Lines Matching +full:key +full:-
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* Key garbage collector
4 * Copyright (C) 2009-2011 Red Hat, Inc. All Rights Reserved.
10 #include <keys/keyring-type.h>
14 * Delay between key revocation/expiry in seconds
34 #define KEY_GC_KEY_EXPIRED 0 /* A key expired and needs unlinking */
40 * Any key whose type gets unregistered will be re-typed to this if it can't be
49 * - time precision isn't particularly important
56 kenter("%lld", gc_at - now); in key_schedule_gc()
64 expires = jiffies + (gc_at - now) * HZ; in key_schedule_gc()
70 * Set the expiration time on a key.
72 void key_set_expiry(struct key *key, time64_t expiry) in key_set_expiry() argument
74 key->expiry = expiry; in key_set_expiry()
76 if (!(key->type->flags & KEY_TYPE_INSTANT_REAP)) in key_set_expiry()
92 * Some key's cleanup time was met after it expired, so we need to get the
114 kenter("%s", ktype->name); in key_gc_keytype()
138 struct key *key = in key_gc_unused_keys() local
139 list_entry(keys->next, struct key, graveyard_link); in key_gc_unused_keys()
140 short state = key->state; in key_gc_unused_keys()
142 list_del(&key->graveyard_link); in key_gc_unused_keys()
144 kdebug("- %u", key->serial); in key_gc_unused_keys()
145 key_check(key); in key_gc_unused_keys()
148 remove_watch_list(key->watchers, key->serial); in key_gc_unused_keys()
149 key->watchers = NULL; in key_gc_unused_keys()
152 /* Throw away the key data if the key is instantiated */ in key_gc_unused_keys()
153 if (state == KEY_IS_POSITIVE && key->type->destroy) in key_gc_unused_keys()
154 key->type->destroy(key); in key_gc_unused_keys()
156 security_key_free(key); in key_gc_unused_keys()
158 /* deal with the user's key tracking and quota */ in key_gc_unused_keys()
159 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { in key_gc_unused_keys()
160 spin_lock(&key->user->lock); in key_gc_unused_keys()
161 key->user->qnkeys--; in key_gc_unused_keys()
162 key->user->qnbytes -= key->quotalen; in key_gc_unused_keys()
163 spin_unlock(&key->user->lock); in key_gc_unused_keys()
166 atomic_dec(&key->user->nkeys); in key_gc_unused_keys()
168 atomic_dec(&key->user->nikeys); in key_gc_unused_keys()
170 key_user_put(key->user); in key_gc_unused_keys()
171 key_put_tag(key->domain_tag); in key_gc_unused_keys()
172 kfree(key->description); in key_gc_unused_keys()
174 memzero_explicit(key, sizeof(*key)); in key_gc_unused_keys()
175 kmem_cache_free(key_jar, key); in key_gc_unused_keys()
190 #define KEY_GC_REAP_AGAIN 0x01 /* - Need another cycle */ in key_garbage_collector()
191 #define KEY_GC_REAPING_LINKS 0x02 /* - We need to reap links */ in key_garbage_collector()
192 #define KEY_GC_REAPING_DEAD_1 0x10 /* - We need to mark dead keys */ in key_garbage_collector()
193 #define KEY_GC_REAPING_DEAD_2 0x20 /* - We need to reap dead key links */ in key_garbage_collector()
194 #define KEY_GC_REAPING_DEAD_3 0x40 /* - We need to reap dead keys */ in key_garbage_collector()
195 #define KEY_GC_FOUND_DEAD_KEY 0x80 /* - We found at least one dead key */ in key_garbage_collector()
198 struct key *key; in key_garbage_collector() local
217 /* As only this function is permitted to remove things from the key in key_garbage_collector()
218 * serial tree, if cursor is non-NULL then it will always point to a in key_garbage_collector()
219 * valid node in the tree - even if lock got dropped. in key_garbage_collector()
226 key = rb_entry(cursor, struct key, serial_node); in key_garbage_collector()
229 if (refcount_read(&key->usage) == 0) in key_garbage_collector()
233 if (key->type == key_gc_dead_keytype) { in key_garbage_collector()
235 set_bit(KEY_FLAG_DEAD, &key->flags); in key_garbage_collector()
236 key->perm = 0; in key_garbage_collector()
238 } else if (key->type == &key_type_keyring && in key_garbage_collector()
239 key->restrict_link) { in key_garbage_collector()
244 expiry = key->expiry; in key_garbage_collector()
246 if (!(key->type->flags & KEY_TYPE_INSTANT_REAP)) in key_garbage_collector()
250 key_serial(key), key->expiry - limit); in key_garbage_collector()
251 new_timer = key->expiry; in key_garbage_collector()
256 if (key->type == key_gc_dead_keytype) in key_garbage_collector()
261 if (key->type == &key_type_keyring) in key_garbage_collector()
266 if (key->type == key_gc_dead_keytype) in key_garbage_collector()
337 /* We found an unreferenced key - once we've removed it from the tree, in key_garbage_collector()
341 kdebug("unrefd key %d", key->serial); in key_garbage_collector()
342 rb_erase(&key->serial_node, &key_serial_tree); in key_garbage_collector()
345 list_add_tail(&key->graveyard_link, &graveyard); in key_garbage_collector()
350 * it is associated with the dead key type. in key_garbage_collector()
354 keyring_restriction_gc(key, key_gc_dead_keytype); in key_garbage_collector()
364 keyring_gc(key, limit); in key_garbage_collector()
367 /* We found a dead key that is still referenced. Reset its type and in key_garbage_collector()
372 kdebug("destroy key %d", key->serial); in key_garbage_collector()
373 down_write(&key->sem); in key_garbage_collector()
374 key->type = &key_type_dead; in key_garbage_collector()
375 if (key_gc_dead_keytype->destroy) in key_garbage_collector()
376 key_gc_dead_keytype->destroy(key); in key_garbage_collector()
377 memset(&key->payload, KEY_DESTROY, sizeof(key->payload)); in key_garbage_collector()
378 up_write(&key->sem); in key_garbage_collector()