LCOV - code coverage report
Current view: top level - security/keys - keyring.c (source / functions) Hit Total Coverage
Test: combined.info Lines: 298 698 42.7 %
Date: 2022-04-01 13:59:58 Functions: 25 47 53.2 %
Branches: 118 414 28.5 %

           Branch data     Line data    Source code
       1                 :            : // SPDX-License-Identifier: GPL-2.0-or-later
       2                 :            : /* Keyring handling
       3                 :            :  *
       4                 :            :  * Copyright (C) 2004-2005, 2008, 2013 Red Hat, Inc. All Rights Reserved.
       5                 :            :  * Written by David Howells (dhowells@redhat.com)
       6                 :            :  */
       7                 :            : 
       8                 :            : #include <linux/export.h>
       9                 :            : #include <linux/init.h>
      10                 :            : #include <linux/sched.h>
      11                 :            : #include <linux/slab.h>
      12                 :            : #include <linux/security.h>
      13                 :            : #include <linux/seq_file.h>
      14                 :            : #include <linux/err.h>
      15                 :            : #include <linux/user_namespace.h>
      16                 :            : #include <linux/nsproxy.h>
      17                 :            : #include <keys/keyring-type.h>
      18                 :            : #include <keys/user-type.h>
      19                 :            : #include <linux/assoc_array_priv.h>
      20                 :            : #include <linux/uaccess.h>
      21                 :            : #include <net/net_namespace.h>
      22                 :            : #include "internal.h"
      23                 :            : 
      24                 :            : /*
      25                 :            :  * When plumbing the depths of the key tree, this sets a hard limit
      26                 :            :  * set on how deep we're willing to go.
      27                 :            :  */
      28                 :            : #define KEYRING_SEARCH_MAX_DEPTH 6
      29                 :            : 
      30                 :            : /*
      31                 :            :  * We mark pointers we pass to the associative array with bit 1 set if
      32                 :            :  * they're keyrings and clear otherwise.
      33                 :            :  */
      34                 :            : #define KEYRING_PTR_SUBTYPE     0x2UL
      35                 :            : 
      36                 :       1248 : static inline bool keyring_ptr_is_keyring(const struct assoc_array_ptr *x)
      37                 :            : {
      38                 :       1248 :         return (unsigned long)x & KEYRING_PTR_SUBTYPE;
      39                 :            : }
      40                 :      13494 : static inline struct key *keyring_ptr_to_key(const struct assoc_array_ptr *x)
      41                 :            : {
      42                 :      13494 :         void *object = assoc_array_ptr_to_leaf(x);
      43                 :       2028 :         return (struct key *)((unsigned long)object & ~KEYRING_PTR_SUBTYPE);
      44                 :            : }
      45                 :       2886 : static inline void *keyring_key_to_ptr(struct key *key)
      46                 :            : {
      47                 :       2886 :         if (key->type == &key_type_keyring)
      48                 :        624 :                 return (void *)((unsigned long)key | KEYRING_PTR_SUBTYPE);
      49                 :            :         return key;
      50                 :            : }
      51                 :            : 
      52                 :            : static DEFINE_RWLOCK(keyring_name_lock);
      53                 :            : 
      54                 :            : /*
      55                 :            :  * Clean up the bits of user_namespace that belong to us.
      56                 :            :  */
      57                 :          0 : void key_free_user_ns(struct user_namespace *ns)
      58                 :            : {
      59                 :          0 :         write_lock(&keyring_name_lock);
      60                 :          0 :         list_del_init(&ns->keyring_name_list);
      61                 :          0 :         write_unlock(&keyring_name_lock);
      62                 :            : 
      63                 :          0 :         key_put(ns->user_keyring_register);
      64                 :            : #ifdef CONFIG_PERSISTENT_KEYRINGS
      65                 :            :         key_put(ns->persistent_keyring_register);
      66                 :            : #endif
      67                 :          0 : }
      68                 :            : 
      69                 :            : /*
      70                 :            :  * The keyring key type definition.  Keyrings are simply keys of this type and
      71                 :            :  * can be treated as ordinary keys in addition to having their own special
      72                 :            :  * operations.
      73                 :            :  */
      74                 :            : static int keyring_preparse(struct key_preparsed_payload *prep);
      75                 :            : static void keyring_free_preparse(struct key_preparsed_payload *prep);
      76                 :            : static int keyring_instantiate(struct key *keyring,
      77                 :            :                                struct key_preparsed_payload *prep);
      78                 :            : static void keyring_revoke(struct key *keyring);
      79                 :            : static void keyring_destroy(struct key *keyring);
      80                 :            : static void keyring_describe(const struct key *keyring, struct seq_file *m);
      81                 :            : static long keyring_read(const struct key *keyring,
      82                 :            :                          char __user *buffer, size_t buflen);
      83                 :            : 
      84                 :            : struct key_type key_type_keyring = {
      85                 :            :         .name           = "keyring",
      86                 :            :         .def_datalen    = 0,
      87                 :            :         .preparse       = keyring_preparse,
      88                 :            :         .free_preparse  = keyring_free_preparse,
      89                 :            :         .instantiate    = keyring_instantiate,
      90                 :            :         .revoke         = keyring_revoke,
      91                 :            :         .destroy        = keyring_destroy,
      92                 :            :         .describe       = keyring_describe,
      93                 :            :         .read           = keyring_read,
      94                 :            : };
      95                 :            : EXPORT_SYMBOL(key_type_keyring);
      96                 :            : 
      97                 :            : /*
      98                 :            :  * Semaphore to serialise link/link calls to prevent two link calls in parallel
      99                 :            :  * introducing a cycle.
     100                 :            :  */
     101                 :            : static DEFINE_MUTEX(keyring_serialise_link_lock);
     102                 :            : 
     103                 :            : /*
     104                 :            :  * Publish the name of a keyring so that it can be found by name (if it has
     105                 :            :  * one and it doesn't begin with a dot).
     106                 :            :  */
     107                 :       2730 : static void keyring_publish_name(struct key *keyring)
     108                 :            : {
     109         [ +  - ]:       2730 :         struct user_namespace *ns = current_user_ns();
     110                 :            : 
     111         [ +  - ]:       2730 :         if (keyring->description &&
     112   [ +  -  +  + ]:       2730 :             keyring->description[0] &&
     113                 :            :             keyring->description[0] != '.') {
     114                 :       2340 :                 write_lock(&keyring_name_lock);
     115                 :       2340 :                 list_add_tail(&keyring->name_link, &ns->keyring_name_list);
     116                 :       2340 :                 write_unlock(&keyring_name_lock);
     117                 :            :         }
     118                 :       2730 : }
     119                 :            : 
     120                 :            : /*
     121                 :            :  * Preparse a keyring payload
     122                 :            :  */
     123                 :       2730 : static int keyring_preparse(struct key_preparsed_payload *prep)
     124                 :            : {
     125         [ +  - ]:       2730 :         return prep->datalen != 0 ? -EINVAL : 0;
     126                 :            : }
     127                 :            : 
     128                 :            : /*
     129                 :            :  * Free a preparse of a user defined key payload
     130                 :            :  */
     131                 :       2730 : static void keyring_free_preparse(struct key_preparsed_payload *prep)
     132                 :            : {
     133                 :       2730 : }
     134                 :            : 
     135                 :            : /*
     136                 :            :  * Initialise a keyring.
     137                 :            :  *
     138                 :            :  * Returns 0 on success, -EINVAL if given any data.
     139                 :            :  */
     140                 :       2730 : static int keyring_instantiate(struct key *keyring,
     141                 :            :                                struct key_preparsed_payload *prep)
     142                 :            : {
     143                 :       2730 :         assoc_array_init(&keyring->keys);
     144                 :            :         /* make the keyring available by name if it has one */
     145                 :       2730 :         keyring_publish_name(keyring);
     146                 :       2730 :         return 0;
     147                 :            : }
     148                 :            : 
     149                 :            : /*
     150                 :            :  * Multiply 64-bits by 32-bits to 96-bits and fold back to 64-bit.  Ideally we'd
     151                 :            :  * fold the carry back too, but that requires inline asm.
     152                 :            :  */
     153                 :      45630 : static u64 mult_64x32_and_fold(u64 x, u32 y)
     154                 :            : {
     155                 :      45630 :         u64 hi = (u64)(u32)(x >> 32) * y;
     156                 :      45630 :         u64 lo = (u64)(u32)(x) * y;
     157                 :      45630 :         return lo + ((u64)(u32)hi << 32) + (u32)(hi >> 32);
     158                 :            : }
     159                 :            : 
     160                 :            : /*
     161                 :            :  * Hash a key type and description.
     162                 :            :  */
     163                 :      10920 : static void hash_key_type_and_desc(struct keyring_index_key *index_key)
     164                 :            : {
     165                 :      10920 :         const unsigned level_shift = ASSOC_ARRAY_LEVEL_STEP;
     166                 :      10920 :         const unsigned long fan_mask = ASSOC_ARRAY_FAN_MASK;
     167                 :      10920 :         const char *description = index_key->description;
     168                 :      10920 :         unsigned long hash, type;
     169                 :      10920 :         u32 piece;
     170                 :      10920 :         u64 acc;
     171                 :      10920 :         int n, desc_len = index_key->desc_len;
     172                 :            : 
     173                 :      10920 :         type = (unsigned long)index_key->type;
     174                 :      10920 :         acc = mult_64x32_and_fold(type, desc_len + 13);
     175                 :      10920 :         acc = mult_64x32_and_fold(acc, 9207);
     176                 :      10920 :         piece = (unsigned long)index_key->domain_tag;
     177                 :      10920 :         acc = mult_64x32_and_fold(acc, piece);
     178                 :      10920 :         acc = mult_64x32_and_fold(acc, 9207);
     179                 :            : 
     180                 :      80340 :         for (;;) {
     181                 :      80340 :                 n = desc_len;
     182         [ +  + ]:      45630 :                 if (n <= 0)
     183                 :            :                         break;
     184                 :      34710 :                 if (n > 4)
     185                 :            :                         n = 4;
     186                 :      34710 :                 piece = 0;
     187                 :      34710 :                 memcpy(&piece, description, n);
     188                 :      34710 :                 description += n;
     189                 :      34710 :                 desc_len -= n;
     190                 :      34710 :                 acc = mult_64x32_and_fold(acc, piece);
     191                 :      34710 :                 acc = mult_64x32_and_fold(acc, 9207);
     192                 :            :         }
     193                 :            : 
     194                 :            :         /* Fold the hash down to 32 bits if need be. */
     195                 :      10920 :         hash = acc;
     196                 :      10920 :         if (ASSOC_ARRAY_KEY_CHUNK_SIZE == 32)
     197                 :            :                 hash ^= acc >> 32;
     198                 :            : 
     199                 :            :         /* Squidge all the keyrings into a separate part of the tree to
     200                 :            :          * ordinary keys by making sure the lowest level segment in the hash is
     201                 :            :          * zero for keyrings and non-zero otherwise.
     202                 :            :          */
     203   [ +  +  -  + ]:      10920 :         if (index_key->type != &key_type_keyring && (hash & fan_mask) == 0)
     204                 :          0 :                 hash |= (hash >> (ASSOC_ARRAY_KEY_CHUNK_SIZE - level_shift)) | 1;
     205   [ +  +  +  - ]:      10920 :         else if (index_key->type == &key_type_keyring && (hash & fan_mask) != 0)
     206                 :       4212 :                 hash = (hash + (hash << level_shift)) & ~fan_mask;
     207                 :      10920 :         index_key->hash = hash;
     208                 :      10920 : }
     209                 :            : 
     210                 :            : /*
     211                 :            :  * Finalise an index key to include a part of the description actually in the
     212                 :            :  * index key, to set the domain tag and to calculate the hash.
     213                 :            :  */
     214                 :      10920 : void key_set_index_key(struct keyring_index_key *index_key)
     215                 :            : {
     216                 :      10920 :         static struct key_tag default_domain_tag = { .usage = REFCOUNT_INIT(1), };
     217                 :      10920 :         size_t n = min_t(size_t, index_key->desc_len, sizeof(index_key->desc));
     218                 :            : 
     219                 :      10920 :         memcpy(index_key->desc, index_key->description, n);
     220                 :            : 
     221         [ +  + ]:      10920 :         if (!index_key->domain_tag) {
     222         [ -  + ]:       8190 :                 if (index_key->type->flags & KEY_TYPE_NET_DOMAIN)
     223                 :          0 :                         index_key->domain_tag = current->nsproxy->net_ns->key_domain;
     224                 :            :                 else
     225                 :       8190 :                         index_key->domain_tag = &default_domain_tag;
     226                 :            :         }
     227                 :            : 
     228                 :      10920 :         hash_key_type_and_desc(index_key);
     229                 :      10920 : }
     230                 :            : 
     231                 :            : /**
     232                 :            :  * key_put_tag - Release a ref on a tag.
     233                 :            :  * @tag: The tag to release.
     234                 :            :  *
     235                 :            :  * This releases a reference the given tag and returns true if that ref was the
     236                 :            :  * last one.
     237                 :            :  */
     238                 :       3276 : bool key_put_tag(struct key_tag *tag)
     239                 :            : {
     240         [ -  + ]:       3276 :         if (refcount_dec_and_test(&tag->usage)) {
     241         [ #  # ]:          0 :                 kfree_rcu(tag, rcu);
     242                 :          0 :                 return true;
     243                 :            :         }
     244                 :            : 
     245                 :            :         return false;
     246                 :            : }
     247                 :            : 
     248                 :            : /**
     249                 :            :  * key_remove_domain - Kill off a key domain and gc its keys
     250                 :            :  * @domain_tag: The domain tag to release.
     251                 :            :  *
     252                 :            :  * This marks a domain tag as being dead and releases a ref on it.  If that
     253                 :            :  * wasn't the last reference, the garbage collector is poked to try and delete
     254                 :            :  * all keys that were in the domain.
     255                 :            :  */
     256                 :          0 : void key_remove_domain(struct key_tag *domain_tag)
     257                 :            : {
     258                 :          0 :         domain_tag->removed = true;
     259         [ #  # ]:          0 :         if (!key_put_tag(domain_tag))
     260                 :          0 :                 key_schedule_gc_links();
     261                 :          0 : }
     262                 :            : 
     263                 :            : /*
     264                 :            :  * Build the next index key chunk.
     265                 :            :  *
     266                 :            :  * We return it one word-sized chunk at a time.
     267                 :            :  */
     268                 :       3978 : static unsigned long keyring_get_key_chunk(const void *data, int level)
     269                 :            : {
     270                 :       3978 :         const struct keyring_index_key *index_key = data;
     271                 :       3978 :         unsigned long chunk = 0;
     272                 :       3978 :         const u8 *d;
     273                 :       3978 :         int desc_len = index_key->desc_len, n = sizeof(chunk);
     274                 :            : 
     275                 :       3978 :         level /= ASSOC_ARRAY_KEY_CHUNK_SIZE;
     276   [ +  -  -  -  :       3978 :         switch (level) {
                      - ]
     277                 :       3978 :         case 0:
     278                 :       3978 :                 return index_key->hash;
     279                 :          0 :         case 1:
     280                 :          0 :                 return index_key->x;
     281                 :          0 :         case 2:
     282                 :          0 :                 return (unsigned long)index_key->type;
     283                 :          0 :         case 3:
     284                 :          0 :                 return (unsigned long)index_key->domain_tag;
     285                 :          0 :         default:
     286                 :          0 :                 level -= 4;
     287         [ #  # ]:          0 :                 if (desc_len <= sizeof(index_key->desc))
     288                 :            :                         return 0;
     289                 :            : 
     290                 :          0 :                 d = index_key->description + sizeof(index_key->desc);
     291                 :          0 :                 d += level * sizeof(long);
     292                 :          0 :                 desc_len -= sizeof(index_key->desc);
     293                 :          0 :                 if (desc_len > n)
     294                 :            :                         desc_len = n;
     295                 :          0 :                 do {
     296                 :          0 :                         chunk <<= 8;
     297                 :          0 :                         chunk |= *d++;
     298         [ #  # ]:          0 :                 } while (--desc_len > 0);
     299                 :            :                 return chunk;
     300                 :            :         }
     301                 :            : }
     302                 :            : 
     303                 :          0 : static unsigned long keyring_get_object_key_chunk(const void *object, int level)
     304                 :            : {
     305                 :          0 :         const struct key *key = keyring_ptr_to_key(object);
     306                 :          0 :         return keyring_get_key_chunk(&key->index_key, level);
     307                 :            : }
     308                 :            : 
     309                 :       8424 : static bool keyring_compare_object(const void *object, const void *data)
     310                 :            : {
     311                 :       8424 :         const struct keyring_index_key *index_key = data;
     312         [ +  + ]:       8424 :         const struct key *key = keyring_ptr_to_key(object);
     313                 :            : 
     314                 :      13494 :         return key->index_key.type == index_key->type &&
     315         [ +  - ]:       5070 :                 key->index_key.domain_tag == index_key->domain_tag &&
     316   [ +  +  +  + ]:      13494 :                 key->index_key.desc_len == index_key->desc_len &&
     317         [ -  + ]:       2964 :                 memcmp(key->index_key.description, index_key->description,
     318                 :            :                        index_key->desc_len) == 0;
     319                 :            : }
     320                 :            : 
     321                 :            : /*
     322                 :            :  * Compare the index keys of a pair of objects and determine the bit position
     323                 :            :  * at which they differ - if they differ.
     324                 :            :  */
     325                 :          0 : static int keyring_diff_objects(const void *object, const void *data)
     326                 :            : {
     327         [ #  # ]:          0 :         const struct key *key_a = keyring_ptr_to_key(object);
     328                 :          0 :         const struct keyring_index_key *a = &key_a->index_key;
     329                 :          0 :         const struct keyring_index_key *b = data;
     330                 :          0 :         unsigned long seg_a, seg_b;
     331                 :          0 :         int level, i;
     332                 :            : 
     333                 :          0 :         level = 0;
     334                 :          0 :         seg_a = a->hash;
     335                 :          0 :         seg_b = b->hash;
     336         [ #  # ]:          0 :         if ((seg_a ^ seg_b) != 0)
     337                 :          0 :                 goto differ;
     338                 :          0 :         level += ASSOC_ARRAY_KEY_CHUNK_SIZE / 8;
     339                 :            : 
     340                 :            :         /* The number of bits contributed by the hash is controlled by a
     341                 :            :          * constant in the assoc_array headers.  Everything else thereafter we
     342                 :            :          * can deal with as being machine word-size dependent.
     343                 :            :          */
     344                 :          0 :         seg_a = a->x;
     345                 :          0 :         seg_b = b->x;
     346         [ #  # ]:          0 :         if ((seg_a ^ seg_b) != 0)
     347                 :          0 :                 goto differ;
     348                 :          0 :         level += sizeof(unsigned long);
     349                 :            : 
     350                 :            :         /* The next bit may not work on big endian */
     351                 :          0 :         seg_a = (unsigned long)a->type;
     352                 :          0 :         seg_b = (unsigned long)b->type;
     353         [ #  # ]:          0 :         if ((seg_a ^ seg_b) != 0)
     354                 :          0 :                 goto differ;
     355                 :          0 :         level += sizeof(unsigned long);
     356                 :            : 
     357                 :          0 :         seg_a = (unsigned long)a->domain_tag;
     358                 :          0 :         seg_b = (unsigned long)b->domain_tag;
     359         [ #  # ]:          0 :         if ((seg_a ^ seg_b) != 0)
     360                 :          0 :                 goto differ;
     361                 :          0 :         level += sizeof(unsigned long);
     362                 :            : 
     363                 :          0 :         i = sizeof(a->desc);
     364         [ #  # ]:          0 :         if (a->desc_len <= i)
     365                 :          0 :                 goto same;
     366                 :            : 
     367         [ #  # ]:          0 :         for (; i < a->desc_len; i++) {
     368                 :          0 :                 seg_a = *(unsigned char *)(a->description + i);
     369                 :          0 :                 seg_b = *(unsigned char *)(b->description + i);
     370         [ #  # ]:          0 :                 if ((seg_a ^ seg_b) != 0)
     371                 :          0 :                         goto differ_plus_i;
     372                 :            :         }
     373                 :            : 
     374                 :          0 : same:
     375                 :            :         return -1;
     376                 :            : 
     377                 :            : differ_plus_i:
     378                 :          0 :         level += i;
     379                 :          0 : differ:
     380                 :          0 :         i = level * 8 + __ffs(seg_a ^ seg_b);
     381                 :          0 :         return i;
     382                 :            : }
     383                 :            : 
     384                 :            : /*
     385                 :            :  * Free an object after stripping the keyring flag off of the pointer.
     386                 :            :  */
     387                 :       2028 : static void keyring_free_object(void *object)
     388                 :            : {
     389                 :       2028 :         key_put(keyring_ptr_to_key(object));
     390                 :       2028 : }
     391                 :            : 
     392                 :            : /*
     393                 :            :  * Operations for keyring management by the index-tree routines.
     394                 :            :  */
     395                 :            : static const struct assoc_array_ops keyring_assoc_array_ops = {
     396                 :            :         .get_key_chunk          = keyring_get_key_chunk,
     397                 :            :         .get_object_key_chunk   = keyring_get_object_key_chunk,
     398                 :            :         .compare_object         = keyring_compare_object,
     399                 :            :         .diff_objects           = keyring_diff_objects,
     400                 :            :         .free_object            = keyring_free_object,
     401                 :            : };
     402                 :            : 
     403                 :            : /*
     404                 :            :  * Clean up a keyring when it is destroyed.  Unpublish its name if it had one
     405                 :            :  * and dispose of its data.
     406                 :            :  *
     407                 :            :  * The garbage collector detects the final key_put(), removes the keyring from
     408                 :            :  * the serial number tree and then does RCU synchronisation before coming here,
     409                 :            :  * so we shouldn't need to worry about code poking around here with the RCU
     410                 :            :  * readlock held by this time.
     411                 :            :  */
     412                 :       1638 : static void keyring_destroy(struct key *keyring)
     413                 :            : {
     414         [ +  - ]:       1638 :         if (keyring->description) {
     415                 :       1638 :                 write_lock(&keyring_name_lock);
     416                 :            : 
     417   [ +  -  +  - ]:       1638 :                 if (keyring->name_link.next != NULL &&
     418         [ +  - ]:       1638 :                     !list_empty(&keyring->name_link))
     419                 :       1638 :                         list_del(&keyring->name_link);
     420                 :            : 
     421                 :       1638 :                 write_unlock(&keyring_name_lock);
     422                 :            :         }
     423                 :            : 
     424         [ -  + ]:       1638 :         if (keyring->restrict_link) {
     425                 :          0 :                 struct key_restriction *keyres = keyring->restrict_link;
     426                 :            : 
     427                 :          0 :                 key_put(keyres->key);
     428                 :          0 :                 kfree(keyres);
     429                 :            :         }
     430                 :            : 
     431                 :       1638 :         assoc_array_destroy(&keyring->keys, &keyring_assoc_array_ops);
     432                 :       1638 : }
     433                 :            : 
     434                 :            : /*
     435                 :            :  * Describe a keyring for /proc.
     436                 :            :  */
     437                 :          0 : static void keyring_describe(const struct key *keyring, struct seq_file *m)
     438                 :            : {
     439         [ #  # ]:          0 :         if (keyring->description)
     440                 :          0 :                 seq_puts(m, keyring->description);
     441                 :            :         else
     442                 :          0 :                 seq_puts(m, "[anon]");
     443                 :            : 
     444         [ #  # ]:          0 :         if (key_is_positive(keyring)) {
     445         [ #  # ]:          0 :                 if (keyring->keys.nr_leaves_on_tree != 0)
     446                 :          0 :                         seq_printf(m, ": %lu", keyring->keys.nr_leaves_on_tree);
     447                 :            :                 else
     448                 :          0 :                         seq_puts(m, ": empty");
     449                 :            :         }
     450                 :          0 : }
     451                 :            : 
     452                 :            : struct keyring_read_iterator_context {
     453                 :            :         size_t                  buflen;
     454                 :            :         size_t                  count;
     455                 :            :         key_serial_t __user     *buffer;
     456                 :            : };
     457                 :            : 
     458                 :          0 : static int keyring_read_iterator(const void *object, void *data)
     459                 :            : {
     460                 :          0 :         struct keyring_read_iterator_context *ctx = data;
     461         [ #  # ]:          0 :         const struct key *key = keyring_ptr_to_key(object);
     462                 :          0 :         int ret;
     463                 :            : 
     464                 :          0 :         kenter("{%s,%d},,{%zu/%zu}",
     465                 :            :                key->type->name, key->serial, ctx->count, ctx->buflen);
     466                 :            : 
     467         [ #  # ]:          0 :         if (ctx->count >= ctx->buflen)
     468                 :            :                 return 1;
     469                 :            : 
     470                 :          0 :         ret = put_user(key->serial, ctx->buffer);
     471         [ #  # ]:          0 :         if (ret < 0)
     472                 :            :                 return ret;
     473                 :          0 :         ctx->buffer++;
     474                 :          0 :         ctx->count += sizeof(key->serial);
     475                 :          0 :         return 0;
     476                 :            : }
     477                 :            : 
     478                 :            : /*
     479                 :            :  * Read a list of key IDs from the keyring's contents in binary form
     480                 :            :  *
     481                 :            :  * The keyring's semaphore is read-locked by the caller.  This prevents someone
     482                 :            :  * from modifying it under us - which could cause us to read key IDs multiple
     483                 :            :  * times.
     484                 :            :  */
     485                 :          0 : static long keyring_read(const struct key *keyring,
     486                 :            :                          char __user *buffer, size_t buflen)
     487                 :            : {
     488                 :          0 :         struct keyring_read_iterator_context ctx;
     489                 :          0 :         long ret;
     490                 :            : 
     491                 :          0 :         kenter("{%d},,%zu", key_serial(keyring), buflen);
     492                 :            : 
     493         [ #  # ]:          0 :         if (buflen & (sizeof(key_serial_t) - 1))
     494                 :            :                 return -EINVAL;
     495                 :            : 
     496                 :            :         /* Copy as many key IDs as fit into the buffer */
     497         [ #  # ]:          0 :         if (buffer && buflen) {
     498                 :          0 :                 ctx.buffer = (key_serial_t __user *)buffer;
     499                 :          0 :                 ctx.buflen = buflen;
     500                 :          0 :                 ctx.count = 0;
     501                 :          0 :                 ret = assoc_array_iterate(&keyring->keys,
     502                 :            :                                           keyring_read_iterator, &ctx);
     503         [ #  # ]:          0 :                 if (ret < 0) {
     504                 :            :                         kleave(" = %ld [iterate]", ret);
     505                 :            :                         return ret;
     506                 :            :                 }
     507                 :            :         }
     508                 :            : 
     509                 :            :         /* Return the size of the buffer needed */
     510                 :          0 :         ret = keyring->keys.nr_leaves_on_tree * sizeof(key_serial_t);
     511                 :          0 :         if (ret <= buflen)
     512                 :            :                 kleave("= %ld [ok]", ret);
     513                 :            :         else
     514                 :            :                 kleave("= %ld [buffer too small]", ret);
     515                 :          0 :         return ret;
     516                 :            : }
     517                 :            : 
     518                 :            : /*
     519                 :            :  * Allocate a keyring and link into the destination keyring.
     520                 :            :  */
     521                 :       2730 : struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
     522                 :            :                           const struct cred *cred, key_perm_t perm,
     523                 :            :                           unsigned long flags,
     524                 :            :                           struct key_restriction *restrict_link,
     525                 :            :                           struct key *dest)
     526                 :            : {
     527                 :       2730 :         struct key *keyring;
     528                 :       2730 :         int ret;
     529                 :            : 
     530                 :       2730 :         keyring = key_alloc(&key_type_keyring, description,
     531                 :            :                             uid, gid, cred, perm, flags, restrict_link);
     532         [ +  - ]:       2730 :         if (!IS_ERR(keyring)) {
     533                 :       2730 :                 ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);
     534         [ -  + ]:       2730 :                 if (ret < 0) {
     535                 :          0 :                         key_put(keyring);
     536                 :          0 :                         keyring = ERR_PTR(ret);
     537                 :            :                 }
     538                 :            :         }
     539                 :            : 
     540                 :       2730 :         return keyring;
     541                 :            : }
     542                 :            : EXPORT_SYMBOL(keyring_alloc);
     543                 :            : 
     544                 :            : /**
     545                 :            :  * restrict_link_reject - Give -EPERM to restrict link
     546                 :            :  * @keyring: The keyring being added to.
     547                 :            :  * @type: The type of key being added.
     548                 :            :  * @payload: The payload of the key intended to be added.
     549                 :            :  * @restriction_key: Keys providing additional data for evaluating restriction.
     550                 :            :  *
     551                 :            :  * Reject the addition of any links to a keyring.  It can be overridden by
     552                 :            :  * passing KEY_ALLOC_BYPASS_RESTRICTION to key_instantiate_and_link() when
     553                 :            :  * adding a key to a keyring.
     554                 :            :  *
     555                 :            :  * This is meant to be stored in a key_restriction structure which is passed
     556                 :            :  * in the restrict_link parameter to keyring_alloc().
     557                 :            :  */
     558                 :          0 : int restrict_link_reject(struct key *keyring,
     559                 :            :                          const struct key_type *type,
     560                 :            :                          const union key_payload *payload,
     561                 :            :                          struct key *restriction_key)
     562                 :            : {
     563                 :          0 :         return -EPERM;
     564                 :            : }
     565                 :            : 
     566                 :            : /*
     567                 :            :  * By default, we keys found by getting an exact match on their descriptions.
     568                 :            :  */
     569                 :        780 : bool key_default_cmp(const struct key *key,
     570                 :            :                      const struct key_match_data *match_data)
     571                 :            : {
     572                 :        780 :         return strcmp(key->description, match_data->raw_data) == 0;
     573                 :            : }
     574                 :            : 
     575                 :            : /*
     576                 :            :  * Iteration function to consider each key found.
     577                 :            :  */
     578                 :       2964 : static int keyring_search_iterator(const void *object, void *iterator_data)
     579                 :            : {
     580                 :       2964 :         struct keyring_search_context *ctx = iterator_data;
     581         [ +  - ]:       2964 :         const struct key *key = keyring_ptr_to_key(object);
     582         [ +  - ]:       2964 :         unsigned long kflags = READ_ONCE(key->flags);
     583                 :       2964 :         short state = READ_ONCE(key->state);
     584                 :            : 
     585                 :       2964 :         kenter("{%d}", key->serial);
     586                 :            : 
     587                 :            :         /* ignore keys not of this type */
     588         [ +  - ]:       2964 :         if (key->type != ctx->index_key.type) {
     589                 :            :                 kleave(" = 0 [!type]");
     590                 :            :                 return 0;
     591                 :            :         }
     592                 :            : 
     593                 :            :         /* skip invalidated, revoked and expired keys */
     594         [ +  + ]:       2964 :         if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) {
     595         [ -  + ]:        780 :                 time64_t expiry = READ_ONCE(key->expiry);
     596                 :            : 
     597         [ -  + ]:        780 :                 if (kflags & ((1 << KEY_FLAG_INVALIDATED) |
     598                 :            :                               (1 << KEY_FLAG_REVOKED))) {
     599                 :          0 :                         ctx->result = ERR_PTR(-EKEYREVOKED);
     600                 :          0 :                         kleave(" = %d [invrev]", ctx->skipped_ret);
     601                 :          0 :                         goto skipped;
     602                 :            :                 }
     603                 :            : 
     604   [ -  +  -  - ]:        780 :                 if (expiry && ctx->now >= expiry) {
     605         [ #  # ]:          0 :                         if (!(ctx->flags & KEYRING_SEARCH_SKIP_EXPIRED))
     606                 :          0 :                                 ctx->result = ERR_PTR(-EKEYEXPIRED);
     607                 :          0 :                         kleave(" = %d [expire]", ctx->skipped_ret);
     608                 :          0 :                         goto skipped;
     609                 :            :                 }
     610                 :            :         }
     611                 :            : 
     612                 :            :         /* keys that don't match */
     613         [ +  - ]:       2964 :         if (!ctx->match_data.cmp(key, &ctx->match_data)) {
     614                 :            :                 kleave(" = 0 [!match]");
     615                 :            :                 return 0;
     616                 :            :         }
     617                 :            : 
     618                 :            :         /* key must have search permissions */
     619   [ +  -  -  + ]:       5928 :         if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) &&
     620                 :       2964 :             key_task_permission(make_key_ref(key, ctx->possessed),
     621                 :            :                                 ctx->cred, KEY_NEED_SEARCH) < 0) {
     622                 :          0 :                 ctx->result = ERR_PTR(-EACCES);
     623                 :          0 :                 kleave(" = %d [!perm]", ctx->skipped_ret);
     624                 :          0 :                 goto skipped;
     625                 :            :         }
     626                 :            : 
     627         [ +  + ]:       2964 :         if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) {
     628                 :            :                 /* we set a different error code if we pass a negative key */
     629         [ -  + ]:        780 :                 if (state < 0) {
     630                 :          0 :                         ctx->result = ERR_PTR(state);
     631                 :          0 :                         kleave(" = %d [neg]", ctx->skipped_ret);
     632                 :          0 :                         goto skipped;
     633                 :            :                 }
     634                 :            :         }
     635                 :            : 
     636                 :            :         /* Found */
     637                 :       2964 :         ctx->result = make_key_ref(key, ctx->possessed);
     638                 :       2964 :         kleave(" = 1 [found]");
     639                 :       2964 :         return 1;
     640                 :            : 
     641                 :          0 : skipped:
     642                 :          0 :         return ctx->skipped_ret;
     643                 :            : }
     644                 :            : 
     645                 :            : /*
     646                 :            :  * Search inside a keyring for a key.  We can search by walking to it
     647                 :            :  * directly based on its index-key or we can iterate over the entire
     648                 :            :  * tree looking for it, based on the match function.
     649                 :            :  */
     650                 :       3744 : static int search_keyring(struct key *keyring, struct keyring_search_context *ctx)
     651                 :            : {
     652         [ +  - ]:       3744 :         if (ctx->match_data.lookup_type == KEYRING_SEARCH_LOOKUP_DIRECT) {
     653                 :       3744 :                 const void *object;
     654                 :            : 
     655                 :       3744 :                 object = assoc_array_find(&keyring->keys,
     656                 :            :                                           &keyring_assoc_array_ops,
     657                 :       3744 :                                           &ctx->index_key);
     658         [ +  + ]:       3744 :                 return object ? ctx->iterator(object, ctx) : 0;
     659                 :            :         }
     660                 :          0 :         return assoc_array_iterate(&keyring->keys, ctx->iterator, ctx);
     661                 :            : }
     662                 :            : 
     663                 :            : /*
     664                 :            :  * Search a tree of keyrings that point to other keyrings up to the maximum
     665                 :            :  * depth.
     666                 :            :  */
     667                 :       3666 : static bool search_nested_keyrings(struct key *keyring,
     668                 :            :                                    struct keyring_search_context *ctx)
     669                 :            : {
     670                 :       3666 :         struct {
     671                 :            :                 struct key *keyring;
     672                 :            :                 struct assoc_array_node *node;
     673                 :            :                 int slot;
     674                 :            :         } stack[KEYRING_SEARCH_MAX_DEPTH];
     675                 :            : 
     676                 :       3666 :         struct assoc_array_shortcut *shortcut;
     677                 :       3666 :         struct assoc_array_node *node;
     678                 :       3666 :         struct assoc_array_ptr *ptr;
     679                 :       3666 :         struct key *key;
     680                 :       3666 :         int sp = 0, slot;
     681                 :            : 
     682                 :       3666 :         kenter("{%d},{%s,%s}",
     683                 :            :                keyring->serial,
     684                 :            :                ctx->index_key.type->name,
     685                 :            :                ctx->index_key.description);
     686                 :            : 
     687                 :            : #define STATE_CHECKS (KEYRING_SEARCH_NO_STATE_CHECK | KEYRING_SEARCH_DO_STATE_CHECK)
     688         [ -  + ]:       3666 :         BUG_ON((ctx->flags & STATE_CHECKS) == 0 ||
     689                 :            :                (ctx->flags & STATE_CHECKS) == STATE_CHECKS);
     690                 :            : 
     691         [ +  - ]:       3666 :         if (ctx->index_key.description)
     692                 :       3666 :                 key_set_index_key(&ctx->index_key);
     693                 :            : 
     694                 :            :         /* Check to see if this top-level keyring is what we are looking for
     695                 :            :          * and whether it is valid or not.
     696                 :            :          */
     697         [ +  - ]:       3666 :         if (ctx->match_data.lookup_type == KEYRING_SEARCH_LOOKUP_ITERATE ||
     698         [ -  + ]:       3666 :             keyring_compare_object(keyring, &ctx->index_key)) {
     699                 :          0 :                 ctx->skipped_ret = 2;
     700   [ #  #  #  #  :          0 :                 switch (ctx->iterator(keyring_key_to_ptr(keyring), ctx)) {
                      # ]
     701                 :          0 :                 case 1:
     702                 :          0 :                         goto found;
     703                 :            :                 case 2:
     704                 :            :                         return false;
     705                 :            :                 default:
     706                 :            :                         break;
     707                 :            :                 }
     708                 :       3666 :         }
     709                 :            : 
     710                 :       3666 :         ctx->skipped_ret = 0;
     711                 :            : 
     712                 :            :         /* Start processing a new keyring */
     713                 :       3744 : descend_to_keyring:
     714                 :       3744 :         kdebug("descend to %d", keyring->serial);
     715         [ -  + ]:       3744 :         if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) |
     716                 :            :                               (1 << KEY_FLAG_REVOKED)))
     717                 :          0 :                 goto not_this_keyring;
     718                 :            : 
     719                 :            :         /* Search through the keys in this keyring before its searching its
     720                 :            :          * subtrees.
     721                 :            :          */
     722         [ +  + ]:       3744 :         if (search_keyring(keyring, ctx))
     723                 :       2964 :                 goto found;
     724                 :            : 
     725                 :            :         /* Then manually iterate through the keyrings nested in this one.
     726                 :            :          *
     727                 :            :          * Start from the root node of the index tree.  Because of the way the
     728                 :            :          * hash function has been set up, keyrings cluster on the leftmost
     729                 :            :          * branch of the root node (root slot 0) or in the root node itself.
     730                 :            :          * Non-keyrings avoid the leftmost branch of the root entirely (root
     731                 :            :          * slots 1-15).
     732                 :            :          */
     733         [ +  + ]:        780 :         if (!(ctx->flags & KEYRING_SEARCH_RECURSE))
     734                 :        156 :                 goto not_this_keyring;
     735                 :            : 
     736         [ +  + ]:        624 :         ptr = READ_ONCE(keyring->keys.root);
     737         [ +  + ]:        624 :         if (!ptr)
     738                 :        546 :                 goto not_this_keyring;
     739                 :            : 
     740         [ -  + ]:         78 :         if (assoc_array_ptr_is_shortcut(ptr)) {
     741                 :            :                 /* If the root is a shortcut, either the keyring only contains
     742                 :            :                  * keyring pointers (everything clusters behind root slot 0) or
     743                 :            :                  * doesn't contain any keyring pointers.
     744                 :            :                  */
     745         [ #  # ]:          0 :                 shortcut = assoc_array_ptr_to_shortcut(ptr);
     746         [ #  # ]:          0 :                 if ((shortcut->index_key[0] & ASSOC_ARRAY_FAN_MASK) != 0)
     747                 :          0 :                         goto not_this_keyring;
     748                 :            : 
     749                 :          0 :                 ptr = READ_ONCE(shortcut->next_node);
     750                 :          0 :                 node = assoc_array_ptr_to_node(ptr);
     751                 :          0 :                 goto begin_node;
     752                 :            :         }
     753                 :            : 
     754         [ +  - ]:         78 :         node = assoc_array_ptr_to_node(ptr);
     755                 :         78 :         ptr = node->slots[0];
     756         [ +  - ]:         78 :         if (!assoc_array_ptr_is_meta(ptr))
     757                 :         78 :                 goto begin_node;
     758                 :            : 
     759                 :          0 : descend_to_node:
     760                 :            :         /* Descend to a more distal node in this keyring's content tree and go
     761                 :            :          * through that.
     762                 :            :          */
     763                 :          0 :         kdebug("descend");
     764         [ #  # ]:          0 :         if (assoc_array_ptr_is_shortcut(ptr)) {
     765         [ #  # ]:          0 :                 shortcut = assoc_array_ptr_to_shortcut(ptr);
     766         [ #  # ]:          0 :                 ptr = READ_ONCE(shortcut->next_node);
     767         [ #  # ]:          0 :                 BUG_ON(!assoc_array_ptr_is_node(ptr));
     768                 :            :         }
     769                 :          0 :         node = assoc_array_ptr_to_node(ptr);
     770                 :            : 
     771                 :            : begin_node:
     772                 :            :         kdebug("begin_node");
     773                 :            :         slot = 0;
     774                 :            : ascend_to_node:
     775                 :            :         /* Go through the slots in a node */
     776         [ +  + ]:       2496 :         for (; slot < ASSOC_ARRAY_FAN_OUT; slot++) {
     777         [ -  + ]:       1248 :                 ptr = READ_ONCE(node->slots[slot]);
     778                 :            : 
     779   [ -  +  -  - ]:       1248 :                 if (assoc_array_ptr_is_meta(ptr) && node->back_pointer)
     780                 :          0 :                         goto descend_to_node;
     781                 :            : 
     782         [ +  + ]:       1248 :                 if (!keyring_ptr_is_keyring(ptr))
     783                 :       1170 :                         continue;
     784                 :            : 
     785         [ -  + ]:         78 :                 key = keyring_ptr_to_key(ptr);
     786                 :            : 
     787         [ -  + ]:         78 :                 if (sp >= KEYRING_SEARCH_MAX_DEPTH) {
     788         [ #  # ]:          0 :                         if (ctx->flags & KEYRING_SEARCH_DETECT_TOO_DEEP) {
     789                 :          0 :                                 ctx->result = ERR_PTR(-ELOOP);
     790                 :          0 :                                 return false;
     791                 :            :                         }
     792                 :          0 :                         goto not_this_keyring;
     793                 :            :                 }
     794                 :            : 
     795                 :            :                 /* Search a nested keyring */
     796   [ -  +  -  - ]:         78 :                 if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) &&
     797                 :          0 :                     key_task_permission(make_key_ref(key, ctx->possessed),
     798                 :            :                                         ctx->cred, KEY_NEED_SEARCH) < 0)
     799                 :          0 :                         continue;
     800                 :            : 
     801                 :            :                 /* stack the current position */
     802                 :         78 :                 stack[sp].keyring = keyring;
     803                 :         78 :                 stack[sp].node = node;
     804                 :         78 :                 stack[sp].slot = slot;
     805                 :         78 :                 sp++;
     806                 :            : 
     807                 :            :                 /* begin again with the new keyring */
     808                 :         78 :                 keyring = key;
     809                 :         78 :                 goto descend_to_keyring;
     810                 :            :         }
     811                 :            : 
     812                 :            :         /* We've dealt with all the slots in the current node, so now we need
     813                 :            :          * to ascend to the parent and continue processing there.
     814                 :            :          */
     815         [ -  + ]:         78 :         ptr = READ_ONCE(node->back_pointer);
     816                 :         78 :         slot = node->parent_slot;
     817                 :            : 
     818   [ -  +  -  - ]:         78 :         if (ptr && assoc_array_ptr_is_shortcut(ptr)) {
     819                 :          0 :                 shortcut = assoc_array_ptr_to_shortcut(ptr);
     820                 :          0 :                 ptr = READ_ONCE(shortcut->back_pointer);
     821                 :          0 :                 slot = shortcut->parent_slot;
     822                 :            :         }
     823         [ +  - ]:         78 :         if (!ptr)
     824                 :         78 :                 goto not_this_keyring;
     825         [ #  # ]:          0 :         node = assoc_array_ptr_to_node(ptr);
     826                 :          0 :         slot++;
     827                 :            : 
     828                 :            :         /* If we've ascended to the root (zero backpointer), we must have just
     829                 :            :          * finished processing the leftmost branch rather than the root slots -
     830                 :            :          * so there can't be any more keyrings for us to find.
     831                 :            :          */
     832         [ #  # ]:          0 :         if (node->back_pointer) {
     833                 :          0 :                 kdebug("ascend %d", slot);
     834                 :          0 :                 goto ascend_to_node;
     835                 :            :         }
     836                 :            : 
     837                 :            :         /* The keyring we're looking at was disqualified or didn't contain a
     838                 :            :          * matching key.
     839                 :            :          */
     840                 :          0 : not_this_keyring:
     841                 :        780 :         kdebug("not_this_keyring %d", sp);
     842         [ +  + ]:        780 :         if (sp <= 0) {
     843                 :            :                 kleave(" = false");
     844                 :            :                 return false;
     845                 :            :         }
     846                 :            : 
     847                 :            :         /* Resume the processing of a keyring higher up in the tree */
     848                 :         78 :         sp--;
     849                 :         78 :         keyring = stack[sp].keyring;
     850                 :         78 :         node = stack[sp].node;
     851                 :         78 :         slot = stack[sp].slot + 1;
     852                 :         78 :         kdebug("ascend to %d [%d]", keyring->serial, slot);
     853                 :         78 :         goto ascend_to_node;
     854                 :            : 
     855                 :            :         /* We found a viable match */
     856                 :       2964 : found:
     857         [ +  - ]:       2964 :         key = key_ref_to_ptr(ctx->result);
     858                 :       2964 :         key_check(key);
     859         [ +  - ]:       2964 :         if (!(ctx->flags & KEYRING_SEARCH_NO_UPDATE_TIME)) {
     860                 :       2964 :                 key->last_used_at = ctx->now;
     861                 :       2964 :                 keyring->last_used_at = ctx->now;
     862         [ -  + ]:       2964 :                 while (sp > 0)
     863                 :          0 :                         stack[--sp].keyring->last_used_at = ctx->now;
     864                 :            :         }
     865                 :            :         kleave(" = true");
     866                 :            :         return true;
     867                 :            : }
     868                 :            : 
     869                 :            : /**
     870                 :            :  * keyring_search_rcu - Search a keyring tree for a matching key under RCU
     871                 :            :  * @keyring_ref: A pointer to the keyring with possession indicator.
     872                 :            :  * @ctx: The keyring search context.
     873                 :            :  *
     874                 :            :  * Search the supplied keyring tree for a key that matches the criteria given.
     875                 :            :  * The root keyring and any linked keyrings must grant Search permission to the
     876                 :            :  * caller to be searchable and keys can only be found if they too grant Search
     877                 :            :  * to the caller. The possession flag on the root keyring pointer controls use
     878                 :            :  * of the possessor bits in permissions checking of the entire tree.  In
     879                 :            :  * addition, the LSM gets to forbid keyring searches and key matches.
     880                 :            :  *
     881                 :            :  * The search is performed as a breadth-then-depth search up to the prescribed
     882                 :            :  * limit (KEYRING_SEARCH_MAX_DEPTH).  The caller must hold the RCU read lock to
     883                 :            :  * prevent keyrings from being destroyed or rearranged whilst they are being
     884                 :            :  * searched.
     885                 :            :  *
     886                 :            :  * Keys are matched to the type provided and are then filtered by the match
     887                 :            :  * function, which is given the description to use in any way it sees fit.  The
     888                 :            :  * match function may use any attributes of a key that it wishes to to
     889                 :            :  * determine the match.  Normally the match function from the key type would be
     890                 :            :  * used.
     891                 :            :  *
     892                 :            :  * RCU can be used to prevent the keyring key lists from disappearing without
     893                 :            :  * the need to take lots of locks.
     894                 :            :  *
     895                 :            :  * Returns a pointer to the found key and increments the key usage count if
     896                 :            :  * successful; -EAGAIN if no matching keys were found, or if expired or revoked
     897                 :            :  * keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the
     898                 :            :  * specified keyring wasn't a keyring.
     899                 :            :  *
     900                 :            :  * In the case of a successful return, the possession attribute from
     901                 :            :  * @keyring_ref is propagated to the returned key reference.
     902                 :            :  */
     903                 :       3120 : key_ref_t keyring_search_rcu(key_ref_t keyring_ref,
     904                 :            :                              struct keyring_search_context *ctx)
     905                 :            : {
     906                 :       3120 :         struct key *keyring;
     907                 :       3120 :         long err;
     908                 :            : 
     909                 :       3120 :         ctx->iterator = keyring_search_iterator;
     910         [ +  - ]:       3120 :         ctx->possessed = is_key_possessed(keyring_ref);
     911         [ +  - ]:       3120 :         ctx->result = ERR_PTR(-EAGAIN);
     912                 :            : 
     913         [ +  - ]:       3120 :         keyring = key_ref_to_ptr(keyring_ref);
     914                 :       3120 :         key_check(keyring);
     915                 :            : 
     916         [ +  - ]:       3120 :         if (keyring->type != &key_type_keyring)
     917                 :            :                 return ERR_PTR(-ENOTDIR);
     918                 :            : 
     919         [ +  - ]:       3120 :         if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM)) {
     920                 :       3120 :                 err = key_task_permission(keyring_ref, ctx->cred, KEY_NEED_SEARCH);
     921         [ -  + ]:       3120 :                 if (err < 0)
     922                 :          0 :                         return ERR_PTR(err);
     923                 :            :         }
     924                 :            : 
     925                 :       3120 :         ctx->now = ktime_get_real_seconds();
     926         [ +  + ]:       3120 :         if (search_nested_keyrings(keyring, ctx))
     927                 :       2964 :                 __key_get(key_ref_to_ptr(ctx->result));
     928                 :       3120 :         return ctx->result;
     929                 :            : }
     930                 :            : 
     931                 :            : /**
     932                 :            :  * keyring_search - Search the supplied keyring tree for a matching key
     933                 :            :  * @keyring: The root of the keyring tree to be searched.
     934                 :            :  * @type: The type of keyring we want to find.
     935                 :            :  * @description: The name of the keyring we want to find.
     936                 :            :  * @recurse: True to search the children of @keyring also
     937                 :            :  *
     938                 :            :  * As keyring_search_rcu() above, but using the current task's credentials and
     939                 :            :  * type's default matching function and preferred search method.
     940                 :            :  */
     941                 :        936 : key_ref_t keyring_search(key_ref_t keyring,
     942                 :            :                          struct key_type *type,
     943                 :            :                          const char *description,
     944                 :            :                          bool recurse)
     945                 :            : {
     946                 :        936 :         struct keyring_search_context ctx = {
     947                 :            :                 .index_key.type         = type,
     948                 :            :                 .index_key.description  = description,
     949                 :        936 :                 .index_key.desc_len     = strlen(description),
     950         [ -  + ]:        936 :                 .cred                   = current_cred(),
     951                 :            :                 .match_data.cmp         = key_default_cmp,
     952                 :            :                 .match_data.raw_data    = description,
     953                 :            :                 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
     954                 :            :                 .flags                  = KEYRING_SEARCH_DO_STATE_CHECK,
     955                 :            :         };
     956                 :        936 :         key_ref_t key;
     957                 :        936 :         int ret;
     958                 :            : 
     959         [ -  + ]:        936 :         if (recurse)
     960                 :          0 :                 ctx.flags |= KEYRING_SEARCH_RECURSE;
     961         [ -  + ]:        936 :         if (type->match_preparse) {
     962                 :          0 :                 ret = type->match_preparse(&ctx.match_data);
     963         [ #  # ]:          0 :                 if (ret < 0)
     964                 :          0 :                         return ERR_PTR(ret);
     965                 :            :         }
     966                 :            : 
     967                 :        936 :         rcu_read_lock();
     968                 :        936 :         key = keyring_search_rcu(keyring, &ctx);
     969                 :        936 :         rcu_read_unlock();
     970                 :            : 
     971         [ -  + ]:        936 :         if (type->match_free)
     972                 :          0 :                 type->match_free(&ctx.match_data);
     973                 :            :         return key;
     974                 :            : }
     975                 :            : EXPORT_SYMBOL(keyring_search);
     976                 :            : 
     977                 :          0 : static struct key_restriction *keyring_restriction_alloc(
     978                 :            :         key_restrict_link_func_t check)
     979                 :            : {
     980                 :          0 :         struct key_restriction *keyres =
     981                 :            :                 kzalloc(sizeof(struct key_restriction), GFP_KERNEL);
     982                 :            : 
     983         [ #  # ]:          0 :         if (!keyres)
     984                 :            :                 return ERR_PTR(-ENOMEM);
     985                 :            : 
     986                 :          0 :         keyres->check = check;
     987                 :            : 
     988                 :          0 :         return keyres;
     989                 :            : }
     990                 :            : 
     991                 :            : /*
     992                 :            :  * Semaphore to serialise restriction setup to prevent reference count
     993                 :            :  * cycles through restriction key pointers.
     994                 :            :  */
     995                 :            : static DECLARE_RWSEM(keyring_serialise_restrict_sem);
     996                 :            : 
     997                 :            : /*
     998                 :            :  * Check for restriction cycles that would prevent keyring garbage collection.
     999                 :            :  * keyring_serialise_restrict_sem must be held.
    1000                 :            :  */
    1001                 :            : static bool keyring_detect_restriction_cycle(const struct key *dest_keyring,
    1002                 :            :                                              struct key_restriction *keyres)
    1003                 :            : {
    1004   [ #  #  #  # ]:          0 :         while (keyres && keyres->key &&
    1005         [ #  # ]:          0 :                keyres->key->type == &key_type_keyring) {
    1006         [ #  # ]:          0 :                 if (keyres->key == dest_keyring)
    1007                 :            :                         return true;
    1008                 :            : 
    1009                 :          0 :                 keyres = keyres->key->restrict_link;
    1010                 :            :         }
    1011                 :            : 
    1012                 :            :         return false;
    1013                 :            : }
    1014                 :            : 
    1015                 :            : /**
    1016                 :            :  * keyring_restrict - Look up and apply a restriction to a keyring
    1017                 :            :  * @keyring_ref: The keyring to be restricted
    1018                 :            :  * @type: The key type that will provide the restriction checker.
    1019                 :            :  * @restriction: The restriction options to apply to the keyring
    1020                 :            :  *
    1021                 :            :  * Look up a keyring and apply a restriction to it.  The restriction is managed
    1022                 :            :  * by the specific key type, but can be configured by the options specified in
    1023                 :            :  * the restriction string.
    1024                 :            :  */
    1025                 :          0 : int keyring_restrict(key_ref_t keyring_ref, const char *type,
    1026                 :            :                      const char *restriction)
    1027                 :            : {
    1028                 :          0 :         struct key *keyring;
    1029                 :          0 :         struct key_type *restrict_type = NULL;
    1030                 :          0 :         struct key_restriction *restrict_link;
    1031                 :          0 :         int ret = 0;
    1032                 :            : 
    1033         [ #  # ]:          0 :         keyring = key_ref_to_ptr(keyring_ref);
    1034                 :          0 :         key_check(keyring);
    1035                 :            : 
    1036         [ #  # ]:          0 :         if (keyring->type != &key_type_keyring)
    1037                 :            :                 return -ENOTDIR;
    1038                 :            : 
    1039         [ #  # ]:          0 :         if (!type) {
    1040                 :          0 :                 restrict_link = keyring_restriction_alloc(restrict_link_reject);
    1041                 :            :         } else {
    1042                 :          0 :                 restrict_type = key_type_lookup(type);
    1043                 :            : 
    1044         [ #  # ]:          0 :                 if (IS_ERR(restrict_type))
    1045                 :          0 :                         return PTR_ERR(restrict_type);
    1046                 :            : 
    1047         [ #  # ]:          0 :                 if (!restrict_type->lookup_restriction) {
    1048                 :          0 :                         ret = -ENOENT;
    1049                 :          0 :                         goto error;
    1050                 :            :                 }
    1051                 :            : 
    1052                 :          0 :                 restrict_link = restrict_type->lookup_restriction(restriction);
    1053                 :            :         }
    1054                 :            : 
    1055         [ #  # ]:          0 :         if (IS_ERR(restrict_link)) {
    1056                 :          0 :                 ret = PTR_ERR(restrict_link);
    1057                 :          0 :                 goto error;
    1058                 :            :         }
    1059                 :            : 
    1060                 :          0 :         down_write(&keyring->sem);
    1061                 :          0 :         down_write(&keyring_serialise_restrict_sem);
    1062                 :            : 
    1063         [ #  # ]:          0 :         if (keyring->restrict_link)
    1064                 :            :                 ret = -EEXIST;
    1065         [ #  # ]:          0 :         else if (keyring_detect_restriction_cycle(keyring, restrict_link))
    1066                 :            :                 ret = -EDEADLK;
    1067                 :            :         else
    1068                 :          0 :                 keyring->restrict_link = restrict_link;
    1069                 :            : 
    1070                 :          0 :         up_write(&keyring_serialise_restrict_sem);
    1071                 :          0 :         up_write(&keyring->sem);
    1072                 :            : 
    1073         [ #  # ]:          0 :         if (ret < 0) {
    1074                 :          0 :                 key_put(restrict_link->key);
    1075                 :          0 :                 kfree(restrict_link);
    1076                 :            :         }
    1077                 :            : 
    1078                 :          0 : error:
    1079         [ #  # ]:          0 :         if (restrict_type)
    1080                 :          0 :                 key_type_put(restrict_type);
    1081                 :            : 
    1082                 :            :         return ret;
    1083                 :            : }
    1084                 :            : EXPORT_SYMBOL(keyring_restrict);
    1085                 :            : 
    1086                 :            : /*
    1087                 :            :  * Search the given keyring for a key that might be updated.
    1088                 :            :  *
    1089                 :            :  * The caller must guarantee that the keyring is a keyring and that the
    1090                 :            :  * permission is granted to modify the keyring as no check is made here.  The
    1091                 :            :  * caller must also hold a lock on the keyring semaphore.
    1092                 :            :  *
    1093                 :            :  * Returns a pointer to the found key with usage count incremented if
    1094                 :            :  * successful and returns NULL if not found.  Revoked and invalidated keys are
    1095                 :            :  * skipped over.
    1096                 :            :  *
    1097                 :            :  * If successful, the possession indicator is propagated from the keyring ref
    1098                 :            :  * to the returned key reference.
    1099                 :            :  */
    1100                 :       2184 : key_ref_t find_key_to_update(key_ref_t keyring_ref,
    1101                 :            :                              const struct keyring_index_key *index_key)
    1102                 :            : {
    1103                 :       2184 :         struct key *keyring, *key;
    1104                 :       2184 :         const void *object;
    1105                 :            : 
    1106                 :       2184 :         keyring = key_ref_to_ptr(keyring_ref);
    1107                 :            : 
    1108                 :       2184 :         kenter("{%d},{%s,%s}",
    1109                 :            :                keyring->serial, index_key->type->name, index_key->description);
    1110                 :            : 
    1111                 :       2184 :         object = assoc_array_find(&keyring->keys, &keyring_assoc_array_ops,
    1112                 :            :                                   index_key);
    1113                 :            : 
    1114         [ -  + ]:       2184 :         if (object)
    1115                 :          0 :                 goto found;
    1116                 :            : 
    1117                 :            :         kleave(" = NULL");
    1118                 :            :         return NULL;
    1119                 :            : 
    1120                 :            : found:
    1121         [ #  # ]:          0 :         key = keyring_ptr_to_key(object);
    1122         [ #  # ]:          0 :         if (key->flags & ((1 << KEY_FLAG_INVALIDATED) |
    1123                 :            :                           (1 << KEY_FLAG_REVOKED))) {
    1124                 :            :                 kleave(" = NULL [x]");
    1125                 :            :                 return NULL;
    1126                 :            :         }
    1127                 :          0 :         __key_get(key);
    1128                 :          0 :         kleave(" = {%d}", key->serial);
    1129                 :          0 :         return make_key_ref(key, is_key_possessed(keyring_ref));
    1130                 :            : }
    1131                 :            : 
    1132                 :            : /*
    1133                 :            :  * Find a keyring with the specified name.
    1134                 :            :  *
    1135                 :            :  * Only keyrings that have nonzero refcount, are not revoked, and are owned by a
    1136                 :            :  * user in the current user namespace are considered.  If @uid_keyring is %true,
    1137                 :            :  * the keyring additionally must have been allocated as a user or user session
    1138                 :            :  * keyring; otherwise, it must grant Search permission directly to the caller.
    1139                 :            :  *
    1140                 :            :  * Returns a pointer to the keyring with the keyring's refcount having being
    1141                 :            :  * incremented on success.  -ENOKEY is returned if a key could not be found.
    1142                 :            :  */
    1143                 :          0 : struct key *find_keyring_by_name(const char *name, bool uid_keyring)
    1144                 :            : {
    1145         [ #  # ]:          0 :         struct user_namespace *ns = current_user_ns();
    1146                 :          0 :         struct key *keyring;
    1147                 :            : 
    1148         [ #  # ]:          0 :         if (!name)
    1149                 :            :                 return ERR_PTR(-EINVAL);
    1150                 :            : 
    1151                 :          0 :         read_lock(&keyring_name_lock);
    1152                 :            : 
    1153                 :            :         /* Search this hash bucket for a keyring with a matching name that
    1154                 :            :          * grants Search permission and that hasn't been revoked
    1155                 :            :          */
    1156         [ #  # ]:          0 :         list_for_each_entry(keyring, &ns->keyring_name_list, name_link) {
    1157         [ #  # ]:          0 :                 if (!kuid_has_mapping(ns, keyring->user->uid))
    1158                 :          0 :                         continue;
    1159                 :            : 
    1160         [ #  # ]:          0 :                 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
    1161                 :          0 :                         continue;
    1162                 :            : 
    1163         [ #  # ]:          0 :                 if (strcmp(keyring->description, name) != 0)
    1164                 :          0 :                         continue;
    1165                 :            : 
    1166         [ #  # ]:          0 :                 if (uid_keyring) {
    1167         [ #  # ]:          0 :                         if (!test_bit(KEY_FLAG_UID_KEYRING,
    1168                 :            :                                       &keyring->flags))
    1169                 :          0 :                                 continue;
    1170                 :            :                 } else {
    1171         [ #  # ]:          0 :                         if (key_permission(make_key_ref(keyring, 0),
    1172                 :            :                                            KEY_NEED_SEARCH) < 0)
    1173                 :          0 :                                 continue;
    1174                 :            :                 }
    1175                 :            : 
    1176                 :            :                 /* we've got a match but we might end up racing with
    1177                 :            :                  * key_cleanup() if the keyring is currently 'dead'
    1178                 :            :                  * (ie. it has a zero usage count) */
    1179         [ #  # ]:          0 :                 if (!refcount_inc_not_zero(&keyring->usage))
    1180                 :          0 :                         continue;
    1181                 :          0 :                 keyring->last_used_at = ktime_get_real_seconds();
    1182                 :          0 :                 goto out;
    1183                 :            :         }
    1184                 :            : 
    1185                 :            :         keyring = ERR_PTR(-ENOKEY);
    1186                 :          0 : out:
    1187                 :          0 :         read_unlock(&keyring_name_lock);
    1188                 :          0 :         return keyring;
    1189                 :            : }
    1190                 :            : 
    1191                 :          0 : static int keyring_detect_cycle_iterator(const void *object,
    1192                 :            :                                          void *iterator_data)
    1193                 :            : {
    1194                 :          0 :         struct keyring_search_context *ctx = iterator_data;
    1195         [ #  # ]:          0 :         const struct key *key = keyring_ptr_to_key(object);
    1196                 :            : 
    1197                 :          0 :         kenter("{%d}", key->serial);
    1198                 :            : 
    1199                 :            :         /* We might get a keyring with matching index-key that is nonetheless a
    1200                 :            :          * different keyring. */
    1201         [ #  # ]:          0 :         if (key != ctx->match_data.raw_data)
    1202                 :            :                 return 0;
    1203                 :            : 
    1204                 :          0 :         ctx->result = ERR_PTR(-EDEADLK);
    1205                 :          0 :         return 1;
    1206                 :            : }
    1207                 :            : 
    1208                 :            : /*
    1209                 :            :  * See if a cycle will will be created by inserting acyclic tree B in acyclic
    1210                 :            :  * tree A at the topmost level (ie: as a direct child of A).
    1211                 :            :  *
    1212                 :            :  * Since we are adding B to A at the top level, checking for cycles should just
    1213                 :            :  * be a matter of seeing if node A is somewhere in tree B.
    1214                 :            :  */
    1215                 :        546 : static int keyring_detect_cycle(struct key *A, struct key *B)
    1216                 :            : {
    1217                 :        546 :         struct keyring_search_context ctx = {
    1218                 :            :                 .index_key              = A->index_key,
    1219                 :            :                 .match_data.raw_data    = A,
    1220                 :            :                 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
    1221                 :            :                 .iterator               = keyring_detect_cycle_iterator,
    1222                 :            :                 .flags                  = (KEYRING_SEARCH_NO_STATE_CHECK |
    1223                 :            :                                            KEYRING_SEARCH_NO_UPDATE_TIME |
    1224                 :            :                                            KEYRING_SEARCH_NO_CHECK_PERM |
    1225                 :            :                                            KEYRING_SEARCH_DETECT_TOO_DEEP |
    1226                 :            :                                            KEYRING_SEARCH_RECURSE),
    1227                 :            :         };
    1228                 :            : 
    1229                 :        546 :         rcu_read_lock();
    1230                 :        546 :         search_nested_keyrings(B, &ctx);
    1231                 :        546 :         rcu_read_unlock();
    1232         [ +  - ]:        546 :         return PTR_ERR(ctx.result) == -EAGAIN ? 0 : PTR_ERR(ctx.result);
    1233                 :            : }
    1234                 :            : 
    1235                 :            : /*
    1236                 :            :  * Lock keyring for link.
    1237                 :            :  */
    1238                 :       2886 : int __key_link_lock(struct key *keyring,
    1239                 :            :                     const struct keyring_index_key *index_key)
    1240                 :            :         __acquires(&keyring->sem)
    1241                 :            :         __acquires(&keyring_serialise_link_lock)
    1242                 :            : {
    1243         [ +  - ]:       2886 :         if (keyring->type != &key_type_keyring)
    1244                 :            :                 return -ENOTDIR;
    1245                 :            : 
    1246                 :       2886 :         down_write(&keyring->sem);
    1247                 :            : 
    1248                 :            :         /* Serialise link/link calls to prevent parallel calls causing a cycle
    1249                 :            :          * when linking two keyring in opposite orders.
    1250                 :            :          */
    1251         [ +  + ]:       2886 :         if (index_key->type == &key_type_keyring)
    1252                 :        624 :                 mutex_lock(&keyring_serialise_link_lock);
    1253                 :            : 
    1254                 :            :         return 0;
    1255                 :            : }
    1256                 :            : 
    1257                 :            : /*
    1258                 :            :  * Lock keyrings for move (link/unlink combination).
    1259                 :            :  */
    1260                 :          0 : int __key_move_lock(struct key *l_keyring, struct key *u_keyring,
    1261                 :            :                     const struct keyring_index_key *index_key)
    1262                 :            :         __acquires(&l_keyring->sem)
    1263                 :            :         __acquires(&u_keyring->sem)
    1264                 :            :         __acquires(&keyring_serialise_link_lock)
    1265                 :            : {
    1266         [ #  # ]:          0 :         if (l_keyring->type != &key_type_keyring ||
    1267         [ #  # ]:          0 :             u_keyring->type != &key_type_keyring)
    1268                 :            :                 return -ENOTDIR;
    1269                 :            : 
    1270                 :            :         /* We have to be very careful here to take the keyring locks in the
    1271                 :            :          * right order, lest we open ourselves to deadlocking against another
    1272                 :            :          * move operation.
    1273                 :            :          */
    1274         [ #  # ]:          0 :         if (l_keyring < u_keyring) {
    1275                 :          0 :                 down_write(&l_keyring->sem);
    1276                 :          0 :                 down_write_nested(&u_keyring->sem, 1);
    1277                 :            :         } else {
    1278                 :          0 :                 down_write(&u_keyring->sem);
    1279                 :          0 :                 down_write_nested(&l_keyring->sem, 1);
    1280                 :            :         }
    1281                 :            : 
    1282                 :            :         /* Serialise link/link calls to prevent parallel calls causing a cycle
    1283                 :            :          * when linking two keyring in opposite orders.
    1284                 :            :          */
    1285         [ #  # ]:          0 :         if (index_key->type == &key_type_keyring)
    1286                 :          0 :                 mutex_lock(&keyring_serialise_link_lock);
    1287                 :            : 
    1288                 :            :         return 0;
    1289                 :            : }
    1290                 :            : 
    1291                 :            : /*
    1292                 :            :  * Preallocate memory so that a key can be linked into to a keyring.
    1293                 :            :  */
    1294                 :       2886 : int __key_link_begin(struct key *keyring,
    1295                 :            :                      const struct keyring_index_key *index_key,
    1296                 :            :                      struct assoc_array_edit **_edit)
    1297                 :            : {
    1298                 :       2886 :         struct assoc_array_edit *edit;
    1299                 :       2886 :         int ret;
    1300                 :            : 
    1301                 :       2886 :         kenter("%d,%s,%s,",
    1302                 :            :                keyring->serial, index_key->type->name, index_key->description);
    1303                 :            : 
    1304         [ -  + ]:       2886 :         BUG_ON(index_key->desc_len == 0);
    1305         [ -  + ]:       2886 :         BUG_ON(*_edit != NULL);
    1306                 :            : 
    1307                 :       2886 :         *_edit = NULL;
    1308                 :            : 
    1309                 :       2886 :         ret = -EKEYREVOKED;
    1310         [ -  + ]:       2886 :         if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
    1311                 :          0 :                 goto error;
    1312                 :            : 
    1313                 :            :         /* Create an edit script that will insert/replace the key in the
    1314                 :            :          * keyring tree.
    1315                 :            :          */
    1316                 :       2886 :         edit = assoc_array_insert(&keyring->keys,
    1317                 :            :                                   &keyring_assoc_array_ops,
    1318                 :            :                                   index_key,
    1319                 :            :                                   NULL);
    1320         [ -  + ]:       2886 :         if (IS_ERR(edit)) {
    1321                 :          0 :                 ret = PTR_ERR(edit);
    1322                 :          0 :                 goto error;
    1323                 :            :         }
    1324                 :            : 
    1325                 :            :         /* If we're not replacing a link in-place then we're going to need some
    1326                 :            :          * extra quota.
    1327                 :            :          */
    1328         [ +  - ]:       2886 :         if (!edit->dead_leaf) {
    1329                 :       2886 :                 ret = key_payload_reserve(keyring,
    1330                 :       2886 :                                           keyring->datalen + KEYQUOTA_LINK_BYTES);
    1331         [ -  + ]:       2886 :                 if (ret < 0)
    1332                 :          0 :                         goto error_cancel;
    1333                 :            :         }
    1334                 :            : 
    1335                 :       2886 :         *_edit = edit;
    1336                 :       2886 :         kleave(" = 0");
    1337                 :       2886 :         return 0;
    1338                 :            : 
    1339                 :            : error_cancel:
    1340                 :          0 :         assoc_array_cancel_edit(edit);
    1341                 :            : error:
    1342                 :            :         kleave(" = %d", ret);
    1343                 :            :         return ret;
    1344                 :            : }
    1345                 :            : 
    1346                 :            : /*
    1347                 :            :  * Check already instantiated keys aren't going to be a problem.
    1348                 :            :  *
    1349                 :            :  * The caller must have called __key_link_begin(). Don't need to call this for
    1350                 :            :  * keys that were created since __key_link_begin() was called.
    1351                 :            :  */
    1352                 :        546 : int __key_link_check_live_key(struct key *keyring, struct key *key)
    1353                 :            : {
    1354         [ #  # ]:          0 :         if (key->type == &key_type_keyring)
    1355                 :            :                 /* check that we aren't going to create a cycle by linking one
    1356                 :            :                  * keyring to another */
    1357                 :        546 :                 return keyring_detect_cycle(keyring, key);
    1358                 :            :         return 0;
    1359                 :            : }
    1360                 :            : 
    1361                 :            : /*
    1362                 :            :  * Link a key into to a keyring.
    1363                 :            :  *
    1364                 :            :  * Must be called with __key_link_begin() having being called.  Discards any
    1365                 :            :  * already extant link to matching key if there is one, so that each keyring
    1366                 :            :  * holds at most one link to any given key of a particular type+description
    1367                 :            :  * combination.
    1368                 :            :  */
    1369                 :       2886 : void __key_link(struct key *key, struct assoc_array_edit **_edit)
    1370                 :            : {
    1371                 :       2886 :         __key_get(key);
    1372         [ +  + ]:       3510 :         assoc_array_insert_set_object(*_edit, keyring_key_to_ptr(key));
    1373                 :       2886 :         assoc_array_apply_edit(*_edit);
    1374                 :       2886 :         *_edit = NULL;
    1375                 :       2886 : }
    1376                 :            : 
    1377                 :            : /*
    1378                 :            :  * Finish linking a key into to a keyring.
    1379                 :            :  *
    1380                 :            :  * Must be called with __key_link_begin() having being called.
    1381                 :            :  */
    1382                 :       2886 : void __key_link_end(struct key *keyring,
    1383                 :            :                     const struct keyring_index_key *index_key,
    1384                 :            :                     struct assoc_array_edit *edit)
    1385                 :            :         __releases(&keyring->sem)
    1386                 :            :         __releases(&keyring_serialise_link_lock)
    1387                 :            : {
    1388         [ -  + ]:       2886 :         BUG_ON(index_key->type == NULL);
    1389                 :       2886 :         kenter("%d,%s,", keyring->serial, index_key->type->name);
    1390                 :            : 
    1391         [ -  + ]:       2886 :         if (edit) {
    1392         [ #  # ]:          0 :                 if (!edit->dead_leaf) {
    1393                 :          0 :                         key_payload_reserve(keyring,
    1394                 :          0 :                                 keyring->datalen - KEYQUOTA_LINK_BYTES);
    1395                 :            :                 }
    1396                 :          0 :                 assoc_array_cancel_edit(edit);
    1397                 :            :         }
    1398                 :       2886 :         up_write(&keyring->sem);
    1399                 :            : 
    1400         [ +  + ]:       2886 :         if (index_key->type == &key_type_keyring)
    1401                 :        624 :                 mutex_unlock(&keyring_serialise_link_lock);
    1402                 :       2886 : }
    1403                 :            : 
    1404                 :            : /*
    1405                 :            :  * Check addition of keys to restricted keyrings.
    1406                 :            :  */
    1407                 :        546 : static int __key_link_check_restriction(struct key *keyring, struct key *key)
    1408                 :            : {
    1409   [ #  #  #  # ]:          0 :         if (!keyring->restrict_link || !keyring->restrict_link->check)
    1410                 :            :                 return 0;
    1411                 :          0 :         return keyring->restrict_link->check(keyring, key->type, &key->payload,
    1412                 :            :                                              keyring->restrict_link->key);
    1413                 :            : }
    1414                 :            : 
    1415                 :            : /**
    1416                 :            :  * key_link - Link a key to a keyring
    1417                 :            :  * @keyring: The keyring to make the link in.
    1418                 :            :  * @key: The key to link to.
    1419                 :            :  *
    1420                 :            :  * Make a link in a keyring to a key, such that the keyring holds a reference
    1421                 :            :  * on that key and the key can potentially be found by searching that keyring.
    1422                 :            :  *
    1423                 :            :  * This function will write-lock the keyring's semaphore and will consume some
    1424                 :            :  * of the user's key data quota to hold the link.
    1425                 :            :  *
    1426                 :            :  * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring,
    1427                 :            :  * -EKEYREVOKED if the keyring has been revoked, -ENFILE if the keyring is
    1428                 :            :  * full, -EDQUOT if there is insufficient key data quota remaining to add
    1429                 :            :  * another link or -ENOMEM if there's insufficient memory.
    1430                 :            :  *
    1431                 :            :  * It is assumed that the caller has checked that it is permitted for a link to
    1432                 :            :  * be made (the keyring should have Write permission and the key Link
    1433                 :            :  * permission).
    1434                 :            :  */
    1435                 :        546 : int key_link(struct key *keyring, struct key *key)
    1436                 :            : {
    1437                 :        546 :         struct assoc_array_edit *edit = NULL;
    1438                 :        546 :         int ret;
    1439                 :            : 
    1440                 :        546 :         kenter("{%d,%d}", keyring->serial, refcount_read(&keyring->usage));
    1441                 :            : 
    1442                 :        546 :         key_check(keyring);
    1443                 :        546 :         key_check(key);
    1444                 :            : 
    1445                 :        546 :         ret = __key_link_lock(keyring, &key->index_key);
    1446         [ -  + ]:        546 :         if (ret < 0)
    1447                 :          0 :                 goto error;
    1448                 :            : 
    1449                 :        546 :         ret = __key_link_begin(keyring, &key->index_key, &edit);
    1450         [ -  + ]:        546 :         if (ret < 0)
    1451                 :          0 :                 goto error_end;
    1452                 :            : 
    1453                 :        546 :         kdebug("begun {%d,%d}", keyring->serial, refcount_read(&keyring->usage));
    1454         [ -  + ]:        546 :         ret = __key_link_check_restriction(keyring, key);
    1455         [ #  # ]:          0 :         if (ret == 0)
    1456         [ +  - ]:        546 :                 ret = __key_link_check_live_key(keyring, key);
    1457         [ -  + ]:        546 :         if (ret == 0)
    1458                 :        546 :                 __key_link(key, &edit);
    1459                 :            : 
    1460                 :          0 : error_end:
    1461                 :        546 :         __key_link_end(keyring, &key->index_key, edit);
    1462                 :        546 : error:
    1463                 :        546 :         kleave(" = %d {%d,%d}", ret, keyring->serial, refcount_read(&keyring->usage));
    1464                 :        546 :         return ret;
    1465                 :            : }
    1466                 :            : EXPORT_SYMBOL(key_link);
    1467                 :            : 
    1468                 :            : /*
    1469                 :            :  * Lock a keyring for unlink.
    1470                 :            :  */
    1471                 :          0 : static int __key_unlink_lock(struct key *keyring)
    1472                 :            :         __acquires(&keyring->sem)
    1473                 :            : {
    1474                 :          0 :         if (keyring->type != &key_type_keyring)
    1475                 :            :                 return -ENOTDIR;
    1476                 :            : 
    1477                 :          0 :         down_write(&keyring->sem);
    1478                 :          0 :         return 0;
    1479                 :            : }
    1480                 :            : 
    1481                 :            : /*
    1482                 :            :  * Begin the process of unlinking a key from a keyring.
    1483                 :            :  */
    1484                 :          0 : static int __key_unlink_begin(struct key *keyring, struct key *key,
    1485                 :            :                               struct assoc_array_edit **_edit)
    1486                 :            : {
    1487                 :          0 :         struct assoc_array_edit *edit;
    1488                 :            : 
    1489         [ #  # ]:          0 :         BUG_ON(*_edit != NULL);
    1490                 :            :         
    1491                 :          0 :         edit = assoc_array_delete(&keyring->keys, &keyring_assoc_array_ops,
    1492                 :          0 :                                   &key->index_key);
    1493         [ #  # ]:          0 :         if (IS_ERR(edit))
    1494                 :          0 :                 return PTR_ERR(edit);
    1495                 :            : 
    1496         [ #  # ]:          0 :         if (!edit)
    1497                 :            :                 return -ENOENT;
    1498                 :            : 
    1499                 :          0 :         *_edit = edit;
    1500                 :          0 :         return 0;
    1501                 :            : }
    1502                 :            : 
    1503                 :            : /*
    1504                 :            :  * Apply an unlink change.
    1505                 :            :  */
    1506                 :            : static void __key_unlink(struct key *keyring, struct key *key,
    1507                 :            :                          struct assoc_array_edit **_edit)
    1508                 :            : {
    1509                 :            :         assoc_array_apply_edit(*_edit);
    1510                 :            :         *_edit = NULL;
    1511                 :            :         key_payload_reserve(keyring, keyring->datalen - KEYQUOTA_LINK_BYTES);
    1512                 :            : }
    1513                 :            : 
    1514                 :            : /*
    1515                 :            :  * Finish unlinking a key from to a keyring.
    1516                 :            :  */
    1517                 :          0 : static void __key_unlink_end(struct key *keyring,
    1518                 :            :                              struct key *key,
    1519                 :            :                              struct assoc_array_edit *edit)
    1520                 :            :         __releases(&keyring->sem)
    1521                 :            : {
    1522                 :          0 :         if (edit)
    1523                 :          0 :                 assoc_array_cancel_edit(edit);
    1524                 :          0 :         up_write(&keyring->sem);
    1525                 :          0 : }
    1526                 :            : 
    1527                 :            : /**
    1528                 :            :  * key_unlink - Unlink the first link to a key from a keyring.
    1529                 :            :  * @keyring: The keyring to remove the link from.
    1530                 :            :  * @key: The key the link is to.
    1531                 :            :  *
    1532                 :            :  * Remove a link from a keyring to a key.
    1533                 :            :  *
    1534                 :            :  * This function will write-lock the keyring's semaphore.
    1535                 :            :  *
    1536                 :            :  * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring, -ENOENT if
    1537                 :            :  * the key isn't linked to by the keyring or -ENOMEM if there's insufficient
    1538                 :            :  * memory.
    1539                 :            :  *
    1540                 :            :  * It is assumed that the caller has checked that it is permitted for a link to
    1541                 :            :  * be removed (the keyring should have Write permission; no permissions are
    1542                 :            :  * required on the key).
    1543                 :            :  */
    1544                 :          0 : int key_unlink(struct key *keyring, struct key *key)
    1545                 :            : {
    1546                 :          0 :         struct assoc_array_edit *edit = NULL;
    1547                 :          0 :         int ret;
    1548                 :            : 
    1549                 :          0 :         key_check(keyring);
    1550                 :          0 :         key_check(key);
    1551                 :            : 
    1552         [ #  # ]:          0 :         ret = __key_unlink_lock(keyring);
    1553                 :          0 :         if (ret < 0)
    1554                 :            :                 return ret;
    1555                 :            : 
    1556                 :          0 :         ret = __key_unlink_begin(keyring, key, &edit);
    1557         [ #  # ]:          0 :         if (ret == 0)
    1558                 :          0 :                 __key_unlink(keyring, key, &edit);
    1559         [ #  # ]:          0 :         __key_unlink_end(keyring, key, edit);
    1560                 :          0 :         return ret;
    1561                 :            : }
    1562                 :            : EXPORT_SYMBOL(key_unlink);
    1563                 :            : 
    1564                 :            : /**
    1565                 :            :  * key_move - Move a key from one keyring to another
    1566                 :            :  * @key: The key to move
    1567                 :            :  * @from_keyring: The keyring to remove the link from.
    1568                 :            :  * @to_keyring: The keyring to make the link in.
    1569                 :            :  * @flags: Qualifying flags, such as KEYCTL_MOVE_EXCL.
    1570                 :            :  *
    1571                 :            :  * Make a link in @to_keyring to a key, such that the keyring holds a reference
    1572                 :            :  * on that key and the key can potentially be found by searching that keyring
    1573                 :            :  * whilst simultaneously removing a link to the key from @from_keyring.
    1574                 :            :  *
    1575                 :            :  * This function will write-lock both keyring's semaphores and will consume
    1576                 :            :  * some of the user's key data quota to hold the link on @to_keyring.
    1577                 :            :  *
    1578                 :            :  * Returns 0 if successful, -ENOTDIR if either keyring isn't a keyring,
    1579                 :            :  * -EKEYREVOKED if either keyring has been revoked, -ENFILE if the second
    1580                 :            :  * keyring is full, -EDQUOT if there is insufficient key data quota remaining
    1581                 :            :  * to add another link or -ENOMEM if there's insufficient memory.  If
    1582                 :            :  * KEYCTL_MOVE_EXCL is set, then -EEXIST will be returned if there's already a
    1583                 :            :  * matching key in @to_keyring.
    1584                 :            :  *
    1585                 :            :  * It is assumed that the caller has checked that it is permitted for a link to
    1586                 :            :  * be made (the keyring should have Write permission and the key Link
    1587                 :            :  * permission).
    1588                 :            :  */
    1589                 :          0 : int key_move(struct key *key,
    1590                 :            :              struct key *from_keyring,
    1591                 :            :              struct key *to_keyring,
    1592                 :            :              unsigned int flags)
    1593                 :            : {
    1594                 :          0 :         struct assoc_array_edit *from_edit = NULL, *to_edit = NULL;
    1595                 :          0 :         int ret;
    1596                 :            : 
    1597                 :          0 :         kenter("%d,%d,%d", key->serial, from_keyring->serial, to_keyring->serial);
    1598                 :            : 
    1599         [ #  # ]:          0 :         if (from_keyring == to_keyring)
    1600                 :            :                 return 0;
    1601                 :            : 
    1602                 :          0 :         key_check(key);
    1603                 :          0 :         key_check(from_keyring);
    1604                 :          0 :         key_check(to_keyring);
    1605                 :            : 
    1606                 :          0 :         ret = __key_move_lock(from_keyring, to_keyring, &key->index_key);
    1607         [ #  # ]:          0 :         if (ret < 0)
    1608                 :          0 :                 goto out;
    1609                 :          0 :         ret = __key_unlink_begin(from_keyring, key, &from_edit);
    1610         [ #  # ]:          0 :         if (ret < 0)
    1611                 :          0 :                 goto error;
    1612                 :          0 :         ret = __key_link_begin(to_keyring, &key->index_key, &to_edit);
    1613         [ #  # ]:          0 :         if (ret < 0)
    1614                 :          0 :                 goto error;
    1615                 :            : 
    1616                 :          0 :         ret = -EEXIST;
    1617   [ #  #  #  # ]:          0 :         if (to_edit->dead_leaf && (flags & KEYCTL_MOVE_EXCL))
    1618                 :          0 :                 goto error;
    1619                 :            : 
    1620         [ #  # ]:          0 :         ret = __key_link_check_restriction(to_keyring, key);
    1621         [ #  # ]:          0 :         if (ret < 0)
    1622                 :          0 :                 goto error;
    1623         [ #  # ]:          0 :         ret = __key_link_check_live_key(to_keyring, key);
    1624         [ #  # ]:          0 :         if (ret < 0)
    1625                 :          0 :                 goto error;
    1626                 :            : 
    1627                 :          0 :         __key_unlink(from_keyring, key, &from_edit);
    1628                 :          0 :         __key_link(key, &to_edit);
    1629                 :          0 : error:
    1630                 :          0 :         __key_link_end(to_keyring, &key->index_key, to_edit);
    1631         [ #  # ]:          0 :         __key_unlink_end(from_keyring, key, from_edit);
    1632                 :            : out:
    1633                 :            :         kleave(" = %d", ret);
    1634                 :            :         return ret;
    1635                 :            : }
    1636                 :            : EXPORT_SYMBOL(key_move);
    1637                 :            : 
    1638                 :            : /**
    1639                 :            :  * keyring_clear - Clear a keyring
    1640                 :            :  * @keyring: The keyring to clear.
    1641                 :            :  *
    1642                 :            :  * Clear the contents of the specified keyring.
    1643                 :            :  *
    1644                 :            :  * Returns 0 if successful or -ENOTDIR if the keyring isn't a keyring.
    1645                 :            :  */
    1646                 :          0 : int keyring_clear(struct key *keyring)
    1647                 :            : {
    1648                 :          0 :         struct assoc_array_edit *edit;
    1649                 :          0 :         int ret;
    1650                 :            : 
    1651         [ #  # ]:          0 :         if (keyring->type != &key_type_keyring)
    1652                 :            :                 return -ENOTDIR;
    1653                 :            : 
    1654                 :          0 :         down_write(&keyring->sem);
    1655                 :            : 
    1656                 :          0 :         edit = assoc_array_clear(&keyring->keys, &keyring_assoc_array_ops);
    1657         [ #  # ]:          0 :         if (IS_ERR(edit)) {
    1658                 :          0 :                 ret = PTR_ERR(edit);
    1659                 :            :         } else {
    1660         [ #  # ]:          0 :                 if (edit)
    1661                 :          0 :                         assoc_array_apply_edit(edit);
    1662                 :          0 :                 key_payload_reserve(keyring, 0);
    1663                 :          0 :                 ret = 0;
    1664                 :            :         }
    1665                 :            : 
    1666                 :          0 :         up_write(&keyring->sem);
    1667                 :          0 :         return ret;
    1668                 :            : }
    1669                 :            : EXPORT_SYMBOL(keyring_clear);
    1670                 :            : 
    1671                 :            : /*
    1672                 :            :  * Dispose of the links from a revoked keyring.
    1673                 :            :  *
    1674                 :            :  * This is called with the key sem write-locked.
    1675                 :            :  */
    1676                 :          0 : static void keyring_revoke(struct key *keyring)
    1677                 :            : {
    1678                 :          0 :         struct assoc_array_edit *edit;
    1679                 :            : 
    1680                 :          0 :         edit = assoc_array_clear(&keyring->keys, &keyring_assoc_array_ops);
    1681         [ #  # ]:          0 :         if (!IS_ERR(edit)) {
    1682         [ #  # ]:          0 :                 if (edit)
    1683                 :          0 :                         assoc_array_apply_edit(edit);
    1684                 :          0 :                 key_payload_reserve(keyring, 0);
    1685                 :            :         }
    1686                 :          0 : }
    1687                 :            : 
    1688                 :          0 : static bool keyring_gc_select_iterator(void *object, void *iterator_data)
    1689                 :            : {
    1690         [ #  # ]:          0 :         struct key *key = keyring_ptr_to_key(object);
    1691                 :          0 :         time64_t *limit = iterator_data;
    1692                 :            : 
    1693   [ #  #  #  # ]:          0 :         if (key_is_dead(key, *limit))
    1694                 :            :                 return false;
    1695         [ #  # ]:          0 :         key_get(key);
    1696                 :            :         return true;
    1697                 :            : }
    1698                 :            : 
    1699                 :          0 : static int keyring_gc_check_iterator(const void *object, void *iterator_data)
    1700                 :            : {
    1701         [ #  # ]:          0 :         const struct key *key = keyring_ptr_to_key(object);
    1702                 :          0 :         time64_t *limit = iterator_data;
    1703                 :            : 
    1704                 :          0 :         key_check(key);
    1705         [ #  # ]:          0 :         return key_is_dead(key, *limit);
    1706                 :            : }
    1707                 :            : 
    1708                 :            : /*
    1709                 :            :  * Garbage collect pointers from a keyring.
    1710                 :            :  *
    1711                 :            :  * Not called with any locks held.  The keyring's key struct will not be
    1712                 :            :  * deallocated under us as only our caller may deallocate it.
    1713                 :            :  */
    1714                 :          0 : void keyring_gc(struct key *keyring, time64_t limit)
    1715                 :            : {
    1716                 :          0 :         int result;
    1717                 :            : 
    1718                 :          0 :         kenter("%x{%s}", keyring->serial, keyring->description ?: "");
    1719                 :            : 
    1720         [ #  # ]:          0 :         if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) |
    1721                 :            :                               (1 << KEY_FLAG_REVOKED)))
    1722                 :          0 :                 goto dont_gc;
    1723                 :            : 
    1724                 :            :         /* scan the keyring looking for dead keys */
    1725                 :          0 :         rcu_read_lock();
    1726                 :          0 :         result = assoc_array_iterate(&keyring->keys,
    1727                 :            :                                      keyring_gc_check_iterator, &limit);
    1728                 :          0 :         rcu_read_unlock();
    1729         [ #  # ]:          0 :         if (result == true)
    1730                 :          0 :                 goto do_gc;
    1731                 :            : 
    1732                 :          0 : dont_gc:
    1733                 :            :         kleave(" [no gc]");
    1734                 :            :         return;
    1735                 :            : 
    1736                 :            : do_gc:
    1737                 :          0 :         down_write(&keyring->sem);
    1738                 :          0 :         assoc_array_gc(&keyring->keys, &keyring_assoc_array_ops,
    1739                 :            :                        keyring_gc_select_iterator, &limit);
    1740                 :          0 :         up_write(&keyring->sem);
    1741                 :          0 :         kleave(" [gc]");
    1742                 :            : }
    1743                 :            : 
    1744                 :            : /*
    1745                 :            :  * Garbage collect restriction pointers from a keyring.
    1746                 :            :  *
    1747                 :            :  * Keyring restrictions are associated with a key type, and must be cleaned
    1748                 :            :  * up if the key type is unregistered. The restriction is altered to always
    1749                 :            :  * reject additional keys so a keyring cannot be opened up by unregistering
    1750                 :            :  * a key type.
    1751                 :            :  *
    1752                 :            :  * Not called with any keyring locks held. The keyring's key struct will not
    1753                 :            :  * be deallocated under us as only our caller may deallocate it.
    1754                 :            :  *
    1755                 :            :  * The caller is required to hold key_types_sem and dead_type->sem. This is
    1756                 :            :  * fulfilled by key_gc_keytype() holding the locks on behalf of
    1757                 :            :  * key_garbage_collector(), which it invokes on a workqueue.
    1758                 :            :  */
    1759                 :          0 : void keyring_restriction_gc(struct key *keyring, struct key_type *dead_type)
    1760                 :            : {
    1761                 :          0 :         struct key_restriction *keyres;
    1762                 :            : 
    1763                 :          0 :         kenter("%x{%s}", keyring->serial, keyring->description ?: "");
    1764                 :            : 
    1765                 :            :         /*
    1766                 :            :          * keyring->restrict_link is only assigned at key allocation time
    1767                 :            :          * or with the key type locked, so the only values that could be
    1768                 :            :          * concurrently assigned to keyring->restrict_link are for key
    1769                 :            :          * types other than dead_type. Given this, it's ok to check
    1770                 :            :          * the key type before acquiring keyring->sem.
    1771                 :            :          */
    1772   [ #  #  #  # ]:          0 :         if (!dead_type || !keyring->restrict_link ||
    1773         [ #  # ]:          0 :             keyring->restrict_link->keytype != dead_type) {
    1774                 :            :                 kleave(" [no restriction gc]");
    1775                 :            :                 return;
    1776                 :            :         }
    1777                 :            : 
    1778                 :            :         /* Lock the keyring to ensure that a link is not in progress */
    1779                 :          0 :         down_write(&keyring->sem);
    1780                 :            : 
    1781                 :          0 :         keyres = keyring->restrict_link;
    1782                 :            : 
    1783                 :          0 :         keyres->check = restrict_link_reject;
    1784                 :            : 
    1785                 :          0 :         key_put(keyres->key);
    1786                 :          0 :         keyres->key = NULL;
    1787                 :          0 :         keyres->keytype = NULL;
    1788                 :            : 
    1789                 :          0 :         up_write(&keyring->sem);
    1790                 :            : 
    1791                 :          0 :         kleave(" [restriction gc]");
    1792                 :            : }

Generated by: LCOV version 1.14