projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
drivers: power: report battery voltage in AOSP compatible format
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / security / keys / keyring.c
... / ...
CommitLineData
1/* Keyring handling
2 *
3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/sched.h>
15#include <linux/slab.h>
16#include <linux/security.h>
17#include <linux/seq_file.h>
18#include <linux/err.h>
19#include <keys/keyring-type.h>
20#include <linux/uaccess.h>
21#include "internal.h"
22
23#define rcu_dereference_locked_keyring(keyring) \
24 (rcu_dereference_protected( \
25 (keyring)->payload.subscriptions, \
26 rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))
27
28#define rcu_deref_link_locked(klist, index, keyring) \
29 (rcu_dereference_protected( \
30 (klist)->keys[index], \
31 rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))
32
33#define MAX_KEYRING_LINKS \
34 min_t(size_t, USHRT_MAX - 1, \
35 ((PAGE_SIZE - sizeof(struct keyring_list)) / sizeof(struct key *)))
36
37#define KEY_LINK_FIXQUOTA 1UL
38
39/*
40 * When plumbing the depths of the key tree, this sets a hard limit
41 * set on how deep we're willing to go.
42 */
43#define KEYRING_SEARCH_MAX_DEPTH 6
44
45/*
46 * We keep all named keyrings in a hash to speed looking them up.
47 */
48#define KEYRING_NAME_HASH_SIZE (1 << 5)
49
50static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE];
51static DEFINE_RWLOCK(keyring_name_lock);
52
53static inline unsigned keyring_hash(const char *desc)
54{
55 unsigned bucket = 0;
56
57 for (; *desc; desc++)
58 bucket += (unsigned char)*desc;
59
60 return bucket & (KEYRING_NAME_HASH_SIZE - 1);
61}
62
63/*
64 * The keyring key type definition. Keyrings are simply keys of this type and
65 * can be treated as ordinary keys in addition to having their own special
66 * operations.
67 */
68static int keyring_instantiate(struct key *keyring,
69 struct key_preparsed_payload *prep);
70static int keyring_match(const struct key *keyring, const void *criterion);
71static void keyring_revoke(struct key *keyring);
72static void keyring_destroy(struct key *keyring);
73static void keyring_describe(const struct key *keyring, struct seq_file *m);
74static long keyring_read(const struct key *keyring,
75 char __user *buffer, size_t buflen);
76
77struct key_type key_type_keyring = {
78 .name = "keyring",
79 .def_datalen = sizeof(struct keyring_list),
80 .instantiate = keyring_instantiate,
81 .match = keyring_match,
82 .revoke = keyring_revoke,
83 .destroy = keyring_destroy,
84 .describe = keyring_describe,
85 .read = keyring_read,
86};
87EXPORT_SYMBOL(key_type_keyring);
88
89/*
90 * Semaphore to serialise link/link calls to prevent two link calls in parallel
91 * introducing a cycle.
92 */
93static DECLARE_RWSEM(keyring_serialise_link_sem);
94
95/*
96 * Publish the name of a keyring so that it can be found by name (if it has
97 * one).
98 */
99static void keyring_publish_name(struct key *keyring)
100{
101 int bucket;
102
103 if (keyring->description) {
104 bucket = keyring_hash(keyring->description);
105
106 write_lock(&keyring_name_lock);
107
108 if (!keyring_name_hash[bucket].next)
109 INIT_LIST_HEAD(&keyring_name_hash[bucket]);
110
111 list_add_tail(&keyring->type_data.link,
112 &keyring_name_hash[bucket]);
113
114 write_unlock(&keyring_name_lock);
115 }
116}
117
118/*
119 * Initialise a keyring.
120 *
121 * Returns 0 on success, -EINVAL if given any data.
122 */
123static int keyring_instantiate(struct key *keyring,
124 struct key_preparsed_payload *prep)
125{
126 int ret;
127
128 ret = -EINVAL;
129 if (prep->datalen == 0) {
130 /* make the keyring available by name if it has one */
131 keyring_publish_name(keyring);
132 ret = 0;
133 }
134
135 return ret;
136}
137
138/*
139 * Match keyrings on their name
140 */
141static int keyring_match(const struct key *keyring, const void *description)
142{
143 return keyring->description &&
144 strcmp(keyring->description, description) == 0;
145}
146
147/*
148 * Clean up a keyring when it is destroyed. Unpublish its name if it had one
149 * and dispose of its data.
150 *
151 * The garbage collector detects the final key_put(), removes the keyring from
152 * the serial number tree and then does RCU synchronisation before coming here,
153 * so we shouldn't need to worry about code poking around here with the RCU
154 * readlock held by this time.
155 */
156static void keyring_destroy(struct key *keyring)
157{
158 struct keyring_list *klist;
159 int loop;
160
161 if (keyring->description) {
162 write_lock(&keyring_name_lock);
163
164 if (keyring->type_data.link.next != NULL &&
165 !list_empty(&keyring->type_data.link))
166 list_del(&keyring->type_data.link);
167
168 write_unlock(&keyring_name_lock);
169 }
170
171 klist = rcu_access_pointer(keyring->payload.subscriptions);
172 if (klist) {
173 for (loop = klist->nkeys - 1; loop >= 0; loop--)
174 key_put(rcu_access_pointer(klist->keys[loop]));
175 kfree(klist);
176 }
177}
178
179/*
180 * Describe a keyring for /proc.
181 */
182static void keyring_describe(const struct key *keyring, struct seq_file *m)
183{
184 struct keyring_list *klist;
185
186 if (keyring->description)
187 seq_puts(m, keyring->description);
188 else
189 seq_puts(m, "[anon]");
190
191 if (key_is_instantiated(keyring)) {
192 rcu_read_lock();
193 klist = rcu_dereference(keyring->payload.subscriptions);
194 if (klist)
195 seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys);
196 else
197 seq_puts(m, ": empty");
198 rcu_read_unlock();
199 }
200}
201
202/*
203 * Read a list of key IDs from the keyring's contents in binary form
204 *
205 * The keyring's semaphore is read-locked by the caller.
206 */
207static long keyring_read(const struct key *keyring,
208 char __user *buffer, size_t buflen)
209{
210 struct keyring_list *klist;
211 struct key *key;
212 size_t qty, tmp;
213 int loop, ret;
214
215 ret = 0;
216 klist = rcu_dereference_locked_keyring(keyring);
217 if (klist) {
218 /* calculate how much data we could return */
219 qty = klist->nkeys * sizeof(key_serial_t);
220
221 if (buffer && buflen > 0) {
222 if (buflen > qty)
223 buflen = qty;
224
225 /* copy the IDs of the subscribed keys into the
226 * buffer */
227 ret = -EFAULT;
228
229 for (loop = 0; loop < klist->nkeys; loop++) {
230 key = rcu_deref_link_locked(klist, loop,
231 keyring);
232
233 tmp = sizeof(key_serial_t);
234 if (tmp > buflen)
235 tmp = buflen;
236
237 if (copy_to_user(buffer,
238 &key->serial,
239 tmp) != 0)
240 goto error;
241
242 buflen -= tmp;
243 if (buflen == 0)
244 break;
245 buffer += tmp;
246 }
247 }
248
249 ret = qty;
250 }
251
252error:
253 return ret;
254}
255
256/*
257 * Allocate a keyring and link into the destination keyring.
258 */
259struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
260 const struct cred *cred, key_perm_t perm,
261 unsigned long flags, struct key *dest)
262{
263 struct key *keyring;
264 int ret;
265
266 keyring = key_alloc(&key_type_keyring, description,
267 uid, gid, cred, perm, flags);
268 if (!IS_ERR(keyring)) {
269 ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);
270 if (ret < 0) {
271 key_put(keyring);
272 keyring = ERR_PTR(ret);
273 }
274 }
275
276 return keyring;
277}
278EXPORT_SYMBOL(keyring_alloc);
279
280/**
281 * keyring_search_aux - Search a keyring tree for a key matching some criteria
282 * @keyring_ref: A pointer to the keyring with possession indicator.
283 * @cred: The credentials to use for permissions checks.
284 * @type: The type of key to search for.
285 * @description: Parameter for @match.
286 * @match: Function to rule on whether or not a key is the one required.
287 * @no_state_check: Don't check if a matching key is bad
288 *
289 * Search the supplied keyring tree for a key that matches the criteria given.
290 * The root keyring and any linked keyrings must grant Search permission to the
291 * caller to be searchable and keys can only be found if they too grant Search
292 * to the caller. The possession flag on the root keyring pointer controls use
293 * of the possessor bits in permissions checking of the entire tree. In
294 * addition, the LSM gets to forbid keyring searches and key matches.
295 *
296 * The search is performed as a breadth-then-depth search up to the prescribed
297 * limit (KEYRING_SEARCH_MAX_DEPTH).
298 *
299 * Keys are matched to the type provided and are then filtered by the match
300 * function, which is given the description to use in any way it sees fit. The
301 * match function may use any attributes of a key that it wishes to to
302 * determine the match. Normally the match function from the key type would be
303 * used.
304 *
305 * RCU is used to prevent the keyring key lists from disappearing without the
306 * need to take lots of locks.
307 *
308 * Returns a pointer to the found key and increments the key usage count if
309 * successful; -EAGAIN if no matching keys were found, or if expired or revoked
310 * keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the
311 * specified keyring wasn't a keyring.
312 *
313 * In the case of a successful return, the possession attribute from
314 * @keyring_ref is propagated to the returned key reference.
315 */
316key_ref_t keyring_search_aux(key_ref_t keyring_ref,
317 const struct cred *cred,
318 struct key_type *type,
319 const void *description,
320 key_match_func_t match,
321 bool no_state_check)
322{
323 struct {
324 /* Need a separate keylist pointer for RCU purposes */
325 struct key *keyring;
326 struct keyring_list *keylist;
327 int kix;
328 } stack[KEYRING_SEARCH_MAX_DEPTH];
329
330 struct keyring_list *keylist;
331 struct timespec now;
332 unsigned long possessed, kflags;
333 struct key *keyring, *key;
334 key_ref_t key_ref;
335 long err;
336 int sp, nkeys, kix;
337
338 keyring = key_ref_to_ptr(keyring_ref);
339 possessed = is_key_possessed(keyring_ref);
340 key_check(keyring);
341
342 /* top keyring must have search permission to begin the search */
343 err = key_task_permission(keyring_ref, cred, KEY_SEARCH);
344 if (err < 0) {
345 key_ref = ERR_PTR(err);
346 goto error;
347 }
348
349 key_ref = ERR_PTR(-ENOTDIR);
350 if (keyring->type != &key_type_keyring)
351 goto error;
352
353 rcu_read_lock();
354
355 now = current_kernel_time();
356 err = -EAGAIN;
357 sp = 0;
358
359 /* firstly we should check to see if this top-level keyring is what we
360 * are looking for */
361 key_ref = ERR_PTR(-EAGAIN);
362 kflags = keyring->flags;
363 if (keyring->type == type && match(keyring, description)) {
364 key = keyring;
365 if (no_state_check)
366 goto found;
367
368 /* check it isn't negative and hasn't expired or been
369 * revoked */
370 if (kflags & (1 << KEY_FLAG_REVOKED))
371 goto error_2;
372 if (key->expiry && now.tv_sec >= key->expiry)
373 goto error_2;
374 key_ref = ERR_PTR(key->type_data.reject_error);
375 if (kflags & (1 << KEY_FLAG_NEGATIVE))
376 goto error_2;
377 goto found;
378 }
379
380 /* otherwise, the top keyring must not be revoked, expired, or
381 * negatively instantiated if we are to search it */
382 key_ref = ERR_PTR(-EAGAIN);
383 if (kflags & ((1 << KEY_FLAG_INVALIDATED) |
384 (1 << KEY_FLAG_REVOKED) |
385 (1 << KEY_FLAG_NEGATIVE)) ||
386 (keyring->expiry && now.tv_sec >= keyring->expiry))
387 goto error_2;
388
389 /* start processing a new keyring */
390descend:
391 kflags = keyring->flags;
392 if (kflags & ((1 << KEY_FLAG_INVALIDATED) |
393 (1 << KEY_FLAG_REVOKED)))
394 goto not_this_keyring;
395
396 keylist = rcu_dereference(keyring->payload.subscriptions);
397 if (!keylist)
398 goto not_this_keyring;
399
400 /* iterate through the keys in this keyring first */
401 nkeys = keylist->nkeys;
402 smp_rmb();
403 for (kix = 0; kix < nkeys; kix++) {
404 key = rcu_dereference(keylist->keys[kix]);
405 kflags = key->flags;
406
407 /* ignore keys not of this type */
408 if (key->type != type)
409 continue;
410
411 /* skip invalidated, revoked and expired keys */
412 if (!no_state_check) {
413 if (kflags & ((1 << KEY_FLAG_INVALIDATED) |
414 (1 << KEY_FLAG_REVOKED)))
415 continue;
416
417 if (key->expiry && now.tv_sec >= key->expiry)
418 continue;
419 }
420
421 /* keys that don't match */
422 if (!match(key, description))
423 continue;
424
425 /* key must have search permissions */
426 if (key_task_permission(make_key_ref(key, possessed),
427 cred, KEY_SEARCH) < 0)
428 continue;
429
430 if (no_state_check)
431 goto found;
432
433 /* we set a different error code if we pass a negative key */
434 if (kflags & (1 << KEY_FLAG_NEGATIVE)) {
435 err = key->type_data.reject_error;
436 continue;
437 }
438
439 goto found;
440 }
441
442 /* search through the keyrings nested in this one */
443 kix = 0;
444ascend:
445 nkeys = keylist->nkeys;
446 smp_rmb();
447 for (; kix < nkeys; kix++) {
448 key = rcu_dereference(keylist->keys[kix]);
449 if (key->type != &key_type_keyring)
450 continue;
451
452 /* recursively search nested keyrings
453 * - only search keyrings for which we have search permission
454 */
455 if (sp >= KEYRING_SEARCH_MAX_DEPTH)
456 continue;
457
458 if (key_task_permission(make_key_ref(key, possessed),
459 cred, KEY_SEARCH) < 0)
460 continue;
461
462 /* stack the current position */
463 stack[sp].keyring = keyring;
464 stack[sp].keylist = keylist;
465 stack[sp].kix = kix;
466 sp++;
467
468 /* begin again with the new keyring */
469 keyring = key;
470 goto descend;
471 }
472
473 /* the keyring we're looking at was disqualified or didn't contain a
474 * matching key */
475not_this_keyring:
476 if (sp > 0) {
477 /* resume the processing of a keyring higher up in the tree */
478 sp--;
479 keyring = stack[sp].keyring;
480 keylist = stack[sp].keylist;
481 kix = stack[sp].kix + 1;
482 goto ascend;
483 }
484
485 key_ref = ERR_PTR(err);
486 goto error_2;
487
488 /* we found a viable match */
489found:
490 atomic_inc(&key->usage);
491 key->last_used_at = now.tv_sec;
492 keyring->last_used_at = now.tv_sec;
493 while (sp > 0)
494 stack[--sp].keyring->last_used_at = now.tv_sec;
495 key_check(key);
496 key_ref = make_key_ref(key, possessed);
497error_2:
498 rcu_read_unlock();
499error:
500 return key_ref;
501}
502
503/**
504 * keyring_search - Search the supplied keyring tree for a matching key
505 * @keyring: The root of the keyring tree to be searched.
506 * @type: The type of keyring we want to find.
507 * @description: The name of the keyring we want to find.
508 *
509 * As keyring_search_aux() above, but using the current task's credentials and
510 * type's default matching function.
511 */
512key_ref_t keyring_search(key_ref_t keyring,
513 struct key_type *type,
514 const char *description)
515{
516 if (!type->match)
517 return ERR_PTR(-ENOKEY);
518
519 return keyring_search_aux(keyring, current->cred,
520 type, description, type->match, false);
521}
522EXPORT_SYMBOL(keyring_search);
523
524/*
525 * Search the given keyring only (no recursion).
526 *
527 * The caller must guarantee that the keyring is a keyring and that the
528 * permission is granted to search the keyring as no check is made here.
529 *
530 * RCU is used to make it unnecessary to lock the keyring key list here.
531 *
532 * Returns a pointer to the found key with usage count incremented if
533 * successful and returns -ENOKEY if not found. Revoked keys and keys not
534 * providing the requested permission are skipped over.
535 *
536 * If successful, the possession indicator is propagated from the keyring ref
537 * to the returned key reference.
538 */
539key_ref_t __keyring_search_one(key_ref_t keyring_ref,
540 const struct key_type *ktype,
541 const char *description,
542 key_perm_t perm)
543{
544 struct keyring_list *klist;
545 unsigned long possessed;
546 struct key *keyring, *key;
547 int nkeys, loop;
548
549 keyring = key_ref_to_ptr(keyring_ref);
550 possessed = is_key_possessed(keyring_ref);
551
552 rcu_read_lock();
553
554 klist = rcu_dereference(keyring->payload.subscriptions);
555 if (klist) {
556 nkeys = klist->nkeys;
557 smp_rmb();
558 for (loop = 0; loop < nkeys ; loop++) {
559 key = rcu_dereference(klist->keys[loop]);
560 if (key->type == ktype &&
561 (!key->type->match ||
562 key->type->match(key, description)) &&
563 key_permission(make_key_ref(key, possessed),
564 perm) == 0 &&
565 !(key->flags & ((1 << KEY_FLAG_INVALIDATED) |
566 (1 << KEY_FLAG_REVOKED)))
567 )
568 goto found;
569 }
570 }
571
572 rcu_read_unlock();
573 return ERR_PTR(-ENOKEY);
574
575found:
576 atomic_inc(&key->usage);
577 keyring->last_used_at = key->last_used_at =
578 current_kernel_time().tv_sec;
579 rcu_read_unlock();
580 return make_key_ref(key, possessed);
581}
582
583/*
584 * Find a keyring with the specified name.
585 *
586 * Only keyrings that have nonzero refcount, are not revoked, and are owned by a
587 * user in the current user namespace are considered. If @uid_keyring is %true,
588 * the keyring additionally must have been allocated as a user or user session
589 * keyring; otherwise, it must grant Search permission directly to the caller.
590 *
591 * Returns a pointer to the keyring with the keyring's refcount having being
592 * incremented on success. -ENOKEY is returned if a key could not be found.
593 */
594struct key *find_keyring_by_name(const char *name, bool uid_keyring)
595{
596 struct key *keyring;
597 int bucket;
598
599 if (!name)
600 return ERR_PTR(-EINVAL);
601
602 bucket = keyring_hash(name);
603
604 read_lock(&keyring_name_lock);
605
606 if (keyring_name_hash[bucket].next) {
607 /* search this hash bucket for a keyring with a matching name
608 * that's readable and that hasn't been revoked */
609 list_for_each_entry(keyring,
610 &keyring_name_hash[bucket],
611 type_data.link
612 ) {
613 if (!kuid_has_mapping(current_user_ns(), keyring->user->uid))
614 continue;
615
616 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
617 continue;
618
619 if (strcmp(keyring->description, name) != 0)
620 continue;
621
622 if (uid_keyring) {
623 if (!test_bit(KEY_FLAG_UID_KEYRING,
624 &keyring->flags))
625 continue;
626 } else {
627 if (key_permission(make_key_ref(keyring, 0),
628 KEY_SEARCH) < 0)
629 continue;
630 }
631
632 /* we've got a match but we might end up racing with
633 * key_cleanup() if the keyring is currently 'dead'
634 * (ie. it has a zero usage count) */
635 if (!atomic_inc_not_zero(&keyring->usage))
636 continue;
637 keyring->last_used_at = current_kernel_time().tv_sec;
638 goto out;
639 }
640 }
641
642 keyring = ERR_PTR(-ENOKEY);
643out:
644 read_unlock(&keyring_name_lock);
645 return keyring;
646}
647
648/*
649 * See if a cycle will will be created by inserting acyclic tree B in acyclic
650 * tree A at the topmost level (ie: as a direct child of A).
651 *
652 * Since we are adding B to A at the top level, checking for cycles should just
653 * be a matter of seeing if node A is somewhere in tree B.
654 */
655static int keyring_detect_cycle(struct key *A, struct key *B)
656{
657 struct {
658 struct keyring_list *keylist;
659 int kix;
660 } stack[KEYRING_SEARCH_MAX_DEPTH];
661
662 struct keyring_list *keylist;
663 struct key *subtree, *key;
664 int sp, nkeys, kix, ret;
665
666 rcu_read_lock();
667
668 ret = -EDEADLK;
669 if (A == B)
670 goto cycle_detected;
671
672 subtree = B;
673 sp = 0;
674
675 /* start processing a new keyring */
676descend:
677 if (test_bit(KEY_FLAG_REVOKED, &subtree->flags))
678 goto not_this_keyring;
679
680 keylist = rcu_dereference(subtree->payload.subscriptions);
681 if (!keylist)
682 goto not_this_keyring;
683 kix = 0;
684
685ascend:
686 /* iterate through the remaining keys in this keyring */
687 nkeys = keylist->nkeys;
688 smp_rmb();
689 for (; kix < nkeys; kix++) {
690 key = rcu_dereference(keylist->keys[kix]);
691
692 if (key == A)
693 goto cycle_detected;
694
695 /* recursively check nested keyrings */
696 if (key->type == &key_type_keyring) {
697 if (sp >= KEYRING_SEARCH_MAX_DEPTH)
698 goto too_deep;
699
700 /* stack the current position */
701 stack[sp].keylist = keylist;
702 stack[sp].kix = kix;
703 sp++;
704
705 /* begin again with the new keyring */
706 subtree = key;
707 goto descend;
708 }
709 }
710
711 /* the keyring we're looking at was disqualified or didn't contain a
712 * matching key */
713not_this_keyring:
714 if (sp > 0) {
715 /* resume the checking of a keyring higher up in the tree */
716 sp--;
717 keylist = stack[sp].keylist;
718 kix = stack[sp].kix + 1;
719 goto ascend;
720 }
721
722 ret = 0; /* no cycles detected */
723
724error:
725 rcu_read_unlock();
726 return ret;
727
728too_deep:
729 ret = -ELOOP;
730 goto error;
731
732cycle_detected:
733 ret = -EDEADLK;
734 goto error;
735}
736
737/*
738 * Dispose of a keyring list after the RCU grace period, freeing the unlinked
739 * key
740 */
741static void keyring_unlink_rcu_disposal(struct rcu_head *rcu)
742{
743 struct keyring_list *klist =
744 container_of(rcu, struct keyring_list, rcu);
745
746 if (klist->delkey != USHRT_MAX)
747 key_put(rcu_access_pointer(klist->keys[klist->delkey]));
748 kfree(klist);
749}
750
751/*
752 * Preallocate memory so that a key can be linked into to a keyring.
753 */
754int __key_link_begin(struct key *keyring, const struct key_type *type,
755 const char *description, unsigned long *_prealloc)
756 __acquires(&keyring->sem)
757 __acquires(&keyring_serialise_link_sem)
758{
759 struct keyring_list *klist, *nklist;
760 unsigned long prealloc;
761 unsigned max;
762 time_t lowest_lru;
763 size_t size;
764 int loop, lru, ret;
765
766 kenter("%d,%s,%s,", key_serial(keyring), type->name, description);
767
768 if (keyring->type != &key_type_keyring)
769 return -ENOTDIR;
770
771 down_write(&keyring->sem);
772
773 ret = -EKEYREVOKED;
774 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
775 goto error_krsem;
776
777 /* serialise link/link calls to prevent parallel calls causing a cycle
778 * when linking two keyring in opposite orders */
779 if (type == &key_type_keyring)
780 down_write(&keyring_serialise_link_sem);
781
782 klist = rcu_dereference_locked_keyring(keyring);
783
784 /* see if there's a matching key we can displace */
785 lru = -1;
786 if (klist && klist->nkeys > 0) {
787 lowest_lru = TIME_T_MAX;
788 for (loop = klist->nkeys - 1; loop >= 0; loop--) {
789 struct key *key = rcu_deref_link_locked(klist, loop,
790 keyring);
791 if (key->type == type &&
792 strcmp(key->description, description) == 0) {
793 /* Found a match - we'll replace the link with
794 * one to the new key. We record the slot
795 * position.
796 */
797 klist->delkey = loop;
798 prealloc = 0;
799 goto done;
800 }
801 if (key->last_used_at < lowest_lru) {
802 lowest_lru = key->last_used_at;
803 lru = loop;
804 }
805 }
806 }
807
808 /* If the keyring is full then do an LRU discard */
809 if (klist &&
810 klist->nkeys == klist->maxkeys &&
811 klist->maxkeys >= MAX_KEYRING_LINKS) {
812 kdebug("LRU discard %d\n", lru);
813 klist->delkey = lru;
814 prealloc = 0;
815 goto done;
816 }
817
818 /* check that we aren't going to overrun the user's quota */
819 ret = key_payload_reserve(keyring,
820 keyring->datalen + KEYQUOTA_LINK_BYTES);
821 if (ret < 0)
822 goto error_sem;
823
824 if (klist && klist->nkeys < klist->maxkeys) {
825 /* there's sufficient slack space to append directly */
826 klist->delkey = klist->nkeys;
827 prealloc = KEY_LINK_FIXQUOTA;
828 } else {
829 /* grow the key list */
830 max = 4;
831 if (klist) {
832 max += klist->maxkeys;
833 if (max > MAX_KEYRING_LINKS)
834 max = MAX_KEYRING_LINKS;
835 BUG_ON(max <= klist->maxkeys);
836 }
837
838 size = sizeof(*klist) + sizeof(struct key *) * max;
839
840 ret = -ENOMEM;
841 nklist = kmalloc(size, GFP_KERNEL);
842 if (!nklist)
843 goto error_quota;
844
845 nklist->maxkeys = max;
846 if (klist) {
847 memcpy(nklist->keys, klist->keys,
848 sizeof(struct key *) * klist->nkeys);
849 nklist->delkey = klist->nkeys;
850 nklist->nkeys = klist->nkeys + 1;
851 klist->delkey = USHRT_MAX;
852 } else {
853 nklist->nkeys = 1;
854 nklist->delkey = 0;
855 }
856
857 /* add the key into the new space */
858 RCU_INIT_POINTER(nklist->keys[nklist->delkey], NULL);
859 prealloc = (unsigned long)nklist | KEY_LINK_FIXQUOTA;
860 }
861
862done:
863 *_prealloc = prealloc;
864 kleave(" = 0");
865 return 0;
866
867error_quota:
868 /* undo the quota changes */
869 key_payload_reserve(keyring,
870 keyring->datalen - KEYQUOTA_LINK_BYTES);
871error_sem:
872 if (type == &key_type_keyring)
873 up_write(&keyring_serialise_link_sem);
874error_krsem:
875 up_write(&keyring->sem);
876 kleave(" = %d", ret);
877 return ret;
878}
879
880/*
881 * Check already instantiated keys aren't going to be a problem.
882 *
883 * The caller must have called __key_link_begin(). Don't need to call this for
884 * keys that were created since __key_link_begin() was called.
885 */
886int __key_link_check_live_key(struct key *keyring, struct key *key)
887{
888 if (key->type == &key_type_keyring)
889 /* check that we aren't going to create a cycle by linking one
890 * keyring to another */
891 return keyring_detect_cycle(keyring, key);
892 return 0;
893}
894
895/*
896 * Link a key into to a keyring.
897 *
898 * Must be called with __key_link_begin() having being called. Discards any
899 * already extant link to matching key if there is one, so that each keyring
900 * holds at most one link to any given key of a particular type+description
901 * combination.
902 */
903void __key_link(struct key *keyring, struct key *key,
904 unsigned long *_prealloc)
905{
906 struct keyring_list *klist, *nklist;
907 struct key *discard;
908
909 nklist = (struct keyring_list *)(*_prealloc & ~KEY_LINK_FIXQUOTA);
910 *_prealloc = 0;
911
912 kenter("%d,%d,%p", keyring->serial, key->serial, nklist);
913
914 klist = rcu_dereference_locked_keyring(keyring);
915
916 atomic_inc(&key->usage);
917 keyring->last_used_at = key->last_used_at =
918 current_kernel_time().tv_sec;
919
920 /* there's a matching key we can displace or an empty slot in a newly
921 * allocated list we can fill */
922 if (nklist) {
923 kdebug("reissue %hu/%hu/%hu",
924 nklist->delkey, nklist->nkeys, nklist->maxkeys);
925
926 RCU_INIT_POINTER(nklist->keys[nklist->delkey], key);
927
928 rcu_assign_pointer(keyring->payload.subscriptions, nklist);
929
930 /* dispose of the old keyring list and, if there was one, the
931 * displaced key */
932 if (klist) {
933 kdebug("dispose %hu/%hu/%hu",
934 klist->delkey, klist->nkeys, klist->maxkeys);
935 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
936 }
937 } else if (klist->delkey < klist->nkeys) {
938 kdebug("replace %hu/%hu/%hu",
939 klist->delkey, klist->nkeys, klist->maxkeys);
940
941 discard = rcu_dereference_protected(
942 klist->keys[klist->delkey],
943 rwsem_is_locked(&keyring->sem));
944 rcu_assign_pointer(klist->keys[klist->delkey], key);
945 /* The garbage collector will take care of RCU
946 * synchronisation */
947 key_put(discard);
948 } else {
949 /* there's sufficient slack space to append directly */
950 kdebug("append %hu/%hu/%hu",
951 klist->delkey, klist->nkeys, klist->maxkeys);
952
953 RCU_INIT_POINTER(klist->keys[klist->delkey], key);
954 smp_wmb();
955 klist->nkeys++;
956 }
957}
958
959/*
960 * Finish linking a key into to a keyring.
961 *
962 * Must be called with __key_link_begin() having being called.
963 */
964void __key_link_end(struct key *keyring, struct key_type *type,
965 unsigned long prealloc)
966 __releases(&keyring->sem)
967 __releases(&keyring_serialise_link_sem)
968{
969 BUG_ON(type == NULL);
970 BUG_ON(type->name == NULL);
971 kenter("%d,%s,%lx", keyring->serial, type->name, prealloc);
972
973 if (type == &key_type_keyring)
974 up_write(&keyring_serialise_link_sem);
975
976 if (prealloc) {
977 if (prealloc & KEY_LINK_FIXQUOTA)
978 key_payload_reserve(keyring,
979 keyring->datalen -
980 KEYQUOTA_LINK_BYTES);
981 kfree((struct keyring_list *)(prealloc & ~KEY_LINK_FIXQUOTA));
982 }
983 up_write(&keyring->sem);
984}
985
986/**
987 * key_link - Link a key to a keyring
988 * @keyring: The keyring to make the link in.
989 * @key: The key to link to.
990 *
991 * Make a link in a keyring to a key, such that the keyring holds a reference
992 * on that key and the key can potentially be found by searching that keyring.
993 *
994 * This function will write-lock the keyring's semaphore and will consume some
995 * of the user's key data quota to hold the link.
996 *
997 * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring,
998 * -EKEYREVOKED if the keyring has been revoked, -ENFILE if the keyring is
999 * full, -EDQUOT if there is insufficient key data quota remaining to add
1000 * another link or -ENOMEM if there's insufficient memory.
1001 *
1002 * It is assumed that the caller has checked that it is permitted for a link to
1003 * be made (the keyring should have Write permission and the key Link
1004 * permission).
1005 */
1006int key_link(struct key *keyring, struct key *key)
1007{
1008 unsigned long prealloc;
1009 int ret;
1010
1011 key_check(keyring);
1012 key_check(key);
1013
1014 ret = __key_link_begin(keyring, key->type, key->description, &prealloc);
1015 if (ret == 0) {
1016 ret = __key_link_check_live_key(keyring, key);
1017 if (ret == 0)
1018 __key_link(keyring, key, &prealloc);
1019 __key_link_end(keyring, key->type, prealloc);
1020 }
1021
1022 return ret;
1023}
1024EXPORT_SYMBOL(key_link);
1025
1026/**
1027 * key_unlink - Unlink the first link to a key from a keyring.
1028 * @keyring: The keyring to remove the link from.
1029 * @key: The key the link is to.
1030 *
1031 * Remove a link from a keyring to a key.
1032 *
1033 * This function will write-lock the keyring's semaphore.
1034 *
1035 * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring, -ENOENT if
1036 * the key isn't linked to by the keyring or -ENOMEM if there's insufficient
1037 * memory.
1038 *
1039 * It is assumed that the caller has checked that it is permitted for a link to
1040 * be removed (the keyring should have Write permission; no permissions are
1041 * required on the key).
1042 */
1043int key_unlink(struct key *keyring, struct key *key)
1044{
1045 struct keyring_list *klist, *nklist;
1046 int loop, ret;
1047
1048 key_check(keyring);
1049 key_check(key);
1050
1051 ret = -ENOTDIR;
1052 if (keyring->type != &key_type_keyring)
1053 goto error;
1054
1055 down_write(&keyring->sem);
1056
1057 klist = rcu_dereference_locked_keyring(keyring);
1058 if (klist) {
1059 /* search the keyring for the key */
1060 for (loop = 0; loop < klist->nkeys; loop++)
1061 if (rcu_access_pointer(klist->keys[loop]) == key)
1062 goto key_is_present;
1063 }
1064
1065 up_write(&keyring->sem);
1066 ret = -ENOENT;
1067 goto error;
1068
1069key_is_present:
1070 /* we need to copy the key list for RCU purposes */
1071 nklist = kmalloc(sizeof(*klist) +
1072 sizeof(struct key *) * klist->maxkeys,
1073 GFP_KERNEL);
1074 if (!nklist)
1075 goto nomem;
1076 nklist->maxkeys = klist->maxkeys;
1077 nklist->nkeys = klist->nkeys - 1;
1078
1079 if (loop > 0)
1080 memcpy(&nklist->keys[0],
1081 &klist->keys[0],
1082 loop * sizeof(struct key *));
1083
1084 if (loop < nklist->nkeys)
1085 memcpy(&nklist->keys[loop],
1086 &klist->keys[loop + 1],
1087 (nklist->nkeys - loop) * sizeof(struct key *));
1088
1089 /* adjust the user's quota */
1090 key_payload_reserve(keyring,
1091 keyring->datalen - KEYQUOTA_LINK_BYTES);
1092
1093 rcu_assign_pointer(keyring->payload.subscriptions, nklist);
1094
1095 up_write(&keyring->sem);
1096
1097 /* schedule for later cleanup */
1098 klist->delkey = loop;
1099 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
1100
1101 ret = 0;
1102
1103error:
1104 return ret;
1105nomem:
1106 ret = -ENOMEM;
1107 up_write(&keyring->sem);
1108 goto error;
1109}
1110EXPORT_SYMBOL(key_unlink);
1111
1112/*
1113 * Dispose of a keyring list after the RCU grace period, releasing the keys it
1114 * links to.
1115 */
1116static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
1117{
1118 struct keyring_list *klist;
1119 int loop;
1120
1121 klist = container_of(rcu, struct keyring_list, rcu);
1122
1123 for (loop = klist->nkeys - 1; loop >= 0; loop--)
1124 key_put(rcu_access_pointer(klist->keys[loop]));
1125
1126 kfree(klist);
1127}
1128
1129/**
1130 * keyring_clear - Clear a keyring
1131 * @keyring: The keyring to clear.
1132 *
1133 * Clear the contents of the specified keyring.
1134 *
1135 * Returns 0 if successful or -ENOTDIR if the keyring isn't a keyring.
1136 */
1137int keyring_clear(struct key *keyring)
1138{
1139 struct keyring_list *klist;
1140 int ret;
1141
1142 ret = -ENOTDIR;
1143 if (keyring->type == &key_type_keyring) {
1144 /* detach the pointer block with the locks held */
1145 down_write(&keyring->sem);
1146
1147 klist = rcu_dereference_locked_keyring(keyring);
1148 if (klist) {
1149 /* adjust the quota */
1150 key_payload_reserve(keyring,
1151 sizeof(struct keyring_list));
1152
1153 rcu_assign_pointer(keyring->payload.subscriptions,
1154 NULL);
1155 }
1156
1157 up_write(&keyring->sem);
1158
1159 /* free the keys after the locks have been dropped */
1160 if (klist)
1161 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1162
1163 ret = 0;
1164 }
1165
1166 return ret;
1167}
1168EXPORT_SYMBOL(keyring_clear);
1169
1170/*
1171 * Dispose of the links from a revoked keyring.
1172 *
1173 * This is called with the key sem write-locked.
1174 */
1175static void keyring_revoke(struct key *keyring)
1176{
1177 struct keyring_list *klist;
1178
1179 klist = rcu_dereference_locked_keyring(keyring);
1180
1181 /* adjust the quota */
1182 key_payload_reserve(keyring, 0);
1183
1184 if (klist) {
1185 rcu_assign_pointer(keyring->payload.subscriptions, NULL);
1186 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1187 }
1188}
1189
1190/*
1191 * Collect garbage from the contents of a keyring, replacing the old list with
1192 * a new one with the pointers all shuffled down.
1193 *
1194 * Dead keys are classed as oned that are flagged as being dead or are revoked,
1195 * expired or negative keys that were revoked or expired before the specified
1196 * limit.
1197 */
1198void keyring_gc(struct key *keyring, time_t limit)
1199{
1200 struct keyring_list *klist, *new;
1201 struct key *key;
1202 int loop, keep, max;
1203
1204 kenter("{%x,%s}", key_serial(keyring), keyring->description);
1205
1206 down_write(&keyring->sem);
1207
1208 klist = rcu_dereference_locked_keyring(keyring);
1209 if (!klist)
1210 goto no_klist;
1211
1212 /* work out how many subscriptions we're keeping */
1213 keep = 0;
1214 for (loop = klist->nkeys - 1; loop >= 0; loop--)
1215 if (!key_is_dead(rcu_deref_link_locked(klist, loop, keyring),
1216 limit))
1217 keep++;
1218
1219 if (keep == klist->nkeys)
1220 goto just_return;
1221
1222 /* allocate a new keyring payload */
1223 max = roundup(keep, 4);
1224 new = kmalloc(sizeof(struct keyring_list) + max * sizeof(struct key *),
1225 GFP_KERNEL);
1226 if (!new)
1227 goto nomem;
1228 new->maxkeys = max;
1229 new->nkeys = 0;
1230 new->delkey = 0;
1231
1232 /* install the live keys
1233 * - must take care as expired keys may be updated back to life
1234 */
1235 keep = 0;
1236 for (loop = klist->nkeys - 1; loop >= 0; loop--) {
1237 key = rcu_deref_link_locked(klist, loop, keyring);
1238 if (!key_is_dead(key, limit)) {
1239 if (keep >= max)
1240 goto discard_new;
1241 RCU_INIT_POINTER(new->keys[keep++], key_get(key));
1242 }
1243 }
1244 new->nkeys = keep;
1245
1246 /* adjust the quota */
1247 key_payload_reserve(keyring,
1248 sizeof(struct keyring_list) +
1249 KEYQUOTA_LINK_BYTES * keep);
1250
1251 if (keep == 0) {
1252 rcu_assign_pointer(keyring->payload.subscriptions, NULL);
1253 kfree(new);
1254 } else {
1255 rcu_assign_pointer(keyring->payload.subscriptions, new);
1256 }
1257
1258 up_write(&keyring->sem);
1259
1260 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1261 kleave(" [yes]");
1262 return;
1263
1264discard_new:
1265 new->nkeys = keep;
1266 keyring_clear_rcu_disposal(&new->rcu);
1267 up_write(&keyring->sem);
1268 kleave(" [discard]");
1269 return;
1270
1271just_return:
1272 up_write(&keyring->sem);
1273 kleave(" [no dead]");
1274 return;
1275
1276no_klist:
1277 up_write(&keyring->sem);
1278 kleave(" [no_klist]");
1279 return;
1280
1281nomem:
1282 up_write(&keyring->sem);
1283 kleave(" [oom]");
1284}
kernel source for telekom puls (alcatel/mediatek)