security/keys/key.c at v4.9-rc2

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / security / keys / key.c
at v4.9-rc2 1168 lines 31 kB view raw
wrap content
   1/* Basic authentication token and access key management
   2 *
   3 * Copyright (C) 2004-2008 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public License
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the License, or (at your option) any later version.
  10 */
  11
  12#include <linux/module.h>
  13#include <linux/init.h>
  14#include <linux/poison.h>
  15#include <linux/sched.h>
  16#include <linux/slab.h>
  17#include <linux/security.h>
  18#include <linux/workqueue.h>
  19#include <linux/random.h>
  20#include <linux/err.h>
  21#include "internal.h"
  22
  23struct kmem_cache *key_jar;
  24struct rb_root		key_serial_tree; /* tree of keys indexed by serial */
  25DEFINE_SPINLOCK(key_serial_lock);
  26
  27struct rb_root	key_user_tree; /* tree of quota records indexed by UID */
  28DEFINE_SPINLOCK(key_user_lock);
  29
  30unsigned int key_quota_root_maxkeys = 1000000;	/* root's key count quota */
  31unsigned int key_quota_root_maxbytes = 25000000; /* root's key space quota */
  32unsigned int key_quota_maxkeys = 200;		/* general key count quota */
  33unsigned int key_quota_maxbytes = 20000;	/* general key space quota */
  34
  35static LIST_HEAD(key_types_list);
  36static DECLARE_RWSEM(key_types_sem);
  37
  38/* We serialise key instantiation and link */
  39DEFINE_MUTEX(key_construction_mutex);
  40
  41#ifdef KEY_DEBUGGING
  42void __key_check(const struct key *key)
  43{
  44	printk("__key_check: key %p {%08x} should be {%08x}\n",
  45	       key, key->magic, KEY_DEBUG_MAGIC);
  46	BUG();
  47}
  48#endif
  49
  50/*
  51 * Get the key quota record for a user, allocating a new record if one doesn't
  52 * already exist.
  53 */
  54struct key_user *key_user_lookup(kuid_t uid)
  55{
  56	struct key_user *candidate = NULL, *user;
  57	struct rb_node *parent = NULL;
  58	struct rb_node **p;
  59
  60try_again:
  61	p = &key_user_tree.rb_node;
  62	spin_lock(&key_user_lock);
  63
  64	/* search the tree for a user record with a matching UID */
  65	while (*p) {
  66		parent = *p;
  67		user = rb_entry(parent, struct key_user, node);
  68
  69		if (uid_lt(uid, user->uid))
  70			p = &(*p)->rb_left;
  71		else if (uid_gt(uid, user->uid))
  72			p = &(*p)->rb_right;
  73		else
  74			goto found;
  75	}
  76
  77	/* if we get here, we failed to find a match in the tree */
  78	if (!candidate) {
  79		/* allocate a candidate user record if we don't already have
  80		 * one */
  81		spin_unlock(&key_user_lock);
  82
  83		user = NULL;
  84		candidate = kmalloc(sizeof(struct key_user), GFP_KERNEL);
  85		if (unlikely(!candidate))
  86			goto out;
  87
  88		/* the allocation may have scheduled, so we need to repeat the
  89		 * search lest someone else added the record whilst we were
  90		 * asleep */
  91		goto try_again;
  92	}
  93
  94	/* if we get here, then the user record still hadn't appeared on the
  95	 * second pass - so we use the candidate record */
  96	atomic_set(&candidate->usage, 1);
  97	atomic_set(&candidate->nkeys, 0);
  98	atomic_set(&candidate->nikeys, 0);
  99	candidate->uid = uid;
 100	candidate->qnkeys = 0;
 101	candidate->qnbytes = 0;
 102	spin_lock_init(&candidate->lock);
 103	mutex_init(&candidate->cons_lock);
 104
 105	rb_link_node(&candidate->node, parent, p);
 106	rb_insert_color(&candidate->node, &key_user_tree);
 107	spin_unlock(&key_user_lock);
 108	user = candidate;
 109	goto out;
 110
 111	/* okay - we found a user record for this UID */
 112found:
 113	atomic_inc(&user->usage);
 114	spin_unlock(&key_user_lock);
 115	kfree(candidate);
 116out:
 117	return user;
 118}
 119
 120/*
 121 * Dispose of a user structure
 122 */
 123void key_user_put(struct key_user *user)
 124{
 125	if (atomic_dec_and_lock(&user->usage, &key_user_lock)) {
 126		rb_erase(&user->node, &key_user_tree);
 127		spin_unlock(&key_user_lock);
 128
 129		kfree(user);
 130	}
 131}
 132
 133/*
 134 * Allocate a serial number for a key.  These are assigned randomly to avoid
 135 * security issues through covert channel problems.
 136 */
 137static inline void key_alloc_serial(struct key *key)
 138{
 139	struct rb_node *parent, **p;
 140	struct key *xkey;
 141
 142	/* propose a random serial number and look for a hole for it in the
 143	 * serial number tree */
 144	do {
 145		get_random_bytes(&key->serial, sizeof(key->serial));
 146
 147		key->serial >>= 1; /* negative numbers are not permitted */
 148	} while (key->serial < 3);
 149
 150	spin_lock(&key_serial_lock);
 151
 152attempt_insertion:
 153	parent = NULL;
 154	p = &key_serial_tree.rb_node;
 155
 156	while (*p) {
 157		parent = *p;
 158		xkey = rb_entry(parent, struct key, serial_node);
 159
 160		if (key->serial < xkey->serial)
 161			p = &(*p)->rb_left;
 162		else if (key->serial > xkey->serial)
 163			p = &(*p)->rb_right;
 164		else
 165			goto serial_exists;
 166	}
 167
 168	/* we've found a suitable hole - arrange for this key to occupy it */
 169	rb_link_node(&key->serial_node, parent, p);
 170	rb_insert_color(&key->serial_node, &key_serial_tree);
 171
 172	spin_unlock(&key_serial_lock);
 173	return;
 174
 175	/* we found a key with the proposed serial number - walk the tree from
 176	 * that point looking for the next unused serial number */
 177serial_exists:
 178	for (;;) {
 179		key->serial++;
 180		if (key->serial < 3) {
 181			key->serial = 3;
 182			goto attempt_insertion;
 183		}
 184
 185		parent = rb_next(parent);
 186		if (!parent)
 187			goto attempt_insertion;
 188
 189		xkey = rb_entry(parent, struct key, serial_node);
 190		if (key->serial < xkey->serial)
 191			goto attempt_insertion;
 192	}
 193}
 194
 195/**
 196 * key_alloc - Allocate a key of the specified type.
 197 * @type: The type of key to allocate.
 198 * @desc: The key description to allow the key to be searched out.
 199 * @uid: The owner of the new key.
 200 * @gid: The group ID for the new key's group permissions.
 201 * @cred: The credentials specifying UID namespace.
 202 * @perm: The permissions mask of the new key.
 203 * @flags: Flags specifying quota properties.
 204 * @restrict_link: Optional link restriction method for new keyrings.
 205 *
 206 * Allocate a key of the specified type with the attributes given.  The key is
 207 * returned in an uninstantiated state and the caller needs to instantiate the
 208 * key before returning.
 209 *
 210 * The user's key count quota is updated to reflect the creation of the key and
 211 * the user's key data quota has the default for the key type reserved.  The
 212 * instantiation function should amend this as necessary.  If insufficient
 213 * quota is available, -EDQUOT will be returned.
 214 *
 215 * The LSM security modules can prevent a key being created, in which case
 216 * -EACCES will be returned.
 217 *
 218 * Returns a pointer to the new key if successful and an error code otherwise.
 219 *
 220 * Note that the caller needs to ensure the key type isn't uninstantiated.
 221 * Internally this can be done by locking key_types_sem.  Externally, this can
 222 * be done by either never unregistering the key type, or making sure
 223 * key_alloc() calls don't race with module unloading.
 224 */
 225struct key *key_alloc(struct key_type *type, const char *desc,
 226		      kuid_t uid, kgid_t gid, const struct cred *cred,
 227		      key_perm_t perm, unsigned long flags,
 228		      int (*restrict_link)(struct key *,
 229					   const struct key_type *,
 230					   const union key_payload *))
 231{
 232	struct key_user *user = NULL;
 233	struct key *key;
 234	size_t desclen, quotalen;
 235	int ret;
 236
 237	key = ERR_PTR(-EINVAL);
 238	if (!desc || !*desc)
 239		goto error;
 240
 241	if (type->vet_description) {
 242		ret = type->vet_description(desc);
 243		if (ret < 0) {
 244			key = ERR_PTR(ret);
 245			goto error;
 246		}
 247	}
 248
 249	desclen = strlen(desc);
 250	quotalen = desclen + 1 + type->def_datalen;
 251
 252	/* get hold of the key tracking for this user */
 253	user = key_user_lookup(uid);
 254	if (!user)
 255		goto no_memory_1;
 256
 257	/* check that the user's quota permits allocation of another key and
 258	 * its description */
 259	if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
 260		unsigned maxkeys = uid_eq(uid, GLOBAL_ROOT_UID) ?
 261			key_quota_root_maxkeys : key_quota_maxkeys;
 262		unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ?
 263			key_quota_root_maxbytes : key_quota_maxbytes;
 264
 265		spin_lock(&user->lock);
 266		if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) {
 267			if (user->qnkeys + 1 >= maxkeys ||
 268			    user->qnbytes + quotalen >= maxbytes ||
 269			    user->qnbytes + quotalen < user->qnbytes)
 270				goto no_quota;
 271		}
 272
 273		user->qnkeys++;
 274		user->qnbytes += quotalen;
 275		spin_unlock(&user->lock);
 276	}
 277
 278	/* allocate and initialise the key and its description */
 279	key = kmem_cache_zalloc(key_jar, GFP_KERNEL);
 280	if (!key)
 281		goto no_memory_2;
 282
 283	key->index_key.desc_len = desclen;
 284	key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL);
 285	if (!key->index_key.description)
 286		goto no_memory_3;
 287
 288	atomic_set(&key->usage, 1);
 289	init_rwsem(&key->sem);
 290	lockdep_set_class(&key->sem, &type->lock_class);
 291	key->index_key.type = type;
 292	key->user = user;
 293	key->quotalen = quotalen;
 294	key->datalen = type->def_datalen;
 295	key->uid = uid;
 296	key->gid = gid;
 297	key->perm = perm;
 298	key->restrict_link = restrict_link;
 299
 300	if (!(flags & KEY_ALLOC_NOT_IN_QUOTA))
 301		key->flags |= 1 << KEY_FLAG_IN_QUOTA;
 302	if (flags & KEY_ALLOC_BUILT_IN)
 303		key->flags |= 1 << KEY_FLAG_BUILTIN;
 304
 305#ifdef KEY_DEBUGGING
 306	key->magic = KEY_DEBUG_MAGIC;
 307#endif
 308
 309	/* let the security module know about the key */
 310	ret = security_key_alloc(key, cred, flags);
 311	if (ret < 0)
 312		goto security_error;
 313
 314	/* publish the key by giving it a serial number */
 315	atomic_inc(&user->nkeys);
 316	key_alloc_serial(key);
 317
 318error:
 319	return key;
 320
 321security_error:
 322	kfree(key->description);
 323	kmem_cache_free(key_jar, key);
 324	if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
 325		spin_lock(&user->lock);
 326		user->qnkeys--;
 327		user->qnbytes -= quotalen;
 328		spin_unlock(&user->lock);
 329	}
 330	key_user_put(user);
 331	key = ERR_PTR(ret);
 332	goto error;
 333
 334no_memory_3:
 335	kmem_cache_free(key_jar, key);
 336no_memory_2:
 337	if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
 338		spin_lock(&user->lock);
 339		user->qnkeys--;
 340		user->qnbytes -= quotalen;
 341		spin_unlock(&user->lock);
 342	}
 343	key_user_put(user);
 344no_memory_1:
 345	key = ERR_PTR(-ENOMEM);
 346	goto error;
 347
 348no_quota:
 349	spin_unlock(&user->lock);
 350	key_user_put(user);
 351	key = ERR_PTR(-EDQUOT);
 352	goto error;
 353}
 354EXPORT_SYMBOL(key_alloc);
 355
 356/**
 357 * key_payload_reserve - Adjust data quota reservation for the key's payload
 358 * @key: The key to make the reservation for.
 359 * @datalen: The amount of data payload the caller now wants.
 360 *
 361 * Adjust the amount of the owning user's key data quota that a key reserves.
 362 * If the amount is increased, then -EDQUOT may be returned if there isn't
 363 * enough free quota available.
 364 *
 365 * If successful, 0 is returned.
 366 */
 367int key_payload_reserve(struct key *key, size_t datalen)
 368{
 369	int delta = (int)datalen - key->datalen;
 370	int ret = 0;
 371
 372	key_check(key);
 373
 374	/* contemplate the quota adjustment */
 375	if (delta != 0 && test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
 376		unsigned maxbytes = uid_eq(key->user->uid, GLOBAL_ROOT_UID) ?
 377			key_quota_root_maxbytes : key_quota_maxbytes;
 378
 379		spin_lock(&key->user->lock);
 380
 381		if (delta > 0 &&
 382		    (key->user->qnbytes + delta >= maxbytes ||
 383		     key->user->qnbytes + delta < key->user->qnbytes)) {
 384			ret = -EDQUOT;
 385		}
 386		else {
 387			key->user->qnbytes += delta;
 388			key->quotalen += delta;
 389		}
 390		spin_unlock(&key->user->lock);
 391	}
 392
 393	/* change the recorded data length if that didn't generate an error */
 394	if (ret == 0)
 395		key->datalen = datalen;
 396
 397	return ret;
 398}
 399EXPORT_SYMBOL(key_payload_reserve);
 400
 401/*
 402 * Instantiate a key and link it into the target keyring atomically.  Must be
 403 * called with the target keyring's semaphore writelocked.  The target key's
 404 * semaphore need not be locked as instantiation is serialised by
 405 * key_construction_mutex.
 406 */
 407static int __key_instantiate_and_link(struct key *key,
 408				      struct key_preparsed_payload *prep,
 409				      struct key *keyring,
 410				      struct key *authkey,
 411				      struct assoc_array_edit **_edit)
 412{
 413	int ret, awaken;
 414
 415	key_check(key);
 416	key_check(keyring);
 417
 418	awaken = 0;
 419	ret = -EBUSY;
 420
 421	mutex_lock(&key_construction_mutex);
 422
 423	/* can't instantiate twice */
 424	if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
 425		/* instantiate the key */
 426		ret = key->type->instantiate(key, prep);
 427
 428		if (ret == 0) {
 429			/* mark the key as being instantiated */
 430			atomic_inc(&key->user->nikeys);
 431			set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
 432
 433			if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
 434				awaken = 1;
 435
 436			/* and link it into the destination keyring */
 437			if (keyring) {
 438				if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
 439					set_bit(KEY_FLAG_KEEP, &key->flags);
 440
 441				__key_link(key, _edit);
 442			}
 443
 444			/* disable the authorisation key */
 445			if (authkey)
 446				key_revoke(authkey);
 447
 448			if (prep->expiry != TIME_T_MAX) {
 449				key->expiry = prep->expiry;
 450				key_schedule_gc(prep->expiry + key_gc_delay);
 451			}
 452		}
 453	}
 454
 455	mutex_unlock(&key_construction_mutex);
 456
 457	/* wake up anyone waiting for a key to be constructed */
 458	if (awaken)
 459		wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT);
 460
 461	return ret;
 462}
 463
 464/**
 465 * key_instantiate_and_link - Instantiate a key and link it into the keyring.
 466 * @key: The key to instantiate.
 467 * @data: The data to use to instantiate the keyring.
 468 * @datalen: The length of @data.
 469 * @keyring: Keyring to create a link in on success (or NULL).
 470 * @authkey: The authorisation token permitting instantiation.
 471 *
 472 * Instantiate a key that's in the uninstantiated state using the provided data
 473 * and, if successful, link it in to the destination keyring if one is
 474 * supplied.
 475 *
 476 * If successful, 0 is returned, the authorisation token is revoked and anyone
 477 * waiting for the key is woken up.  If the key was already instantiated,
 478 * -EBUSY will be returned.
 479 */
 480int key_instantiate_and_link(struct key *key,
 481			     const void *data,
 482			     size_t datalen,
 483			     struct key *keyring,
 484			     struct key *authkey)
 485{
 486	struct key_preparsed_payload prep;
 487	struct assoc_array_edit *edit;
 488	int ret;
 489
 490	memset(&prep, 0, sizeof(prep));
 491	prep.data = data;
 492	prep.datalen = datalen;
 493	prep.quotalen = key->type->def_datalen;
 494	prep.expiry = TIME_T_MAX;
 495	if (key->type->preparse) {
 496		ret = key->type->preparse(&prep);
 497		if (ret < 0)
 498			goto error;
 499	}
 500
 501	if (keyring) {
 502		if (keyring->restrict_link) {
 503			ret = keyring->restrict_link(keyring, key->type,
 504						     &prep.payload);
 505			if (ret < 0)
 506				goto error;
 507		}
 508		ret = __key_link_begin(keyring, &key->index_key, &edit);
 509		if (ret < 0)
 510			goto error;
 511	}
 512
 513	ret = __key_instantiate_and_link(key, &prep, keyring, authkey, &edit);
 514
 515	if (keyring)
 516		__key_link_end(keyring, &key->index_key, edit);
 517
 518error:
 519	if (key->type->preparse)
 520		key->type->free_preparse(&prep);
 521	return ret;
 522}
 523
 524EXPORT_SYMBOL(key_instantiate_and_link);
 525
 526/**
 527 * key_reject_and_link - Negatively instantiate a key and link it into the keyring.
 528 * @key: The key to instantiate.
 529 * @timeout: The timeout on the negative key.
 530 * @error: The error to return when the key is hit.
 531 * @keyring: Keyring to create a link in on success (or NULL).
 532 * @authkey: The authorisation token permitting instantiation.
 533 *
 534 * Negatively instantiate a key that's in the uninstantiated state and, if
 535 * successful, set its timeout and stored error and link it in to the
 536 * destination keyring if one is supplied.  The key and any links to the key
 537 * will be automatically garbage collected after the timeout expires.
 538 *
 539 * Negative keys are used to rate limit repeated request_key() calls by causing
 540 * them to return the stored error code (typically ENOKEY) until the negative
 541 * key expires.
 542 *
 543 * If successful, 0 is returned, the authorisation token is revoked and anyone
 544 * waiting for the key is woken up.  If the key was already instantiated,
 545 * -EBUSY will be returned.
 546 */
 547int key_reject_and_link(struct key *key,
 548			unsigned timeout,
 549			unsigned error,
 550			struct key *keyring,
 551			struct key *authkey)
 552{
 553	struct assoc_array_edit *edit;
 554	struct timespec now;
 555	int ret, awaken, link_ret = 0;
 556
 557	key_check(key);
 558	key_check(keyring);
 559
 560	awaken = 0;
 561	ret = -EBUSY;
 562
 563	if (keyring) {
 564		if (keyring->restrict_link)
 565			return -EPERM;
 566
 567		link_ret = __key_link_begin(keyring, &key->index_key, &edit);
 568	}
 569
 570	mutex_lock(&key_construction_mutex);
 571
 572	/* can't instantiate twice */
 573	if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
 574		/* mark the key as being negatively instantiated */
 575		atomic_inc(&key->user->nikeys);
 576		key->reject_error = -error;
 577		smp_wmb();
 578		set_bit(KEY_FLAG_NEGATIVE, &key->flags);
 579		set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
 580		now = current_kernel_time();
 581		key->expiry = now.tv_sec + timeout;
 582		key_schedule_gc(key->expiry + key_gc_delay);
 583
 584		if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))
 585			awaken = 1;
 586
 587		ret = 0;
 588
 589		/* and link it into the destination keyring */
 590		if (keyring && link_ret == 0)
 591			__key_link(key, &edit);
 592
 593		/* disable the authorisation key */
 594		if (authkey)
 595			key_revoke(authkey);
 596	}
 597
 598	mutex_unlock(&key_construction_mutex);
 599
 600	if (keyring && link_ret == 0)
 601		__key_link_end(keyring, &key->index_key, edit);
 602
 603	/* wake up anyone waiting for a key to be constructed */
 604	if (awaken)
 605		wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT);
 606
 607	return ret == 0 ? link_ret : ret;
 608}
 609EXPORT_SYMBOL(key_reject_and_link);
 610
 611/**
 612 * key_put - Discard a reference to a key.
 613 * @key: The key to discard a reference from.
 614 *
 615 * Discard a reference to a key, and when all the references are gone, we
 616 * schedule the cleanup task to come and pull it out of the tree in process
 617 * context at some later time.
 618 */
 619void key_put(struct key *key)
 620{
 621	if (key) {
 622		key_check(key);
 623
 624		if (atomic_dec_and_test(&key->usage))
 625			schedule_work(&key_gc_work);
 626	}
 627}
 628EXPORT_SYMBOL(key_put);
 629
 630/*
 631 * Find a key by its serial number.
 632 */
 633struct key *key_lookup(key_serial_t id)
 634{
 635	struct rb_node *n;
 636	struct key *key;
 637
 638	spin_lock(&key_serial_lock);
 639
 640	/* search the tree for the specified key */
 641	n = key_serial_tree.rb_node;
 642	while (n) {
 643		key = rb_entry(n, struct key, serial_node);
 644
 645		if (id < key->serial)
 646			n = n->rb_left;
 647		else if (id > key->serial)
 648			n = n->rb_right;
 649		else
 650			goto found;
 651	}
 652
 653not_found:
 654	key = ERR_PTR(-ENOKEY);
 655	goto error;
 656
 657found:
 658	/* pretend it doesn't exist if it is awaiting deletion */
 659	if (atomic_read(&key->usage) == 0)
 660		goto not_found;
 661
 662	/* this races with key_put(), but that doesn't matter since key_put()
 663	 * doesn't actually change the key
 664	 */
 665	__key_get(key);
 666
 667error:
 668	spin_unlock(&key_serial_lock);
 669	return key;
 670}
 671
 672/*
 673 * Find and lock the specified key type against removal.
 674 *
 675 * We return with the sem read-locked if successful.  If the type wasn't
 676 * available -ENOKEY is returned instead.
 677 */
 678struct key_type *key_type_lookup(const char *type)
 679{
 680	struct key_type *ktype;
 681
 682	down_read(&key_types_sem);
 683
 684	/* look up the key type to see if it's one of the registered kernel
 685	 * types */
 686	list_for_each_entry(ktype, &key_types_list, link) {
 687		if (strcmp(ktype->name, type) == 0)
 688			goto found_kernel_type;
 689	}
 690
 691	up_read(&key_types_sem);
 692	ktype = ERR_PTR(-ENOKEY);
 693
 694found_kernel_type:
 695	return ktype;
 696}
 697
 698void key_set_timeout(struct key *key, unsigned timeout)
 699{
 700	struct timespec now;
 701	time_t expiry = 0;
 702
 703	/* make the changes with the locks held to prevent races */
 704	down_write(&key->sem);
 705
 706	if (timeout > 0) {
 707		now = current_kernel_time();
 708		expiry = now.tv_sec + timeout;
 709	}
 710
 711	key->expiry = expiry;
 712	key_schedule_gc(key->expiry + key_gc_delay);
 713
 714	up_write(&key->sem);
 715}
 716EXPORT_SYMBOL_GPL(key_set_timeout);
 717
 718/*
 719 * Unlock a key type locked by key_type_lookup().
 720 */
 721void key_type_put(struct key_type *ktype)
 722{
 723	up_read(&key_types_sem);
 724}
 725
 726/*
 727 * Attempt to update an existing key.
 728 *
 729 * The key is given to us with an incremented refcount that we need to discard
 730 * if we get an error.
 731 */
 732static inline key_ref_t __key_update(key_ref_t key_ref,
 733				     struct key_preparsed_payload *prep)
 734{
 735	struct key *key = key_ref_to_ptr(key_ref);
 736	int ret;
 737
 738	/* need write permission on the key to update it */
 739	ret = key_permission(key_ref, KEY_NEED_WRITE);
 740	if (ret < 0)
 741		goto error;
 742
 743	ret = -EEXIST;
 744	if (!key->type->update)
 745		goto error;
 746
 747	down_write(&key->sem);
 748
 749	ret = key->type->update(key, prep);
 750	if (ret == 0)
 751		/* updating a negative key instantiates it */
 752		clear_bit(KEY_FLAG_NEGATIVE, &key->flags);
 753
 754	up_write(&key->sem);
 755
 756	if (ret < 0)
 757		goto error;
 758out:
 759	return key_ref;
 760
 761error:
 762	key_put(key);
 763	key_ref = ERR_PTR(ret);
 764	goto out;
 765}
 766
 767/**
 768 * key_create_or_update - Update or create and instantiate a key.
 769 * @keyring_ref: A pointer to the destination keyring with possession flag.
 770 * @type: The type of key.
 771 * @description: The searchable description for the key.
 772 * @payload: The data to use to instantiate or update the key.
 773 * @plen: The length of @payload.
 774 * @perm: The permissions mask for a new key.
 775 * @flags: The quota flags for a new key.
 776 *
 777 * Search the destination keyring for a key of the same description and if one
 778 * is found, update it, otherwise create and instantiate a new one and create a
 779 * link to it from that keyring.
 780 *
 781 * If perm is KEY_PERM_UNDEF then an appropriate key permissions mask will be
 782 * concocted.
 783 *
 784 * Returns a pointer to the new key if successful, -ENODEV if the key type
 785 * wasn't available, -ENOTDIR if the keyring wasn't a keyring, -EACCES if the
 786 * caller isn't permitted to modify the keyring or the LSM did not permit
 787 * creation of the key.
 788 *
 789 * On success, the possession flag from the keyring ref will be tacked on to
 790 * the key ref before it is returned.
 791 */
 792key_ref_t key_create_or_update(key_ref_t keyring_ref,
 793			       const char *type,
 794			       const char *description,
 795			       const void *payload,
 796			       size_t plen,
 797			       key_perm_t perm,
 798			       unsigned long flags)
 799{
 800	struct keyring_index_key index_key = {
 801		.description	= description,
 802	};
 803	struct key_preparsed_payload prep;
 804	struct assoc_array_edit *edit;
 805	const struct cred *cred = current_cred();
 806	struct key *keyring, *key = NULL;
 807	key_ref_t key_ref;
 808	int ret;
 809	int (*restrict_link)(struct key *,
 810			     const struct key_type *,
 811			     const union key_payload *) = NULL;
 812
 813	/* look up the key type to see if it's one of the registered kernel
 814	 * types */
 815	index_key.type = key_type_lookup(type);
 816	if (IS_ERR(index_key.type)) {
 817		key_ref = ERR_PTR(-ENODEV);
 818		goto error;
 819	}
 820
 821	key_ref = ERR_PTR(-EINVAL);
 822	if (!index_key.type->instantiate ||
 823	    (!index_key.description && !index_key.type->preparse))
 824		goto error_put_type;
 825
 826	keyring = key_ref_to_ptr(keyring_ref);
 827
 828	key_check(keyring);
 829
 830	key_ref = ERR_PTR(-EPERM);
 831	if (!(flags & KEY_ALLOC_BYPASS_RESTRICTION))
 832		restrict_link = keyring->restrict_link;
 833
 834	key_ref = ERR_PTR(-ENOTDIR);
 835	if (keyring->type != &key_type_keyring)
 836		goto error_put_type;
 837
 838	memset(&prep, 0, sizeof(prep));
 839	prep.data = payload;
 840	prep.datalen = plen;
 841	prep.quotalen = index_key.type->def_datalen;
 842	prep.expiry = TIME_T_MAX;
 843	if (index_key.type->preparse) {
 844		ret = index_key.type->preparse(&prep);
 845		if (ret < 0) {
 846			key_ref = ERR_PTR(ret);
 847			goto error_free_prep;
 848		}
 849		if (!index_key.description)
 850			index_key.description = prep.description;
 851		key_ref = ERR_PTR(-EINVAL);
 852		if (!index_key.description)
 853			goto error_free_prep;
 854	}
 855	index_key.desc_len = strlen(index_key.description);
 856
 857	if (restrict_link) {
 858		ret = restrict_link(keyring, index_key.type, &prep.payload);
 859		if (ret < 0) {
 860			key_ref = ERR_PTR(ret);
 861			goto error_free_prep;
 862		}
 863	}
 864
 865	ret = __key_link_begin(keyring, &index_key, &edit);
 866	if (ret < 0) {
 867		key_ref = ERR_PTR(ret);
 868		goto error_free_prep;
 869	}
 870
 871	/* if we're going to allocate a new key, we're going to have
 872	 * to modify the keyring */
 873	ret = key_permission(keyring_ref, KEY_NEED_WRITE);
 874	if (ret < 0) {
 875		key_ref = ERR_PTR(ret);
 876		goto error_link_end;
 877	}
 878
 879	/* if it's possible to update this type of key, search for an existing
 880	 * key of the same type and description in the destination keyring and
 881	 * update that instead if possible
 882	 */
 883	if (index_key.type->update) {
 884		key_ref = find_key_to_update(keyring_ref, &index_key);
 885		if (key_ref)
 886			goto found_matching_key;
 887	}
 888
 889	/* if the client doesn't provide, decide on the permissions we want */
 890	if (perm == KEY_PERM_UNDEF) {
 891		perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
 892		perm |= KEY_USR_VIEW;
 893
 894		if (index_key.type->read)
 895			perm |= KEY_POS_READ;
 896
 897		if (index_key.type == &key_type_keyring ||
 898		    index_key.type->update)
 899			perm |= KEY_POS_WRITE;
 900	}
 901
 902	/* allocate a new key */
 903	key = key_alloc(index_key.type, index_key.description,
 904			cred->fsuid, cred->fsgid, cred, perm, flags, NULL);
 905	if (IS_ERR(key)) {
 906		key_ref = ERR_CAST(key);
 907		goto error_link_end;
 908	}
 909
 910	/* instantiate it and link it into the target keyring */
 911	ret = __key_instantiate_and_link(key, &prep, keyring, NULL, &edit);
 912	if (ret < 0) {
 913		key_put(key);
 914		key_ref = ERR_PTR(ret);
 915		goto error_link_end;
 916	}
 917
 918	key_ref = make_key_ref(key, is_key_possessed(keyring_ref));
 919
 920error_link_end:
 921	__key_link_end(keyring, &index_key, edit);
 922error_free_prep:
 923	if (index_key.type->preparse)
 924		index_key.type->free_preparse(&prep);
 925error_put_type:
 926	key_type_put(index_key.type);
 927error:
 928	return key_ref;
 929
 930 found_matching_key:
 931	/* we found a matching key, so we're going to try to update it
 932	 * - we can drop the locks first as we have the key pinned
 933	 */
 934	__key_link_end(keyring, &index_key, edit);
 935
 936	key_ref = __key_update(key_ref, &prep);
 937	goto error_free_prep;
 938}
 939EXPORT_SYMBOL(key_create_or_update);
 940
 941/**
 942 * key_update - Update a key's contents.
 943 * @key_ref: The pointer (plus possession flag) to the key.
 944 * @payload: The data to be used to update the key.
 945 * @plen: The length of @payload.
 946 *
 947 * Attempt to update the contents of a key with the given payload data.  The
 948 * caller must be granted Write permission on the key.  Negative keys can be
 949 * instantiated by this method.
 950 *
 951 * Returns 0 on success, -EACCES if not permitted and -EOPNOTSUPP if the key
 952 * type does not support updating.  The key type may return other errors.
 953 */
 954int key_update(key_ref_t key_ref, const void *payload, size_t plen)
 955{
 956	struct key_preparsed_payload prep;
 957	struct key *key = key_ref_to_ptr(key_ref);
 958	int ret;
 959
 960	key_check(key);
 961
 962	/* the key must be writable */
 963	ret = key_permission(key_ref, KEY_NEED_WRITE);
 964	if (ret < 0)
 965		goto error;
 966
 967	/* attempt to update it if supported */
 968	ret = -EOPNOTSUPP;
 969	if (!key->type->update)
 970		goto error;
 971
 972	memset(&prep, 0, sizeof(prep));
 973	prep.data = payload;
 974	prep.datalen = plen;
 975	prep.quotalen = key->type->def_datalen;
 976	prep.expiry = TIME_T_MAX;
 977	if (key->type->preparse) {
 978		ret = key->type->preparse(&prep);
 979		if (ret < 0)
 980			goto error;
 981	}
 982
 983	down_write(&key->sem);
 984
 985	ret = key->type->update(key, &prep);
 986	if (ret == 0)
 987		/* updating a negative key instantiates it */
 988		clear_bit(KEY_FLAG_NEGATIVE, &key->flags);
 989
 990	up_write(&key->sem);
 991
 992error:
 993	if (key->type->preparse)
 994		key->type->free_preparse(&prep);
 995	return ret;
 996}
 997EXPORT_SYMBOL(key_update);
 998
 999/**
1000 * key_revoke - Revoke a key.
1001 * @key: The key to be revoked.
1002 *
1003 * Mark a key as being revoked and ask the type to free up its resources.  The
1004 * revocation timeout is set and the key and all its links will be
1005 * automatically garbage collected after key_gc_delay amount of time if they
1006 * are not manually dealt with first.
1007 */
1008void key_revoke(struct key *key)
1009{
1010	struct timespec now;
1011	time_t time;
1012
1013	key_check(key);
1014
1015	/* make sure no one's trying to change or use the key when we mark it
1016	 * - we tell lockdep that we might nest because we might be revoking an
1017	 *   authorisation key whilst holding the sem on a key we've just
1018	 *   instantiated
1019	 */
1020	down_write_nested(&key->sem, 1);
1021	if (!test_and_set_bit(KEY_FLAG_REVOKED, &key->flags) &&
1022	    key->type->revoke)
1023		key->type->revoke(key);
1024
1025	/* set the death time to no more than the expiry time */
1026	now = current_kernel_time();
1027	time = now.tv_sec;
1028	if (key->revoked_at == 0 || key->revoked_at > time) {
1029		key->revoked_at = time;
1030		key_schedule_gc(key->revoked_at + key_gc_delay);
1031	}
1032
1033	up_write(&key->sem);
1034}
1035EXPORT_SYMBOL(key_revoke);
1036
1037/**
1038 * key_invalidate - Invalidate a key.
1039 * @key: The key to be invalidated.
1040 *
1041 * Mark a key as being invalidated and have it cleaned up immediately.  The key
1042 * is ignored by all searches and other operations from this point.
1043 */
1044void key_invalidate(struct key *key)
1045{
1046	kenter("%d", key_serial(key));
1047
1048	key_check(key);
1049
1050	if (!test_bit(KEY_FLAG_INVALIDATED, &key->flags)) {
1051		down_write_nested(&key->sem, 1);
1052		if (!test_and_set_bit(KEY_FLAG_INVALIDATED, &key->flags))
1053			key_schedule_gc_links();
1054		up_write(&key->sem);
1055	}
1056}
1057EXPORT_SYMBOL(key_invalidate);
1058
1059/**
1060 * generic_key_instantiate - Simple instantiation of a key from preparsed data
1061 * @key: The key to be instantiated
1062 * @prep: The preparsed data to load.
1063 *
1064 * Instantiate a key from preparsed data.  We assume we can just copy the data
1065 * in directly and clear the old pointers.
1066 *
1067 * This can be pointed to directly by the key type instantiate op pointer.
1068 */
1069int generic_key_instantiate(struct key *key, struct key_preparsed_payload *prep)
1070{
1071	int ret;
1072
1073	pr_devel("==>%s()\n", __func__);
1074
1075	ret = key_payload_reserve(key, prep->quotalen);
1076	if (ret == 0) {
1077		rcu_assign_keypointer(key, prep->payload.data[0]);
1078		key->payload.data[1] = prep->payload.data[1];
1079		key->payload.data[2] = prep->payload.data[2];
1080		key->payload.data[3] = prep->payload.data[3];
1081		prep->payload.data[0] = NULL;
1082		prep->payload.data[1] = NULL;
1083		prep->payload.data[2] = NULL;
1084		prep->payload.data[3] = NULL;
1085	}
1086	pr_devel("<==%s() = %d\n", __func__, ret);
1087	return ret;
1088}
1089EXPORT_SYMBOL(generic_key_instantiate);
1090
1091/**
1092 * register_key_type - Register a type of key.
1093 * @ktype: The new key type.
1094 *
1095 * Register a new key type.
1096 *
1097 * Returns 0 on success or -EEXIST if a type of this name already exists.
1098 */
1099int register_key_type(struct key_type *ktype)
1100{
1101	struct key_type *p;
1102	int ret;
1103
1104	memset(&ktype->lock_class, 0, sizeof(ktype->lock_class));
1105
1106	ret = -EEXIST;
1107	down_write(&key_types_sem);
1108
1109	/* disallow key types with the same name */
1110	list_for_each_entry(p, &key_types_list, link) {
1111		if (strcmp(p->name, ktype->name) == 0)
1112			goto out;
1113	}
1114
1115	/* store the type */
1116	list_add(&ktype->link, &key_types_list);
1117
1118	pr_notice("Key type %s registered\n", ktype->name);
1119	ret = 0;
1120
1121out:
1122	up_write(&key_types_sem);
1123	return ret;
1124}
1125EXPORT_SYMBOL(register_key_type);
1126
1127/**
1128 * unregister_key_type - Unregister a type of key.
1129 * @ktype: The key type.
1130 *
1131 * Unregister a key type and mark all the extant keys of this type as dead.
1132 * Those keys of this type are then destroyed to get rid of their payloads and
1133 * they and their links will be garbage collected as soon as possible.
1134 */
1135void unregister_key_type(struct key_type *ktype)
1136{
1137	down_write(&key_types_sem);
1138	list_del_init(&ktype->link);
1139	downgrade_write(&key_types_sem);
1140	key_gc_keytype(ktype);
1141	pr_notice("Key type %s unregistered\n", ktype->name);
1142	up_read(&key_types_sem);
1143}
1144EXPORT_SYMBOL(unregister_key_type);
1145
1146/*
1147 * Initialise the key management state.
1148 */
1149void __init key_init(void)
1150{
1151	/* allocate a slab in which we can store keys */
1152	key_jar = kmem_cache_create("key_jar", sizeof(struct key),
1153			0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
1154
1155	/* add the special key types */
1156	list_add_tail(&key_type_keyring.link, &key_types_list);
1157	list_add_tail(&key_type_dead.link, &key_types_list);
1158	list_add_tail(&key_type_user.link, &key_types_list);
1159	list_add_tail(&key_type_logon.link, &key_types_list);
1160
1161	/* record the root user tracking */
1162	rb_link_node(&root_key_user.node,
1163		     NULL,
1164		     &key_user_tree.rb_node);
1165
1166	rb_insert_color(&root_key_user.node,
1167			&key_user_tree);
1168}
Configure Feed

Configure Feed
