Branch data Line data Source code
1 : : // SPDX-License-Identifier: GPL-2.0-or-later
2 : : /* Keyring handling
3 : : *
4 : : * Copyright (C) 2004-2005, 2008, 2013 Red Hat, Inc. All Rights Reserved.
5 : : * Written by David Howells (dhowells@redhat.com)
6 : : */
7 : :
8 : : #include <linux/export.h>
9 : : #include <linux/init.h>
10 : : #include <linux/sched.h>
11 : : #include <linux/slab.h>
12 : : #include <linux/security.h>
13 : : #include <linux/seq_file.h>
14 : : #include <linux/err.h>
15 : : #include <linux/user_namespace.h>
16 : : #include <linux/nsproxy.h>
17 : : #include <keys/keyring-type.h>
18 : : #include <keys/user-type.h>
19 : : #include <linux/assoc_array_priv.h>
20 : : #include <linux/uaccess.h>
21 : : #include <net/net_namespace.h>
22 : : #include "internal.h"
23 : :
24 : : /*
25 : : * When plumbing the depths of the key tree, this sets a hard limit
26 : : * set on how deep we're willing to go.
27 : : */
28 : : #define KEYRING_SEARCH_MAX_DEPTH 6
29 : :
30 : : /*
31 : : * We mark pointers we pass to the associative array with bit 1 set if
32 : : * they're keyrings and clear otherwise.
33 : : */
34 : : #define KEYRING_PTR_SUBTYPE 0x2UL
35 : :
36 : 1248 : static inline bool keyring_ptr_is_keyring(const struct assoc_array_ptr *x)
37 : : {
38 : 1248 : return (unsigned long)x & KEYRING_PTR_SUBTYPE;
39 : : }
40 : 13494 : static inline struct key *keyring_ptr_to_key(const struct assoc_array_ptr *x)
41 : : {
42 : 13494 : void *object = assoc_array_ptr_to_leaf(x);
43 : 2028 : return (struct key *)((unsigned long)object & ~KEYRING_PTR_SUBTYPE);
44 : : }
45 : 2886 : static inline void *keyring_key_to_ptr(struct key *key)
46 : : {
47 : 2886 : if (key->type == &key_type_keyring)
48 : 624 : return (void *)((unsigned long)key | KEYRING_PTR_SUBTYPE);
49 : : return key;
50 : : }
51 : :
52 : : static DEFINE_RWLOCK(keyring_name_lock);
53 : :
54 : : /*
55 : : * Clean up the bits of user_namespace that belong to us.
56 : : */
57 : 0 : void key_free_user_ns(struct user_namespace *ns)
58 : : {
59 : 0 : write_lock(&keyring_name_lock);
60 : 0 : list_del_init(&ns->keyring_name_list);
61 : 0 : write_unlock(&keyring_name_lock);
62 : :
63 : 0 : key_put(ns->user_keyring_register);
64 : : #ifdef CONFIG_PERSISTENT_KEYRINGS
65 : : key_put(ns->persistent_keyring_register);
66 : : #endif
67 : 0 : }
68 : :
69 : : /*
70 : : * The keyring key type definition. Keyrings are simply keys of this type and
71 : : * can be treated as ordinary keys in addition to having their own special
72 : : * operations.
73 : : */
74 : : static int keyring_preparse(struct key_preparsed_payload *prep);
75 : : static void keyring_free_preparse(struct key_preparsed_payload *prep);
76 : : static int keyring_instantiate(struct key *keyring,
77 : : struct key_preparsed_payload *prep);
78 : : static void keyring_revoke(struct key *keyring);
79 : : static void keyring_destroy(struct key *keyring);
80 : : static void keyring_describe(const struct key *keyring, struct seq_file *m);
81 : : static long keyring_read(const struct key *keyring,
82 : : char __user *buffer, size_t buflen);
83 : :
84 : : struct key_type key_type_keyring = {
85 : : .name = "keyring",
86 : : .def_datalen = 0,
87 : : .preparse = keyring_preparse,
88 : : .free_preparse = keyring_free_preparse,
89 : : .instantiate = keyring_instantiate,
90 : : .revoke = keyring_revoke,
91 : : .destroy = keyring_destroy,
92 : : .describe = keyring_describe,
93 : : .read = keyring_read,
94 : : };
95 : : EXPORT_SYMBOL(key_type_keyring);
96 : :
97 : : /*
98 : : * Semaphore to serialise link/link calls to prevent two link calls in parallel
99 : : * introducing a cycle.
100 : : */
101 : : static DEFINE_MUTEX(keyring_serialise_link_lock);
102 : :
103 : : /*
104 : : * Publish the name of a keyring so that it can be found by name (if it has
105 : : * one and it doesn't begin with a dot).
106 : : */
107 : 2730 : static void keyring_publish_name(struct key *keyring)
108 : : {
109 [ + - ]: 2730 : struct user_namespace *ns = current_user_ns();
110 : :
111 [ + - ]: 2730 : if (keyring->description &&
112 [ + - + + ]: 2730 : keyring->description[0] &&
113 : : keyring->description[0] != '.') {
114 : 2340 : write_lock(&keyring_name_lock);
115 : 2340 : list_add_tail(&keyring->name_link, &ns->keyring_name_list);
116 : 2340 : write_unlock(&keyring_name_lock);
117 : : }
118 : 2730 : }
119 : :
120 : : /*
121 : : * Preparse a keyring payload
122 : : */
123 : 2730 : static int keyring_preparse(struct key_preparsed_payload *prep)
124 : : {
125 [ + - ]: 2730 : return prep->datalen != 0 ? -EINVAL : 0;
126 : : }
127 : :
128 : : /*
129 : : * Free a preparse of a user defined key payload
130 : : */
131 : 2730 : static void keyring_free_preparse(struct key_preparsed_payload *prep)
132 : : {
133 : 2730 : }
134 : :
135 : : /*
136 : : * Initialise a keyring.
137 : : *
138 : : * Returns 0 on success, -EINVAL if given any data.
139 : : */
140 : 2730 : static int keyring_instantiate(struct key *keyring,
141 : : struct key_preparsed_payload *prep)
142 : : {
143 : 2730 : assoc_array_init(&keyring->keys);
144 : : /* make the keyring available by name if it has one */
145 : 2730 : keyring_publish_name(keyring);
146 : 2730 : return 0;
147 : : }
148 : :
149 : : /*
150 : : * Multiply 64-bits by 32-bits to 96-bits and fold back to 64-bit. Ideally we'd
151 : : * fold the carry back too, but that requires inline asm.
152 : : */
153 : 45630 : static u64 mult_64x32_and_fold(u64 x, u32 y)
154 : : {
155 : 45630 : u64 hi = (u64)(u32)(x >> 32) * y;
156 : 45630 : u64 lo = (u64)(u32)(x) * y;
157 : 45630 : return lo + ((u64)(u32)hi << 32) + (u32)(hi >> 32);
158 : : }
159 : :
160 : : /*
161 : : * Hash a key type and description.
162 : : */
163 : 10920 : static void hash_key_type_and_desc(struct keyring_index_key *index_key)
164 : : {
165 : 10920 : const unsigned level_shift = ASSOC_ARRAY_LEVEL_STEP;
166 : 10920 : const unsigned long fan_mask = ASSOC_ARRAY_FAN_MASK;
167 : 10920 : const char *description = index_key->description;
168 : 10920 : unsigned long hash, type;
169 : 10920 : u32 piece;
170 : 10920 : u64 acc;
171 : 10920 : int n, desc_len = index_key->desc_len;
172 : :
173 : 10920 : type = (unsigned long)index_key->type;
174 : 10920 : acc = mult_64x32_and_fold(type, desc_len + 13);
175 : 10920 : acc = mult_64x32_and_fold(acc, 9207);
176 : 10920 : piece = (unsigned long)index_key->domain_tag;
177 : 10920 : acc = mult_64x32_and_fold(acc, piece);
178 : 10920 : acc = mult_64x32_and_fold(acc, 9207);
179 : :
180 : 80340 : for (;;) {
181 : 80340 : n = desc_len;
182 [ + + ]: 45630 : if (n <= 0)
183 : : break;
184 : 34710 : if (n > 4)
185 : : n = 4;
186 : 34710 : piece = 0;
187 : 34710 : memcpy(&piece, description, n);
188 : 34710 : description += n;
189 : 34710 : desc_len -= n;
190 : 34710 : acc = mult_64x32_and_fold(acc, piece);
191 : 34710 : acc = mult_64x32_and_fold(acc, 9207);
192 : : }
193 : :
194 : : /* Fold the hash down to 32 bits if need be. */
195 : 10920 : hash = acc;
196 : 10920 : if (ASSOC_ARRAY_KEY_CHUNK_SIZE == 32)
197 : : hash ^= acc >> 32;
198 : :
199 : : /* Squidge all the keyrings into a separate part of the tree to
200 : : * ordinary keys by making sure the lowest level segment in the hash is
201 : : * zero for keyrings and non-zero otherwise.
202 : : */
203 [ + + - + ]: 10920 : if (index_key->type != &key_type_keyring && (hash & fan_mask) == 0)
204 : 0 : hash |= (hash >> (ASSOC_ARRAY_KEY_CHUNK_SIZE - level_shift)) | 1;
205 [ + + + - ]: 10920 : else if (index_key->type == &key_type_keyring && (hash & fan_mask) != 0)
206 : 4212 : hash = (hash + (hash << level_shift)) & ~fan_mask;
207 : 10920 : index_key->hash = hash;
208 : 10920 : }
209 : :
210 : : /*
211 : : * Finalise an index key to include a part of the description actually in the
212 : : * index key, to set the domain tag and to calculate the hash.
213 : : */
214 : 10920 : void key_set_index_key(struct keyring_index_key *index_key)
215 : : {
216 : 10920 : static struct key_tag default_domain_tag = { .usage = REFCOUNT_INIT(1), };
217 : 10920 : size_t n = min_t(size_t, index_key->desc_len, sizeof(index_key->desc));
218 : :
219 : 10920 : memcpy(index_key->desc, index_key->description, n);
220 : :
221 [ + + ]: 10920 : if (!index_key->domain_tag) {
222 [ - + ]: 8190 : if (index_key->type->flags & KEY_TYPE_NET_DOMAIN)
223 : 0 : index_key->domain_tag = current->nsproxy->net_ns->key_domain;
224 : : else
225 : 8190 : index_key->domain_tag = &default_domain_tag;
226 : : }
227 : :
228 : 10920 : hash_key_type_and_desc(index_key);
229 : 10920 : }
230 : :
231 : : /**
232 : : * key_put_tag - Release a ref on a tag.
233 : : * @tag: The tag to release.
234 : : *
235 : : * This releases a reference the given tag and returns true if that ref was the
236 : : * last one.
237 : : */
238 : 3276 : bool key_put_tag(struct key_tag *tag)
239 : : {
240 [ - + ]: 3276 : if (refcount_dec_and_test(&tag->usage)) {
241 [ # # ]: 0 : kfree_rcu(tag, rcu);
242 : 0 : return true;
243 : : }
244 : :
245 : : return false;
246 : : }
247 : :
248 : : /**
249 : : * key_remove_domain - Kill off a key domain and gc its keys
250 : : * @domain_tag: The domain tag to release.
251 : : *
252 : : * This marks a domain tag as being dead and releases a ref on it. If that
253 : : * wasn't the last reference, the garbage collector is poked to try and delete
254 : : * all keys that were in the domain.
255 : : */
256 : 0 : void key_remove_domain(struct key_tag *domain_tag)
257 : : {
258 : 0 : domain_tag->removed = true;
259 [ # # ]: 0 : if (!key_put_tag(domain_tag))
260 : 0 : key_schedule_gc_links();
261 : 0 : }
262 : :
263 : : /*
264 : : * Build the next index key chunk.
265 : : *
266 : : * We return it one word-sized chunk at a time.
267 : : */
268 : 3978 : static unsigned long keyring_get_key_chunk(const void *data, int level)
269 : : {
270 : 3978 : const struct keyring_index_key *index_key = data;
271 : 3978 : unsigned long chunk = 0;
272 : 3978 : const u8 *d;
273 : 3978 : int desc_len = index_key->desc_len, n = sizeof(chunk);
274 : :
275 : 3978 : level /= ASSOC_ARRAY_KEY_CHUNK_SIZE;
276 [ + - - - : 3978 : switch (level) {
- ]
277 : 3978 : case 0:
278 : 3978 : return index_key->hash;
279 : 0 : case 1:
280 : 0 : return index_key->x;
281 : 0 : case 2:
282 : 0 : return (unsigned long)index_key->type;
283 : 0 : case 3:
284 : 0 : return (unsigned long)index_key->domain_tag;
285 : 0 : default:
286 : 0 : level -= 4;
287 [ # # ]: 0 : if (desc_len <= sizeof(index_key->desc))
288 : : return 0;
289 : :
290 : 0 : d = index_key->description + sizeof(index_key->desc);
291 : 0 : d += level * sizeof(long);
292 : 0 : desc_len -= sizeof(index_key->desc);
293 : 0 : if (desc_len > n)
294 : : desc_len = n;
295 : 0 : do {
296 : 0 : chunk <<= 8;
297 : 0 : chunk |= *d++;
298 [ # # ]: 0 : } while (--desc_len > 0);
299 : : return chunk;
300 : : }
301 : : }
302 : :
303 : 0 : static unsigned long keyring_get_object_key_chunk(const void *object, int level)
304 : : {
305 : 0 : const struct key *key = keyring_ptr_to_key(object);
306 : 0 : return keyring_get_key_chunk(&key->index_key, level);
307 : : }
308 : :
309 : 8424 : static bool keyring_compare_object(const void *object, const void *data)
310 : : {
311 : 8424 : const struct keyring_index_key *index_key = data;
312 [ + + ]: 8424 : const struct key *key = keyring_ptr_to_key(object);
313 : :
314 : 13494 : return key->index_key.type == index_key->type &&
315 [ + - ]: 5070 : key->index_key.domain_tag == index_key->domain_tag &&
316 [ + + + + ]: 13494 : key->index_key.desc_len == index_key->desc_len &&
317 [ - + ]: 2964 : memcmp(key->index_key.description, index_key->description,
318 : : index_key->desc_len) == 0;
319 : : }
320 : :
321 : : /*
322 : : * Compare the index keys of a pair of objects and determine the bit position
323 : : * at which they differ - if they differ.
324 : : */
325 : 0 : static int keyring_diff_objects(const void *object, const void *data)
326 : : {
327 [ # # ]: 0 : const struct key *key_a = keyring_ptr_to_key(object);
328 : 0 : const struct keyring_index_key *a = &key_a->index_key;
329 : 0 : const struct keyring_index_key *b = data;
330 : 0 : unsigned long seg_a, seg_b;
331 : 0 : int level, i;
332 : :
333 : 0 : level = 0;
334 : 0 : seg_a = a->hash;
335 : 0 : seg_b = b->hash;
336 [ # # ]: 0 : if ((seg_a ^ seg_b) != 0)
337 : 0 : goto differ;
338 : 0 : level += ASSOC_ARRAY_KEY_CHUNK_SIZE / 8;
339 : :
340 : : /* The number of bits contributed by the hash is controlled by a
341 : : * constant in the assoc_array headers. Everything else thereafter we
342 : : * can deal with as being machine word-size dependent.
343 : : */
344 : 0 : seg_a = a->x;
345 : 0 : seg_b = b->x;
346 [ # # ]: 0 : if ((seg_a ^ seg_b) != 0)
347 : 0 : goto differ;
348 : 0 : level += sizeof(unsigned long);
349 : :
350 : : /* The next bit may not work on big endian */
351 : 0 : seg_a = (unsigned long)a->type;
352 : 0 : seg_b = (unsigned long)b->type;
353 [ # # ]: 0 : if ((seg_a ^ seg_b) != 0)
354 : 0 : goto differ;
355 : 0 : level += sizeof(unsigned long);
356 : :
357 : 0 : seg_a = (unsigned long)a->domain_tag;
358 : 0 : seg_b = (unsigned long)b->domain_tag;
359 [ # # ]: 0 : if ((seg_a ^ seg_b) != 0)
360 : 0 : goto differ;
361 : 0 : level += sizeof(unsigned long);
362 : :
363 : 0 : i = sizeof(a->desc);
364 [ # # ]: 0 : if (a->desc_len <= i)
365 : 0 : goto same;
366 : :
367 [ # # ]: 0 : for (; i < a->desc_len; i++) {
368 : 0 : seg_a = *(unsigned char *)(a->description + i);
369 : 0 : seg_b = *(unsigned char *)(b->description + i);
370 [ # # ]: 0 : if ((seg_a ^ seg_b) != 0)
371 : 0 : goto differ_plus_i;
372 : : }
373 : :
374 : 0 : same:
375 : : return -1;
376 : :
377 : : differ_plus_i:
378 : 0 : level += i;
379 : 0 : differ:
380 : 0 : i = level * 8 + __ffs(seg_a ^ seg_b);
381 : 0 : return i;
382 : : }
383 : :
384 : : /*
385 : : * Free an object after stripping the keyring flag off of the pointer.
386 : : */
387 : 2028 : static void keyring_free_object(void *object)
388 : : {
389 : 2028 : key_put(keyring_ptr_to_key(object));
390 : 2028 : }
391 : :
392 : : /*
393 : : * Operations for keyring management by the index-tree routines.
394 : : */
395 : : static const struct assoc_array_ops keyring_assoc_array_ops = {
396 : : .get_key_chunk = keyring_get_key_chunk,
397 : : .get_object_key_chunk = keyring_get_object_key_chunk,
398 : : .compare_object = keyring_compare_object,
399 : : .diff_objects = keyring_diff_objects,
400 : : .free_object = keyring_free_object,
401 : : };
402 : :
403 : : /*
404 : : * Clean up a keyring when it is destroyed. Unpublish its name if it had one
405 : : * and dispose of its data.
406 : : *
407 : : * The garbage collector detects the final key_put(), removes the keyring from
408 : : * the serial number tree and then does RCU synchronisation before coming here,
409 : : * so we shouldn't need to worry about code poking around here with the RCU
410 : : * readlock held by this time.
411 : : */
412 : 1638 : static void keyring_destroy(struct key *keyring)
413 : : {
414 [ + - ]: 1638 : if (keyring->description) {
415 : 1638 : write_lock(&keyring_name_lock);
416 : :
417 [ + - + - ]: 1638 : if (keyring->name_link.next != NULL &&
418 [ + - ]: 1638 : !list_empty(&keyring->name_link))
419 : 1638 : list_del(&keyring->name_link);
420 : :
421 : 1638 : write_unlock(&keyring_name_lock);
422 : : }
423 : :
424 [ - + ]: 1638 : if (keyring->restrict_link) {
425 : 0 : struct key_restriction *keyres = keyring->restrict_link;
426 : :
427 : 0 : key_put(keyres->key);
428 : 0 : kfree(keyres);
429 : : }
430 : :
431 : 1638 : assoc_array_destroy(&keyring->keys, &keyring_assoc_array_ops);
432 : 1638 : }
433 : :
434 : : /*
435 : : * Describe a keyring for /proc.
436 : : */
437 : 0 : static void keyring_describe(const struct key *keyring, struct seq_file *m)
438 : : {
439 [ # # ]: 0 : if (keyring->description)
440 : 0 : seq_puts(m, keyring->description);
441 : : else
442 : 0 : seq_puts(m, "[anon]");
443 : :
444 [ # # ]: 0 : if (key_is_positive(keyring)) {
445 [ # # ]: 0 : if (keyring->keys.nr_leaves_on_tree != 0)
446 : 0 : seq_printf(m, ": %lu", keyring->keys.nr_leaves_on_tree);
447 : : else
448 : 0 : seq_puts(m, ": empty");
449 : : }
450 : 0 : }
451 : :
452 : : struct keyring_read_iterator_context {
453 : : size_t buflen;
454 : : size_t count;
455 : : key_serial_t __user *buffer;
456 : : };
457 : :
458 : 0 : static int keyring_read_iterator(const void *object, void *data)
459 : : {
460 : 0 : struct keyring_read_iterator_context *ctx = data;
461 [ # # ]: 0 : const struct key *key = keyring_ptr_to_key(object);
462 : 0 : int ret;
463 : :
464 : 0 : kenter("{%s,%d},,{%zu/%zu}",
465 : : key->type->name, key->serial, ctx->count, ctx->buflen);
466 : :
467 [ # # ]: 0 : if (ctx->count >= ctx->buflen)
468 : : return 1;
469 : :
470 : 0 : ret = put_user(key->serial, ctx->buffer);
471 [ # # ]: 0 : if (ret < 0)
472 : : return ret;
473 : 0 : ctx->buffer++;
474 : 0 : ctx->count += sizeof(key->serial);
475 : 0 : return 0;
476 : : }
477 : :
478 : : /*
479 : : * Read a list of key IDs from the keyring's contents in binary form
480 : : *
481 : : * The keyring's semaphore is read-locked by the caller. This prevents someone
482 : : * from modifying it under us - which could cause us to read key IDs multiple
483 : : * times.
484 : : */
485 : 0 : static long keyring_read(const struct key *keyring,
486 : : char __user *buffer, size_t buflen)
487 : : {
488 : 0 : struct keyring_read_iterator_context ctx;
489 : 0 : long ret;
490 : :
491 : 0 : kenter("{%d},,%zu", key_serial(keyring), buflen);
492 : :
493 [ # # ]: 0 : if (buflen & (sizeof(key_serial_t) - 1))
494 : : return -EINVAL;
495 : :
496 : : /* Copy as many key IDs as fit into the buffer */
497 [ # # ]: 0 : if (buffer && buflen) {
498 : 0 : ctx.buffer = (key_serial_t __user *)buffer;
499 : 0 : ctx.buflen = buflen;
500 : 0 : ctx.count = 0;
501 : 0 : ret = assoc_array_iterate(&keyring->keys,
502 : : keyring_read_iterator, &ctx);
503 [ # # ]: 0 : if (ret < 0) {
504 : : kleave(" = %ld [iterate]", ret);
505 : : return ret;
506 : : }
507 : : }
508 : :
509 : : /* Return the size of the buffer needed */
510 : 0 : ret = keyring->keys.nr_leaves_on_tree * sizeof(key_serial_t);
511 : 0 : if (ret <= buflen)
512 : : kleave("= %ld [ok]", ret);
513 : : else
514 : : kleave("= %ld [buffer too small]", ret);
515 : 0 : return ret;
516 : : }
517 : :
518 : : /*
519 : : * Allocate a keyring and link into the destination keyring.
520 : : */
521 : 2730 : struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
522 : : const struct cred *cred, key_perm_t perm,
523 : : unsigned long flags,
524 : : struct key_restriction *restrict_link,
525 : : struct key *dest)
526 : : {
527 : 2730 : struct key *keyring;
528 : 2730 : int ret;
529 : :
530 : 2730 : keyring = key_alloc(&key_type_keyring, description,
531 : : uid, gid, cred, perm, flags, restrict_link);
532 [ + - ]: 2730 : if (!IS_ERR(keyring)) {
533 : 2730 : ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);
534 [ - + ]: 2730 : if (ret < 0) {
535 : 0 : key_put(keyring);
536 : 0 : keyring = ERR_PTR(ret);
537 : : }
538 : : }
539 : :
540 : 2730 : return keyring;
541 : : }
542 : : EXPORT_SYMBOL(keyring_alloc);
543 : :
544 : : /**
545 : : * restrict_link_reject - Give -EPERM to restrict link
546 : : * @keyring: The keyring being added to.
547 : : * @type: The type of key being added.
548 : : * @payload: The payload of the key intended to be added.
549 : : * @restriction_key: Keys providing additional data for evaluating restriction.
550 : : *
551 : : * Reject the addition of any links to a keyring. It can be overridden by
552 : : * passing KEY_ALLOC_BYPASS_RESTRICTION to key_instantiate_and_link() when
553 : : * adding a key to a keyring.
554 : : *
555 : : * This is meant to be stored in a key_restriction structure which is passed
556 : : * in the restrict_link parameter to keyring_alloc().
557 : : */
558 : 0 : int restrict_link_reject(struct key *keyring,
559 : : const struct key_type *type,
560 : : const union key_payload *payload,
561 : : struct key *restriction_key)
562 : : {
563 : 0 : return -EPERM;
564 : : }
565 : :
566 : : /*
567 : : * By default, we keys found by getting an exact match on their descriptions.
568 : : */
569 : 780 : bool key_default_cmp(const struct key *key,
570 : : const struct key_match_data *match_data)
571 : : {
572 : 780 : return strcmp(key->description, match_data->raw_data) == 0;
573 : : }
574 : :
575 : : /*
576 : : * Iteration function to consider each key found.
577 : : */
578 : 2964 : static int keyring_search_iterator(const void *object, void *iterator_data)
579 : : {
580 : 2964 : struct keyring_search_context *ctx = iterator_data;
581 [ + - ]: 2964 : const struct key *key = keyring_ptr_to_key(object);
582 [ + - ]: 2964 : unsigned long kflags = READ_ONCE(key->flags);
583 : 2964 : short state = READ_ONCE(key->state);
584 : :
585 : 2964 : kenter("{%d}", key->serial);
586 : :
587 : : /* ignore keys not of this type */
588 [ + - ]: 2964 : if (key->type != ctx->index_key.type) {
589 : : kleave(" = 0 [!type]");
590 : : return 0;
591 : : }
592 : :
593 : : /* skip invalidated, revoked and expired keys */
594 [ + + ]: 2964 : if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) {
595 [ - + ]: 780 : time64_t expiry = READ_ONCE(key->expiry);
596 : :
597 [ - + ]: 780 : if (kflags & ((1 << KEY_FLAG_INVALIDATED) |
598 : : (1 << KEY_FLAG_REVOKED))) {
599 : 0 : ctx->result = ERR_PTR(-EKEYREVOKED);
600 : 0 : kleave(" = %d [invrev]", ctx->skipped_ret);
601 : 0 : goto skipped;
602 : : }
603 : :
604 [ - + - - ]: 780 : if (expiry && ctx->now >= expiry) {
605 [ # # ]: 0 : if (!(ctx->flags & KEYRING_SEARCH_SKIP_EXPIRED))
606 : 0 : ctx->result = ERR_PTR(-EKEYEXPIRED);
607 : 0 : kleave(" = %d [expire]", ctx->skipped_ret);
608 : 0 : goto skipped;
609 : : }
610 : : }
611 : :
612 : : /* keys that don't match */
613 [ + - ]: 2964 : if (!ctx->match_data.cmp(key, &ctx->match_data)) {
614 : : kleave(" = 0 [!match]");
615 : : return 0;
616 : : }
617 : :
618 : : /* key must have search permissions */
619 [ + - - + ]: 5928 : if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) &&
620 : 2964 : key_task_permission(make_key_ref(key, ctx->possessed),
621 : : ctx->cred, KEY_NEED_SEARCH) < 0) {
622 : 0 : ctx->result = ERR_PTR(-EACCES);
623 : 0 : kleave(" = %d [!perm]", ctx->skipped_ret);
624 : 0 : goto skipped;
625 : : }
626 : :
627 [ + + ]: 2964 : if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) {
628 : : /* we set a different error code if we pass a negative key */
629 [ - + ]: 780 : if (state < 0) {
630 : 0 : ctx->result = ERR_PTR(state);
631 : 0 : kleave(" = %d [neg]", ctx->skipped_ret);
632 : 0 : goto skipped;
633 : : }
634 : : }
635 : :
636 : : /* Found */
637 : 2964 : ctx->result = make_key_ref(key, ctx->possessed);
638 : 2964 : kleave(" = 1 [found]");
639 : 2964 : return 1;
640 : :
641 : 0 : skipped:
642 : 0 : return ctx->skipped_ret;
643 : : }
644 : :
645 : : /*
646 : : * Search inside a keyring for a key. We can search by walking to it
647 : : * directly based on its index-key or we can iterate over the entire
648 : : * tree looking for it, based on the match function.
649 : : */
650 : 3744 : static int search_keyring(struct key *keyring, struct keyring_search_context *ctx)
651 : : {
652 [ + - ]: 3744 : if (ctx->match_data.lookup_type == KEYRING_SEARCH_LOOKUP_DIRECT) {
653 : 3744 : const void *object;
654 : :
655 : 3744 : object = assoc_array_find(&keyring->keys,
656 : : &keyring_assoc_array_ops,
657 : 3744 : &ctx->index_key);
658 [ + + ]: 3744 : return object ? ctx->iterator(object, ctx) : 0;
659 : : }
660 : 0 : return assoc_array_iterate(&keyring->keys, ctx->iterator, ctx);
661 : : }
662 : :
663 : : /*
664 : : * Search a tree of keyrings that point to other keyrings up to the maximum
665 : : * depth.
666 : : */
667 : 3666 : static bool search_nested_keyrings(struct key *keyring,
668 : : struct keyring_search_context *ctx)
669 : : {
670 : 3666 : struct {
671 : : struct key *keyring;
672 : : struct assoc_array_node *node;
673 : : int slot;
674 : : } stack[KEYRING_SEARCH_MAX_DEPTH];
675 : :
676 : 3666 : struct assoc_array_shortcut *shortcut;
677 : 3666 : struct assoc_array_node *node;
678 : 3666 : struct assoc_array_ptr *ptr;
679 : 3666 : struct key *key;
680 : 3666 : int sp = 0, slot;
681 : :
682 : 3666 : kenter("{%d},{%s,%s}",
683 : : keyring->serial,
684 : : ctx->index_key.type->name,
685 : : ctx->index_key.description);
686 : :
687 : : #define STATE_CHECKS (KEYRING_SEARCH_NO_STATE_CHECK | KEYRING_SEARCH_DO_STATE_CHECK)
688 [ - + ]: 3666 : BUG_ON((ctx->flags & STATE_CHECKS) == 0 ||
689 : : (ctx->flags & STATE_CHECKS) == STATE_CHECKS);
690 : :
691 [ + - ]: 3666 : if (ctx->index_key.description)
692 : 3666 : key_set_index_key(&ctx->index_key);
693 : :
694 : : /* Check to see if this top-level keyring is what we are looking for
695 : : * and whether it is valid or not.
696 : : */
697 [ + - ]: 3666 : if (ctx->match_data.lookup_type == KEYRING_SEARCH_LOOKUP_ITERATE ||
698 [ - + ]: 3666 : keyring_compare_object(keyring, &ctx->index_key)) {
699 : 0 : ctx->skipped_ret = 2;
700 [ # # # # : 0 : switch (ctx->iterator(keyring_key_to_ptr(keyring), ctx)) {
# ]
701 : 0 : case 1:
702 : 0 : goto found;
703 : : case 2:
704 : : return false;
705 : : default:
706 : : break;
707 : : }
708 : 3666 : }
709 : :
710 : 3666 : ctx->skipped_ret = 0;
711 : :
712 : : /* Start processing a new keyring */
713 : 3744 : descend_to_keyring:
714 : 3744 : kdebug("descend to %d", keyring->serial);
715 [ - + ]: 3744 : if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) |
716 : : (1 << KEY_FLAG_REVOKED)))
717 : 0 : goto not_this_keyring;
718 : :
719 : : /* Search through the keys in this keyring before its searching its
720 : : * subtrees.
721 : : */
722 [ + + ]: 3744 : if (search_keyring(keyring, ctx))
723 : 2964 : goto found;
724 : :
725 : : /* Then manually iterate through the keyrings nested in this one.
726 : : *
727 : : * Start from the root node of the index tree. Because of the way the
728 : : * hash function has been set up, keyrings cluster on the leftmost
729 : : * branch of the root node (root slot 0) or in the root node itself.
730 : : * Non-keyrings avoid the leftmost branch of the root entirely (root
731 : : * slots 1-15).
732 : : */
733 [ + + ]: 780 : if (!(ctx->flags & KEYRING_SEARCH_RECURSE))
734 : 156 : goto not_this_keyring;
735 : :
736 [ + + ]: 624 : ptr = READ_ONCE(keyring->keys.root);
737 [ + + ]: 624 : if (!ptr)
738 : 546 : goto not_this_keyring;
739 : :
740 [ - + ]: 78 : if (assoc_array_ptr_is_shortcut(ptr)) {
741 : : /* If the root is a shortcut, either the keyring only contains
742 : : * keyring pointers (everything clusters behind root slot 0) or
743 : : * doesn't contain any keyring pointers.
744 : : */
745 [ # # ]: 0 : shortcut = assoc_array_ptr_to_shortcut(ptr);
746 [ # # ]: 0 : if ((shortcut->index_key[0] & ASSOC_ARRAY_FAN_MASK) != 0)
747 : 0 : goto not_this_keyring;
748 : :
749 : 0 : ptr = READ_ONCE(shortcut->next_node);
750 : 0 : node = assoc_array_ptr_to_node(ptr);
751 : 0 : goto begin_node;
752 : : }
753 : :
754 [ + - ]: 78 : node = assoc_array_ptr_to_node(ptr);
755 : 78 : ptr = node->slots[0];
756 [ + - ]: 78 : if (!assoc_array_ptr_is_meta(ptr))
757 : 78 : goto begin_node;
758 : :
759 : 0 : descend_to_node:
760 : : /* Descend to a more distal node in this keyring's content tree and go
761 : : * through that.
762 : : */
763 : 0 : kdebug("descend");
764 [ # # ]: 0 : if (assoc_array_ptr_is_shortcut(ptr)) {
765 [ # # ]: 0 : shortcut = assoc_array_ptr_to_shortcut(ptr);
766 [ # # ]: 0 : ptr = READ_ONCE(shortcut->next_node);
767 [ # # ]: 0 : BUG_ON(!assoc_array_ptr_is_node(ptr));
768 : : }
769 : 0 : node = assoc_array_ptr_to_node(ptr);
770 : :
771 : : begin_node:
772 : : kdebug("begin_node");
773 : : slot = 0;
774 : : ascend_to_node:
775 : : /* Go through the slots in a node */
776 [ + + ]: 2496 : for (; slot < ASSOC_ARRAY_FAN_OUT; slot++) {
777 [ - + ]: 1248 : ptr = READ_ONCE(node->slots[slot]);
778 : :
779 [ - + - - ]: 1248 : if (assoc_array_ptr_is_meta(ptr) && node->back_pointer)
780 : 0 : goto descend_to_node;
781 : :
782 [ + + ]: 1248 : if (!keyring_ptr_is_keyring(ptr))
783 : 1170 : continue;
784 : :
785 [ - + ]: 78 : key = keyring_ptr_to_key(ptr);
786 : :
787 [ - + ]: 78 : if (sp >= KEYRING_SEARCH_MAX_DEPTH) {
788 [ # # ]: 0 : if (ctx->flags & KEYRING_SEARCH_DETECT_TOO_DEEP) {
789 : 0 : ctx->result = ERR_PTR(-ELOOP);
790 : 0 : return false;
791 : : }
792 : 0 : goto not_this_keyring;
793 : : }
794 : :
795 : : /* Search a nested keyring */
796 [ - + - - ]: 78 : if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) &&
797 : 0 : key_task_permission(make_key_ref(key, ctx->possessed),
798 : : ctx->cred, KEY_NEED_SEARCH) < 0)
799 : 0 : continue;
800 : :
801 : : /* stack the current position */
802 : 78 : stack[sp].keyring = keyring;
803 : 78 : stack[sp].node = node;
804 : 78 : stack[sp].slot = slot;
805 : 78 : sp++;
806 : :
807 : : /* begin again with the new keyring */
808 : 78 : keyring = key;
809 : 78 : goto descend_to_keyring;
810 : : }
811 : :
812 : : /* We've dealt with all the slots in the current node, so now we need
813 : : * to ascend to the parent and continue processing there.
814 : : */
815 [ - + ]: 78 : ptr = READ_ONCE(node->back_pointer);
816 : 78 : slot = node->parent_slot;
817 : :
818 [ - + - - ]: 78 : if (ptr && assoc_array_ptr_is_shortcut(ptr)) {
819 : 0 : shortcut = assoc_array_ptr_to_shortcut(ptr);
820 : 0 : ptr = READ_ONCE(shortcut->back_pointer);
821 : 0 : slot = shortcut->parent_slot;
822 : : }
823 [ + - ]: 78 : if (!ptr)
824 : 78 : goto not_this_keyring;
825 [ # # ]: 0 : node = assoc_array_ptr_to_node(ptr);
826 : 0 : slot++;
827 : :
828 : : /* If we've ascended to the root (zero backpointer), we must have just
829 : : * finished processing the leftmost branch rather than the root slots -
830 : : * so there can't be any more keyrings for us to find.
831 : : */
832 [ # # ]: 0 : if (node->back_pointer) {
833 : 0 : kdebug("ascend %d", slot);
834 : 0 : goto ascend_to_node;
835 : : }
836 : :
837 : : /* The keyring we're looking at was disqualified or didn't contain a
838 : : * matching key.
839 : : */
840 : 0 : not_this_keyring:
841 : 780 : kdebug("not_this_keyring %d", sp);
842 [ + + ]: 780 : if (sp <= 0) {
843 : : kleave(" = false");
844 : : return false;
845 : : }
846 : :
847 : : /* Resume the processing of a keyring higher up in the tree */
848 : 78 : sp--;
849 : 78 : keyring = stack[sp].keyring;
850 : 78 : node = stack[sp].node;
851 : 78 : slot = stack[sp].slot + 1;
852 : 78 : kdebug("ascend to %d [%d]", keyring->serial, slot);
853 : 78 : goto ascend_to_node;
854 : :
855 : : /* We found a viable match */
856 : 2964 : found:
857 [ + - ]: 2964 : key = key_ref_to_ptr(ctx->result);
858 : 2964 : key_check(key);
859 [ + - ]: 2964 : if (!(ctx->flags & KEYRING_SEARCH_NO_UPDATE_TIME)) {
860 : 2964 : key->last_used_at = ctx->now;
861 : 2964 : keyring->last_used_at = ctx->now;
862 [ - + ]: 2964 : while (sp > 0)
863 : 0 : stack[--sp].keyring->last_used_at = ctx->now;
864 : : }
865 : : kleave(" = true");
866 : : return true;
867 : : }
868 : :
869 : : /**
870 : : * keyring_search_rcu - Search a keyring tree for a matching key under RCU
871 : : * @keyring_ref: A pointer to the keyring with possession indicator.
872 : : * @ctx: The keyring search context.
873 : : *
874 : : * Search the supplied keyring tree for a key that matches the criteria given.
875 : : * The root keyring and any linked keyrings must grant Search permission to the
876 : : * caller to be searchable and keys can only be found if they too grant Search
877 : : * to the caller. The possession flag on the root keyring pointer controls use
878 : : * of the possessor bits in permissions checking of the entire tree. In
879 : : * addition, the LSM gets to forbid keyring searches and key matches.
880 : : *
881 : : * The search is performed as a breadth-then-depth search up to the prescribed
882 : : * limit (KEYRING_SEARCH_MAX_DEPTH). The caller must hold the RCU read lock to
883 : : * prevent keyrings from being destroyed or rearranged whilst they are being
884 : : * searched.
885 : : *
886 : : * Keys are matched to the type provided and are then filtered by the match
887 : : * function, which is given the description to use in any way it sees fit. The
888 : : * match function may use any attributes of a key that it wishes to to
889 : : * determine the match. Normally the match function from the key type would be
890 : : * used.
891 : : *
892 : : * RCU can be used to prevent the keyring key lists from disappearing without
893 : : * the need to take lots of locks.
894 : : *
895 : : * Returns a pointer to the found key and increments the key usage count if
896 : : * successful; -EAGAIN if no matching keys were found, or if expired or revoked
897 : : * keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the
898 : : * specified keyring wasn't a keyring.
899 : : *
900 : : * In the case of a successful return, the possession attribute from
901 : : * @keyring_ref is propagated to the returned key reference.
902 : : */
903 : 3120 : key_ref_t keyring_search_rcu(key_ref_t keyring_ref,
904 : : struct keyring_search_context *ctx)
905 : : {
906 : 3120 : struct key *keyring;
907 : 3120 : long err;
908 : :
909 : 3120 : ctx->iterator = keyring_search_iterator;
910 [ + - ]: 3120 : ctx->possessed = is_key_possessed(keyring_ref);
911 [ + - ]: 3120 : ctx->result = ERR_PTR(-EAGAIN);
912 : :
913 [ + - ]: 3120 : keyring = key_ref_to_ptr(keyring_ref);
914 : 3120 : key_check(keyring);
915 : :
916 [ + - ]: 3120 : if (keyring->type != &key_type_keyring)
917 : : return ERR_PTR(-ENOTDIR);
918 : :
919 [ + - ]: 3120 : if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM)) {
920 : 3120 : err = key_task_permission(keyring_ref, ctx->cred, KEY_NEED_SEARCH);
921 [ - + ]: 3120 : if (err < 0)
922 : 0 : return ERR_PTR(err);
923 : : }
924 : :
925 : 3120 : ctx->now = ktime_get_real_seconds();
926 [ + + ]: 3120 : if (search_nested_keyrings(keyring, ctx))
927 : 2964 : __key_get(key_ref_to_ptr(ctx->result));
928 : 3120 : return ctx->result;
929 : : }
930 : :
931 : : /**
932 : : * keyring_search - Search the supplied keyring tree for a matching key
933 : : * @keyring: The root of the keyring tree to be searched.
934 : : * @type: The type of keyring we want to find.
935 : : * @description: The name of the keyring we want to find.
936 : : * @recurse: True to search the children of @keyring also
937 : : *
938 : : * As keyring_search_rcu() above, but using the current task's credentials and
939 : : * type's default matching function and preferred search method.
940 : : */
941 : 936 : key_ref_t keyring_search(key_ref_t keyring,
942 : : struct key_type *type,
943 : : const char *description,
944 : : bool recurse)
945 : : {
946 : 936 : struct keyring_search_context ctx = {
947 : : .index_key.type = type,
948 : : .index_key.description = description,
949 : 936 : .index_key.desc_len = strlen(description),
950 [ - + ]: 936 : .cred = current_cred(),
951 : : .match_data.cmp = key_default_cmp,
952 : : .match_data.raw_data = description,
953 : : .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
954 : : .flags = KEYRING_SEARCH_DO_STATE_CHECK,
955 : : };
956 : 936 : key_ref_t key;
957 : 936 : int ret;
958 : :
959 [ - + ]: 936 : if (recurse)
960 : 0 : ctx.flags |= KEYRING_SEARCH_RECURSE;
961 [ - + ]: 936 : if (type->match_preparse) {
962 : 0 : ret = type->match_preparse(&ctx.match_data);
963 [ # # ]: 0 : if (ret < 0)
964 : 0 : return ERR_PTR(ret);
965 : : }
966 : :
967 : 936 : rcu_read_lock();
968 : 936 : key = keyring_search_rcu(keyring, &ctx);
969 : 936 : rcu_read_unlock();
970 : :
971 [ - + ]: 936 : if (type->match_free)
972 : 0 : type->match_free(&ctx.match_data);
973 : : return key;
974 : : }
975 : : EXPORT_SYMBOL(keyring_search);
976 : :
977 : 0 : static struct key_restriction *keyring_restriction_alloc(
978 : : key_restrict_link_func_t check)
979 : : {
980 : 0 : struct key_restriction *keyres =
981 : : kzalloc(sizeof(struct key_restriction), GFP_KERNEL);
982 : :
983 [ # # ]: 0 : if (!keyres)
984 : : return ERR_PTR(-ENOMEM);
985 : :
986 : 0 : keyres->check = check;
987 : :
988 : 0 : return keyres;
989 : : }
990 : :
991 : : /*
992 : : * Semaphore to serialise restriction setup to prevent reference count
993 : : * cycles through restriction key pointers.
994 : : */
995 : : static DECLARE_RWSEM(keyring_serialise_restrict_sem);
996 : :
997 : : /*
998 : : * Check for restriction cycles that would prevent keyring garbage collection.
999 : : * keyring_serialise_restrict_sem must be held.
1000 : : */
1001 : : static bool keyring_detect_restriction_cycle(const struct key *dest_keyring,
1002 : : struct key_restriction *keyres)
1003 : : {
1004 [ # # # # ]: 0 : while (keyres && keyres->key &&
1005 [ # # ]: 0 : keyres->key->type == &key_type_keyring) {
1006 [ # # ]: 0 : if (keyres->key == dest_keyring)
1007 : : return true;
1008 : :
1009 : 0 : keyres = keyres->key->restrict_link;
1010 : : }
1011 : :
1012 : : return false;
1013 : : }
1014 : :
1015 : : /**
1016 : : * keyring_restrict - Look up and apply a restriction to a keyring
1017 : : * @keyring_ref: The keyring to be restricted
1018 : : * @type: The key type that will provide the restriction checker.
1019 : : * @restriction: The restriction options to apply to the keyring
1020 : : *
1021 : : * Look up a keyring and apply a restriction to it. The restriction is managed
1022 : : * by the specific key type, but can be configured by the options specified in
1023 : : * the restriction string.
1024 : : */
1025 : 0 : int keyring_restrict(key_ref_t keyring_ref, const char *type,
1026 : : const char *restriction)
1027 : : {
1028 : 0 : struct key *keyring;
1029 : 0 : struct key_type *restrict_type = NULL;
1030 : 0 : struct key_restriction *restrict_link;
1031 : 0 : int ret = 0;
1032 : :
1033 [ # # ]: 0 : keyring = key_ref_to_ptr(keyring_ref);
1034 : 0 : key_check(keyring);
1035 : :
1036 [ # # ]: 0 : if (keyring->type != &key_type_keyring)
1037 : : return -ENOTDIR;
1038 : :
1039 [ # # ]: 0 : if (!type) {
1040 : 0 : restrict_link = keyring_restriction_alloc(restrict_link_reject);
1041 : : } else {
1042 : 0 : restrict_type = key_type_lookup(type);
1043 : :
1044 [ # # ]: 0 : if (IS_ERR(restrict_type))
1045 : 0 : return PTR_ERR(restrict_type);
1046 : :
1047 [ # # ]: 0 : if (!restrict_type->lookup_restriction) {
1048 : 0 : ret = -ENOENT;
1049 : 0 : goto error;
1050 : : }
1051 : :
1052 : 0 : restrict_link = restrict_type->lookup_restriction(restriction);
1053 : : }
1054 : :
1055 [ # # ]: 0 : if (IS_ERR(restrict_link)) {
1056 : 0 : ret = PTR_ERR(restrict_link);
1057 : 0 : goto error;
1058 : : }
1059 : :
1060 : 0 : down_write(&keyring->sem);
1061 : 0 : down_write(&keyring_serialise_restrict_sem);
1062 : :
1063 [ # # ]: 0 : if (keyring->restrict_link)
1064 : : ret = -EEXIST;
1065 [ # # ]: 0 : else if (keyring_detect_restriction_cycle(keyring, restrict_link))
1066 : : ret = -EDEADLK;
1067 : : else
1068 : 0 : keyring->restrict_link = restrict_link;
1069 : :
1070 : 0 : up_write(&keyring_serialise_restrict_sem);
1071 : 0 : up_write(&keyring->sem);
1072 : :
1073 [ # # ]: 0 : if (ret < 0) {
1074 : 0 : key_put(restrict_link->key);
1075 : 0 : kfree(restrict_link);
1076 : : }
1077 : :
1078 : 0 : error:
1079 [ # # ]: 0 : if (restrict_type)
1080 : 0 : key_type_put(restrict_type);
1081 : :
1082 : : return ret;
1083 : : }
1084 : : EXPORT_SYMBOL(keyring_restrict);
1085 : :
1086 : : /*
1087 : : * Search the given keyring for a key that might be updated.
1088 : : *
1089 : : * The caller must guarantee that the keyring is a keyring and that the
1090 : : * permission is granted to modify the keyring as no check is made here. The
1091 : : * caller must also hold a lock on the keyring semaphore.
1092 : : *
1093 : : * Returns a pointer to the found key with usage count incremented if
1094 : : * successful and returns NULL if not found. Revoked and invalidated keys are
1095 : : * skipped over.
1096 : : *
1097 : : * If successful, the possession indicator is propagated from the keyring ref
1098 : : * to the returned key reference.
1099 : : */
1100 : 2184 : key_ref_t find_key_to_update(key_ref_t keyring_ref,
1101 : : const struct keyring_index_key *index_key)
1102 : : {
1103 : 2184 : struct key *keyring, *key;
1104 : 2184 : const void *object;
1105 : :
1106 : 2184 : keyring = key_ref_to_ptr(keyring_ref);
1107 : :
1108 : 2184 : kenter("{%d},{%s,%s}",
1109 : : keyring->serial, index_key->type->name, index_key->description);
1110 : :
1111 : 2184 : object = assoc_array_find(&keyring->keys, &keyring_assoc_array_ops,
1112 : : index_key);
1113 : :
1114 [ - + ]: 2184 : if (object)
1115 : 0 : goto found;
1116 : :
1117 : : kleave(" = NULL");
1118 : : return NULL;
1119 : :
1120 : : found:
1121 [ # # ]: 0 : key = keyring_ptr_to_key(object);
1122 [ # # ]: 0 : if (key->flags & ((1 << KEY_FLAG_INVALIDATED) |
1123 : : (1 << KEY_FLAG_REVOKED))) {
1124 : : kleave(" = NULL [x]");
1125 : : return NULL;
1126 : : }
1127 : 0 : __key_get(key);
1128 : 0 : kleave(" = {%d}", key->serial);
1129 : 0 : return make_key_ref(key, is_key_possessed(keyring_ref));
1130 : : }
1131 : :
1132 : : /*
1133 : : * Find a keyring with the specified name.
1134 : : *
1135 : : * Only keyrings that have nonzero refcount, are not revoked, and are owned by a
1136 : : * user in the current user namespace are considered. If @uid_keyring is %true,
1137 : : * the keyring additionally must have been allocated as a user or user session
1138 : : * keyring; otherwise, it must grant Search permission directly to the caller.
1139 : : *
1140 : : * Returns a pointer to the keyring with the keyring's refcount having being
1141 : : * incremented on success. -ENOKEY is returned if a key could not be found.
1142 : : */
1143 : 0 : struct key *find_keyring_by_name(const char *name, bool uid_keyring)
1144 : : {
1145 [ # # ]: 0 : struct user_namespace *ns = current_user_ns();
1146 : 0 : struct key *keyring;
1147 : :
1148 [ # # ]: 0 : if (!name)
1149 : : return ERR_PTR(-EINVAL);
1150 : :
1151 : 0 : read_lock(&keyring_name_lock);
1152 : :
1153 : : /* Search this hash bucket for a keyring with a matching name that
1154 : : * grants Search permission and that hasn't been revoked
1155 : : */
1156 [ # # ]: 0 : list_for_each_entry(keyring, &ns->keyring_name_list, name_link) {
1157 [ # # ]: 0 : if (!kuid_has_mapping(ns, keyring->user->uid))
1158 : 0 : continue;
1159 : :
1160 [ # # ]: 0 : if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
1161 : 0 : continue;
1162 : :
1163 [ # # ]: 0 : if (strcmp(keyring->description, name) != 0)
1164 : 0 : continue;
1165 : :
1166 [ # # ]: 0 : if (uid_keyring) {
1167 [ # # ]: 0 : if (!test_bit(KEY_FLAG_UID_KEYRING,
1168 : : &keyring->flags))
1169 : 0 : continue;
1170 : : } else {
1171 [ # # ]: 0 : if (key_permission(make_key_ref(keyring, 0),
1172 : : KEY_NEED_SEARCH) < 0)
1173 : 0 : continue;
1174 : : }
1175 : :
1176 : : /* we've got a match but we might end up racing with
1177 : : * key_cleanup() if the keyring is currently 'dead'
1178 : : * (ie. it has a zero usage count) */
1179 [ # # ]: 0 : if (!refcount_inc_not_zero(&keyring->usage))
1180 : 0 : continue;
1181 : 0 : keyring->last_used_at = ktime_get_real_seconds();
1182 : 0 : goto out;
1183 : : }
1184 : :
1185 : : keyring = ERR_PTR(-ENOKEY);
1186 : 0 : out:
1187 : 0 : read_unlock(&keyring_name_lock);
1188 : 0 : return keyring;
1189 : : }
1190 : :
1191 : 0 : static int keyring_detect_cycle_iterator(const void *object,
1192 : : void *iterator_data)
1193 : : {
1194 : 0 : struct keyring_search_context *ctx = iterator_data;
1195 [ # # ]: 0 : const struct key *key = keyring_ptr_to_key(object);
1196 : :
1197 : 0 : kenter("{%d}", key->serial);
1198 : :
1199 : : /* We might get a keyring with matching index-key that is nonetheless a
1200 : : * different keyring. */
1201 [ # # ]: 0 : if (key != ctx->match_data.raw_data)
1202 : : return 0;
1203 : :
1204 : 0 : ctx->result = ERR_PTR(-EDEADLK);
1205 : 0 : return 1;
1206 : : }
1207 : :
1208 : : /*
1209 : : * See if a cycle will will be created by inserting acyclic tree B in acyclic
1210 : : * tree A at the topmost level (ie: as a direct child of A).
1211 : : *
1212 : : * Since we are adding B to A at the top level, checking for cycles should just
1213 : : * be a matter of seeing if node A is somewhere in tree B.
1214 : : */
1215 : 546 : static int keyring_detect_cycle(struct key *A, struct key *B)
1216 : : {
1217 : 546 : struct keyring_search_context ctx = {
1218 : : .index_key = A->index_key,
1219 : : .match_data.raw_data = A,
1220 : : .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
1221 : : .iterator = keyring_detect_cycle_iterator,
1222 : : .flags = (KEYRING_SEARCH_NO_STATE_CHECK |
1223 : : KEYRING_SEARCH_NO_UPDATE_TIME |
1224 : : KEYRING_SEARCH_NO_CHECK_PERM |
1225 : : KEYRING_SEARCH_DETECT_TOO_DEEP |
1226 : : KEYRING_SEARCH_RECURSE),
1227 : : };
1228 : :
1229 : 546 : rcu_read_lock();
1230 : 546 : search_nested_keyrings(B, &ctx);
1231 : 546 : rcu_read_unlock();
1232 [ + - ]: 546 : return PTR_ERR(ctx.result) == -EAGAIN ? 0 : PTR_ERR(ctx.result);
1233 : : }
1234 : :
1235 : : /*
1236 : : * Lock keyring for link.
1237 : : */
1238 : 2886 : int __key_link_lock(struct key *keyring,
1239 : : const struct keyring_index_key *index_key)
1240 : : __acquires(&keyring->sem)
1241 : : __acquires(&keyring_serialise_link_lock)
1242 : : {
1243 [ + - ]: 2886 : if (keyring->type != &key_type_keyring)
1244 : : return -ENOTDIR;
1245 : :
1246 : 2886 : down_write(&keyring->sem);
1247 : :
1248 : : /* Serialise link/link calls to prevent parallel calls causing a cycle
1249 : : * when linking two keyring in opposite orders.
1250 : : */
1251 [ + + ]: 2886 : if (index_key->type == &key_type_keyring)
1252 : 624 : mutex_lock(&keyring_serialise_link_lock);
1253 : :
1254 : : return 0;
1255 : : }
1256 : :
1257 : : /*
1258 : : * Lock keyrings for move (link/unlink combination).
1259 : : */
1260 : 0 : int __key_move_lock(struct key *l_keyring, struct key *u_keyring,
1261 : : const struct keyring_index_key *index_key)
1262 : : __acquires(&l_keyring->sem)
1263 : : __acquires(&u_keyring->sem)
1264 : : __acquires(&keyring_serialise_link_lock)
1265 : : {
1266 [ # # ]: 0 : if (l_keyring->type != &key_type_keyring ||
1267 [ # # ]: 0 : u_keyring->type != &key_type_keyring)
1268 : : return -ENOTDIR;
1269 : :
1270 : : /* We have to be very careful here to take the keyring locks in the
1271 : : * right order, lest we open ourselves to deadlocking against another
1272 : : * move operation.
1273 : : */
1274 [ # # ]: 0 : if (l_keyring < u_keyring) {
1275 : 0 : down_write(&l_keyring->sem);
1276 : 0 : down_write_nested(&u_keyring->sem, 1);
1277 : : } else {
1278 : 0 : down_write(&u_keyring->sem);
1279 : 0 : down_write_nested(&l_keyring->sem, 1);
1280 : : }
1281 : :
1282 : : /* Serialise link/link calls to prevent parallel calls causing a cycle
1283 : : * when linking two keyring in opposite orders.
1284 : : */
1285 [ # # ]: 0 : if (index_key->type == &key_type_keyring)
1286 : 0 : mutex_lock(&keyring_serialise_link_lock);
1287 : :
1288 : : return 0;
1289 : : }
1290 : :
1291 : : /*
1292 : : * Preallocate memory so that a key can be linked into to a keyring.
1293 : : */
1294 : 2886 : int __key_link_begin(struct key *keyring,
1295 : : const struct keyring_index_key *index_key,
1296 : : struct assoc_array_edit **_edit)
1297 : : {
1298 : 2886 : struct assoc_array_edit *edit;
1299 : 2886 : int ret;
1300 : :
1301 : 2886 : kenter("%d,%s,%s,",
1302 : : keyring->serial, index_key->type->name, index_key->description);
1303 : :
1304 [ - + ]: 2886 : BUG_ON(index_key->desc_len == 0);
1305 [ - + ]: 2886 : BUG_ON(*_edit != NULL);
1306 : :
1307 : 2886 : *_edit = NULL;
1308 : :
1309 : 2886 : ret = -EKEYREVOKED;
1310 [ - + ]: 2886 : if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
1311 : 0 : goto error;
1312 : :
1313 : : /* Create an edit script that will insert/replace the key in the
1314 : : * keyring tree.
1315 : : */
1316 : 2886 : edit = assoc_array_insert(&keyring->keys,
1317 : : &keyring_assoc_array_ops,
1318 : : index_key,
1319 : : NULL);
1320 [ - + ]: 2886 : if (IS_ERR(edit)) {
1321 : 0 : ret = PTR_ERR(edit);
1322 : 0 : goto error;
1323 : : }
1324 : :
1325 : : /* If we're not replacing a link in-place then we're going to need some
1326 : : * extra quota.
1327 : : */
1328 [ + - ]: 2886 : if (!edit->dead_leaf) {
1329 : 2886 : ret = key_payload_reserve(keyring,
1330 : 2886 : keyring->datalen + KEYQUOTA_LINK_BYTES);
1331 [ - + ]: 2886 : if (ret < 0)
1332 : 0 : goto error_cancel;
1333 : : }
1334 : :
1335 : 2886 : *_edit = edit;
1336 : 2886 : kleave(" = 0");
1337 : 2886 : return 0;
1338 : :
1339 : : error_cancel:
1340 : 0 : assoc_array_cancel_edit(edit);
1341 : : error:
1342 : : kleave(" = %d", ret);
1343 : : return ret;
1344 : : }
1345 : :
1346 : : /*
1347 : : * Check already instantiated keys aren't going to be a problem.
1348 : : *
1349 : : * The caller must have called __key_link_begin(). Don't need to call this for
1350 : : * keys that were created since __key_link_begin() was called.
1351 : : */
1352 : 546 : int __key_link_check_live_key(struct key *keyring, struct key *key)
1353 : : {
1354 [ # # ]: 0 : if (key->type == &key_type_keyring)
1355 : : /* check that we aren't going to create a cycle by linking one
1356 : : * keyring to another */
1357 : 546 : return keyring_detect_cycle(keyring, key);
1358 : : return 0;
1359 : : }
1360 : :
1361 : : /*
1362 : : * Link a key into to a keyring.
1363 : : *
1364 : : * Must be called with __key_link_begin() having being called. Discards any
1365 : : * already extant link to matching key if there is one, so that each keyring
1366 : : * holds at most one link to any given key of a particular type+description
1367 : : * combination.
1368 : : */
1369 : 2886 : void __key_link(struct key *key, struct assoc_array_edit **_edit)
1370 : : {
1371 : 2886 : __key_get(key);
1372 [ + + ]: 3510 : assoc_array_insert_set_object(*_edit, keyring_key_to_ptr(key));
1373 : 2886 : assoc_array_apply_edit(*_edit);
1374 : 2886 : *_edit = NULL;
1375 : 2886 : }
1376 : :
1377 : : /*
1378 : : * Finish linking a key into to a keyring.
1379 : : *
1380 : : * Must be called with __key_link_begin() having being called.
1381 : : */
1382 : 2886 : void __key_link_end(struct key *keyring,
1383 : : const struct keyring_index_key *index_key,
1384 : : struct assoc_array_edit *edit)
1385 : : __releases(&keyring->sem)
1386 : : __releases(&keyring_serialise_link_lock)
1387 : : {
1388 [ - + ]: 2886 : BUG_ON(index_key->type == NULL);
1389 : 2886 : kenter("%d,%s,", keyring->serial, index_key->type->name);
1390 : :
1391 [ - + ]: 2886 : if (edit) {
1392 [ # # ]: 0 : if (!edit->dead_leaf) {
1393 : 0 : key_payload_reserve(keyring,
1394 : 0 : keyring->datalen - KEYQUOTA_LINK_BYTES);
1395 : : }
1396 : 0 : assoc_array_cancel_edit(edit);
1397 : : }
1398 : 2886 : up_write(&keyring->sem);
1399 : :
1400 [ + + ]: 2886 : if (index_key->type == &key_type_keyring)
1401 : 624 : mutex_unlock(&keyring_serialise_link_lock);
1402 : 2886 : }
1403 : :
1404 : : /*
1405 : : * Check addition of keys to restricted keyrings.
1406 : : */
1407 : 546 : static int __key_link_check_restriction(struct key *keyring, struct key *key)
1408 : : {
1409 [ # # # # ]: 0 : if (!keyring->restrict_link || !keyring->restrict_link->check)
1410 : : return 0;
1411 : 0 : return keyring->restrict_link->check(keyring, key->type, &key->payload,
1412 : : keyring->restrict_link->key);
1413 : : }
1414 : :
1415 : : /**
1416 : : * key_link - Link a key to a keyring
1417 : : * @keyring: The keyring to make the link in.
1418 : : * @key: The key to link to.
1419 : : *
1420 : : * Make a link in a keyring to a key, such that the keyring holds a reference
1421 : : * on that key and the key can potentially be found by searching that keyring.
1422 : : *
1423 : : * This function will write-lock the keyring's semaphore and will consume some
1424 : : * of the user's key data quota to hold the link.
1425 : : *
1426 : : * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring,
1427 : : * -EKEYREVOKED if the keyring has been revoked, -ENFILE if the keyring is
1428 : : * full, -EDQUOT if there is insufficient key data quota remaining to add
1429 : : * another link or -ENOMEM if there's insufficient memory.
1430 : : *
1431 : : * It is assumed that the caller has checked that it is permitted for a link to
1432 : : * be made (the keyring should have Write permission and the key Link
1433 : : * permission).
1434 : : */
1435 : 546 : int key_link(struct key *keyring, struct key *key)
1436 : : {
1437 : 546 : struct assoc_array_edit *edit = NULL;
1438 : 546 : int ret;
1439 : :
1440 : 546 : kenter("{%d,%d}", keyring->serial, refcount_read(&keyring->usage));
1441 : :
1442 : 546 : key_check(keyring);
1443 : 546 : key_check(key);
1444 : :
1445 : 546 : ret = __key_link_lock(keyring, &key->index_key);
1446 [ - + ]: 546 : if (ret < 0)
1447 : 0 : goto error;
1448 : :
1449 : 546 : ret = __key_link_begin(keyring, &key->index_key, &edit);
1450 [ - + ]: 546 : if (ret < 0)
1451 : 0 : goto error_end;
1452 : :
1453 : 546 : kdebug("begun {%d,%d}", keyring->serial, refcount_read(&keyring->usage));
1454 [ - + ]: 546 : ret = __key_link_check_restriction(keyring, key);
1455 [ # # ]: 0 : if (ret == 0)
1456 [ + - ]: 546 : ret = __key_link_check_live_key(keyring, key);
1457 [ - + ]: 546 : if (ret == 0)
1458 : 546 : __key_link(key, &edit);
1459 : :
1460 : 0 : error_end:
1461 : 546 : __key_link_end(keyring, &key->index_key, edit);
1462 : 546 : error:
1463 : 546 : kleave(" = %d {%d,%d}", ret, keyring->serial, refcount_read(&keyring->usage));
1464 : 546 : return ret;
1465 : : }
1466 : : EXPORT_SYMBOL(key_link);
1467 : :
1468 : : /*
1469 : : * Lock a keyring for unlink.
1470 : : */
1471 : 0 : static int __key_unlink_lock(struct key *keyring)
1472 : : __acquires(&keyring->sem)
1473 : : {
1474 : 0 : if (keyring->type != &key_type_keyring)
1475 : : return -ENOTDIR;
1476 : :
1477 : 0 : down_write(&keyring->sem);
1478 : 0 : return 0;
1479 : : }
1480 : :
1481 : : /*
1482 : : * Begin the process of unlinking a key from a keyring.
1483 : : */
1484 : 0 : static int __key_unlink_begin(struct key *keyring, struct key *key,
1485 : : struct assoc_array_edit **_edit)
1486 : : {
1487 : 0 : struct assoc_array_edit *edit;
1488 : :
1489 [ # # ]: 0 : BUG_ON(*_edit != NULL);
1490 : :
1491 : 0 : edit = assoc_array_delete(&keyring->keys, &keyring_assoc_array_ops,
1492 : 0 : &key->index_key);
1493 [ # # ]: 0 : if (IS_ERR(edit))
1494 : 0 : return PTR_ERR(edit);
1495 : :
1496 [ # # ]: 0 : if (!edit)
1497 : : return -ENOENT;
1498 : :
1499 : 0 : *_edit = edit;
1500 : 0 : return 0;
1501 : : }
1502 : :
1503 : : /*
1504 : : * Apply an unlink change.
1505 : : */
1506 : : static void __key_unlink(struct key *keyring, struct key *key,
1507 : : struct assoc_array_edit **_edit)
1508 : : {
1509 : : assoc_array_apply_edit(*_edit);
1510 : : *_edit = NULL;
1511 : : key_payload_reserve(keyring, keyring->datalen - KEYQUOTA_LINK_BYTES);
1512 : : }
1513 : :
1514 : : /*
1515 : : * Finish unlinking a key from to a keyring.
1516 : : */
1517 : 0 : static void __key_unlink_end(struct key *keyring,
1518 : : struct key *key,
1519 : : struct assoc_array_edit *edit)
1520 : : __releases(&keyring->sem)
1521 : : {
1522 : 0 : if (edit)
1523 : 0 : assoc_array_cancel_edit(edit);
1524 : 0 : up_write(&keyring->sem);
1525 : 0 : }
1526 : :
1527 : : /**
1528 : : * key_unlink - Unlink the first link to a key from a keyring.
1529 : : * @keyring: The keyring to remove the link from.
1530 : : * @key: The key the link is to.
1531 : : *
1532 : : * Remove a link from a keyring to a key.
1533 : : *
1534 : : * This function will write-lock the keyring's semaphore.
1535 : : *
1536 : : * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring, -ENOENT if
1537 : : * the key isn't linked to by the keyring or -ENOMEM if there's insufficient
1538 : : * memory.
1539 : : *
1540 : : * It is assumed that the caller has checked that it is permitted for a link to
1541 : : * be removed (the keyring should have Write permission; no permissions are
1542 : : * required on the key).
1543 : : */
1544 : 0 : int key_unlink(struct key *keyring, struct key *key)
1545 : : {
1546 : 0 : struct assoc_array_edit *edit = NULL;
1547 : 0 : int ret;
1548 : :
1549 : 0 : key_check(keyring);
1550 : 0 : key_check(key);
1551 : :
1552 [ # # ]: 0 : ret = __key_unlink_lock(keyring);
1553 : 0 : if (ret < 0)
1554 : : return ret;
1555 : :
1556 : 0 : ret = __key_unlink_begin(keyring, key, &edit);
1557 [ # # ]: 0 : if (ret == 0)
1558 : 0 : __key_unlink(keyring, key, &edit);
1559 [ # # ]: 0 : __key_unlink_end(keyring, key, edit);
1560 : 0 : return ret;
1561 : : }
1562 : : EXPORT_SYMBOL(key_unlink);
1563 : :
1564 : : /**
1565 : : * key_move - Move a key from one keyring to another
1566 : : * @key: The key to move
1567 : : * @from_keyring: The keyring to remove the link from.
1568 : : * @to_keyring: The keyring to make the link in.
1569 : : * @flags: Qualifying flags, such as KEYCTL_MOVE_EXCL.
1570 : : *
1571 : : * Make a link in @to_keyring to a key, such that the keyring holds a reference
1572 : : * on that key and the key can potentially be found by searching that keyring
1573 : : * whilst simultaneously removing a link to the key from @from_keyring.
1574 : : *
1575 : : * This function will write-lock both keyring's semaphores and will consume
1576 : : * some of the user's key data quota to hold the link on @to_keyring.
1577 : : *
1578 : : * Returns 0 if successful, -ENOTDIR if either keyring isn't a keyring,
1579 : : * -EKEYREVOKED if either keyring has been revoked, -ENFILE if the second
1580 : : * keyring is full, -EDQUOT if there is insufficient key data quota remaining
1581 : : * to add another link or -ENOMEM if there's insufficient memory. If
1582 : : * KEYCTL_MOVE_EXCL is set, then -EEXIST will be returned if there's already a
1583 : : * matching key in @to_keyring.
1584 : : *
1585 : : * It is assumed that the caller has checked that it is permitted for a link to
1586 : : * be made (the keyring should have Write permission and the key Link
1587 : : * permission).
1588 : : */
1589 : 0 : int key_move(struct key *key,
1590 : : struct key *from_keyring,
1591 : : struct key *to_keyring,
1592 : : unsigned int flags)
1593 : : {
1594 : 0 : struct assoc_array_edit *from_edit = NULL, *to_edit = NULL;
1595 : 0 : int ret;
1596 : :
1597 : 0 : kenter("%d,%d,%d", key->serial, from_keyring->serial, to_keyring->serial);
1598 : :
1599 [ # # ]: 0 : if (from_keyring == to_keyring)
1600 : : return 0;
1601 : :
1602 : 0 : key_check(key);
1603 : 0 : key_check(from_keyring);
1604 : 0 : key_check(to_keyring);
1605 : :
1606 : 0 : ret = __key_move_lock(from_keyring, to_keyring, &key->index_key);
1607 [ # # ]: 0 : if (ret < 0)
1608 : 0 : goto out;
1609 : 0 : ret = __key_unlink_begin(from_keyring, key, &from_edit);
1610 [ # # ]: 0 : if (ret < 0)
1611 : 0 : goto error;
1612 : 0 : ret = __key_link_begin(to_keyring, &key->index_key, &to_edit);
1613 [ # # ]: 0 : if (ret < 0)
1614 : 0 : goto error;
1615 : :
1616 : 0 : ret = -EEXIST;
1617 [ # # # # ]: 0 : if (to_edit->dead_leaf && (flags & KEYCTL_MOVE_EXCL))
1618 : 0 : goto error;
1619 : :
1620 [ # # ]: 0 : ret = __key_link_check_restriction(to_keyring, key);
1621 [ # # ]: 0 : if (ret < 0)
1622 : 0 : goto error;
1623 [ # # ]: 0 : ret = __key_link_check_live_key(to_keyring, key);
1624 [ # # ]: 0 : if (ret < 0)
1625 : 0 : goto error;
1626 : :
1627 : 0 : __key_unlink(from_keyring, key, &from_edit);
1628 : 0 : __key_link(key, &to_edit);
1629 : 0 : error:
1630 : 0 : __key_link_end(to_keyring, &key->index_key, to_edit);
1631 [ # # ]: 0 : __key_unlink_end(from_keyring, key, from_edit);
1632 : : out:
1633 : : kleave(" = %d", ret);
1634 : : return ret;
1635 : : }
1636 : : EXPORT_SYMBOL(key_move);
1637 : :
1638 : : /**
1639 : : * keyring_clear - Clear a keyring
1640 : : * @keyring: The keyring to clear.
1641 : : *
1642 : : * Clear the contents of the specified keyring.
1643 : : *
1644 : : * Returns 0 if successful or -ENOTDIR if the keyring isn't a keyring.
1645 : : */
1646 : 0 : int keyring_clear(struct key *keyring)
1647 : : {
1648 : 0 : struct assoc_array_edit *edit;
1649 : 0 : int ret;
1650 : :
1651 [ # # ]: 0 : if (keyring->type != &key_type_keyring)
1652 : : return -ENOTDIR;
1653 : :
1654 : 0 : down_write(&keyring->sem);
1655 : :
1656 : 0 : edit = assoc_array_clear(&keyring->keys, &keyring_assoc_array_ops);
1657 [ # # ]: 0 : if (IS_ERR(edit)) {
1658 : 0 : ret = PTR_ERR(edit);
1659 : : } else {
1660 [ # # ]: 0 : if (edit)
1661 : 0 : assoc_array_apply_edit(edit);
1662 : 0 : key_payload_reserve(keyring, 0);
1663 : 0 : ret = 0;
1664 : : }
1665 : :
1666 : 0 : up_write(&keyring->sem);
1667 : 0 : return ret;
1668 : : }
1669 : : EXPORT_SYMBOL(keyring_clear);
1670 : :
1671 : : /*
1672 : : * Dispose of the links from a revoked keyring.
1673 : : *
1674 : : * This is called with the key sem write-locked.
1675 : : */
1676 : 0 : static void keyring_revoke(struct key *keyring)
1677 : : {
1678 : 0 : struct assoc_array_edit *edit;
1679 : :
1680 : 0 : edit = assoc_array_clear(&keyring->keys, &keyring_assoc_array_ops);
1681 [ # # ]: 0 : if (!IS_ERR(edit)) {
1682 [ # # ]: 0 : if (edit)
1683 : 0 : assoc_array_apply_edit(edit);
1684 : 0 : key_payload_reserve(keyring, 0);
1685 : : }
1686 : 0 : }
1687 : :
1688 : 0 : static bool keyring_gc_select_iterator(void *object, void *iterator_data)
1689 : : {
1690 [ # # ]: 0 : struct key *key = keyring_ptr_to_key(object);
1691 : 0 : time64_t *limit = iterator_data;
1692 : :
1693 [ # # # # ]: 0 : if (key_is_dead(key, *limit))
1694 : : return false;
1695 [ # # ]: 0 : key_get(key);
1696 : : return true;
1697 : : }
1698 : :
1699 : 0 : static int keyring_gc_check_iterator(const void *object, void *iterator_data)
1700 : : {
1701 [ # # ]: 0 : const struct key *key = keyring_ptr_to_key(object);
1702 : 0 : time64_t *limit = iterator_data;
1703 : :
1704 : 0 : key_check(key);
1705 [ # # ]: 0 : return key_is_dead(key, *limit);
1706 : : }
1707 : :
1708 : : /*
1709 : : * Garbage collect pointers from a keyring.
1710 : : *
1711 : : * Not called with any locks held. The keyring's key struct will not be
1712 : : * deallocated under us as only our caller may deallocate it.
1713 : : */
1714 : 0 : void keyring_gc(struct key *keyring, time64_t limit)
1715 : : {
1716 : 0 : int result;
1717 : :
1718 : 0 : kenter("%x{%s}", keyring->serial, keyring->description ?: "");
1719 : :
1720 [ # # ]: 0 : if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) |
1721 : : (1 << KEY_FLAG_REVOKED)))
1722 : 0 : goto dont_gc;
1723 : :
1724 : : /* scan the keyring looking for dead keys */
1725 : 0 : rcu_read_lock();
1726 : 0 : result = assoc_array_iterate(&keyring->keys,
1727 : : keyring_gc_check_iterator, &limit);
1728 : 0 : rcu_read_unlock();
1729 [ # # ]: 0 : if (result == true)
1730 : 0 : goto do_gc;
1731 : :
1732 : 0 : dont_gc:
1733 : : kleave(" [no gc]");
1734 : : return;
1735 : :
1736 : : do_gc:
1737 : 0 : down_write(&keyring->sem);
1738 : 0 : assoc_array_gc(&keyring->keys, &keyring_assoc_array_ops,
1739 : : keyring_gc_select_iterator, &limit);
1740 : 0 : up_write(&keyring->sem);
1741 : 0 : kleave(" [gc]");
1742 : : }
1743 : :
1744 : : /*
1745 : : * Garbage collect restriction pointers from a keyring.
1746 : : *
1747 : : * Keyring restrictions are associated with a key type, and must be cleaned
1748 : : * up if the key type is unregistered. The restriction is altered to always
1749 : : * reject additional keys so a keyring cannot be opened up by unregistering
1750 : : * a key type.
1751 : : *
1752 : : * Not called with any keyring locks held. The keyring's key struct will not
1753 : : * be deallocated under us as only our caller may deallocate it.
1754 : : *
1755 : : * The caller is required to hold key_types_sem and dead_type->sem. This is
1756 : : * fulfilled by key_gc_keytype() holding the locks on behalf of
1757 : : * key_garbage_collector(), which it invokes on a workqueue.
1758 : : */
1759 : 0 : void keyring_restriction_gc(struct key *keyring, struct key_type *dead_type)
1760 : : {
1761 : 0 : struct key_restriction *keyres;
1762 : :
1763 : 0 : kenter("%x{%s}", keyring->serial, keyring->description ?: "");
1764 : :
1765 : : /*
1766 : : * keyring->restrict_link is only assigned at key allocation time
1767 : : * or with the key type locked, so the only values that could be
1768 : : * concurrently assigned to keyring->restrict_link are for key
1769 : : * types other than dead_type. Given this, it's ok to check
1770 : : * the key type before acquiring keyring->sem.
1771 : : */
1772 [ # # # # ]: 0 : if (!dead_type || !keyring->restrict_link ||
1773 [ # # ]: 0 : keyring->restrict_link->keytype != dead_type) {
1774 : : kleave(" [no restriction gc]");
1775 : : return;
1776 : : }
1777 : :
1778 : : /* Lock the keyring to ensure that a link is not in progress */
1779 : 0 : down_write(&keyring->sem);
1780 : :
1781 : 0 : keyres = keyring->restrict_link;
1782 : :
1783 : 0 : keyres->check = restrict_link_reject;
1784 : :
1785 : 0 : key_put(keyres->key);
1786 : 0 : keyres->key = NULL;
1787 : 0 : keyres->keytype = NULL;
1788 : :
1789 : 0 : up_write(&keyring->sem);
1790 : :
1791 : 0 : kleave(" [restriction gc]");
1792 : : }
|