projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[PATCH] Destruction of failed keyring oopses
[deliverable/linux.git] / security / keys / keyring.c
1 /* keyring.c: keyring handling
2 *
3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
15 #include <linux/slab.h>
16 #include <linux/seq_file.h>
17 #include <linux/err.h>
18 #include <asm/uaccess.h>
19 #include "internal.h"
20
21 /*
22 * when plumbing the depths of the key tree, this sets a hard limit set on how
23 * deep we're willing to go
24 */
25 #define KEYRING_SEARCH_MAX_DEPTH 6
26
27 /*
28 * we keep all named keyrings in a hash to speed looking them up
29 */
30 #define KEYRING_NAME_HASH_SIZE (1 << 5)
31
32 static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE];
33 static DEFINE_RWLOCK(keyring_name_lock);
34
35 static inline unsigned keyring_hash(const char *desc)
36 {
37 unsigned bucket = 0;
38
39 for (; *desc; desc++)
40 bucket += (unsigned char) *desc;
41
42 return bucket & (KEYRING_NAME_HASH_SIZE - 1);
43 }
44
45 /*
46 * the keyring type definition
47 */
48 static int keyring_instantiate(struct key *keyring,
49 const void *data, size_t datalen);
50 static int keyring_duplicate(struct key *keyring, const struct key *source);
51 static int keyring_match(const struct key *keyring, const void *criterion);
52 static void keyring_destroy(struct key *keyring);
53 static void keyring_describe(const struct key *keyring, struct seq_file *m);
54 static long keyring_read(const struct key *keyring,
55 char __user *buffer, size_t buflen);
56
57 struct key_type key_type_keyring = {
58 .name = "keyring",
59 .def_datalen = sizeof(struct keyring_list),
60 .instantiate = keyring_instantiate,
61 .duplicate = keyring_duplicate,
62 .match = keyring_match,
63 .destroy = keyring_destroy,
64 .describe = keyring_describe,
65 .read = keyring_read,
66 };
67
68 /*
69 * semaphore to serialise link/link calls to prevent two link calls in parallel
70 * introducing a cycle
71 */
72 DECLARE_RWSEM(keyring_serialise_link_sem);
73
74 /*****************************************************************************/
75 /*
76 * publish the name of a keyring so that it can be found by name (if it has
77 * one)
78 */
79 void keyring_publish_name(struct key *keyring)
80 {
81 int bucket;
82
83 if (keyring->description) {
84 bucket = keyring_hash(keyring->description);
85
86 write_lock(&keyring_name_lock);
87
88 if (!keyring_name_hash[bucket].next)
89 INIT_LIST_HEAD(&keyring_name_hash[bucket]);
90
91 list_add_tail(&keyring->type_data.link,
92 &keyring_name_hash[bucket]);
93
94 write_unlock(&keyring_name_lock);
95 }
96
97 } /* end keyring_publish_name() */
98
99 /*****************************************************************************/
100 /*
101 * initialise a keyring
102 * - we object if we were given any data
103 */
104 static int keyring_instantiate(struct key *keyring,
105 const void *data, size_t datalen)
106 {
107 int ret;
108
109 ret = -EINVAL;
110 if (datalen == 0) {
111 /* make the keyring available by name if it has one */
112 keyring_publish_name(keyring);
113 ret = 0;
114 }
115
116 return ret;
117
118 } /* end keyring_instantiate() */
119
120 /*****************************************************************************/
121 /*
122 * duplicate the list of subscribed keys from a source keyring into this one
123 */
124 static int keyring_duplicate(struct key *keyring, const struct key *source)
125 {
126 struct keyring_list *sklist, *klist;
127 unsigned max;
128 size_t size;
129 int loop, ret;
130
131 const unsigned limit =
132 (PAGE_SIZE - sizeof(*klist)) / sizeof(struct key *);
133
134 ret = 0;
135
136 /* find out how many keys are currently linked */
137 rcu_read_lock();
138 sklist = rcu_dereference(source->payload.subscriptions);
139 max = 0;
140 if (sklist)
141 max = sklist->nkeys;
142 rcu_read_unlock();
143
144 /* allocate a new payload and stuff load with key links */
145 if (max > 0) {
146 BUG_ON(max > limit);
147
148 max = (max + 3) & ~3;
149 if (max > limit)
150 max = limit;
151
152 ret = -ENOMEM;
153 size = sizeof(*klist) + sizeof(struct key *) * max;
154 klist = kmalloc(size, GFP_KERNEL);
155 if (!klist)
156 goto error;
157
158 /* set links */
159 rcu_read_lock();
160 sklist = rcu_dereference(source->payload.subscriptions);
161
162 klist->maxkeys = max;
163 klist->nkeys = sklist->nkeys;
164 memcpy(klist->keys,
165 sklist->keys,
166 sklist->nkeys * sizeof(struct key *));
167
168 for (loop = klist->nkeys - 1; loop >= 0; loop--)
169 atomic_inc(&klist->keys[loop]->usage);
170
171 rcu_read_unlock();
172
173 rcu_assign_pointer(keyring->payload.subscriptions, klist);
174 ret = 0;
175 }
176
177 error:
178 return ret;
179
180 } /* end keyring_duplicate() */
181
182 /*****************************************************************************/
183 /*
184 * match keyrings on their name
185 */
186 static int keyring_match(const struct key *keyring, const void *description)
187 {
188 return keyring->description &&
189 strcmp(keyring->description, description) == 0;
190
191 } /* end keyring_match() */
192
193 /*****************************************************************************/
194 /*
195 * dispose of the data dangling from the corpse of a keyring
196 */
197 static void keyring_destroy(struct key *keyring)
198 {
199 struct keyring_list *klist;
200 int loop;
201
202 if (keyring->description) {
203 write_lock(&keyring_name_lock);
204
205 if (keyring->type_data.link.next != NULL &&
206 !list_empty(&keyring->type_data.link))
207 list_del(&keyring->type_data.link);
208
209 write_unlock(&keyring_name_lock);
210 }
211
212 klist = rcu_dereference(keyring->payload.subscriptions);
213 if (klist) {
214 for (loop = klist->nkeys - 1; loop >= 0; loop--)
215 key_put(klist->keys[loop]);
216 kfree(klist);
217 }
218
219 } /* end keyring_destroy() */
220
221 /*****************************************************************************/
222 /*
223 * describe the keyring
224 */
225 static void keyring_describe(const struct key *keyring, struct seq_file *m)
226 {
227 struct keyring_list *klist;
228
229 if (keyring->description) {
230 seq_puts(m, keyring->description);
231 }
232 else {
233 seq_puts(m, "[anon]");
234 }
235
236 rcu_read_lock();
237 klist = rcu_dereference(keyring->payload.subscriptions);
238 if (klist)
239 seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys);
240 else
241 seq_puts(m, ": empty");
242 rcu_read_unlock();
243
244 } /* end keyring_describe() */
245
246 /*****************************************************************************/
247 /*
248 * read a list of key IDs from the keyring's contents
249 * - the keyring's semaphore is read-locked
250 */
251 static long keyring_read(const struct key *keyring,
252 char __user *buffer, size_t buflen)
253 {
254 struct keyring_list *klist;
255 struct key *key;
256 size_t qty, tmp;
257 int loop, ret;
258
259 ret = 0;
260 klist = rcu_dereference(keyring->payload.subscriptions);
261
262 if (klist) {
263 /* calculate how much data we could return */
264 qty = klist->nkeys * sizeof(key_serial_t);
265
266 if (buffer && buflen > 0) {
267 if (buflen > qty)
268 buflen = qty;
269
270 /* copy the IDs of the subscribed keys into the
271 * buffer */
272 ret = -EFAULT;
273
274 for (loop = 0; loop < klist->nkeys; loop++) {
275 key = klist->keys[loop];
276
277 tmp = sizeof(key_serial_t);
278 if (tmp > buflen)
279 tmp = buflen;
280
281 if (copy_to_user(buffer,
282 &key->serial,
283 tmp) != 0)
284 goto error;
285
286 buflen -= tmp;
287 if (buflen == 0)
288 break;
289 buffer += tmp;
290 }
291 }
292
293 ret = qty;
294 }
295
296 error:
297 return ret;
298
299 } /* end keyring_read() */
300
301 /*****************************************************************************/
302 /*
303 * allocate a keyring and link into the destination keyring
304 */
305 struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
306 int not_in_quota, struct key *dest)
307 {
308 struct key *keyring;
309 int ret;
310
311 keyring = key_alloc(&key_type_keyring, description,
312 uid, gid, KEY_USR_ALL, not_in_quota);
313
314 if (!IS_ERR(keyring)) {
315 ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);
316 if (ret < 0) {
317 key_put(keyring);
318 keyring = ERR_PTR(ret);
319 }
320 }
321
322 return keyring;
323
324 } /* end keyring_alloc() */
325
326 /*****************************************************************************/
327 /*
328 * search the supplied keyring tree for a key that matches the criterion
329 * - perform a breadth-then-depth search up to the prescribed limit
330 * - we only find keys on which we have search permission
331 * - we use the supplied match function to see if the description (or other
332 * feature of interest) matches
333 * - we rely on RCU to prevent the keyring lists from disappearing on us
334 * - we return -EAGAIN if we didn't find any matching key
335 * - we return -ENOKEY if we only found negative matching keys
336 */
337 struct key *keyring_search_aux(struct key *keyring,
338 struct task_struct *context,
339 struct key_type *type,
340 const void *description,
341 key_match_func_t match)
342 {
343 struct {
344 struct keyring_list *keylist;
345 int kix;
346 } stack[KEYRING_SEARCH_MAX_DEPTH];
347
348 struct keyring_list *keylist;
349 struct timespec now;
350 struct key *key;
351 long err;
352 int sp, kix;
353
354 key_check(keyring);
355
356 rcu_read_lock();
357
358 /* top keyring must have search permission to begin the search */
359 key = ERR_PTR(-EACCES);
360 if (!key_task_permission(keyring, context, KEY_SEARCH))
361 goto error;
362
363 key = ERR_PTR(-ENOTDIR);
364 if (keyring->type != &key_type_keyring)
365 goto error;
366
367 now = current_kernel_time();
368 err = -EAGAIN;
369 sp = 0;
370
371 /* start processing a new keyring */
372 descend:
373 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
374 goto not_this_keyring;
375
376 keylist = rcu_dereference(keyring->payload.subscriptions);
377 if (!keylist)
378 goto not_this_keyring;
379
380 /* iterate through the keys in this keyring first */
381 for (kix = 0; kix < keylist->nkeys; kix++) {
382 key = keylist->keys[kix];
383
384 /* ignore keys not of this type */
385 if (key->type != type)
386 continue;
387
388 /* skip revoked keys and expired keys */
389 if (test_bit(KEY_FLAG_REVOKED, &key->flags))
390 continue;
391
392 if (key->expiry && now.tv_sec >= key->expiry)
393 continue;
394
395 /* keys that don't match */
396 if (!match(key, description))
397 continue;
398
399 /* key must have search permissions */
400 if (!key_task_permission(key, context, KEY_SEARCH))
401 continue;
402
403 /* we set a different error code if we find a negative key */
404 if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
405 err = -ENOKEY;
406 continue;
407 }
408
409 goto found;
410 }
411
412 /* search through the keyrings nested in this one */
413 kix = 0;
414 ascend:
415 for (; kix < keylist->nkeys; kix++) {
416 key = keylist->keys[kix];
417 if (key->type != &key_type_keyring)
418 continue;
419
420 /* recursively search nested keyrings
421 * - only search keyrings for which we have search permission
422 */
423 if (sp >= KEYRING_SEARCH_MAX_DEPTH)
424 continue;
425
426 if (!key_task_permission(key, context, KEY_SEARCH))
427 continue;
428
429 /* stack the current position */
430 stack[sp].keylist = keylist;
431 stack[sp].kix = kix;
432 sp++;
433
434 /* begin again with the new keyring */
435 keyring = key;
436 goto descend;
437 }
438
439 /* the keyring we're looking at was disqualified or didn't contain a
440 * matching key */
441 not_this_keyring:
442 if (sp > 0) {
443 /* resume the processing of a keyring higher up in the tree */
444 sp--;
445 keylist = stack[sp].keylist;
446 kix = stack[sp].kix + 1;
447 goto ascend;
448 }
449
450 key = ERR_PTR(err);
451 goto error;
452
453 /* we found a viable match */
454 found:
455 atomic_inc(&key->usage);
456 key_check(key);
457 error:
458 rcu_read_unlock();
459 return key;
460
461 } /* end keyring_search_aux() */
462
463 /*****************************************************************************/
464 /*
465 * search the supplied keyring tree for a key that matches the criterion
466 * - perform a breadth-then-depth search up to the prescribed limit
467 * - we only find keys on which we have search permission
468 * - we readlock the keyrings as we search down the tree
469 * - we return -EAGAIN if we didn't find any matching key
470 * - we return -ENOKEY if we only found negative matching keys
471 */
472 struct key *keyring_search(struct key *keyring,
473 struct key_type *type,
474 const char *description)
475 {
476 if (!type->match)
477 return ERR_PTR(-ENOKEY);
478
479 return keyring_search_aux(keyring, current,
480 type, description, type->match);
481
482 } /* end keyring_search() */
483
484 EXPORT_SYMBOL(keyring_search);
485
486 /*****************************************************************************/
487 /*
488 * search the given keyring only (no recursion)
489 * - keyring must be locked by caller
490 */
491 struct key *__keyring_search_one(struct key *keyring,
492 const struct key_type *ktype,
493 const char *description,
494 key_perm_t perm)
495 {
496 struct keyring_list *klist;
497 struct key *key;
498 int loop;
499
500 rcu_read_lock();
501
502 klist = rcu_dereference(keyring->payload.subscriptions);
503 if (klist) {
504 for (loop = 0; loop < klist->nkeys; loop++) {
505 key = klist->keys[loop];
506
507 if (key->type == ktype &&
508 (!key->type->match ||
509 key->type->match(key, description)) &&
510 key_permission(key, perm) &&
511 !test_bit(KEY_FLAG_REVOKED, &key->flags)
512 )
513 goto found;
514 }
515 }
516
517 key = ERR_PTR(-ENOKEY);
518 goto error;
519
520 found:
521 atomic_inc(&key->usage);
522 error:
523 rcu_read_unlock();
524 return key;
525
526 } /* end __keyring_search_one() */
527
528 /*****************************************************************************/
529 /*
530 * search for an instantiation authorisation key matching a target key
531 * - the RCU read lock must be held by the caller
532 * - a target_id of zero specifies any valid token
533 */
534 struct key *keyring_search_instkey(struct key *keyring,
535 key_serial_t target_id)
536 {
537 struct request_key_auth *rka;
538 struct keyring_list *klist;
539 struct key *instkey;
540 int loop;
541
542 klist = rcu_dereference(keyring->payload.subscriptions);
543 if (klist) {
544 for (loop = 0; loop < klist->nkeys; loop++) {
545 instkey = klist->keys[loop];
546
547 if (instkey->type != &key_type_request_key_auth)
548 continue;
549
550 rka = instkey->payload.data;
551 if (target_id && rka->target_key->serial != target_id)
552 continue;
553
554 /* the auth key is revoked during instantiation */
555 if (!test_bit(KEY_FLAG_REVOKED, &instkey->flags))
556 goto found;
557
558 instkey = ERR_PTR(-EKEYREVOKED);
559 goto error;
560 }
561 }
562
563 instkey = ERR_PTR(-EACCES);
564 goto error;
565
566 found:
567 atomic_inc(&instkey->usage);
568 error:
569 return instkey;
570
571 } /* end keyring_search_instkey() */
572
573 /*****************************************************************************/
574 /*
575 * find a keyring with the specified name
576 * - all named keyrings are searched
577 * - only find keyrings with search permission for the process
578 * - only find keyrings with a serial number greater than the one specified
579 */
580 struct key *find_keyring_by_name(const char *name, key_serial_t bound)
581 {
582 struct key *keyring;
583 int bucket;
584
585 keyring = ERR_PTR(-EINVAL);
586 if (!name)
587 goto error;
588
589 bucket = keyring_hash(name);
590
591 read_lock(&keyring_name_lock);
592
593 if (keyring_name_hash[bucket].next) {
594 /* search this hash bucket for a keyring with a matching name
595 * that's readable and that hasn't been revoked */
596 list_for_each_entry(keyring,
597 &keyring_name_hash[bucket],
598 type_data.link
599 ) {
600 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
601 continue;
602
603 if (strcmp(keyring->description, name) != 0)
604 continue;
605
606 if (!key_permission(keyring, KEY_SEARCH))
607 continue;
608
609 /* found a potential candidate, but we still need to
610 * check the serial number */
611 if (keyring->serial <= bound)
612 continue;
613
614 /* we've got a match */
615 atomic_inc(&keyring->usage);
616 read_unlock(&keyring_name_lock);
617 goto error;
618 }
619 }
620
621 read_unlock(&keyring_name_lock);
622 keyring = ERR_PTR(-ENOKEY);
623
624 error:
625 return keyring;
626
627 } /* end find_keyring_by_name() */
628
629 /*****************************************************************************/
630 /*
631 * see if a cycle will will be created by inserting acyclic tree B in acyclic
632 * tree A at the topmost level (ie: as a direct child of A)
633 * - since we are adding B to A at the top level, checking for cycles should
634 * just be a matter of seeing if node A is somewhere in tree B
635 */
636 static int keyring_detect_cycle(struct key *A, struct key *B)
637 {
638 struct {
639 struct keyring_list *keylist;
640 int kix;
641 } stack[KEYRING_SEARCH_MAX_DEPTH];
642
643 struct keyring_list *keylist;
644 struct key *subtree, *key;
645 int sp, kix, ret;
646
647 rcu_read_lock();
648
649 ret = -EDEADLK;
650 if (A == B)
651 goto cycle_detected;
652
653 subtree = B;
654 sp = 0;
655
656 /* start processing a new keyring */
657 descend:
658 if (test_bit(KEY_FLAG_REVOKED, &subtree->flags))
659 goto not_this_keyring;
660
661 keylist = rcu_dereference(subtree->payload.subscriptions);
662 if (!keylist)
663 goto not_this_keyring;
664 kix = 0;
665
666 ascend:
667 /* iterate through the remaining keys in this keyring */
668 for (; kix < keylist->nkeys; kix++) {
669 key = keylist->keys[kix];
670
671 if (key == A)
672 goto cycle_detected;
673
674 /* recursively check nested keyrings */
675 if (key->type == &key_type_keyring) {
676 if (sp >= KEYRING_SEARCH_MAX_DEPTH)
677 goto too_deep;
678
679 /* stack the current position */
680 stack[sp].keylist = keylist;
681 stack[sp].kix = kix;
682 sp++;
683
684 /* begin again with the new keyring */
685 subtree = key;
686 goto descend;
687 }
688 }
689
690 /* the keyring we're looking at was disqualified or didn't contain a
691 * matching key */
692 not_this_keyring:
693 if (sp > 0) {
694 /* resume the checking of a keyring higher up in the tree */
695 sp--;
696 keylist = stack[sp].keylist;
697 kix = stack[sp].kix + 1;
698 goto ascend;
699 }
700
701 ret = 0; /* no cycles detected */
702
703 error:
704 rcu_read_unlock();
705 return ret;
706
707 too_deep:
708 ret = -ELOOP;
709 goto error;
710
711 cycle_detected:
712 ret = -EDEADLK;
713 goto error;
714
715 } /* end keyring_detect_cycle() */
716
717 /*****************************************************************************/
718 /*
719 * dispose of a keyring list after the RCU grace period
720 */
721 static void keyring_link_rcu_disposal(struct rcu_head *rcu)
722 {
723 struct keyring_list *klist =
724 container_of(rcu, struct keyring_list, rcu);
725
726 kfree(klist);
727
728 } /* end keyring_link_rcu_disposal() */
729
730 /*****************************************************************************/
731 /*
732 * link a key into to a keyring
733 * - must be called with the keyring's semaphore write-locked
734 */
735 int __key_link(struct key *keyring, struct key *key)
736 {
737 struct keyring_list *klist, *nklist;
738 unsigned max;
739 size_t size;
740 int ret;
741
742 ret = -EKEYREVOKED;
743 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
744 goto error;
745
746 ret = -ENOTDIR;
747 if (keyring->type != &key_type_keyring)
748 goto error;
749
750 /* serialise link/link calls to prevent parallel calls causing a
751 * cycle when applied to two keyring in opposite orders */
752 down_write(&keyring_serialise_link_sem);
753
754 /* check that we aren't going to create a cycle adding one keyring to
755 * another */
756 if (key->type == &key_type_keyring) {
757 ret = keyring_detect_cycle(keyring, key);
758 if (ret < 0)
759 goto error2;
760 }
761
762 /* check that we aren't going to overrun the user's quota */
763 ret = key_payload_reserve(keyring,
764 keyring->datalen + KEYQUOTA_LINK_BYTES);
765 if (ret < 0)
766 goto error2;
767
768 klist = keyring->payload.subscriptions;
769
770 if (klist && klist->nkeys < klist->maxkeys) {
771 /* there's sufficient slack space to add directly */
772 atomic_inc(&key->usage);
773
774 klist->keys[klist->nkeys] = key;
775 smp_wmb();
776 klist->nkeys++;
777 smp_wmb();
778
779 ret = 0;
780 }
781 else {
782 /* grow the key list */
783 max = 4;
784 if (klist)
785 max += klist->maxkeys;
786
787 ret = -ENFILE;
788 if (max > 65535)
789 goto error3;
790 size = sizeof(*klist) + sizeof(struct key *) * max;
791 if (size > PAGE_SIZE)
792 goto error3;
793
794 ret = -ENOMEM;
795 nklist = kmalloc(size, GFP_KERNEL);
796 if (!nklist)
797 goto error3;
798 nklist->maxkeys = max;
799 nklist->nkeys = 0;
800
801 if (klist) {
802 nklist->nkeys = klist->nkeys;
803 memcpy(nklist->keys,
804 klist->keys,
805 sizeof(struct key *) * klist->nkeys);
806 }
807
808 /* add the key into the new space */
809 atomic_inc(&key->usage);
810 nklist->keys[nklist->nkeys++] = key;
811
812 rcu_assign_pointer(keyring->payload.subscriptions, nklist);
813
814 /* dispose of the old keyring list */
815 if (klist)
816 call_rcu(&klist->rcu, keyring_link_rcu_disposal);
817
818 ret = 0;
819 }
820
821 error2:
822 up_write(&keyring_serialise_link_sem);
823 error:
824 return ret;
825
826 error3:
827 /* undo the quota changes */
828 key_payload_reserve(keyring,
829 keyring->datalen - KEYQUOTA_LINK_BYTES);
830 goto error2;
831
832 } /* end __key_link() */
833
834 /*****************************************************************************/
835 /*
836 * link a key to a keyring
837 */
838 int key_link(struct key *keyring, struct key *key)
839 {
840 int ret;
841
842 key_check(keyring);
843 key_check(key);
844
845 down_write(&keyring->sem);
846 ret = __key_link(keyring, key);
847 up_write(&keyring->sem);
848
849 return ret;
850
851 } /* end key_link() */
852
853 EXPORT_SYMBOL(key_link);
854
855 /*****************************************************************************/
856 /*
857 * dispose of a keyring list after the RCU grace period, freeing the unlinked
858 * key
859 */
860 static void keyring_unlink_rcu_disposal(struct rcu_head *rcu)
861 {
862 struct keyring_list *klist =
863 container_of(rcu, struct keyring_list, rcu);
864
865 key_put(klist->keys[klist->delkey]);
866 kfree(klist);
867
868 } /* end keyring_unlink_rcu_disposal() */
869
870 /*****************************************************************************/
871 /*
872 * unlink the first link to a key from a keyring
873 */
874 int key_unlink(struct key *keyring, struct key *key)
875 {
876 struct keyring_list *klist, *nklist;
877 int loop, ret;
878
879 key_check(keyring);
880 key_check(key);
881
882 ret = -ENOTDIR;
883 if (keyring->type != &key_type_keyring)
884 goto error;
885
886 down_write(&keyring->sem);
887
888 klist = keyring->payload.subscriptions;
889 if (klist) {
890 /* search the keyring for the key */
891 for (loop = 0; loop < klist->nkeys; loop++)
892 if (klist->keys[loop] == key)
893 goto key_is_present;
894 }
895
896 up_write(&keyring->sem);
897 ret = -ENOENT;
898 goto error;
899
900 key_is_present:
901 /* we need to copy the key list for RCU purposes */
902 nklist = kmalloc(sizeof(*klist) +
903 sizeof(struct key *) * klist->maxkeys,
904 GFP_KERNEL);
905 if (!nklist)
906 goto nomem;
907 nklist->maxkeys = klist->maxkeys;
908 nklist->nkeys = klist->nkeys - 1;
909
910 if (loop > 0)
911 memcpy(&nklist->keys[0],
912 &klist->keys[0],
913 loop * sizeof(struct key *));
914
915 if (loop < nklist->nkeys)
916 memcpy(&nklist->keys[loop],
917 &klist->keys[loop + 1],
918 (nklist->nkeys - loop) * sizeof(struct key *));
919
920 /* adjust the user's quota */
921 key_payload_reserve(keyring,
922 keyring->datalen - KEYQUOTA_LINK_BYTES);
923
924 rcu_assign_pointer(keyring->payload.subscriptions, nklist);
925
926 up_write(&keyring->sem);
927
928 /* schedule for later cleanup */
929 klist->delkey = loop;
930 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
931
932 ret = 0;
933
934 error:
935 return ret;
936 nomem:
937 ret = -ENOMEM;
938 up_write(&keyring->sem);
939 goto error;
940
941 } /* end key_unlink() */
942
943 EXPORT_SYMBOL(key_unlink);
944
945 /*****************************************************************************/
946 /*
947 * dispose of a keyring list after the RCU grace period, releasing the keys it
948 * links to
949 */
950 static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
951 {
952 struct keyring_list *klist;
953 int loop;
954
955 klist = container_of(rcu, struct keyring_list, rcu);
956
957 for (loop = klist->nkeys - 1; loop >= 0; loop--)
958 key_put(klist->keys[loop]);
959
960 kfree(klist);
961
962 } /* end keyring_clear_rcu_disposal() */
963
964 /*****************************************************************************/
965 /*
966 * clear the specified process keyring
967 * - implements keyctl(KEYCTL_CLEAR)
968 */
969 int keyring_clear(struct key *keyring)
970 {
971 struct keyring_list *klist;
972 int ret;
973
974 ret = -ENOTDIR;
975 if (keyring->type == &key_type_keyring) {
976 /* detach the pointer block with the locks held */
977 down_write(&keyring->sem);
978
979 klist = keyring->payload.subscriptions;
980 if (klist) {
981 /* adjust the quota */
982 key_payload_reserve(keyring,
983 sizeof(struct keyring_list));
984
985 rcu_assign_pointer(keyring->payload.subscriptions,
986 NULL);
987 }
988
989 up_write(&keyring->sem);
990
991 /* free the keys after the locks have been dropped */
992 if (klist)
993 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
994
995 ret = 0;
996 }
997
998 return ret;
999
1000 } /* end keyring_clear() */
1001
1002 EXPORT_SYMBOL(keyring_clear);
Linux kernel - Deliverables
This page took 0.061818 seconds and 5 git commands to generate.