linux/security/keys/keyring.c
<<
>>
Prefs
   1/* Keyring handling
   2 *
   3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public License
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the License, or (at your option) any later version.
  10 */
  11
  12#include <linux/module.h>
  13#include <linux/init.h>
  14#include <linux/sched.h>
  15#include <linux/slab.h>
  16#include <linux/security.h>
  17#include <linux/seq_file.h>
  18#include <linux/err.h>
  19#include <asm/uaccess.h>
  20#include "internal.h"
  21
  22/*
  23 * when plumbing the depths of the key tree, this sets a hard limit set on how
  24 * deep we're willing to go
  25 */
  26#define KEYRING_SEARCH_MAX_DEPTH 6
  27
  28/*
  29 * we keep all named keyrings in a hash to speed looking them up
  30 */
  31#define KEYRING_NAME_HASH_SIZE  (1 << 5)
  32
  33static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE];
  34static DEFINE_RWLOCK(keyring_name_lock);
  35
  36static inline unsigned keyring_hash(const char *desc)
  37{
  38        unsigned bucket = 0;
  39
  40        for (; *desc; desc++)
  41                bucket += (unsigned char) *desc;
  42
  43        return bucket & (KEYRING_NAME_HASH_SIZE - 1);
  44}
  45
  46/*
  47 * the keyring type definition
  48 */
  49static int keyring_instantiate(struct key *keyring,
  50                               const void *data, size_t datalen);
  51static int keyring_match(const struct key *keyring, const void *criterion);
  52static void keyring_revoke(struct key *keyring);
  53static void keyring_destroy(struct key *keyring);
  54static void keyring_describe(const struct key *keyring, struct seq_file *m);
  55static long keyring_read(const struct key *keyring,
  56                         char __user *buffer, size_t buflen);
  57
  58struct key_type key_type_keyring = {
  59        .name           = "keyring",
  60        .def_datalen    = sizeof(struct keyring_list),
  61        .instantiate    = keyring_instantiate,
  62        .match          = keyring_match,
  63        .revoke         = keyring_revoke,
  64        .destroy        = keyring_destroy,
  65        .describe       = keyring_describe,
  66        .read           = keyring_read,
  67};
  68
  69EXPORT_SYMBOL(key_type_keyring);
  70
  71/*
  72 * semaphore to serialise link/link calls to prevent two link calls in parallel
  73 * introducing a cycle
  74 */
  75static DECLARE_RWSEM(keyring_serialise_link_sem);
  76
  77/*****************************************************************************/
  78/*
  79 * publish the name of a keyring so that it can be found by name (if it has
  80 * one)
  81 */
  82static void keyring_publish_name(struct key *keyring)
  83{
  84        int bucket;
  85
  86        if (keyring->description) {
  87                bucket = keyring_hash(keyring->description);
  88
  89                write_lock(&keyring_name_lock);
  90
  91                if (!keyring_name_hash[bucket].next)
  92                        INIT_LIST_HEAD(&keyring_name_hash[bucket]);
  93
  94                list_add_tail(&keyring->type_data.link,
  95                              &keyring_name_hash[bucket]);
  96
  97                write_unlock(&keyring_name_lock);
  98        }
  99
 100} /* end keyring_publish_name() */
 101
 102/*****************************************************************************/
 103/*
 104 * initialise a keyring
 105 * - we object if we were given any data
 106 */
 107static int keyring_instantiate(struct key *keyring,
 108                               const void *data, size_t datalen)
 109{
 110        int ret;
 111
 112        ret = -EINVAL;
 113        if (datalen == 0) {
 114                /* make the keyring available by name if it has one */
 115                keyring_publish_name(keyring);
 116                ret = 0;
 117        }
 118
 119        return ret;
 120
 121} /* end keyring_instantiate() */
 122
 123/*****************************************************************************/
 124/*
 125 * match keyrings on their name
 126 */
 127static int keyring_match(const struct key *keyring, const void *description)
 128{
 129        return keyring->description &&
 130                strcmp(keyring->description, description) == 0;
 131
 132} /* end keyring_match() */
 133
 134/*****************************************************************************/
 135/*
 136 * dispose of the data dangling from the corpse of a keyring
 137 */
 138static void keyring_destroy(struct key *keyring)
 139{
 140        struct keyring_list *klist;
 141        int loop;
 142
 143        if (keyring->description) {
 144                write_lock(&keyring_name_lock);
 145
 146                if (keyring->type_data.link.next != NULL &&
 147                    !list_empty(&keyring->type_data.link))
 148                        list_del(&keyring->type_data.link);
 149
 150                write_unlock(&keyring_name_lock);
 151        }
 152
 153        klist = rcu_dereference(keyring->payload.subscriptions);
 154        if (klist) {
 155                for (loop = klist->nkeys - 1; loop >= 0; loop--)
 156                        key_put(klist->keys[loop]);
 157                kfree(klist);
 158        }
 159
 160} /* end keyring_destroy() */
 161
 162/*****************************************************************************/
 163/*
 164 * describe the keyring
 165 */
 166static void keyring_describe(const struct key *keyring, struct seq_file *m)
 167{
 168        struct keyring_list *klist;
 169
 170        if (keyring->description) {
 171                seq_puts(m, keyring->description);
 172        }
 173        else {
 174                seq_puts(m, "[anon]");
 175        }
 176
 177        rcu_read_lock();
 178        klist = rcu_dereference(keyring->payload.subscriptions);
 179        if (klist)
 180                seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys);
 181        else
 182                seq_puts(m, ": empty");
 183        rcu_read_unlock();
 184
 185} /* end keyring_describe() */
 186
 187/*****************************************************************************/
 188/*
 189 * read a list of key IDs from the keyring's contents
 190 * - the keyring's semaphore is read-locked
 191 */
 192static long keyring_read(const struct key *keyring,
 193                         char __user *buffer, size_t buflen)
 194{
 195        struct keyring_list *klist;
 196        struct key *key;
 197        size_t qty, tmp;
 198        int loop, ret;
 199
 200        ret = 0;
 201        klist = rcu_dereference(keyring->payload.subscriptions);
 202
 203        if (klist) {
 204                /* calculate how much data we could return */
 205                qty = klist->nkeys * sizeof(key_serial_t);
 206
 207                if (buffer && buflen > 0) {
 208                        if (buflen > qty)
 209                                buflen = qty;
 210
 211                        /* copy the IDs of the subscribed keys into the
 212                         * buffer */
 213                        ret = -EFAULT;
 214
 215                        for (loop = 0; loop < klist->nkeys; loop++) {
 216                                key = klist->keys[loop];
 217
 218                                tmp = sizeof(key_serial_t);
 219                                if (tmp > buflen)
 220                                        tmp = buflen;
 221
 222                                if (copy_to_user(buffer,
 223                                                 &key->serial,
 224                                                 tmp) != 0)
 225                                        goto error;
 226
 227                                buflen -= tmp;
 228                                if (buflen == 0)
 229                                        break;
 230                                buffer += tmp;
 231                        }
 232                }
 233
 234                ret = qty;
 235        }
 236
 237 error:
 238        return ret;
 239
 240} /* end keyring_read() */
 241
 242/*****************************************************************************/
 243/*
 244 * allocate a keyring and link into the destination keyring
 245 */
 246struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
 247                          struct task_struct *ctx, unsigned long flags,
 248                          struct key *dest)
 249{
 250        struct key *keyring;
 251        int ret;
 252
 253        keyring = key_alloc(&key_type_keyring, description,
 254                            uid, gid, ctx,
 255                            (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL,
 256                            flags);
 257
 258        if (!IS_ERR(keyring)) {
 259                ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);
 260                if (ret < 0) {
 261                        key_put(keyring);
 262                        keyring = ERR_PTR(ret);
 263                }
 264        }
 265
 266        return keyring;
 267
 268} /* end keyring_alloc() */
 269
 270/*****************************************************************************/
 271/*
 272 * search the supplied keyring tree for a key that matches the criterion
 273 * - perform a breadth-then-depth search up to the prescribed limit
 274 * - we only find keys on which we have search permission
 275 * - we use the supplied match function to see if the description (or other
 276 *   feature of interest) matches
 277 * - we rely on RCU to prevent the keyring lists from disappearing on us
 278 * - we return -EAGAIN if we didn't find any matching key
 279 * - we return -ENOKEY if we only found negative matching keys
 280 * - we propagate the possession attribute from the keyring ref to the key ref
 281 */
 282key_ref_t keyring_search_aux(key_ref_t keyring_ref,
 283                             struct task_struct *context,
 284                             struct key_type *type,
 285                             const void *description,
 286                             key_match_func_t match)
 287{
 288        struct {
 289                struct keyring_list *keylist;
 290                int kix;
 291        } stack[KEYRING_SEARCH_MAX_DEPTH];
 292
 293        struct keyring_list *keylist;
 294        struct timespec now;
 295        unsigned long possessed, kflags;
 296        struct key *keyring, *key;
 297        key_ref_t key_ref;
 298        long err;
 299        int sp, kix;
 300
 301        keyring = key_ref_to_ptr(keyring_ref);
 302        possessed = is_key_possessed(keyring_ref);
 303        key_check(keyring);
 304
 305        /* top keyring must have search permission to begin the search */
 306        err = key_task_permission(keyring_ref, context, KEY_SEARCH);
 307        if (err < 0) {
 308                key_ref = ERR_PTR(err);
 309                goto error;
 310        }
 311
 312        key_ref = ERR_PTR(-ENOTDIR);
 313        if (keyring->type != &key_type_keyring)
 314                goto error;
 315
 316        rcu_read_lock();
 317
 318        now = current_kernel_time();
 319        err = -EAGAIN;
 320        sp = 0;
 321
 322        /* firstly we should check to see if this top-level keyring is what we
 323         * are looking for */
 324        key_ref = ERR_PTR(-EAGAIN);
 325        kflags = keyring->flags;
 326        if (keyring->type == type && match(keyring, description)) {
 327                key = keyring;
 328
 329                /* check it isn't negative and hasn't expired or been
 330                 * revoked */
 331                if (kflags & (1 << KEY_FLAG_REVOKED))
 332                        goto error_2;
 333                if (key->expiry && now.tv_sec >= key->expiry)
 334                        goto error_2;
 335                key_ref = ERR_PTR(-ENOKEY);
 336                if (kflags & (1 << KEY_FLAG_NEGATIVE))
 337                        goto error_2;
 338                goto found;
 339        }
 340
 341        /* otherwise, the top keyring must not be revoked, expired, or
 342         * negatively instantiated if we are to search it */
 343        key_ref = ERR_PTR(-EAGAIN);
 344        if (kflags & ((1 << KEY_FLAG_REVOKED) | (1 << KEY_FLAG_NEGATIVE)) ||
 345            (keyring->expiry && now.tv_sec >= keyring->expiry))
 346                goto error_2;
 347
 348        /* start processing a new keyring */
 349descend:
 350        if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
 351                goto not_this_keyring;
 352
 353        keylist = rcu_dereference(keyring->payload.subscriptions);
 354        if (!keylist)
 355                goto not_this_keyring;
 356
 357        /* iterate through the keys in this keyring first */
 358        for (kix = 0; kix < keylist->nkeys; kix++) {
 359                key = keylist->keys[kix];
 360                kflags = key->flags;
 361
 362                /* ignore keys not of this type */
 363                if (key->type != type)
 364                        continue;
 365
 366                /* skip revoked keys and expired keys */
 367                if (kflags & (1 << KEY_FLAG_REVOKED))
 368                        continue;
 369
 370                if (key->expiry && now.tv_sec >= key->expiry)
 371                        continue;
 372
 373                /* keys that don't match */
 374                if (!match(key, description))
 375                        continue;
 376
 377                /* key must have search permissions */
 378                if (key_task_permission(make_key_ref(key, possessed),
 379                                        context, KEY_SEARCH) < 0)
 380                        continue;
 381
 382                /* we set a different error code if we pass a negative key */
 383                if (kflags & (1 << KEY_FLAG_NEGATIVE)) {
 384                        err = -ENOKEY;
 385                        continue;
 386                }
 387
 388                goto found;
 389        }
 390
 391        /* search through the keyrings nested in this one */
 392        kix = 0;
 393ascend:
 394        for (; kix < keylist->nkeys; kix++) {
 395                key = keylist->keys[kix];
 396                if (key->type != &key_type_keyring)
 397                        continue;
 398
 399                /* recursively search nested keyrings
 400                 * - only search keyrings for which we have search permission
 401                 */
 402                if (sp >= KEYRING_SEARCH_MAX_DEPTH)
 403                        continue;
 404
 405                if (key_task_permission(make_key_ref(key, possessed),
 406                                        context, KEY_SEARCH) < 0)
 407                        continue;
 408
 409                /* stack the current position */
 410                stack[sp].keylist = keylist;
 411                stack[sp].kix = kix;
 412                sp++;
 413
 414                /* begin again with the new keyring */
 415                keyring = key;
 416                goto descend;
 417        }
 418
 419        /* the keyring we're looking at was disqualified or didn't contain a
 420         * matching key */
 421not_this_keyring:
 422        if (sp > 0) {
 423                /* resume the processing of a keyring higher up in the tree */
 424                sp--;
 425                keylist = stack[sp].keylist;
 426                kix = stack[sp].kix + 1;
 427                goto ascend;
 428        }
 429
 430        key_ref = ERR_PTR(err);
 431        goto error_2;
 432
 433        /* we found a viable match */
 434found:
 435        atomic_inc(&key->usage);
 436        key_check(key);
 437        key_ref = make_key_ref(key, possessed);
 438error_2:
 439        rcu_read_unlock();
 440error:
 441        return key_ref;
 442
 443} /* end keyring_search_aux() */
 444
 445/*****************************************************************************/
 446/*
 447 * search the supplied keyring tree for a key that matches the criterion
 448 * - perform a breadth-then-depth search up to the prescribed limit
 449 * - we only find keys on which we have search permission
 450 * - we readlock the keyrings as we search down the tree
 451 * - we return -EAGAIN if we didn't find any matching key
 452 * - we return -ENOKEY if we only found negative matching keys
 453 */
 454key_ref_t keyring_search(key_ref_t keyring,
 455                         struct key_type *type,
 456                         const char *description)
 457{
 458        if (!type->match)
 459                return ERR_PTR(-ENOKEY);
 460
 461        return keyring_search_aux(keyring, current,
 462                                  type, description, type->match);
 463
 464} /* end keyring_search() */
 465
 466EXPORT_SYMBOL(keyring_search);
 467
 468/*****************************************************************************/
 469/*
 470 * search the given keyring only (no recursion)
 471 * - keyring must be locked by caller
 472 * - caller must guarantee that the keyring is a keyring
 473 */
 474key_ref_t __keyring_search_one(key_ref_t keyring_ref,
 475                               const struct key_type *ktype,
 476                               const char *description,
 477                               key_perm_t perm)
 478{
 479        struct keyring_list *klist;
 480        unsigned long possessed;
 481        struct key *keyring, *key;
 482        int loop;
 483
 484        keyring = key_ref_to_ptr(keyring_ref);
 485        possessed = is_key_possessed(keyring_ref);
 486
 487        rcu_read_lock();
 488
 489        klist = rcu_dereference(keyring->payload.subscriptions);
 490        if (klist) {
 491                for (loop = 0; loop < klist->nkeys; loop++) {
 492                        key = klist->keys[loop];
 493
 494                        if (key->type == ktype &&
 495                            (!key->type->match ||
 496                             key->type->match(key, description)) &&
 497                            key_permission(make_key_ref(key, possessed),
 498                                           perm) == 0 &&
 499                            !test_bit(KEY_FLAG_REVOKED, &key->flags)
 500                            )
 501                                goto found;
 502                }
 503        }
 504
 505        rcu_read_unlock();
 506        return ERR_PTR(-ENOKEY);
 507
 508 found:
 509        atomic_inc(&key->usage);
 510        rcu_read_unlock();
 511        return make_key_ref(key, possessed);
 512
 513} /* end __keyring_search_one() */
 514
 515/*****************************************************************************/
 516/*
 517 * find a keyring with the specified name
 518 * - all named keyrings are searched
 519 * - normally only finds keyrings with search permission for the current process
 520 */
 521struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
 522{
 523        struct key *keyring;
 524        int bucket;
 525
 526        if (!name)
 527                return ERR_PTR(-EINVAL);
 528
 529        bucket = keyring_hash(name);
 530
 531        read_lock(&keyring_name_lock);
 532
 533        if (keyring_name_hash[bucket].next) {
 534                /* search this hash bucket for a keyring with a matching name
 535                 * that's readable and that hasn't been revoked */
 536                list_for_each_entry(keyring,
 537                                    &keyring_name_hash[bucket],
 538                                    type_data.link
 539                                    ) {
 540                        if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
 541                                continue;
 542
 543                        if (strcmp(keyring->description, name) != 0)
 544                                continue;
 545
 546                        if (!skip_perm_check &&
 547                            key_permission(make_key_ref(keyring, 0),
 548                                           KEY_SEARCH) < 0)
 549                                continue;
 550
 551                        /* we've got a match but we might end up racing with
 552                         * key_cleanup() if the keyring is currently 'dead'
 553                         * (ie. it has a zero usage count) */
 554                        if (!atomic_inc_not_zero(&keyring->usage))
 555                                continue;
 556                        goto out;
 557                }
 558        }
 559
 560        keyring = ERR_PTR(-ENOKEY);
 561out:
 562        read_unlock(&keyring_name_lock);
 563        return keyring;
 564
 565} /* end find_keyring_by_name() */
 566
 567/*****************************************************************************/
 568/*
 569 * see if a cycle will will be created by inserting acyclic tree B in acyclic
 570 * tree A at the topmost level (ie: as a direct child of A)
 571 * - since we are adding B to A at the top level, checking for cycles should
 572 *   just be a matter of seeing if node A is somewhere in tree B
 573 */
 574static int keyring_detect_cycle(struct key *A, struct key *B)
 575{
 576        struct {
 577                struct keyring_list *keylist;
 578                int kix;
 579        } stack[KEYRING_SEARCH_MAX_DEPTH];
 580
 581        struct keyring_list *keylist;
 582        struct key *subtree, *key;
 583        int sp, kix, ret;
 584
 585        rcu_read_lock();
 586
 587        ret = -EDEADLK;
 588        if (A == B)
 589                goto cycle_detected;
 590
 591        subtree = B;
 592        sp = 0;
 593
 594        /* start processing a new keyring */
 595 descend:
 596        if (test_bit(KEY_FLAG_REVOKED, &subtree->flags))
 597                goto not_this_keyring;
 598
 599        keylist = rcu_dereference(subtree->payload.subscriptions);
 600        if (!keylist)
 601                goto not_this_keyring;
 602        kix = 0;
 603
 604 ascend:
 605        /* iterate through the remaining keys in this keyring */
 606        for (; kix < keylist->nkeys; kix++) {
 607                key = keylist->keys[kix];
 608
 609                if (key == A)
 610                        goto cycle_detected;
 611
 612                /* recursively check nested keyrings */
 613                if (key->type == &key_type_keyring) {
 614                        if (sp >= KEYRING_SEARCH_MAX_DEPTH)
 615                                goto too_deep;
 616
 617                        /* stack the current position */
 618                        stack[sp].keylist = keylist;
 619                        stack[sp].kix = kix;
 620                        sp++;
 621
 622                        /* begin again with the new keyring */
 623                        subtree = key;
 624                        goto descend;
 625                }
 626        }
 627
 628        /* the keyring we're looking at was disqualified or didn't contain a
 629         * matching key */
 630 not_this_keyring:
 631        if (sp > 0) {
 632                /* resume the checking of a keyring higher up in the tree */
 633                sp--;
 634                keylist = stack[sp].keylist;
 635                kix = stack[sp].kix + 1;
 636                goto ascend;
 637        }
 638
 639        ret = 0; /* no cycles detected */
 640
 641 error:
 642        rcu_read_unlock();
 643        return ret;
 644
 645 too_deep:
 646        ret = -ELOOP;
 647        goto error;
 648
 649 cycle_detected:
 650        ret = -EDEADLK;
 651        goto error;
 652
 653} /* end keyring_detect_cycle() */
 654
 655/*****************************************************************************/
 656/*
 657 * dispose of a keyring list after the RCU grace period
 658 */
 659static void keyring_link_rcu_disposal(struct rcu_head *rcu)
 660{
 661        struct keyring_list *klist =
 662                container_of(rcu, struct keyring_list, rcu);
 663
 664        kfree(klist);
 665
 666} /* end keyring_link_rcu_disposal() */
 667
 668/*****************************************************************************/
 669/*
 670 * dispose of a keyring list after the RCU grace period, freeing the unlinked
 671 * key
 672 */
 673static void keyring_unlink_rcu_disposal(struct rcu_head *rcu)
 674{
 675        struct keyring_list *klist =
 676                container_of(rcu, struct keyring_list, rcu);
 677
 678        key_put(klist->keys[klist->delkey]);
 679        kfree(klist);
 680
 681} /* end keyring_unlink_rcu_disposal() */
 682
 683/*****************************************************************************/
 684/*
 685 * link a key into to a keyring
 686 * - must be called with the keyring's semaphore write-locked
 687 * - discard already extant link to matching key if there is one
 688 */
 689int __key_link(struct key *keyring, struct key *key)
 690{
 691        struct keyring_list *klist, *nklist;
 692        unsigned max;
 693        size_t size;
 694        int loop, ret;
 695
 696        ret = -EKEYREVOKED;
 697        if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
 698                goto error;
 699
 700        ret = -ENOTDIR;
 701        if (keyring->type != &key_type_keyring)
 702                goto error;
 703
 704        /* serialise link/link calls to prevent parallel calls causing a
 705         * cycle when applied to two keyring in opposite orders */
 706        down_write(&keyring_serialise_link_sem);
 707
 708        /* check that we aren't going to create a cycle adding one keyring to
 709         * another */
 710        if (key->type == &key_type_keyring) {
 711                ret = keyring_detect_cycle(keyring, key);
 712                if (ret < 0)
 713                        goto error2;
 714        }
 715
 716        /* see if there's a matching key we can displace */
 717        klist = keyring->payload.subscriptions;
 718
 719        if (klist && klist->nkeys > 0) {
 720                struct key_type *type = key->type;
 721
 722                for (loop = klist->nkeys - 1; loop >= 0; loop--) {
 723                        if (klist->keys[loop]->type == type &&
 724                            strcmp(klist->keys[loop]->description,
 725                                   key->description) == 0
 726                            ) {
 727                                /* found a match - replace with new key */
 728                                size = sizeof(struct key *) * klist->maxkeys;
 729                                size += sizeof(*klist);
 730                                BUG_ON(size > PAGE_SIZE);
 731
 732                                ret = -ENOMEM;
 733                                nklist = kmemdup(klist, size, GFP_KERNEL);
 734                                if (!nklist)
 735                                        goto error2;
 736
 737                                /* replace matched key */
 738                                atomic_inc(&key->usage);
 739                                nklist->keys[loop] = key;
 740
 741                                rcu_assign_pointer(
 742                                        keyring->payload.subscriptions,
 743                                        nklist);
 744
 745                                /* dispose of the old keyring list and the
 746                                 * displaced key */
 747                                klist->delkey = loop;
 748                                call_rcu(&klist->rcu,
 749                                         keyring_unlink_rcu_disposal);
 750
 751                                goto done;
 752                        }
 753                }
 754        }
 755
 756        /* check that we aren't going to overrun the user's quota */
 757        ret = key_payload_reserve(keyring,
 758                                  keyring->datalen + KEYQUOTA_LINK_BYTES);
 759        if (ret < 0)
 760                goto error2;
 761
 762        klist = keyring->payload.subscriptions;
 763
 764        if (klist && klist->nkeys < klist->maxkeys) {
 765                /* there's sufficient slack space to add directly */
 766                atomic_inc(&key->usage);
 767
 768                klist->keys[klist->nkeys] = key;
 769                smp_wmb();
 770                klist->nkeys++;
 771                smp_wmb();
 772        }
 773        else {
 774                /* grow the key list */
 775                max = 4;
 776                if (klist)
 777                        max += klist->maxkeys;
 778
 779                ret = -ENFILE;
 780                if (max > 65535)
 781                        goto error3;
 782                size = sizeof(*klist) + sizeof(struct key *) * max;
 783                if (size > PAGE_SIZE)
 784                        goto error3;
 785
 786                ret = -ENOMEM;
 787                nklist = kmalloc(size, GFP_KERNEL);
 788                if (!nklist)
 789                        goto error3;
 790                nklist->maxkeys = max;
 791                nklist->nkeys = 0;
 792
 793                if (klist) {
 794                        nklist->nkeys = klist->nkeys;
 795                        memcpy(nklist->keys,
 796                               klist->keys,
 797                               sizeof(struct key *) * klist->nkeys);
 798                }
 799
 800                /* add the key into the new space */
 801                atomic_inc(&key->usage);
 802                nklist->keys[nklist->nkeys++] = key;
 803
 804                rcu_assign_pointer(keyring->payload.subscriptions, nklist);
 805
 806                /* dispose of the old keyring list */
 807                if (klist)
 808                        call_rcu(&klist->rcu, keyring_link_rcu_disposal);
 809        }
 810
 811done:
 812        ret = 0;
 813error2:
 814        up_write(&keyring_serialise_link_sem);
 815error:
 816        return ret;
 817
 818error3:
 819        /* undo the quota changes */
 820        key_payload_reserve(keyring,
 821                            keyring->datalen - KEYQUOTA_LINK_BYTES);
 822        goto error2;
 823
 824} /* end __key_link() */
 825
 826/*****************************************************************************/
 827/*
 828 * link a key to a keyring
 829 */
 830int key_link(struct key *keyring, struct key *key)
 831{
 832        int ret;
 833
 834        key_check(keyring);
 835        key_check(key);
 836
 837        down_write(&keyring->sem);
 838        ret = __key_link(keyring, key);
 839        up_write(&keyring->sem);
 840
 841        return ret;
 842
 843} /* end key_link() */
 844
 845EXPORT_SYMBOL(key_link);
 846
 847/*****************************************************************************/
 848/*
 849 * unlink the first link to a key from a keyring
 850 */
 851int key_unlink(struct key *keyring, struct key *key)
 852{
 853        struct keyring_list *klist, *nklist;
 854        int loop, ret;
 855
 856        key_check(keyring);
 857        key_check(key);
 858
 859        ret = -ENOTDIR;
 860        if (keyring->type != &key_type_keyring)
 861                goto error;
 862
 863        down_write(&keyring->sem);
 864
 865        klist = keyring->payload.subscriptions;
 866        if (klist) {
 867                /* search the keyring for the key */
 868                for (loop = 0; loop < klist->nkeys; loop++)
 869                        if (klist->keys[loop] == key)
 870                                goto key_is_present;
 871        }
 872
 873        up_write(&keyring->sem);
 874        ret = -ENOENT;
 875        goto error;
 876
 877key_is_present:
 878        /* we need to copy the key list for RCU purposes */
 879        nklist = kmalloc(sizeof(*klist) +
 880                         sizeof(struct key *) * klist->maxkeys,
 881                         GFP_KERNEL);
 882        if (!nklist)
 883                goto nomem;
 884        nklist->maxkeys = klist->maxkeys;
 885        nklist->nkeys = klist->nkeys - 1;
 886
 887        if (loop > 0)
 888                memcpy(&nklist->keys[0],
 889                       &klist->keys[0],
 890                       loop * sizeof(struct key *));
 891
 892        if (loop < nklist->nkeys)
 893                memcpy(&nklist->keys[loop],
 894                       &klist->keys[loop + 1],
 895                       (nklist->nkeys - loop) * sizeof(struct key *));
 896
 897        /* adjust the user's quota */
 898        key_payload_reserve(keyring,
 899                            keyring->datalen - KEYQUOTA_LINK_BYTES);
 900
 901        rcu_assign_pointer(keyring->payload.subscriptions, nklist);
 902
 903        up_write(&keyring->sem);
 904
 905        /* schedule for later cleanup */
 906        klist->delkey = loop;
 907        call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
 908
 909        ret = 0;
 910
 911error:
 912        return ret;
 913nomem:
 914        ret = -ENOMEM;
 915        up_write(&keyring->sem);
 916        goto error;
 917
 918} /* end key_unlink() */
 919
 920EXPORT_SYMBOL(key_unlink);
 921
 922/*****************************************************************************/
 923/*
 924 * dispose of a keyring list after the RCU grace period, releasing the keys it
 925 * links to
 926 */
 927static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
 928{
 929        struct keyring_list *klist;
 930        int loop;
 931
 932        klist = container_of(rcu, struct keyring_list, rcu);
 933
 934        for (loop = klist->nkeys - 1; loop >= 0; loop--)
 935                key_put(klist->keys[loop]);
 936
 937        kfree(klist);
 938
 939} /* end keyring_clear_rcu_disposal() */
 940
 941/*****************************************************************************/
 942/*
 943 * clear the specified process keyring
 944 * - implements keyctl(KEYCTL_CLEAR)
 945 */
 946int keyring_clear(struct key *keyring)
 947{
 948        struct keyring_list *klist;
 949        int ret;
 950
 951        ret = -ENOTDIR;
 952        if (keyring->type == &key_type_keyring) {
 953                /* detach the pointer block with the locks held */
 954                down_write(&keyring->sem);
 955
 956                klist = keyring->payload.subscriptions;
 957                if (klist) {
 958                        /* adjust the quota */
 959                        key_payload_reserve(keyring,
 960                                            sizeof(struct keyring_list));
 961
 962                        rcu_assign_pointer(keyring->payload.subscriptions,
 963                                           NULL);
 964                }
 965
 966                up_write(&keyring->sem);
 967
 968                /* free the keys after the locks have been dropped */
 969                if (klist)
 970                        call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
 971
 972                ret = 0;
 973        }
 974
 975        return ret;
 976
 977} /* end keyring_clear() */
 978
 979EXPORT_SYMBOL(keyring_clear);
 980
 981/*****************************************************************************/
 982/*
 983 * dispose of the links from a revoked keyring
 984 * - called with the key sem write-locked
 985 */
 986static void keyring_revoke(struct key *keyring)
 987{
 988        struct keyring_list *klist = keyring->payload.subscriptions;
 989
 990        /* adjust the quota */
 991        key_payload_reserve(keyring, 0);
 992
 993        if (klist) {
 994                rcu_assign_pointer(keyring->payload.subscriptions, NULL);
 995                call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
 996        }
 997
 998} /* end keyring_revoke() */
 999