12 #include <linux/module.h>
14 #include <linux/poison.h>
15 #include <linux/sched.h>
16 #include <linux/slab.h>
19 #include <linux/random.h>
42 void __key_check(
const struct key *
key)
44 printk(
"__key_check: key %p {%08x} should be {%08x}\n",
45 key, key->magic, KEY_DEBUG_MAGIC);
69 if (uid_lt(uid, user->uid))
71 else if (uid_gt(uid, user->uid))
105 rb_link_node(&candidate->
node, parent, p);
137 static inline void key_alloc_serial(
struct key *
key)
148 }
while (key->serial < 3);
150 spin_lock(&key_serial_lock);
158 xkey =
rb_entry(parent,
struct key, serial_node);
160 if (key->serial < xkey->serial)
162 else if (key->serial > xkey->serial)
169 rb_link_node(&key->serial_node, parent, p);
172 spin_unlock(&key_serial_lock);
180 if (key->serial < 3) {
182 goto attempt_insertion;
187 goto attempt_insertion;
189 xkey =
rb_entry(parent,
struct key, serial_node);
190 if (key->serial < xkey->serial)
191 goto attempt_insertion;
230 size_t desclen, quotalen;
237 if (type->vet_description) {
238 ret = type->vet_description(desc);
245 desclen =
strlen(desc) + 1;
246 quotalen = desclen + type->def_datalen;
255 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
261 spin_lock(&user->
lock);
262 if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) {
263 if (user->
qnkeys + 1 >= maxkeys ||
264 user->
qnbytes + quotalen >= maxbytes ||
265 user->
qnbytes + quotalen < user->qnbytes)
271 spin_unlock(&user->
lock);
281 if (!key->description)
290 key->quotalen = quotalen;
291 key->datalen = type->def_datalen;
297 key->payload.data =
NULL;
298 key->security =
NULL;
300 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA))
301 key->flags |= 1 << KEY_FLAG_IN_QUOTA;
303 memset(&key->type_data, 0,
sizeof(key->type_data));
306 key->magic = KEY_DEBUG_MAGIC;
310 ret = security_key_alloc(key, cred, flags);
316 key_alloc_serial(key);
322 kfree(key->description);
324 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
325 spin_lock(&user->
lock);
328 spin_unlock(&user->
lock);
337 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
338 spin_lock(&user->
lock);
341 spin_unlock(&user->
lock);
349 spin_unlock(&user->
lock);
369 int delta = (
int)datalen - key->datalen;
375 if (delta != 0 &&
test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
379 spin_lock(&key->user->lock);
382 (key->user->qnbytes + delta >= maxbytes ||
383 key->user->qnbytes + delta < key->
user->qnbytes)) {
387 key->user->qnbytes +=
delta;
388 key->quotalen +=
delta;
390 spin_unlock(&key->user->lock);
407 static int __key_instantiate_and_link(
struct key *key,
408 struct key_preparsed_payload *prep,
411 unsigned long *_prealloc)
424 if (!
test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
426 ret = key->type->instantiate(key, prep);
431 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
477 struct key_preparsed_payload prep;
478 unsigned long prealloc;
481 memset(&prep, 0,
sizeof(prep));
484 prep.quotalen = key->type->def_datalen;
485 if (key->type->preparse) {
486 ret = key->type->preparse(&prep);
495 goto error_free_preparse;
498 ret = __key_instantiate_and_link(key, &prep, keyring, authkey,
505 if (key->type->preparse)
506 key->type->free_preparse(&prep);
540 unsigned long prealloc;
542 int ret, awaken, link_ret = 0;
552 key->description, &prealloc);
557 if (!
test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
560 set_bit(KEY_FLAG_NEGATIVE, &key->flags);
561 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
562 key->type_data.reject_error = -
error;
564 key->expiry = now.
tv_sec + timeout;
573 if (keyring && link_ret == 0)
590 return ret == 0 ? link_ret :
ret;
626 key =
rb_entry(n,
struct key, serial_node);
630 else if (
id > key->serial)
663 struct key_type *
ktype;
670 if (
strcmp(ktype->name, type) == 0)
671 goto found_kernel_type;
691 expiry = now.
tv_sec + timeout;
694 key->expiry = expiry;
715 static inline key_ref_t __key_update(key_ref_t key_ref,
716 struct key_preparsed_payload *prep)
718 struct key *key = key_ref_to_ptr(key_ref);
722 ret = key_permission(key_ref,
KEY_WRITE);
727 if (!key->type->update)
732 ret = key->type->update(key, prep);
735 clear_bit(KEY_FLAG_NEGATIVE, &key->flags);
746 key_ref = ERR_PTR(ret);
783 unsigned long prealloc;
784 struct key_preparsed_payload prep;
786 struct key_type *
ktype;
787 struct key *keyring, *key =
NULL;
795 key_ref = ERR_PTR(-
ENODEV);
799 key_ref = ERR_PTR(-
EINVAL);
800 if (!ktype->match || !ktype->instantiate ||
801 (!description && !ktype->preparse))
804 keyring = key_ref_to_ptr(keyring_ref);
812 memset(&prep, 0,
sizeof(prep));
815 prep.quotalen = ktype->def_datalen;
816 if (ktype->preparse) {
817 ret = ktype->preparse(&prep);
819 key_ref = ERR_PTR(ret);
823 description = prep.description;
824 key_ref = ERR_PTR(-
EINVAL);
826 goto error_free_prep;
831 key_ref = ERR_PTR(ret);
832 goto error_free_prep;
837 ret = key_permission(keyring_ref,
KEY_WRITE);
839 key_ref = ERR_PTR(ret);
850 if (!IS_ERR(key_ref))
851 goto found_matching_key;
855 if (perm == KEY_PERM_UNDEF) {
856 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
857 perm |= KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_LINK | KEY_USR_SETATTR;
860 perm |= KEY_POS_READ | KEY_USR_READ;
863 perm |= KEY_USR_WRITE;
870 key_ref = ERR_CAST(key);
875 ret = __key_instantiate_and_link(key, &prep, keyring,
NULL, &prealloc);
878 key_ref = ERR_PTR(ret);
882 key_ref = make_key_ref(key, is_key_possessed(keyring_ref));
888 ktype->free_preparse(&prep);
900 key_ref = __key_update(key_ref, &prep);
901 goto error_free_prep;
920 struct key_preparsed_payload prep;
921 struct key *key = key_ref_to_ptr(key_ref);
927 ret = key_permission(key_ref,
KEY_WRITE);
933 if (!key->type->update)
936 memset(&prep, 0,
sizeof(prep));
939 prep.quotalen = key->type->def_datalen;
940 if (key->type->preparse) {
941 ret = key->type->preparse(&prep);
948 ret = key->type->update(key, &prep);
951 clear_bit(KEY_FLAG_NEGATIVE, &key->flags);
955 if (key->type->preparse)
956 key->type->free_preparse(&prep);
986 key->type->revoke(key);
991 if (key->revoked_at == 0 || key->revoked_at > time) {
992 key->revoked_at =
time;
1009 kenter(
"%d", key_serial(key));
1013 if (!
test_bit(KEY_FLAG_INVALIDATED, &key->flags)) {
1035 memset(&ktype->lock_class, 0,
sizeof(ktype->lock_class));
1042 if (
strcmp(p->name, ktype->name) == 0)
1047 list_add(&ktype->link, &key_types_list);
1049 pr_notice(
"Key type %s registered\n", ktype->name);
1069 list_del_init(&ktype->link);
1072 pr_notice(
"Key type %s unregistered\n", ktype->name);