David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 1 | /* Keyring handling |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 2 | * |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 3 | * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 4 | * Written by David Howells (dhowells@redhat.com) |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or |
| 7 | * modify it under the terms of the GNU General Public License |
| 8 | * as published by the Free Software Foundation; either version |
| 9 | * 2 of the License, or (at your option) any later version. |
| 10 | */ |
| 11 | |
| 12 | #include <linux/module.h> |
| 13 | #include <linux/init.h> |
| 14 | #include <linux/sched.h> |
| 15 | #include <linux/slab.h> |
David Howells | 29db919 | 2005-10-30 15:02:44 -0800 | [diff] [blame] | 16 | #include <linux/security.h> |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 17 | #include <linux/seq_file.h> |
| 18 | #include <linux/err.h> |
David Howells | e9e349b | 2008-11-14 10:39:13 +1100 | [diff] [blame] | 19 | #include <keys/keyring-type.h> |
Chihau Chau | 512ea3b | 2010-03-08 20:11:34 -0300 | [diff] [blame] | 20 | #include <linux/uaccess.h> |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 21 | #include "internal.h" |
| 22 | |
David Howells | f0641cb | 2010-04-30 14:32:18 +0100 | [diff] [blame] | 23 | #define rcu_dereference_locked_keyring(keyring) \ |
| 24 | (rcu_dereference_protected( \ |
| 25 | (keyring)->payload.subscriptions, \ |
| 26 | rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem))) |
| 27 | |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 28 | #define rcu_deref_link_locked(klist, index, keyring) \ |
| 29 | (rcu_dereference_protected( \ |
| 30 | (klist)->keys[index], \ |
| 31 | rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem))) |
| 32 | |
David Howells | ceb73c1 | 2011-01-25 16:34:28 +0000 | [diff] [blame] | 33 | #define KEY_LINK_FIXQUOTA 1UL |
| 34 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 35 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 36 | * When plumbing the depths of the key tree, this sets a hard limit |
| 37 | * set on how deep we're willing to go. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 38 | */ |
| 39 | #define KEYRING_SEARCH_MAX_DEPTH 6 |
| 40 | |
| 41 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 42 | * We keep all named keyrings in a hash to speed looking them up. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 43 | */ |
| 44 | #define KEYRING_NAME_HASH_SIZE (1 << 5) |
| 45 | |
| 46 | static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE]; |
| 47 | static DEFINE_RWLOCK(keyring_name_lock); |
| 48 | |
| 49 | static inline unsigned keyring_hash(const char *desc) |
| 50 | { |
| 51 | unsigned bucket = 0; |
| 52 | |
| 53 | for (; *desc; desc++) |
Justin P. Mattock | c5b60b5 | 2010-04-21 00:02:11 -0700 | [diff] [blame] | 54 | bucket += (unsigned char)*desc; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 55 | |
| 56 | return bucket & (KEYRING_NAME_HASH_SIZE - 1); |
| 57 | } |
| 58 | |
| 59 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 60 | * The keyring key type definition. Keyrings are simply keys of this type and |
| 61 | * can be treated as ordinary keys in addition to having their own special |
| 62 | * operations. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 63 | */ |
| 64 | static int keyring_instantiate(struct key *keyring, |
| 65 | const void *data, size_t datalen); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 66 | static int keyring_match(const struct key *keyring, const void *criterion); |
David Howells | 31204ed | 2006-06-26 00:24:51 -0700 | [diff] [blame] | 67 | static void keyring_revoke(struct key *keyring); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 68 | static void keyring_destroy(struct key *keyring); |
| 69 | static void keyring_describe(const struct key *keyring, struct seq_file *m); |
| 70 | static long keyring_read(const struct key *keyring, |
| 71 | char __user *buffer, size_t buflen); |
| 72 | |
| 73 | struct key_type key_type_keyring = { |
| 74 | .name = "keyring", |
| 75 | .def_datalen = sizeof(struct keyring_list), |
| 76 | .instantiate = keyring_instantiate, |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 77 | .match = keyring_match, |
David Howells | 31204ed | 2006-06-26 00:24:51 -0700 | [diff] [blame] | 78 | .revoke = keyring_revoke, |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 79 | .destroy = keyring_destroy, |
| 80 | .describe = keyring_describe, |
| 81 | .read = keyring_read, |
| 82 | }; |
David Howells | 7318226 | 2007-04-26 15:46:23 -0700 | [diff] [blame] | 83 | EXPORT_SYMBOL(key_type_keyring); |
| 84 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 85 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 86 | * Semaphore to serialise link/link calls to prevent two link calls in parallel |
| 87 | * introducing a cycle. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 88 | */ |
Adrian Bunk | 1ae8f40 | 2006-01-06 00:11:25 -0800 | [diff] [blame] | 89 | static DECLARE_RWSEM(keyring_serialise_link_sem); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 90 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 91 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 92 | * Publish the name of a keyring so that it can be found by name (if it has |
| 93 | * one). |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 94 | */ |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 95 | static void keyring_publish_name(struct key *keyring) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 96 | { |
| 97 | int bucket; |
| 98 | |
| 99 | if (keyring->description) { |
| 100 | bucket = keyring_hash(keyring->description); |
| 101 | |
| 102 | write_lock(&keyring_name_lock); |
| 103 | |
| 104 | if (!keyring_name_hash[bucket].next) |
| 105 | INIT_LIST_HEAD(&keyring_name_hash[bucket]); |
| 106 | |
| 107 | list_add_tail(&keyring->type_data.link, |
| 108 | &keyring_name_hash[bucket]); |
| 109 | |
| 110 | write_unlock(&keyring_name_lock); |
| 111 | } |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame] | 112 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 113 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 114 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 115 | * Initialise a keyring. |
| 116 | * |
| 117 | * Returns 0 on success, -EINVAL if given any data. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 118 | */ |
| 119 | static int keyring_instantiate(struct key *keyring, |
| 120 | const void *data, size_t datalen) |
| 121 | { |
| 122 | int ret; |
| 123 | |
| 124 | ret = -EINVAL; |
| 125 | if (datalen == 0) { |
| 126 | /* make the keyring available by name if it has one */ |
| 127 | keyring_publish_name(keyring); |
| 128 | ret = 0; |
| 129 | } |
| 130 | |
| 131 | return ret; |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame] | 132 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 133 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 134 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 135 | * Match keyrings on their name |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 136 | */ |
| 137 | static int keyring_match(const struct key *keyring, const void *description) |
| 138 | { |
| 139 | return keyring->description && |
| 140 | strcmp(keyring->description, description) == 0; |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame] | 141 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 142 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 143 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 144 | * Clean up a keyring when it is destroyed. Unpublish its name if it had one |
| 145 | * and dispose of its data. |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 146 | * |
| 147 | * The garbage collector detects the final key_put(), removes the keyring from |
| 148 | * the serial number tree and then does RCU synchronisation before coming here, |
| 149 | * so we shouldn't need to worry about code poking around here with the RCU |
| 150 | * readlock held by this time. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 151 | */ |
| 152 | static void keyring_destroy(struct key *keyring) |
| 153 | { |
| 154 | struct keyring_list *klist; |
| 155 | int loop; |
| 156 | |
| 157 | if (keyring->description) { |
| 158 | write_lock(&keyring_name_lock); |
David Howells | 94efe72 | 2005-08-04 13:07:07 -0700 | [diff] [blame] | 159 | |
| 160 | if (keyring->type_data.link.next != NULL && |
| 161 | !list_empty(&keyring->type_data.link)) |
| 162 | list_del(&keyring->type_data.link); |
| 163 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 164 | write_unlock(&keyring_name_lock); |
| 165 | } |
| 166 | |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 167 | klist = rcu_access_pointer(keyring->payload.subscriptions); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 168 | if (klist) { |
| 169 | for (loop = klist->nkeys - 1; loop >= 0; loop--) |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 170 | key_put(rcu_access_pointer(klist->keys[loop])); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 171 | kfree(klist); |
| 172 | } |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame] | 173 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 174 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 175 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 176 | * Describe a keyring for /proc. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 177 | */ |
| 178 | static void keyring_describe(const struct key *keyring, struct seq_file *m) |
| 179 | { |
| 180 | struct keyring_list *klist; |
| 181 | |
wzt.wzt@gmail.com | c856347 | 2010-03-04 21:26:23 +0800 | [diff] [blame] | 182 | if (keyring->description) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 183 | seq_puts(m, keyring->description); |
wzt.wzt@gmail.com | c856347 | 2010-03-04 21:26:23 +0800 | [diff] [blame] | 184 | else |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 185 | seq_puts(m, "[anon]"); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 186 | |
David Howells | 78b7280 | 2011-03-11 17:57:23 +0000 | [diff] [blame] | 187 | if (key_is_instantiated(keyring)) { |
| 188 | rcu_read_lock(); |
| 189 | klist = rcu_dereference(keyring->payload.subscriptions); |
| 190 | if (klist) |
| 191 | seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys); |
| 192 | else |
| 193 | seq_puts(m, ": empty"); |
| 194 | rcu_read_unlock(); |
| 195 | } |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame] | 196 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 197 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 198 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 199 | * Read a list of key IDs from the keyring's contents in binary form |
| 200 | * |
| 201 | * The keyring's semaphore is read-locked by the caller. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 202 | */ |
| 203 | static long keyring_read(const struct key *keyring, |
| 204 | char __user *buffer, size_t buflen) |
| 205 | { |
| 206 | struct keyring_list *klist; |
| 207 | struct key *key; |
| 208 | size_t qty, tmp; |
| 209 | int loop, ret; |
| 210 | |
| 211 | ret = 0; |
David Howells | f0641cb | 2010-04-30 14:32:18 +0100 | [diff] [blame] | 212 | klist = rcu_dereference_locked_keyring(keyring); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 213 | if (klist) { |
| 214 | /* calculate how much data we could return */ |
| 215 | qty = klist->nkeys * sizeof(key_serial_t); |
| 216 | |
| 217 | if (buffer && buflen > 0) { |
| 218 | if (buflen > qty) |
| 219 | buflen = qty; |
| 220 | |
| 221 | /* copy the IDs of the subscribed keys into the |
| 222 | * buffer */ |
| 223 | ret = -EFAULT; |
| 224 | |
| 225 | for (loop = 0; loop < klist->nkeys; loop++) { |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 226 | key = rcu_deref_link_locked(klist, loop, |
| 227 | keyring); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 228 | |
| 229 | tmp = sizeof(key_serial_t); |
| 230 | if (tmp > buflen) |
| 231 | tmp = buflen; |
| 232 | |
| 233 | if (copy_to_user(buffer, |
| 234 | &key->serial, |
| 235 | tmp) != 0) |
| 236 | goto error; |
| 237 | |
| 238 | buflen -= tmp; |
| 239 | if (buflen == 0) |
| 240 | break; |
| 241 | buffer += tmp; |
| 242 | } |
| 243 | } |
| 244 | |
| 245 | ret = qty; |
| 246 | } |
| 247 | |
Justin P. Mattock | c5b60b5 | 2010-04-21 00:02:11 -0700 | [diff] [blame] | 248 | error: |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 249 | return ret; |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame] | 250 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 251 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 252 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 253 | * Allocate a keyring and link into the destination keyring. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 254 | */ |
| 255 | struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 256 | const struct cred *cred, unsigned long flags, |
Michael LeMay | d720024 | 2006-06-22 14:47:17 -0700 | [diff] [blame] | 257 | struct key *dest) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 258 | { |
| 259 | struct key *keyring; |
| 260 | int ret; |
| 261 | |
| 262 | keyring = key_alloc(&key_type_keyring, description, |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 263 | uid, gid, cred, |
David Howells | 29db919 | 2005-10-30 15:02:44 -0800 | [diff] [blame] | 264 | (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, |
David Howells | 7e047ef | 2006-06-26 00:24:50 -0700 | [diff] [blame] | 265 | flags); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 266 | |
| 267 | if (!IS_ERR(keyring)) { |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 268 | ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 269 | if (ret < 0) { |
| 270 | key_put(keyring); |
| 271 | keyring = ERR_PTR(ret); |
| 272 | } |
| 273 | } |
| 274 | |
| 275 | return keyring; |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame] | 276 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 277 | |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 278 | /** |
| 279 | * keyring_search_aux - Search a keyring tree for a key matching some criteria |
| 280 | * @keyring_ref: A pointer to the keyring with possession indicator. |
| 281 | * @cred: The credentials to use for permissions checks. |
| 282 | * @type: The type of key to search for. |
| 283 | * @description: Parameter for @match. |
| 284 | * @match: Function to rule on whether or not a key is the one required. |
David Howells | 78b7280 | 2011-03-11 17:57:23 +0000 | [diff] [blame] | 285 | * @no_state_check: Don't check if a matching key is bad |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 286 | * |
| 287 | * Search the supplied keyring tree for a key that matches the criteria given. |
| 288 | * The root keyring and any linked keyrings must grant Search permission to the |
| 289 | * caller to be searchable and keys can only be found if they too grant Search |
| 290 | * to the caller. The possession flag on the root keyring pointer controls use |
| 291 | * of the possessor bits in permissions checking of the entire tree. In |
| 292 | * addition, the LSM gets to forbid keyring searches and key matches. |
| 293 | * |
| 294 | * The search is performed as a breadth-then-depth search up to the prescribed |
| 295 | * limit (KEYRING_SEARCH_MAX_DEPTH). |
| 296 | * |
| 297 | * Keys are matched to the type provided and are then filtered by the match |
| 298 | * function, which is given the description to use in any way it sees fit. The |
| 299 | * match function may use any attributes of a key that it wishes to to |
| 300 | * determine the match. Normally the match function from the key type would be |
| 301 | * used. |
| 302 | * |
| 303 | * RCU is used to prevent the keyring key lists from disappearing without the |
| 304 | * need to take lots of locks. |
| 305 | * |
| 306 | * Returns a pointer to the found key and increments the key usage count if |
| 307 | * successful; -EAGAIN if no matching keys were found, or if expired or revoked |
| 308 | * keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the |
| 309 | * specified keyring wasn't a keyring. |
| 310 | * |
| 311 | * In the case of a successful return, the possession attribute from |
| 312 | * @keyring_ref is propagated to the returned key reference. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 313 | */ |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 314 | key_ref_t keyring_search_aux(key_ref_t keyring_ref, |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 315 | const struct cred *cred, |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 316 | struct key_type *type, |
| 317 | const void *description, |
David Howells | 78b7280 | 2011-03-11 17:57:23 +0000 | [diff] [blame] | 318 | key_match_func_t match, |
| 319 | bool no_state_check) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 320 | { |
| 321 | struct { |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 322 | struct keyring_list *keylist; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 323 | int kix; |
| 324 | } stack[KEYRING_SEARCH_MAX_DEPTH]; |
| 325 | |
| 326 | struct keyring_list *keylist; |
| 327 | struct timespec now; |
Kevin Coffman | dceba99 | 2008-04-29 01:01:22 -0700 | [diff] [blame] | 328 | unsigned long possessed, kflags; |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 329 | struct key *keyring, *key; |
| 330 | key_ref_t key_ref; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 331 | long err; |
David Howells | efde8b6 | 2012-01-17 20:39:40 +0000 | [diff] [blame] | 332 | int sp, nkeys, kix; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 333 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 334 | keyring = key_ref_to_ptr(keyring_ref); |
| 335 | possessed = is_key_possessed(keyring_ref); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 336 | key_check(keyring); |
| 337 | |
| 338 | /* top keyring must have search permission to begin the search */ |
Chihau Chau | 512ea3b | 2010-03-08 20:11:34 -0300 | [diff] [blame] | 339 | err = key_task_permission(keyring_ref, cred, KEY_SEARCH); |
David Howells | 29db919 | 2005-10-30 15:02:44 -0800 | [diff] [blame] | 340 | if (err < 0) { |
| 341 | key_ref = ERR_PTR(err); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 342 | goto error; |
David Howells | 29db919 | 2005-10-30 15:02:44 -0800 | [diff] [blame] | 343 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 344 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 345 | key_ref = ERR_PTR(-ENOTDIR); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 346 | if (keyring->type != &key_type_keyring) |
| 347 | goto error; |
| 348 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 349 | rcu_read_lock(); |
| 350 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 351 | now = current_kernel_time(); |
| 352 | err = -EAGAIN; |
| 353 | sp = 0; |
| 354 | |
Kevin Coffman | dceba99 | 2008-04-29 01:01:22 -0700 | [diff] [blame] | 355 | /* firstly we should check to see if this top-level keyring is what we |
| 356 | * are looking for */ |
| 357 | key_ref = ERR_PTR(-EAGAIN); |
| 358 | kflags = keyring->flags; |
| 359 | if (keyring->type == type && match(keyring, description)) { |
| 360 | key = keyring; |
David Howells | 78b7280 | 2011-03-11 17:57:23 +0000 | [diff] [blame] | 361 | if (no_state_check) |
| 362 | goto found; |
Kevin Coffman | dceba99 | 2008-04-29 01:01:22 -0700 | [diff] [blame] | 363 | |
| 364 | /* check it isn't negative and hasn't expired or been |
| 365 | * revoked */ |
| 366 | if (kflags & (1 << KEY_FLAG_REVOKED)) |
| 367 | goto error_2; |
| 368 | if (key->expiry && now.tv_sec >= key->expiry) |
| 369 | goto error_2; |
David Howells | fdd1b94 | 2011-03-07 15:06:09 +0000 | [diff] [blame] | 370 | key_ref = ERR_PTR(key->type_data.reject_error); |
Kevin Coffman | dceba99 | 2008-04-29 01:01:22 -0700 | [diff] [blame] | 371 | if (kflags & (1 << KEY_FLAG_NEGATIVE)) |
| 372 | goto error_2; |
| 373 | goto found; |
| 374 | } |
| 375 | |
| 376 | /* otherwise, the top keyring must not be revoked, expired, or |
| 377 | * negatively instantiated if we are to search it */ |
| 378 | key_ref = ERR_PTR(-EAGAIN); |
| 379 | if (kflags & ((1 << KEY_FLAG_REVOKED) | (1 << KEY_FLAG_NEGATIVE)) || |
| 380 | (keyring->expiry && now.tv_sec >= keyring->expiry)) |
| 381 | goto error_2; |
| 382 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 383 | /* start processing a new keyring */ |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 384 | descend: |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 385 | if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 386 | goto not_this_keyring; |
| 387 | |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 388 | keylist = rcu_dereference(keyring->payload.subscriptions); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 389 | if (!keylist) |
| 390 | goto not_this_keyring; |
| 391 | |
| 392 | /* iterate through the keys in this keyring first */ |
David Howells | efde8b6 | 2012-01-17 20:39:40 +0000 | [diff] [blame] | 393 | nkeys = keylist->nkeys; |
| 394 | smp_rmb(); |
| 395 | for (kix = 0; kix < nkeys; kix++) { |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 396 | key = rcu_dereference(keylist->keys[kix]); |
Kevin Coffman | dceba99 | 2008-04-29 01:01:22 -0700 | [diff] [blame] | 397 | kflags = key->flags; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 398 | |
| 399 | /* ignore keys not of this type */ |
| 400 | if (key->type != type) |
| 401 | continue; |
| 402 | |
| 403 | /* skip revoked keys and expired keys */ |
David Howells | 78b7280 | 2011-03-11 17:57:23 +0000 | [diff] [blame] | 404 | if (!no_state_check) { |
| 405 | if (kflags & (1 << KEY_FLAG_REVOKED)) |
| 406 | continue; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 407 | |
David Howells | 78b7280 | 2011-03-11 17:57:23 +0000 | [diff] [blame] | 408 | if (key->expiry && now.tv_sec >= key->expiry) |
| 409 | continue; |
| 410 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 411 | |
| 412 | /* keys that don't match */ |
| 413 | if (!match(key, description)) |
| 414 | continue; |
| 415 | |
| 416 | /* key must have search permissions */ |
David Howells | 29db919 | 2005-10-30 15:02:44 -0800 | [diff] [blame] | 417 | if (key_task_permission(make_key_ref(key, possessed), |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 418 | cred, KEY_SEARCH) < 0) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 419 | continue; |
| 420 | |
David Howells | 78b7280 | 2011-03-11 17:57:23 +0000 | [diff] [blame] | 421 | if (no_state_check) |
| 422 | goto found; |
| 423 | |
Kevin Coffman | dceba99 | 2008-04-29 01:01:22 -0700 | [diff] [blame] | 424 | /* we set a different error code if we pass a negative key */ |
| 425 | if (kflags & (1 << KEY_FLAG_NEGATIVE)) { |
David Howells | fdd1b94 | 2011-03-07 15:06:09 +0000 | [diff] [blame] | 426 | err = key->type_data.reject_error; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 427 | continue; |
| 428 | } |
| 429 | |
| 430 | goto found; |
| 431 | } |
| 432 | |
| 433 | /* search through the keyrings nested in this one */ |
| 434 | kix = 0; |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 435 | ascend: |
David Howells | efde8b6 | 2012-01-17 20:39:40 +0000 | [diff] [blame] | 436 | nkeys = keylist->nkeys; |
| 437 | smp_rmb(); |
| 438 | for (; kix < nkeys; kix++) { |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 439 | key = rcu_dereference(keylist->keys[kix]); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 440 | if (key->type != &key_type_keyring) |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 441 | continue; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 442 | |
| 443 | /* recursively search nested keyrings |
| 444 | * - only search keyrings for which we have search permission |
| 445 | */ |
| 446 | if (sp >= KEYRING_SEARCH_MAX_DEPTH) |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 447 | continue; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 448 | |
David Howells | 0f6ed7c | 2005-11-07 00:59:30 -0800 | [diff] [blame] | 449 | if (key_task_permission(make_key_ref(key, possessed), |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 450 | cred, KEY_SEARCH) < 0) |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 451 | continue; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 452 | |
| 453 | /* stack the current position */ |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 454 | stack[sp].keylist = keylist; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 455 | stack[sp].kix = kix; |
| 456 | sp++; |
| 457 | |
| 458 | /* begin again with the new keyring */ |
| 459 | keyring = key; |
| 460 | goto descend; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 461 | } |
| 462 | |
| 463 | /* the keyring we're looking at was disqualified or didn't contain a |
| 464 | * matching key */ |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 465 | not_this_keyring: |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 466 | if (sp > 0) { |
| 467 | /* resume the processing of a keyring higher up in the tree */ |
| 468 | sp--; |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 469 | keylist = stack[sp].keylist; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 470 | kix = stack[sp].kix + 1; |
| 471 | goto ascend; |
| 472 | } |
| 473 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 474 | key_ref = ERR_PTR(err); |
| 475 | goto error_2; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 476 | |
| 477 | /* we found a viable match */ |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 478 | found: |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 479 | atomic_inc(&key->usage); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 480 | key_check(key); |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 481 | key_ref = make_key_ref(key, possessed); |
| 482 | error_2: |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 483 | rcu_read_unlock(); |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 484 | error: |
| 485 | return key_ref; |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame] | 486 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 487 | |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 488 | /** |
| 489 | * keyring_search - Search the supplied keyring tree for a matching key |
| 490 | * @keyring: The root of the keyring tree to be searched. |
| 491 | * @type: The type of keyring we want to find. |
| 492 | * @description: The name of the keyring we want to find. |
| 493 | * |
| 494 | * As keyring_search_aux() above, but using the current task's credentials and |
| 495 | * type's default matching function. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 496 | */ |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 497 | key_ref_t keyring_search(key_ref_t keyring, |
| 498 | struct key_type *type, |
| 499 | const char *description) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 500 | { |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 501 | if (!type->match) |
| 502 | return ERR_PTR(-ENOKEY); |
| 503 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 504 | return keyring_search_aux(keyring, current->cred, |
David Howells | 78b7280 | 2011-03-11 17:57:23 +0000 | [diff] [blame] | 505 | type, description, type->match, false); |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame] | 506 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 507 | EXPORT_SYMBOL(keyring_search); |
| 508 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 509 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 510 | * Search the given keyring only (no recursion). |
| 511 | * |
| 512 | * The caller must guarantee that the keyring is a keyring and that the |
| 513 | * permission is granted to search the keyring as no check is made here. |
| 514 | * |
| 515 | * RCU is used to make it unnecessary to lock the keyring key list here. |
| 516 | * |
| 517 | * Returns a pointer to the found key with usage count incremented if |
| 518 | * successful and returns -ENOKEY if not found. Revoked keys and keys not |
| 519 | * providing the requested permission are skipped over. |
| 520 | * |
| 521 | * If successful, the possession indicator is propagated from the keyring ref |
| 522 | * to the returned key reference. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 523 | */ |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 524 | key_ref_t __keyring_search_one(key_ref_t keyring_ref, |
| 525 | const struct key_type *ktype, |
| 526 | const char *description, |
| 527 | key_perm_t perm) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 528 | { |
| 529 | struct keyring_list *klist; |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 530 | unsigned long possessed; |
| 531 | struct key *keyring, *key; |
David Howells | efde8b6 | 2012-01-17 20:39:40 +0000 | [diff] [blame] | 532 | int nkeys, loop; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 533 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 534 | keyring = key_ref_to_ptr(keyring_ref); |
| 535 | possessed = is_key_possessed(keyring_ref); |
| 536 | |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 537 | rcu_read_lock(); |
| 538 | |
| 539 | klist = rcu_dereference(keyring->payload.subscriptions); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 540 | if (klist) { |
David Howells | efde8b6 | 2012-01-17 20:39:40 +0000 | [diff] [blame] | 541 | nkeys = klist->nkeys; |
| 542 | smp_rmb(); |
| 543 | for (loop = 0; loop < nkeys ; loop++) { |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 544 | key = rcu_dereference(klist->keys[loop]); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 545 | if (key->type == ktype && |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 546 | (!key->type->match || |
| 547 | key->type->match(key, description)) && |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 548 | key_permission(make_key_ref(key, possessed), |
David Howells | db1d1d5 | 2005-12-01 00:51:18 -0800 | [diff] [blame] | 549 | perm) == 0 && |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 550 | !test_bit(KEY_FLAG_REVOKED, &key->flags) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 551 | ) |
| 552 | goto found; |
| 553 | } |
| 554 | } |
| 555 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 556 | rcu_read_unlock(); |
| 557 | return ERR_PTR(-ENOKEY); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 558 | |
Justin P. Mattock | c5b60b5 | 2010-04-21 00:02:11 -0700 | [diff] [blame] | 559 | found: |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 560 | atomic_inc(&key->usage); |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 561 | rcu_read_unlock(); |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 562 | return make_key_ref(key, possessed); |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame] | 563 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 564 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 565 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 566 | * Find a keyring with the specified name. |
| 567 | * |
| 568 | * All named keyrings in the current user namespace are searched, provided they |
| 569 | * grant Search permission directly to the caller (unless this check is |
| 570 | * skipped). Keyrings whose usage points have reached zero or who have been |
| 571 | * revoked are skipped. |
| 572 | * |
| 573 | * Returns a pointer to the keyring with the keyring's refcount having being |
| 574 | * incremented on success. -ENOKEY is returned if a key could not be found. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 575 | */ |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 576 | struct key *find_keyring_by_name(const char *name, bool skip_perm_check) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 577 | { |
| 578 | struct key *keyring; |
| 579 | int bucket; |
| 580 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 581 | if (!name) |
Toshiyuki Okajima | cea7daa | 2010-04-30 14:32:13 +0100 | [diff] [blame] | 582 | return ERR_PTR(-EINVAL); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 583 | |
| 584 | bucket = keyring_hash(name); |
| 585 | |
| 586 | read_lock(&keyring_name_lock); |
| 587 | |
| 588 | if (keyring_name_hash[bucket].next) { |
| 589 | /* search this hash bucket for a keyring with a matching name |
| 590 | * that's readable and that hasn't been revoked */ |
| 591 | list_for_each_entry(keyring, |
| 592 | &keyring_name_hash[bucket], |
| 593 | type_data.link |
| 594 | ) { |
Serge E. Hallyn | 2ea190d | 2009-02-26 18:27:55 -0600 | [diff] [blame] | 595 | if (keyring->user->user_ns != current_user_ns()) |
| 596 | continue; |
| 597 | |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 598 | if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 599 | continue; |
| 600 | |
| 601 | if (strcmp(keyring->description, name) != 0) |
| 602 | continue; |
| 603 | |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 604 | if (!skip_perm_check && |
| 605 | key_permission(make_key_ref(keyring, 0), |
David Howells | 0f6ed7c | 2005-11-07 00:59:30 -0800 | [diff] [blame] | 606 | KEY_SEARCH) < 0) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 607 | continue; |
| 608 | |
Toshiyuki Okajima | cea7daa | 2010-04-30 14:32:13 +0100 | [diff] [blame] | 609 | /* we've got a match but we might end up racing with |
| 610 | * key_cleanup() if the keyring is currently 'dead' |
| 611 | * (ie. it has a zero usage count) */ |
| 612 | if (!atomic_inc_not_zero(&keyring->usage)) |
| 613 | continue; |
| 614 | goto out; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 615 | } |
| 616 | } |
| 617 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 618 | keyring = ERR_PTR(-ENOKEY); |
Toshiyuki Okajima | cea7daa | 2010-04-30 14:32:13 +0100 | [diff] [blame] | 619 | out: |
| 620 | read_unlock(&keyring_name_lock); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 621 | return keyring; |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame] | 622 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 623 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 624 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 625 | * See if a cycle will will be created by inserting acyclic tree B in acyclic |
| 626 | * tree A at the topmost level (ie: as a direct child of A). |
| 627 | * |
| 628 | * Since we are adding B to A at the top level, checking for cycles should just |
| 629 | * be a matter of seeing if node A is somewhere in tree B. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 630 | */ |
| 631 | static int keyring_detect_cycle(struct key *A, struct key *B) |
| 632 | { |
| 633 | struct { |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 634 | struct keyring_list *keylist; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 635 | int kix; |
| 636 | } stack[KEYRING_SEARCH_MAX_DEPTH]; |
| 637 | |
| 638 | struct keyring_list *keylist; |
| 639 | struct key *subtree, *key; |
David Howells | efde8b6 | 2012-01-17 20:39:40 +0000 | [diff] [blame] | 640 | int sp, nkeys, kix, ret; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 641 | |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 642 | rcu_read_lock(); |
| 643 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 644 | ret = -EDEADLK; |
| 645 | if (A == B) |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 646 | goto cycle_detected; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 647 | |
| 648 | subtree = B; |
| 649 | sp = 0; |
| 650 | |
| 651 | /* start processing a new keyring */ |
Justin P. Mattock | c5b60b5 | 2010-04-21 00:02:11 -0700 | [diff] [blame] | 652 | descend: |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 653 | if (test_bit(KEY_FLAG_REVOKED, &subtree->flags)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 654 | goto not_this_keyring; |
| 655 | |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 656 | keylist = rcu_dereference(subtree->payload.subscriptions); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 657 | if (!keylist) |
| 658 | goto not_this_keyring; |
| 659 | kix = 0; |
| 660 | |
Justin P. Mattock | c5b60b5 | 2010-04-21 00:02:11 -0700 | [diff] [blame] | 661 | ascend: |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 662 | /* iterate through the remaining keys in this keyring */ |
David Howells | efde8b6 | 2012-01-17 20:39:40 +0000 | [diff] [blame] | 663 | nkeys = keylist->nkeys; |
| 664 | smp_rmb(); |
| 665 | for (; kix < nkeys; kix++) { |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 666 | key = rcu_dereference(keylist->keys[kix]); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 667 | |
| 668 | if (key == A) |
| 669 | goto cycle_detected; |
| 670 | |
| 671 | /* recursively check nested keyrings */ |
| 672 | if (key->type == &key_type_keyring) { |
| 673 | if (sp >= KEYRING_SEARCH_MAX_DEPTH) |
| 674 | goto too_deep; |
| 675 | |
| 676 | /* stack the current position */ |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 677 | stack[sp].keylist = keylist; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 678 | stack[sp].kix = kix; |
| 679 | sp++; |
| 680 | |
| 681 | /* begin again with the new keyring */ |
| 682 | subtree = key; |
| 683 | goto descend; |
| 684 | } |
| 685 | } |
| 686 | |
| 687 | /* the keyring we're looking at was disqualified or didn't contain a |
| 688 | * matching key */ |
Justin P. Mattock | c5b60b5 | 2010-04-21 00:02:11 -0700 | [diff] [blame] | 689 | not_this_keyring: |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 690 | if (sp > 0) { |
| 691 | /* resume the checking of a keyring higher up in the tree */ |
| 692 | sp--; |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 693 | keylist = stack[sp].keylist; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 694 | kix = stack[sp].kix + 1; |
| 695 | goto ascend; |
| 696 | } |
| 697 | |
| 698 | ret = 0; /* no cycles detected */ |
| 699 | |
Justin P. Mattock | c5b60b5 | 2010-04-21 00:02:11 -0700 | [diff] [blame] | 700 | error: |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 701 | rcu_read_unlock(); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 702 | return ret; |
| 703 | |
Justin P. Mattock | c5b60b5 | 2010-04-21 00:02:11 -0700 | [diff] [blame] | 704 | too_deep: |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 705 | ret = -ELOOP; |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 706 | goto error; |
| 707 | |
Justin P. Mattock | c5b60b5 | 2010-04-21 00:02:11 -0700 | [diff] [blame] | 708 | cycle_detected: |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 709 | ret = -EDEADLK; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 710 | goto error; |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame] | 711 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 712 | |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 713 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 714 | * Dispose of a keyring list after the RCU grace period, freeing the unlinked |
David Howells | cab8eb5 | 2006-01-08 01:02:45 -0800 | [diff] [blame] | 715 | * key |
| 716 | */ |
| 717 | static void keyring_unlink_rcu_disposal(struct rcu_head *rcu) |
| 718 | { |
| 719 | struct keyring_list *klist = |
| 720 | container_of(rcu, struct keyring_list, rcu); |
| 721 | |
Alexey Dobriyan | 4be929b | 2010-05-24 14:33:03 -0700 | [diff] [blame] | 722 | if (klist->delkey != USHRT_MAX) |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 723 | key_put(rcu_access_pointer(klist->keys[klist->delkey])); |
David Howells | cab8eb5 | 2006-01-08 01:02:45 -0800 | [diff] [blame] | 724 | kfree(klist); |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 725 | } |
David Howells | cab8eb5 | 2006-01-08 01:02:45 -0800 | [diff] [blame] | 726 | |
David Howells | cab8eb5 | 2006-01-08 01:02:45 -0800 | [diff] [blame] | 727 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 728 | * Preallocate memory so that a key can be linked into to a keyring. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 729 | */ |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 730 | int __key_link_begin(struct key *keyring, const struct key_type *type, |
David Howells | ceb73c1 | 2011-01-25 16:34:28 +0000 | [diff] [blame] | 731 | const char *description, unsigned long *_prealloc) |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 732 | __acquires(&keyring->sem) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 733 | { |
| 734 | struct keyring_list *klist, *nklist; |
David Howells | ceb73c1 | 2011-01-25 16:34:28 +0000 | [diff] [blame] | 735 | unsigned long prealloc; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 736 | unsigned max; |
| 737 | size_t size; |
David Howells | cab8eb5 | 2006-01-08 01:02:45 -0800 | [diff] [blame] | 738 | int loop, ret; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 739 | |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 740 | kenter("%d,%s,%s,", key_serial(keyring), type->name, description); |
| 741 | |
| 742 | if (keyring->type != &key_type_keyring) |
| 743 | return -ENOTDIR; |
| 744 | |
| 745 | down_write(&keyring->sem); |
| 746 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 747 | ret = -EKEYREVOKED; |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 748 | if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 749 | goto error_krsem; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 750 | |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 751 | /* serialise link/link calls to prevent parallel calls causing a cycle |
| 752 | * when linking two keyring in opposite orders */ |
| 753 | if (type == &key_type_keyring) |
David Howells | 553d603 | 2010-04-30 14:32:28 +0100 | [diff] [blame] | 754 | down_write(&keyring_serialise_link_sem); |
| 755 | |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 756 | klist = rcu_dereference_locked_keyring(keyring); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 757 | |
David Howells | cab8eb5 | 2006-01-08 01:02:45 -0800 | [diff] [blame] | 758 | /* see if there's a matching key we can displace */ |
David Howells | cab8eb5 | 2006-01-08 01:02:45 -0800 | [diff] [blame] | 759 | if (klist && klist->nkeys > 0) { |
David Howells | cab8eb5 | 2006-01-08 01:02:45 -0800 | [diff] [blame] | 760 | for (loop = klist->nkeys - 1; loop >= 0; loop--) { |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 761 | struct key *key = rcu_deref_link_locked(klist, loop, |
| 762 | keyring); |
| 763 | if (key->type == type && |
| 764 | strcmp(key->description, description) == 0) { |
| 765 | /* Found a match - we'll replace the link with |
| 766 | * one to the new key. We record the slot |
| 767 | * position. |
| 768 | */ |
| 769 | klist->delkey = loop; |
| 770 | prealloc = 0; |
David Howells | cab8eb5 | 2006-01-08 01:02:45 -0800 | [diff] [blame] | 771 | goto done; |
| 772 | } |
| 773 | } |
| 774 | } |
| 775 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 776 | /* check that we aren't going to overrun the user's quota */ |
| 777 | ret = key_payload_reserve(keyring, |
| 778 | keyring->datalen + KEYQUOTA_LINK_BYTES); |
| 779 | if (ret < 0) |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 780 | goto error_sem; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 781 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 782 | if (klist && klist->nkeys < klist->maxkeys) { |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 783 | /* there's sufficient slack space to append directly */ |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 784 | klist->delkey = klist->nkeys; |
David Howells | ceb73c1 | 2011-01-25 16:34:28 +0000 | [diff] [blame] | 785 | prealloc = KEY_LINK_FIXQUOTA; |
Chihau Chau | 512ea3b | 2010-03-08 20:11:34 -0300 | [diff] [blame] | 786 | } else { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 787 | /* grow the key list */ |
| 788 | max = 4; |
| 789 | if (klist) |
| 790 | max += klist->maxkeys; |
| 791 | |
| 792 | ret = -ENFILE; |
Alexey Dobriyan | 4be929b | 2010-05-24 14:33:03 -0700 | [diff] [blame] | 793 | if (max > USHRT_MAX - 1) |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 794 | goto error_quota; |
David Howells | a4014d8 | 2005-07-07 17:57:03 -0700 | [diff] [blame] | 795 | size = sizeof(*klist) + sizeof(struct key *) * max; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 796 | if (size > PAGE_SIZE) |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 797 | goto error_quota; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 798 | |
| 799 | ret = -ENOMEM; |
| 800 | nklist = kmalloc(size, GFP_KERNEL); |
| 801 | if (!nklist) |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 802 | goto error_quota; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 803 | |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 804 | nklist->maxkeys = max; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 805 | if (klist) { |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 806 | memcpy(nklist->keys, klist->keys, |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 807 | sizeof(struct key *) * klist->nkeys); |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 808 | nklist->delkey = klist->nkeys; |
| 809 | nklist->nkeys = klist->nkeys + 1; |
Alexey Dobriyan | 4be929b | 2010-05-24 14:33:03 -0700 | [diff] [blame] | 810 | klist->delkey = USHRT_MAX; |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 811 | } else { |
| 812 | nklist->nkeys = 1; |
| 813 | nklist->delkey = 0; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 814 | } |
| 815 | |
| 816 | /* add the key into the new space */ |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 817 | RCU_INIT_POINTER(nklist->keys[nklist->delkey], NULL); |
| 818 | prealloc = (unsigned long)nklist | KEY_LINK_FIXQUOTA; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 819 | } |
| 820 | |
David Howells | cab8eb5 | 2006-01-08 01:02:45 -0800 | [diff] [blame] | 821 | done: |
David Howells | ceb73c1 | 2011-01-25 16:34:28 +0000 | [diff] [blame] | 822 | *_prealloc = prealloc; |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 823 | kleave(" = 0"); |
| 824 | return 0; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 825 | |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 826 | error_quota: |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 827 | /* undo the quota changes */ |
| 828 | key_payload_reserve(keyring, |
| 829 | keyring->datalen - KEYQUOTA_LINK_BYTES); |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 830 | error_sem: |
| 831 | if (type == &key_type_keyring) |
| 832 | up_write(&keyring_serialise_link_sem); |
| 833 | error_krsem: |
| 834 | up_write(&keyring->sem); |
| 835 | kleave(" = %d", ret); |
| 836 | return ret; |
| 837 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 838 | |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 839 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 840 | * Check already instantiated keys aren't going to be a problem. |
| 841 | * |
| 842 | * The caller must have called __key_link_begin(). Don't need to call this for |
| 843 | * keys that were created since __key_link_begin() was called. |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 844 | */ |
| 845 | int __key_link_check_live_key(struct key *keyring, struct key *key) |
| 846 | { |
| 847 | if (key->type == &key_type_keyring) |
| 848 | /* check that we aren't going to create a cycle by linking one |
| 849 | * keyring to another */ |
| 850 | return keyring_detect_cycle(keyring, key); |
| 851 | return 0; |
| 852 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 853 | |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 854 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 855 | * Link a key into to a keyring. |
| 856 | * |
| 857 | * Must be called with __key_link_begin() having being called. Discards any |
| 858 | * already extant link to matching key if there is one, so that each keyring |
| 859 | * holds at most one link to any given key of a particular type+description |
| 860 | * combination. |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 861 | */ |
| 862 | void __key_link(struct key *keyring, struct key *key, |
David Howells | ceb73c1 | 2011-01-25 16:34:28 +0000 | [diff] [blame] | 863 | unsigned long *_prealloc) |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 864 | { |
| 865 | struct keyring_list *klist, *nklist; |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 866 | struct key *discard; |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 867 | |
David Howells | ceb73c1 | 2011-01-25 16:34:28 +0000 | [diff] [blame] | 868 | nklist = (struct keyring_list *)(*_prealloc & ~KEY_LINK_FIXQUOTA); |
| 869 | *_prealloc = 0; |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 870 | |
| 871 | kenter("%d,%d,%p", keyring->serial, key->serial, nklist); |
| 872 | |
David Howells | 6d528b0 | 2011-08-22 14:08:51 +0100 | [diff] [blame] | 873 | klist = rcu_dereference_locked_keyring(keyring); |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 874 | |
| 875 | atomic_inc(&key->usage); |
| 876 | |
| 877 | /* there's a matching key we can displace or an empty slot in a newly |
| 878 | * allocated list we can fill */ |
| 879 | if (nklist) { |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 880 | kdebug("reissue %hu/%hu/%hu", |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 881 | nklist->delkey, nklist->nkeys, nklist->maxkeys); |
| 882 | |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 883 | RCU_INIT_POINTER(nklist->keys[nklist->delkey], key); |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 884 | |
| 885 | rcu_assign_pointer(keyring->payload.subscriptions, nklist); |
| 886 | |
| 887 | /* dispose of the old keyring list and, if there was one, the |
| 888 | * displaced key */ |
| 889 | if (klist) { |
| 890 | kdebug("dispose %hu/%hu/%hu", |
| 891 | klist->delkey, klist->nkeys, klist->maxkeys); |
| 892 | call_rcu(&klist->rcu, keyring_unlink_rcu_disposal); |
| 893 | } |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 894 | } else if (klist->delkey < klist->nkeys) { |
| 895 | kdebug("replace %hu/%hu/%hu", |
| 896 | klist->delkey, klist->nkeys, klist->maxkeys); |
| 897 | |
| 898 | discard = rcu_dereference_protected( |
| 899 | klist->keys[klist->delkey], |
| 900 | rwsem_is_locked(&keyring->sem)); |
| 901 | rcu_assign_pointer(klist->keys[klist->delkey], key); |
| 902 | /* The garbage collector will take care of RCU |
| 903 | * synchronisation */ |
| 904 | key_put(discard); |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 905 | } else { |
| 906 | /* there's sufficient slack space to append directly */ |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 907 | kdebug("append %hu/%hu/%hu", |
| 908 | klist->delkey, klist->nkeys, klist->maxkeys); |
| 909 | |
| 910 | RCU_INIT_POINTER(klist->keys[klist->delkey], key); |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 911 | smp_wmb(); |
| 912 | klist->nkeys++; |
| 913 | } |
| 914 | } |
| 915 | |
| 916 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 917 | * Finish linking a key into to a keyring. |
| 918 | * |
| 919 | * Must be called with __key_link_begin() having being called. |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 920 | */ |
| 921 | void __key_link_end(struct key *keyring, struct key_type *type, |
David Howells | ceb73c1 | 2011-01-25 16:34:28 +0000 | [diff] [blame] | 922 | unsigned long prealloc) |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 923 | __releases(&keyring->sem) |
| 924 | { |
| 925 | BUG_ON(type == NULL); |
| 926 | BUG_ON(type->name == NULL); |
David Howells | ceb73c1 | 2011-01-25 16:34:28 +0000 | [diff] [blame] | 927 | kenter("%d,%s,%lx", keyring->serial, type->name, prealloc); |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 928 | |
| 929 | if (type == &key_type_keyring) |
| 930 | up_write(&keyring_serialise_link_sem); |
| 931 | |
| 932 | if (prealloc) { |
David Howells | ceb73c1 | 2011-01-25 16:34:28 +0000 | [diff] [blame] | 933 | if (prealloc & KEY_LINK_FIXQUOTA) |
| 934 | key_payload_reserve(keyring, |
| 935 | keyring->datalen - |
| 936 | KEYQUOTA_LINK_BYTES); |
| 937 | kfree((struct keyring_list *)(prealloc & ~KEY_LINK_FIXQUOTA)); |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 938 | } |
| 939 | up_write(&keyring->sem); |
| 940 | } |
| 941 | |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 942 | /** |
| 943 | * key_link - Link a key to a keyring |
| 944 | * @keyring: The keyring to make the link in. |
| 945 | * @key: The key to link to. |
| 946 | * |
| 947 | * Make a link in a keyring to a key, such that the keyring holds a reference |
| 948 | * on that key and the key can potentially be found by searching that keyring. |
| 949 | * |
| 950 | * This function will write-lock the keyring's semaphore and will consume some |
| 951 | * of the user's key data quota to hold the link. |
| 952 | * |
| 953 | * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring, |
| 954 | * -EKEYREVOKED if the keyring has been revoked, -ENFILE if the keyring is |
| 955 | * full, -EDQUOT if there is insufficient key data quota remaining to add |
| 956 | * another link or -ENOMEM if there's insufficient memory. |
| 957 | * |
| 958 | * It is assumed that the caller has checked that it is permitted for a link to |
| 959 | * be made (the keyring should have Write permission and the key Link |
| 960 | * permission). |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 961 | */ |
| 962 | int key_link(struct key *keyring, struct key *key) |
| 963 | { |
David Howells | ceb73c1 | 2011-01-25 16:34:28 +0000 | [diff] [blame] | 964 | unsigned long prealloc; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 965 | int ret; |
| 966 | |
| 967 | key_check(keyring); |
| 968 | key_check(key); |
| 969 | |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 970 | ret = __key_link_begin(keyring, key->type, key->description, &prealloc); |
| 971 | if (ret == 0) { |
| 972 | ret = __key_link_check_live_key(keyring, key); |
| 973 | if (ret == 0) |
| 974 | __key_link(keyring, key, &prealloc); |
| 975 | __key_link_end(keyring, key->type, prealloc); |
| 976 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 977 | |
| 978 | return ret; |
David Howells | f70e2e0 | 2010-04-30 14:32:39 +0100 | [diff] [blame] | 979 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 980 | EXPORT_SYMBOL(key_link); |
| 981 | |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 982 | /** |
| 983 | * key_unlink - Unlink the first link to a key from a keyring. |
| 984 | * @keyring: The keyring to remove the link from. |
| 985 | * @key: The key the link is to. |
| 986 | * |
| 987 | * Remove a link from a keyring to a key. |
| 988 | * |
| 989 | * This function will write-lock the keyring's semaphore. |
| 990 | * |
| 991 | * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring, -ENOENT if |
| 992 | * the key isn't linked to by the keyring or -ENOMEM if there's insufficient |
| 993 | * memory. |
| 994 | * |
| 995 | * It is assumed that the caller has checked that it is permitted for a link to |
| 996 | * be removed (the keyring should have Write permission; no permissions are |
| 997 | * required on the key). |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 998 | */ |
| 999 | int key_unlink(struct key *keyring, struct key *key) |
| 1000 | { |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 1001 | struct keyring_list *klist, *nklist; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1002 | int loop, ret; |
| 1003 | |
| 1004 | key_check(keyring); |
| 1005 | key_check(key); |
| 1006 | |
| 1007 | ret = -ENOTDIR; |
| 1008 | if (keyring->type != &key_type_keyring) |
| 1009 | goto error; |
| 1010 | |
| 1011 | down_write(&keyring->sem); |
| 1012 | |
David Howells | f0641cb | 2010-04-30 14:32:18 +0100 | [diff] [blame] | 1013 | klist = rcu_dereference_locked_keyring(keyring); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1014 | if (klist) { |
| 1015 | /* search the keyring for the key */ |
| 1016 | for (loop = 0; loop < klist->nkeys; loop++) |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 1017 | if (rcu_access_pointer(klist->keys[loop]) == key) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1018 | goto key_is_present; |
| 1019 | } |
| 1020 | |
| 1021 | up_write(&keyring->sem); |
| 1022 | ret = -ENOENT; |
| 1023 | goto error; |
| 1024 | |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 1025 | key_is_present: |
| 1026 | /* we need to copy the key list for RCU purposes */ |
David Howells | a4014d8 | 2005-07-07 17:57:03 -0700 | [diff] [blame] | 1027 | nklist = kmalloc(sizeof(*klist) + |
| 1028 | sizeof(struct key *) * klist->maxkeys, |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 1029 | GFP_KERNEL); |
| 1030 | if (!nklist) |
| 1031 | goto nomem; |
| 1032 | nklist->maxkeys = klist->maxkeys; |
| 1033 | nklist->nkeys = klist->nkeys - 1; |
| 1034 | |
| 1035 | if (loop > 0) |
| 1036 | memcpy(&nklist->keys[0], |
| 1037 | &klist->keys[0], |
David Howells | a4014d8 | 2005-07-07 17:57:03 -0700 | [diff] [blame] | 1038 | loop * sizeof(struct key *)); |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 1039 | |
| 1040 | if (loop < nklist->nkeys) |
| 1041 | memcpy(&nklist->keys[loop], |
| 1042 | &klist->keys[loop + 1], |
David Howells | a4014d8 | 2005-07-07 17:57:03 -0700 | [diff] [blame] | 1043 | (nklist->nkeys - loop) * sizeof(struct key *)); |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 1044 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1045 | /* adjust the user's quota */ |
| 1046 | key_payload_reserve(keyring, |
| 1047 | keyring->datalen - KEYQUOTA_LINK_BYTES); |
| 1048 | |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 1049 | rcu_assign_pointer(keyring->payload.subscriptions, nklist); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1050 | |
| 1051 | up_write(&keyring->sem); |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 1052 | |
| 1053 | /* schedule for later cleanup */ |
| 1054 | klist->delkey = loop; |
| 1055 | call_rcu(&klist->rcu, keyring_unlink_rcu_disposal); |
| 1056 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1057 | ret = 0; |
| 1058 | |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 1059 | error: |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1060 | return ret; |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 1061 | nomem: |
| 1062 | ret = -ENOMEM; |
| 1063 | up_write(&keyring->sem); |
| 1064 | goto error; |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame] | 1065 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1066 | EXPORT_SYMBOL(key_unlink); |
| 1067 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1068 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 1069 | * Dispose of a keyring list after the RCU grace period, releasing the keys it |
| 1070 | * links to. |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 1071 | */ |
| 1072 | static void keyring_clear_rcu_disposal(struct rcu_head *rcu) |
| 1073 | { |
| 1074 | struct keyring_list *klist; |
| 1075 | int loop; |
| 1076 | |
| 1077 | klist = container_of(rcu, struct keyring_list, rcu); |
| 1078 | |
| 1079 | for (loop = klist->nkeys - 1; loop >= 0; loop--) |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 1080 | key_put(rcu_access_pointer(klist->keys[loop])); |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 1081 | |
| 1082 | kfree(klist); |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame] | 1083 | } |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 1084 | |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 1085 | /** |
| 1086 | * keyring_clear - Clear a keyring |
| 1087 | * @keyring: The keyring to clear. |
| 1088 | * |
| 1089 | * Clear the contents of the specified keyring. |
| 1090 | * |
| 1091 | * Returns 0 if successful or -ENOTDIR if the keyring isn't a keyring. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1092 | */ |
| 1093 | int keyring_clear(struct key *keyring) |
| 1094 | { |
| 1095 | struct keyring_list *klist; |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 1096 | int ret; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1097 | |
| 1098 | ret = -ENOTDIR; |
| 1099 | if (keyring->type == &key_type_keyring) { |
| 1100 | /* detach the pointer block with the locks held */ |
| 1101 | down_write(&keyring->sem); |
| 1102 | |
David Howells | f0641cb | 2010-04-30 14:32:18 +0100 | [diff] [blame] | 1103 | klist = rcu_dereference_locked_keyring(keyring); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1104 | if (klist) { |
| 1105 | /* adjust the quota */ |
| 1106 | key_payload_reserve(keyring, |
| 1107 | sizeof(struct keyring_list)); |
| 1108 | |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 1109 | rcu_assign_pointer(keyring->payload.subscriptions, |
| 1110 | NULL); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1111 | } |
| 1112 | |
| 1113 | up_write(&keyring->sem); |
| 1114 | |
| 1115 | /* free the keys after the locks have been dropped */ |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 1116 | if (klist) |
| 1117 | call_rcu(&klist->rcu, keyring_clear_rcu_disposal); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1118 | |
| 1119 | ret = 0; |
| 1120 | } |
| 1121 | |
| 1122 | return ret; |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame] | 1123 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1124 | EXPORT_SYMBOL(keyring_clear); |
David Howells | 31204ed | 2006-06-26 00:24:51 -0700 | [diff] [blame] | 1125 | |
David Howells | 31204ed | 2006-06-26 00:24:51 -0700 | [diff] [blame] | 1126 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 1127 | * Dispose of the links from a revoked keyring. |
| 1128 | * |
| 1129 | * This is called with the key sem write-locked. |
David Howells | 31204ed | 2006-06-26 00:24:51 -0700 | [diff] [blame] | 1130 | */ |
| 1131 | static void keyring_revoke(struct key *keyring) |
| 1132 | { |
David Howells | f0641cb | 2010-04-30 14:32:18 +0100 | [diff] [blame] | 1133 | struct keyring_list *klist; |
| 1134 | |
| 1135 | klist = rcu_dereference_locked_keyring(keyring); |
David Howells | 31204ed | 2006-06-26 00:24:51 -0700 | [diff] [blame] | 1136 | |
| 1137 | /* adjust the quota */ |
| 1138 | key_payload_reserve(keyring, 0); |
| 1139 | |
| 1140 | if (klist) { |
| 1141 | rcu_assign_pointer(keyring->payload.subscriptions, NULL); |
| 1142 | call_rcu(&klist->rcu, keyring_clear_rcu_disposal); |
| 1143 | } |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame] | 1144 | } |
David Howells | 5d13544 | 2009-09-02 09:14:00 +0100 | [diff] [blame] | 1145 | |
| 1146 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 1147 | * Determine whether a key is dead. |
David Howells | 5d13544 | 2009-09-02 09:14:00 +0100 | [diff] [blame] | 1148 | */ |
| 1149 | static bool key_is_dead(struct key *key, time_t limit) |
| 1150 | { |
| 1151 | return test_bit(KEY_FLAG_DEAD, &key->flags) || |
| 1152 | (key->expiry > 0 && key->expiry <= limit); |
| 1153 | } |
| 1154 | |
| 1155 | /* |
David Howells | 973c9f4 | 2011-01-20 16:38:33 +0000 | [diff] [blame] | 1156 | * Collect garbage from the contents of a keyring, replacing the old list with |
| 1157 | * a new one with the pointers all shuffled down. |
| 1158 | * |
| 1159 | * Dead keys are classed as oned that are flagged as being dead or are revoked, |
| 1160 | * expired or negative keys that were revoked or expired before the specified |
| 1161 | * limit. |
David Howells | 5d13544 | 2009-09-02 09:14:00 +0100 | [diff] [blame] | 1162 | */ |
| 1163 | void keyring_gc(struct key *keyring, time_t limit) |
| 1164 | { |
| 1165 | struct keyring_list *klist, *new; |
| 1166 | struct key *key; |
| 1167 | int loop, keep, max; |
| 1168 | |
David Howells | c08ef80 | 2009-09-14 17:26:13 +0100 | [diff] [blame] | 1169 | kenter("{%x,%s}", key_serial(keyring), keyring->description); |
David Howells | 5d13544 | 2009-09-02 09:14:00 +0100 | [diff] [blame] | 1170 | |
| 1171 | down_write(&keyring->sem); |
| 1172 | |
David Howells | f0641cb | 2010-04-30 14:32:18 +0100 | [diff] [blame] | 1173 | klist = rcu_dereference_locked_keyring(keyring); |
David Howells | 5d13544 | 2009-09-02 09:14:00 +0100 | [diff] [blame] | 1174 | if (!klist) |
David Howells | c08ef80 | 2009-09-14 17:26:13 +0100 | [diff] [blame] | 1175 | goto no_klist; |
David Howells | 5d13544 | 2009-09-02 09:14:00 +0100 | [diff] [blame] | 1176 | |
| 1177 | /* work out how many subscriptions we're keeping */ |
| 1178 | keep = 0; |
| 1179 | for (loop = klist->nkeys - 1; loop >= 0; loop--) |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 1180 | if (!key_is_dead(rcu_deref_link_locked(klist, loop, keyring), |
| 1181 | limit)) |
David Howells | 5d13544 | 2009-09-02 09:14:00 +0100 | [diff] [blame] | 1182 | keep++; |
| 1183 | |
| 1184 | if (keep == klist->nkeys) |
| 1185 | goto just_return; |
| 1186 | |
| 1187 | /* allocate a new keyring payload */ |
| 1188 | max = roundup(keep, 4); |
| 1189 | new = kmalloc(sizeof(struct keyring_list) + max * sizeof(struct key *), |
| 1190 | GFP_KERNEL); |
| 1191 | if (!new) |
David Howells | c08ef80 | 2009-09-14 17:26:13 +0100 | [diff] [blame] | 1192 | goto nomem; |
David Howells | 5d13544 | 2009-09-02 09:14:00 +0100 | [diff] [blame] | 1193 | new->maxkeys = max; |
| 1194 | new->nkeys = 0; |
| 1195 | new->delkey = 0; |
| 1196 | |
| 1197 | /* install the live keys |
| 1198 | * - must take care as expired keys may be updated back to life |
| 1199 | */ |
| 1200 | keep = 0; |
| 1201 | for (loop = klist->nkeys - 1; loop >= 0; loop--) { |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 1202 | key = rcu_deref_link_locked(klist, loop, keyring); |
David Howells | 5d13544 | 2009-09-02 09:14:00 +0100 | [diff] [blame] | 1203 | if (!key_is_dead(key, limit)) { |
| 1204 | if (keep >= max) |
| 1205 | goto discard_new; |
David Howells | 233e473 | 2012-05-11 10:56:56 +0100 | [diff] [blame^] | 1206 | RCU_INIT_POINTER(new->keys[keep++], key_get(key)); |
David Howells | 5d13544 | 2009-09-02 09:14:00 +0100 | [diff] [blame] | 1207 | } |
| 1208 | } |
| 1209 | new->nkeys = keep; |
| 1210 | |
| 1211 | /* adjust the quota */ |
| 1212 | key_payload_reserve(keyring, |
| 1213 | sizeof(struct keyring_list) + |
| 1214 | KEYQUOTA_LINK_BYTES * keep); |
| 1215 | |
| 1216 | if (keep == 0) { |
| 1217 | rcu_assign_pointer(keyring->payload.subscriptions, NULL); |
| 1218 | kfree(new); |
| 1219 | } else { |
| 1220 | rcu_assign_pointer(keyring->payload.subscriptions, new); |
| 1221 | } |
| 1222 | |
| 1223 | up_write(&keyring->sem); |
| 1224 | |
| 1225 | call_rcu(&klist->rcu, keyring_clear_rcu_disposal); |
| 1226 | kleave(" [yes]"); |
| 1227 | return; |
| 1228 | |
| 1229 | discard_new: |
| 1230 | new->nkeys = keep; |
| 1231 | keyring_clear_rcu_disposal(&new->rcu); |
David Howells | c08ef80 | 2009-09-14 17:26:13 +0100 | [diff] [blame] | 1232 | up_write(&keyring->sem); |
| 1233 | kleave(" [discard]"); |
| 1234 | return; |
| 1235 | |
David Howells | 5d13544 | 2009-09-02 09:14:00 +0100 | [diff] [blame] | 1236 | just_return: |
| 1237 | up_write(&keyring->sem); |
David Howells | c08ef80 | 2009-09-14 17:26:13 +0100 | [diff] [blame] | 1238 | kleave(" [no dead]"); |
| 1239 | return; |
| 1240 | |
| 1241 | no_klist: |
| 1242 | up_write(&keyring->sem); |
| 1243 | kleave(" [no_klist]"); |
| 1244 | return; |
| 1245 | |
| 1246 | nomem: |
| 1247 | up_write(&keyring->sem); |
| 1248 | kleave(" [oom]"); |
David Howells | 5d13544 | 2009-09-02 09:14:00 +0100 | [diff] [blame] | 1249 | } |