1 /* Keyring handling 2 * 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/security.h> 17 #include <linux/seq_file.h> 18 #include <linux/err.h> 19 #include <keys/keyring-type.h> 20 #include <asm/uaccess.h> 21 #include "internal.h" 22 23 /* 24 * when plumbing the depths of the key tree, this sets a hard limit set on how 25 * deep we're willing to go 26 */ 27 #define KEYRING_SEARCH_MAX_DEPTH 6 28 29 /* 30 * we keep all named keyrings in a hash to speed looking them up 31 */ 32 #define KEYRING_NAME_HASH_SIZE (1 << 5) 33 34 static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE]; 35 static DEFINE_RWLOCK(keyring_name_lock); 36 37 static inline unsigned keyring_hash(const char *desc) 38 { 39 unsigned bucket = 0; 40 41 for (; *desc; desc++) 42 bucket += (unsigned char) *desc; 43 44 return bucket & (KEYRING_NAME_HASH_SIZE - 1); 45 } 46 47 /* 48 * the keyring type definition 49 */ 50 static int keyring_instantiate(struct key *keyring, 51 const void *data, size_t datalen); 52 static int keyring_match(const struct key *keyring, const void *criterion); 53 static void keyring_revoke(struct key *keyring); 54 static void keyring_destroy(struct key *keyring); 55 static void keyring_describe(const struct key *keyring, struct seq_file *m); 56 static long keyring_read(const struct key *keyring, 57 char __user *buffer, size_t buflen); 58 59 struct key_type key_type_keyring = { 60 .name = "keyring", 61 .def_datalen = sizeof(struct keyring_list), 62 .instantiate = keyring_instantiate, 63 .match = keyring_match, 64 .revoke = keyring_revoke, 65 .destroy = keyring_destroy, 66 .describe = keyring_describe, 67 .read = keyring_read, 68 }; 69 70 EXPORT_SYMBOL(key_type_keyring); 71 72 /* 73 * semaphore to serialise link/link calls to prevent two link calls in parallel 74 * introducing a cycle 75 */ 76 static DECLARE_RWSEM(keyring_serialise_link_sem); 77 78 /*****************************************************************************/ 79 /* 80 * publish the name of a keyring so that it can be found by name (if it has 81 * one) 82 */ 83 static void keyring_publish_name(struct key *keyring) 84 { 85 int bucket; 86 87 if (keyring->description) { 88 bucket = keyring_hash(keyring->description); 89 90 write_lock(&keyring_name_lock); 91 92 if (!keyring_name_hash[bucket].next) 93 INIT_LIST_HEAD(&keyring_name_hash[bucket]); 94 95 list_add_tail(&keyring->type_data.link, 96 &keyring_name_hash[bucket]); 97 98 write_unlock(&keyring_name_lock); 99 } 100 101 } /* end keyring_publish_name() */ 102 103 /*****************************************************************************/ 104 /* 105 * initialise a keyring 106 * - we object if we were given any data 107 */ 108 static int keyring_instantiate(struct key *keyring, 109 const void *data, size_t datalen) 110 { 111 int ret; 112 113 ret = -EINVAL; 114 if (datalen == 0) { 115 /* make the keyring available by name if it has one */ 116 keyring_publish_name(keyring); 117 ret = 0; 118 } 119 120 return ret; 121 122 } /* end keyring_instantiate() */ 123 124 /*****************************************************************************/ 125 /* 126 * match keyrings on their name 127 */ 128 static int keyring_match(const struct key *keyring, const void *description) 129 { 130 return keyring->description && 131 strcmp(keyring->description, description) == 0; 132 133 } /* end keyring_match() */ 134 135 /*****************************************************************************/ 136 /* 137 * dispose of the data dangling from the corpse of a keyring 138 */ 139 static void keyring_destroy(struct key *keyring) 140 { 141 struct keyring_list *klist; 142 int loop; 143 144 if (keyring->description) { 145 write_lock(&keyring_name_lock); 146 147 if (keyring->type_data.link.next != NULL && 148 !list_empty(&keyring->type_data.link)) 149 list_del(&keyring->type_data.link); 150 151 write_unlock(&keyring_name_lock); 152 } 153 154 klist = rcu_dereference(keyring->payload.subscriptions); 155 if (klist) { 156 for (loop = klist->nkeys - 1; loop >= 0; loop--) 157 key_put(klist->keys[loop]); 158 kfree(klist); 159 } 160 161 } /* end keyring_destroy() */ 162 163 /*****************************************************************************/ 164 /* 165 * describe the keyring 166 */ 167 static void keyring_describe(const struct key *keyring, struct seq_file *m) 168 { 169 struct keyring_list *klist; 170 171 if (keyring->description) { 172 seq_puts(m, keyring->description); 173 } 174 else { 175 seq_puts(m, "[anon]"); 176 } 177 178 rcu_read_lock(); 179 klist = rcu_dereference(keyring->payload.subscriptions); 180 if (klist) 181 seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys); 182 else 183 seq_puts(m, ": empty"); 184 rcu_read_unlock(); 185 186 } /* end keyring_describe() */ 187 188 /*****************************************************************************/ 189 /* 190 * read a list of key IDs from the keyring's contents 191 * - the keyring's semaphore is read-locked 192 */ 193 static long keyring_read(const struct key *keyring, 194 char __user *buffer, size_t buflen) 195 { 196 struct keyring_list *klist; 197 struct key *key; 198 size_t qty, tmp; 199 int loop, ret; 200 201 ret = 0; 202 klist = rcu_dereference(keyring->payload.subscriptions); 203 204 if (klist) { 205 /* calculate how much data we could return */ 206 qty = klist->nkeys * sizeof(key_serial_t); 207 208 if (buffer && buflen > 0) { 209 if (buflen > qty) 210 buflen = qty; 211 212 /* copy the IDs of the subscribed keys into the 213 * buffer */ 214 ret = -EFAULT; 215 216 for (loop = 0; loop < klist->nkeys; loop++) { 217 key = klist->keys[loop]; 218 219 tmp = sizeof(key_serial_t); 220 if (tmp > buflen) 221 tmp = buflen; 222 223 if (copy_to_user(buffer, 224 &key->serial, 225 tmp) != 0) 226 goto error; 227 228 buflen -= tmp; 229 if (buflen == 0) 230 break; 231 buffer += tmp; 232 } 233 } 234 235 ret = qty; 236 } 237 238 error: 239 return ret; 240 241 } /* end keyring_read() */ 242 243 /*****************************************************************************/ 244 /* 245 * allocate a keyring and link into the destination keyring 246 */ 247 struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, 248 const struct cred *cred, unsigned long flags, 249 struct key *dest) 250 { 251 struct key *keyring; 252 int ret; 253 254 keyring = key_alloc(&key_type_keyring, description, 255 uid, gid, cred, 256 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, 257 flags); 258 259 if (!IS_ERR(keyring)) { 260 ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL); 261 if (ret < 0) { 262 key_put(keyring); 263 keyring = ERR_PTR(ret); 264 } 265 } 266 267 return keyring; 268 269 } /* end keyring_alloc() */ 270 271 /*****************************************************************************/ 272 /* 273 * search the supplied keyring tree for a key that matches the criterion 274 * - perform a breadth-then-depth search up to the prescribed limit 275 * - we only find keys on which we have search permission 276 * - we use the supplied match function to see if the description (or other 277 * feature of interest) matches 278 * - we rely on RCU to prevent the keyring lists from disappearing on us 279 * - we return -EAGAIN if we didn't find any matching key 280 * - we return -ENOKEY if we only found negative matching keys 281 * - we propagate the possession attribute from the keyring ref to the key ref 282 */ 283 key_ref_t keyring_search_aux(key_ref_t keyring_ref, 284 const struct cred *cred, 285 struct key_type *type, 286 const void *description, 287 key_match_func_t match) 288 { 289 struct { 290 struct keyring_list *keylist; 291 int kix; 292 } stack[KEYRING_SEARCH_MAX_DEPTH]; 293 294 struct keyring_list *keylist; 295 struct timespec now; 296 unsigned long possessed, kflags; 297 struct key *keyring, *key; 298 key_ref_t key_ref; 299 long err; 300 int sp, kix; 301 302 keyring = key_ref_to_ptr(keyring_ref); 303 possessed = is_key_possessed(keyring_ref); 304 key_check(keyring); 305 306 /* top keyring must have search permission to begin the search */ 307 err = key_task_permission(keyring_ref, cred, KEY_SEARCH); 308 if (err < 0) { 309 key_ref = ERR_PTR(err); 310 goto error; 311 } 312 313 key_ref = ERR_PTR(-ENOTDIR); 314 if (keyring->type != &key_type_keyring) 315 goto error; 316 317 rcu_read_lock(); 318 319 now = current_kernel_time(); 320 err = -EAGAIN; 321 sp = 0; 322 323 /* firstly we should check to see if this top-level keyring is what we 324 * are looking for */ 325 key_ref = ERR_PTR(-EAGAIN); 326 kflags = keyring->flags; 327 if (keyring->type == type && match(keyring, description)) { 328 key = keyring; 329 330 /* check it isn't negative and hasn't expired or been 331 * revoked */ 332 if (kflags & (1 << KEY_FLAG_REVOKED)) 333 goto error_2; 334 if (key->expiry && now.tv_sec >= key->expiry) 335 goto error_2; 336 key_ref = ERR_PTR(-ENOKEY); 337 if (kflags & (1 << KEY_FLAG_NEGATIVE)) 338 goto error_2; 339 goto found; 340 } 341 342 /* otherwise, the top keyring must not be revoked, expired, or 343 * negatively instantiated if we are to search it */ 344 key_ref = ERR_PTR(-EAGAIN); 345 if (kflags & ((1 << KEY_FLAG_REVOKED) | (1 << KEY_FLAG_NEGATIVE)) || 346 (keyring->expiry && now.tv_sec >= keyring->expiry)) 347 goto error_2; 348 349 /* start processing a new keyring */ 350 descend: 351 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) 352 goto not_this_keyring; 353 354 keylist = rcu_dereference(keyring->payload.subscriptions); 355 if (!keylist) 356 goto not_this_keyring; 357 358 /* iterate through the keys in this keyring first */ 359 for (kix = 0; kix < keylist->nkeys; kix++) { 360 key = keylist->keys[kix]; 361 kflags = key->flags; 362 363 /* ignore keys not of this type */ 364 if (key->type != type) 365 continue; 366 367 /* skip revoked keys and expired keys */ 368 if (kflags & (1 << KEY_FLAG_REVOKED)) 369 continue; 370 371 if (key->expiry && now.tv_sec >= key->expiry) 372 continue; 373 374 /* keys that don't match */ 375 if (!match(key, description)) 376 continue; 377 378 /* key must have search permissions */ 379 if (key_task_permission(make_key_ref(key, possessed), 380 cred, KEY_SEARCH) < 0) 381 continue; 382 383 /* we set a different error code if we pass a negative key */ 384 if (kflags & (1 << KEY_FLAG_NEGATIVE)) { 385 err = -ENOKEY; 386 continue; 387 } 388 389 goto found; 390 } 391 392 /* search through the keyrings nested in this one */ 393 kix = 0; 394 ascend: 395 for (; kix < keylist->nkeys; kix++) { 396 key = keylist->keys[kix]; 397 if (key->type != &key_type_keyring) 398 continue; 399 400 /* recursively search nested keyrings 401 * - only search keyrings for which we have search permission 402 */ 403 if (sp >= KEYRING_SEARCH_MAX_DEPTH) 404 continue; 405 406 if (key_task_permission(make_key_ref(key, possessed), 407 cred, KEY_SEARCH) < 0) 408 continue; 409 410 /* stack the current position */ 411 stack[sp].keylist = keylist; 412 stack[sp].kix = kix; 413 sp++; 414 415 /* begin again with the new keyring */ 416 keyring = key; 417 goto descend; 418 } 419 420 /* the keyring we're looking at was disqualified or didn't contain a 421 * matching key */ 422 not_this_keyring: 423 if (sp > 0) { 424 /* resume the processing of a keyring higher up in the tree */ 425 sp--; 426 keylist = stack[sp].keylist; 427 kix = stack[sp].kix + 1; 428 goto ascend; 429 } 430 431 key_ref = ERR_PTR(err); 432 goto error_2; 433 434 /* we found a viable match */ 435 found: 436 atomic_inc(&key->usage); 437 key_check(key); 438 key_ref = make_key_ref(key, possessed); 439 error_2: 440 rcu_read_unlock(); 441 error: 442 return key_ref; 443 444 } /* end keyring_search_aux() */ 445 446 /*****************************************************************************/ 447 /* 448 * search the supplied keyring tree for a key that matches the criterion 449 * - perform a breadth-then-depth search up to the prescribed limit 450 * - we only find keys on which we have search permission 451 * - we readlock the keyrings as we search down the tree 452 * - we return -EAGAIN if we didn't find any matching key 453 * - we return -ENOKEY if we only found negative matching keys 454 */ 455 key_ref_t keyring_search(key_ref_t keyring, 456 struct key_type *type, 457 const char *description) 458 { 459 if (!type->match) 460 return ERR_PTR(-ENOKEY); 461 462 return keyring_search_aux(keyring, current->cred, 463 type, description, type->match); 464 465 } /* end keyring_search() */ 466 467 EXPORT_SYMBOL(keyring_search); 468 469 /*****************************************************************************/ 470 /* 471 * search the given keyring only (no recursion) 472 * - keyring must be locked by caller 473 * - caller must guarantee that the keyring is a keyring 474 */ 475 key_ref_t __keyring_search_one(key_ref_t keyring_ref, 476 const struct key_type *ktype, 477 const char *description, 478 key_perm_t perm) 479 { 480 struct keyring_list *klist; 481 unsigned long possessed; 482 struct key *keyring, *key; 483 int loop; 484 485 keyring = key_ref_to_ptr(keyring_ref); 486 possessed = is_key_possessed(keyring_ref); 487 488 rcu_read_lock(); 489 490 klist = rcu_dereference(keyring->payload.subscriptions); 491 if (klist) { 492 for (loop = 0; loop < klist->nkeys; loop++) { 493 key = klist->keys[loop]; 494 495 if (key->type == ktype && 496 (!key->type->match || 497 key->type->match(key, description)) && 498 key_permission(make_key_ref(key, possessed), 499 perm) == 0 && 500 !test_bit(KEY_FLAG_REVOKED, &key->flags) 501 ) 502 goto found; 503 } 504 } 505 506 rcu_read_unlock(); 507 return ERR_PTR(-ENOKEY); 508 509 found: 510 atomic_inc(&key->usage); 511 rcu_read_unlock(); 512 return make_key_ref(key, possessed); 513 514 } /* end __keyring_search_one() */ 515 516 /*****************************************************************************/ 517 /* 518 * find a keyring with the specified name 519 * - all named keyrings are searched 520 * - normally only finds keyrings with search permission for the current process 521 */ 522 struct key *find_keyring_by_name(const char *name, bool skip_perm_check) 523 { 524 struct key *keyring; 525 int bucket; 526 527 keyring = ERR_PTR(-EINVAL); 528 if (!name) 529 goto error; 530 531 bucket = keyring_hash(name); 532 533 read_lock(&keyring_name_lock); 534 535 if (keyring_name_hash[bucket].next) { 536 /* search this hash bucket for a keyring with a matching name 537 * that's readable and that hasn't been revoked */ 538 list_for_each_entry(keyring, 539 &keyring_name_hash[bucket], 540 type_data.link 541 ) { 542 if (keyring->user->user_ns != current_user_ns()) 543 continue; 544 545 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) 546 continue; 547 548 if (strcmp(keyring->description, name) != 0) 549 continue; 550 551 if (!skip_perm_check && 552 key_permission(make_key_ref(keyring, 0), 553 KEY_SEARCH) < 0) 554 continue; 555 556 /* we've got a match */ 557 atomic_inc(&keyring->usage); 558 read_unlock(&keyring_name_lock); 559 goto error; 560 } 561 } 562 563 read_unlock(&keyring_name_lock); 564 keyring = ERR_PTR(-ENOKEY); 565 566 error: 567 return keyring; 568 569 } /* end find_keyring_by_name() */ 570 571 /*****************************************************************************/ 572 /* 573 * see if a cycle will will be created by inserting acyclic tree B in acyclic 574 * tree A at the topmost level (ie: as a direct child of A) 575 * - since we are adding B to A at the top level, checking for cycles should 576 * just be a matter of seeing if node A is somewhere in tree B 577 */ 578 static int keyring_detect_cycle(struct key *A, struct key *B) 579 { 580 struct { 581 struct keyring_list *keylist; 582 int kix; 583 } stack[KEYRING_SEARCH_MAX_DEPTH]; 584 585 struct keyring_list *keylist; 586 struct key *subtree, *key; 587 int sp, kix, ret; 588 589 rcu_read_lock(); 590 591 ret = -EDEADLK; 592 if (A == B) 593 goto cycle_detected; 594 595 subtree = B; 596 sp = 0; 597 598 /* start processing a new keyring */ 599 descend: 600 if (test_bit(KEY_FLAG_REVOKED, &subtree->flags)) 601 goto not_this_keyring; 602 603 keylist = rcu_dereference(subtree->payload.subscriptions); 604 if (!keylist) 605 goto not_this_keyring; 606 kix = 0; 607 608 ascend: 609 /* iterate through the remaining keys in this keyring */ 610 for (; kix < keylist->nkeys; kix++) { 611 key = keylist->keys[kix]; 612 613 if (key == A) 614 goto cycle_detected; 615 616 /* recursively check nested keyrings */ 617 if (key->type == &key_type_keyring) { 618 if (sp >= KEYRING_SEARCH_MAX_DEPTH) 619 goto too_deep; 620 621 /* stack the current position */ 622 stack[sp].keylist = keylist; 623 stack[sp].kix = kix; 624 sp++; 625 626 /* begin again with the new keyring */ 627 subtree = key; 628 goto descend; 629 } 630 } 631 632 /* the keyring we're looking at was disqualified or didn't contain a 633 * matching key */ 634 not_this_keyring: 635 if (sp > 0) { 636 /* resume the checking of a keyring higher up in the tree */ 637 sp--; 638 keylist = stack[sp].keylist; 639 kix = stack[sp].kix + 1; 640 goto ascend; 641 } 642 643 ret = 0; /* no cycles detected */ 644 645 error: 646 rcu_read_unlock(); 647 return ret; 648 649 too_deep: 650 ret = -ELOOP; 651 goto error; 652 653 cycle_detected: 654 ret = -EDEADLK; 655 goto error; 656 657 } /* end keyring_detect_cycle() */ 658 659 /*****************************************************************************/ 660 /* 661 * dispose of a keyring list after the RCU grace period 662 */ 663 static void keyring_link_rcu_disposal(struct rcu_head *rcu) 664 { 665 struct keyring_list *klist = 666 container_of(rcu, struct keyring_list, rcu); 667 668 kfree(klist); 669 670 } /* end keyring_link_rcu_disposal() */ 671 672 /*****************************************************************************/ 673 /* 674 * dispose of a keyring list after the RCU grace period, freeing the unlinked 675 * key 676 */ 677 static void keyring_unlink_rcu_disposal(struct rcu_head *rcu) 678 { 679 struct keyring_list *klist = 680 container_of(rcu, struct keyring_list, rcu); 681 682 key_put(klist->keys[klist->delkey]); 683 kfree(klist); 684 685 } /* end keyring_unlink_rcu_disposal() */ 686 687 /*****************************************************************************/ 688 /* 689 * link a key into to a keyring 690 * - must be called with the keyring's semaphore write-locked 691 * - discard already extant link to matching key if there is one 692 */ 693 int __key_link(struct key *keyring, struct key *key) 694 { 695 struct keyring_list *klist, *nklist; 696 unsigned max; 697 size_t size; 698 int loop, ret; 699 700 ret = -EKEYREVOKED; 701 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) 702 goto error; 703 704 ret = -ENOTDIR; 705 if (keyring->type != &key_type_keyring) 706 goto error; 707 708 /* serialise link/link calls to prevent parallel calls causing a 709 * cycle when applied to two keyring in opposite orders */ 710 down_write(&keyring_serialise_link_sem); 711 712 /* check that we aren't going to create a cycle adding one keyring to 713 * another */ 714 if (key->type == &key_type_keyring) { 715 ret = keyring_detect_cycle(keyring, key); 716 if (ret < 0) 717 goto error2; 718 } 719 720 /* see if there's a matching key we can displace */ 721 klist = keyring->payload.subscriptions; 722 723 if (klist && klist->nkeys > 0) { 724 struct key_type *type = key->type; 725 726 for (loop = klist->nkeys - 1; loop >= 0; loop--) { 727 if (klist->keys[loop]->type == type && 728 strcmp(klist->keys[loop]->description, 729 key->description) == 0 730 ) { 731 /* found a match - replace with new key */ 732 size = sizeof(struct key *) * klist->maxkeys; 733 size += sizeof(*klist); 734 BUG_ON(size > PAGE_SIZE); 735 736 ret = -ENOMEM; 737 nklist = kmemdup(klist, size, GFP_KERNEL); 738 if (!nklist) 739 goto error2; 740 741 /* replace matched key */ 742 atomic_inc(&key->usage); 743 nklist->keys[loop] = key; 744 745 rcu_assign_pointer( 746 keyring->payload.subscriptions, 747 nklist); 748 749 /* dispose of the old keyring list and the 750 * displaced key */ 751 klist->delkey = loop; 752 call_rcu(&klist->rcu, 753 keyring_unlink_rcu_disposal); 754 755 goto done; 756 } 757 } 758 } 759 760 /* check that we aren't going to overrun the user's quota */ 761 ret = key_payload_reserve(keyring, 762 keyring->datalen + KEYQUOTA_LINK_BYTES); 763 if (ret < 0) 764 goto error2; 765 766 klist = keyring->payload.subscriptions; 767 768 if (klist && klist->nkeys < klist->maxkeys) { 769 /* there's sufficient slack space to add directly */ 770 atomic_inc(&key->usage); 771 772 klist->keys[klist->nkeys] = key; 773 smp_wmb(); 774 klist->nkeys++; 775 smp_wmb(); 776 } 777 else { 778 /* grow the key list */ 779 max = 4; 780 if (klist) 781 max += klist->maxkeys; 782 783 ret = -ENFILE; 784 if (max > 65535) 785 goto error3; 786 size = sizeof(*klist) + sizeof(struct key *) * max; 787 if (size > PAGE_SIZE) 788 goto error3; 789 790 ret = -ENOMEM; 791 nklist = kmalloc(size, GFP_KERNEL); 792 if (!nklist) 793 goto error3; 794 nklist->maxkeys = max; 795 nklist->nkeys = 0; 796 797 if (klist) { 798 nklist->nkeys = klist->nkeys; 799 memcpy(nklist->keys, 800 klist->keys, 801 sizeof(struct key *) * klist->nkeys); 802 } 803 804 /* add the key into the new space */ 805 atomic_inc(&key->usage); 806 nklist->keys[nklist->nkeys++] = key; 807 808 rcu_assign_pointer(keyring->payload.subscriptions, nklist); 809 810 /* dispose of the old keyring list */ 811 if (klist) 812 call_rcu(&klist->rcu, keyring_link_rcu_disposal); 813 } 814 815 done: 816 ret = 0; 817 error2: 818 up_write(&keyring_serialise_link_sem); 819 error: 820 return ret; 821 822 error3: 823 /* undo the quota changes */ 824 key_payload_reserve(keyring, 825 keyring->datalen - KEYQUOTA_LINK_BYTES); 826 goto error2; 827 828 } /* end __key_link() */ 829 830 /*****************************************************************************/ 831 /* 832 * link a key to a keyring 833 */ 834 int key_link(struct key *keyring, struct key *key) 835 { 836 int ret; 837 838 key_check(keyring); 839 key_check(key); 840 841 down_write(&keyring->sem); 842 ret = __key_link(keyring, key); 843 up_write(&keyring->sem); 844 845 return ret; 846 847 } /* end key_link() */ 848 849 EXPORT_SYMBOL(key_link); 850 851 /*****************************************************************************/ 852 /* 853 * unlink the first link to a key from a keyring 854 */ 855 int key_unlink(struct key *keyring, struct key *key) 856 { 857 struct keyring_list *klist, *nklist; 858 int loop, ret; 859 860 key_check(keyring); 861 key_check(key); 862 863 ret = -ENOTDIR; 864 if (keyring->type != &key_type_keyring) 865 goto error; 866 867 down_write(&keyring->sem); 868 869 klist = keyring->payload.subscriptions; 870 if (klist) { 871 /* search the keyring for the key */ 872 for (loop = 0; loop < klist->nkeys; loop++) 873 if (klist->keys[loop] == key) 874 goto key_is_present; 875 } 876 877 up_write(&keyring->sem); 878 ret = -ENOENT; 879 goto error; 880 881 key_is_present: 882 /* we need to copy the key list for RCU purposes */ 883 nklist = kmalloc(sizeof(*klist) + 884 sizeof(struct key *) * klist->maxkeys, 885 GFP_KERNEL); 886 if (!nklist) 887 goto nomem; 888 nklist->maxkeys = klist->maxkeys; 889 nklist->nkeys = klist->nkeys - 1; 890 891 if (loop > 0) 892 memcpy(&nklist->keys[0], 893 &klist->keys[0], 894 loop * sizeof(struct key *)); 895 896 if (loop < nklist->nkeys) 897 memcpy(&nklist->keys[loop], 898 &klist->keys[loop + 1], 899 (nklist->nkeys - loop) * sizeof(struct key *)); 900 901 /* adjust the user's quota */ 902 key_payload_reserve(keyring, 903 keyring->datalen - KEYQUOTA_LINK_BYTES); 904 905 rcu_assign_pointer(keyring->payload.subscriptions, nklist); 906 907 up_write(&keyring->sem); 908 909 /* schedule for later cleanup */ 910 klist->delkey = loop; 911 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal); 912 913 ret = 0; 914 915 error: 916 return ret; 917 nomem: 918 ret = -ENOMEM; 919 up_write(&keyring->sem); 920 goto error; 921 922 } /* end key_unlink() */ 923 924 EXPORT_SYMBOL(key_unlink); 925 926 /*****************************************************************************/ 927 /* 928 * dispose of a keyring list after the RCU grace period, releasing the keys it 929 * links to 930 */ 931 static void keyring_clear_rcu_disposal(struct rcu_head *rcu) 932 { 933 struct keyring_list *klist; 934 int loop; 935 936 klist = container_of(rcu, struct keyring_list, rcu); 937 938 for (loop = klist->nkeys - 1; loop >= 0; loop--) 939 key_put(klist->keys[loop]); 940 941 kfree(klist); 942 943 } /* end keyring_clear_rcu_disposal() */ 944 945 /*****************************************************************************/ 946 /* 947 * clear the specified process keyring 948 * - implements keyctl(KEYCTL_CLEAR) 949 */ 950 int keyring_clear(struct key *keyring) 951 { 952 struct keyring_list *klist; 953 int ret; 954 955 ret = -ENOTDIR; 956 if (keyring->type == &key_type_keyring) { 957 /* detach the pointer block with the locks held */ 958 down_write(&keyring->sem); 959 960 klist = keyring->payload.subscriptions; 961 if (klist) { 962 /* adjust the quota */ 963 key_payload_reserve(keyring, 964 sizeof(struct keyring_list)); 965 966 rcu_assign_pointer(keyring->payload.subscriptions, 967 NULL); 968 } 969 970 up_write(&keyring->sem); 971 972 /* free the keys after the locks have been dropped */ 973 if (klist) 974 call_rcu(&klist->rcu, keyring_clear_rcu_disposal); 975 976 ret = 0; 977 } 978 979 return ret; 980 981 } /* end keyring_clear() */ 982 983 EXPORT_SYMBOL(keyring_clear); 984 985 /*****************************************************************************/ 986 /* 987 * dispose of the links from a revoked keyring 988 * - called with the key sem write-locked 989 */ 990 static void keyring_revoke(struct key *keyring) 991 { 992 struct keyring_list *klist = keyring->payload.subscriptions; 993 994 /* adjust the quota */ 995 key_payload_reserve(keyring, 0); 996 997 if (klist) { 998 rcu_assign_pointer(keyring->payload.subscriptions, NULL); 999 call_rcu(&klist->rcu, keyring_clear_rcu_disposal); 1000 } 1001 1002 } /* end keyring_revoke() */ 1003