1 /* Keyring handling 2 * 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/security.h> 17 #include <linux/seq_file.h> 18 #include <linux/err.h> 19 #include <asm/uaccess.h> 20 #include "internal.h" 21 22 /* 23 * when plumbing the depths of the key tree, this sets a hard limit set on how 24 * deep we're willing to go 25 */ 26 #define KEYRING_SEARCH_MAX_DEPTH 6 27 28 /* 29 * we keep all named keyrings in a hash to speed looking them up 30 */ 31 #define KEYRING_NAME_HASH_SIZE (1 << 5) 32 33 static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE]; 34 static DEFINE_RWLOCK(keyring_name_lock); 35 36 static inline unsigned keyring_hash(const char *desc) 37 { 38 unsigned bucket = 0; 39 40 for (; *desc; desc++) 41 bucket += (unsigned char) *desc; 42 43 return bucket & (KEYRING_NAME_HASH_SIZE - 1); 44 } 45 46 /* 47 * the keyring type definition 48 */ 49 static int keyring_instantiate(struct key *keyring, 50 const void *data, size_t datalen); 51 static int keyring_match(const struct key *keyring, const void *criterion); 52 static void keyring_revoke(struct key *keyring); 53 static void keyring_destroy(struct key *keyring); 54 static void keyring_describe(const struct key *keyring, struct seq_file *m); 55 static long keyring_read(const struct key *keyring, 56 char __user *buffer, size_t buflen); 57 58 struct key_type key_type_keyring = { 59 .name = "keyring", 60 .def_datalen = sizeof(struct keyring_list), 61 .instantiate = keyring_instantiate, 62 .match = keyring_match, 63 .revoke = keyring_revoke, 64 .destroy = keyring_destroy, 65 .describe = keyring_describe, 66 .read = keyring_read, 67 }; 68 69 EXPORT_SYMBOL(key_type_keyring); 70 71 /* 72 * semaphore to serialise link/link calls to prevent two link calls in parallel 73 * introducing a cycle 74 */ 75 static DECLARE_RWSEM(keyring_serialise_link_sem); 76 77 /*****************************************************************************/ 78 /* 79 * publish the name of a keyring so that it can be found by name (if it has 80 * one) 81 */ 82 static void keyring_publish_name(struct key *keyring) 83 { 84 int bucket; 85 86 if (keyring->description) { 87 bucket = keyring_hash(keyring->description); 88 89 write_lock(&keyring_name_lock); 90 91 if (!keyring_name_hash[bucket].next) 92 INIT_LIST_HEAD(&keyring_name_hash[bucket]); 93 94 list_add_tail(&keyring->type_data.link, 95 &keyring_name_hash[bucket]); 96 97 write_unlock(&keyring_name_lock); 98 } 99 100 } /* end keyring_publish_name() */ 101 102 /*****************************************************************************/ 103 /* 104 * initialise a keyring 105 * - we object if we were given any data 106 */ 107 static int keyring_instantiate(struct key *keyring, 108 const void *data, size_t datalen) 109 { 110 int ret; 111 112 ret = -EINVAL; 113 if (datalen == 0) { 114 /* make the keyring available by name if it has one */ 115 keyring_publish_name(keyring); 116 ret = 0; 117 } 118 119 return ret; 120 121 } /* end keyring_instantiate() */ 122 123 /*****************************************************************************/ 124 /* 125 * match keyrings on their name 126 */ 127 static int keyring_match(const struct key *keyring, const void *description) 128 { 129 return keyring->description && 130 strcmp(keyring->description, description) == 0; 131 132 } /* end keyring_match() */ 133 134 /*****************************************************************************/ 135 /* 136 * dispose of the data dangling from the corpse of a keyring 137 */ 138 static void keyring_destroy(struct key *keyring) 139 { 140 struct keyring_list *klist; 141 int loop; 142 143 if (keyring->description) { 144 write_lock(&keyring_name_lock); 145 146 if (keyring->type_data.link.next != NULL && 147 !list_empty(&keyring->type_data.link)) 148 list_del(&keyring->type_data.link); 149 150 write_unlock(&keyring_name_lock); 151 } 152 153 klist = rcu_dereference(keyring->payload.subscriptions); 154 if (klist) { 155 for (loop = klist->nkeys - 1; loop >= 0; loop--) 156 key_put(klist->keys[loop]); 157 kfree(klist); 158 } 159 160 } /* end keyring_destroy() */ 161 162 /*****************************************************************************/ 163 /* 164 * describe the keyring 165 */ 166 static void keyring_describe(const struct key *keyring, struct seq_file *m) 167 { 168 struct keyring_list *klist; 169 170 if (keyring->description) { 171 seq_puts(m, keyring->description); 172 } 173 else { 174 seq_puts(m, "[anon]"); 175 } 176 177 rcu_read_lock(); 178 klist = rcu_dereference(keyring->payload.subscriptions); 179 if (klist) 180 seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys); 181 else 182 seq_puts(m, ": empty"); 183 rcu_read_unlock(); 184 185 } /* end keyring_describe() */ 186 187 /*****************************************************************************/ 188 /* 189 * read a list of key IDs from the keyring's contents 190 * - the keyring's semaphore is read-locked 191 */ 192 static long keyring_read(const struct key *keyring, 193 char __user *buffer, size_t buflen) 194 { 195 struct keyring_list *klist; 196 struct key *key; 197 size_t qty, tmp; 198 int loop, ret; 199 200 ret = 0; 201 klist = rcu_dereference(keyring->payload.subscriptions); 202 203 if (klist) { 204 /* calculate how much data we could return */ 205 qty = klist->nkeys * sizeof(key_serial_t); 206 207 if (buffer && buflen > 0) { 208 if (buflen > qty) 209 buflen = qty; 210 211 /* copy the IDs of the subscribed keys into the 212 * buffer */ 213 ret = -EFAULT; 214 215 for (loop = 0; loop < klist->nkeys; loop++) { 216 key = klist->keys[loop]; 217 218 tmp = sizeof(key_serial_t); 219 if (tmp > buflen) 220 tmp = buflen; 221 222 if (copy_to_user(buffer, 223 &key->serial, 224 tmp) != 0) 225 goto error; 226 227 buflen -= tmp; 228 if (buflen == 0) 229 break; 230 buffer += tmp; 231 } 232 } 233 234 ret = qty; 235 } 236 237 error: 238 return ret; 239 240 } /* end keyring_read() */ 241 242 /*****************************************************************************/ 243 /* 244 * allocate a keyring and link into the destination keyring 245 */ 246 struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, 247 struct task_struct *ctx, unsigned long flags, 248 struct key *dest) 249 { 250 struct key *keyring; 251 int ret; 252 253 keyring = key_alloc(&key_type_keyring, description, 254 uid, gid, ctx, 255 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, 256 flags); 257 258 if (!IS_ERR(keyring)) { 259 ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL); 260 if (ret < 0) { 261 key_put(keyring); 262 keyring = ERR_PTR(ret); 263 } 264 } 265 266 return keyring; 267 268 } /* end keyring_alloc() */ 269 270 /*****************************************************************************/ 271 /* 272 * search the supplied keyring tree for a key that matches the criterion 273 * - perform a breadth-then-depth search up to the prescribed limit 274 * - we only find keys on which we have search permission 275 * - we use the supplied match function to see if the description (or other 276 * feature of interest) matches 277 * - we rely on RCU to prevent the keyring lists from disappearing on us 278 * - we return -EAGAIN if we didn't find any matching key 279 * - we return -ENOKEY if we only found negative matching keys 280 * - we propagate the possession attribute from the keyring ref to the key ref 281 */ 282 key_ref_t keyring_search_aux(key_ref_t keyring_ref, 283 struct task_struct *context, 284 struct key_type *type, 285 const void *description, 286 key_match_func_t match) 287 { 288 struct { 289 struct keyring_list *keylist; 290 int kix; 291 } stack[KEYRING_SEARCH_MAX_DEPTH]; 292 293 struct keyring_list *keylist; 294 struct timespec now; 295 unsigned long possessed, kflags; 296 struct key *keyring, *key; 297 key_ref_t key_ref; 298 long err; 299 int sp, kix; 300 301 keyring = key_ref_to_ptr(keyring_ref); 302 possessed = is_key_possessed(keyring_ref); 303 key_check(keyring); 304 305 /* top keyring must have search permission to begin the search */ 306 err = key_task_permission(keyring_ref, context, KEY_SEARCH); 307 if (err < 0) { 308 key_ref = ERR_PTR(err); 309 goto error; 310 } 311 312 key_ref = ERR_PTR(-ENOTDIR); 313 if (keyring->type != &key_type_keyring) 314 goto error; 315 316 rcu_read_lock(); 317 318 now = current_kernel_time(); 319 err = -EAGAIN; 320 sp = 0; 321 322 /* firstly we should check to see if this top-level keyring is what we 323 * are looking for */ 324 key_ref = ERR_PTR(-EAGAIN); 325 kflags = keyring->flags; 326 if (keyring->type == type && match(keyring, description)) { 327 key = keyring; 328 329 /* check it isn't negative and hasn't expired or been 330 * revoked */ 331 if (kflags & (1 << KEY_FLAG_REVOKED)) 332 goto error_2; 333 if (key->expiry && now.tv_sec >= key->expiry) 334 goto error_2; 335 key_ref = ERR_PTR(-ENOKEY); 336 if (kflags & (1 << KEY_FLAG_NEGATIVE)) 337 goto error_2; 338 goto found; 339 } 340 341 /* otherwise, the top keyring must not be revoked, expired, or 342 * negatively instantiated if we are to search it */ 343 key_ref = ERR_PTR(-EAGAIN); 344 if (kflags & ((1 << KEY_FLAG_REVOKED) | (1 << KEY_FLAG_NEGATIVE)) || 345 (keyring->expiry && now.tv_sec >= keyring->expiry)) 346 goto error_2; 347 348 /* start processing a new keyring */ 349 descend: 350 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) 351 goto not_this_keyring; 352 353 keylist = rcu_dereference(keyring->payload.subscriptions); 354 if (!keylist) 355 goto not_this_keyring; 356 357 /* iterate through the keys in this keyring first */ 358 for (kix = 0; kix < keylist->nkeys; kix++) { 359 key = keylist->keys[kix]; 360 kflags = key->flags; 361 362 /* ignore keys not of this type */ 363 if (key->type != type) 364 continue; 365 366 /* skip revoked keys and expired keys */ 367 if (kflags & (1 << KEY_FLAG_REVOKED)) 368 continue; 369 370 if (key->expiry && now.tv_sec >= key->expiry) 371 continue; 372 373 /* keys that don't match */ 374 if (!match(key, description)) 375 continue; 376 377 /* key must have search permissions */ 378 if (key_task_permission(make_key_ref(key, possessed), 379 context, KEY_SEARCH) < 0) 380 continue; 381 382 /* we set a different error code if we pass a negative key */ 383 if (kflags & (1 << KEY_FLAG_NEGATIVE)) { 384 err = -ENOKEY; 385 continue; 386 } 387 388 goto found; 389 } 390 391 /* search through the keyrings nested in this one */ 392 kix = 0; 393 ascend: 394 for (; kix < keylist->nkeys; kix++) { 395 key = keylist->keys[kix]; 396 if (key->type != &key_type_keyring) 397 continue; 398 399 /* recursively search nested keyrings 400 * - only search keyrings for which we have search permission 401 */ 402 if (sp >= KEYRING_SEARCH_MAX_DEPTH) 403 continue; 404 405 if (key_task_permission(make_key_ref(key, possessed), 406 context, KEY_SEARCH) < 0) 407 continue; 408 409 /* stack the current position */ 410 stack[sp].keylist = keylist; 411 stack[sp].kix = kix; 412 sp++; 413 414 /* begin again with the new keyring */ 415 keyring = key; 416 goto descend; 417 } 418 419 /* the keyring we're looking at was disqualified or didn't contain a 420 * matching key */ 421 not_this_keyring: 422 if (sp > 0) { 423 /* resume the processing of a keyring higher up in the tree */ 424 sp--; 425 keylist = stack[sp].keylist; 426 kix = stack[sp].kix + 1; 427 goto ascend; 428 } 429 430 key_ref = ERR_PTR(err); 431 goto error_2; 432 433 /* we found a viable match */ 434 found: 435 atomic_inc(&key->usage); 436 key_check(key); 437 key_ref = make_key_ref(key, possessed); 438 error_2: 439 rcu_read_unlock(); 440 error: 441 return key_ref; 442 443 } /* end keyring_search_aux() */ 444 445 /*****************************************************************************/ 446 /* 447 * search the supplied keyring tree for a key that matches the criterion 448 * - perform a breadth-then-depth search up to the prescribed limit 449 * - we only find keys on which we have search permission 450 * - we readlock the keyrings as we search down the tree 451 * - we return -EAGAIN if we didn't find any matching key 452 * - we return -ENOKEY if we only found negative matching keys 453 */ 454 key_ref_t keyring_search(key_ref_t keyring, 455 struct key_type *type, 456 const char *description) 457 { 458 if (!type->match) 459 return ERR_PTR(-ENOKEY); 460 461 return keyring_search_aux(keyring, current, 462 type, description, type->match); 463 464 } /* end keyring_search() */ 465 466 EXPORT_SYMBOL(keyring_search); 467 468 /*****************************************************************************/ 469 /* 470 * search the given keyring only (no recursion) 471 * - keyring must be locked by caller 472 * - caller must guarantee that the keyring is a keyring 473 */ 474 key_ref_t __keyring_search_one(key_ref_t keyring_ref, 475 const struct key_type *ktype, 476 const char *description, 477 key_perm_t perm) 478 { 479 struct keyring_list *klist; 480 unsigned long possessed; 481 struct key *keyring, *key; 482 int loop; 483 484 keyring = key_ref_to_ptr(keyring_ref); 485 possessed = is_key_possessed(keyring_ref); 486 487 rcu_read_lock(); 488 489 klist = rcu_dereference(keyring->payload.subscriptions); 490 if (klist) { 491 for (loop = 0; loop < klist->nkeys; loop++) { 492 key = klist->keys[loop]; 493 494 if (key->type == ktype && 495 (!key->type->match || 496 key->type->match(key, description)) && 497 key_permission(make_key_ref(key, possessed), 498 perm) == 0 && 499 !test_bit(KEY_FLAG_REVOKED, &key->flags) 500 ) 501 goto found; 502 } 503 } 504 505 rcu_read_unlock(); 506 return ERR_PTR(-ENOKEY); 507 508 found: 509 atomic_inc(&key->usage); 510 rcu_read_unlock(); 511 return make_key_ref(key, possessed); 512 513 } /* end __keyring_search_one() */ 514 515 /*****************************************************************************/ 516 /* 517 * find a keyring with the specified name 518 * - all named keyrings are searched 519 * - normally only finds keyrings with search permission for the current process 520 */ 521 struct key *find_keyring_by_name(const char *name, bool skip_perm_check) 522 { 523 struct key *keyring; 524 int bucket; 525 526 keyring = ERR_PTR(-EINVAL); 527 if (!name) 528 goto error; 529 530 bucket = keyring_hash(name); 531 532 read_lock(&keyring_name_lock); 533 534 if (keyring_name_hash[bucket].next) { 535 /* search this hash bucket for a keyring with a matching name 536 * that's readable and that hasn't been revoked */ 537 list_for_each_entry(keyring, 538 &keyring_name_hash[bucket], 539 type_data.link 540 ) { 541 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) 542 continue; 543 544 if (strcmp(keyring->description, name) != 0) 545 continue; 546 547 if (!skip_perm_check && 548 key_permission(make_key_ref(keyring, 0), 549 KEY_SEARCH) < 0) 550 continue; 551 552 /* we've got a match */ 553 atomic_inc(&keyring->usage); 554 read_unlock(&keyring_name_lock); 555 goto error; 556 } 557 } 558 559 read_unlock(&keyring_name_lock); 560 keyring = ERR_PTR(-ENOKEY); 561 562 error: 563 return keyring; 564 565 } /* end find_keyring_by_name() */ 566 567 /*****************************************************************************/ 568 /* 569 * see if a cycle will will be created by inserting acyclic tree B in acyclic 570 * tree A at the topmost level (ie: as a direct child of A) 571 * - since we are adding B to A at the top level, checking for cycles should 572 * just be a matter of seeing if node A is somewhere in tree B 573 */ 574 static int keyring_detect_cycle(struct key *A, struct key *B) 575 { 576 struct { 577 struct keyring_list *keylist; 578 int kix; 579 } stack[KEYRING_SEARCH_MAX_DEPTH]; 580 581 struct keyring_list *keylist; 582 struct key *subtree, *key; 583 int sp, kix, ret; 584 585 rcu_read_lock(); 586 587 ret = -EDEADLK; 588 if (A == B) 589 goto cycle_detected; 590 591 subtree = B; 592 sp = 0; 593 594 /* start processing a new keyring */ 595 descend: 596 if (test_bit(KEY_FLAG_REVOKED, &subtree->flags)) 597 goto not_this_keyring; 598 599 keylist = rcu_dereference(subtree->payload.subscriptions); 600 if (!keylist) 601 goto not_this_keyring; 602 kix = 0; 603 604 ascend: 605 /* iterate through the remaining keys in this keyring */ 606 for (; kix < keylist->nkeys; kix++) { 607 key = keylist->keys[kix]; 608 609 if (key == A) 610 goto cycle_detected; 611 612 /* recursively check nested keyrings */ 613 if (key->type == &key_type_keyring) { 614 if (sp >= KEYRING_SEARCH_MAX_DEPTH) 615 goto too_deep; 616 617 /* stack the current position */ 618 stack[sp].keylist = keylist; 619 stack[sp].kix = kix; 620 sp++; 621 622 /* begin again with the new keyring */ 623 subtree = key; 624 goto descend; 625 } 626 } 627 628 /* the keyring we're looking at was disqualified or didn't contain a 629 * matching key */ 630 not_this_keyring: 631 if (sp > 0) { 632 /* resume the checking of a keyring higher up in the tree */ 633 sp--; 634 keylist = stack[sp].keylist; 635 kix = stack[sp].kix + 1; 636 goto ascend; 637 } 638 639 ret = 0; /* no cycles detected */ 640 641 error: 642 rcu_read_unlock(); 643 return ret; 644 645 too_deep: 646 ret = -ELOOP; 647 goto error; 648 649 cycle_detected: 650 ret = -EDEADLK; 651 goto error; 652 653 } /* end keyring_detect_cycle() */ 654 655 /*****************************************************************************/ 656 /* 657 * dispose of a keyring list after the RCU grace period 658 */ 659 static void keyring_link_rcu_disposal(struct rcu_head *rcu) 660 { 661 struct keyring_list *klist = 662 container_of(rcu, struct keyring_list, rcu); 663 664 kfree(klist); 665 666 } /* end keyring_link_rcu_disposal() */ 667 668 /*****************************************************************************/ 669 /* 670 * dispose of a keyring list after the RCU grace period, freeing the unlinked 671 * key 672 */ 673 static void keyring_unlink_rcu_disposal(struct rcu_head *rcu) 674 { 675 struct keyring_list *klist = 676 container_of(rcu, struct keyring_list, rcu); 677 678 key_put(klist->keys[klist->delkey]); 679 kfree(klist); 680 681 } /* end keyring_unlink_rcu_disposal() */ 682 683 /*****************************************************************************/ 684 /* 685 * link a key into to a keyring 686 * - must be called with the keyring's semaphore write-locked 687 * - discard already extant link to matching key if there is one 688 */ 689 int __key_link(struct key *keyring, struct key *key) 690 { 691 struct keyring_list *klist, *nklist; 692 unsigned max; 693 size_t size; 694 int loop, ret; 695 696 ret = -EKEYREVOKED; 697 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) 698 goto error; 699 700 ret = -ENOTDIR; 701 if (keyring->type != &key_type_keyring) 702 goto error; 703 704 /* serialise link/link calls to prevent parallel calls causing a 705 * cycle when applied to two keyring in opposite orders */ 706 down_write(&keyring_serialise_link_sem); 707 708 /* check that we aren't going to create a cycle adding one keyring to 709 * another */ 710 if (key->type == &key_type_keyring) { 711 ret = keyring_detect_cycle(keyring, key); 712 if (ret < 0) 713 goto error2; 714 } 715 716 /* see if there's a matching key we can displace */ 717 klist = keyring->payload.subscriptions; 718 719 if (klist && klist->nkeys > 0) { 720 struct key_type *type = key->type; 721 722 for (loop = klist->nkeys - 1; loop >= 0; loop--) { 723 if (klist->keys[loop]->type == type && 724 strcmp(klist->keys[loop]->description, 725 key->description) == 0 726 ) { 727 /* found a match - replace with new key */ 728 size = sizeof(struct key *) * klist->maxkeys; 729 size += sizeof(*klist); 730 BUG_ON(size > PAGE_SIZE); 731 732 ret = -ENOMEM; 733 nklist = kmemdup(klist, size, GFP_KERNEL); 734 if (!nklist) 735 goto error2; 736 737 /* replace matched key */ 738 atomic_inc(&key->usage); 739 nklist->keys[loop] = key; 740 741 rcu_assign_pointer( 742 keyring->payload.subscriptions, 743 nklist); 744 745 /* dispose of the old keyring list and the 746 * displaced key */ 747 klist->delkey = loop; 748 call_rcu(&klist->rcu, 749 keyring_unlink_rcu_disposal); 750 751 goto done; 752 } 753 } 754 } 755 756 /* check that we aren't going to overrun the user's quota */ 757 ret = key_payload_reserve(keyring, 758 keyring->datalen + KEYQUOTA_LINK_BYTES); 759 if (ret < 0) 760 goto error2; 761 762 klist = keyring->payload.subscriptions; 763 764 if (klist && klist->nkeys < klist->maxkeys) { 765 /* there's sufficient slack space to add directly */ 766 atomic_inc(&key->usage); 767 768 klist->keys[klist->nkeys] = key; 769 smp_wmb(); 770 klist->nkeys++; 771 smp_wmb(); 772 } 773 else { 774 /* grow the key list */ 775 max = 4; 776 if (klist) 777 max += klist->maxkeys; 778 779 ret = -ENFILE; 780 if (max > 65535) 781 goto error3; 782 size = sizeof(*klist) + sizeof(struct key *) * max; 783 if (size > PAGE_SIZE) 784 goto error3; 785 786 ret = -ENOMEM; 787 nklist = kmalloc(size, GFP_KERNEL); 788 if (!nklist) 789 goto error3; 790 nklist->maxkeys = max; 791 nklist->nkeys = 0; 792 793 if (klist) { 794 nklist->nkeys = klist->nkeys; 795 memcpy(nklist->keys, 796 klist->keys, 797 sizeof(struct key *) * klist->nkeys); 798 } 799 800 /* add the key into the new space */ 801 atomic_inc(&key->usage); 802 nklist->keys[nklist->nkeys++] = key; 803 804 rcu_assign_pointer(keyring->payload.subscriptions, nklist); 805 806 /* dispose of the old keyring list */ 807 if (klist) 808 call_rcu(&klist->rcu, keyring_link_rcu_disposal); 809 } 810 811 done: 812 ret = 0; 813 error2: 814 up_write(&keyring_serialise_link_sem); 815 error: 816 return ret; 817 818 error3: 819 /* undo the quota changes */ 820 key_payload_reserve(keyring, 821 keyring->datalen - KEYQUOTA_LINK_BYTES); 822 goto error2; 823 824 } /* end __key_link() */ 825 826 /*****************************************************************************/ 827 /* 828 * link a key to a keyring 829 */ 830 int key_link(struct key *keyring, struct key *key) 831 { 832 int ret; 833 834 key_check(keyring); 835 key_check(key); 836 837 down_write(&keyring->sem); 838 ret = __key_link(keyring, key); 839 up_write(&keyring->sem); 840 841 return ret; 842 843 } /* end key_link() */ 844 845 EXPORT_SYMBOL(key_link); 846 847 /*****************************************************************************/ 848 /* 849 * unlink the first link to a key from a keyring 850 */ 851 int key_unlink(struct key *keyring, struct key *key) 852 { 853 struct keyring_list *klist, *nklist; 854 int loop, ret; 855 856 key_check(keyring); 857 key_check(key); 858 859 ret = -ENOTDIR; 860 if (keyring->type != &key_type_keyring) 861 goto error; 862 863 down_write(&keyring->sem); 864 865 klist = keyring->payload.subscriptions; 866 if (klist) { 867 /* search the keyring for the key */ 868 for (loop = 0; loop < klist->nkeys; loop++) 869 if (klist->keys[loop] == key) 870 goto key_is_present; 871 } 872 873 up_write(&keyring->sem); 874 ret = -ENOENT; 875 goto error; 876 877 key_is_present: 878 /* we need to copy the key list for RCU purposes */ 879 nklist = kmalloc(sizeof(*klist) + 880 sizeof(struct key *) * klist->maxkeys, 881 GFP_KERNEL); 882 if (!nklist) 883 goto nomem; 884 nklist->maxkeys = klist->maxkeys; 885 nklist->nkeys = klist->nkeys - 1; 886 887 if (loop > 0) 888 memcpy(&nklist->keys[0], 889 &klist->keys[0], 890 loop * sizeof(struct key *)); 891 892 if (loop < nklist->nkeys) 893 memcpy(&nklist->keys[loop], 894 &klist->keys[loop + 1], 895 (nklist->nkeys - loop) * sizeof(struct key *)); 896 897 /* adjust the user's quota */ 898 key_payload_reserve(keyring, 899 keyring->datalen - KEYQUOTA_LINK_BYTES); 900 901 rcu_assign_pointer(keyring->payload.subscriptions, nklist); 902 903 up_write(&keyring->sem); 904 905 /* schedule for later cleanup */ 906 klist->delkey = loop; 907 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal); 908 909 ret = 0; 910 911 error: 912 return ret; 913 nomem: 914 ret = -ENOMEM; 915 up_write(&keyring->sem); 916 goto error; 917 918 } /* end key_unlink() */ 919 920 EXPORT_SYMBOL(key_unlink); 921 922 /*****************************************************************************/ 923 /* 924 * dispose of a keyring list after the RCU grace period, releasing the keys it 925 * links to 926 */ 927 static void keyring_clear_rcu_disposal(struct rcu_head *rcu) 928 { 929 struct keyring_list *klist; 930 int loop; 931 932 klist = container_of(rcu, struct keyring_list, rcu); 933 934 for (loop = klist->nkeys - 1; loop >= 0; loop--) 935 key_put(klist->keys[loop]); 936 937 kfree(klist); 938 939 } /* end keyring_clear_rcu_disposal() */ 940 941 /*****************************************************************************/ 942 /* 943 * clear the specified process keyring 944 * - implements keyctl(KEYCTL_CLEAR) 945 */ 946 int keyring_clear(struct key *keyring) 947 { 948 struct keyring_list *klist; 949 int ret; 950 951 ret = -ENOTDIR; 952 if (keyring->type == &key_type_keyring) { 953 /* detach the pointer block with the locks held */ 954 down_write(&keyring->sem); 955 956 klist = keyring->payload.subscriptions; 957 if (klist) { 958 /* adjust the quota */ 959 key_payload_reserve(keyring, 960 sizeof(struct keyring_list)); 961 962 rcu_assign_pointer(keyring->payload.subscriptions, 963 NULL); 964 } 965 966 up_write(&keyring->sem); 967 968 /* free the keys after the locks have been dropped */ 969 if (klist) 970 call_rcu(&klist->rcu, keyring_clear_rcu_disposal); 971 972 ret = 0; 973 } 974 975 return ret; 976 977 } /* end keyring_clear() */ 978 979 EXPORT_SYMBOL(keyring_clear); 980 981 /*****************************************************************************/ 982 /* 983 * dispose of the links from a revoked keyring 984 * - called with the key sem write-locked 985 */ 986 static void keyring_revoke(struct key *keyring) 987 { 988 struct keyring_list *klist = keyring->payload.subscriptions; 989 990 /* adjust the quota */ 991 key_payload_reserve(keyring, 0); 992 993 if (klist) { 994 rcu_assign_pointer(keyring->payload.subscriptions, NULL); 995 call_rcu(&klist->rcu, keyring_clear_rcu_disposal); 996 } 997 998 } /* end keyring_revoke() */ 999