Linux Audio

Check our new training course

Buildroot integration, development and maintenance

Need a Buildroot system for your embedded project?
Loading...
v4.6
   1/* Basic authentication token and access key management
   2 *
   3 * Copyright (C) 2004-2008 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public License
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the License, or (at your option) any later version.
  10 */
  11
  12#include <linux/module.h>
  13#include <linux/init.h>
  14#include <linux/poison.h>
  15#include <linux/sched.h>
  16#include <linux/slab.h>
  17#include <linux/security.h>
  18#include <linux/workqueue.h>
  19#include <linux/random.h>
  20#include <linux/err.h>
  21#include "internal.h"
  22
  23struct kmem_cache *key_jar;
  24struct rb_root		key_serial_tree; /* tree of keys indexed by serial */
  25DEFINE_SPINLOCK(key_serial_lock);
  26
  27struct rb_root	key_user_tree; /* tree of quota records indexed by UID */
  28DEFINE_SPINLOCK(key_user_lock);
  29
  30unsigned int key_quota_root_maxkeys = 1000000;	/* root's key count quota */
  31unsigned int key_quota_root_maxbytes = 25000000; /* root's key space quota */
  32unsigned int key_quota_maxkeys = 200;		/* general key count quota */
  33unsigned int key_quota_maxbytes = 20000;	/* general key space quota */
  34
  35static LIST_HEAD(key_types_list);
  36static DECLARE_RWSEM(key_types_sem);
  37
  38/* We serialise key instantiation and link */
  39DEFINE_MUTEX(key_construction_mutex);
  40
  41#ifdef KEY_DEBUGGING
  42void __key_check(const struct key *key)
  43{
  44	printk("__key_check: key %p {%08x} should be {%08x}\n",
  45	       key, key->magic, KEY_DEBUG_MAGIC);
  46	BUG();
  47}
  48#endif
  49
  50/*
  51 * Get the key quota record for a user, allocating a new record if one doesn't
  52 * already exist.
  53 */
  54struct key_user *key_user_lookup(kuid_t uid)
  55{
  56	struct key_user *candidate = NULL, *user;
  57	struct rb_node *parent = NULL;
  58	struct rb_node **p;
  59
  60try_again:
  61	p = &key_user_tree.rb_node;
  62	spin_lock(&key_user_lock);
  63
  64	/* search the tree for a user record with a matching UID */
  65	while (*p) {
  66		parent = *p;
  67		user = rb_entry(parent, struct key_user, node);
  68
  69		if (uid_lt(uid, user->uid))
  70			p = &(*p)->rb_left;
  71		else if (uid_gt(uid, user->uid))
  72			p = &(*p)->rb_right;
  73		else
  74			goto found;
  75	}
  76
  77	/* if we get here, we failed to find a match in the tree */
  78	if (!candidate) {
  79		/* allocate a candidate user record if we don't already have
  80		 * one */
  81		spin_unlock(&key_user_lock);
  82
  83		user = NULL;
  84		candidate = kmalloc(sizeof(struct key_user), GFP_KERNEL);
  85		if (unlikely(!candidate))
  86			goto out;
  87
  88		/* the allocation may have scheduled, so we need to repeat the
  89		 * search lest someone else added the record whilst we were
  90		 * asleep */
  91		goto try_again;
  92	}
  93
  94	/* if we get here, then the user record still hadn't appeared on the
  95	 * second pass - so we use the candidate record */
  96	atomic_set(&candidate->usage, 1);
  97	atomic_set(&candidate->nkeys, 0);
  98	atomic_set(&candidate->nikeys, 0);
  99	candidate->uid = uid;
 100	candidate->qnkeys = 0;
 101	candidate->qnbytes = 0;
 102	spin_lock_init(&candidate->lock);
 103	mutex_init(&candidate->cons_lock);
 104
 105	rb_link_node(&candidate->node, parent, p);
 106	rb_insert_color(&candidate->node, &key_user_tree);
 107	spin_unlock(&key_user_lock);
 108	user = candidate;
 109	goto out;
 110
 111	/* okay - we found a user record for this UID */
 112found:
 113	atomic_inc(&user->usage);
 114	spin_unlock(&key_user_lock);
 115	kfree(candidate);
 116out:
 117	return user;
 118}
 119
 120/*
 121 * Dispose of a user structure
 122 */
 123void key_user_put(struct key_user *user)
 124{
 125	if (atomic_dec_and_lock(&user->usage, &key_user_lock)) {
 126		rb_erase(&user->node, &key_user_tree);
 127		spin_unlock(&key_user_lock);
 128
 129		kfree(user);
 130	}
 131}
 132
 133/*
 134 * Allocate a serial number for a key.  These are assigned randomly to avoid
 135 * security issues through covert channel problems.
 136 */
 137static inline void key_alloc_serial(struct key *key)
 138{
 139	struct rb_node *parent, **p;
 140	struct key *xkey;
 141
 142	/* propose a random serial number and look for a hole for it in the
 143	 * serial number tree */
 144	do {
 145		get_random_bytes(&key->serial, sizeof(key->serial));
 146
 147		key->serial >>= 1; /* negative numbers are not permitted */
 148	} while (key->serial < 3);
 149
 150	spin_lock(&key_serial_lock);
 151
 152attempt_insertion:
 153	parent = NULL;
 154	p = &key_serial_tree.rb_node;
 155
 156	while (*p) {
 157		parent = *p;
 158		xkey = rb_entry(parent, struct key, serial_node);
 159
 160		if (key->serial < xkey->serial)
 161			p = &(*p)->rb_left;
 162		else if (key->serial > xkey->serial)
 163			p = &(*p)->rb_right;
 164		else
 165			goto serial_exists;
 166	}
 167
 168	/* we've found a suitable hole - arrange for this key to occupy it */
 169	rb_link_node(&key->serial_node, parent, p);
 170	rb_insert_color(&key->serial_node, &key_serial_tree);
 171
 172	spin_unlock(&key_serial_lock);
 173	return;
 174
 175	/* we found a key with the proposed serial number - walk the tree from
 176	 * that point looking for the next unused serial number */
 177serial_exists:
 178	for (;;) {
 179		key->serial++;
 180		if (key->serial < 3) {
 181			key->serial = 3;
 182			goto attempt_insertion;
 183		}
 184
 185		parent = rb_next(parent);
 186		if (!parent)
 187			goto attempt_insertion;
 188
 189		xkey = rb_entry(parent, struct key, serial_node);
 190		if (key->serial < xkey->serial)
 191			goto attempt_insertion;
 192	}
 193}
 194
 195/**
 196 * key_alloc - Allocate a key of the specified type.
 197 * @type: The type of key to allocate.
 198 * @desc: The key description to allow the key to be searched out.
 199 * @uid: The owner of the new key.
 200 * @gid: The group ID for the new key's group permissions.
 201 * @cred: The credentials specifying UID namespace.
 202 * @perm: The permissions mask of the new key.
 203 * @flags: Flags specifying quota properties.
 
 204 *
 205 * Allocate a key of the specified type with the attributes given.  The key is
 206 * returned in an uninstantiated state and the caller needs to instantiate the
 207 * key before returning.
 208 *
 209 * The user's key count quota is updated to reflect the creation of the key and
 210 * the user's key data quota has the default for the key type reserved.  The
 211 * instantiation function should amend this as necessary.  If insufficient
 212 * quota is available, -EDQUOT will be returned.
 213 *
 214 * The LSM security modules can prevent a key being created, in which case
 215 * -EACCES will be returned.
 216 *
 217 * Returns a pointer to the new key if successful and an error code otherwise.
 218 *
 219 * Note that the caller needs to ensure the key type isn't uninstantiated.
 220 * Internally this can be done by locking key_types_sem.  Externally, this can
 221 * be done by either never unregistering the key type, or making sure
 222 * key_alloc() calls don't race with module unloading.
 223 */
 224struct key *key_alloc(struct key_type *type, const char *desc,
 225		      kuid_t uid, kgid_t gid, const struct cred *cred,
 226		      key_perm_t perm, unsigned long flags)
 
 
 
 227{
 228	struct key_user *user = NULL;
 229	struct key *key;
 230	size_t desclen, quotalen;
 231	int ret;
 232
 233	key = ERR_PTR(-EINVAL);
 234	if (!desc || !*desc)
 235		goto error;
 236
 237	if (type->vet_description) {
 238		ret = type->vet_description(desc);
 239		if (ret < 0) {
 240			key = ERR_PTR(ret);
 241			goto error;
 242		}
 243	}
 244
 245	desclen = strlen(desc);
 246	quotalen = desclen + 1 + type->def_datalen;
 247
 248	/* get hold of the key tracking for this user */
 249	user = key_user_lookup(uid);
 250	if (!user)
 251		goto no_memory_1;
 252
 253	/* check that the user's quota permits allocation of another key and
 254	 * its description */
 255	if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
 256		unsigned maxkeys = uid_eq(uid, GLOBAL_ROOT_UID) ?
 257			key_quota_root_maxkeys : key_quota_maxkeys;
 258		unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ?
 259			key_quota_root_maxbytes : key_quota_maxbytes;
 260
 261		spin_lock(&user->lock);
 262		if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) {
 263			if (user->qnkeys + 1 >= maxkeys ||
 264			    user->qnbytes + quotalen >= maxbytes ||
 265			    user->qnbytes + quotalen < user->qnbytes)
 266				goto no_quota;
 267		}
 268
 269		user->qnkeys++;
 270		user->qnbytes += quotalen;
 271		spin_unlock(&user->lock);
 272	}
 273
 274	/* allocate and initialise the key and its description */
 275	key = kmem_cache_zalloc(key_jar, GFP_KERNEL);
 276	if (!key)
 277		goto no_memory_2;
 278
 279	key->index_key.desc_len = desclen;
 280	key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL);
 281	if (!key->index_key.description)
 282		goto no_memory_3;
 283
 284	atomic_set(&key->usage, 1);
 285	init_rwsem(&key->sem);
 286	lockdep_set_class(&key->sem, &type->lock_class);
 287	key->index_key.type = type;
 288	key->user = user;
 289	key->quotalen = quotalen;
 290	key->datalen = type->def_datalen;
 291	key->uid = uid;
 292	key->gid = gid;
 293	key->perm = perm;
 
 294
 295	if (!(flags & KEY_ALLOC_NOT_IN_QUOTA))
 296		key->flags |= 1 << KEY_FLAG_IN_QUOTA;
 297	if (flags & KEY_ALLOC_TRUSTED)
 298		key->flags |= 1 << KEY_FLAG_TRUSTED;
 299	if (flags & KEY_ALLOC_BUILT_IN)
 300		key->flags |= 1 << KEY_FLAG_BUILTIN;
 301
 302#ifdef KEY_DEBUGGING
 303	key->magic = KEY_DEBUG_MAGIC;
 304#endif
 305
 306	/* let the security module know about the key */
 307	ret = security_key_alloc(key, cred, flags);
 308	if (ret < 0)
 309		goto security_error;
 310
 311	/* publish the key by giving it a serial number */
 312	atomic_inc(&user->nkeys);
 313	key_alloc_serial(key);
 314
 315error:
 316	return key;
 317
 318security_error:
 319	kfree(key->description);
 320	kmem_cache_free(key_jar, key);
 321	if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
 322		spin_lock(&user->lock);
 323		user->qnkeys--;
 324		user->qnbytes -= quotalen;
 325		spin_unlock(&user->lock);
 326	}
 327	key_user_put(user);
 328	key = ERR_PTR(ret);
 329	goto error;
 330
 331no_memory_3:
 332	kmem_cache_free(key_jar, key);
 333no_memory_2:
 334	if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
 335		spin_lock(&user->lock);
 336		user->qnkeys--;
 337		user->qnbytes -= quotalen;
 338		spin_unlock(&user->lock);
 339	}
 340	key_user_put(user);
 341no_memory_1:
 342	key = ERR_PTR(-ENOMEM);
 343	goto error;
 344
 345no_quota:
 346	spin_unlock(&user->lock);
 347	key_user_put(user);
 348	key = ERR_PTR(-EDQUOT);
 349	goto error;
 350}
 351EXPORT_SYMBOL(key_alloc);
 352
 353/**
 354 * key_payload_reserve - Adjust data quota reservation for the key's payload
 355 * @key: The key to make the reservation for.
 356 * @datalen: The amount of data payload the caller now wants.
 357 *
 358 * Adjust the amount of the owning user's key data quota that a key reserves.
 359 * If the amount is increased, then -EDQUOT may be returned if there isn't
 360 * enough free quota available.
 361 *
 362 * If successful, 0 is returned.
 363 */
 364int key_payload_reserve(struct key *key, size_t datalen)
 365{
 366	int delta = (int)datalen - key->datalen;
 367	int ret = 0;
 368
 369	key_check(key);
 370
 371	/* contemplate the quota adjustment */
 372	if (delta != 0 && test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
 373		unsigned maxbytes = uid_eq(key->user->uid, GLOBAL_ROOT_UID) ?
 374			key_quota_root_maxbytes : key_quota_maxbytes;
 375
 376		spin_lock(&key->user->lock);
 377
 378		if (delta > 0 &&
 379		    (key->user->qnbytes + delta >= maxbytes ||
 380		     key->user->qnbytes + delta < key->user->qnbytes)) {
 381			ret = -EDQUOT;
 382		}
 383		else {
 384			key->user->qnbytes += delta;
 385			key->quotalen += delta;
 386		}
 387		spin_unlock(&key->user->lock);
 388	}
 389
 390	/* change the recorded data length if that didn't generate an error */
 391	if (ret == 0)
 392		key->datalen = datalen;
 393
 394	return ret;
 395}
 396EXPORT_SYMBOL(key_payload_reserve);
 397
 398/*
 399 * Instantiate a key and link it into the target keyring atomically.  Must be
 400 * called with the target keyring's semaphore writelocked.  The target key's
 401 * semaphore need not be locked as instantiation is serialised by
 402 * key_construction_mutex.
 403 */
 404static int __key_instantiate_and_link(struct key *key,
 405				      struct key_preparsed_payload *prep,
 406				      struct key *keyring,
 407				      struct key *authkey,
 408				      struct assoc_array_edit **_edit)
 409{
 410	int ret, awaken;
 411
 412	key_check(key);
 413	key_check(keyring);
 414
 415	awaken = 0;
 416	ret = -EBUSY;
 417
 418	mutex_lock(&key_construction_mutex);
 419
 420	/* can't instantiate twice */
 421	if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
 422		/* instantiate the key */
 423		ret = key->type->instantiate(key, prep);
 424
 425		if (ret == 0) {
 426			/* mark the key as being instantiated */
 427			atomic_inc(&key->user->nikeys);
 428			set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
 429
 430			if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
 431				awaken = 1;
 432
 433			/* and link it into the destination keyring */
 434			if (keyring) {
 435				if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
 436					set_bit(KEY_FLAG_KEEP, &key->flags);
 437
 438				__key_link(key, _edit);
 439			}
 440
 441			/* disable the authorisation key */
 442			if (authkey)
 443				key_revoke(authkey);
 444
 445			if (prep->expiry != TIME_T_MAX) {
 446				key->expiry = prep->expiry;
 447				key_schedule_gc(prep->expiry + key_gc_delay);
 448			}
 449		}
 450	}
 451
 452	mutex_unlock(&key_construction_mutex);
 453
 454	/* wake up anyone waiting for a key to be constructed */
 455	if (awaken)
 456		wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT);
 457
 458	return ret;
 459}
 460
 461/**
 462 * key_instantiate_and_link - Instantiate a key and link it into the keyring.
 463 * @key: The key to instantiate.
 464 * @data: The data to use to instantiate the keyring.
 465 * @datalen: The length of @data.
 466 * @keyring: Keyring to create a link in on success (or NULL).
 467 * @authkey: The authorisation token permitting instantiation.
 468 *
 469 * Instantiate a key that's in the uninstantiated state using the provided data
 470 * and, if successful, link it in to the destination keyring if one is
 471 * supplied.
 472 *
 473 * If successful, 0 is returned, the authorisation token is revoked and anyone
 474 * waiting for the key is woken up.  If the key was already instantiated,
 475 * -EBUSY will be returned.
 476 */
 477int key_instantiate_and_link(struct key *key,
 478			     const void *data,
 479			     size_t datalen,
 480			     struct key *keyring,
 481			     struct key *authkey)
 482{
 483	struct key_preparsed_payload prep;
 484	struct assoc_array_edit *edit;
 485	int ret;
 486
 487	memset(&prep, 0, sizeof(prep));
 488	prep.data = data;
 489	prep.datalen = datalen;
 490	prep.quotalen = key->type->def_datalen;
 491	prep.expiry = TIME_T_MAX;
 492	if (key->type->preparse) {
 493		ret = key->type->preparse(&prep);
 494		if (ret < 0)
 495			goto error;
 496	}
 497
 498	if (keyring) {
 
 
 
 
 
 
 499		ret = __key_link_begin(keyring, &key->index_key, &edit);
 500		if (ret < 0)
 501			goto error;
 502	}
 503
 504	ret = __key_instantiate_and_link(key, &prep, keyring, authkey, &edit);
 505
 506	if (keyring)
 507		__key_link_end(keyring, &key->index_key, edit);
 508
 509error:
 510	if (key->type->preparse)
 511		key->type->free_preparse(&prep);
 512	return ret;
 513}
 514
 515EXPORT_SYMBOL(key_instantiate_and_link);
 516
 517/**
 518 * key_reject_and_link - Negatively instantiate a key and link it into the keyring.
 519 * @key: The key to instantiate.
 520 * @timeout: The timeout on the negative key.
 521 * @error: The error to return when the key is hit.
 522 * @keyring: Keyring to create a link in on success (or NULL).
 523 * @authkey: The authorisation token permitting instantiation.
 524 *
 525 * Negatively instantiate a key that's in the uninstantiated state and, if
 526 * successful, set its timeout and stored error and link it in to the
 527 * destination keyring if one is supplied.  The key and any links to the key
 528 * will be automatically garbage collected after the timeout expires.
 529 *
 530 * Negative keys are used to rate limit repeated request_key() calls by causing
 531 * them to return the stored error code (typically ENOKEY) until the negative
 532 * key expires.
 533 *
 534 * If successful, 0 is returned, the authorisation token is revoked and anyone
 535 * waiting for the key is woken up.  If the key was already instantiated,
 536 * -EBUSY will be returned.
 537 */
 538int key_reject_and_link(struct key *key,
 539			unsigned timeout,
 540			unsigned error,
 541			struct key *keyring,
 542			struct key *authkey)
 543{
 544	struct assoc_array_edit *edit;
 545	struct timespec now;
 546	int ret, awaken, link_ret = 0;
 547
 548	key_check(key);
 549	key_check(keyring);
 550
 551	awaken = 0;
 552	ret = -EBUSY;
 553
 554	if (keyring)
 
 
 
 555		link_ret = __key_link_begin(keyring, &key->index_key, &edit);
 
 556
 557	mutex_lock(&key_construction_mutex);
 558
 559	/* can't instantiate twice */
 560	if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
 561		/* mark the key as being negatively instantiated */
 562		atomic_inc(&key->user->nikeys);
 563		key->reject_error = -error;
 564		smp_wmb();
 565		set_bit(KEY_FLAG_NEGATIVE, &key->flags);
 566		set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
 567		now = current_kernel_time();
 568		key->expiry = now.tv_sec + timeout;
 569		key_schedule_gc(key->expiry + key_gc_delay);
 570
 571		if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
 572			awaken = 1;
 573
 574		ret = 0;
 575
 576		/* and link it into the destination keyring */
 577		if (keyring && link_ret == 0)
 578			__key_link(key, &edit);
 579
 580		/* disable the authorisation key */
 581		if (authkey)
 582			key_revoke(authkey);
 583	}
 584
 585	mutex_unlock(&key_construction_mutex);
 586
 587	if (keyring)
 588		__key_link_end(keyring, &key->index_key, edit);
 589
 590	/* wake up anyone waiting for a key to be constructed */
 591	if (awaken)
 592		wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT);
 593
 594	return ret == 0 ? link_ret : ret;
 595}
 596EXPORT_SYMBOL(key_reject_and_link);
 597
 598/**
 599 * key_put - Discard a reference to a key.
 600 * @key: The key to discard a reference from.
 601 *
 602 * Discard a reference to a key, and when all the references are gone, we
 603 * schedule the cleanup task to come and pull it out of the tree in process
 604 * context at some later time.
 605 */
 606void key_put(struct key *key)
 607{
 608	if (key) {
 609		key_check(key);
 610
 611		if (atomic_dec_and_test(&key->usage))
 612			schedule_work(&key_gc_work);
 613	}
 614}
 615EXPORT_SYMBOL(key_put);
 616
 617/*
 618 * Find a key by its serial number.
 619 */
 620struct key *key_lookup(key_serial_t id)
 621{
 622	struct rb_node *n;
 623	struct key *key;
 624
 625	spin_lock(&key_serial_lock);
 626
 627	/* search the tree for the specified key */
 628	n = key_serial_tree.rb_node;
 629	while (n) {
 630		key = rb_entry(n, struct key, serial_node);
 631
 632		if (id < key->serial)
 633			n = n->rb_left;
 634		else if (id > key->serial)
 635			n = n->rb_right;
 636		else
 637			goto found;
 638	}
 639
 640not_found:
 641	key = ERR_PTR(-ENOKEY);
 642	goto error;
 643
 644found:
 645	/* pretend it doesn't exist if it is awaiting deletion */
 646	if (atomic_read(&key->usage) == 0)
 647		goto not_found;
 648
 649	/* this races with key_put(), but that doesn't matter since key_put()
 650	 * doesn't actually change the key
 651	 */
 652	__key_get(key);
 653
 654error:
 655	spin_unlock(&key_serial_lock);
 656	return key;
 657}
 658
 659/*
 660 * Find and lock the specified key type against removal.
 661 *
 662 * We return with the sem read-locked if successful.  If the type wasn't
 663 * available -ENOKEY is returned instead.
 664 */
 665struct key_type *key_type_lookup(const char *type)
 666{
 667	struct key_type *ktype;
 668
 669	down_read(&key_types_sem);
 670
 671	/* look up the key type to see if it's one of the registered kernel
 672	 * types */
 673	list_for_each_entry(ktype, &key_types_list, link) {
 674		if (strcmp(ktype->name, type) == 0)
 675			goto found_kernel_type;
 676	}
 677
 678	up_read(&key_types_sem);
 679	ktype = ERR_PTR(-ENOKEY);
 680
 681found_kernel_type:
 682	return ktype;
 683}
 684
 685void key_set_timeout(struct key *key, unsigned timeout)
 686{
 687	struct timespec now;
 688	time_t expiry = 0;
 689
 690	/* make the changes with the locks held to prevent races */
 691	down_write(&key->sem);
 692
 693	if (timeout > 0) {
 694		now = current_kernel_time();
 695		expiry = now.tv_sec + timeout;
 696	}
 697
 698	key->expiry = expiry;
 699	key_schedule_gc(key->expiry + key_gc_delay);
 700
 701	up_write(&key->sem);
 702}
 703EXPORT_SYMBOL_GPL(key_set_timeout);
 704
 705/*
 706 * Unlock a key type locked by key_type_lookup().
 707 */
 708void key_type_put(struct key_type *ktype)
 709{
 710	up_read(&key_types_sem);
 711}
 712
 713/*
 714 * Attempt to update an existing key.
 715 *
 716 * The key is given to us with an incremented refcount that we need to discard
 717 * if we get an error.
 718 */
 719static inline key_ref_t __key_update(key_ref_t key_ref,
 720				     struct key_preparsed_payload *prep)
 721{
 722	struct key *key = key_ref_to_ptr(key_ref);
 723	int ret;
 724
 725	/* need write permission on the key to update it */
 726	ret = key_permission(key_ref, KEY_NEED_WRITE);
 727	if (ret < 0)
 728		goto error;
 729
 730	ret = -EEXIST;
 731	if (!key->type->update)
 732		goto error;
 733
 734	down_write(&key->sem);
 735
 736	ret = key->type->update(key, prep);
 737	if (ret == 0)
 738		/* updating a negative key instantiates it */
 739		clear_bit(KEY_FLAG_NEGATIVE, &key->flags);
 740
 741	up_write(&key->sem);
 742
 743	if (ret < 0)
 744		goto error;
 745out:
 746	return key_ref;
 747
 748error:
 749	key_put(key);
 750	key_ref = ERR_PTR(ret);
 751	goto out;
 752}
 753
 754/**
 755 * key_create_or_update - Update or create and instantiate a key.
 756 * @keyring_ref: A pointer to the destination keyring with possession flag.
 757 * @type: The type of key.
 758 * @description: The searchable description for the key.
 759 * @payload: The data to use to instantiate or update the key.
 760 * @plen: The length of @payload.
 761 * @perm: The permissions mask for a new key.
 762 * @flags: The quota flags for a new key.
 763 *
 764 * Search the destination keyring for a key of the same description and if one
 765 * is found, update it, otherwise create and instantiate a new one and create a
 766 * link to it from that keyring.
 767 *
 768 * If perm is KEY_PERM_UNDEF then an appropriate key permissions mask will be
 769 * concocted.
 770 *
 771 * Returns a pointer to the new key if successful, -ENODEV if the key type
 772 * wasn't available, -ENOTDIR if the keyring wasn't a keyring, -EACCES if the
 773 * caller isn't permitted to modify the keyring or the LSM did not permit
 774 * creation of the key.
 775 *
 776 * On success, the possession flag from the keyring ref will be tacked on to
 777 * the key ref before it is returned.
 778 */
 779key_ref_t key_create_or_update(key_ref_t keyring_ref,
 780			       const char *type,
 781			       const char *description,
 782			       const void *payload,
 783			       size_t plen,
 784			       key_perm_t perm,
 785			       unsigned long flags)
 786{
 787	struct keyring_index_key index_key = {
 788		.description	= description,
 789	};
 790	struct key_preparsed_payload prep;
 791	struct assoc_array_edit *edit;
 792	const struct cred *cred = current_cred();
 793	struct key *keyring, *key = NULL;
 794	key_ref_t key_ref;
 795	int ret;
 
 
 
 796
 797	/* look up the key type to see if it's one of the registered kernel
 798	 * types */
 799	index_key.type = key_type_lookup(type);
 800	if (IS_ERR(index_key.type)) {
 801		key_ref = ERR_PTR(-ENODEV);
 802		goto error;
 803	}
 804
 805	key_ref = ERR_PTR(-EINVAL);
 806	if (!index_key.type->instantiate ||
 807	    (!index_key.description && !index_key.type->preparse))
 808		goto error_put_type;
 809
 810	keyring = key_ref_to_ptr(keyring_ref);
 811
 812	key_check(keyring);
 813
 
 
 
 
 814	key_ref = ERR_PTR(-ENOTDIR);
 815	if (keyring->type != &key_type_keyring)
 816		goto error_put_type;
 817
 818	memset(&prep, 0, sizeof(prep));
 819	prep.data = payload;
 820	prep.datalen = plen;
 821	prep.quotalen = index_key.type->def_datalen;
 822	prep.trusted = flags & KEY_ALLOC_TRUSTED;
 823	prep.expiry = TIME_T_MAX;
 824	if (index_key.type->preparse) {
 825		ret = index_key.type->preparse(&prep);
 826		if (ret < 0) {
 827			key_ref = ERR_PTR(ret);
 828			goto error_free_prep;
 829		}
 830		if (!index_key.description)
 831			index_key.description = prep.description;
 832		key_ref = ERR_PTR(-EINVAL);
 833		if (!index_key.description)
 834			goto error_free_prep;
 835	}
 836	index_key.desc_len = strlen(index_key.description);
 837
 838	key_ref = ERR_PTR(-EPERM);
 839	if (!prep.trusted && test_bit(KEY_FLAG_TRUSTED_ONLY, &keyring->flags))
 840		goto error_free_prep;
 841	flags |= prep.trusted ? KEY_ALLOC_TRUSTED : 0;
 
 
 
 842
 843	ret = __key_link_begin(keyring, &index_key, &edit);
 844	if (ret < 0) {
 845		key_ref = ERR_PTR(ret);
 846		goto error_free_prep;
 847	}
 848
 849	/* if we're going to allocate a new key, we're going to have
 850	 * to modify the keyring */
 851	ret = key_permission(keyring_ref, KEY_NEED_WRITE);
 852	if (ret < 0) {
 853		key_ref = ERR_PTR(ret);
 854		goto error_link_end;
 855	}
 856
 857	/* if it's possible to update this type of key, search for an existing
 858	 * key of the same type and description in the destination keyring and
 859	 * update that instead if possible
 860	 */
 861	if (index_key.type->update) {
 862		key_ref = find_key_to_update(keyring_ref, &index_key);
 863		if (key_ref)
 864			goto found_matching_key;
 865	}
 866
 867	/* if the client doesn't provide, decide on the permissions we want */
 868	if (perm == KEY_PERM_UNDEF) {
 869		perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
 870		perm |= KEY_USR_VIEW;
 871
 872		if (index_key.type->read)
 873			perm |= KEY_POS_READ;
 874
 875		if (index_key.type == &key_type_keyring ||
 876		    index_key.type->update)
 877			perm |= KEY_POS_WRITE;
 878	}
 879
 880	/* allocate a new key */
 881	key = key_alloc(index_key.type, index_key.description,
 882			cred->fsuid, cred->fsgid, cred, perm, flags);
 883	if (IS_ERR(key)) {
 884		key_ref = ERR_CAST(key);
 885		goto error_link_end;
 886	}
 887
 888	/* instantiate it and link it into the target keyring */
 889	ret = __key_instantiate_and_link(key, &prep, keyring, NULL, &edit);
 890	if (ret < 0) {
 891		key_put(key);
 892		key_ref = ERR_PTR(ret);
 893		goto error_link_end;
 894	}
 895
 896	key_ref = make_key_ref(key, is_key_possessed(keyring_ref));
 897
 898error_link_end:
 899	__key_link_end(keyring, &index_key, edit);
 900error_free_prep:
 901	if (index_key.type->preparse)
 902		index_key.type->free_preparse(&prep);
 903error_put_type:
 904	key_type_put(index_key.type);
 905error:
 906	return key_ref;
 907
 908 found_matching_key:
 909	/* we found a matching key, so we're going to try to update it
 910	 * - we can drop the locks first as we have the key pinned
 911	 */
 912	__key_link_end(keyring, &index_key, edit);
 913
 914	key_ref = __key_update(key_ref, &prep);
 915	goto error_free_prep;
 916}
 917EXPORT_SYMBOL(key_create_or_update);
 918
 919/**
 920 * key_update - Update a key's contents.
 921 * @key_ref: The pointer (plus possession flag) to the key.
 922 * @payload: The data to be used to update the key.
 923 * @plen: The length of @payload.
 924 *
 925 * Attempt to update the contents of a key with the given payload data.  The
 926 * caller must be granted Write permission on the key.  Negative keys can be
 927 * instantiated by this method.
 928 *
 929 * Returns 0 on success, -EACCES if not permitted and -EOPNOTSUPP if the key
 930 * type does not support updating.  The key type may return other errors.
 931 */
 932int key_update(key_ref_t key_ref, const void *payload, size_t plen)
 933{
 934	struct key_preparsed_payload prep;
 935	struct key *key = key_ref_to_ptr(key_ref);
 936	int ret;
 937
 938	key_check(key);
 939
 940	/* the key must be writable */
 941	ret = key_permission(key_ref, KEY_NEED_WRITE);
 942	if (ret < 0)
 943		goto error;
 944
 945	/* attempt to update it if supported */
 946	ret = -EOPNOTSUPP;
 947	if (!key->type->update)
 948		goto error;
 949
 950	memset(&prep, 0, sizeof(prep));
 951	prep.data = payload;
 952	prep.datalen = plen;
 953	prep.quotalen = key->type->def_datalen;
 954	prep.expiry = TIME_T_MAX;
 955	if (key->type->preparse) {
 956		ret = key->type->preparse(&prep);
 957		if (ret < 0)
 958			goto error;
 959	}
 960
 961	down_write(&key->sem);
 962
 963	ret = key->type->update(key, &prep);
 964	if (ret == 0)
 965		/* updating a negative key instantiates it */
 966		clear_bit(KEY_FLAG_NEGATIVE, &key->flags);
 967
 968	up_write(&key->sem);
 969
 970error:
 971	if (key->type->preparse)
 972		key->type->free_preparse(&prep);
 973	return ret;
 974}
 975EXPORT_SYMBOL(key_update);
 976
 977/**
 978 * key_revoke - Revoke a key.
 979 * @key: The key to be revoked.
 980 *
 981 * Mark a key as being revoked and ask the type to free up its resources.  The
 982 * revocation timeout is set and the key and all its links will be
 983 * automatically garbage collected after key_gc_delay amount of time if they
 984 * are not manually dealt with first.
 985 */
 986void key_revoke(struct key *key)
 987{
 988	struct timespec now;
 989	time_t time;
 990
 991	key_check(key);
 992
 993	/* make sure no one's trying to change or use the key when we mark it
 994	 * - we tell lockdep that we might nest because we might be revoking an
 995	 *   authorisation key whilst holding the sem on a key we've just
 996	 *   instantiated
 997	 */
 998	down_write_nested(&key->sem, 1);
 999	if (!test_and_set_bit(KEY_FLAG_REVOKED, &key->flags) &&
1000	    key->type->revoke)
1001		key->type->revoke(key);
1002
1003	/* set the death time to no more than the expiry time */
1004	now = current_kernel_time();
1005	time = now.tv_sec;
1006	if (key->revoked_at == 0 || key->revoked_at > time) {
1007		key->revoked_at = time;
1008		key_schedule_gc(key->revoked_at + key_gc_delay);
1009	}
1010
1011	up_write(&key->sem);
1012}
1013EXPORT_SYMBOL(key_revoke);
1014
1015/**
1016 * key_invalidate - Invalidate a key.
1017 * @key: The key to be invalidated.
1018 *
1019 * Mark a key as being invalidated and have it cleaned up immediately.  The key
1020 * is ignored by all searches and other operations from this point.
1021 */
1022void key_invalidate(struct key *key)
1023{
1024	kenter("%d", key_serial(key));
1025
1026	key_check(key);
1027
1028	if (!test_bit(KEY_FLAG_INVALIDATED, &key->flags)) {
1029		down_write_nested(&key->sem, 1);
1030		if (!test_and_set_bit(KEY_FLAG_INVALIDATED, &key->flags))
1031			key_schedule_gc_links();
1032		up_write(&key->sem);
1033	}
1034}
1035EXPORT_SYMBOL(key_invalidate);
1036
1037/**
1038 * generic_key_instantiate - Simple instantiation of a key from preparsed data
1039 * @key: The key to be instantiated
1040 * @prep: The preparsed data to load.
1041 *
1042 * Instantiate a key from preparsed data.  We assume we can just copy the data
1043 * in directly and clear the old pointers.
1044 *
1045 * This can be pointed to directly by the key type instantiate op pointer.
1046 */
1047int generic_key_instantiate(struct key *key, struct key_preparsed_payload *prep)
1048{
1049	int ret;
1050
1051	pr_devel("==>%s()\n", __func__);
1052
1053	ret = key_payload_reserve(key, prep->quotalen);
1054	if (ret == 0) {
1055		rcu_assign_keypointer(key, prep->payload.data[0]);
1056		key->payload.data[1] = prep->payload.data[1];
1057		key->payload.data[2] = prep->payload.data[2];
1058		key->payload.data[3] = prep->payload.data[3];
1059		prep->payload.data[0] = NULL;
1060		prep->payload.data[1] = NULL;
1061		prep->payload.data[2] = NULL;
1062		prep->payload.data[3] = NULL;
1063	}
1064	pr_devel("<==%s() = %d\n", __func__, ret);
1065	return ret;
1066}
1067EXPORT_SYMBOL(generic_key_instantiate);
1068
1069/**
1070 * register_key_type - Register a type of key.
1071 * @ktype: The new key type.
1072 *
1073 * Register a new key type.
1074 *
1075 * Returns 0 on success or -EEXIST if a type of this name already exists.
1076 */
1077int register_key_type(struct key_type *ktype)
1078{
1079	struct key_type *p;
1080	int ret;
1081
1082	memset(&ktype->lock_class, 0, sizeof(ktype->lock_class));
1083
1084	ret = -EEXIST;
1085	down_write(&key_types_sem);
1086
1087	/* disallow key types with the same name */
1088	list_for_each_entry(p, &key_types_list, link) {
1089		if (strcmp(p->name, ktype->name) == 0)
1090			goto out;
1091	}
1092
1093	/* store the type */
1094	list_add(&ktype->link, &key_types_list);
1095
1096	pr_notice("Key type %s registered\n", ktype->name);
1097	ret = 0;
1098
1099out:
1100	up_write(&key_types_sem);
1101	return ret;
1102}
1103EXPORT_SYMBOL(register_key_type);
1104
1105/**
1106 * unregister_key_type - Unregister a type of key.
1107 * @ktype: The key type.
1108 *
1109 * Unregister a key type and mark all the extant keys of this type as dead.
1110 * Those keys of this type are then destroyed to get rid of their payloads and
1111 * they and their links will be garbage collected as soon as possible.
1112 */
1113void unregister_key_type(struct key_type *ktype)
1114{
1115	down_write(&key_types_sem);
1116	list_del_init(&ktype->link);
1117	downgrade_write(&key_types_sem);
1118	key_gc_keytype(ktype);
1119	pr_notice("Key type %s unregistered\n", ktype->name);
1120	up_read(&key_types_sem);
1121}
1122EXPORT_SYMBOL(unregister_key_type);
1123
1124/*
1125 * Initialise the key management state.
1126 */
1127void __init key_init(void)
1128{
1129	/* allocate a slab in which we can store keys */
1130	key_jar = kmem_cache_create("key_jar", sizeof(struct key),
1131			0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
1132
1133	/* add the special key types */
1134	list_add_tail(&key_type_keyring.link, &key_types_list);
1135	list_add_tail(&key_type_dead.link, &key_types_list);
1136	list_add_tail(&key_type_user.link, &key_types_list);
1137	list_add_tail(&key_type_logon.link, &key_types_list);
1138
1139	/* record the root user tracking */
1140	rb_link_node(&root_key_user.node,
1141		     NULL,
1142		     &key_user_tree.rb_node);
1143
1144	rb_insert_color(&root_key_user.node,
1145			&key_user_tree);
1146}
v4.10.11
   1/* Basic authentication token and access key management
   2 *
   3 * Copyright (C) 2004-2008 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public License
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the License, or (at your option) any later version.
  10 */
  11
  12#include <linux/module.h>
  13#include <linux/init.h>
  14#include <linux/poison.h>
  15#include <linux/sched.h>
  16#include <linux/slab.h>
  17#include <linux/security.h>
  18#include <linux/workqueue.h>
  19#include <linux/random.h>
  20#include <linux/err.h>
  21#include "internal.h"
  22
  23struct kmem_cache *key_jar;
  24struct rb_root		key_serial_tree; /* tree of keys indexed by serial */
  25DEFINE_SPINLOCK(key_serial_lock);
  26
  27struct rb_root	key_user_tree; /* tree of quota records indexed by UID */
  28DEFINE_SPINLOCK(key_user_lock);
  29
  30unsigned int key_quota_root_maxkeys = 1000000;	/* root's key count quota */
  31unsigned int key_quota_root_maxbytes = 25000000; /* root's key space quota */
  32unsigned int key_quota_maxkeys = 200;		/* general key count quota */
  33unsigned int key_quota_maxbytes = 20000;	/* general key space quota */
  34
  35static LIST_HEAD(key_types_list);
  36static DECLARE_RWSEM(key_types_sem);
  37
  38/* We serialise key instantiation and link */
  39DEFINE_MUTEX(key_construction_mutex);
  40
  41#ifdef KEY_DEBUGGING
  42void __key_check(const struct key *key)
  43{
  44	printk("__key_check: key %p {%08x} should be {%08x}\n",
  45	       key, key->magic, KEY_DEBUG_MAGIC);
  46	BUG();
  47}
  48#endif
  49
  50/*
  51 * Get the key quota record for a user, allocating a new record if one doesn't
  52 * already exist.
  53 */
  54struct key_user *key_user_lookup(kuid_t uid)
  55{
  56	struct key_user *candidate = NULL, *user;
  57	struct rb_node *parent = NULL;
  58	struct rb_node **p;
  59
  60try_again:
  61	p = &key_user_tree.rb_node;
  62	spin_lock(&key_user_lock);
  63
  64	/* search the tree for a user record with a matching UID */
  65	while (*p) {
  66		parent = *p;
  67		user = rb_entry(parent, struct key_user, node);
  68
  69		if (uid_lt(uid, user->uid))
  70			p = &(*p)->rb_left;
  71		else if (uid_gt(uid, user->uid))
  72			p = &(*p)->rb_right;
  73		else
  74			goto found;
  75	}
  76
  77	/* if we get here, we failed to find a match in the tree */
  78	if (!candidate) {
  79		/* allocate a candidate user record if we don't already have
  80		 * one */
  81		spin_unlock(&key_user_lock);
  82
  83		user = NULL;
  84		candidate = kmalloc(sizeof(struct key_user), GFP_KERNEL);
  85		if (unlikely(!candidate))
  86			goto out;
  87
  88		/* the allocation may have scheduled, so we need to repeat the
  89		 * search lest someone else added the record whilst we were
  90		 * asleep */
  91		goto try_again;
  92	}
  93
  94	/* if we get here, then the user record still hadn't appeared on the
  95	 * second pass - so we use the candidate record */
  96	atomic_set(&candidate->usage, 1);
  97	atomic_set(&candidate->nkeys, 0);
  98	atomic_set(&candidate->nikeys, 0);
  99	candidate->uid = uid;
 100	candidate->qnkeys = 0;
 101	candidate->qnbytes = 0;
 102	spin_lock_init(&candidate->lock);
 103	mutex_init(&candidate->cons_lock);
 104
 105	rb_link_node(&candidate->node, parent, p);
 106	rb_insert_color(&candidate->node, &key_user_tree);
 107	spin_unlock(&key_user_lock);
 108	user = candidate;
 109	goto out;
 110
 111	/* okay - we found a user record for this UID */
 112found:
 113	atomic_inc(&user->usage);
 114	spin_unlock(&key_user_lock);
 115	kfree(candidate);
 116out:
 117	return user;
 118}
 119
 120/*
 121 * Dispose of a user structure
 122 */
 123void key_user_put(struct key_user *user)
 124{
 125	if (atomic_dec_and_lock(&user->usage, &key_user_lock)) {
 126		rb_erase(&user->node, &key_user_tree);
 127		spin_unlock(&key_user_lock);
 128
 129		kfree(user);
 130	}
 131}
 132
 133/*
 134 * Allocate a serial number for a key.  These are assigned randomly to avoid
 135 * security issues through covert channel problems.
 136 */
 137static inline void key_alloc_serial(struct key *key)
 138{
 139	struct rb_node *parent, **p;
 140	struct key *xkey;
 141
 142	/* propose a random serial number and look for a hole for it in the
 143	 * serial number tree */
 144	do {
 145		get_random_bytes(&key->serial, sizeof(key->serial));
 146
 147		key->serial >>= 1; /* negative numbers are not permitted */
 148	} while (key->serial < 3);
 149
 150	spin_lock(&key_serial_lock);
 151
 152attempt_insertion:
 153	parent = NULL;
 154	p = &key_serial_tree.rb_node;
 155
 156	while (*p) {
 157		parent = *p;
 158		xkey = rb_entry(parent, struct key, serial_node);
 159
 160		if (key->serial < xkey->serial)
 161			p = &(*p)->rb_left;
 162		else if (key->serial > xkey->serial)
 163			p = &(*p)->rb_right;
 164		else
 165			goto serial_exists;
 166	}
 167
 168	/* we've found a suitable hole - arrange for this key to occupy it */
 169	rb_link_node(&key->serial_node, parent, p);
 170	rb_insert_color(&key->serial_node, &key_serial_tree);
 171
 172	spin_unlock(&key_serial_lock);
 173	return;
 174
 175	/* we found a key with the proposed serial number - walk the tree from
 176	 * that point looking for the next unused serial number */
 177serial_exists:
 178	for (;;) {
 179		key->serial++;
 180		if (key->serial < 3) {
 181			key->serial = 3;
 182			goto attempt_insertion;
 183		}
 184
 185		parent = rb_next(parent);
 186		if (!parent)
 187			goto attempt_insertion;
 188
 189		xkey = rb_entry(parent, struct key, serial_node);
 190		if (key->serial < xkey->serial)
 191			goto attempt_insertion;
 192	}
 193}
 194
 195/**
 196 * key_alloc - Allocate a key of the specified type.
 197 * @type: The type of key to allocate.
 198 * @desc: The key description to allow the key to be searched out.
 199 * @uid: The owner of the new key.
 200 * @gid: The group ID for the new key's group permissions.
 201 * @cred: The credentials specifying UID namespace.
 202 * @perm: The permissions mask of the new key.
 203 * @flags: Flags specifying quota properties.
 204 * @restrict_link: Optional link restriction method for new keyrings.
 205 *
 206 * Allocate a key of the specified type with the attributes given.  The key is
 207 * returned in an uninstantiated state and the caller needs to instantiate the
 208 * key before returning.
 209 *
 210 * The user's key count quota is updated to reflect the creation of the key and
 211 * the user's key data quota has the default for the key type reserved.  The
 212 * instantiation function should amend this as necessary.  If insufficient
 213 * quota is available, -EDQUOT will be returned.
 214 *
 215 * The LSM security modules can prevent a key being created, in which case
 216 * -EACCES will be returned.
 217 *
 218 * Returns a pointer to the new key if successful and an error code otherwise.
 219 *
 220 * Note that the caller needs to ensure the key type isn't uninstantiated.
 221 * Internally this can be done by locking key_types_sem.  Externally, this can
 222 * be done by either never unregistering the key type, or making sure
 223 * key_alloc() calls don't race with module unloading.
 224 */
 225struct key *key_alloc(struct key_type *type, const char *desc,
 226		      kuid_t uid, kgid_t gid, const struct cred *cred,
 227		      key_perm_t perm, unsigned long flags,
 228		      int (*restrict_link)(struct key *,
 229					   const struct key_type *,
 230					   const union key_payload *))
 231{
 232	struct key_user *user = NULL;
 233	struct key *key;
 234	size_t desclen, quotalen;
 235	int ret;
 236
 237	key = ERR_PTR(-EINVAL);
 238	if (!desc || !*desc)
 239		goto error;
 240
 241	if (type->vet_description) {
 242		ret = type->vet_description(desc);
 243		if (ret < 0) {
 244			key = ERR_PTR(ret);
 245			goto error;
 246		}
 247	}
 248
 249	desclen = strlen(desc);
 250	quotalen = desclen + 1 + type->def_datalen;
 251
 252	/* get hold of the key tracking for this user */
 253	user = key_user_lookup(uid);
 254	if (!user)
 255		goto no_memory_1;
 256
 257	/* check that the user's quota permits allocation of another key and
 258	 * its description */
 259	if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
 260		unsigned maxkeys = uid_eq(uid, GLOBAL_ROOT_UID) ?
 261			key_quota_root_maxkeys : key_quota_maxkeys;
 262		unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ?
 263			key_quota_root_maxbytes : key_quota_maxbytes;
 264
 265		spin_lock(&user->lock);
 266		if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) {
 267			if (user->qnkeys + 1 >= maxkeys ||
 268			    user->qnbytes + quotalen >= maxbytes ||
 269			    user->qnbytes + quotalen < user->qnbytes)
 270				goto no_quota;
 271		}
 272
 273		user->qnkeys++;
 274		user->qnbytes += quotalen;
 275		spin_unlock(&user->lock);
 276	}
 277
 278	/* allocate and initialise the key and its description */
 279	key = kmem_cache_zalloc(key_jar, GFP_KERNEL);
 280	if (!key)
 281		goto no_memory_2;
 282
 283	key->index_key.desc_len = desclen;
 284	key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL);
 285	if (!key->index_key.description)
 286		goto no_memory_3;
 287
 288	atomic_set(&key->usage, 1);
 289	init_rwsem(&key->sem);
 290	lockdep_set_class(&key->sem, &type->lock_class);
 291	key->index_key.type = type;
 292	key->user = user;
 293	key->quotalen = quotalen;
 294	key->datalen = type->def_datalen;
 295	key->uid = uid;
 296	key->gid = gid;
 297	key->perm = perm;
 298	key->restrict_link = restrict_link;
 299
 300	if (!(flags & KEY_ALLOC_NOT_IN_QUOTA))
 301		key->flags |= 1 << KEY_FLAG_IN_QUOTA;
 
 
 302	if (flags & KEY_ALLOC_BUILT_IN)
 303		key->flags |= 1 << KEY_FLAG_BUILTIN;
 304
 305#ifdef KEY_DEBUGGING
 306	key->magic = KEY_DEBUG_MAGIC;
 307#endif
 308
 309	/* let the security module know about the key */
 310	ret = security_key_alloc(key, cred, flags);
 311	if (ret < 0)
 312		goto security_error;
 313
 314	/* publish the key by giving it a serial number */
 315	atomic_inc(&user->nkeys);
 316	key_alloc_serial(key);
 317
 318error:
 319	return key;
 320
 321security_error:
 322	kfree(key->description);
 323	kmem_cache_free(key_jar, key);
 324	if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
 325		spin_lock(&user->lock);
 326		user->qnkeys--;
 327		user->qnbytes -= quotalen;
 328		spin_unlock(&user->lock);
 329	}
 330	key_user_put(user);
 331	key = ERR_PTR(ret);
 332	goto error;
 333
 334no_memory_3:
 335	kmem_cache_free(key_jar, key);
 336no_memory_2:
 337	if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
 338		spin_lock(&user->lock);
 339		user->qnkeys--;
 340		user->qnbytes -= quotalen;
 341		spin_unlock(&user->lock);
 342	}
 343	key_user_put(user);
 344no_memory_1:
 345	key = ERR_PTR(-ENOMEM);
 346	goto error;
 347
 348no_quota:
 349	spin_unlock(&user->lock);
 350	key_user_put(user);
 351	key = ERR_PTR(-EDQUOT);
 352	goto error;
 353}
 354EXPORT_SYMBOL(key_alloc);
 355
 356/**
 357 * key_payload_reserve - Adjust data quota reservation for the key's payload
 358 * @key: The key to make the reservation for.
 359 * @datalen: The amount of data payload the caller now wants.
 360 *
 361 * Adjust the amount of the owning user's key data quota that a key reserves.
 362 * If the amount is increased, then -EDQUOT may be returned if there isn't
 363 * enough free quota available.
 364 *
 365 * If successful, 0 is returned.
 366 */
 367int key_payload_reserve(struct key *key, size_t datalen)
 368{
 369	int delta = (int)datalen - key->datalen;
 370	int ret = 0;
 371
 372	key_check(key);
 373
 374	/* contemplate the quota adjustment */
 375	if (delta != 0 && test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
 376		unsigned maxbytes = uid_eq(key->user->uid, GLOBAL_ROOT_UID) ?
 377			key_quota_root_maxbytes : key_quota_maxbytes;
 378
 379		spin_lock(&key->user->lock);
 380
 381		if (delta > 0 &&
 382		    (key->user->qnbytes + delta >= maxbytes ||
 383		     key->user->qnbytes + delta < key->user->qnbytes)) {
 384			ret = -EDQUOT;
 385		}
 386		else {
 387			key->user->qnbytes += delta;
 388			key->quotalen += delta;
 389		}
 390		spin_unlock(&key->user->lock);
 391	}
 392
 393	/* change the recorded data length if that didn't generate an error */
 394	if (ret == 0)
 395		key->datalen = datalen;
 396
 397	return ret;
 398}
 399EXPORT_SYMBOL(key_payload_reserve);
 400
 401/*
 402 * Instantiate a key and link it into the target keyring atomically.  Must be
 403 * called with the target keyring's semaphore writelocked.  The target key's
 404 * semaphore need not be locked as instantiation is serialised by
 405 * key_construction_mutex.
 406 */
 407static int __key_instantiate_and_link(struct key *key,
 408				      struct key_preparsed_payload *prep,
 409				      struct key *keyring,
 410				      struct key *authkey,
 411				      struct assoc_array_edit **_edit)
 412{
 413	int ret, awaken;
 414
 415	key_check(key);
 416	key_check(keyring);
 417
 418	awaken = 0;
 419	ret = -EBUSY;
 420
 421	mutex_lock(&key_construction_mutex);
 422
 423	/* can't instantiate twice */
 424	if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
 425		/* instantiate the key */
 426		ret = key->type->instantiate(key, prep);
 427
 428		if (ret == 0) {
 429			/* mark the key as being instantiated */
 430			atomic_inc(&key->user->nikeys);
 431			set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
 432
 433			if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
 434				awaken = 1;
 435
 436			/* and link it into the destination keyring */
 437			if (keyring) {
 438				if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
 439					set_bit(KEY_FLAG_KEEP, &key->flags);
 440
 441				__key_link(key, _edit);
 442			}
 443
 444			/* disable the authorisation key */
 445			if (authkey)
 446				key_revoke(authkey);
 447
 448			if (prep->expiry != TIME_T_MAX) {
 449				key->expiry = prep->expiry;
 450				key_schedule_gc(prep->expiry + key_gc_delay);
 451			}
 452		}
 453	}
 454
 455	mutex_unlock(&key_construction_mutex);
 456
 457	/* wake up anyone waiting for a key to be constructed */
 458	if (awaken)
 459		wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT);
 460
 461	return ret;
 462}
 463
 464/**
 465 * key_instantiate_and_link - Instantiate a key and link it into the keyring.
 466 * @key: The key to instantiate.
 467 * @data: The data to use to instantiate the keyring.
 468 * @datalen: The length of @data.
 469 * @keyring: Keyring to create a link in on success (or NULL).
 470 * @authkey: The authorisation token permitting instantiation.
 471 *
 472 * Instantiate a key that's in the uninstantiated state using the provided data
 473 * and, if successful, link it in to the destination keyring if one is
 474 * supplied.
 475 *
 476 * If successful, 0 is returned, the authorisation token is revoked and anyone
 477 * waiting for the key is woken up.  If the key was already instantiated,
 478 * -EBUSY will be returned.
 479 */
 480int key_instantiate_and_link(struct key *key,
 481			     const void *data,
 482			     size_t datalen,
 483			     struct key *keyring,
 484			     struct key *authkey)
 485{
 486	struct key_preparsed_payload prep;
 487	struct assoc_array_edit *edit;
 488	int ret;
 489
 490	memset(&prep, 0, sizeof(prep));
 491	prep.data = data;
 492	prep.datalen = datalen;
 493	prep.quotalen = key->type->def_datalen;
 494	prep.expiry = TIME_T_MAX;
 495	if (key->type->preparse) {
 496		ret = key->type->preparse(&prep);
 497		if (ret < 0)
 498			goto error;
 499	}
 500
 501	if (keyring) {
 502		if (keyring->restrict_link) {
 503			ret = keyring->restrict_link(keyring, key->type,
 504						     &prep.payload);
 505			if (ret < 0)
 506				goto error;
 507		}
 508		ret = __key_link_begin(keyring, &key->index_key, &edit);
 509		if (ret < 0)
 510			goto error;
 511	}
 512
 513	ret = __key_instantiate_and_link(key, &prep, keyring, authkey, &edit);
 514
 515	if (keyring)
 516		__key_link_end(keyring, &key->index_key, edit);
 517
 518error:
 519	if (key->type->preparse)
 520		key->type->free_preparse(&prep);
 521	return ret;
 522}
 523
 524EXPORT_SYMBOL(key_instantiate_and_link);
 525
 526/**
 527 * key_reject_and_link - Negatively instantiate a key and link it into the keyring.
 528 * @key: The key to instantiate.
 529 * @timeout: The timeout on the negative key.
 530 * @error: The error to return when the key is hit.
 531 * @keyring: Keyring to create a link in on success (or NULL).
 532 * @authkey: The authorisation token permitting instantiation.
 533 *
 534 * Negatively instantiate a key that's in the uninstantiated state and, if
 535 * successful, set its timeout and stored error and link it in to the
 536 * destination keyring if one is supplied.  The key and any links to the key
 537 * will be automatically garbage collected after the timeout expires.
 538 *
 539 * Negative keys are used to rate limit repeated request_key() calls by causing
 540 * them to return the stored error code (typically ENOKEY) until the negative
 541 * key expires.
 542 *
 543 * If successful, 0 is returned, the authorisation token is revoked and anyone
 544 * waiting for the key is woken up.  If the key was already instantiated,
 545 * -EBUSY will be returned.
 546 */
 547int key_reject_and_link(struct key *key,
 548			unsigned timeout,
 549			unsigned error,
 550			struct key *keyring,
 551			struct key *authkey)
 552{
 553	struct assoc_array_edit *edit;
 554	struct timespec now;
 555	int ret, awaken, link_ret = 0;
 556
 557	key_check(key);
 558	key_check(keyring);
 559
 560	awaken = 0;
 561	ret = -EBUSY;
 562
 563	if (keyring) {
 564		if (keyring->restrict_link)
 565			return -EPERM;
 566
 567		link_ret = __key_link_begin(keyring, &key->index_key, &edit);
 568	}
 569
 570	mutex_lock(&key_construction_mutex);
 571
 572	/* can't instantiate twice */
 573	if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
 574		/* mark the key as being negatively instantiated */
 575		atomic_inc(&key->user->nikeys);
 576		key->reject_error = -error;
 577		smp_wmb();
 578		set_bit(KEY_FLAG_NEGATIVE, &key->flags);
 579		set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
 580		now = current_kernel_time();
 581		key->expiry = now.tv_sec + timeout;
 582		key_schedule_gc(key->expiry + key_gc_delay);
 583
 584		if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
 585			awaken = 1;
 586
 587		ret = 0;
 588
 589		/* and link it into the destination keyring */
 590		if (keyring && link_ret == 0)
 591			__key_link(key, &edit);
 592
 593		/* disable the authorisation key */
 594		if (authkey)
 595			key_revoke(authkey);
 596	}
 597
 598	mutex_unlock(&key_construction_mutex);
 599
 600	if (keyring && link_ret == 0)
 601		__key_link_end(keyring, &key->index_key, edit);
 602
 603	/* wake up anyone waiting for a key to be constructed */
 604	if (awaken)
 605		wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT);
 606
 607	return ret == 0 ? link_ret : ret;
 608}
 609EXPORT_SYMBOL(key_reject_and_link);
 610
 611/**
 612 * key_put - Discard a reference to a key.
 613 * @key: The key to discard a reference from.
 614 *
 615 * Discard a reference to a key, and when all the references are gone, we
 616 * schedule the cleanup task to come and pull it out of the tree in process
 617 * context at some later time.
 618 */
 619void key_put(struct key *key)
 620{
 621	if (key) {
 622		key_check(key);
 623
 624		if (atomic_dec_and_test(&key->usage))
 625			schedule_work(&key_gc_work);
 626	}
 627}
 628EXPORT_SYMBOL(key_put);
 629
 630/*
 631 * Find a key by its serial number.
 632 */
 633struct key *key_lookup(key_serial_t id)
 634{
 635	struct rb_node *n;
 636	struct key *key;
 637
 638	spin_lock(&key_serial_lock);
 639
 640	/* search the tree for the specified key */
 641	n = key_serial_tree.rb_node;
 642	while (n) {
 643		key = rb_entry(n, struct key, serial_node);
 644
 645		if (id < key->serial)
 646			n = n->rb_left;
 647		else if (id > key->serial)
 648			n = n->rb_right;
 649		else
 650			goto found;
 651	}
 652
 653not_found:
 654	key = ERR_PTR(-ENOKEY);
 655	goto error;
 656
 657found:
 658	/* pretend it doesn't exist if it is awaiting deletion */
 659	if (atomic_read(&key->usage) == 0)
 660		goto not_found;
 661
 662	/* this races with key_put(), but that doesn't matter since key_put()
 663	 * doesn't actually change the key
 664	 */
 665	__key_get(key);
 666
 667error:
 668	spin_unlock(&key_serial_lock);
 669	return key;
 670}
 671
 672/*
 673 * Find and lock the specified key type against removal.
 674 *
 675 * We return with the sem read-locked if successful.  If the type wasn't
 676 * available -ENOKEY is returned instead.
 677 */
 678struct key_type *key_type_lookup(const char *type)
 679{
 680	struct key_type *ktype;
 681
 682	down_read(&key_types_sem);
 683
 684	/* look up the key type to see if it's one of the registered kernel
 685	 * types */
 686	list_for_each_entry(ktype, &key_types_list, link) {
 687		if (strcmp(ktype->name, type) == 0)
 688			goto found_kernel_type;
 689	}
 690
 691	up_read(&key_types_sem);
 692	ktype = ERR_PTR(-ENOKEY);
 693
 694found_kernel_type:
 695	return ktype;
 696}
 697
 698void key_set_timeout(struct key *key, unsigned timeout)
 699{
 700	struct timespec now;
 701	time_t expiry = 0;
 702
 703	/* make the changes with the locks held to prevent races */
 704	down_write(&key->sem);
 705
 706	if (timeout > 0) {
 707		now = current_kernel_time();
 708		expiry = now.tv_sec + timeout;
 709	}
 710
 711	key->expiry = expiry;
 712	key_schedule_gc(key->expiry + key_gc_delay);
 713
 714	up_write(&key->sem);
 715}
 716EXPORT_SYMBOL_GPL(key_set_timeout);
 717
 718/*
 719 * Unlock a key type locked by key_type_lookup().
 720 */
 721void key_type_put(struct key_type *ktype)
 722{
 723	up_read(&key_types_sem);
 724}
 725
 726/*
 727 * Attempt to update an existing key.
 728 *
 729 * The key is given to us with an incremented refcount that we need to discard
 730 * if we get an error.
 731 */
 732static inline key_ref_t __key_update(key_ref_t key_ref,
 733				     struct key_preparsed_payload *prep)
 734{
 735	struct key *key = key_ref_to_ptr(key_ref);
 736	int ret;
 737
 738	/* need write permission on the key to update it */
 739	ret = key_permission(key_ref, KEY_NEED_WRITE);
 740	if (ret < 0)
 741		goto error;
 742
 743	ret = -EEXIST;
 744	if (!key->type->update)
 745		goto error;
 746
 747	down_write(&key->sem);
 748
 749	ret = key->type->update(key, prep);
 750	if (ret == 0)
 751		/* updating a negative key instantiates it */
 752		clear_bit(KEY_FLAG_NEGATIVE, &key->flags);
 753
 754	up_write(&key->sem);
 755
 756	if (ret < 0)
 757		goto error;
 758out:
 759	return key_ref;
 760
 761error:
 762	key_put(key);
 763	key_ref = ERR_PTR(ret);
 764	goto out;
 765}
 766
 767/**
 768 * key_create_or_update - Update or create and instantiate a key.
 769 * @keyring_ref: A pointer to the destination keyring with possession flag.
 770 * @type: The type of key.
 771 * @description: The searchable description for the key.
 772 * @payload: The data to use to instantiate or update the key.
 773 * @plen: The length of @payload.
 774 * @perm: The permissions mask for a new key.
 775 * @flags: The quota flags for a new key.
 776 *
 777 * Search the destination keyring for a key of the same description and if one
 778 * is found, update it, otherwise create and instantiate a new one and create a
 779 * link to it from that keyring.
 780 *
 781 * If perm is KEY_PERM_UNDEF then an appropriate key permissions mask will be
 782 * concocted.
 783 *
 784 * Returns a pointer to the new key if successful, -ENODEV if the key type
 785 * wasn't available, -ENOTDIR if the keyring wasn't a keyring, -EACCES if the
 786 * caller isn't permitted to modify the keyring or the LSM did not permit
 787 * creation of the key.
 788 *
 789 * On success, the possession flag from the keyring ref will be tacked on to
 790 * the key ref before it is returned.
 791 */
 792key_ref_t key_create_or_update(key_ref_t keyring_ref,
 793			       const char *type,
 794			       const char *description,
 795			       const void *payload,
 796			       size_t plen,
 797			       key_perm_t perm,
 798			       unsigned long flags)
 799{
 800	struct keyring_index_key index_key = {
 801		.description	= description,
 802	};
 803	struct key_preparsed_payload prep;
 804	struct assoc_array_edit *edit;
 805	const struct cred *cred = current_cred();
 806	struct key *keyring, *key = NULL;
 807	key_ref_t key_ref;
 808	int ret;
 809	int (*restrict_link)(struct key *,
 810			     const struct key_type *,
 811			     const union key_payload *) = NULL;
 812
 813	/* look up the key type to see if it's one of the registered kernel
 814	 * types */
 815	index_key.type = key_type_lookup(type);
 816	if (IS_ERR(index_key.type)) {
 817		key_ref = ERR_PTR(-ENODEV);
 818		goto error;
 819	}
 820
 821	key_ref = ERR_PTR(-EINVAL);
 822	if (!index_key.type->instantiate ||
 823	    (!index_key.description && !index_key.type->preparse))
 824		goto error_put_type;
 825
 826	keyring = key_ref_to_ptr(keyring_ref);
 827
 828	key_check(keyring);
 829
 830	key_ref = ERR_PTR(-EPERM);
 831	if (!(flags & KEY_ALLOC_BYPASS_RESTRICTION))
 832		restrict_link = keyring->restrict_link;
 833
 834	key_ref = ERR_PTR(-ENOTDIR);
 835	if (keyring->type != &key_type_keyring)
 836		goto error_put_type;
 837
 838	memset(&prep, 0, sizeof(prep));
 839	prep.data = payload;
 840	prep.datalen = plen;
 841	prep.quotalen = index_key.type->def_datalen;
 
 842	prep.expiry = TIME_T_MAX;
 843	if (index_key.type->preparse) {
 844		ret = index_key.type->preparse(&prep);
 845		if (ret < 0) {
 846			key_ref = ERR_PTR(ret);
 847			goto error_free_prep;
 848		}
 849		if (!index_key.description)
 850			index_key.description = prep.description;
 851		key_ref = ERR_PTR(-EINVAL);
 852		if (!index_key.description)
 853			goto error_free_prep;
 854	}
 855	index_key.desc_len = strlen(index_key.description);
 856
 857	if (restrict_link) {
 858		ret = restrict_link(keyring, index_key.type, &prep.payload);
 859		if (ret < 0) {
 860			key_ref = ERR_PTR(ret);
 861			goto error_free_prep;
 862		}
 863	}
 864
 865	ret = __key_link_begin(keyring, &index_key, &edit);
 866	if (ret < 0) {
 867		key_ref = ERR_PTR(ret);
 868		goto error_free_prep;
 869	}
 870
 871	/* if we're going to allocate a new key, we're going to have
 872	 * to modify the keyring */
 873	ret = key_permission(keyring_ref, KEY_NEED_WRITE);
 874	if (ret < 0) {
 875		key_ref = ERR_PTR(ret);
 876		goto error_link_end;
 877	}
 878
 879	/* if it's possible to update this type of key, search for an existing
 880	 * key of the same type and description in the destination keyring and
 881	 * update that instead if possible
 882	 */
 883	if (index_key.type->update) {
 884		key_ref = find_key_to_update(keyring_ref, &index_key);
 885		if (key_ref)
 886			goto found_matching_key;
 887	}
 888
 889	/* if the client doesn't provide, decide on the permissions we want */
 890	if (perm == KEY_PERM_UNDEF) {
 891		perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
 892		perm |= KEY_USR_VIEW;
 893
 894		if (index_key.type->read)
 895			perm |= KEY_POS_READ;
 896
 897		if (index_key.type == &key_type_keyring ||
 898		    index_key.type->update)
 899			perm |= KEY_POS_WRITE;
 900	}
 901
 902	/* allocate a new key */
 903	key = key_alloc(index_key.type, index_key.description,
 904			cred->fsuid, cred->fsgid, cred, perm, flags, NULL);
 905	if (IS_ERR(key)) {
 906		key_ref = ERR_CAST(key);
 907		goto error_link_end;
 908	}
 909
 910	/* instantiate it and link it into the target keyring */
 911	ret = __key_instantiate_and_link(key, &prep, keyring, NULL, &edit);
 912	if (ret < 0) {
 913		key_put(key);
 914		key_ref = ERR_PTR(ret);
 915		goto error_link_end;
 916	}
 917
 918	key_ref = make_key_ref(key, is_key_possessed(keyring_ref));
 919
 920error_link_end:
 921	__key_link_end(keyring, &index_key, edit);
 922error_free_prep:
 923	if (index_key.type->preparse)
 924		index_key.type->free_preparse(&prep);
 925error_put_type:
 926	key_type_put(index_key.type);
 927error:
 928	return key_ref;
 929
 930 found_matching_key:
 931	/* we found a matching key, so we're going to try to update it
 932	 * - we can drop the locks first as we have the key pinned
 933	 */
 934	__key_link_end(keyring, &index_key, edit);
 935
 936	key_ref = __key_update(key_ref, &prep);
 937	goto error_free_prep;
 938}
 939EXPORT_SYMBOL(key_create_or_update);
 940
 941/**
 942 * key_update - Update a key's contents.
 943 * @key_ref: The pointer (plus possession flag) to the key.
 944 * @payload: The data to be used to update the key.
 945 * @plen: The length of @payload.
 946 *
 947 * Attempt to update the contents of a key with the given payload data.  The
 948 * caller must be granted Write permission on the key.  Negative keys can be
 949 * instantiated by this method.
 950 *
 951 * Returns 0 on success, -EACCES if not permitted and -EOPNOTSUPP if the key
 952 * type does not support updating.  The key type may return other errors.
 953 */
 954int key_update(key_ref_t key_ref, const void *payload, size_t plen)
 955{
 956	struct key_preparsed_payload prep;
 957	struct key *key = key_ref_to_ptr(key_ref);
 958	int ret;
 959
 960	key_check(key);
 961
 962	/* the key must be writable */
 963	ret = key_permission(key_ref, KEY_NEED_WRITE);
 964	if (ret < 0)
 965		goto error;
 966
 967	/* attempt to update it if supported */
 968	ret = -EOPNOTSUPP;
 969	if (!key->type->update)
 970		goto error;
 971
 972	memset(&prep, 0, sizeof(prep));
 973	prep.data = payload;
 974	prep.datalen = plen;
 975	prep.quotalen = key->type->def_datalen;
 976	prep.expiry = TIME_T_MAX;
 977	if (key->type->preparse) {
 978		ret = key->type->preparse(&prep);
 979		if (ret < 0)
 980			goto error;
 981	}
 982
 983	down_write(&key->sem);
 984
 985	ret = key->type->update(key, &prep);
 986	if (ret == 0)
 987		/* updating a negative key instantiates it */
 988		clear_bit(KEY_FLAG_NEGATIVE, &key->flags);
 989
 990	up_write(&key->sem);
 991
 992error:
 993	if (key->type->preparse)
 994		key->type->free_preparse(&prep);
 995	return ret;
 996}
 997EXPORT_SYMBOL(key_update);
 998
 999/**
1000 * key_revoke - Revoke a key.
1001 * @key: The key to be revoked.
1002 *
1003 * Mark a key as being revoked and ask the type to free up its resources.  The
1004 * revocation timeout is set and the key and all its links will be
1005 * automatically garbage collected after key_gc_delay amount of time if they
1006 * are not manually dealt with first.
1007 */
1008void key_revoke(struct key *key)
1009{
1010	struct timespec now;
1011	time_t time;
1012
1013	key_check(key);
1014
1015	/* make sure no one's trying to change or use the key when we mark it
1016	 * - we tell lockdep that we might nest because we might be revoking an
1017	 *   authorisation key whilst holding the sem on a key we've just
1018	 *   instantiated
1019	 */
1020	down_write_nested(&key->sem, 1);
1021	if (!test_and_set_bit(KEY_FLAG_REVOKED, &key->flags) &&
1022	    key->type->revoke)
1023		key->type->revoke(key);
1024
1025	/* set the death time to no more than the expiry time */
1026	now = current_kernel_time();
1027	time = now.tv_sec;
1028	if (key->revoked_at == 0 || key->revoked_at > time) {
1029		key->revoked_at = time;
1030		key_schedule_gc(key->revoked_at + key_gc_delay);
1031	}
1032
1033	up_write(&key->sem);
1034}
1035EXPORT_SYMBOL(key_revoke);
1036
1037/**
1038 * key_invalidate - Invalidate a key.
1039 * @key: The key to be invalidated.
1040 *
1041 * Mark a key as being invalidated and have it cleaned up immediately.  The key
1042 * is ignored by all searches and other operations from this point.
1043 */
1044void key_invalidate(struct key *key)
1045{
1046	kenter("%d", key_serial(key));
1047
1048	key_check(key);
1049
1050	if (!test_bit(KEY_FLAG_INVALIDATED, &key->flags)) {
1051		down_write_nested(&key->sem, 1);
1052		if (!test_and_set_bit(KEY_FLAG_INVALIDATED, &key->flags))
1053			key_schedule_gc_links();
1054		up_write(&key->sem);
1055	}
1056}
1057EXPORT_SYMBOL(key_invalidate);
1058
1059/**
1060 * generic_key_instantiate - Simple instantiation of a key from preparsed data
1061 * @key: The key to be instantiated
1062 * @prep: The preparsed data to load.
1063 *
1064 * Instantiate a key from preparsed data.  We assume we can just copy the data
1065 * in directly and clear the old pointers.
1066 *
1067 * This can be pointed to directly by the key type instantiate op pointer.
1068 */
1069int generic_key_instantiate(struct key *key, struct key_preparsed_payload *prep)
1070{
1071	int ret;
1072
1073	pr_devel("==>%s()\n", __func__);
1074
1075	ret = key_payload_reserve(key, prep->quotalen);
1076	if (ret == 0) {
1077		rcu_assign_keypointer(key, prep->payload.data[0]);
1078		key->payload.data[1] = prep->payload.data[1];
1079		key->payload.data[2] = prep->payload.data[2];
1080		key->payload.data[3] = prep->payload.data[3];
1081		prep->payload.data[0] = NULL;
1082		prep->payload.data[1] = NULL;
1083		prep->payload.data[2] = NULL;
1084		prep->payload.data[3] = NULL;
1085	}
1086	pr_devel("<==%s() = %d\n", __func__, ret);
1087	return ret;
1088}
1089EXPORT_SYMBOL(generic_key_instantiate);
1090
1091/**
1092 * register_key_type - Register a type of key.
1093 * @ktype: The new key type.
1094 *
1095 * Register a new key type.
1096 *
1097 * Returns 0 on success or -EEXIST if a type of this name already exists.
1098 */
1099int register_key_type(struct key_type *ktype)
1100{
1101	struct key_type *p;
1102	int ret;
1103
1104	memset(&ktype->lock_class, 0, sizeof(ktype->lock_class));
1105
1106	ret = -EEXIST;
1107	down_write(&key_types_sem);
1108
1109	/* disallow key types with the same name */
1110	list_for_each_entry(p, &key_types_list, link) {
1111		if (strcmp(p->name, ktype->name) == 0)
1112			goto out;
1113	}
1114
1115	/* store the type */
1116	list_add(&ktype->link, &key_types_list);
1117
1118	pr_notice("Key type %s registered\n", ktype->name);
1119	ret = 0;
1120
1121out:
1122	up_write(&key_types_sem);
1123	return ret;
1124}
1125EXPORT_SYMBOL(register_key_type);
1126
1127/**
1128 * unregister_key_type - Unregister a type of key.
1129 * @ktype: The key type.
1130 *
1131 * Unregister a key type and mark all the extant keys of this type as dead.
1132 * Those keys of this type are then destroyed to get rid of their payloads and
1133 * they and their links will be garbage collected as soon as possible.
1134 */
1135void unregister_key_type(struct key_type *ktype)
1136{
1137	down_write(&key_types_sem);
1138	list_del_init(&ktype->link);
1139	downgrade_write(&key_types_sem);
1140	key_gc_keytype(ktype);
1141	pr_notice("Key type %s unregistered\n", ktype->name);
1142	up_read(&key_types_sem);
1143}
1144EXPORT_SYMBOL(unregister_key_type);
1145
1146/*
1147 * Initialise the key management state.
1148 */
1149void __init key_init(void)
1150{
1151	/* allocate a slab in which we can store keys */
1152	key_jar = kmem_cache_create("key_jar", sizeof(struct key),
1153			0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
1154
1155	/* add the special key types */
1156	list_add_tail(&key_type_keyring.link, &key_types_list);
1157	list_add_tail(&key_type_dead.link, &key_types_list);
1158	list_add_tail(&key_type_user.link, &key_types_list);
1159	list_add_tail(&key_type_logon.link, &key_types_list);
1160
1161	/* record the root user tracking */
1162	rb_link_node(&root_key_user.node,
1163		     NULL,
1164		     &key_user_tree.rb_node);
1165
1166	rb_insert_color(&root_key_user.node,
1167			&key_user_tree);
1168}