keys: make the keyring quotas controllable through /proc/sys

Make the keyring quotas controllable through /proc/sys files:

 (*) /proc/sys/kernel/keys/root_maxkeys
     /proc/sys/kernel/keys/root_maxbytes

     Maximum number of keys that root may have and the maximum total number of
     bytes of data that root may have stored in those keys.

 (*) /proc/sys/kernel/keys/maxkeys
     /proc/sys/kernel/keys/maxbytes

     Maximum number of keys that each non-root user may have and the maximum
     total number of bytes of data that each of those users may have stored in
     their keys.

Also increase the quotas as a number of people have been complaining that it's
not big enough.  I'm not sure that it's big enough now either, but on the
other hand, it can now be set in /etc/sysctl.conf.

Signed-off-by: David Howells <dhowells@redhat.com>
Cc: <kwc@citi.umich.edu>
Cc: <arunsr@cse.iitk.ac.in>
Cc: <dwalsh@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

1 files changed, 18 insertions, 5 deletions

diff --git a/security/keys/key.c b/security/keys/key.c
index 46f125aa7fa3..14948cf83ef6 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -27,6 +27,11 @@ DEFINE_SPINLOCK(key_serial_lock);
 struct rb_root  key_user_tree; /* tree of quota records indexed by UID */
 DEFINE_SPINLOCK(key_user_lock);
 
+unsigned int key_quota_root_maxkeys = 200;      /* root's key count quota */
+unsigned int key_quota_root_maxbytes = 20000;   /* root's key space quota */
+unsigned int key_quota_maxkeys = 200;           /* general key count quota */
+unsigned int key_quota_maxbytes = 20000;        /* general key space quota */
+
 static LIST_HEAD(key_types_list);
 static DECLARE_RWSEM(key_types_sem);
 
@@ -236,11 +241,16 @@ struct key *key_alloc(struct key_type *type, const char *desc,
         /* check that the user's quota permits allocation of another key and
          * its description */
         if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
+                unsigned maxkeys = (uid == 0) ?
+                        key_quota_root_maxkeys : key_quota_maxkeys;
+                unsigned maxbytes = (uid == 0) ?
+                        key_quota_root_maxbytes : key_quota_maxbytes;
+
                 spin_lock(&user->lock);
                 if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) {
-                        if (user->qnkeys + 1 >= KEYQUOTA_MAX_KEYS ||
-                            user->qnbytes + quotalen >= KEYQUOTA_MAX_BYTES
-                            )
+                        if (user->qnkeys + 1 >= maxkeys ||
+                            user->qnbytes + quotalen >= maxbytes ||
+                            user->qnbytes + quotalen < user->qnbytes)
                                 goto no_quota;
                 }
 
@@ -345,11 +355,14 @@ int key_payload_reserve(struct key *key, size_t datalen)
 
         /* contemplate the quota adjustment */
         if (delta != 0 && test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
+                unsigned maxbytes = (key->user->uid == 0) ?
+                        key_quota_root_maxbytes : key_quota_maxbytes;
+
                 spin_lock(&key->user->lock);
 
                 if (delta > 0 &&
-                    key->user->qnbytes + delta > KEYQUOTA_MAX_BYTES
-                    ) {
+                    (key->user->qnbytes + delta >= maxbytes ||
+                     key->user->qnbytes + delta < key->user->qnbytes)) {
                         ret = -EDQUOT;
                 }
                 else {