Root/
Source at commit be977234bfb4a6dca8a39e7c52165e4cd536ad71 created 9 years 8 months ago. By Lars-Peter Clausen, jz4740: Fix compile error | |
---|---|
1 | /* Keyring handling |
2 | * |
3 | * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * |
6 | * This program is free software; you can redistribute it and/or |
7 | * modify it under the terms of the GNU General Public License |
8 | * as published by the Free Software Foundation; either version |
9 | * 2 of the License, or (at your option) any later version. |
10 | */ |
11 | |
12 | #include <linux/module.h> |
13 | #include <linux/init.h> |
14 | #include <linux/sched.h> |
15 | #include <linux/slab.h> |
16 | #include <linux/security.h> |
17 | #include <linux/seq_file.h> |
18 | #include <linux/err.h> |
19 | #include <keys/keyring-type.h> |
20 | #include <linux/uaccess.h> |
21 | #include "internal.h" |
22 | |
23 | #define rcu_dereference_locked_keyring(keyring) \ |
24 | (rcu_dereference_protected( \ |
25 | (keyring)->payload.subscriptions, \ |
26 | rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem))) |
27 | |
28 | #define KEY_LINK_FIXQUOTA 1UL |
29 | |
30 | /* |
31 | * When plumbing the depths of the key tree, this sets a hard limit |
32 | * set on how deep we're willing to go. |
33 | */ |
34 | #define KEYRING_SEARCH_MAX_DEPTH 6 |
35 | |
36 | /* |
37 | * We keep all named keyrings in a hash to speed looking them up. |
38 | */ |
39 | #define KEYRING_NAME_HASH_SIZE (1 << 5) |
40 | |
41 | static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE]; |
42 | static DEFINE_RWLOCK(keyring_name_lock); |
43 | |
44 | static inline unsigned keyring_hash(const char *desc) |
45 | { |
46 | unsigned bucket = 0; |
47 | |
48 | for (; *desc; desc++) |
49 | bucket += (unsigned char)*desc; |
50 | |
51 | return bucket & (KEYRING_NAME_HASH_SIZE - 1); |
52 | } |
53 | |
54 | /* |
55 | * The keyring key type definition. Keyrings are simply keys of this type and |
56 | * can be treated as ordinary keys in addition to having their own special |
57 | * operations. |
58 | */ |
59 | static int keyring_instantiate(struct key *keyring, |
60 | const void *data, size_t datalen); |
61 | static int keyring_match(const struct key *keyring, const void *criterion); |
62 | static void keyring_revoke(struct key *keyring); |
63 | static void keyring_destroy(struct key *keyring); |
64 | static void keyring_describe(const struct key *keyring, struct seq_file *m); |
65 | static long keyring_read(const struct key *keyring, |
66 | char __user *buffer, size_t buflen); |
67 | |
68 | struct key_type key_type_keyring = { |
69 | .name = "keyring", |
70 | .def_datalen = sizeof(struct keyring_list), |
71 | .instantiate = keyring_instantiate, |
72 | .match = keyring_match, |
73 | .revoke = keyring_revoke, |
74 | .destroy = keyring_destroy, |
75 | .describe = keyring_describe, |
76 | .read = keyring_read, |
77 | }; |
78 | EXPORT_SYMBOL(key_type_keyring); |
79 | |
80 | /* |
81 | * Semaphore to serialise link/link calls to prevent two link calls in parallel |
82 | * introducing a cycle. |
83 | */ |
84 | static DECLARE_RWSEM(keyring_serialise_link_sem); |
85 | |
86 | /* |
87 | * Publish the name of a keyring so that it can be found by name (if it has |
88 | * one). |
89 | */ |
90 | static void keyring_publish_name(struct key *keyring) |
91 | { |
92 | int bucket; |
93 | |
94 | if (keyring->description) { |
95 | bucket = keyring_hash(keyring->description); |
96 | |
97 | write_lock(&keyring_name_lock); |
98 | |
99 | if (!keyring_name_hash[bucket].next) |
100 | INIT_LIST_HEAD(&keyring_name_hash[bucket]); |
101 | |
102 | list_add_tail(&keyring->type_data.link, |
103 | &keyring_name_hash[bucket]); |
104 | |
105 | write_unlock(&keyring_name_lock); |
106 | } |
107 | } |
108 | |
109 | /* |
110 | * Initialise a keyring. |
111 | * |
112 | * Returns 0 on success, -EINVAL if given any data. |
113 | */ |
114 | static int keyring_instantiate(struct key *keyring, |
115 | const void *data, size_t datalen) |
116 | { |
117 | int ret; |
118 | |
119 | ret = -EINVAL; |
120 | if (datalen == 0) { |
121 | /* make the keyring available by name if it has one */ |
122 | keyring_publish_name(keyring); |
123 | ret = 0; |
124 | } |
125 | |
126 | return ret; |
127 | } |
128 | |
129 | /* |
130 | * Match keyrings on their name |
131 | */ |
132 | static int keyring_match(const struct key *keyring, const void *description) |
133 | { |
134 | return keyring->description && |
135 | strcmp(keyring->description, description) == 0; |
136 | } |
137 | |
138 | /* |
139 | * Clean up a keyring when it is destroyed. Unpublish its name if it had one |
140 | * and dispose of its data. |
141 | */ |
142 | static void keyring_destroy(struct key *keyring) |
143 | { |
144 | struct keyring_list *klist; |
145 | int loop; |
146 | |
147 | if (keyring->description) { |
148 | write_lock(&keyring_name_lock); |
149 | |
150 | if (keyring->type_data.link.next != NULL && |
151 | !list_empty(&keyring->type_data.link)) |
152 | list_del(&keyring->type_data.link); |
153 | |
154 | write_unlock(&keyring_name_lock); |
155 | } |
156 | |
157 | klist = rcu_dereference_check(keyring->payload.subscriptions, |
158 | rcu_read_lock_held() || |
159 | atomic_read(&keyring->usage) == 0); |
160 | if (klist) { |
161 | for (loop = klist->nkeys - 1; loop >= 0; loop--) |
162 | key_put(klist->keys[loop]); |
163 | kfree(klist); |
164 | } |
165 | } |
166 | |
167 | /* |
168 | * Describe a keyring for /proc. |
169 | */ |
170 | static void keyring_describe(const struct key *keyring, struct seq_file *m) |
171 | { |
172 | struct keyring_list *klist; |
173 | |
174 | if (keyring->description) |
175 | seq_puts(m, keyring->description); |
176 | else |
177 | seq_puts(m, "[anon]"); |
178 | |
179 | rcu_read_lock(); |
180 | klist = rcu_dereference(keyring->payload.subscriptions); |
181 | if (klist) |
182 | seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys); |
183 | else |
184 | seq_puts(m, ": empty"); |
185 | rcu_read_unlock(); |
186 | } |
187 | |
188 | /* |
189 | * Read a list of key IDs from the keyring's contents in binary form |
190 | * |
191 | * The keyring's semaphore is read-locked by the caller. |
192 | */ |
193 | static long keyring_read(const struct key *keyring, |
194 | char __user *buffer, size_t buflen) |
195 | { |
196 | struct keyring_list *klist; |
197 | struct key *key; |
198 | size_t qty, tmp; |
199 | int loop, ret; |
200 | |
201 | ret = 0; |
202 | klist = rcu_dereference_locked_keyring(keyring); |
203 | if (klist) { |
204 | /* calculate how much data we could return */ |
205 | qty = klist->nkeys * sizeof(key_serial_t); |
206 | |
207 | if (buffer && buflen > 0) { |
208 | if (buflen > qty) |
209 | buflen = qty; |
210 | |
211 | /* copy the IDs of the subscribed keys into the |
212 | * buffer */ |
213 | ret = -EFAULT; |
214 | |
215 | for (loop = 0; loop < klist->nkeys; loop++) { |
216 | key = klist->keys[loop]; |
217 | |
218 | tmp = sizeof(key_serial_t); |
219 | if (tmp > buflen) |
220 | tmp = buflen; |
221 | |
222 | if (copy_to_user(buffer, |
223 | &key->serial, |
224 | tmp) != 0) |
225 | goto error; |
226 | |
227 | buflen -= tmp; |
228 | if (buflen == 0) |
229 | break; |
230 | buffer += tmp; |
231 | } |
232 | } |
233 | |
234 | ret = qty; |
235 | } |
236 | |
237 | error: |
238 | return ret; |
239 | } |
240 | |
241 | /* |
242 | * Allocate a keyring and link into the destination keyring. |
243 | */ |
244 | struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, |
245 | const struct cred *cred, unsigned long flags, |
246 | struct key *dest) |
247 | { |
248 | struct key *keyring; |
249 | int ret; |
250 | |
251 | keyring = key_alloc(&key_type_keyring, description, |
252 | uid, gid, cred, |
253 | (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, |
254 | flags); |
255 | |
256 | if (!IS_ERR(keyring)) { |
257 | ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL); |
258 | if (ret < 0) { |
259 | key_put(keyring); |
260 | keyring = ERR_PTR(ret); |
261 | } |
262 | } |
263 | |
264 | return keyring; |
265 | } |
266 | |
267 | /** |
268 | * keyring_search_aux - Search a keyring tree for a key matching some criteria |
269 | * @keyring_ref: A pointer to the keyring with possession indicator. |
270 | * @cred: The credentials to use for permissions checks. |
271 | * @type: The type of key to search for. |
272 | * @description: Parameter for @match. |
273 | * @match: Function to rule on whether or not a key is the one required. |
274 | * |
275 | * Search the supplied keyring tree for a key that matches the criteria given. |
276 | * The root keyring and any linked keyrings must grant Search permission to the |
277 | * caller to be searchable and keys can only be found if they too grant Search |
278 | * to the caller. The possession flag on the root keyring pointer controls use |
279 | * of the possessor bits in permissions checking of the entire tree. In |
280 | * addition, the LSM gets to forbid keyring searches and key matches. |
281 | * |
282 | * The search is performed as a breadth-then-depth search up to the prescribed |
283 | * limit (KEYRING_SEARCH_MAX_DEPTH). |
284 | * |
285 | * Keys are matched to the type provided and are then filtered by the match |
286 | * function, which is given the description to use in any way it sees fit. The |
287 | * match function may use any attributes of a key that it wishes to to |
288 | * determine the match. Normally the match function from the key type would be |
289 | * used. |
290 | * |
291 | * RCU is used to prevent the keyring key lists from disappearing without the |
292 | * need to take lots of locks. |
293 | * |
294 | * Returns a pointer to the found key and increments the key usage count if |
295 | * successful; -EAGAIN if no matching keys were found, or if expired or revoked |
296 | * keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the |
297 | * specified keyring wasn't a keyring. |
298 | * |
299 | * In the case of a successful return, the possession attribute from |
300 | * @keyring_ref is propagated to the returned key reference. |
301 | */ |
302 | key_ref_t keyring_search_aux(key_ref_t keyring_ref, |
303 | const struct cred *cred, |
304 | struct key_type *type, |
305 | const void *description, |
306 | key_match_func_t match) |
307 | { |
308 | struct { |
309 | struct keyring_list *keylist; |
310 | int kix; |
311 | } stack[KEYRING_SEARCH_MAX_DEPTH]; |
312 | |
313 | struct keyring_list *keylist; |
314 | struct timespec now; |
315 | unsigned long possessed, kflags; |
316 | struct key *keyring, *key; |
317 | key_ref_t key_ref; |
318 | long err; |
319 | int sp, kix; |
320 | |
321 | keyring = key_ref_to_ptr(keyring_ref); |
322 | possessed = is_key_possessed(keyring_ref); |
323 | key_check(keyring); |
324 | |
325 | /* top keyring must have search permission to begin the search */ |
326 | err = key_task_permission(keyring_ref, cred, KEY_SEARCH); |
327 | if (err < 0) { |
328 | key_ref = ERR_PTR(err); |
329 | goto error; |
330 | } |
331 | |
332 | key_ref = ERR_PTR(-ENOTDIR); |
333 | if (keyring->type != &key_type_keyring) |
334 | goto error; |
335 | |
336 | rcu_read_lock(); |
337 | |
338 | now = current_kernel_time(); |
339 | err = -EAGAIN; |
340 | sp = 0; |
341 | |
342 | /* firstly we should check to see if this top-level keyring is what we |
343 | * are looking for */ |
344 | key_ref = ERR_PTR(-EAGAIN); |
345 | kflags = keyring->flags; |
346 | if (keyring->type == type && match(keyring, description)) { |
347 | key = keyring; |
348 | |
349 | /* check it isn't negative and hasn't expired or been |
350 | * revoked */ |
351 | if (kflags & (1 << KEY_FLAG_REVOKED)) |
352 | goto error_2; |
353 | if (key->expiry && now.tv_sec >= key->expiry) |
354 | goto error_2; |
355 | key_ref = ERR_PTR(key->type_data.reject_error); |
356 | if (kflags & (1 << KEY_FLAG_NEGATIVE)) |
357 | goto error_2; |
358 | goto found; |
359 | } |
360 | |
361 | /* otherwise, the top keyring must not be revoked, expired, or |
362 | * negatively instantiated if we are to search it */ |
363 | key_ref = ERR_PTR(-EAGAIN); |
364 | if (kflags & ((1 << KEY_FLAG_REVOKED) | (1 << KEY_FLAG_NEGATIVE)) || |
365 | (keyring->expiry && now.tv_sec >= keyring->expiry)) |
366 | goto error_2; |
367 | |
368 | /* start processing a new keyring */ |
369 | descend: |
370 | if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) |
371 | goto not_this_keyring; |
372 | |
373 | keylist = rcu_dereference(keyring->payload.subscriptions); |
374 | if (!keylist) |
375 | goto not_this_keyring; |
376 | |
377 | /* iterate through the keys in this keyring first */ |
378 | for (kix = 0; kix < keylist->nkeys; kix++) { |
379 | key = keylist->keys[kix]; |
380 | kflags = key->flags; |
381 | |
382 | /* ignore keys not of this type */ |
383 | if (key->type != type) |
384 | continue; |
385 | |
386 | /* skip revoked keys and expired keys */ |
387 | if (kflags & (1 << KEY_FLAG_REVOKED)) |
388 | continue; |
389 | |
390 | if (key->expiry && now.tv_sec >= key->expiry) |
391 | continue; |
392 | |
393 | /* keys that don't match */ |
394 | if (!match(key, description)) |
395 | continue; |
396 | |
397 | /* key must have search permissions */ |
398 | if (key_task_permission(make_key_ref(key, possessed), |
399 | cred, KEY_SEARCH) < 0) |
400 | continue; |
401 | |
402 | /* we set a different error code if we pass a negative key */ |
403 | if (kflags & (1 << KEY_FLAG_NEGATIVE)) { |
404 | err = key->type_data.reject_error; |
405 | continue; |
406 | } |
407 | |
408 | goto found; |
409 | } |
410 | |
411 | /* search through the keyrings nested in this one */ |
412 | kix = 0; |
413 | ascend: |
414 | for (; kix < keylist->nkeys; kix++) { |
415 | key = keylist->keys[kix]; |
416 | if (key->type != &key_type_keyring) |
417 | continue; |
418 | |
419 | /* recursively search nested keyrings |
420 | * - only search keyrings for which we have search permission |
421 | */ |
422 | if (sp >= KEYRING_SEARCH_MAX_DEPTH) |
423 | continue; |
424 | |
425 | if (key_task_permission(make_key_ref(key, possessed), |
426 | cred, KEY_SEARCH) < 0) |
427 | continue; |
428 | |
429 | /* stack the current position */ |
430 | stack[sp].keylist = keylist; |
431 | stack[sp].kix = kix; |
432 | sp++; |
433 | |
434 | /* begin again with the new keyring */ |
435 | keyring = key; |
436 | goto descend; |
437 | } |
438 | |
439 | /* the keyring we're looking at was disqualified or didn't contain a |
440 | * matching key */ |
441 | not_this_keyring: |
442 | if (sp > 0) { |
443 | /* resume the processing of a keyring higher up in the tree */ |
444 | sp--; |
445 | keylist = stack[sp].keylist; |
446 | kix = stack[sp].kix + 1; |
447 | goto ascend; |
448 | } |
449 | |
450 | key_ref = ERR_PTR(err); |
451 | goto error_2; |
452 | |
453 | /* we found a viable match */ |
454 | found: |
455 | atomic_inc(&key->usage); |
456 | key_check(key); |
457 | key_ref = make_key_ref(key, possessed); |
458 | error_2: |
459 | rcu_read_unlock(); |
460 | error: |
461 | return key_ref; |
462 | } |
463 | |
464 | /** |
465 | * keyring_search - Search the supplied keyring tree for a matching key |
466 | * @keyring: The root of the keyring tree to be searched. |
467 | * @type: The type of keyring we want to find. |
468 | * @description: The name of the keyring we want to find. |
469 | * |
470 | * As keyring_search_aux() above, but using the current task's credentials and |
471 | * type's default matching function. |
472 | */ |
473 | key_ref_t keyring_search(key_ref_t keyring, |
474 | struct key_type *type, |
475 | const char *description) |
476 | { |
477 | if (!type->match) |
478 | return ERR_PTR(-ENOKEY); |
479 | |
480 | return keyring_search_aux(keyring, current->cred, |
481 | type, description, type->match); |
482 | } |
483 | EXPORT_SYMBOL(keyring_search); |
484 | |
485 | /* |
486 | * Search the given keyring only (no recursion). |
487 | * |
488 | * The caller must guarantee that the keyring is a keyring and that the |
489 | * permission is granted to search the keyring as no check is made here. |
490 | * |
491 | * RCU is used to make it unnecessary to lock the keyring key list here. |
492 | * |
493 | * Returns a pointer to the found key with usage count incremented if |
494 | * successful and returns -ENOKEY if not found. Revoked keys and keys not |
495 | * providing the requested permission are skipped over. |
496 | * |
497 | * If successful, the possession indicator is propagated from the keyring ref |
498 | * to the returned key reference. |
499 | */ |
500 | key_ref_t __keyring_search_one(key_ref_t keyring_ref, |
501 | const struct key_type *ktype, |
502 | const char *description, |
503 | key_perm_t perm) |
504 | { |
505 | struct keyring_list *klist; |
506 | unsigned long possessed; |
507 | struct key *keyring, *key; |
508 | int loop; |
509 | |
510 | keyring = key_ref_to_ptr(keyring_ref); |
511 | possessed = is_key_possessed(keyring_ref); |
512 | |
513 | rcu_read_lock(); |
514 | |
515 | klist = rcu_dereference(keyring->payload.subscriptions); |
516 | if (klist) { |
517 | for (loop = 0; loop < klist->nkeys; loop++) { |
518 | key = klist->keys[loop]; |
519 | |
520 | if (key->type == ktype && |
521 | (!key->type->match || |
522 | key->type->match(key, description)) && |
523 | key_permission(make_key_ref(key, possessed), |
524 | perm) == 0 && |
525 | !test_bit(KEY_FLAG_REVOKED, &key->flags) |
526 | ) |
527 | goto found; |
528 | } |
529 | } |
530 | |
531 | rcu_read_unlock(); |
532 | return ERR_PTR(-ENOKEY); |
533 | |
534 | found: |
535 | atomic_inc(&key->usage); |
536 | rcu_read_unlock(); |
537 | return make_key_ref(key, possessed); |
538 | } |
539 | |
540 | /* |
541 | * Find a keyring with the specified name. |
542 | * |
543 | * All named keyrings in the current user namespace are searched, provided they |
544 | * grant Search permission directly to the caller (unless this check is |
545 | * skipped). Keyrings whose usage points have reached zero or who have been |
546 | * revoked are skipped. |
547 | * |
548 | * Returns a pointer to the keyring with the keyring's refcount having being |
549 | * incremented on success. -ENOKEY is returned if a key could not be found. |
550 | */ |
551 | struct key *find_keyring_by_name(const char *name, bool skip_perm_check) |
552 | { |
553 | struct key *keyring; |
554 | int bucket; |
555 | |
556 | if (!name) |
557 | return ERR_PTR(-EINVAL); |
558 | |
559 | bucket = keyring_hash(name); |
560 | |
561 | read_lock(&keyring_name_lock); |
562 | |
563 | if (keyring_name_hash[bucket].next) { |
564 | /* search this hash bucket for a keyring with a matching name |
565 | * that's readable and that hasn't been revoked */ |
566 | list_for_each_entry(keyring, |
567 | &keyring_name_hash[bucket], |
568 | type_data.link |
569 | ) { |
570 | if (keyring->user->user_ns != current_user_ns()) |
571 | continue; |
572 | |
573 | if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) |
574 | continue; |
575 | |
576 | if (strcmp(keyring->description, name) != 0) |
577 | continue; |
578 | |
579 | if (!skip_perm_check && |
580 | key_permission(make_key_ref(keyring, 0), |
581 | KEY_SEARCH) < 0) |
582 | continue; |
583 | |
584 | /* we've got a match but we might end up racing with |
585 | * key_cleanup() if the keyring is currently 'dead' |
586 | * (ie. it has a zero usage count) */ |
587 | if (!atomic_inc_not_zero(&keyring->usage)) |
588 | continue; |
589 | goto out; |
590 | } |
591 | } |
592 | |
593 | keyring = ERR_PTR(-ENOKEY); |
594 | out: |
595 | read_unlock(&keyring_name_lock); |
596 | return keyring; |
597 | } |
598 | |
599 | /* |
600 | * See if a cycle will will be created by inserting acyclic tree B in acyclic |
601 | * tree A at the topmost level (ie: as a direct child of A). |
602 | * |
603 | * Since we are adding B to A at the top level, checking for cycles should just |
604 | * be a matter of seeing if node A is somewhere in tree B. |
605 | */ |
606 | static int keyring_detect_cycle(struct key *A, struct key *B) |
607 | { |
608 | struct { |
609 | struct keyring_list *keylist; |
610 | int kix; |
611 | } stack[KEYRING_SEARCH_MAX_DEPTH]; |
612 | |
613 | struct keyring_list *keylist; |
614 | struct key *subtree, *key; |
615 | int sp, kix, ret; |
616 | |
617 | rcu_read_lock(); |
618 | |
619 | ret = -EDEADLK; |
620 | if (A == B) |
621 | goto cycle_detected; |
622 | |
623 | subtree = B; |
624 | sp = 0; |
625 | |
626 | /* start processing a new keyring */ |
627 | descend: |
628 | if (test_bit(KEY_FLAG_REVOKED, &subtree->flags)) |
629 | goto not_this_keyring; |
630 | |
631 | keylist = rcu_dereference(subtree->payload.subscriptions); |
632 | if (!keylist) |
633 | goto not_this_keyring; |
634 | kix = 0; |
635 | |
636 | ascend: |
637 | /* iterate through the remaining keys in this keyring */ |
638 | for (; kix < keylist->nkeys; kix++) { |
639 | key = keylist->keys[kix]; |
640 | |
641 | if (key == A) |
642 | goto cycle_detected; |
643 | |
644 | /* recursively check nested keyrings */ |
645 | if (key->type == &key_type_keyring) { |
646 | if (sp >= KEYRING_SEARCH_MAX_DEPTH) |
647 | goto too_deep; |
648 | |
649 | /* stack the current position */ |
650 | stack[sp].keylist = keylist; |
651 | stack[sp].kix = kix; |
652 | sp++; |
653 | |
654 | /* begin again with the new keyring */ |
655 | subtree = key; |
656 | goto descend; |
657 | } |
658 | } |
659 | |
660 | /* the keyring we're looking at was disqualified or didn't contain a |
661 | * matching key */ |
662 | not_this_keyring: |
663 | if (sp > 0) { |
664 | /* resume the checking of a keyring higher up in the tree */ |
665 | sp--; |
666 | keylist = stack[sp].keylist; |
667 | kix = stack[sp].kix + 1; |
668 | goto ascend; |
669 | } |
670 | |
671 | ret = 0; /* no cycles detected */ |
672 | |
673 | error: |
674 | rcu_read_unlock(); |
675 | return ret; |
676 | |
677 | too_deep: |
678 | ret = -ELOOP; |
679 | goto error; |
680 | |
681 | cycle_detected: |
682 | ret = -EDEADLK; |
683 | goto error; |
684 | } |
685 | |
686 | /* |
687 | * Dispose of a keyring list after the RCU grace period, freeing the unlinked |
688 | * key |
689 | */ |
690 | static void keyring_unlink_rcu_disposal(struct rcu_head *rcu) |
691 | { |
692 | struct keyring_list *klist = |
693 | container_of(rcu, struct keyring_list, rcu); |
694 | |
695 | if (klist->delkey != USHRT_MAX) |
696 | key_put(klist->keys[klist->delkey]); |
697 | kfree(klist); |
698 | } |
699 | |
700 | /* |
701 | * Preallocate memory so that a key can be linked into to a keyring. |
702 | */ |
703 | int __key_link_begin(struct key *keyring, const struct key_type *type, |
704 | const char *description, unsigned long *_prealloc) |
705 | __acquires(&keyring->sem) |
706 | { |
707 | struct keyring_list *klist, *nklist; |
708 | unsigned long prealloc; |
709 | unsigned max; |
710 | size_t size; |
711 | int loop, ret; |
712 | |
713 | kenter("%d,%s,%s,", key_serial(keyring), type->name, description); |
714 | |
715 | if (keyring->type != &key_type_keyring) |
716 | return -ENOTDIR; |
717 | |
718 | down_write(&keyring->sem); |
719 | |
720 | ret = -EKEYREVOKED; |
721 | if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) |
722 | goto error_krsem; |
723 | |
724 | /* serialise link/link calls to prevent parallel calls causing a cycle |
725 | * when linking two keyring in opposite orders */ |
726 | if (type == &key_type_keyring) |
727 | down_write(&keyring_serialise_link_sem); |
728 | |
729 | klist = rcu_dereference_locked_keyring(keyring); |
730 | |
731 | /* see if there's a matching key we can displace */ |
732 | if (klist && klist->nkeys > 0) { |
733 | for (loop = klist->nkeys - 1; loop >= 0; loop--) { |
734 | if (klist->keys[loop]->type == type && |
735 | strcmp(klist->keys[loop]->description, |
736 | description) == 0 |
737 | ) { |
738 | /* found a match - we'll replace this one with |
739 | * the new key */ |
740 | size = sizeof(struct key *) * klist->maxkeys; |
741 | size += sizeof(*klist); |
742 | BUG_ON(size > PAGE_SIZE); |
743 | |
744 | ret = -ENOMEM; |
745 | nklist = kmemdup(klist, size, GFP_KERNEL); |
746 | if (!nklist) |
747 | goto error_sem; |
748 | |
749 | /* note replacement slot */ |
750 | klist->delkey = nklist->delkey = loop; |
751 | prealloc = (unsigned long)nklist; |
752 | goto done; |
753 | } |
754 | } |
755 | } |
756 | |
757 | /* check that we aren't going to overrun the user's quota */ |
758 | ret = key_payload_reserve(keyring, |
759 | keyring->datalen + KEYQUOTA_LINK_BYTES); |
760 | if (ret < 0) |
761 | goto error_sem; |
762 | |
763 | if (klist && klist->nkeys < klist->maxkeys) { |
764 | /* there's sufficient slack space to append directly */ |
765 | nklist = NULL; |
766 | prealloc = KEY_LINK_FIXQUOTA; |
767 | } else { |
768 | /* grow the key list */ |
769 | max = 4; |
770 | if (klist) |
771 | max += klist->maxkeys; |
772 | |
773 | ret = -ENFILE; |
774 | if (max > USHRT_MAX - 1) |
775 | goto error_quota; |
776 | size = sizeof(*klist) + sizeof(struct key *) * max; |
777 | if (size > PAGE_SIZE) |
778 | goto error_quota; |
779 | |
780 | ret = -ENOMEM; |
781 | nklist = kmalloc(size, GFP_KERNEL); |
782 | if (!nklist) |
783 | goto error_quota; |
784 | |
785 | nklist->maxkeys = max; |
786 | if (klist) { |
787 | memcpy(nklist->keys, klist->keys, |
788 | sizeof(struct key *) * klist->nkeys); |
789 | nklist->delkey = klist->nkeys; |
790 | nklist->nkeys = klist->nkeys + 1; |
791 | klist->delkey = USHRT_MAX; |
792 | } else { |
793 | nklist->nkeys = 1; |
794 | nklist->delkey = 0; |
795 | } |
796 | |
797 | /* add the key into the new space */ |
798 | nklist->keys[nklist->delkey] = NULL; |
799 | } |
800 | |
801 | prealloc = (unsigned long)nklist | KEY_LINK_FIXQUOTA; |
802 | done: |
803 | *_prealloc = prealloc; |
804 | kleave(" = 0"); |
805 | return 0; |
806 | |
807 | error_quota: |
808 | /* undo the quota changes */ |
809 | key_payload_reserve(keyring, |
810 | keyring->datalen - KEYQUOTA_LINK_BYTES); |
811 | error_sem: |
812 | if (type == &key_type_keyring) |
813 | up_write(&keyring_serialise_link_sem); |
814 | error_krsem: |
815 | up_write(&keyring->sem); |
816 | kleave(" = %d", ret); |
817 | return ret; |
818 | } |
819 | |
820 | /* |
821 | * Check already instantiated keys aren't going to be a problem. |
822 | * |
823 | * The caller must have called __key_link_begin(). Don't need to call this for |
824 | * keys that were created since __key_link_begin() was called. |
825 | */ |
826 | int __key_link_check_live_key(struct key *keyring, struct key *key) |
827 | { |
828 | if (key->type == &key_type_keyring) |
829 | /* check that we aren't going to create a cycle by linking one |
830 | * keyring to another */ |
831 | return keyring_detect_cycle(keyring, key); |
832 | return 0; |
833 | } |
834 | |
835 | /* |
836 | * Link a key into to a keyring. |
837 | * |
838 | * Must be called with __key_link_begin() having being called. Discards any |
839 | * already extant link to matching key if there is one, so that each keyring |
840 | * holds at most one link to any given key of a particular type+description |
841 | * combination. |
842 | */ |
843 | void __key_link(struct key *keyring, struct key *key, |
844 | unsigned long *_prealloc) |
845 | { |
846 | struct keyring_list *klist, *nklist; |
847 | |
848 | nklist = (struct keyring_list *)(*_prealloc & ~KEY_LINK_FIXQUOTA); |
849 | *_prealloc = 0; |
850 | |
851 | kenter("%d,%d,%p", keyring->serial, key->serial, nklist); |
852 | |
853 | klist = rcu_dereference_protected(keyring->payload.subscriptions, |
854 | rwsem_is_locked(&keyring->sem)); |
855 | |
856 | atomic_inc(&key->usage); |
857 | |
858 | /* there's a matching key we can displace or an empty slot in a newly |
859 | * allocated list we can fill */ |
860 | if (nklist) { |
861 | kdebug("replace %hu/%hu/%hu", |
862 | nklist->delkey, nklist->nkeys, nklist->maxkeys); |
863 | |
864 | nklist->keys[nklist->delkey] = key; |
865 | |
866 | rcu_assign_pointer(keyring->payload.subscriptions, nklist); |
867 | |
868 | /* dispose of the old keyring list and, if there was one, the |
869 | * displaced key */ |
870 | if (klist) { |
871 | kdebug("dispose %hu/%hu/%hu", |
872 | klist->delkey, klist->nkeys, klist->maxkeys); |
873 | call_rcu(&klist->rcu, keyring_unlink_rcu_disposal); |
874 | } |
875 | } else { |
876 | /* there's sufficient slack space to append directly */ |
877 | klist->keys[klist->nkeys] = key; |
878 | smp_wmb(); |
879 | klist->nkeys++; |
880 | } |
881 | } |
882 | |
883 | /* |
884 | * Finish linking a key into to a keyring. |
885 | * |
886 | * Must be called with __key_link_begin() having being called. |
887 | */ |
888 | void __key_link_end(struct key *keyring, struct key_type *type, |
889 | unsigned long prealloc) |
890 | __releases(&keyring->sem) |
891 | { |
892 | BUG_ON(type == NULL); |
893 | BUG_ON(type->name == NULL); |
894 | kenter("%d,%s,%lx", keyring->serial, type->name, prealloc); |
895 | |
896 | if (type == &key_type_keyring) |
897 | up_write(&keyring_serialise_link_sem); |
898 | |
899 | if (prealloc) { |
900 | if (prealloc & KEY_LINK_FIXQUOTA) |
901 | key_payload_reserve(keyring, |
902 | keyring->datalen - |
903 | KEYQUOTA_LINK_BYTES); |
904 | kfree((struct keyring_list *)(prealloc & ~KEY_LINK_FIXQUOTA)); |
905 | } |
906 | up_write(&keyring->sem); |
907 | } |
908 | |
909 | /** |
910 | * key_link - Link a key to a keyring |
911 | * @keyring: The keyring to make the link in. |
912 | * @key: The key to link to. |
913 | * |
914 | * Make a link in a keyring to a key, such that the keyring holds a reference |
915 | * on that key and the key can potentially be found by searching that keyring. |
916 | * |
917 | * This function will write-lock the keyring's semaphore and will consume some |
918 | * of the user's key data quota to hold the link. |
919 | * |
920 | * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring, |
921 | * -EKEYREVOKED if the keyring has been revoked, -ENFILE if the keyring is |
922 | * full, -EDQUOT if there is insufficient key data quota remaining to add |
923 | * another link or -ENOMEM if there's insufficient memory. |
924 | * |
925 | * It is assumed that the caller has checked that it is permitted for a link to |
926 | * be made (the keyring should have Write permission and the key Link |
927 | * permission). |
928 | */ |
929 | int key_link(struct key *keyring, struct key *key) |
930 | { |
931 | unsigned long prealloc; |
932 | int ret; |
933 | |
934 | key_check(keyring); |
935 | key_check(key); |
936 | |
937 | ret = __key_link_begin(keyring, key->type, key->description, &prealloc); |
938 | if (ret == 0) { |
939 | ret = __key_link_check_live_key(keyring, key); |
940 | if (ret == 0) |
941 | __key_link(keyring, key, &prealloc); |
942 | __key_link_end(keyring, key->type, prealloc); |
943 | } |
944 | |
945 | return ret; |
946 | } |
947 | EXPORT_SYMBOL(key_link); |
948 | |
949 | /** |
950 | * key_unlink - Unlink the first link to a key from a keyring. |
951 | * @keyring: The keyring to remove the link from. |
952 | * @key: The key the link is to. |
953 | * |
954 | * Remove a link from a keyring to a key. |
955 | * |
956 | * This function will write-lock the keyring's semaphore. |
957 | * |
958 | * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring, -ENOENT if |
959 | * the key isn't linked to by the keyring or -ENOMEM if there's insufficient |
960 | * memory. |
961 | * |
962 | * It is assumed that the caller has checked that it is permitted for a link to |
963 | * be removed (the keyring should have Write permission; no permissions are |
964 | * required on the key). |
965 | */ |
966 | int key_unlink(struct key *keyring, struct key *key) |
967 | { |
968 | struct keyring_list *klist, *nklist; |
969 | int loop, ret; |
970 | |
971 | key_check(keyring); |
972 | key_check(key); |
973 | |
974 | ret = -ENOTDIR; |
975 | if (keyring->type != &key_type_keyring) |
976 | goto error; |
977 | |
978 | down_write(&keyring->sem); |
979 | |
980 | klist = rcu_dereference_locked_keyring(keyring); |
981 | if (klist) { |
982 | /* search the keyring for the key */ |
983 | for (loop = 0; loop < klist->nkeys; loop++) |
984 | if (klist->keys[loop] == key) |
985 | goto key_is_present; |
986 | } |
987 | |
988 | up_write(&keyring->sem); |
989 | ret = -ENOENT; |
990 | goto error; |
991 | |
992 | key_is_present: |
993 | /* we need to copy the key list for RCU purposes */ |
994 | nklist = kmalloc(sizeof(*klist) + |
995 | sizeof(struct key *) * klist->maxkeys, |
996 | GFP_KERNEL); |
997 | if (!nklist) |
998 | goto nomem; |
999 | nklist->maxkeys = klist->maxkeys; |
1000 | nklist->nkeys = klist->nkeys - 1; |
1001 | |
1002 | if (loop > 0) |
1003 | memcpy(&nklist->keys[0], |
1004 | &klist->keys[0], |
1005 | loop * sizeof(struct key *)); |
1006 | |
1007 | if (loop < nklist->nkeys) |
1008 | memcpy(&nklist->keys[loop], |
1009 | &klist->keys[loop + 1], |
1010 | (nklist->nkeys - loop) * sizeof(struct key *)); |
1011 | |
1012 | /* adjust the user's quota */ |
1013 | key_payload_reserve(keyring, |
1014 | keyring->datalen - KEYQUOTA_LINK_BYTES); |
1015 | |
1016 | rcu_assign_pointer(keyring->payload.subscriptions, nklist); |
1017 | |
1018 | up_write(&keyring->sem); |
1019 | |
1020 | /* schedule for later cleanup */ |
1021 | klist->delkey = loop; |
1022 | call_rcu(&klist->rcu, keyring_unlink_rcu_disposal); |
1023 | |
1024 | ret = 0; |
1025 | |
1026 | error: |
1027 | return ret; |
1028 | nomem: |
1029 | ret = -ENOMEM; |
1030 | up_write(&keyring->sem); |
1031 | goto error; |
1032 | } |
1033 | EXPORT_SYMBOL(key_unlink); |
1034 | |
1035 | /* |
1036 | * Dispose of a keyring list after the RCU grace period, releasing the keys it |
1037 | * links to. |
1038 | */ |
1039 | static void keyring_clear_rcu_disposal(struct rcu_head *rcu) |
1040 | { |
1041 | struct keyring_list *klist; |
1042 | int loop; |
1043 | |
1044 | klist = container_of(rcu, struct keyring_list, rcu); |
1045 | |
1046 | for (loop = klist->nkeys - 1; loop >= 0; loop--) |
1047 | key_put(klist->keys[loop]); |
1048 | |
1049 | kfree(klist); |
1050 | } |
1051 | |
1052 | /** |
1053 | * keyring_clear - Clear a keyring |
1054 | * @keyring: The keyring to clear. |
1055 | * |
1056 | * Clear the contents of the specified keyring. |
1057 | * |
1058 | * Returns 0 if successful or -ENOTDIR if the keyring isn't a keyring. |
1059 | */ |
1060 | int keyring_clear(struct key *keyring) |
1061 | { |
1062 | struct keyring_list *klist; |
1063 | int ret; |
1064 | |
1065 | ret = -ENOTDIR; |
1066 | if (keyring->type == &key_type_keyring) { |
1067 | /* detach the pointer block with the locks held */ |
1068 | down_write(&keyring->sem); |
1069 | |
1070 | klist = rcu_dereference_locked_keyring(keyring); |
1071 | if (klist) { |
1072 | /* adjust the quota */ |
1073 | key_payload_reserve(keyring, |
1074 | sizeof(struct keyring_list)); |
1075 | |
1076 | rcu_assign_pointer(keyring->payload.subscriptions, |
1077 | NULL); |
1078 | } |
1079 | |
1080 | up_write(&keyring->sem); |
1081 | |
1082 | /* free the keys after the locks have been dropped */ |
1083 | if (klist) |
1084 | call_rcu(&klist->rcu, keyring_clear_rcu_disposal); |
1085 | |
1086 | ret = 0; |
1087 | } |
1088 | |
1089 | return ret; |
1090 | } |
1091 | EXPORT_SYMBOL(keyring_clear); |
1092 | |
1093 | /* |
1094 | * Dispose of the links from a revoked keyring. |
1095 | * |
1096 | * This is called with the key sem write-locked. |
1097 | */ |
1098 | static void keyring_revoke(struct key *keyring) |
1099 | { |
1100 | struct keyring_list *klist; |
1101 | |
1102 | klist = rcu_dereference_locked_keyring(keyring); |
1103 | |
1104 | /* adjust the quota */ |
1105 | key_payload_reserve(keyring, 0); |
1106 | |
1107 | if (klist) { |
1108 | rcu_assign_pointer(keyring->payload.subscriptions, NULL); |
1109 | call_rcu(&klist->rcu, keyring_clear_rcu_disposal); |
1110 | } |
1111 | } |
1112 | |
1113 | /* |
1114 | * Determine whether a key is dead. |
1115 | */ |
1116 | static bool key_is_dead(struct key *key, time_t limit) |
1117 | { |
1118 | return test_bit(KEY_FLAG_DEAD, &key->flags) || |
1119 | (key->expiry > 0 && key->expiry <= limit); |
1120 | } |
1121 | |
1122 | /* |
1123 | * Collect garbage from the contents of a keyring, replacing the old list with |
1124 | * a new one with the pointers all shuffled down. |
1125 | * |
1126 | * Dead keys are classed as oned that are flagged as being dead or are revoked, |
1127 | * expired or negative keys that were revoked or expired before the specified |
1128 | * limit. |
1129 | */ |
1130 | void keyring_gc(struct key *keyring, time_t limit) |
1131 | { |
1132 | struct keyring_list *klist, *new; |
1133 | struct key *key; |
1134 | int loop, keep, max; |
1135 | |
1136 | kenter("{%x,%s}", key_serial(keyring), keyring->description); |
1137 | |
1138 | down_write(&keyring->sem); |
1139 | |
1140 | klist = rcu_dereference_locked_keyring(keyring); |
1141 | if (!klist) |
1142 | goto no_klist; |
1143 | |
1144 | /* work out how many subscriptions we're keeping */ |
1145 | keep = 0; |
1146 | for (loop = klist->nkeys - 1; loop >= 0; loop--) |
1147 | if (!key_is_dead(klist->keys[loop], limit)) |
1148 | keep++; |
1149 | |
1150 | if (keep == klist->nkeys) |
1151 | goto just_return; |
1152 | |
1153 | /* allocate a new keyring payload */ |
1154 | max = roundup(keep, 4); |
1155 | new = kmalloc(sizeof(struct keyring_list) + max * sizeof(struct key *), |
1156 | GFP_KERNEL); |
1157 | if (!new) |
1158 | goto nomem; |
1159 | new->maxkeys = max; |
1160 | new->nkeys = 0; |
1161 | new->delkey = 0; |
1162 | |
1163 | /* install the live keys |
1164 | * - must take care as expired keys may be updated back to life |
1165 | */ |
1166 | keep = 0; |
1167 | for (loop = klist->nkeys - 1; loop >= 0; loop--) { |
1168 | key = klist->keys[loop]; |
1169 | if (!key_is_dead(key, limit)) { |
1170 | if (keep >= max) |
1171 | goto discard_new; |
1172 | new->keys[keep++] = key_get(key); |
1173 | } |
1174 | } |
1175 | new->nkeys = keep; |
1176 | |
1177 | /* adjust the quota */ |
1178 | key_payload_reserve(keyring, |
1179 | sizeof(struct keyring_list) + |
1180 | KEYQUOTA_LINK_BYTES * keep); |
1181 | |
1182 | if (keep == 0) { |
1183 | rcu_assign_pointer(keyring->payload.subscriptions, NULL); |
1184 | kfree(new); |
1185 | } else { |
1186 | rcu_assign_pointer(keyring->payload.subscriptions, new); |
1187 | } |
1188 | |
1189 | up_write(&keyring->sem); |
1190 | |
1191 | call_rcu(&klist->rcu, keyring_clear_rcu_disposal); |
1192 | kleave(" [yes]"); |
1193 | return; |
1194 | |
1195 | discard_new: |
1196 | new->nkeys = keep; |
1197 | keyring_clear_rcu_disposal(&new->rcu); |
1198 | up_write(&keyring->sem); |
1199 | kleave(" [discard]"); |
1200 | return; |
1201 | |
1202 | just_return: |
1203 | up_write(&keyring->sem); |
1204 | kleave(" [no dead]"); |
1205 | return; |
1206 | |
1207 | no_klist: |
1208 | up_write(&keyring->sem); |
1209 | kleave(" [no_klist]"); |
1210 | return; |
1211 | |
1212 | nomem: |
1213 | up_write(&keyring->sem); |
1214 | kleave(" [oom]"); |
1215 | } |
1216 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9