LXR linux/security/keys/keyring.c

   1/* Keyring handling
   2 *
   3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public License
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the License, or (at your option) any later version.
  10 */
  11
  12#include <linux/module.h>
  13#include <linux/init.h>
  14#include <linux/sched.h>
  15#include <linux/slab.h>
  16#include <linux/security.h>
  17#include <linux/seq_file.h>
  18#include <linux/err.h>
  19#include <keys/keyring-type.h>
  20#include <asm/uaccess.h>
  21#include "internal.h"
  22
  23/*
  24 * when plumbing the depths of the key tree, this sets a hard limit set on how
  25 * deep we're willing to go
  26 */
  27#define KEYRING_SEARCH_MAX_DEPTH 6
  28
  29/*
  30 * we keep all named keyrings in a hash to speed looking them up
  31 */
  32#define KEYRING_NAME_HASH_SIZE  (1 << 5)
  33
  34static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE];
  35static DEFINE_RWLOCK(keyring_name_lock);
  36
  37static inline unsigned keyring_hash(const char *desc)
  38{
  39        unsigned bucket = 0;
  40
  41        for (; *desc; desc++)
  42                bucket += (unsigned char) *desc;
  43
  44        return bucket & (KEYRING_NAME_HASH_SIZE - 1);
  45}
  46
  47/*
  48 * the keyring type definition
  49 */
  50static int keyring_instantiate(struct key *keyring,
  51                               const void *data, size_t datalen);
  52static int keyring_match(const struct key *keyring, const void *criterion);
  53static void keyring_revoke(struct key *keyring);
  54static void keyring_destroy(struct key *keyring);
  55static void keyring_describe(const struct key *keyring, struct seq_file *m);
  56static long keyring_read(const struct key *keyring,
  57                         char __user *buffer, size_t buflen);
  58
  59struct key_type key_type_keyring = {
  60        .name           = "keyring",
  61        .def_datalen    = sizeof(struct keyring_list),
  62        .instantiate    = keyring_instantiate,
  63        .match          = keyring_match,
  64        .revoke         = keyring_revoke,
  65        .destroy        = keyring_destroy,
  66        .describe       = keyring_describe,
  67        .read           = keyring_read,
  68};
  69
  70EXPORT_SYMBOL(key_type_keyring);
  71
  72/*
  73 * semaphore to serialise link/link calls to prevent two link calls in parallel
  74 * introducing a cycle
  75 */
  76static DECLARE_RWSEM(keyring_serialise_link_sem);
  77
  78/*****************************************************************************/
  79/*
  80 * publish the name of a keyring so that it can be found by name (if it has
  81 * one)
  82 */
  83static void keyring_publish_name(struct key *keyring)
  84{
  85        int bucket;
  86
  87        if (keyring->description) {
  88                bucket = keyring_hash(keyring->description);
  89
  90                write_lock(&keyring_name_lock);
  91
  92                if (!keyring_name_hash[bucket].next)
  93                        INIT_LIST_HEAD(&keyring_name_hash[bucket]);
  94
  95                list_add_tail(&keyring->type_data.link,
  96                              &keyring_name_hash[bucket]);
  97
  98                write_unlock(&keyring_name_lock);
  99        }
 100
 101} /* end keyring_publish_name() */
 102
 103/*****************************************************************************/
 104/*
 105 * initialise a keyring
 106 * - we object if we were given any data
 107 */
 108static int keyring_instantiate(struct key *keyring,
 109                               const void *data, size_t datalen)
 110{
 111        int ret;
 112
 113        ret = -EINVAL;
 114        if (datalen == 0) {
 115                /* make the keyring available by name if it has one */
 116                keyring_publish_name(keyring);
 117                ret = 0;
 118        }
 119
 120        return ret;
 121
 122} /* end keyring_instantiate() */
 123
 124/*****************************************************************************/
 125/*
 126 * match keyrings on their name
 127 */
 128static int keyring_match(const struct key *keyring, const void *description)
 129{
 130        return keyring->description &&
 131                strcmp(keyring->description, description) == 0;
 132
 133} /* end keyring_match() */
 134
 135/*****************************************************************************/
 136/*
 137 * dispose of the data dangling from the corpse of a keyring
 138 */
 139static void keyring_destroy(struct key *keyring)
 140{
 141        struct keyring_list *klist;
 142        int loop;
 143
 144        if (keyring->description) {
 145                write_lock(&keyring_name_lock);
 146
 147                if (keyring->type_data.link.next != NULL &&
 148                    !list_empty(&keyring->type_data.link))
 149                        list_del(&keyring->type_data.link);
 150
 151                write_unlock(&keyring_name_lock);
 152        }
 153
 154        klist = rcu_dereference(keyring->payload.subscriptions);
 155        if (klist) {
 156                for (loop = klist->nkeys - 1; loop >= 0; loop--)
 157                        key_put(klist->keys[loop]);
 158                kfree(klist);
 159        }
 160
 161} /* end keyring_destroy() */
 162
 163/*****************************************************************************/
 164/*
 165 * describe the keyring
 166 */
 167static void keyring_describe(const struct key *keyring, struct seq_file *m)
 168{
 169        struct keyring_list *klist;
 170
 171        if (keyring->description) {
 172                seq_puts(m, keyring->description);
 173        }
 174        else {
 175                seq_puts(m, "[anon]");
 176        }
 177
 178        rcu_read_lock();
 179        klist = rcu_dereference(keyring->payload.subscriptions);
 180        if (klist)
 181                seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys);
 182        else
 183                seq_puts(m, ": empty");
 184        rcu_read_unlock();
 185
 186} /* end keyring_describe() */
 187
 188/*****************************************************************************/
 189/*
 190 * read a list of key IDs from the keyring's contents
 191 * - the keyring's semaphore is read-locked
 192 */
 193static long keyring_read(const struct key *keyring,
 194                         char __user *buffer, size_t buflen)
 195{
 196        struct keyring_list *klist;
 197        struct key *key;
 198        size_t qty, tmp;
 199        int loop, ret;
 200
 201        ret = 0;
 202        klist = rcu_dereference(keyring->payload.subscriptions);
 203
 204        if (klist) {
 205                /* calculate how much data we could return */
 206                qty = klist->nkeys * sizeof(key_serial_t);
 207
 208                if (buffer && buflen > 0) {
 209                        if (buflen > qty)
 210                                buflen = qty;
 211
 212                        /* copy the IDs of the subscribed keys into the
 213                         * buffer */
 214                        ret = -EFAULT;
 215
 216                        for (loop = 0; loop < klist->nkeys; loop++) {
 217                                key = klist->keys[loop];
 218
 219                                tmp = sizeof(key_serial_t);
 220                                if (tmp > buflen)
 221                                        tmp = buflen;
 222
 223                                if (copy_to_user(buffer,
 224                                                 &key->serial,
 225                                                 tmp) != 0)
 226                                        goto error;
 227
 228                                buflen -= tmp;
 229                                if (buflen == 0)
 230                                        break;
 231                                buffer += tmp;
 232                        }
 233                }
 234
 235                ret = qty;
 236        }
 237
 238 error:
 239        return ret;
 240
 241} /* end keyring_read() */
 242
 243/*****************************************************************************/
 244/*
 245 * allocate a keyring and link into the destination keyring
 246 */
 247struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
 248                          const struct cred *cred, unsigned long flags,
 249                          struct key *dest)
 250{
 251        struct key *keyring;
 252        int ret;
 253
 254        keyring = key_alloc(&key_type_keyring, description,
 255                            uid, gid, cred,
 256                            (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL,
 257                            flags);
 258
 259        if (!IS_ERR(keyring)) {
 260                ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);
 261                if (ret < 0) {
 262                        key_put(keyring);
 263                        keyring = ERR_PTR(ret);
 264                }
 265        }
 266
 267        return keyring;
 268
 269} /* end keyring_alloc() */
 270
 271/*****************************************************************************/
 272/*
 273 * search the supplied keyring tree for a key that matches the criterion
 274 * - perform a breadth-then-depth search up to the prescribed limit
 275 * - we only find keys on which we have search permission
 276 * - we use the supplied match function to see if the description (or other
 277 *   feature of interest) matches
 278 * - we rely on RCU to prevent the keyring lists from disappearing on us
 279 * - we return -EAGAIN if we didn't find any matching key
 280 * - we return -ENOKEY if we only found negative matching keys
 281 * - we propagate the possession attribute from the keyring ref to the key ref
 282 */
 283key_ref_t keyring_search_aux(key_ref_t keyring_ref,
 284                             const struct cred *cred,
 285                             struct key_type *type,
 286                             const void *description,
 287                             key_match_func_t match)
 288{
 289        struct {
 290                struct keyring_list *keylist;
 291                int kix;
 292        } stack[KEYRING_SEARCH_MAX_DEPTH];
 293
 294        struct keyring_list *keylist;
 295        struct timespec now;
 296        unsigned long possessed, kflags;
 297        struct key *keyring, *key;
 298        key_ref_t key_ref;
 299        long err;
 300        int sp, kix;
 301
 302        keyring = key_ref_to_ptr(keyring_ref);
 303        possessed = is_key_possessed(keyring_ref);
 304        key_check(keyring);
 305
 306        /* top keyring must have search permission to begin the search */
 307        err = key_task_permission(keyring_ref, cred, KEY_SEARCH);
 308        if (err < 0) {
 309                key_ref = ERR_PTR(err);
 310                goto error;
 311        }
 312
 313        key_ref = ERR_PTR(-ENOTDIR);
 314        if (keyring->type != &key_type_keyring)
 315                goto error;
 316
 317        rcu_read_lock();
 318
 319        now = current_kernel_time();
 320        err = -EAGAIN;
 321        sp = 0;
 322
 323        /* firstly we should check to see if this top-level keyring is what we
 324         * are looking for */
 325        key_ref = ERR_PTR(-EAGAIN);
 326        kflags = keyring->flags;
 327        if (keyring->type == type && match(keyring, description)) {
 328                key = keyring;
 329
 330                /* check it isn't negative and hasn't expired or been
 331                 * revoked */
 332                if (kflags & (1 << KEY_FLAG_REVOKED))
 333                        goto error_2;
 334                if (key->expiry && now.tv_sec >= key->expiry)
 335                        goto error_2;
 336                key_ref = ERR_PTR(-ENOKEY);
 337                if (kflags & (1 << KEY_FLAG_NEGATIVE))
 338                        goto error_2;
 339                goto found;
 340        }
 341
 342        /* otherwise, the top keyring must not be revoked, expired, or
 343         * negatively instantiated if we are to search it */
 344        key_ref = ERR_PTR(-EAGAIN);
 345        if (kflags & ((1 << KEY_FLAG_REVOKED) | (1 << KEY_FLAG_NEGATIVE)) ||
 346            (keyring->expiry && now.tv_sec >= keyring->expiry))
 347                goto error_2;
 348
 349        /* start processing a new keyring */
 350descend:
 351        if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
 352                goto not_this_keyring;
 353
 354        keylist = rcu_dereference(keyring->payload.subscriptions);
 355        if (!keylist)
 356                goto not_this_keyring;
 357
 358        /* iterate through the keys in this keyring first */
 359        for (kix = 0; kix < keylist->nkeys; kix++) {
 360                key = keylist->keys[kix];
 361                kflags = key->flags;
 362
 363                /* ignore keys not of this type */
 364                if (key->type != type)
 365                        continue;
 366
 367                /* skip revoked keys and expired keys */
 368                if (kflags & (1 << KEY_FLAG_REVOKED))
 369                        continue;
 370
 371                if (key->expiry && now.tv_sec >= key->expiry)
 372                        continue;
 373
 374                /* keys that don't match */
 375                if (!match(key, description))
 376                        continue;
 377
 378                /* key must have search permissions */
 379                if (key_task_permission(make_key_ref(key, possessed),
 380                                        cred, KEY_SEARCH) < 0)
 381                        continue;
 382
 383                /* we set a different error code if we pass a negative key */
 384                if (kflags & (1 << KEY_FLAG_NEGATIVE)) {
 385                        err = -ENOKEY;
 386                        continue;
 387                }
 388
 389                goto found;
 390        }
 391
 392        /* search through the keyrings nested in this one */
 393        kix = 0;
 394ascend:
 395        for (; kix < keylist->nkeys; kix++) {
 396                key = keylist->keys[kix];
 397                if (key->type != &key_type_keyring)
 398                        continue;
 399
 400                /* recursively search nested keyrings
 401                 * - only search keyrings for which we have search permission
 402                 */
 403                if (sp >= KEYRING_SEARCH_MAX_DEPTH)
 404                        continue;
 405
 406                if (key_task_permission(make_key_ref(key, possessed),
 407                                        cred, KEY_SEARCH) < 0)
 408                        continue;
 409
 410                /* stack the current position */
 411                stack[sp].keylist = keylist;
 412                stack[sp].kix = kix;
 413                sp++;
 414
 415                /* begin again with the new keyring */
 416                keyring = key;
 417                goto descend;
 418        }
 419
 420        /* the keyring we're looking at was disqualified or didn't contain a
 421         * matching key */
 422not_this_keyring:
 423        if (sp > 0) {
 424                /* resume the processing of a keyring higher up in the tree */
 425                sp--;
 426                keylist = stack[sp].keylist;
 427                kix = stack[sp].kix + 1;
 428                goto ascend;
 429        }
 430
 431        key_ref = ERR_PTR(err);
 432        goto error_2;
 433
 434        /* we found a viable match */
 435found:
 436        atomic_inc(&key->usage);
 437        key_check(key);
 438        key_ref = make_key_ref(key, possessed);
 439error_2:
 440        rcu_read_unlock();
 441error:
 442        return key_ref;
 443
 444} /* end keyring_search_aux() */
 445
 446/*****************************************************************************/
 447/*
 448 * search the supplied keyring tree for a key that matches the criterion
 449 * - perform a breadth-then-depth search up to the prescribed limit
 450 * - we only find keys on which we have search permission
 451 * - we readlock the keyrings as we search down the tree
 452 * - we return -EAGAIN if we didn't find any matching key
 453 * - we return -ENOKEY if we only found negative matching keys
 454 */
 455key_ref_t keyring_search(key_ref_t keyring,
 456                         struct key_type *type,
 457                         const char *description)
 458{
 459        if (!type->match)
 460                return ERR_PTR(-ENOKEY);
 461
 462        return keyring_search_aux(keyring, current->cred,
 463                                  type, description, type->match);
 464
 465} /* end keyring_search() */
 466
 467EXPORT_SYMBOL(keyring_search);
 468
 469/*****************************************************************************/
 470/*
 471 * search the given keyring only (no recursion)
 472 * - keyring must be locked by caller
 473 * - caller must guarantee that the keyring is a keyring
 474 */
 475key_ref_t __keyring_search_one(key_ref_t keyring_ref,
 476                               const struct key_type *ktype,
 477                               const char *description,
 478                               key_perm_t perm)
 479{
 480        struct keyring_list *klist;
 481        unsigned long possessed;
 482        struct key *keyring, *key;
 483        int loop;
 484
 485        keyring = key_ref_to_ptr(keyring_ref);
 486        possessed = is_key_possessed(keyring_ref);
 487
 488        rcu_read_lock();
 489
 490        klist = rcu_dereference(keyring->payload.subscriptions);
 491        if (klist) {
 492                for (loop = 0; loop < klist->nkeys; loop++) {
 493                        key = klist->keys[loop];
 494
 495                        if (key->type == ktype &&
 496                            (!key->type->match ||
 497                             key->type->match(key, description)) &&
 498                            key_permission(make_key_ref(key, possessed),
 499                                           perm) == 0 &&
 500                            !test_bit(KEY_FLAG_REVOKED, &key->flags)
 501                            )
 502                                goto found;
 503                }
 504        }
 505
 506        rcu_read_unlock();
 507        return ERR_PTR(-ENOKEY);
 508
 509 found:
 510        atomic_inc(&key->usage);
 511        rcu_read_unlock();
 512        return make_key_ref(key, possessed);
 513
 514} /* end __keyring_search_one() */
 515
 516/*****************************************************************************/
 517/*
 518 * find a keyring with the specified name
 519 * - all named keyrings are searched
 520 * - normally only finds keyrings with search permission for the current process
 521 */
 522struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
 523{
 524        struct key *keyring;
 525        int bucket;
 526
 527        keyring = ERR_PTR(-EINVAL);
 528        if (!name)
 529                goto error;
 530
 531        bucket = keyring_hash(name);
 532
 533        read_lock(&keyring_name_lock);
 534
 535        if (keyring_name_hash[bucket].next) {
 536                /* search this hash bucket for a keyring with a matching name
 537                 * that's readable and that hasn't been revoked */
 538                list_for_each_entry(keyring,
 539                                    &keyring_name_hash[bucket],
 540                                    type_data.link
 541                                    ) {
 542                        if (keyring->user->user_ns != current_user_ns())
 543                                continue;
 544
 545                        if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
 546                                continue;
 547
 548                        if (strcmp(keyring->description, name) != 0)
 549                                continue;
 550
 551                        if (!skip_perm_check &&
 552                            key_permission(make_key_ref(keyring, 0),
 553                                           KEY_SEARCH) < 0)
 554                                continue;
 555
 556                        /* we've got a match */
 557                        atomic_inc(&keyring->usage);
 558                        read_unlock(&keyring_name_lock);
 559                        goto error;
 560                }
 561        }
 562
 563        read_unlock(&keyring_name_lock);
 564        keyring = ERR_PTR(-ENOKEY);
 565
 566 error:
 567        return keyring;
 568
 569} /* end find_keyring_by_name() */
 570
 571/*****************************************************************************/
 572/*
 573 * see if a cycle will will be created by inserting acyclic tree B in acyclic
 574 * tree A at the topmost level (ie: as a direct child of A)
 575 * - since we are adding B to A at the top level, checking for cycles should
 576 *   just be a matter of seeing if node A is somewhere in tree B
 577 */
 578static int keyring_detect_cycle(struct key *A, struct key *B)
 579{
 580        struct {
 581                struct keyring_list *keylist;
 582                int kix;
 583        } stack[KEYRING_SEARCH_MAX_DEPTH];
 584
 585        struct keyring_list *keylist;
 586        struct key *subtree, *key;
 587        int sp, kix, ret;
 588
 589        rcu_read_lock();
 590
 591        ret = -EDEADLK;
 592        if (A == B)
 593                goto cycle_detected;
 594
 595        subtree = B;
 596        sp = 0;
 597
 598        /* start processing a new keyring */
 599 descend:
 600        if (test_bit(KEY_FLAG_REVOKED, &subtree->flags))
 601                goto not_this_keyring;
 602
 603        keylist = rcu_dereference(subtree->payload.subscriptions);
 604        if (!keylist)
 605                goto not_this_keyring;
 606        kix = 0;
 607
 608 ascend:
 609        /* iterate through the remaining keys in this keyring */
 610        for (; kix < keylist->nkeys; kix++) {
 611                key = keylist->keys[kix];
 612
 613                if (key == A)
 614                        goto cycle_detected;
 615
 616                /* recursively check nested keyrings */
 617                if (key->type == &key_type_keyring) {
 618                        if (sp >= KEYRING_SEARCH_MAX_DEPTH)
 619                                goto too_deep;
 620
 621                        /* stack the current position */
 622                        stack[sp].keylist = keylist;
 623                        stack[sp].kix = kix;
 624                        sp++;
 625
 626                        /* begin again with the new keyring */
 627                        subtree = key;
 628                        goto descend;
 629                }
 630        }
 631
 632        /* the keyring we're looking at was disqualified or didn't contain a
 633         * matching key */
 634 not_this_keyring:
 635        if (sp > 0) {
 636                /* resume the checking of a keyring higher up in the tree */
 637                sp--;
 638                keylist = stack[sp].keylist;
 639                kix = stack[sp].kix + 1;
 640                goto ascend;
 641        }
 642
 643        ret = 0; /* no cycles detected */
 644
 645 error:
 646        rcu_read_unlock();
 647        return ret;
 648
 649 too_deep:
 650        ret = -ELOOP;
 651        goto error;
 652
 653 cycle_detected:
 654        ret = -EDEADLK;
 655        goto error;
 656
 657} /* end keyring_detect_cycle() */
 658
 659/*****************************************************************************/
 660/*
 661 * dispose of a keyring list after the RCU grace period
 662 */
 663static void keyring_link_rcu_disposal(struct rcu_head *rcu)
 664{
 665        struct keyring_list *klist =
 666                container_of(rcu, struct keyring_list, rcu);
 667
 668        kfree(klist);
 669
 670} /* end keyring_link_rcu_disposal() */
 671
 672/*****************************************************************************/
 673/*
 674 * dispose of a keyring list after the RCU grace period, freeing the unlinked
 675 * key
 676 */
 677static void keyring_unlink_rcu_disposal(struct rcu_head *rcu)
 678{
 679        struct keyring_list *klist =
 680                container_of(rcu, struct keyring_list, rcu);
 681
 682        key_put(klist->keys[klist->delkey]);
 683        kfree(klist);
 684
 685} /* end keyring_unlink_rcu_disposal() */
 686
 687/*****************************************************************************/
 688/*
 689 * link a key into to a keyring
 690 * - must be called with the keyring's semaphore write-locked
 691 * - discard already extant link to matching key if there is one
 692 */
 693int __key_link(struct key *keyring, struct key *key)
 694{
 695        struct keyring_list *klist, *nklist;
 696        unsigned max;
 697        size_t size;
 698        int loop, ret;
 699
 700        ret = -EKEYREVOKED;
 701        if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
 702                goto error;
 703
 704        ret = -ENOTDIR;
 705        if (keyring->type != &key_type_keyring)
 706                goto error;
 707
 708        /* serialise link/link calls to prevent parallel calls causing a
 709         * cycle when applied to two keyring in opposite orders */
 710        down_write(&keyring_serialise_link_sem);
 711
 712        /* check that we aren't going to create a cycle adding one keyring to
 713         * another */
 714        if (key->type == &key_type_keyring) {
 715                ret = keyring_detect_cycle(keyring, key);
 716                if (ret < 0)
 717                        goto error2;
 718        }
 719
 720        /* see if there's a matching key we can displace */
 721        klist = keyring->payload.subscriptions;
 722
 723        if (klist && klist->nkeys > 0) {
 724                struct key_type *type = key->type;
 725
 726                for (loop = klist->nkeys - 1; loop >= 0; loop--) {
 727                        if (klist->keys[loop]->type == type &&
 728                            strcmp(klist->keys[loop]->description,
 729                                   key->description) == 0
 730                            ) {
 731                                /* found a match - replace with new key */
 732                                size = sizeof(struct key *) * klist->maxkeys;
 733                                size += sizeof(*klist);
 734                                BUG_ON(size > PAGE_SIZE);
 735
 736                                ret = -ENOMEM;
 737                                nklist = kmemdup(klist, size, GFP_KERNEL);
 738                                if (!nklist)
 739                                        goto error2;
 740
 741                                /* replace matched key */
 742                                atomic_inc(&key->usage);
 743                                nklist->keys[loop] = key;
 744
 745                                rcu_assign_pointer(
 746                                        keyring->payload.subscriptions,
 747                                        nklist);
 748
 749                                /* dispose of the old keyring list and the
 750                                 * displaced key */
 751                                klist->delkey = loop;
 752                                call_rcu(&klist->rcu,
 753                                         keyring_unlink_rcu_disposal);
 754
 755                                goto done;
 756                        }
 757                }
 758        }
 759
 760        /* check that we aren't going to overrun the user's quota */
 761        ret = key_payload_reserve(keyring,
 762                                  keyring->datalen + KEYQUOTA_LINK_BYTES);
 763        if (ret < 0)
 764                goto error2;
 765
 766        klist = keyring->payload.subscriptions;
 767
 768        if (klist && klist->nkeys < klist->maxkeys) {
 769                /* there's sufficient slack space to add directly */
 770                atomic_inc(&key->usage);
 771
 772                klist->keys[klist->nkeys] = key;
 773                smp_wmb();
 774                klist->nkeys++;
 775                smp_wmb();
 776        }
 777        else {
 778                /* grow the key list */
 779                max = 4;
 780                if (klist)
 781                        max += klist->maxkeys;
 782
 783                ret = -ENFILE;
 784                if (max > 65535)
 785                        goto error3;
 786                size = sizeof(*klist) + sizeof(struct key *) * max;
 787                if (size > PAGE_SIZE)
 788                        goto error3;
 789
 790                ret = -ENOMEM;
 791                nklist = kmalloc(size, GFP_KERNEL);
 792                if (!nklist)
 793                        goto error3;
 794                nklist->maxkeys = max;
 795                nklist->nkeys = 0;
 796
 797                if (klist) {
 798                        nklist->nkeys = klist->nkeys;
 799                        memcpy(nklist->keys,
 800                               klist->keys,
 801                               sizeof(struct key *) * klist->nkeys);
 802                }
 803
 804                /* add the key into the new space */
 805                atomic_inc(&key->usage);
 806                nklist->keys[nklist->nkeys++] = key;
 807
 808                rcu_assign_pointer(keyring->payload.subscriptions, nklist);
 809
 810                /* dispose of the old keyring list */
 811                if (klist)
 812                        call_rcu(&klist->rcu, keyring_link_rcu_disposal);
 813        }
 814
 815done:
 816        ret = 0;
 817error2:
 818        up_write(&keyring_serialise_link_sem);
 819error:
 820        return ret;
 821
 822error3:
 823        /* undo the quota changes */
 824        key_payload_reserve(keyring,
 825                            keyring->datalen - KEYQUOTA_LINK_BYTES);
 826        goto error2;
 827
 828} /* end __key_link() */
 829
 830/*****************************************************************************/
 831/*
 832 * link a key to a keyring
 833 */
 834int key_link(struct key *keyring, struct key *key)
 835{
 836        int ret;
 837
 838        key_check(keyring);
 839        key_check(key);
 840
 841        down_write(&keyring->sem);
 842        ret = __key_link(keyring, key);
 843        up_write(&keyring->sem);
 844
 845        return ret;
 846
 847} /* end key_link() */
 848
 849EXPORT_SYMBOL(key_link);
 850
 851/*****************************************************************************/
 852/*
 853 * unlink the first link to a key from a keyring
 854 */
 855int key_unlink(struct key *keyring, struct key *key)
 856{
 857        struct keyring_list *klist, *nklist;
 858        int loop, ret;
 859
 860        key_check(keyring);
 861        key_check(key);
 862
 863        ret = -ENOTDIR;
 864        if (keyring->type != &key_type_keyring)
 865                goto error;
 866
 867        down_write(&keyring->sem);
 868
 869        klist = keyring->payload.subscriptions;
 870        if (klist) {
 871                /* search the keyring for the key */
 872                for (loop = 0; loop < klist->nkeys; loop++)
 873                        if (klist->keys[loop] == key)
 874                                goto key_is_present;
 875        }
 876
 877        up_write(&keyring->sem);
 878        ret = -ENOENT;
 879        goto error;
 880
 881key_is_present:
 882        /* we need to copy the key list for RCU purposes */
 883        nklist = kmalloc(sizeof(*klist) +
 884                         sizeof(struct key *) * klist->maxkeys,
 885                         GFP_KERNEL);
 886        if (!nklist)
 887                goto nomem;
 888        nklist->maxkeys = klist->maxkeys;
 889        nklist->nkeys = klist->nkeys - 1;
 890
 891        if (loop > 0)
 892                memcpy(&nklist->keys[0],
 893                       &klist->keys[0],
 894                       loop * sizeof(struct key *));
 895
 896        if (loop < nklist->nkeys)
 897                memcpy(&nklist->keys[loop],
 898                       &klist->keys[loop + 1],
 899                       (nklist->nkeys - loop) * sizeof(struct key *));
 900
 901        /* adjust the user's quota */
 902        key_payload_reserve(keyring,
 903                            keyring->datalen - KEYQUOTA_LINK_BYTES);
 904
 905        rcu_assign_pointer(keyring->payload.subscriptions, nklist);
 906
 907        up_write(&keyring->sem);
 908
 909        /* schedule for later cleanup */
 910        klist->delkey = loop;
 911        call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
 912
 913        ret = 0;
 914
 915error:
 916        return ret;
 917nomem:
 918        ret = -ENOMEM;
 919        up_write(&keyring->sem);
 920        goto error;
 921
 922} /* end key_unlink() */
 923
 924EXPORT_SYMBOL(key_unlink);
 925
 926/*****************************************************************************/
 927/*
 928 * dispose of a keyring list after the RCU grace period, releasing the keys it
 929 * links to
 930 */
 931static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
 932{
 933        struct keyring_list *klist;
 934        int loop;
 935
 936        klist = container_of(rcu, struct keyring_list, rcu);
 937
 938        for (loop = klist->nkeys - 1; loop >= 0; loop--)
 939                key_put(klist->keys[loop]);
 940
 941        kfree(klist);
 942
 943} /* end keyring_clear_rcu_disposal() */
 944
 945/*****************************************************************************/
 946/*
 947 * clear the specified process keyring
 948 * - implements keyctl(KEYCTL_CLEAR)
 949 */
 950int keyring_clear(struct key *keyring)
 951{
 952        struct keyring_list *klist;
 953        int ret;
 954
 955        ret = -ENOTDIR;
 956        if (keyring->type == &key_type_keyring) {
 957                /* detach the pointer block with the locks held */
 958                down_write(&keyring->sem);
 959
 960                klist = keyring->payload.subscriptions;
 961                if (klist) {
 962                        /* adjust the quota */
 963                        key_payload_reserve(keyring,
 964                                            sizeof(struct keyring_list));
 965
 966                        rcu_assign_pointer(keyring->payload.subscriptions,
 967                                           NULL);
 968                }
 969
 970                up_write(&keyring->sem);
 971
 972                /* free the keys after the locks have been dropped */
 973                if (klist)
 974                        call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
 975
 976                ret = 0;
 977        }
 978
 979        return ret;
 980
 981} /* end keyring_clear() */
 982
 983EXPORT_SYMBOL(keyring_clear);
 984
 985/*****************************************************************************/
 986/*
 987 * dispose of the links from a revoked keyring
 988 * - called with the key sem write-locked
 989 */
 990static void keyring_revoke(struct key *keyring)
 991{
 992        struct keyring_list *klist = keyring->payload.subscriptions;
 993
 994        /* adjust the quota */
 995        key_payload_reserve(keyring, 0);
 996
 997        if (klist) {
 998                rcu_assign_pointer(keyring->payload.subscriptions, NULL);
 999                call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1000        }

1001
1002} /* end keyring_revoke() */
1003