *description)
517 {
518  if (!type->match)
519  return ERR_PTR(-ENOKEY);
520 
521  return keyring_search_aux(keyring, current->cred,
522  type, description, type->match, false);
523 }
525 
526 /*
527  * Search the given keyring only (no recursion).
528  *
529  * The caller must guarantee that the keyring is a keyring and that the
530  * permission is granted to search the keyring as no check is made here.
531  *
532  * RCU is used to make it unnecessary to lock the keyring key list here.
533  *
534  * Returns a pointer to the found key with usage count incremented if
535  * successful and returns -ENOKEY if not found. Revoked keys and keys not
536  * providing the requested permission are skipped over.
537  *
538  * If successful, the possession indicator is propagated from the keyring ref
539  * to the returned key reference.
540  */
541 key_ref_t __keyring_search_one(key_ref_t keyring_ref,
542  const struct key_type *ktype,
543  const char *description,
544  key_perm_t perm)
545 {
546  struct keyring_list *klist;
547  unsigned long possessed;
548  struct key *keyring, *key;
549  int nkeys, loop;
550 
551  keyring = key_ref_to_ptr(keyring_ref);
552  possessed = is_key_possessed(keyring_ref);
553 
554  rcu_read_lock();
555 
556  klist = rcu_dereference(keyring->payload.subscriptions);
557  if (klist) {
558  nkeys = klist->nkeys;
559  smp_rmb();
560  for (loop = 0; loop < nkeys ; loop++) {
561  key = rcu_dereference(klist->keys[loop]);
562  if (key->type == ktype &&
563  (!key->type->match ||
564  key->type->match(key, description)) &&
565  key_permission(make_key_ref(key, possessed),
566  perm) == 0 &&
567  !(key->flags & ((1 << KEY_FLAG_INVALIDATED) |
568  (1 << KEY_FLAG_REVOKED)))
569  )
570  goto found;
571  }
572  }
573 
574  rcu_read_unlock();
575  return ERR_PTR(-ENOKEY);
576 
577 found:
578  atomic_inc(&key->usage);
579  keyring->last_used_at = key->last_used_at =
580  current_kernel_time().tv_sec;
581  rcu_read_unlock();
582  return make_key_ref(key, possessed);
583 }
584 
585 /*
586  * Find a keyring with the specified name.
587  *
588  * All named keyrings in the current user namespace are searched, provided they
589  * grant Search permission directly to the caller (unless this check is
590  * skipped). Keyrings whose usage points have reached zero or who have been
591  * revoked are skipped.
592  *
593  * Returns a pointer to the keyring with the keyring's refcount having being
594  * incremented on success. -ENOKEY is returned if a key could not be found.
595  */
596 struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
597 {
598  struct key *keyring;
599  int bucket;
600 
601  if (!name)
602  return ERR_PTR(-EINVAL);
603 
604  bucket = keyring_hash(name);
605 
606  read_lock(&keyring_name_lock);
607 
608  if (keyring_name_hash[bucket].next) {
609  /* search this hash bucket for a keyring with a matching name
610  * that's readable and that hasn't been revoked */
611  list_for_each_entry(keyring,
612  &keyring_name_hash[bucket],
613  type_data.link
614  ) {
615  if (!kuid_has_mapping(current_user_ns(), keyring->user->uid))
616  continue;
617 
618  if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
619  continue;
620 
621  if (strcmp(keyring->description, name) != 0)
622  continue;
623 
624  if (!skip_perm_check &&
625  key_permission(make_key_ref(keyring, 0),
626  KEY_SEARCH) < 0)
627  continue;
628 
629  /* we've got a match but we might end up racing with
630  * key_cleanup() if the keyring is currently 'dead'
631  * (ie. it has a zero usage count) */
632  if (!atomic_inc_not_zero(&keyring->usage))
633  continue;
634  keyring->last_used_at = current_kernel_time().tv_sec;
635  goto out;
636  }
637  }
638 
639  keyring = ERR_PTR(-ENOKEY);
640 out:
641  read_unlock(&keyring_name_lock);
642  return keyring;
643 }
644 
645 /*
646  * See if a cycle will will be created by inserting acyclic tree B in acyclic
647  * tree A at the topmost level (ie: as a direct child of A).
648  *
649  * Since we are adding B to A at the top level, checking for cycles should just
650  * be a matter of seeing if node A is somewhere in tree B.
651  */
652 static int keyring_detect_cycle(struct key *A, struct key *B)
653 {
654  struct {
655  struct keyring_list *keylist;
656  int kix;
658 
659  struct keyring_list *keylist;
660  struct key *subtree, *key;
661  int sp, nkeys, kix, ret;
662 
663  rcu_read_lock();
664 
665  ret = -EDEADLK;
666  if (A == B)
667  goto cycle_detected;
668 
669  subtree = B;
670  sp = 0;
671 
672  /* start processing a new keyring */
673 descend:
674  if (test_bit(KEY_FLAG_REVOKED, &subtree->flags))
675  goto not_this_keyring;
676 
677  keylist = rcu_dereference(subtree->payload.subscriptions);
678  if (!keylist)
679  goto not_this_keyring;
680  kix = 0;
681 
682 ascend:
683  /* iterate through the remaining keys in this keyring */
684  nkeys = keylist->nkeys;
685  smp_rmb();
686  for (; kix < nkeys; kix++) {
687  key = rcu_dereference(keylist->keys[kix]);
688 
689  if (key == A)
690  goto cycle_detected;
691 
692  /* recursively check nested keyrings */
693  if (key->type == &key_type_keyring) {
694  if (sp >= KEYRING_SEARCH_MAX_DEPTH)
695  goto too_deep;
696 
697  /* stack the current position */
698  stack[sp].keylist = keylist;
699  stack[sp].kix = kix;
700  sp++;
701 
702  /* begin again with the new keyring */
703  subtree = key;
704  goto descend;
705  }
706  }
707 
708  /* the keyring we're looking at was disqualified or didn't contain a
709  * matching key */
710 not_this_keyring:
711  if (sp > 0) {
712  /* resume the checking of a keyring higher up in the tree */
713  sp--;
714  keylist = stack[sp].keylist;
715  kix = stack[sp].kix + 1;
716  goto ascend;
717  }
718 
719  ret = 0; /* no cycles detected */
720 
721 error:
722  rcu_read_unlock();
723  return ret;
724 
725 too_deep:
726  ret = -ELOOP;
727  goto error;
728 
729 cycle_detected:
730  ret = -EDEADLK;
731  goto error;
732 }
733 
734 /*
735  * Dispose of a keyring list after the RCU grace period, freeing the unlinked
736  * key
737  */
738 static void keyring_unlink_rcu_disposal(struct rcu_head *rcu)
739 {
740  struct keyring_list *klist =
741  container_of(rcu, struct keyring_list, rcu);
742 
743  if (klist->delkey != USHRT_MAX)
744  key_put(rcu_access_pointer(klist->keys[klist->delkey]));
745  kfree(klist);
746 }
747 
748 /*
749  * Preallocate memory so that a key can be linked into to a keyring.
750  */
751 int __key_link_begin(struct key *keyring, const struct key_type *type,
752  const char *description, unsigned long *_prealloc)
753  __acquires(&keyring->sem)
754  __acquires(&keyring_serialise_link_sem)
755 {
756  struct keyring_list *klist, *nklist;
757  unsigned long prealloc;
758  unsigned max;
759  time_t lowest_lru;
760  size_t size;
761  int loop, lru, ret;
762 
763  kenter("%d,%s,%s,", key_serial(keyring), type->name, description);
764 
765  if (keyring->type != &key_type_keyring)
766  return -ENOTDIR;
767 
768  down_write(&keyring->sem);
769 
770  ret = -EKEYREVOKED;
771  if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
772  goto error_krsem;
773 
774  /* serialise link/link calls to prevent parallel calls causing a cycle
775  * when linking two keyring in opposite orders */
776  if (type == &key_type_keyring)
777  down_write(&keyring_serialise_link_sem);
778 
779  klist = rcu_dereference_locked_keyring(keyring);
780 
781  /* see if there's a matching key we can displace */
782  lru = -1;
783  if (klist && klist->nkeys > 0) {
784  lowest_lru = TIME_T_MAX;
785  for (loop = klist->nkeys - 1; loop >= 0; loop--) {
786  struct key *key = rcu_deref_link_locked(klist, loop,
787  keyring);
788  if (key->type == type &&
789  strcmp(key->description, description) == 0) {
790  /* Found a match - we'll replace the link with
791  * one to the new key. We record the slot
792  * position.
793  */
794  klist->delkey = loop;
795  prealloc = 0;
796  goto done;
797  }
798  if (key->last_used_at < lowest_lru) {
799  lowest_lru = key->last_used_at;
800  lru = loop;
801  }
802  }
803  }
804 
805  /* If the keyring is full then do an LRU discard */
806  if (klist &&
807  klist->nkeys == klist->maxkeys &&
808  klist->maxkeys >= MAX_KEYRING_LINKS) {
809  kdebug("LRU discard %d\n", lru);
810  klist->delkey = lru;
811  prealloc = 0;
812  goto done;
813  }
814 
815  /* check that we aren't going to overrun the user's quota */
816  ret = key_payload_reserve(keyring,
817  keyring->datalen + KEYQUOTA_LINK_BYTES);
818  if (ret < 0)
819  goto error_sem;
820 
821  if (klist && klist->nkeys < klist->maxkeys) {
822  /* there's sufficient slack space to append directly */
823  klist->delkey = klist->nkeys;
824  prealloc = KEY_LINK_FIXQUOTA;
825  } else {
826  /* grow the key list */
827  max = 4;
828  if (klist) {
829  max += klist->maxkeys;
830  if (max > MAX_KEYRING_LINKS)
831  max = MAX_KEYRING_LINKS;
832  BUG_ON(max <= klist->maxkeys);
833  }
834 
835  size = sizeof(*klist) + sizeof(struct key *) * max;
836 
837  ret = -ENOMEM;
838  nklist = kmalloc(size, GFP_KERNEL);
839  if (!nklist)
840  goto error_quota;
841 
842  nklist->maxkeys = max;
843  if (klist) {
844  memcpy(nklist->keys, klist->keys,
845  sizeof(struct key *) * klist->nkeys);
846  nklist->delkey = klist->nkeys;
847  nklist->nkeys = klist->nkeys + 1;
848  klist->delkey = USHRT_MAX;
849  } else {
850  nklist->nkeys = 1;
851  nklist->delkey = 0;
852  }
853 
854  /* add the key into the new space */
855  RCU_INIT_POINTER(nklist->keys[nklist->delkey], NULL);
856  prealloc = (unsigned long)nklist | KEY_LINK_FIXQUOTA;
857  }
858 
859 done:
860  *_prealloc = prealloc;
861  kleave(" = 0");
862  return 0;
863 
864 error_quota:
865  /* undo the quota changes */
866  key_payload_reserve(keyring,
867  keyring->datalen - KEYQUOTA_LINK_BYTES);
868 error_sem:
869  if (type == &key_type_keyring)
870  up_write(&keyring_serialise_link_sem);
871 error_krsem:
872  up_write(&keyring->sem);
873  kleave(" = %d", ret);
874  return ret;
875 }
876 
877 /*
878  * Check already instantiated keys aren't going to be a problem.
879  *
880  * The caller must have called __key_link_begin(). Don't need to call this for
881  * keys that were created since __key_link_begin() was called.
882  */
883 int __key_link_check_live_key(struct key *keyring, struct key *key)
884 {
885  if (key->type == &key_type_keyring)
886  /* check that we aren't going to create a cycle by linking one
887  * keyring to another */
888  return keyring_detect_cycle(keyring, key);
889  return 0;
890 }
891 
892 /*
893  * Link a key into to a keyring.
894  *
895  * Must be called with __key_link_begin() having being called. Discards any
896  * already extant link to matching key if there is one, so that each keyring
897  * holds at most one link to any given key of a particular type+description
898  * combination.
899  */
900 void __key_link(struct key *keyring, struct key *key,
901  unsigned long *_prealloc)
902 {
903  struct keyring_list *klist, *nklist;
904  struct key *discard;
905 
906  nklist = (struct keyring_list *)(*_prealloc & ~KEY_LINK_FIXQUOTA);
907  *_prealloc = 0;
908 
909  kenter("%d,%d,%p", keyring->serial, key->serial, nklist);
910 
911  klist = rcu_dereference_locked_keyring(keyring);
912 
913  atomic_inc(&key->usage);
914  keyring->last_used_at = key->last_used_at =
915  current_kernel_time().tv_sec;
916 
917  /* there's a matching key we can displace or an empty slot in a newly
918  * allocated list we can fill */
919  if (nklist) {
920  kdebug("reissue %hu/%hu/%hu",
921  nklist->delkey, nklist->nkeys, nklist->maxkeys);
922 
923  RCU_INIT_POINTER(nklist->keys[nklist->delkey], key);
924 
925  rcu_assign_pointer(keyring->payload.subscriptions, nklist);
926 
927  /* dispose of the old keyring list and, if there was one, the
928  * displaced key */
929  if (klist) {
930  kdebug("dispose %hu/%hu/%hu",
931  klist->delkey, klist->nkeys, klist->maxkeys);
932  call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
933  }
934  } else if (klist->delkey < klist->nkeys) {
935  kdebug("replace %hu/%hu/%hu",
936  klist->delkey, klist->nkeys, klist->maxkeys);
937 
938  discard = rcu_dereference_protected(
939  klist->keys[klist->delkey],
940  rwsem_is_locked(&keyring->sem));
941  rcu_assign_pointer(klist->keys[klist->delkey], key);
942  /* The garbage collector will take care of RCU
943  * synchronisation */
944  key_put(discard);
945  } else {
946  /* there's sufficient slack space to append directly */
947  kdebug("append %hu/%hu/%hu",
948  klist->delkey, klist->nkeys, klist->maxkeys);
949 
950  RCU_INIT_POINTER(klist->keys[klist->delkey], key);
951  smp_wmb();
952  klist->nkeys++;
953  }
954 }
955 
956 /*
957  * Finish linking a key into to a keyring.
958  *
959  * Must be called with __key_link_begin() having being called.
960  */
961 void __key_link_end(struct key *keyring, struct key_type *type,
962  unsigned long prealloc)
963  __releases(&keyring->sem)
964  __releases(&keyring_serialise_link_sem)
965 {
966  BUG_ON(type == NULL);
967  BUG_ON(type->name == NULL);
968  kenter("%d,%s,%lx", keyring->serial, type->name, prealloc);
969 
970  if (type == &key_type_keyring)
971  up_write(&keyring_serialise_link_sem);
972 
973  if (prealloc) {
974  if (prealloc & KEY_LINK_FIXQUOTA)
975  key_payload_reserve(keyring,
976  keyring->datalen -
978  kfree((struct keyring_list *)(prealloc & ~KEY_LINK_FIXQUOTA));
979  }
980  up_write(&keyring->sem);
981 }
982 
1003 int key_link(struct key *keyring, struct key *key)
1004 {
1005  unsigned long prealloc;
1006  int ret;
1007 
1008  key_check(keyring);
1009  key_check(key);
1010 
1011  ret = __key_link_begin(keyring, key->type, key->description, &prealloc);
1012  if (ret == 0) {
1013  ret = __key_link_check_live_key(keyring, key);
1014  if (ret == 0)
1015  __key_link(keyring, key, &prealloc);
1016  __key_link_end(keyring, key->type, prealloc);
1017  }
1018 
1019  return ret;
1020 }
1022 
1040 int key_unlink(struct key *keyring, struct key *key)
1041 {
1042  struct keyring_list *klist, *nklist;
1043  int loop, ret;
1044 
1045  key_check(keyring);
1046  key_check(key);
1047 
1048  ret = -ENOTDIR;
1049  if (keyring->type != &key_type_keyring)
1050  goto error;
1051 
1052  down_write(&keyring->sem);
1053 
1054  klist = rcu_dereference_locked_keyring(keyring);
1055  if (klist) {
1056  /* search the keyring for the key */
1057  for (loop = 0; loop < klist->nkeys; loop++)
1058  if (rcu_access_pointer(klist->keys[loop]) == key)
1059  goto key_is_present;
1060  }
1061 
1062  up_write(&keyring->sem);
1063  ret = -ENOENT;
1064  goto error;
1065 
1066 key_is_present:
1067  /* we need to copy the key list for RCU purposes */
1068  nklist = kmalloc(sizeof(*klist) +
1069  sizeof(struct key *) * klist->maxkeys,
1070  GFP_KERNEL);
1071  if (!nklist)
1072  goto nomem;
1073  nklist->maxkeys = klist->maxkeys;
1074  nklist->nkeys = klist->nkeys - 1;
1075 
1076  if (loop > 0)
1077  memcpy(&nklist->keys[0],
1078  &klist->keys[0],
1079  loop * sizeof(struct key *));
1080 
1081  if (loop < nklist->nkeys)
1082  memcpy(&nklist->keys[loop],
1083  &klist->keys[loop + 1],
1084  (nklist->nkeys - loop) * sizeof(struct key *));
1085 
1086  /* adjust the user's quota */
1087  key_payload_reserve(keyring,
1088  keyring->datalen - KEYQUOTA_LINK_BYTES);
1089 
1090  rcu_assign_pointer(keyring->payload.subscriptions, nklist);
1091 
1092  up_write(&keyring->sem);
1093 
1094  /* schedule for later cleanup */
1095  klist->delkey = loop;
1096  call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
1097 
1098  ret = 0;
1099 
1100 error:
1101  return ret;
1102 nomem:
1103  ret = -ENOMEM;
1104  up_write(&keyring->sem);
1105  goto error;
1106 }
1108 
1109 /*
1110  * Dispose of a keyring list after the RCU grace period, releasing the keys it
1111  * links to.
1112  */
1113 static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
1114 {
1115  struct keyring_list *klist;
1116  int loop;
1117 
1118  klist = container_of(rcu, struct keyring_list, rcu);
1119 
1120  for (loop = klist->nkeys - 1; loop >= 0; loop--)
1121  key_put(rcu_access_pointer(klist->keys[loop]));
1122 
1123  kfree(klist);
1124 }
1125 
1134 int keyring_clear(struct key *keyring)
1135 {
1136  struct keyring_list *klist;
1137  int ret;
1138 
1139  ret = -ENOTDIR;
1140  if (keyring->type == &key_type_keyring) {
1141  /* detach the pointer block with the locks held */
1142  down_write(&keyring->sem);
1143 
1144  klist = rcu_dereference_locked_keyring(keyring);
1145  if (klist) {
1146  /* adjust the quota */
1147  key_payload_reserve(keyring,
1148  sizeof(struct keyring_list));
1149 
1150  rcu_assign_pointer(keyring->payload.subscriptions,
1151  NULL);
1152  }
1153 
1154  up_write(&keyring->sem);
1155 
1156  /* free the keys after the locks have been dropped */
1157  if (klist)
1158  call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1159 
1160  ret = 0;
1161  }
1162 
1163  return ret;
1164 }
1166 
1167 /*
1168  * Dispose of the links from a revoked keyring.
1169  *
1170  * This is called with the key sem write-locked.
1171  */
1172 static void keyring_revoke(struct key *keyring)
1173 {
1174  struct keyring_list *klist;
1175 
1176  klist = rcu_dereference_locked_keyring(keyring);
1177 
1178  /* adjust the quota */
1179  key_payload_reserve(keyring, 0);
1180 
1181  if (klist) {
1182  rcu_assign_pointer(keyring->payload.subscriptions, NULL);
1183  call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1184  }
1185 }
1186 
1187 /*
1188  * Collect garbage from the contents of a keyring, replacing the old list with
1189  * a new one with the pointers all shuffled down.
1190  *
1191  * Dead keys are classed as oned that are flagged as being dead or are revoked,
1192  * expired or negative keys that were revoked or expired before the specified
1193  * limit.
1194  */
1195 void keyring_gc(struct key *keyring, time_t limit)
1196 {
1197  struct keyring_list *klist, *new;
1198  struct key *key;
1199  int loop, keep, max;
1200 
1201  kenter("{%x,%s}", key_serial(keyring), keyring->description);
1202 
1203  down_write(&keyring->sem);
1204 
1205  klist = rcu_dereference_locked_keyring(keyring);
1206  if (!klist)
1207  goto no_klist;
1208 
1209  /* work out how many subscriptions we're keeping */
1210  keep = 0;
1211  for (loop = klist->nkeys - 1; loop >= 0; loop--)
1212  if (!key_is_dead(rcu_deref_link_locked(klist, loop, keyring),
1213  limit))
1214  keep++;
1215 
1216  if (keep == klist->nkeys)
1217  goto just_return;
1218 
1219  /* allocate a new keyring payload */
1220  max = roundup(keep, 4);
1221  new = kmalloc(sizeof(struct keyring_list) + max * sizeof(struct key *),
1222  GFP_KERNEL);
1223  if (!new)
1224  goto nomem;
1225  new->maxkeys = max;
1226  new->nkeys = 0;
1227  new->delkey = 0;
1228 
1229  /* install the live keys
1230  * - must take care as expired keys may be updated back to life
1231  */
1232  keep = 0;
1233  for (loop = klist->nkeys - 1; loop >= 0; loop--) {
1234  key = rcu_deref_link_locked(klist, loop, keyring);
1235  if (!key_is_dead(key, limit)) {
1236  if (keep >= max)
1237  goto discard_new;
1238  RCU_INIT_POINTER(new->keys[keep++], key_get(key));
1239  }
1240  }
1241  new->nkeys = keep;
1242 
1243  /* adjust the quota */
1244  key_payload_reserve(keyring,
1245  sizeof(struct keyring_list) +
1246  KEYQUOTA_LINK_BYTES * keep);
1247 
1248  if (keep == 0) {
1249  rcu_assign_pointer(keyring->payload.subscriptions, NULL);
1250  kfree(new);
1251  } else {
1252  rcu_assign_pointer(keyring->payload.subscriptions, new);
1253  }
1254 
1255  up_write(&keyring->sem);
1256 
1257  call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1258  kleave(" [yes]");
1259  return;
1260 
1261 discard_new:
1262  new->nkeys = keep;
1263  keyring_clear_rcu_disposal(&new->rcu);
1264  up_write(&keyring->sem);
1265  kleave(" [discard]");
1266  return;
1267 
1268 just_return:
1269  up_write(&keyring->sem);
1270  kleave(" [no dead]");
1271  return;
1272 
1273 no_klist:
1274  up_write(&keyring->sem);
1275  kleave(" [no_klist]");
1276  return;
1277 
1278 nomem:
1279  up_write(&keyring->sem);
1280  kleave(" [oom]");
1281 }