aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-04-29 04:01:32 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2008-04-29 11:06:17 -0400
commit0b77f5bfb45c13e1e5142374f9d6ca75292252a4 (patch)
treecf62055536d267e9a4abe6518e5d9f683a1ceb75
parent69664cf16af4f31cd54d77948a4baf9c7e0ca7b9 (diff)
keys: make the keyring quotas controllable through /proc/sys
Make the keyring quotas controllable through /proc/sys files: (*) /proc/sys/kernel/keys/root_maxkeys /proc/sys/kernel/keys/root_maxbytes Maximum number of keys that root may have and the maximum total number of bytes of data that root may have stored in those keys. (*) /proc/sys/kernel/keys/maxkeys /proc/sys/kernel/keys/maxbytes Maximum number of keys that each non-root user may have and the maximum total number of bytes of data that each of those users may have stored in their keys. Also increase the quotas as a number of people have been complaining that it's not big enough. I'm not sure that it's big enough now either, but on the other hand, it can now be set in /etc/sysctl.conf. Signed-off-by: David Howells <dhowells@redhat.com> Cc: <kwc@citi.umich.edu> Cc: <arunsr@cse.iitk.ac.in> Cc: <dwalsh@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--Documentation/keys.txt24
-rw-r--r--include/linux/key.h5
-rw-r--r--kernel/sysctl.c9
-rw-r--r--security/keys/Makefile1
-rw-r--r--security/keys/internal.h14
-rw-r--r--security/keys/key.c23
-rw-r--r--security/keys/keyctl.c12
-rw-r--r--security/keys/proc.c9
-rw-r--r--security/keys/sysctl.c50
9 files changed, 131 insertions, 16 deletions
diff --git a/Documentation/keys.txt b/Documentation/keys.txt
index be424b02437d..d5c7a57d1700 100644
--- a/Documentation/keys.txt
+++ b/Documentation/keys.txt
@@ -170,7 +170,8 @@ The key service provides a number of features besides keys:
170 amount of description and payload space that can be consumed. 170 amount of description and payload space that can be consumed.
171 171
172 The user can view information on this and other statistics through procfs 172 The user can view information on this and other statistics through procfs
173 files. 173 files. The root user may also alter the quota limits through sysctl files
174 (see the section "New procfs files").
174 175
175 Process-specific and thread-specific keyrings are not counted towards a 176 Process-specific and thread-specific keyrings are not counted towards a
176 user's quota. 177 user's quota.
@@ -329,6 +330,27 @@ about the status of the key service:
329 <bytes>/<max> Key size quota 330 <bytes>/<max> Key size quota
330 331
331 332
333Four new sysctl files have been added also for the purpose of controlling the
334quota limits on keys:
335
336 (*) /proc/sys/kernel/keys/root_maxkeys
337 /proc/sys/kernel/keys/root_maxbytes
338
339 These files hold the maximum number of keys that root may have and the
340 maximum total number of bytes of data that root may have stored in those
341 keys.
342
343 (*) /proc/sys/kernel/keys/maxkeys
344 /proc/sys/kernel/keys/maxbytes
345
346 These files hold the maximum number of keys that each non-root user may
347 have and the maximum total number of bytes of data that each of those
348 users may have stored in their keys.
349
350Root may alter these by writing each new limit as a decimal number string to
351the appropriate file.
352
353
332=============================== 354===============================
333USERSPACE SYSTEM CALL INTERFACE 355USERSPACE SYSTEM CALL INTERFACE
334=============================== 356===============================
diff --git a/include/linux/key.h b/include/linux/key.h
index 2effd031a817..ad02d9cfe170 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -19,6 +19,7 @@
19#include <linux/list.h> 19#include <linux/list.h>
20#include <linux/rbtree.h> 20#include <linux/rbtree.h>
21#include <linux/rcupdate.h> 21#include <linux/rcupdate.h>
22#include <linux/sysctl.h>
22#include <asm/atomic.h> 23#include <asm/atomic.h>
23 24
24#ifdef __KERNEL__ 25#ifdef __KERNEL__
@@ -265,6 +266,10 @@ extern struct key *key_lookup(key_serial_t id);
265 266
266#define key_serial(key) ((key) ? (key)->serial : 0) 267#define key_serial(key) ((key) ? (key)->serial : 0)
267 268
269#ifdef CONFIG_SYSCTL
270extern ctl_table key_sysctls[];
271#endif
272
268/* 273/*
269 * the userspace interface 274 * the userspace interface
270 */ 275 */
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index fd3364827ccf..0a1d2733cf41 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -38,6 +38,7 @@
38#include <linux/writeback.h> 38#include <linux/writeback.h>
39#include <linux/hugetlb.h> 39#include <linux/hugetlb.h>
40#include <linux/initrd.h> 40#include <linux/initrd.h>
41#include <linux/key.h>
41#include <linux/times.h> 42#include <linux/times.h>
42#include <linux/limits.h> 43#include <linux/limits.h>
43#include <linux/dcache.h> 44#include <linux/dcache.h>
@@ -809,6 +810,14 @@ static struct ctl_table kern_table[] = {
809 .proc_handler = &proc_dostring, 810 .proc_handler = &proc_dostring,
810 .strategy = &sysctl_string, 811 .strategy = &sysctl_string,
811 }, 812 },
813#ifdef CONFIG_KEYS
814 {
815 .ctl_name = CTL_UNNUMBERED,
816 .procname = "keys",
817 .mode = 0555,
818 .child = key_sysctls,
819 },
820#endif
812/* 821/*
813 * NOTE: do not add new entries to this table unless you have read 822 * NOTE: do not add new entries to this table unless you have read
814 * Documentation/sysctl/ctl_unnumbered.txt 823 * Documentation/sysctl/ctl_unnumbered.txt
diff --git a/security/keys/Makefile b/security/keys/Makefile
index 5145adfb6a05..747a464943af 100644
--- a/security/keys/Makefile
+++ b/security/keys/Makefile
@@ -14,3 +14,4 @@ obj-y := \
14 14
15obj-$(CONFIG_KEYS_COMPAT) += compat.o 15obj-$(CONFIG_KEYS_COMPAT) += compat.o
16obj-$(CONFIG_PROC_FS) += proc.o 16obj-$(CONFIG_PROC_FS) += proc.o
17obj-$(CONFIG_SYSCTL) += sysctl.o
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 2ab38854c47f..8c05587f5018 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -57,10 +57,6 @@ struct key_user {
57 int qnbytes; /* number of bytes allocated to this user */ 57 int qnbytes; /* number of bytes allocated to this user */
58}; 58};
59 59
60#define KEYQUOTA_MAX_KEYS 100
61#define KEYQUOTA_MAX_BYTES 10000
62#define KEYQUOTA_LINK_BYTES 4 /* a link in a keyring is worth 4 bytes */
63
64extern struct rb_root key_user_tree; 60extern struct rb_root key_user_tree;
65extern spinlock_t key_user_lock; 61extern spinlock_t key_user_lock;
66extern struct key_user root_key_user; 62extern struct key_user root_key_user;
@@ -68,6 +64,16 @@ extern struct key_user root_key_user;
68extern struct key_user *key_user_lookup(uid_t uid); 64extern struct key_user *key_user_lookup(uid_t uid);
69extern void key_user_put(struct key_user *user); 65extern void key_user_put(struct key_user *user);
70 66
67/*
68 * key quota limits
69 * - root has its own separate limits to everyone else
70 */
71extern unsigned key_quota_root_maxkeys;
72extern unsigned key_quota_root_maxbytes;
73extern unsigned key_quota_maxkeys;
74extern unsigned key_quota_maxbytes;
75
76#define KEYQUOTA_LINK_BYTES 4 /* a link in a keyring is worth 4 bytes */
71 77
72 78
73extern struct rb_root key_serial_tree; 79extern struct rb_root key_serial_tree;
diff --git a/security/keys/key.c b/security/keys/key.c
index 46f125aa7fa3..14948cf83ef6 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -27,6 +27,11 @@ DEFINE_SPINLOCK(key_serial_lock);
27struct rb_root key_user_tree; /* tree of quota records indexed by UID */ 27struct rb_root key_user_tree; /* tree of quota records indexed by UID */
28DEFINE_SPINLOCK(key_user_lock); 28DEFINE_SPINLOCK(key_user_lock);
29 29
30unsigned int key_quota_root_maxkeys = 200; /* root's key count quota */
31unsigned int key_quota_root_maxbytes = 20000; /* root's key space quota */
32unsigned int key_quota_maxkeys = 200; /* general key count quota */
33unsigned int key_quota_maxbytes = 20000; /* general key space quota */
34
30static LIST_HEAD(key_types_list); 35static LIST_HEAD(key_types_list);
31static DECLARE_RWSEM(key_types_sem); 36static DECLARE_RWSEM(key_types_sem);
32 37
@@ -236,11 +241,16 @@ struct key *key_alloc(struct key_type *type, const char *desc,
236 /* check that the user's quota permits allocation of another key and 241 /* check that the user's quota permits allocation of another key and
237 * its description */ 242 * its description */
238 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) { 243 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
244 unsigned maxkeys = (uid == 0) ?
245 key_quota_root_maxkeys : key_quota_maxkeys;
246 unsigned maxbytes = (uid == 0) ?
247 key_quota_root_maxbytes : key_quota_maxbytes;
248
239 spin_lock(&user->lock); 249 spin_lock(&user->lock);
240 if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) { 250 if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) {
241 if (user->qnkeys + 1 >= KEYQUOTA_MAX_KEYS || 251 if (user->qnkeys + 1 >= maxkeys ||
242 user->qnbytes + quotalen >= KEYQUOTA_MAX_BYTES 252 user->qnbytes + quotalen >= maxbytes ||
243 ) 253 user->qnbytes + quotalen < user->qnbytes)
244 goto no_quota; 254 goto no_quota;
245 } 255 }
246 256
@@ -345,11 +355,14 @@ int key_payload_reserve(struct key *key, size_t datalen)
345 355
346 /* contemplate the quota adjustment */ 356 /* contemplate the quota adjustment */
347 if (delta != 0 && test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { 357 if (delta != 0 && test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
358 unsigned maxbytes = (key->user->uid == 0) ?
359 key_quota_root_maxbytes : key_quota_maxbytes;
360
348 spin_lock(&key->user->lock); 361 spin_lock(&key->user->lock);
349 362
350 if (delta > 0 && 363 if (delta > 0 &&
351 key->user->qnbytes + delta > KEYQUOTA_MAX_BYTES 364 (key->user->qnbytes + delta >= maxbytes ||
352 ) { 365 key->user->qnbytes + delta < key->user->qnbytes)) {
353 ret = -EDQUOT; 366 ret = -EDQUOT;
354 } 367 }
355 else { 368 else {
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 993be634a5ef..acc9c89e40a8 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -731,10 +731,16 @@ long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
731 731
732 /* transfer the quota burden to the new user */ 732 /* transfer the quota burden to the new user */
733 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { 733 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
734 unsigned maxkeys = (uid == 0) ?
735 key_quota_root_maxkeys : key_quota_maxkeys;
736 unsigned maxbytes = (uid == 0) ?
737 key_quota_root_maxbytes : key_quota_maxbytes;
738
734 spin_lock(&newowner->lock); 739 spin_lock(&newowner->lock);
735 if (newowner->qnkeys + 1 >= KEYQUOTA_MAX_KEYS || 740 if (newowner->qnkeys + 1 >= maxkeys ||
736 newowner->qnbytes + key->quotalen >= 741 newowner->qnbytes + key->quotalen >= maxbytes ||
737 KEYQUOTA_MAX_BYTES) 742 newowner->qnbytes + key->quotalen <
743 newowner->qnbytes)
738 goto quota_overrun; 744 goto quota_overrun;
739 745
740 newowner->qnkeys++; 746 newowner->qnkeys++;
diff --git a/security/keys/proc.c b/security/keys/proc.c
index e54679b848cf..f619170da760 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -242,6 +242,10 @@ static int proc_key_users_show(struct seq_file *m, void *v)
242{ 242{
243 struct rb_node *_p = v; 243 struct rb_node *_p = v;
244 struct key_user *user = rb_entry(_p, struct key_user, node); 244 struct key_user *user = rb_entry(_p, struct key_user, node);
245 unsigned maxkeys = (user->uid == 0) ?
246 key_quota_root_maxkeys : key_quota_maxkeys;
247 unsigned maxbytes = (user->uid == 0) ?
248 key_quota_root_maxbytes : key_quota_maxbytes;
245 249
246 seq_printf(m, "%5u: %5d %d/%d %d/%d %d/%d\n", 250 seq_printf(m, "%5u: %5d %d/%d %d/%d %d/%d\n",
247 user->uid, 251 user->uid,
@@ -249,10 +253,9 @@ static int proc_key_users_show(struct seq_file *m, void *v)
249 atomic_read(&user->nkeys), 253 atomic_read(&user->nkeys),
250 atomic_read(&user->nikeys), 254 atomic_read(&user->nikeys),
251 user->qnkeys, 255 user->qnkeys,
252 KEYQUOTA_MAX_KEYS, 256 maxkeys,
253 user->qnbytes, 257 user->qnbytes,
254 KEYQUOTA_MAX_BYTES 258 maxbytes);
255 );
256 259
257 return 0; 260 return 0;
258 261
diff --git a/security/keys/sysctl.c b/security/keys/sysctl.c
new file mode 100644
index 000000000000..b611d493c2d8
--- /dev/null
+++ b/security/keys/sysctl.c
@@ -0,0 +1,50 @@
1/* Key management controls
2 *
3 * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#include <linux/key.h>
13#include <linux/sysctl.h>
14#include "internal.h"
15
16ctl_table key_sysctls[] = {
17 {
18 .ctl_name = CTL_UNNUMBERED,
19 .procname = "maxkeys",
20 .data = &key_quota_maxkeys,
21 .maxlen = sizeof(unsigned),
22 .mode = 0644,
23 .proc_handler = &proc_dointvec,
24 },
25 {
26 .ctl_name = CTL_UNNUMBERED,
27 .procname = "maxbytes",
28 .data = &key_quota_maxbytes,
29 .maxlen = sizeof(unsigned),
30 .mode = 0644,
31 .proc_handler = &proc_dointvec,
32 },
33 {
34 .ctl_name = CTL_UNNUMBERED,
35 .procname = "root_maxkeys",
36 .data = &key_quota_root_maxkeys,
37 .maxlen = sizeof(unsigned),
38 .mode = 0644,
39 .proc_handler = &proc_dointvec,
40 },
41 {
42 .ctl_name = CTL_UNNUMBERED,
43 .procname = "root_maxbytes",
44 .data = &key_quota_root_maxbytes,
45 .maxlen = sizeof(unsigned),
46 .mode = 0644,
47 .proc_handler = &proc_dointvec,
48 },
49 { .ctl_name = 0 }
50};