Root/
1 | /* Keyring handling |
2 | * |
3 | * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * |
6 | * This program is free software; you can redistribute it and/or |
7 | * modify it under the terms of the GNU General Public License |
8 | * as published by the Free Software Foundation; either version |
9 | * 2 of the License, or (at your option) any later version. |
10 | */ |
11 | |
12 | #include <linux/module.h> |
13 | #include <linux/init.h> |
14 | #include <linux/sched.h> |
15 | #include <linux/slab.h> |
16 | #include <linux/security.h> |
17 | #include <linux/seq_file.h> |
18 | #include <linux/err.h> |
19 | #include <keys/keyring-type.h> |
20 | #include <asm/uaccess.h> |
21 | #include "internal.h" |
22 | |
23 | #define rcu_dereference_locked_keyring(keyring) \ |
24 | (rcu_dereference_protected( \ |
25 | (keyring)->payload.subscriptions, \ |
26 | rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem))) |
27 | |
28 | /* |
29 | * when plumbing the depths of the key tree, this sets a hard limit set on how |
30 | * deep we're willing to go |
31 | */ |
32 | #define KEYRING_SEARCH_MAX_DEPTH 6 |
33 | |
34 | /* |
35 | * we keep all named keyrings in a hash to speed looking them up |
36 | */ |
37 | #define KEYRING_NAME_HASH_SIZE (1 << 5) |
38 | |
39 | static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE]; |
40 | static DEFINE_RWLOCK(keyring_name_lock); |
41 | |
42 | static inline unsigned keyring_hash(const char *desc) |
43 | { |
44 | unsigned bucket = 0; |
45 | |
46 | for (; *desc; desc++) |
47 | bucket += (unsigned char) *desc; |
48 | |
49 | return bucket & (KEYRING_NAME_HASH_SIZE - 1); |
50 | } |
51 | |
52 | /* |
53 | * the keyring type definition |
54 | */ |
55 | static int keyring_instantiate(struct key *keyring, |
56 | const void *data, size_t datalen); |
57 | static int keyring_match(const struct key *keyring, const void *criterion); |
58 | static void keyring_revoke(struct key *keyring); |
59 | static void keyring_destroy(struct key *keyring); |
60 | static void keyring_describe(const struct key *keyring, struct seq_file *m); |
61 | static long keyring_read(const struct key *keyring, |
62 | char __user *buffer, size_t buflen); |
63 | |
64 | struct key_type key_type_keyring = { |
65 | .name = "keyring", |
66 | .def_datalen = sizeof(struct keyring_list), |
67 | .instantiate = keyring_instantiate, |
68 | .match = keyring_match, |
69 | .revoke = keyring_revoke, |
70 | .destroy = keyring_destroy, |
71 | .describe = keyring_describe, |
72 | .read = keyring_read, |
73 | }; |
74 | |
75 | EXPORT_SYMBOL(key_type_keyring); |
76 | |
77 | /* |
78 | * semaphore to serialise link/link calls to prevent two link calls in parallel |
79 | * introducing a cycle |
80 | */ |
81 | static DECLARE_RWSEM(keyring_serialise_link_sem); |
82 | |
83 | /*****************************************************************************/ |
84 | /* |
85 | * publish the name of a keyring so that it can be found by name (if it has |
86 | * one) |
87 | */ |
88 | static void keyring_publish_name(struct key *keyring) |
89 | { |
90 | int bucket; |
91 | |
92 | if (keyring->description) { |
93 | bucket = keyring_hash(keyring->description); |
94 | |
95 | write_lock(&keyring_name_lock); |
96 | |
97 | if (!keyring_name_hash[bucket].next) |
98 | INIT_LIST_HEAD(&keyring_name_hash[bucket]); |
99 | |
100 | list_add_tail(&keyring->type_data.link, |
101 | &keyring_name_hash[bucket]); |
102 | |
103 | write_unlock(&keyring_name_lock); |
104 | } |
105 | |
106 | } /* end keyring_publish_name() */ |
107 | |
108 | /*****************************************************************************/ |
109 | /* |
110 | * initialise a keyring |
111 | * - we object if we were given any data |
112 | */ |
113 | static int keyring_instantiate(struct key *keyring, |
114 | const void *data, size_t datalen) |
115 | { |
116 | int ret; |
117 | |
118 | ret = -EINVAL; |
119 | if (datalen == 0) { |
120 | /* make the keyring available by name if it has one */ |
121 | keyring_publish_name(keyring); |
122 | ret = 0; |
123 | } |
124 | |
125 | return ret; |
126 | |
127 | } /* end keyring_instantiate() */ |
128 | |
129 | /*****************************************************************************/ |
130 | /* |
131 | * match keyrings on their name |
132 | */ |
133 | static int keyring_match(const struct key *keyring, const void *description) |
134 | { |
135 | return keyring->description && |
136 | strcmp(keyring->description, description) == 0; |
137 | |
138 | } /* end keyring_match() */ |
139 | |
140 | /*****************************************************************************/ |
141 | /* |
142 | * dispose of the data dangling from the corpse of a keyring |
143 | */ |
144 | static void keyring_destroy(struct key *keyring) |
145 | { |
146 | struct keyring_list *klist; |
147 | int loop; |
148 | |
149 | if (keyring->description) { |
150 | write_lock(&keyring_name_lock); |
151 | |
152 | if (keyring->type_data.link.next != NULL && |
153 | !list_empty(&keyring->type_data.link)) |
154 | list_del(&keyring->type_data.link); |
155 | |
156 | write_unlock(&keyring_name_lock); |
157 | } |
158 | |
159 | klist = rcu_dereference_check(keyring->payload.subscriptions, |
160 | rcu_read_lock_held() || |
161 | atomic_read(&keyring->usage) == 0); |
162 | if (klist) { |
163 | for (loop = klist->nkeys - 1; loop >= 0; loop--) |
164 | key_put(klist->keys[loop]); |
165 | kfree(klist); |
166 | } |
167 | |
168 | } /* end keyring_destroy() */ |
169 | |
170 | /*****************************************************************************/ |
171 | /* |
172 | * describe the keyring |
173 | */ |
174 | static void keyring_describe(const struct key *keyring, struct seq_file *m) |
175 | { |
176 | struct keyring_list *klist; |
177 | |
178 | if (keyring->description) { |
179 | seq_puts(m, keyring->description); |
180 | } |
181 | else { |
182 | seq_puts(m, "[anon]"); |
183 | } |
184 | |
185 | rcu_read_lock(); |
186 | klist = rcu_dereference(keyring->payload.subscriptions); |
187 | if (klist) |
188 | seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys); |
189 | else |
190 | seq_puts(m, ": empty"); |
191 | rcu_read_unlock(); |
192 | |
193 | } /* end keyring_describe() */ |
194 | |
195 | /*****************************************************************************/ |
196 | /* |
197 | * read a list of key IDs from the keyring's contents |
198 | * - the keyring's semaphore is read-locked |
199 | */ |
200 | static long keyring_read(const struct key *keyring, |
201 | char __user *buffer, size_t buflen) |
202 | { |
203 | struct keyring_list *klist; |
204 | struct key *key; |
205 | size_t qty, tmp; |
206 | int loop, ret; |
207 | |
208 | ret = 0; |
209 | klist = rcu_dereference_locked_keyring(keyring); |
210 | if (klist) { |
211 | /* calculate how much data we could return */ |
212 | qty = klist->nkeys * sizeof(key_serial_t); |
213 | |
214 | if (buffer && buflen > 0) { |
215 | if (buflen > qty) |
216 | buflen = qty; |
217 | |
218 | /* copy the IDs of the subscribed keys into the |
219 | * buffer */ |
220 | ret = -EFAULT; |
221 | |
222 | for (loop = 0; loop < klist->nkeys; loop++) { |
223 | key = klist->keys[loop]; |
224 | |
225 | tmp = sizeof(key_serial_t); |
226 | if (tmp > buflen) |
227 | tmp = buflen; |
228 | |
229 | if (copy_to_user(buffer, |
230 | &key->serial, |
231 | tmp) != 0) |
232 | goto error; |
233 | |
234 | buflen -= tmp; |
235 | if (buflen == 0) |
236 | break; |
237 | buffer += tmp; |
238 | } |
239 | } |
240 | |
241 | ret = qty; |
242 | } |
243 | |
244 | error: |
245 | return ret; |
246 | |
247 | } /* end keyring_read() */ |
248 | |
249 | /*****************************************************************************/ |
250 | /* |
251 | * allocate a keyring and link into the destination keyring |
252 | */ |
253 | struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, |
254 | const struct cred *cred, unsigned long flags, |
255 | struct key *dest) |
256 | { |
257 | struct key *keyring; |
258 | int ret; |
259 | |
260 | keyring = key_alloc(&key_type_keyring, description, |
261 | uid, gid, cred, |
262 | (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, |
263 | flags); |
264 | |
265 | if (!IS_ERR(keyring)) { |
266 | ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL); |
267 | if (ret < 0) { |
268 | key_put(keyring); |
269 | keyring = ERR_PTR(ret); |
270 | } |
271 | } |
272 | |
273 | return keyring; |
274 | |
275 | } /* end keyring_alloc() */ |
276 | |
277 | /*****************************************************************************/ |
278 | /* |
279 | * search the supplied keyring tree for a key that matches the criterion |
280 | * - perform a breadth-then-depth search up to the prescribed limit |
281 | * - we only find keys on which we have search permission |
282 | * - we use the supplied match function to see if the description (or other |
283 | * feature of interest) matches |
284 | * - we rely on RCU to prevent the keyring lists from disappearing on us |
285 | * - we return -EAGAIN if we didn't find any matching key |
286 | * - we return -ENOKEY if we only found negative matching keys |
287 | * - we propagate the possession attribute from the keyring ref to the key ref |
288 | */ |
289 | key_ref_t keyring_search_aux(key_ref_t keyring_ref, |
290 | const struct cred *cred, |
291 | struct key_type *type, |
292 | const void *description, |
293 | key_match_func_t match) |
294 | { |
295 | struct { |
296 | struct keyring_list *keylist; |
297 | int kix; |
298 | } stack[KEYRING_SEARCH_MAX_DEPTH]; |
299 | |
300 | struct keyring_list *keylist; |
301 | struct timespec now; |
302 | unsigned long possessed, kflags; |
303 | struct key *keyring, *key; |
304 | key_ref_t key_ref; |
305 | long err; |
306 | int sp, kix; |
307 | |
308 | keyring = key_ref_to_ptr(keyring_ref); |
309 | possessed = is_key_possessed(keyring_ref); |
310 | key_check(keyring); |
311 | |
312 | /* top keyring must have search permission to begin the search */ |
313 | err = key_task_permission(keyring_ref, cred, KEY_SEARCH); |
314 | if (err < 0) { |
315 | key_ref = ERR_PTR(err); |
316 | goto error; |
317 | } |
318 | |
319 | key_ref = ERR_PTR(-ENOTDIR); |
320 | if (keyring->type != &key_type_keyring) |
321 | goto error; |
322 | |
323 | rcu_read_lock(); |
324 | |
325 | now = current_kernel_time(); |
326 | err = -EAGAIN; |
327 | sp = 0; |
328 | |
329 | /* firstly we should check to see if this top-level keyring is what we |
330 | * are looking for */ |
331 | key_ref = ERR_PTR(-EAGAIN); |
332 | kflags = keyring->flags; |
333 | if (keyring->type == type && match(keyring, description)) { |
334 | key = keyring; |
335 | |
336 | /* check it isn't negative and hasn't expired or been |
337 | * revoked */ |
338 | if (kflags & (1 << KEY_FLAG_REVOKED)) |
339 | goto error_2; |
340 | if (key->expiry && now.tv_sec >= key->expiry) |
341 | goto error_2; |
342 | key_ref = ERR_PTR(-ENOKEY); |
343 | if (kflags & (1 << KEY_FLAG_NEGATIVE)) |
344 | goto error_2; |
345 | goto found; |
346 | } |
347 | |
348 | /* otherwise, the top keyring must not be revoked, expired, or |
349 | * negatively instantiated if we are to search it */ |
350 | key_ref = ERR_PTR(-EAGAIN); |
351 | if (kflags & ((1 << KEY_FLAG_REVOKED) | (1 << KEY_FLAG_NEGATIVE)) || |
352 | (keyring->expiry && now.tv_sec >= keyring->expiry)) |
353 | goto error_2; |
354 | |
355 | /* start processing a new keyring */ |
356 | descend: |
357 | if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) |
358 | goto not_this_keyring; |
359 | |
360 | keylist = rcu_dereference(keyring->payload.subscriptions); |
361 | if (!keylist) |
362 | goto not_this_keyring; |
363 | |
364 | /* iterate through the keys in this keyring first */ |
365 | for (kix = 0; kix < keylist->nkeys; kix++) { |
366 | key = keylist->keys[kix]; |
367 | kflags = key->flags; |
368 | |
369 | /* ignore keys not of this type */ |
370 | if (key->type != type) |
371 | continue; |
372 | |
373 | /* skip revoked keys and expired keys */ |
374 | if (kflags & (1 << KEY_FLAG_REVOKED)) |
375 | continue; |
376 | |
377 | if (key->expiry && now.tv_sec >= key->expiry) |
378 | continue; |
379 | |
380 | /* keys that don't match */ |
381 | if (!match(key, description)) |
382 | continue; |
383 | |
384 | /* key must have search permissions */ |
385 | if (key_task_permission(make_key_ref(key, possessed), |
386 | cred, KEY_SEARCH) < 0) |
387 | continue; |
388 | |
389 | /* we set a different error code if we pass a negative key */ |
390 | if (kflags & (1 << KEY_FLAG_NEGATIVE)) { |
391 | err = -ENOKEY; |
392 | continue; |
393 | } |
394 | |
395 | goto found; |
396 | } |
397 | |
398 | /* search through the keyrings nested in this one */ |
399 | kix = 0; |
400 | ascend: |
401 | for (; kix < keylist->nkeys; kix++) { |
402 | key = keylist->keys[kix]; |
403 | if (key->type != &key_type_keyring) |
404 | continue; |
405 | |
406 | /* recursively search nested keyrings |
407 | * - only search keyrings for which we have search permission |
408 | */ |
409 | if (sp >= KEYRING_SEARCH_MAX_DEPTH) |
410 | continue; |
411 | |
412 | if (key_task_permission(make_key_ref(key, possessed), |
413 | cred, KEY_SEARCH) < 0) |
414 | continue; |
415 | |
416 | /* stack the current position */ |
417 | stack[sp].keylist = keylist; |
418 | stack[sp].kix = kix; |
419 | sp++; |
420 | |
421 | /* begin again with the new keyring */ |
422 | keyring = key; |
423 | goto descend; |
424 | } |
425 | |
426 | /* the keyring we're looking at was disqualified or didn't contain a |
427 | * matching key */ |
428 | not_this_keyring: |
429 | if (sp > 0) { |
430 | /* resume the processing of a keyring higher up in the tree */ |
431 | sp--; |
432 | keylist = stack[sp].keylist; |
433 | kix = stack[sp].kix + 1; |
434 | goto ascend; |
435 | } |
436 | |
437 | key_ref = ERR_PTR(err); |
438 | goto error_2; |
439 | |
440 | /* we found a viable match */ |
441 | found: |
442 | atomic_inc(&key->usage); |
443 | key_check(key); |
444 | key_ref = make_key_ref(key, possessed); |
445 | error_2: |
446 | rcu_read_unlock(); |
447 | error: |
448 | return key_ref; |
449 | |
450 | } /* end keyring_search_aux() */ |
451 | |
452 | /*****************************************************************************/ |
453 | /* |
454 | * search the supplied keyring tree for a key that matches the criterion |
455 | * - perform a breadth-then-depth search up to the prescribed limit |
456 | * - we only find keys on which we have search permission |
457 | * - we readlock the keyrings as we search down the tree |
458 | * - we return -EAGAIN if we didn't find any matching key |
459 | * - we return -ENOKEY if we only found negative matching keys |
460 | */ |
461 | key_ref_t keyring_search(key_ref_t keyring, |
462 | struct key_type *type, |
463 | const char *description) |
464 | { |
465 | if (!type->match) |
466 | return ERR_PTR(-ENOKEY); |
467 | |
468 | return keyring_search_aux(keyring, current->cred, |
469 | type, description, type->match); |
470 | |
471 | } /* end keyring_search() */ |
472 | |
473 | EXPORT_SYMBOL(keyring_search); |
474 | |
475 | /*****************************************************************************/ |
476 | /* |
477 | * search the given keyring only (no recursion) |
478 | * - keyring must be locked by caller |
479 | * - caller must guarantee that the keyring is a keyring |
480 | */ |
481 | key_ref_t __keyring_search_one(key_ref_t keyring_ref, |
482 | const struct key_type *ktype, |
483 | const char *description, |
484 | key_perm_t perm) |
485 | { |
486 | struct keyring_list *klist; |
487 | unsigned long possessed; |
488 | struct key *keyring, *key; |
489 | int loop; |
490 | |
491 | keyring = key_ref_to_ptr(keyring_ref); |
492 | possessed = is_key_possessed(keyring_ref); |
493 | |
494 | rcu_read_lock(); |
495 | |
496 | klist = rcu_dereference(keyring->payload.subscriptions); |
497 | if (klist) { |
498 | for (loop = 0; loop < klist->nkeys; loop++) { |
499 | key = klist->keys[loop]; |
500 | |
501 | if (key->type == ktype && |
502 | (!key->type->match || |
503 | key->type->match(key, description)) && |
504 | key_permission(make_key_ref(key, possessed), |
505 | perm) == 0 && |
506 | !test_bit(KEY_FLAG_REVOKED, &key->flags) |
507 | ) |
508 | goto found; |
509 | } |
510 | } |
511 | |
512 | rcu_read_unlock(); |
513 | return ERR_PTR(-ENOKEY); |
514 | |
515 | found: |
516 | atomic_inc(&key->usage); |
517 | rcu_read_unlock(); |
518 | return make_key_ref(key, possessed); |
519 | |
520 | } /* end __keyring_search_one() */ |
521 | |
522 | /*****************************************************************************/ |
523 | /* |
524 | * find a keyring with the specified name |
525 | * - all named keyrings are searched |
526 | * - normally only finds keyrings with search permission for the current process |
527 | */ |
528 | struct key *find_keyring_by_name(const char *name, bool skip_perm_check) |
529 | { |
530 | struct key *keyring; |
531 | int bucket; |
532 | |
533 | if (!name) |
534 | return ERR_PTR(-EINVAL); |
535 | |
536 | bucket = keyring_hash(name); |
537 | |
538 | read_lock(&keyring_name_lock); |
539 | |
540 | if (keyring_name_hash[bucket].next) { |
541 | /* search this hash bucket for a keyring with a matching name |
542 | * that's readable and that hasn't been revoked */ |
543 | list_for_each_entry(keyring, |
544 | &keyring_name_hash[bucket], |
545 | type_data.link |
546 | ) { |
547 | if (keyring->user->user_ns != current_user_ns()) |
548 | continue; |
549 | |
550 | if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) |
551 | continue; |
552 | |
553 | if (strcmp(keyring->description, name) != 0) |
554 | continue; |
555 | |
556 | if (!skip_perm_check && |
557 | key_permission(make_key_ref(keyring, 0), |
558 | KEY_SEARCH) < 0) |
559 | continue; |
560 | |
561 | /* we've got a match but we might end up racing with |
562 | * key_cleanup() if the keyring is currently 'dead' |
563 | * (ie. it has a zero usage count) */ |
564 | if (!atomic_inc_not_zero(&keyring->usage)) |
565 | continue; |
566 | goto out; |
567 | } |
568 | } |
569 | |
570 | keyring = ERR_PTR(-ENOKEY); |
571 | out: |
572 | read_unlock(&keyring_name_lock); |
573 | return keyring; |
574 | |
575 | } /* end find_keyring_by_name() */ |
576 | |
577 | /*****************************************************************************/ |
578 | /* |
579 | * see if a cycle will will be created by inserting acyclic tree B in acyclic |
580 | * tree A at the topmost level (ie: as a direct child of A) |
581 | * - since we are adding B to A at the top level, checking for cycles should |
582 | * just be a matter of seeing if node A is somewhere in tree B |
583 | */ |
584 | static int keyring_detect_cycle(struct key *A, struct key *B) |
585 | { |
586 | struct { |
587 | struct keyring_list *keylist; |
588 | int kix; |
589 | } stack[KEYRING_SEARCH_MAX_DEPTH]; |
590 | |
591 | struct keyring_list *keylist; |
592 | struct key *subtree, *key; |
593 | int sp, kix, ret; |
594 | |
595 | rcu_read_lock(); |
596 | |
597 | ret = -EDEADLK; |
598 | if (A == B) |
599 | goto cycle_detected; |
600 | |
601 | subtree = B; |
602 | sp = 0; |
603 | |
604 | /* start processing a new keyring */ |
605 | descend: |
606 | if (test_bit(KEY_FLAG_REVOKED, &subtree->flags)) |
607 | goto not_this_keyring; |
608 | |
609 | keylist = rcu_dereference(subtree->payload.subscriptions); |
610 | if (!keylist) |
611 | goto not_this_keyring; |
612 | kix = 0; |
613 | |
614 | ascend: |
615 | /* iterate through the remaining keys in this keyring */ |
616 | for (; kix < keylist->nkeys; kix++) { |
617 | key = keylist->keys[kix]; |
618 | |
619 | if (key == A) |
620 | goto cycle_detected; |
621 | |
622 | /* recursively check nested keyrings */ |
623 | if (key->type == &key_type_keyring) { |
624 | if (sp >= KEYRING_SEARCH_MAX_DEPTH) |
625 | goto too_deep; |
626 | |
627 | /* stack the current position */ |
628 | stack[sp].keylist = keylist; |
629 | stack[sp].kix = kix; |
630 | sp++; |
631 | |
632 | /* begin again with the new keyring */ |
633 | subtree = key; |
634 | goto descend; |
635 | } |
636 | } |
637 | |
638 | /* the keyring we're looking at was disqualified or didn't contain a |
639 | * matching key */ |
640 | not_this_keyring: |
641 | if (sp > 0) { |
642 | /* resume the checking of a keyring higher up in the tree */ |
643 | sp--; |
644 | keylist = stack[sp].keylist; |
645 | kix = stack[sp].kix + 1; |
646 | goto ascend; |
647 | } |
648 | |
649 | ret = 0; /* no cycles detected */ |
650 | |
651 | error: |
652 | rcu_read_unlock(); |
653 | return ret; |
654 | |
655 | too_deep: |
656 | ret = -ELOOP; |
657 | goto error; |
658 | |
659 | cycle_detected: |
660 | ret = -EDEADLK; |
661 | goto error; |
662 | |
663 | } /* end keyring_detect_cycle() */ |
664 | |
665 | /*****************************************************************************/ |
666 | /* |
667 | * dispose of a keyring list after the RCU grace period |
668 | */ |
669 | static void keyring_link_rcu_disposal(struct rcu_head *rcu) |
670 | { |
671 | struct keyring_list *klist = |
672 | container_of(rcu, struct keyring_list, rcu); |
673 | |
674 | kfree(klist); |
675 | |
676 | } /* end keyring_link_rcu_disposal() */ |
677 | |
678 | /*****************************************************************************/ |
679 | /* |
680 | * dispose of a keyring list after the RCU grace period, freeing the unlinked |
681 | * key |
682 | */ |
683 | static void keyring_unlink_rcu_disposal(struct rcu_head *rcu) |
684 | { |
685 | struct keyring_list *klist = |
686 | container_of(rcu, struct keyring_list, rcu); |
687 | |
688 | key_put(klist->keys[klist->delkey]); |
689 | kfree(klist); |
690 | |
691 | } /* end keyring_unlink_rcu_disposal() */ |
692 | |
693 | /*****************************************************************************/ |
694 | /* |
695 | * link a key into to a keyring |
696 | * - must be called with the keyring's semaphore write-locked |
697 | * - discard already extant link to matching key if there is one |
698 | */ |
699 | int __key_link(struct key *keyring, struct key *key) |
700 | { |
701 | struct keyring_list *klist, *nklist; |
702 | unsigned max; |
703 | size_t size; |
704 | int loop, ret; |
705 | |
706 | ret = -EKEYREVOKED; |
707 | if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) |
708 | goto error; |
709 | |
710 | ret = -ENOTDIR; |
711 | if (keyring->type != &key_type_keyring) |
712 | goto error; |
713 | |
714 | /* serialise link/link calls to prevent parallel calls causing a |
715 | * cycle when applied to two keyring in opposite orders */ |
716 | down_write(&keyring_serialise_link_sem); |
717 | |
718 | /* check that we aren't going to create a cycle adding one keyring to |
719 | * another */ |
720 | if (key->type == &key_type_keyring) { |
721 | ret = keyring_detect_cycle(keyring, key); |
722 | if (ret < 0) |
723 | goto error2; |
724 | } |
725 | |
726 | /* see if there's a matching key we can displace */ |
727 | klist = rcu_dereference_locked_keyring(keyring); |
728 | if (klist && klist->nkeys > 0) { |
729 | struct key_type *type = key->type; |
730 | |
731 | for (loop = klist->nkeys - 1; loop >= 0; loop--) { |
732 | if (klist->keys[loop]->type == type && |
733 | strcmp(klist->keys[loop]->description, |
734 | key->description) == 0 |
735 | ) { |
736 | /* found a match - replace with new key */ |
737 | size = sizeof(struct key *) * klist->maxkeys; |
738 | size += sizeof(*klist); |
739 | BUG_ON(size > PAGE_SIZE); |
740 | |
741 | ret = -ENOMEM; |
742 | nklist = kmemdup(klist, size, GFP_KERNEL); |
743 | if (!nklist) |
744 | goto error2; |
745 | |
746 | /* replace matched key */ |
747 | atomic_inc(&key->usage); |
748 | nklist->keys[loop] = key; |
749 | |
750 | rcu_assign_pointer( |
751 | keyring->payload.subscriptions, |
752 | nklist); |
753 | |
754 | /* dispose of the old keyring list and the |
755 | * displaced key */ |
756 | klist->delkey = loop; |
757 | call_rcu(&klist->rcu, |
758 | keyring_unlink_rcu_disposal); |
759 | |
760 | goto done; |
761 | } |
762 | } |
763 | } |
764 | |
765 | /* check that we aren't going to overrun the user's quota */ |
766 | ret = key_payload_reserve(keyring, |
767 | keyring->datalen + KEYQUOTA_LINK_BYTES); |
768 | if (ret < 0) |
769 | goto error2; |
770 | |
771 | if (klist && klist->nkeys < klist->maxkeys) { |
772 | /* there's sufficient slack space to add directly */ |
773 | atomic_inc(&key->usage); |
774 | |
775 | klist->keys[klist->nkeys] = key; |
776 | smp_wmb(); |
777 | klist->nkeys++; |
778 | smp_wmb(); |
779 | } |
780 | else { |
781 | /* grow the key list */ |
782 | max = 4; |
783 | if (klist) |
784 | max += klist->maxkeys; |
785 | |
786 | ret = -ENFILE; |
787 | if (max > 65535) |
788 | goto error3; |
789 | size = sizeof(*klist) + sizeof(struct key *) * max; |
790 | if (size > PAGE_SIZE) |
791 | goto error3; |
792 | |
793 | ret = -ENOMEM; |
794 | nklist = kmalloc(size, GFP_KERNEL); |
795 | if (!nklist) |
796 | goto error3; |
797 | nklist->maxkeys = max; |
798 | nklist->nkeys = 0; |
799 | |
800 | if (klist) { |
801 | nklist->nkeys = klist->nkeys; |
802 | memcpy(nklist->keys, |
803 | klist->keys, |
804 | sizeof(struct key *) * klist->nkeys); |
805 | } |
806 | |
807 | /* add the key into the new space */ |
808 | atomic_inc(&key->usage); |
809 | nklist->keys[nklist->nkeys++] = key; |
810 | |
811 | rcu_assign_pointer(keyring->payload.subscriptions, nklist); |
812 | |
813 | /* dispose of the old keyring list */ |
814 | if (klist) |
815 | call_rcu(&klist->rcu, keyring_link_rcu_disposal); |
816 | } |
817 | |
818 | done: |
819 | ret = 0; |
820 | error2: |
821 | up_write(&keyring_serialise_link_sem); |
822 | error: |
823 | return ret; |
824 | |
825 | error3: |
826 | /* undo the quota changes */ |
827 | key_payload_reserve(keyring, |
828 | keyring->datalen - KEYQUOTA_LINK_BYTES); |
829 | goto error2; |
830 | |
831 | } /* end __key_link() */ |
832 | |
833 | /*****************************************************************************/ |
834 | /* |
835 | * link a key to a keyring |
836 | */ |
837 | int key_link(struct key *keyring, struct key *key) |
838 | { |
839 | int ret; |
840 | |
841 | key_check(keyring); |
842 | key_check(key); |
843 | |
844 | down_write(&keyring->sem); |
845 | ret = __key_link(keyring, key); |
846 | up_write(&keyring->sem); |
847 | |
848 | return ret; |
849 | |
850 | } /* end key_link() */ |
851 | |
852 | EXPORT_SYMBOL(key_link); |
853 | |
854 | /*****************************************************************************/ |
855 | /* |
856 | * unlink the first link to a key from a keyring |
857 | */ |
858 | int key_unlink(struct key *keyring, struct key *key) |
859 | { |
860 | struct keyring_list *klist, *nklist; |
861 | int loop, ret; |
862 | |
863 | key_check(keyring); |
864 | key_check(key); |
865 | |
866 | ret = -ENOTDIR; |
867 | if (keyring->type != &key_type_keyring) |
868 | goto error; |
869 | |
870 | down_write(&keyring->sem); |
871 | |
872 | klist = rcu_dereference_locked_keyring(keyring); |
873 | if (klist) { |
874 | /* search the keyring for the key */ |
875 | for (loop = 0; loop < klist->nkeys; loop++) |
876 | if (klist->keys[loop] == key) |
877 | goto key_is_present; |
878 | } |
879 | |
880 | up_write(&keyring->sem); |
881 | ret = -ENOENT; |
882 | goto error; |
883 | |
884 | key_is_present: |
885 | /* we need to copy the key list for RCU purposes */ |
886 | nklist = kmalloc(sizeof(*klist) + |
887 | sizeof(struct key *) * klist->maxkeys, |
888 | GFP_KERNEL); |
889 | if (!nklist) |
890 | goto nomem; |
891 | nklist->maxkeys = klist->maxkeys; |
892 | nklist->nkeys = klist->nkeys - 1; |
893 | |
894 | if (loop > 0) |
895 | memcpy(&nklist->keys[0], |
896 | &klist->keys[0], |
897 | loop * sizeof(struct key *)); |
898 | |
899 | if (loop < nklist->nkeys) |
900 | memcpy(&nklist->keys[loop], |
901 | &klist->keys[loop + 1], |
902 | (nklist->nkeys - loop) * sizeof(struct key *)); |
903 | |
904 | /* adjust the user's quota */ |
905 | key_payload_reserve(keyring, |
906 | keyring->datalen - KEYQUOTA_LINK_BYTES); |
907 | |
908 | rcu_assign_pointer(keyring->payload.subscriptions, nklist); |
909 | |
910 | up_write(&keyring->sem); |
911 | |
912 | /* schedule for later cleanup */ |
913 | klist->delkey = loop; |
914 | call_rcu(&klist->rcu, keyring_unlink_rcu_disposal); |
915 | |
916 | ret = 0; |
917 | |
918 | error: |
919 | return ret; |
920 | nomem: |
921 | ret = -ENOMEM; |
922 | up_write(&keyring->sem); |
923 | goto error; |
924 | |
925 | } /* end key_unlink() */ |
926 | |
927 | EXPORT_SYMBOL(key_unlink); |
928 | |
929 | /*****************************************************************************/ |
930 | /* |
931 | * dispose of a keyring list after the RCU grace period, releasing the keys it |
932 | * links to |
933 | */ |
934 | static void keyring_clear_rcu_disposal(struct rcu_head *rcu) |
935 | { |
936 | struct keyring_list *klist; |
937 | int loop; |
938 | |
939 | klist = container_of(rcu, struct keyring_list, rcu); |
940 | |
941 | for (loop = klist->nkeys - 1; loop >= 0; loop--) |
942 | key_put(klist->keys[loop]); |
943 | |
944 | kfree(klist); |
945 | |
946 | } /* end keyring_clear_rcu_disposal() */ |
947 | |
948 | /*****************************************************************************/ |
949 | /* |
950 | * clear the specified process keyring |
951 | * - implements keyctl(KEYCTL_CLEAR) |
952 | */ |
953 | int keyring_clear(struct key *keyring) |
954 | { |
955 | struct keyring_list *klist; |
956 | int ret; |
957 | |
958 | ret = -ENOTDIR; |
959 | if (keyring->type == &key_type_keyring) { |
960 | /* detach the pointer block with the locks held */ |
961 | down_write(&keyring->sem); |
962 | |
963 | klist = rcu_dereference_locked_keyring(keyring); |
964 | if (klist) { |
965 | /* adjust the quota */ |
966 | key_payload_reserve(keyring, |
967 | sizeof(struct keyring_list)); |
968 | |
969 | rcu_assign_pointer(keyring->payload.subscriptions, |
970 | NULL); |
971 | } |
972 | |
973 | up_write(&keyring->sem); |
974 | |
975 | /* free the keys after the locks have been dropped */ |
976 | if (klist) |
977 | call_rcu(&klist->rcu, keyring_clear_rcu_disposal); |
978 | |
979 | ret = 0; |
980 | } |
981 | |
982 | return ret; |
983 | |
984 | } /* end keyring_clear() */ |
985 | |
986 | EXPORT_SYMBOL(keyring_clear); |
987 | |
988 | /*****************************************************************************/ |
989 | /* |
990 | * dispose of the links from a revoked keyring |
991 | * - called with the key sem write-locked |
992 | */ |
993 | static void keyring_revoke(struct key *keyring) |
994 | { |
995 | struct keyring_list *klist; |
996 | |
997 | klist = rcu_dereference_locked_keyring(keyring); |
998 | |
999 | /* adjust the quota */ |
1000 | key_payload_reserve(keyring, 0); |
1001 | |
1002 | if (klist) { |
1003 | rcu_assign_pointer(keyring->payload.subscriptions, NULL); |
1004 | call_rcu(&klist->rcu, keyring_clear_rcu_disposal); |
1005 | } |
1006 | |
1007 | } /* end keyring_revoke() */ |
1008 | |
1009 | /* |
1010 | * Determine whether a key is dead |
1011 | */ |
1012 | static bool key_is_dead(struct key *key, time_t limit) |
1013 | { |
1014 | return test_bit(KEY_FLAG_DEAD, &key->flags) || |
1015 | (key->expiry > 0 && key->expiry <= limit); |
1016 | } |
1017 | |
1018 | /* |
1019 | * Collect garbage from the contents of a keyring |
1020 | */ |
1021 | void keyring_gc(struct key *keyring, time_t limit) |
1022 | { |
1023 | struct keyring_list *klist, *new; |
1024 | struct key *key; |
1025 | int loop, keep, max; |
1026 | |
1027 | kenter("{%x,%s}", key_serial(keyring), keyring->description); |
1028 | |
1029 | down_write(&keyring->sem); |
1030 | |
1031 | klist = rcu_dereference_locked_keyring(keyring); |
1032 | if (!klist) |
1033 | goto no_klist; |
1034 | |
1035 | /* work out how many subscriptions we're keeping */ |
1036 | keep = 0; |
1037 | for (loop = klist->nkeys - 1; loop >= 0; loop--) |
1038 | if (!key_is_dead(klist->keys[loop], limit)) |
1039 | keep++; |
1040 | |
1041 | if (keep == klist->nkeys) |
1042 | goto just_return; |
1043 | |
1044 | /* allocate a new keyring payload */ |
1045 | max = roundup(keep, 4); |
1046 | new = kmalloc(sizeof(struct keyring_list) + max * sizeof(struct key *), |
1047 | GFP_KERNEL); |
1048 | if (!new) |
1049 | goto nomem; |
1050 | new->maxkeys = max; |
1051 | new->nkeys = 0; |
1052 | new->delkey = 0; |
1053 | |
1054 | /* install the live keys |
1055 | * - must take care as expired keys may be updated back to life |
1056 | */ |
1057 | keep = 0; |
1058 | for (loop = klist->nkeys - 1; loop >= 0; loop--) { |
1059 | key = klist->keys[loop]; |
1060 | if (!key_is_dead(key, limit)) { |
1061 | if (keep >= max) |
1062 | goto discard_new; |
1063 | new->keys[keep++] = key_get(key); |
1064 | } |
1065 | } |
1066 | new->nkeys = keep; |
1067 | |
1068 | /* adjust the quota */ |
1069 | key_payload_reserve(keyring, |
1070 | sizeof(struct keyring_list) + |
1071 | KEYQUOTA_LINK_BYTES * keep); |
1072 | |
1073 | if (keep == 0) { |
1074 | rcu_assign_pointer(keyring->payload.subscriptions, NULL); |
1075 | kfree(new); |
1076 | } else { |
1077 | rcu_assign_pointer(keyring->payload.subscriptions, new); |
1078 | } |
1079 | |
1080 | up_write(&keyring->sem); |
1081 | |
1082 | call_rcu(&klist->rcu, keyring_clear_rcu_disposal); |
1083 | kleave(" [yes]"); |
1084 | return; |
1085 | |
1086 | discard_new: |
1087 | new->nkeys = keep; |
1088 | keyring_clear_rcu_disposal(&new->rcu); |
1089 | up_write(&keyring->sem); |
1090 | kleave(" [discard]"); |
1091 | return; |
1092 | |
1093 | just_return: |
1094 | up_write(&keyring->sem); |
1095 | kleave(" [no dead]"); |
1096 | return; |
1097 | |
1098 | no_klist: |
1099 | up_write(&keyring->sem); |
1100 | kleave(" [no_klist]"); |
1101 | return; |
1102 | |
1103 | nomem: |
1104 | up_write(&keyring->sem); |
1105 | kleave(" [oom]"); |
1106 | } |
1107 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9