aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Documentation/assoc_array.txt574
-rw-r--r--Documentation/devicetree/bindings/i2c/trivial-devices.txt3
-rw-r--r--Documentation/kernel-parameters.txt11
-rw-r--r--Documentation/security/00-INDEX2
-rw-r--r--Documentation/security/IMA-templates.txt87
-rw-r--r--Documentation/security/keys.txt20
-rw-r--r--MAINTAINERS4
-rw-r--r--crypto/Kconfig3
-rw-r--r--crypto/Makefile1
-rw-r--r--crypto/asymmetric_keys/Kconfig4
-rw-r--r--crypto/asymmetric_keys/asymmetric_type.c1
-rw-r--r--crypto/asymmetric_keys/public_key.c66
-rw-r--r--crypto/asymmetric_keys/public_key.h6
-rw-r--r--crypto/asymmetric_keys/rsa.c14
-rw-r--r--crypto/asymmetric_keys/x509_cert_parser.c35
-rw-r--r--crypto/asymmetric_keys/x509_parser.h18
-rw-r--r--crypto/asymmetric_keys/x509_public_key.c232
-rw-r--r--crypto/hash_info.c56
-rw-r--r--drivers/char/tpm/Kconfig37
-rw-r--r--drivers/char/tpm/Makefile11
-rw-r--r--drivers/char/tpm/tpm-interface.c (renamed from drivers/char/tpm/tpm.c)138
-rw-r--r--drivers/char/tpm/tpm.h3
-rw-r--r--drivers/char/tpm/tpm_atmel.c2
-rw-r--r--drivers/char/tpm/tpm_eventlog.c3
-rw-r--r--drivers/char/tpm/tpm_i2c_atmel.c284
-rw-r--r--drivers/char/tpm/tpm_i2c_infineon.c4
-rw-r--r--drivers/char/tpm/tpm_i2c_nuvoton.c710
-rw-r--r--drivers/char/tpm/tpm_i2c_stm_st33.c12
-rw-r--r--drivers/char/tpm/tpm_ibmvtpm.c6
-rw-r--r--drivers/char/tpm/tpm_ppi.c4
-rw-r--r--drivers/char/tpm/tpm_tis.c2
-rw-r--r--drivers/char/tpm/xen-tpmfront.c2
-rw-r--r--include/crypto/hash_info.h40
-rw-r--r--include/crypto/public_key.h25
-rw-r--r--include/keys/big_key-type.h25
-rw-r--r--include/keys/keyring-type.h17
-rw-r--r--include/keys/system_keyring.h23
-rw-r--r--include/linux/assoc_array.h92
-rw-r--r--include/linux/assoc_array_priv.h182
-rw-r--r--include/linux/key-type.h6
-rw-r--r--include/linux/key.h52
-rw-r--r--include/linux/security.h26
-rw-r--r--include/linux/user_namespace.h6
-rw-r--r--include/uapi/linux/hash_info.h37
-rw-r--r--include/uapi/linux/keyctl.h1
-rw-r--r--init/Kconfig13
-rw-r--r--kernel/Makefile50
-rw-r--r--kernel/modsign_certificate.S12
-rw-r--r--kernel/modsign_pubkey.c104
-rw-r--r--kernel/module-internal.h2
-rw-r--r--kernel/module_signing.c11
-rw-r--r--kernel/system_certificates.S10
-rw-r--r--kernel/system_keyring.c105
-rw-r--r--kernel/user.c4
-rw-r--r--kernel/user_namespace.c6
-rw-r--r--lib/Kconfig14
-rw-r--r--lib/Makefile1
-rw-r--r--lib/assoc_array.c1746
-rw-r--r--lib/mpi/mpiutil.c3
-rw-r--r--scripts/asn1_compiler.c2
-rw-r--r--security/Makefile1
-rw-r--r--security/apparmor/audit.c14
-rw-r--r--security/apparmor/capability.c15
-rw-r--r--security/apparmor/domain.c16
-rw-r--r--security/apparmor/include/audit.h1
-rw-r--r--security/apparmor/include/capability.h5
-rw-r--r--security/apparmor/include/ipc.h4
-rw-r--r--security/apparmor/ipc.c9
-rw-r--r--security/apparmor/lsm.c2
-rw-r--r--security/capability.c15
-rw-r--r--security/integrity/digsig.c37
-rw-r--r--security/integrity/digsig_asymmetric.c11
-rw-r--r--security/integrity/evm/evm_main.c4
-rw-r--r--security/integrity/evm/evm_posix_acl.c3
-rw-r--r--security/integrity/iint.c2
-rw-r--r--security/integrity/ima/Kconfig72
-rw-r--r--security/integrity/ima/Makefile2
-rw-r--r--security/integrity/ima/ima.h101
-rw-r--r--security/integrity/ima/ima_api.c136
-rw-r--r--security/integrity/ima/ima_appraise.c117
-rw-r--r--security/integrity/ima/ima_crypto.c134
-rw-r--r--security/integrity/ima/ima_fs.c67
-rw-r--r--security/integrity/ima/ima_init.c37
-rw-r--r--security/integrity/ima/ima_main.c63
-rw-r--r--security/integrity/ima/ima_policy.c1
-rw-r--r--security/integrity/ima/ima_queue.c10
-rw-r--r--security/integrity/ima/ima_template.c178
-rw-r--r--security/integrity/ima/ima_template_lib.c347
-rw-r--r--security/integrity/ima/ima_template_lib.h49
-rw-r--r--security/integrity/integrity.h47
-rw-r--r--security/keys/Kconfig29
-rw-r--r--security/keys/Makefile2
-rw-r--r--security/keys/big_key.c207
-rw-r--r--security/keys/compat.c3
-rw-r--r--security/keys/gc.c47
-rw-r--r--security/keys/internal.h74
-rw-r--r--security/keys/key.c102
-rw-r--r--security/keys/keyctl.c3
-rw-r--r--security/keys/keyring.c1536
-rw-r--r--security/keys/persistent.c167
-rw-r--r--security/keys/proc.c17
-rw-r--r--security/keys/process_keys.c141
-rw-r--r--security/keys/request_key.c60
-rw-r--r--security/keys/request_key_auth.c31
-rw-r--r--security/keys/sysctl.c11
-rw-r--r--security/keys/user_defined.c18
-rw-r--r--security/security.c13
-rw-r--r--security/selinux/hooks.c146
-rw-r--r--security/selinux/include/objsec.h4
-rw-r--r--security/selinux/include/security.h13
-rw-r--r--security/selinux/include/xfrm.h45
-rw-r--r--security/selinux/netlabel.c6
-rw-r--r--security/selinux/netnode.c2
-rw-r--r--security/selinux/selinuxfs.c4
-rw-r--r--security/selinux/ss/ebitmap.c20
-rw-r--r--security/selinux/ss/ebitmap.h10
-rw-r--r--security/selinux/ss/mls.c22
-rw-r--r--security/selinux/ss/mls_types.h2
-rw-r--r--security/selinux/ss/policydb.c3
-rw-r--r--security/selinux/ss/services.c66
-rw-r--r--security/selinux/xfrm.c453
-rw-r--r--security/smack/smack.h12
-rw-r--r--security/smack/smack_access.c10
-rw-r--r--security/smack/smack_lsm.c11
-rw-r--r--security/smack/smackfs.c10
125 files changed, 7712 insertions, 2058 deletions
diff --git a/Documentation/assoc_array.txt b/Documentation/assoc_array.txt
new file mode 100644
index 000000000000..f4faec0f66e4
--- /dev/null
+++ b/Documentation/assoc_array.txt
@@ -0,0 +1,574 @@
1 ========================================
2 GENERIC ASSOCIATIVE ARRAY IMPLEMENTATION
3 ========================================
4
5Contents:
6
7 - Overview.
8
9 - The public API.
10 - Edit script.
11 - Operations table.
12 - Manipulation functions.
13 - Access functions.
14 - Index key form.
15
16 - Internal workings.
17 - Basic internal tree layout.
18 - Shortcuts.
19 - Splitting and collapsing nodes.
20 - Non-recursive iteration.
21 - Simultaneous alteration and iteration.
22
23
24========
25OVERVIEW
26========
27
28This associative array implementation is an object container with the following
29properties:
30
31 (1) Objects are opaque pointers. The implementation does not care where they
32 point (if anywhere) or what they point to (if anything).
33
34 [!] NOTE: Pointers to objects _must_ be zero in the least significant bit.
35
36 (2) Objects do not need to contain linkage blocks for use by the array. This
37 permits an object to be located in multiple arrays simultaneously.
38 Rather, the array is made up of metadata blocks that point to objects.
39
40 (3) Objects require index keys to locate them within the array.
41
42 (4) Index keys must be unique. Inserting an object with the same key as one
43 already in the array will replace the old object.
44
45 (5) Index keys can be of any length and can be of different lengths.
46
47 (6) Index keys should encode the length early on, before any variation due to
48 length is seen.
49
50 (7) Index keys can include a hash to scatter objects throughout the array.
51
52 (8) The array can iterated over. The objects will not necessarily come out in
53 key order.
54
55 (9) The array can be iterated over whilst it is being modified, provided the
56 RCU readlock is being held by the iterator. Note, however, under these
57 circumstances, some objects may be seen more than once. If this is a
58 problem, the iterator should lock against modification. Objects will not
59 be missed, however, unless deleted.
60
61(10) Objects in the array can be looked up by means of their index key.
62
63(11) Objects can be looked up whilst the array is being modified, provided the
64 RCU readlock is being held by the thread doing the look up.
65
66The implementation uses a tree of 16-pointer nodes internally that are indexed
67on each level by nibbles from the index key in the same manner as in a radix
68tree. To improve memory efficiency, shortcuts can be emplaced to skip over
69what would otherwise be a series of single-occupancy nodes. Further, nodes
70pack leaf object pointers into spare space in the node rather than making an
71extra branch until as such time an object needs to be added to a full node.
72
73
74==============
75THE PUBLIC API
76==============
77
78The public API can be found in <linux/assoc_array.h>. The associative array is
79rooted on the following structure:
80
81 struct assoc_array {
82 ...
83 };
84
85The code is selected by enabling CONFIG_ASSOCIATIVE_ARRAY.
86
87
88EDIT SCRIPT
89-----------
90
91The insertion and deletion functions produce an 'edit script' that can later be
92applied to effect the changes without risking ENOMEM. This retains the
93preallocated metadata blocks that will be installed in the internal tree and
94keeps track of the metadata blocks that will be removed from the tree when the
95script is applied.
96
97This is also used to keep track of dead blocks and dead objects after the
98script has been applied so that they can be freed later. The freeing is done
99after an RCU grace period has passed - thus allowing access functions to
100proceed under the RCU read lock.
101
102The script appears as outside of the API as a pointer of the type:
103
104 struct assoc_array_edit;
105
106There are two functions for dealing with the script:
107
108 (1) Apply an edit script.
109
110 void assoc_array_apply_edit(struct assoc_array_edit *edit);
111
112 This will perform the edit functions, interpolating various write barriers
113 to permit accesses under the RCU read lock to continue. The edit script
114 will then be passed to call_rcu() to free it and any dead stuff it points
115 to.
116
117 (2) Cancel an edit script.
118
119 void assoc_array_cancel_edit(struct assoc_array_edit *edit);
120
121 This frees the edit script and all preallocated memory immediately. If
122 this was for insertion, the new object is _not_ released by this function,
123 but must rather be released by the caller.
124
125These functions are guaranteed not to fail.
126
127
128OPERATIONS TABLE
129----------------
130
131Various functions take a table of operations:
132
133 struct assoc_array_ops {
134 ...
135 };
136
137This points to a number of methods, all of which need to be provided:
138
139 (1) Get a chunk of index key from caller data:
140
141 unsigned long (*get_key_chunk)(const void *index_key, int level);
142
143 This should return a chunk of caller-supplied index key starting at the
144 *bit* position given by the level argument. The level argument will be a
145 multiple of ASSOC_ARRAY_KEY_CHUNK_SIZE and the function should return
146 ASSOC_ARRAY_KEY_CHUNK_SIZE bits. No error is possible.
147
148
149 (2) Get a chunk of an object's index key.
150
151 unsigned long (*get_object_key_chunk)(const void *object, int level);
152
153 As the previous function, but gets its data from an object in the array
154 rather than from a caller-supplied index key.
155
156
157 (3) See if this is the object we're looking for.
158
159 bool (*compare_object)(const void *object, const void *index_key);
160
161 Compare the object against an index key and return true if it matches and
162 false if it doesn't.
163
164
165 (4) Diff the index keys of two objects.
166
167 int (*diff_objects)(const void *a, const void *b);
168
169 Return the bit position at which the index keys of two objects differ or
170 -1 if they are the same.
171
172
173 (5) Free an object.
174
175 void (*free_object)(void *object);
176
177 Free the specified object. Note that this may be called an RCU grace
178 period after assoc_array_apply_edit() was called, so synchronize_rcu() may
179 be necessary on module unloading.
180
181
182MANIPULATION FUNCTIONS
183----------------------
184
185There are a number of functions for manipulating an associative array:
186
187 (1) Initialise an associative array.
188
189 void assoc_array_init(struct assoc_array *array);
190
191 This initialises the base structure for an associative array. It can't
192 fail.
193
194
195 (2) Insert/replace an object in an associative array.
196
197 struct assoc_array_edit *
198 assoc_array_insert(struct assoc_array *array,
199 const struct assoc_array_ops *ops,
200 const void *index_key,
201 void *object);
202
203 This inserts the given object into the array. Note that the least
204 significant bit of the pointer must be zero as it's used to type-mark
205 pointers internally.
206
207 If an object already exists for that key then it will be replaced with the
208 new object and the old one will be freed automatically.
209
210 The index_key argument should hold index key information and is
211 passed to the methods in the ops table when they are called.
212
213 This function makes no alteration to the array itself, but rather returns
214 an edit script that must be applied. -ENOMEM is returned in the case of
215 an out-of-memory error.
216
217 The caller should lock exclusively against other modifiers of the array.
218
219
220 (3) Delete an object from an associative array.
221
222 struct assoc_array_edit *
223 assoc_array_delete(struct assoc_array *array,
224 const struct assoc_array_ops *ops,
225 const void *index_key);
226
227 This deletes an object that matches the specified data from the array.
228
229 The index_key argument should hold index key information and is
230 passed to the methods in the ops table when they are called.
231
232 This function makes no alteration to the array itself, but rather returns
233 an edit script that must be applied. -ENOMEM is returned in the case of
234 an out-of-memory error. NULL will be returned if the specified object is
235 not found within the array.
236
237 The caller should lock exclusively against other modifiers of the array.
238
239
240 (4) Delete all objects from an associative array.
241
242 struct assoc_array_edit *
243 assoc_array_clear(struct assoc_array *array,
244 const struct assoc_array_ops *ops);
245
246 This deletes all the objects from an associative array and leaves it
247 completely empty.
248
249 This function makes no alteration to the array itself, but rather returns
250 an edit script that must be applied. -ENOMEM is returned in the case of
251 an out-of-memory error.
252
253 The caller should lock exclusively against other modifiers of the array.
254
255
256 (5) Destroy an associative array, deleting all objects.
257
258 void assoc_array_destroy(struct assoc_array *array,
259 const struct assoc_array_ops *ops);
260
261 This destroys the contents of the associative array and leaves it
262 completely empty. It is not permitted for another thread to be traversing
263 the array under the RCU read lock at the same time as this function is
264 destroying it as no RCU deferral is performed on memory release -
265 something that would require memory to be allocated.
266
267 The caller should lock exclusively against other modifiers and accessors
268 of the array.
269
270
271 (6) Garbage collect an associative array.
272
273 int assoc_array_gc(struct assoc_array *array,
274 const struct assoc_array_ops *ops,
275 bool (*iterator)(void *object, void *iterator_data),
276 void *iterator_data);
277
278 This iterates over the objects in an associative array and passes each one
279 to iterator(). If iterator() returns true, the object is kept. If it
280 returns false, the object will be freed. If the iterator() function
281 returns true, it must perform any appropriate refcount incrementing on the
282 object before returning.
283
284 The internal tree will be packed down if possible as part of the iteration
285 to reduce the number of nodes in it.
286
287 The iterator_data is passed directly to iterator() and is otherwise
288 ignored by the function.
289
290 The function will return 0 if successful and -ENOMEM if there wasn't
291 enough memory.
292
293 It is possible for other threads to iterate over or search the array under
294 the RCU read lock whilst this function is in progress. The caller should
295 lock exclusively against other modifiers of the array.
296
297
298ACCESS FUNCTIONS
299----------------
300
301There are two functions for accessing an associative array:
302
303 (1) Iterate over all the objects in an associative array.
304
305 int assoc_array_iterate(const struct assoc_array *array,
306 int (*iterator)(const void *object,
307 void *iterator_data),
308 void *iterator_data);
309
310 This passes each object in the array to the iterator callback function.
311 iterator_data is private data for that function.
312
313 This may be used on an array at the same time as the array is being
314 modified, provided the RCU read lock is held. Under such circumstances,
315 it is possible for the iteration function to see some objects twice. If
316 this is a problem, then modification should be locked against. The
317 iteration algorithm should not, however, miss any objects.
318
319 The function will return 0 if no objects were in the array or else it will
320 return the result of the last iterator function called. Iteration stops
321 immediately if any call to the iteration function results in a non-zero
322 return.
323
324
325 (2) Find an object in an associative array.
326
327 void *assoc_array_find(const struct assoc_array *array,
328 const struct assoc_array_ops *ops,
329 const void *index_key);
330
331 This walks through the array's internal tree directly to the object
332 specified by the index key..
333
334 This may be used on an array at the same time as the array is being
335 modified, provided the RCU read lock is held.
336
337 The function will return the object if found (and set *_type to the object
338 type) or will return NULL if the object was not found.
339
340
341INDEX KEY FORM
342--------------
343
344The index key can be of any form, but since the algorithms aren't told how long
345the key is, it is strongly recommended that the index key includes its length
346very early on before any variation due to the length would have an effect on
347comparisons.
348
349This will cause leaves with different length keys to scatter away from each
350other - and those with the same length keys to cluster together.
351
352It is also recommended that the index key begin with a hash of the rest of the
353key to maximise scattering throughout keyspace.
354
355The better the scattering, the wider and lower the internal tree will be.
356
357Poor scattering isn't too much of a problem as there are shortcuts and nodes
358can contain mixtures of leaves and metadata pointers.
359
360The index key is read in chunks of machine word. Each chunk is subdivided into
361one nibble (4 bits) per level, so on a 32-bit CPU this is good for 8 levels and
362on a 64-bit CPU, 16 levels. Unless the scattering is really poor, it is
363unlikely that more than one word of any particular index key will have to be
364used.
365
366
367=================
368INTERNAL WORKINGS
369=================
370
371The associative array data structure has an internal tree. This tree is
372constructed of two types of metadata blocks: nodes and shortcuts.
373
374A node is an array of slots. Each slot can contain one of four things:
375
376 (*) A NULL pointer, indicating that the slot is empty.
377
378 (*) A pointer to an object (a leaf).
379
380 (*) A pointer to a node at the next level.
381
382 (*) A pointer to a shortcut.
383
384
385BASIC INTERNAL TREE LAYOUT
386--------------------------
387
388Ignoring shortcuts for the moment, the nodes form a multilevel tree. The index
389key space is strictly subdivided by the nodes in the tree and nodes occur on
390fixed levels. For example:
391
392 Level: 0 1 2 3
393 =============== =============== =============== ===============
394 NODE D
395 NODE B NODE C +------>+---+
396 +------>+---+ +------>+---+ | | 0 |
397 NODE A | | 0 | | | 0 | | +---+
398 +---+ | +---+ | +---+ | : :
399 | 0 | | : : | : : | +---+
400 +---+ | +---+ | +---+ | | f |
401 | 1 |---+ | 3 |---+ | 7 |---+ +---+
402 +---+ +---+ +---+
403 : : : : | 8 |---+
404 +---+ +---+ +---+ | NODE E
405 | e |---+ | f | : : +------>+---+
406 +---+ | +---+ +---+ | 0 |
407 | f | | | f | +---+
408 +---+ | +---+ : :
409 | NODE F +---+
410 +------>+---+ | f |
411 | 0 | NODE G +---+
412 +---+ +------>+---+
413 : : | | 0 |
414 +---+ | +---+
415 | 6 |---+ : :
416 +---+ +---+
417 : : | f |
418 +---+ +---+
419 | f |
420 +---+
421
422In the above example, there are 7 nodes (A-G), each with 16 slots (0-f).
423Assuming no other meta data nodes in the tree, the key space is divided thusly:
424
425 KEY PREFIX NODE
426 ========== ====
427 137* D
428 138* E
429 13[0-69-f]* C
430 1[0-24-f]* B
431 e6* G
432 e[0-57-f]* F
433 [02-df]* A
434
435So, for instance, keys with the following example index keys will be found in
436the appropriate nodes:
437
438 INDEX KEY PREFIX NODE
439 =============== ======= ====
440 13694892892489 13 C
441 13795289025897 137 D
442 13889dde88793 138 E
443 138bbb89003093 138 E
444 1394879524789 12 C
445 1458952489 1 B
446 9431809de993ba - A
447 b4542910809cd - A
448 e5284310def98 e F
449 e68428974237 e6 G
450 e7fffcbd443 e F
451 f3842239082 - A
452
453To save memory, if a node can hold all the leaves in its portion of keyspace,
454then the node will have all those leaves in it and will not have any metadata
455pointers - even if some of those leaves would like to be in the same slot.
456
457A node can contain a heterogeneous mix of leaves and metadata pointers.
458Metadata pointers must be in the slots that match their subdivisions of key
459space. The leaves can be in any slot not occupied by a metadata pointer. It
460is guaranteed that none of the leaves in a node will match a slot occupied by a
461metadata pointer. If the metadata pointer is there, any leaf whose key matches
462the metadata key prefix must be in the subtree that the metadata pointer points
463to.
464
465In the above example list of index keys, node A will contain:
466
467 SLOT CONTENT INDEX KEY (PREFIX)
468 ==== =============== ==================
469 1 PTR TO NODE B 1*
470 any LEAF 9431809de993ba
471 any LEAF b4542910809cd
472 e PTR TO NODE F e*
473 any LEAF f3842239082
474
475and node B:
476
477 3 PTR TO NODE C 13*
478 any LEAF 1458952489
479
480
481SHORTCUTS
482---------
483
484Shortcuts are metadata records that jump over a piece of keyspace. A shortcut
485is a replacement for a series of single-occupancy nodes ascending through the
486levels. Shortcuts exist to save memory and to speed up traversal.
487
488It is possible for the root of the tree to be a shortcut - say, for example,
489the tree contains at least 17 nodes all with key prefix '1111'. The insertion
490algorithm will insert a shortcut to skip over the '1111' keyspace in a single
491bound and get to the fourth level where these actually become different.
492
493
494SPLITTING AND COLLAPSING NODES
495------------------------------
496
497Each node has a maximum capacity of 16 leaves and metadata pointers. If the
498insertion algorithm finds that it is trying to insert a 17th object into a
499node, that node will be split such that at least two leaves that have a common
500key segment at that level end up in a separate node rooted on that slot for
501that common key segment.
502
503If the leaves in a full node and the leaf that is being inserted are
504sufficiently similar, then a shortcut will be inserted into the tree.
505
506When the number of objects in the subtree rooted at a node falls to 16 or
507fewer, then the subtree will be collapsed down to a single node - and this will
508ripple towards the root if possible.
509
510
511NON-RECURSIVE ITERATION
512-----------------------
513
514Each node and shortcut contains a back pointer to its parent and the number of
515slot in that parent that points to it. None-recursive iteration uses these to
516proceed rootwards through the tree, going to the parent node, slot N + 1 to
517make sure progress is made without the need for a stack.
518
519The backpointers, however, make simultaneous alteration and iteration tricky.
520
521
522SIMULTANEOUS ALTERATION AND ITERATION
523-------------------------------------
524
525There are a number of cases to consider:
526
527 (1) Simple insert/replace. This involves simply replacing a NULL or old
528 matching leaf pointer with the pointer to the new leaf after a barrier.
529 The metadata blocks don't change otherwise. An old leaf won't be freed
530 until after the RCU grace period.
531
532 (2) Simple delete. This involves just clearing an old matching leaf. The
533 metadata blocks don't change otherwise. The old leaf won't be freed until
534 after the RCU grace period.
535
536 (3) Insertion replacing part of a subtree that we haven't yet entered. This
537 may involve replacement of part of that subtree - but that won't affect
538 the iteration as we won't have reached the pointer to it yet and the
539 ancestry blocks are not replaced (the layout of those does not change).
540
541 (4) Insertion replacing nodes that we're actively processing. This isn't a
542 problem as we've passed the anchoring pointer and won't switch onto the
543 new layout until we follow the back pointers - at which point we've
544 already examined the leaves in the replaced node (we iterate over all the
545 leaves in a node before following any of its metadata pointers).
546
547 We might, however, re-see some leaves that have been split out into a new
548 branch that's in a slot further along than we were at.
549
550 (5) Insertion replacing nodes that we're processing a dependent branch of.
551 This won't affect us until we follow the back pointers. Similar to (4).
552
553 (6) Deletion collapsing a branch under us. This doesn't affect us because the
554 back pointers will get us back to the parent of the new node before we
555 could see the new node. The entire collapsed subtree is thrown away
556 unchanged - and will still be rooted on the same slot, so we shouldn't
557 process it a second time as we'll go back to slot + 1.
558
559Note:
560
561 (*) Under some circumstances, we need to simultaneously change the parent
562 pointer and the parent slot pointer on a node (say, for example, we
563 inserted another node before it and moved it up a level). We cannot do
564 this without locking against a read - so we have to replace that node too.
565
566 However, when we're changing a shortcut into a node this isn't a problem
567 as shortcuts only have one slot and so the parent slot number isn't used
568 when traversing backwards over one. This means that it's okay to change
569 the slot number first - provided suitable barriers are used to make sure
570 the parent slot number is read after the back pointer.
571
572Obsolete blocks and leaves are freed up after an RCU grace period has passed,
573so as long as anyone doing walking or iteration holds the RCU read lock, the
574old superstructure should not go away on them.
diff --git a/Documentation/devicetree/bindings/i2c/trivial-devices.txt b/Documentation/devicetree/bindings/i2c/trivial-devices.txt
index ad6a73852f08..f1fb26eed0e9 100644
--- a/Documentation/devicetree/bindings/i2c/trivial-devices.txt
+++ b/Documentation/devicetree/bindings/i2c/trivial-devices.txt
@@ -15,6 +15,7 @@ adi,adt7461 +/-1C TDM Extended Temp Range I.C
15adt7461 +/-1C TDM Extended Temp Range I.C 15adt7461 +/-1C TDM Extended Temp Range I.C
16at,24c08 i2c serial eeprom (24cxx) 16at,24c08 i2c serial eeprom (24cxx)
17atmel,24c02 i2c serial eeprom (24cxx) 17atmel,24c02 i2c serial eeprom (24cxx)
18atmel,at97sc3204t i2c trusted platform module (TPM)
18catalyst,24c32 i2c serial eeprom 19catalyst,24c32 i2c serial eeprom
19dallas,ds1307 64 x 8, Serial, I2C Real-Time Clock 20dallas,ds1307 64 x 8, Serial, I2C Real-Time Clock
20dallas,ds1338 I2C RTC with 56-Byte NV RAM 21dallas,ds1338 I2C RTC with 56-Byte NV RAM
@@ -44,6 +45,7 @@ mc,rv3029c2 Real Time Clock Module with I2C-Bus
44national,lm75 I2C TEMP SENSOR 45national,lm75 I2C TEMP SENSOR
45national,lm80 Serial Interface ACPI-Compatible Microprocessor System Hardware Monitor 46national,lm80 Serial Interface ACPI-Compatible Microprocessor System Hardware Monitor
46national,lm92 ±0.33°C Accurate, 12-Bit + Sign Temperature Sensor and Thermal Window Comparator with Two-Wire Interface 47national,lm92 ±0.33°C Accurate, 12-Bit + Sign Temperature Sensor and Thermal Window Comparator with Two-Wire Interface
48nuvoton,npct501 i2c trusted platform module (TPM)
47nxp,pca9556 Octal SMBus and I2C registered interface 49nxp,pca9556 Octal SMBus and I2C registered interface
48nxp,pca9557 8-bit I2C-bus and SMBus I/O port with reset 50nxp,pca9557 8-bit I2C-bus and SMBus I/O port with reset
49nxp,pcf8563 Real-time clock/calendar 51nxp,pcf8563 Real-time clock/calendar
@@ -61,3 +63,4 @@ taos,tsl2550 Ambient Light Sensor with SMBUS/Two Wire Serial Interface
61ti,tsc2003 I2C Touch-Screen Controller 63ti,tsc2003 I2C Touch-Screen Controller
62ti,tmp102 Low Power Digital Temperature Sensor with SMBUS/Two Wire Serial Interface 64ti,tmp102 Low Power Digital Temperature Sensor with SMBUS/Two Wire Serial Interface
63ti,tmp275 Digital Temperature Sensor 65ti,tmp275 Digital Temperature Sensor
66winbond,wpct301 i2c trusted platform module (TPM)
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 9ca3e74a10e1..50680a59a2ff 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -1190,15 +1190,24 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
1190 owned by uid=0. 1190 owned by uid=0.
1191 1191
1192 ima_hash= [IMA] 1192 ima_hash= [IMA]
1193 Format: { "sha1" | "md5" } 1193 Format: { md5 | sha1 | rmd160 | sha256 | sha384
1194 | sha512 | ... }
1194 default: "sha1" 1195 default: "sha1"
1195 1196
1197 The list of supported hash algorithms is defined
1198 in crypto/hash_info.h.
1199
1196 ima_tcb [IMA] 1200 ima_tcb [IMA]
1197 Load a policy which meets the needs of the Trusted 1201 Load a policy which meets the needs of the Trusted
1198 Computing Base. This means IMA will measure all 1202 Computing Base. This means IMA will measure all
1199 programs exec'd, files mmap'd for exec, and all files 1203 programs exec'd, files mmap'd for exec, and all files
1200 opened for read by uid=0. 1204 opened for read by uid=0.
1201 1205
1206 ima_template= [IMA]
1207 Select one of defined IMA measurements template formats.
1208 Formats: { "ima" | "ima-ng" }
1209 Default: "ima-ng"
1210
1202 init= [KNL] 1211 init= [KNL]
1203 Format: <full_path> 1212 Format: <full_path>
1204 Run specified binary instead of /sbin/init as init 1213 Run specified binary instead of /sbin/init as init
diff --git a/Documentation/security/00-INDEX b/Documentation/security/00-INDEX
index 414235c1fcfc..45c82fd3e9d3 100644
--- a/Documentation/security/00-INDEX
+++ b/Documentation/security/00-INDEX
@@ -22,3 +22,5 @@ keys.txt
22 - description of the kernel key retention service. 22 - description of the kernel key retention service.
23tomoyo.txt 23tomoyo.txt
24 - documentation on the TOMOYO Linux Security Module. 24 - documentation on the TOMOYO Linux Security Module.
25IMA-templates.txt
26 - documentation on the template management mechanism for IMA.
diff --git a/Documentation/security/IMA-templates.txt b/Documentation/security/IMA-templates.txt
new file mode 100644
index 000000000000..a777e5f1df5b
--- /dev/null
+++ b/Documentation/security/IMA-templates.txt
@@ -0,0 +1,87 @@
1 IMA Template Management Mechanism
2
3
4==== INTRODUCTION ====
5
6The original 'ima' template is fixed length, containing the filedata hash
7and pathname. The filedata hash is limited to 20 bytes (md5/sha1).
8The pathname is a null terminated string, limited to 255 characters.
9To overcome these limitations and to add additional file metadata, it is
10necessary to extend the current version of IMA by defining additional
11templates. For example, information that could be possibly reported are
12the inode UID/GID or the LSM labels either of the inode and of the process
13that is accessing it.
14
15However, the main problem to introduce this feature is that, each time
16a new template is defined, the functions that generate and display
17the measurements list would include the code for handling a new format
18and, thus, would significantly grow over the time.
19
20The proposed solution solves this problem by separating the template
21management from the remaining IMA code. The core of this solution is the
22definition of two new data structures: a template descriptor, to determine
23which information should be included in the measurement list; a template
24field, to generate and display data of a given type.
25
26Managing templates with these structures is very simple. To support
27a new data type, developers define the field identifier and implement
28two functions, init() and show(), respectively to generate and display
29measurement entries. Defining a new template descriptor requires
30specifying the template format, a string of field identifiers separated
31by the '|' character. While in the current implementation it is possible
32to define new template descriptors only by adding their definition in the
33template specific code (ima_template.c), in a future version it will be
34possible to register a new template on a running kernel by supplying to IMA
35the desired format string. In this version, IMA initializes at boot time
36all defined template descriptors by translating the format into an array
37of template fields structures taken from the set of the supported ones.
38
39After the initialization step, IMA will call ima_alloc_init_template()
40(new function defined within the patches for the new template management
41mechanism) to generate a new measurement entry by using the template
42descriptor chosen through the kernel configuration or through the newly
43introduced 'ima_template=' kernel command line parameter. It is during this
44phase that the advantages of the new architecture are clearly shown:
45the latter function will not contain specific code to handle a given template
46but, instead, it simply calls the init() method of the template fields
47associated to the chosen template descriptor and store the result (pointer
48to allocated data and data length) in the measurement entry structure.
49
50The same mechanism is employed to display measurements entries.
51The functions ima[_ascii]_measurements_show() retrieve, for each entry,
52the template descriptor used to produce that entry and call the show()
53method for each item of the array of template fields structures.
54
55
56
57==== SUPPORTED TEMPLATE FIELDS AND DESCRIPTORS ====
58
59In the following, there is the list of supported template fields
60('<identifier>': description), that can be used to define new template
61descriptors by adding their identifier to the format string
62(support for more data types will be added later):
63
64 - 'd': the digest of the event (i.e. the digest of a measured file),
65 calculated with the SHA1 or MD5 hash algorithm;
66 - 'n': the name of the event (i.e. the file name), with size up to 255 bytes;
67 - 'd-ng': the digest of the event, calculated with an arbitrary hash
68 algorithm (field format: [<hash algo>:]digest, where the digest
69 prefix is shown only if the hash algorithm is not SHA1 or MD5);
70 - 'n-ng': the name of the event, without size limitations.
71
72
73Below, there is the list of defined template descriptors:
74 - "ima": its format is 'd|n';
75 - "ima-ng" (default): its format is 'd-ng|n-ng'.
76
77
78
79==== USE ====
80
81To specify the template descriptor to be used to generate measurement entries,
82currently the following methods are supported:
83
84 - select a template descriptor among those supported in the kernel
85 configuration ('ima-ng' is the default choice);
86 - specify a template descriptor name from the kernel command line through
87 the 'ima_template=' parameter.
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index 7b4145d00452..a4c33f1a7c6d 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -865,15 +865,14 @@ encountered:
865 calling processes has a searchable link to the key from one of its 865 calling processes has a searchable link to the key from one of its
866 keyrings. There are three functions for dealing with these: 866 keyrings. There are three functions for dealing with these:
867 867
868 key_ref_t make_key_ref(const struct key *key, 868 key_ref_t make_key_ref(const struct key *key, bool possession);
869 unsigned long possession);
870 869
871 struct key *key_ref_to_ptr(const key_ref_t key_ref); 870 struct key *key_ref_to_ptr(const key_ref_t key_ref);
872 871
873 unsigned long is_key_possessed(const key_ref_t key_ref); 872 bool is_key_possessed(const key_ref_t key_ref);
874 873
875 The first function constructs a key reference from a key pointer and 874 The first function constructs a key reference from a key pointer and
876 possession information (which must be 0 or 1 and not any other value). 875 possession information (which must be true or false).
877 876
878 The second function retrieves the key pointer from a reference and the 877 The second function retrieves the key pointer from a reference and the
879 third retrieves the possession flag. 878 third retrieves the possession flag.
@@ -961,14 +960,17 @@ payload contents" for more information.
961 the argument will not be parsed. 960 the argument will not be parsed.
962 961
963 962
964(*) Extra references can be made to a key by calling the following function: 963(*) Extra references can be made to a key by calling one of the following
964 functions:
965 965
966 struct key *__key_get(struct key *key);
966 struct key *key_get(struct key *key); 967 struct key *key_get(struct key *key);
967 968
968 These need to be disposed of by calling key_put() when they've been 969 Keys so references will need to be disposed of by calling key_put() when
969 finished with. The key pointer passed in will be returned. If the pointer 970 they've been finished with. The key pointer passed in will be returned.
970 is NULL or CONFIG_KEYS is not set then the key will not be dereferenced and 971
971 no increment will take place. 972 In the case of key_get(), if the pointer is NULL or CONFIG_KEYS is not set
973 then the key will not be dereferenced and no increment will take place.
972 974
973 975
974(*) A key's serial number can be obtained by calling: 976(*) A key's serial number can be obtained by calling:
diff --git a/MAINTAINERS b/MAINTAINERS
index 63f30484932b..8d98e54f2bf2 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -7515,9 +7515,10 @@ SELINUX SECURITY MODULE
7515M: Stephen Smalley <sds@tycho.nsa.gov> 7515M: Stephen Smalley <sds@tycho.nsa.gov>
7516M: James Morris <james.l.morris@oracle.com> 7516M: James Morris <james.l.morris@oracle.com>
7517M: Eric Paris <eparis@parisplace.org> 7517M: Eric Paris <eparis@parisplace.org>
7518M: Paul Moore <paul@paul-moore.com>
7518L: selinux@tycho.nsa.gov (subscribers-only, general discussion) 7519L: selinux@tycho.nsa.gov (subscribers-only, general discussion)
7519W: http://selinuxproject.org 7520W: http://selinuxproject.org
7520T: git git://git.infradead.org/users/eparis/selinux.git 7521T: git git://git.infradead.org/users/pcmoore/selinux
7521S: Supported 7522S: Supported
7522F: include/linux/selinux* 7523F: include/linux/selinux*
7523F: security/selinux/ 7524F: security/selinux/
@@ -8664,6 +8665,7 @@ F: drivers/media/usb/tm6000/
8664TPM DEVICE DRIVER 8665TPM DEVICE DRIVER
8665M: Leonidas Da Silva Barbosa <leosilva@linux.vnet.ibm.com> 8666M: Leonidas Da Silva Barbosa <leosilva@linux.vnet.ibm.com>
8666M: Ashley Lai <ashley@ashleylai.com> 8667M: Ashley Lai <ashley@ashleylai.com>
8668M: Peter Huewe <peterhuewe@gmx.de>
8667M: Rajiv Andrade <mail@srajiv.net> 8669M: Rajiv Andrade <mail@srajiv.net>
8668W: http://tpmdd.sourceforge.net 8670W: http://tpmdd.sourceforge.net
8669M: Marcel Selhorst <tpmdd@selhorst.net> 8671M: Marcel Selhorst <tpmdd@selhorst.net>
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 71f337aefa39..4ae5734fb473 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1402,6 +1402,9 @@ config CRYPTO_USER_API_SKCIPHER
1402 This option enables the user-spaces interface for symmetric 1402 This option enables the user-spaces interface for symmetric
1403 key cipher algorithms. 1403 key cipher algorithms.
1404 1404
1405config CRYPTO_HASH_INFO
1406 bool
1407
1405source "drivers/crypto/Kconfig" 1408source "drivers/crypto/Kconfig"
1406source crypto/asymmetric_keys/Kconfig 1409source crypto/asymmetric_keys/Kconfig
1407 1410
diff --git a/crypto/Makefile b/crypto/Makefile
index 80019ba8da3a..b3a7e807e08b 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -104,3 +104,4 @@ obj-$(CONFIG_CRYPTO_USER_API_SKCIPHER) += algif_skcipher.o
104obj-$(CONFIG_XOR_BLOCKS) += xor.o 104obj-$(CONFIG_XOR_BLOCKS) += xor.o
105obj-$(CONFIG_ASYNC_CORE) += async_tx/ 105obj-$(CONFIG_ASYNC_CORE) += async_tx/
106obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys/ 106obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys/
107obj-$(CONFIG_CRYPTO_HASH_INFO) += hash_info.o
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index 6d2c2ea12559..03a6eb95ab50 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -12,6 +12,8 @@ if ASYMMETRIC_KEY_TYPE
12config ASYMMETRIC_PUBLIC_KEY_SUBTYPE 12config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
13 tristate "Asymmetric public-key crypto algorithm subtype" 13 tristate "Asymmetric public-key crypto algorithm subtype"
14 select MPILIB 14 select MPILIB
15 select PUBLIC_KEY_ALGO_RSA
16 select CRYPTO_HASH_INFO
15 help 17 help
16 This option provides support for asymmetric public key type handling. 18 This option provides support for asymmetric public key type handling.
17 If signature generation and/or verification are to be used, 19 If signature generation and/or verification are to be used,
@@ -20,8 +22,8 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
20 22
21config PUBLIC_KEY_ALGO_RSA 23config PUBLIC_KEY_ALGO_RSA
22 tristate "RSA public-key algorithm" 24 tristate "RSA public-key algorithm"
23 depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
24 select MPILIB_EXTRA 25 select MPILIB_EXTRA
26 select MPILIB
25 help 27 help
26 This option enables support for the RSA algorithm (PKCS#1, RFC3447). 28 This option enables support for the RSA algorithm (PKCS#1, RFC3447).
27 29
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index cf807654d221..b77eb5304788 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -209,6 +209,7 @@ struct key_type key_type_asymmetric = {
209 .match = asymmetric_key_match, 209 .match = asymmetric_key_match,
210 .destroy = asymmetric_key_destroy, 210 .destroy = asymmetric_key_destroy,
211 .describe = asymmetric_key_describe, 211 .describe = asymmetric_key_describe,
212 .def_lookup_type = KEYRING_SEARCH_LOOKUP_ITERATE,
212}; 213};
213EXPORT_SYMBOL_GPL(key_type_asymmetric); 214EXPORT_SYMBOL_GPL(key_type_asymmetric);
214 215
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index cb2e29180a87..97eb001960b9 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -22,29 +22,25 @@
22 22
23MODULE_LICENSE("GPL"); 23MODULE_LICENSE("GPL");
24 24
25const char *const pkey_algo[PKEY_ALGO__LAST] = { 25const char *const pkey_algo_name[PKEY_ALGO__LAST] = {
26 [PKEY_ALGO_DSA] = "DSA", 26 [PKEY_ALGO_DSA] = "DSA",
27 [PKEY_ALGO_RSA] = "RSA", 27 [PKEY_ALGO_RSA] = "RSA",
28}; 28};
29EXPORT_SYMBOL_GPL(pkey_algo); 29EXPORT_SYMBOL_GPL(pkey_algo_name);
30 30
31const char *const pkey_hash_algo[PKEY_HASH__LAST] = { 31const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST] = {
32 [PKEY_HASH_MD4] = "md4", 32#if defined(CONFIG_PUBLIC_KEY_ALGO_RSA) || \
33 [PKEY_HASH_MD5] = "md5", 33 defined(CONFIG_PUBLIC_KEY_ALGO_RSA_MODULE)
34 [PKEY_HASH_SHA1] = "sha1", 34 [PKEY_ALGO_RSA] = &RSA_public_key_algorithm,
35 [PKEY_HASH_RIPE_MD_160] = "rmd160", 35#endif
36 [PKEY_HASH_SHA256] = "sha256",
37 [PKEY_HASH_SHA384] = "sha384",
38 [PKEY_HASH_SHA512] = "sha512",
39 [PKEY_HASH_SHA224] = "sha224",
40}; 36};
41EXPORT_SYMBOL_GPL(pkey_hash_algo); 37EXPORT_SYMBOL_GPL(pkey_algo);
42 38
43const char *const pkey_id_type[PKEY_ID_TYPE__LAST] = { 39const char *const pkey_id_type_name[PKEY_ID_TYPE__LAST] = {
44 [PKEY_ID_PGP] = "PGP", 40 [PKEY_ID_PGP] = "PGP",
45 [PKEY_ID_X509] = "X509", 41 [PKEY_ID_X509] = "X509",
46}; 42};
47EXPORT_SYMBOL_GPL(pkey_id_type); 43EXPORT_SYMBOL_GPL(pkey_id_type_name);
48 44
49/* 45/*
50 * Provide a part of a description of the key for /proc/keys. 46 * Provide a part of a description of the key for /proc/keys.
@@ -56,7 +52,7 @@ static void public_key_describe(const struct key *asymmetric_key,
56 52
57 if (key) 53 if (key)
58 seq_printf(m, "%s.%s", 54 seq_printf(m, "%s.%s",
59 pkey_id_type[key->id_type], key->algo->name); 55 pkey_id_type_name[key->id_type], key->algo->name);
60} 56}
61 57
62/* 58/*
@@ -78,21 +74,45 @@ EXPORT_SYMBOL_GPL(public_key_destroy);
78/* 74/*
79 * Verify a signature using a public key. 75 * Verify a signature using a public key.
80 */ 76 */
81static int public_key_verify_signature(const struct key *key, 77int public_key_verify_signature(const struct public_key *pk,
82 const struct public_key_signature *sig) 78 const struct public_key_signature *sig)
83{ 79{
84 const struct public_key *pk = key->payload.data; 80 const struct public_key_algorithm *algo;
81
82 BUG_ON(!pk);
83 BUG_ON(!pk->mpi[0]);
84 BUG_ON(!pk->mpi[1]);
85 BUG_ON(!sig);
86 BUG_ON(!sig->digest);
87 BUG_ON(!sig->mpi[0]);
88
89 algo = pk->algo;
90 if (!algo) {
91 if (pk->pkey_algo >= PKEY_ALGO__LAST)
92 return -ENOPKG;
93 algo = pkey_algo[pk->pkey_algo];
94 if (!algo)
95 return -ENOPKG;
96 }
85 97
86 if (!pk->algo->verify_signature) 98 if (!algo->verify_signature)
87 return -ENOTSUPP; 99 return -ENOTSUPP;
88 100
89 if (sig->nr_mpi != pk->algo->n_sig_mpi) { 101 if (sig->nr_mpi != algo->n_sig_mpi) {
90 pr_debug("Signature has %u MPI not %u\n", 102 pr_debug("Signature has %u MPI not %u\n",
91 sig->nr_mpi, pk->algo->n_sig_mpi); 103 sig->nr_mpi, algo->n_sig_mpi);
92 return -EINVAL; 104 return -EINVAL;
93 } 105 }
94 106
95 return pk->algo->verify_signature(pk, sig); 107 return algo->verify_signature(pk, sig);
108}
109EXPORT_SYMBOL_GPL(public_key_verify_signature);
110
111static int public_key_verify_signature_2(const struct key *key,
112 const struct public_key_signature *sig)
113{
114 const struct public_key *pk = key->payload.data;
115 return public_key_verify_signature(pk, sig);
96} 116}
97 117
98/* 118/*
@@ -103,6 +123,6 @@ struct asymmetric_key_subtype public_key_subtype = {
103 .name = "public_key", 123 .name = "public_key",
104 .describe = public_key_describe, 124 .describe = public_key_describe,
105 .destroy = public_key_destroy, 125 .destroy = public_key_destroy,
106 .verify_signature = public_key_verify_signature, 126 .verify_signature = public_key_verify_signature_2,
107}; 127};
108EXPORT_SYMBOL_GPL(public_key_subtype); 128EXPORT_SYMBOL_GPL(public_key_subtype);
diff --git a/crypto/asymmetric_keys/public_key.h b/crypto/asymmetric_keys/public_key.h
index 5e5e35626899..5c37a22a0637 100644
--- a/crypto/asymmetric_keys/public_key.h
+++ b/crypto/asymmetric_keys/public_key.h
@@ -28,3 +28,9 @@ struct public_key_algorithm {
28}; 28};
29 29
30extern const struct public_key_algorithm RSA_public_key_algorithm; 30extern const struct public_key_algorithm RSA_public_key_algorithm;
31
32/*
33 * public_key.c
34 */
35extern int public_key_verify_signature(const struct public_key *pk,
36 const struct public_key_signature *sig);
diff --git a/crypto/asymmetric_keys/rsa.c b/crypto/asymmetric_keys/rsa.c
index 4a6a0696f8a3..90a17f59ba28 100644
--- a/crypto/asymmetric_keys/rsa.c
+++ b/crypto/asymmetric_keys/rsa.c
@@ -73,13 +73,13 @@ static const struct {
73 size_t size; 73 size_t size;
74} RSA_ASN1_templates[PKEY_HASH__LAST] = { 74} RSA_ASN1_templates[PKEY_HASH__LAST] = {
75#define _(X) { RSA_digest_info_##X, sizeof(RSA_digest_info_##X) } 75#define _(X) { RSA_digest_info_##X, sizeof(RSA_digest_info_##X) }
76 [PKEY_HASH_MD5] = _(MD5), 76 [HASH_ALGO_MD5] = _(MD5),
77 [PKEY_HASH_SHA1] = _(SHA1), 77 [HASH_ALGO_SHA1] = _(SHA1),
78 [PKEY_HASH_RIPE_MD_160] = _(RIPE_MD_160), 78 [HASH_ALGO_RIPE_MD_160] = _(RIPE_MD_160),
79 [PKEY_HASH_SHA256] = _(SHA256), 79 [HASH_ALGO_SHA256] = _(SHA256),
80 [PKEY_HASH_SHA384] = _(SHA384), 80 [HASH_ALGO_SHA384] = _(SHA384),
81 [PKEY_HASH_SHA512] = _(SHA512), 81 [HASH_ALGO_SHA512] = _(SHA512),
82 [PKEY_HASH_SHA224] = _(SHA224), 82 [HASH_ALGO_SHA224] = _(SHA224),
83#undef _ 83#undef _
84}; 84};
85 85
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index facbf26bc6bb..29893162497c 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -47,6 +47,8 @@ void x509_free_certificate(struct x509_certificate *cert)
47 kfree(cert->subject); 47 kfree(cert->subject);
48 kfree(cert->fingerprint); 48 kfree(cert->fingerprint);
49 kfree(cert->authority); 49 kfree(cert->authority);
50 kfree(cert->sig.digest);
51 mpi_free(cert->sig.rsa.s);
50 kfree(cert); 52 kfree(cert);
51 } 53 }
52} 54}
@@ -152,33 +154,33 @@ int x509_note_pkey_algo(void *context, size_t hdrlen,
152 return -ENOPKG; /* Unsupported combination */ 154 return -ENOPKG; /* Unsupported combination */
153 155
154 case OID_md4WithRSAEncryption: 156 case OID_md4WithRSAEncryption:
155 ctx->cert->sig_hash_algo = PKEY_HASH_MD5; 157 ctx->cert->sig.pkey_hash_algo = HASH_ALGO_MD5;
156 ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; 158 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
157 break; 159 break;
158 160
159 case OID_sha1WithRSAEncryption: 161 case OID_sha1WithRSAEncryption:
160 ctx->cert->sig_hash_algo = PKEY_HASH_SHA1; 162 ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA1;
161 ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; 163 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
162 break; 164 break;
163 165
164 case OID_sha256WithRSAEncryption: 166 case OID_sha256WithRSAEncryption:
165 ctx->cert->sig_hash_algo = PKEY_HASH_SHA256; 167 ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA256;
166 ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; 168 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
167 break; 169 break;
168 170
169 case OID_sha384WithRSAEncryption: 171 case OID_sha384WithRSAEncryption:
170 ctx->cert->sig_hash_algo = PKEY_HASH_SHA384; 172 ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA384;
171 ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; 173 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
172 break; 174 break;
173 175
174 case OID_sha512WithRSAEncryption: 176 case OID_sha512WithRSAEncryption:
175 ctx->cert->sig_hash_algo = PKEY_HASH_SHA512; 177 ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA512;
176 ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; 178 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
177 break; 179 break;
178 180
179 case OID_sha224WithRSAEncryption: 181 case OID_sha224WithRSAEncryption:
180 ctx->cert->sig_hash_algo = PKEY_HASH_SHA224; 182 ctx->cert->sig.pkey_hash_algo = HASH_ALGO_SHA224;
181 ctx->cert->sig_pkey_algo = PKEY_ALGO_RSA; 183 ctx->cert->sig.pkey_algo = PKEY_ALGO_RSA;
182 break; 184 break;
183 } 185 }
184 186
@@ -203,8 +205,8 @@ int x509_note_signature(void *context, size_t hdrlen,
203 return -EINVAL; 205 return -EINVAL;
204 } 206 }
205 207
206 ctx->cert->sig = value; 208 ctx->cert->raw_sig = value;
207 ctx->cert->sig_size = vlen; 209 ctx->cert->raw_sig_size = vlen;
208 return 0; 210 return 0;
209} 211}
210 212
@@ -343,8 +345,9 @@ int x509_extract_key_data(void *context, size_t hdrlen,
343 if (ctx->last_oid != OID_rsaEncryption) 345 if (ctx->last_oid != OID_rsaEncryption)
344 return -ENOPKG; 346 return -ENOPKG;
345 347
346 /* There seems to be an extraneous 0 byte on the front of the data */ 348 ctx->cert->pub->pkey_algo = PKEY_ALGO_RSA;
347 ctx->cert->pkey_algo = PKEY_ALGO_RSA; 349
350 /* Discard the BIT STRING metadata */
348 ctx->key = value + 1; 351 ctx->key = value + 1;
349 ctx->key_size = vlen - 1; 352 ctx->key_size = vlen - 1;
350 return 0; 353 return 0;
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
index f86dc5fcc4ad..87d9cc26f630 100644
--- a/crypto/asymmetric_keys/x509_parser.h
+++ b/crypto/asymmetric_keys/x509_parser.h
@@ -9,6 +9,7 @@
9 * 2 of the Licence, or (at your option) any later version. 9 * 2 of the Licence, or (at your option) any later version.
10 */ 10 */
11 11
12#include <linux/time.h>
12#include <crypto/public_key.h> 13#include <crypto/public_key.h>
13 14
14struct x509_certificate { 15struct x509_certificate {
@@ -20,13 +21,11 @@ struct x509_certificate {
20 char *authority; /* Authority key fingerprint as hex */ 21 char *authority; /* Authority key fingerprint as hex */
21 struct tm valid_from; 22 struct tm valid_from;
22 struct tm valid_to; 23 struct tm valid_to;
23 enum pkey_algo pkey_algo : 8; /* Public key algorithm */
24 enum pkey_algo sig_pkey_algo : 8; /* Signature public key algorithm */
25 enum pkey_hash_algo sig_hash_algo : 8; /* Signature hash algorithm */
26 const void *tbs; /* Signed data */ 24 const void *tbs; /* Signed data */
27 size_t tbs_size; /* Size of signed data */ 25 unsigned tbs_size; /* Size of signed data */
28 const void *sig; /* Signature data */ 26 unsigned raw_sig_size; /* Size of sigature */
29 size_t sig_size; /* Size of sigature */ 27 const void *raw_sig; /* Signature data */
28 struct public_key_signature sig; /* Signature parameters */
30}; 29};
31 30
32/* 31/*
@@ -34,3 +33,10 @@ struct x509_certificate {
34 */ 33 */
35extern void x509_free_certificate(struct x509_certificate *cert); 34extern void x509_free_certificate(struct x509_certificate *cert);
36extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen); 35extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen);
36
37/*
38 * x509_public_key.c
39 */
40extern int x509_get_sig_params(struct x509_certificate *cert);
41extern int x509_check_signature(const struct public_key *pub,
42 struct x509_certificate *cert);
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 06007f0e880c..f83300b6e8c1 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -18,85 +18,162 @@
18#include <linux/asn1_decoder.h> 18#include <linux/asn1_decoder.h>
19#include <keys/asymmetric-subtype.h> 19#include <keys/asymmetric-subtype.h>
20#include <keys/asymmetric-parser.h> 20#include <keys/asymmetric-parser.h>
21#include <keys/system_keyring.h>
21#include <crypto/hash.h> 22#include <crypto/hash.h>
22#include "asymmetric_keys.h" 23#include "asymmetric_keys.h"
23#include "public_key.h" 24#include "public_key.h"
24#include "x509_parser.h" 25#include "x509_parser.h"
25 26
26static const 27/*
27struct public_key_algorithm *x509_public_key_algorithms[PKEY_ALGO__LAST] = { 28 * Find a key in the given keyring by issuer and authority.
28 [PKEY_ALGO_DSA] = NULL, 29 */
29#if defined(CONFIG_PUBLIC_KEY_ALGO_RSA) || \ 30static struct key *x509_request_asymmetric_key(
30 defined(CONFIG_PUBLIC_KEY_ALGO_RSA_MODULE) 31 struct key *keyring,
31 [PKEY_ALGO_RSA] = &RSA_public_key_algorithm, 32 const char *signer, size_t signer_len,
32#endif 33 const char *authority, size_t auth_len)
33}; 34{
35 key_ref_t key;
36 char *id;
37
38 /* Construct an identifier. */
39 id = kmalloc(signer_len + 2 + auth_len + 1, GFP_KERNEL);
40 if (!id)
41 return ERR_PTR(-ENOMEM);
42
43 memcpy(id, signer, signer_len);
44 id[signer_len + 0] = ':';
45 id[signer_len + 1] = ' ';
46 memcpy(id + signer_len + 2, authority, auth_len);
47 id[signer_len + 2 + auth_len] = 0;
48
49 pr_debug("Look up: \"%s\"\n", id);
50
51 key = keyring_search(make_key_ref(keyring, 1),
52 &key_type_asymmetric, id);
53 if (IS_ERR(key))
54 pr_debug("Request for module key '%s' err %ld\n",
55 id, PTR_ERR(key));
56 kfree(id);
57
58 if (IS_ERR(key)) {
59 switch (PTR_ERR(key)) {
60 /* Hide some search errors */
61 case -EACCES:
62 case -ENOTDIR:
63 case -EAGAIN:
64 return ERR_PTR(-ENOKEY);
65 default:
66 return ERR_CAST(key);
67 }
68 }
69
70 pr_devel("<==%s() = 0 [%x]\n", __func__, key_serial(key_ref_to_ptr(key)));
71 return key_ref_to_ptr(key);
72}
34 73
35/* 74/*
36 * Check the signature on a certificate using the provided public key 75 * Set up the signature parameters in an X.509 certificate. This involves
76 * digesting the signed data and extracting the signature.
37 */ 77 */
38static int x509_check_signature(const struct public_key *pub, 78int x509_get_sig_params(struct x509_certificate *cert)
39 const struct x509_certificate *cert)
40{ 79{
41 struct public_key_signature *sig;
42 struct crypto_shash *tfm; 80 struct crypto_shash *tfm;
43 struct shash_desc *desc; 81 struct shash_desc *desc;
44 size_t digest_size, desc_size; 82 size_t digest_size, desc_size;
83 void *digest;
45 int ret; 84 int ret;
46 85
47 pr_devel("==>%s()\n", __func__); 86 pr_devel("==>%s()\n", __func__);
48 87
88 if (cert->sig.rsa.s)
89 return 0;
90
91 cert->sig.rsa.s = mpi_read_raw_data(cert->raw_sig, cert->raw_sig_size);
92 if (!cert->sig.rsa.s)
93 return -ENOMEM;
94 cert->sig.nr_mpi = 1;
95
49 /* Allocate the hashing algorithm we're going to need and find out how 96 /* Allocate the hashing algorithm we're going to need and find out how
50 * big the hash operational data will be. 97 * big the hash operational data will be.
51 */ 98 */
52 tfm = crypto_alloc_shash(pkey_hash_algo[cert->sig_hash_algo], 0, 0); 99 tfm = crypto_alloc_shash(hash_algo_name[cert->sig.pkey_hash_algo], 0, 0);
53 if (IS_ERR(tfm)) 100 if (IS_ERR(tfm))
54 return (PTR_ERR(tfm) == -ENOENT) ? -ENOPKG : PTR_ERR(tfm); 101 return (PTR_ERR(tfm) == -ENOENT) ? -ENOPKG : PTR_ERR(tfm);
55 102
56 desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); 103 desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
57 digest_size = crypto_shash_digestsize(tfm); 104 digest_size = crypto_shash_digestsize(tfm);
58 105
59 /* We allocate the hash operational data storage on the end of our 106 /* We allocate the hash operational data storage on the end of the
60 * context data. 107 * digest storage space.
61 */ 108 */
62 ret = -ENOMEM; 109 ret = -ENOMEM;
63 sig = kzalloc(sizeof(*sig) + desc_size + digest_size, GFP_KERNEL); 110 digest = kzalloc(digest_size + desc_size, GFP_KERNEL);
64 if (!sig) 111 if (!digest)
65 goto error_no_sig; 112 goto error;
66 113
67 sig->pkey_hash_algo = cert->sig_hash_algo; 114 cert->sig.digest = digest;
68 sig->digest = (u8 *)sig + sizeof(*sig) + desc_size; 115 cert->sig.digest_size = digest_size;
69 sig->digest_size = digest_size;
70 116
71 desc = (void *)sig + sizeof(*sig); 117 desc = digest + digest_size;
72 desc->tfm = tfm; 118 desc->tfm = tfm;
73 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; 119 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
74 120
75 ret = crypto_shash_init(desc); 121 ret = crypto_shash_init(desc);
76 if (ret < 0) 122 if (ret < 0)
77 goto error; 123 goto error;
124 might_sleep();
125 ret = crypto_shash_finup(desc, cert->tbs, cert->tbs_size, digest);
126error:
127 crypto_free_shash(tfm);
128 pr_devel("<==%s() = %d\n", __func__, ret);
129 return ret;
130}
131EXPORT_SYMBOL_GPL(x509_get_sig_params);
78 132
79 ret = -ENOMEM; 133/*
80 sig->rsa.s = mpi_read_raw_data(cert->sig, cert->sig_size); 134 * Check the signature on a certificate using the provided public key
81 if (!sig->rsa.s) 135 */
82 goto error; 136int x509_check_signature(const struct public_key *pub,
137 struct x509_certificate *cert)
138{
139 int ret;
83 140
84 ret = crypto_shash_finup(desc, cert->tbs, cert->tbs_size, sig->digest); 141 pr_devel("==>%s()\n", __func__);
85 if (ret < 0)
86 goto error_mpi;
87 142
88 ret = pub->algo->verify_signature(pub, sig); 143 ret = x509_get_sig_params(cert);
144 if (ret < 0)
145 return ret;
89 146
147 ret = public_key_verify_signature(pub, &cert->sig);
90 pr_debug("Cert Verification: %d\n", ret); 148 pr_debug("Cert Verification: %d\n", ret);
149 return ret;
150}
151EXPORT_SYMBOL_GPL(x509_check_signature);
91 152
92error_mpi: 153/*
93 mpi_free(sig->rsa.s); 154 * Check the new certificate against the ones in the trust keyring. If one of
94error: 155 * those is the signing key and validates the new certificate, then mark the
95 kfree(sig); 156 * new certificate as being trusted.
96error_no_sig: 157 *
97 crypto_free_shash(tfm); 158 * Return 0 if the new certificate was successfully validated, 1 if we couldn't
159 * find a matching parent certificate in the trusted list and an error if there
160 * is a matching certificate but the signature check fails.
161 */
162static int x509_validate_trust(struct x509_certificate *cert,
163 struct key *trust_keyring)
164{
165 const struct public_key *pk;
166 struct key *key;
167 int ret = 1;
98 168
99 pr_devel("<==%s() = %d\n", __func__, ret); 169 key = x509_request_asymmetric_key(trust_keyring,
170 cert->issuer, strlen(cert->issuer),
171 cert->authority,
172 strlen(cert->authority));
173 if (!IS_ERR(key)) {
174 pk = key->payload.data;
175 ret = x509_check_signature(pk, cert);
176 }
100 return ret; 177 return ret;
101} 178}
102 179
@@ -106,7 +183,6 @@ error_no_sig:
106static int x509_key_preparse(struct key_preparsed_payload *prep) 183static int x509_key_preparse(struct key_preparsed_payload *prep)
107{ 184{
108 struct x509_certificate *cert; 185 struct x509_certificate *cert;
109 struct tm now;
110 size_t srlen, sulen; 186 size_t srlen, sulen;
111 char *desc = NULL; 187 char *desc = NULL;
112 int ret; 188 int ret;
@@ -117,7 +193,18 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
117 193
118 pr_devel("Cert Issuer: %s\n", cert->issuer); 194 pr_devel("Cert Issuer: %s\n", cert->issuer);
119 pr_devel("Cert Subject: %s\n", cert->subject); 195 pr_devel("Cert Subject: %s\n", cert->subject);
120 pr_devel("Cert Key Algo: %s\n", pkey_algo[cert->pkey_algo]); 196
197 if (cert->pub->pkey_algo >= PKEY_ALGO__LAST ||
198 cert->sig.pkey_algo >= PKEY_ALGO__LAST ||
199 cert->sig.pkey_hash_algo >= PKEY_HASH__LAST ||
200 !pkey_algo[cert->pub->pkey_algo] ||
201 !pkey_algo[cert->sig.pkey_algo] ||
202 !hash_algo_name[cert->sig.pkey_hash_algo]) {
203 ret = -ENOPKG;
204 goto error_free_cert;
205 }
206
207 pr_devel("Cert Key Algo: %s\n", pkey_algo_name[cert->pub->pkey_algo]);
121 pr_devel("Cert Valid From: %04ld-%02d-%02d %02d:%02d:%02d\n", 208 pr_devel("Cert Valid From: %04ld-%02d-%02d %02d:%02d:%02d\n",
122 cert->valid_from.tm_year + 1900, cert->valid_from.tm_mon + 1, 209 cert->valid_from.tm_year + 1900, cert->valid_from.tm_mon + 1,
123 cert->valid_from.tm_mday, cert->valid_from.tm_hour, 210 cert->valid_from.tm_mday, cert->valid_from.tm_hour,
@@ -127,61 +214,29 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
127 cert->valid_to.tm_mday, cert->valid_to.tm_hour, 214 cert->valid_to.tm_mday, cert->valid_to.tm_hour,
128 cert->valid_to.tm_min, cert->valid_to.tm_sec); 215 cert->valid_to.tm_min, cert->valid_to.tm_sec);
129 pr_devel("Cert Signature: %s + %s\n", 216 pr_devel("Cert Signature: %s + %s\n",
130 pkey_algo[cert->sig_pkey_algo], 217 pkey_algo_name[cert->sig.pkey_algo],
131 pkey_hash_algo[cert->sig_hash_algo]); 218 hash_algo_name[cert->sig.pkey_hash_algo]);
132 219
133 if (!cert->fingerprint || !cert->authority) { 220 if (!cert->fingerprint) {
134 pr_warn("Cert for '%s' must have SubjKeyId and AuthKeyId extensions\n", 221 pr_warn("Cert for '%s' must have a SubjKeyId extension\n",
135 cert->subject); 222 cert->subject);
136 ret = -EKEYREJECTED; 223 ret = -EKEYREJECTED;
137 goto error_free_cert; 224 goto error_free_cert;
138 } 225 }
139 226
140 time_to_tm(CURRENT_TIME.tv_sec, 0, &now); 227 cert->pub->algo = pkey_algo[cert->pub->pkey_algo];
141 pr_devel("Now: %04ld-%02d-%02d %02d:%02d:%02d\n",
142 now.tm_year + 1900, now.tm_mon + 1, now.tm_mday,
143 now.tm_hour, now.tm_min, now.tm_sec);
144 if (now.tm_year < cert->valid_from.tm_year ||
145 (now.tm_year == cert->valid_from.tm_year &&
146 (now.tm_mon < cert->valid_from.tm_mon ||
147 (now.tm_mon == cert->valid_from.tm_mon &&
148 (now.tm_mday < cert->valid_from.tm_mday ||
149 (now.tm_mday == cert->valid_from.tm_mday &&
150 (now.tm_hour < cert->valid_from.tm_hour ||
151 (now.tm_hour == cert->valid_from.tm_hour &&
152 (now.tm_min < cert->valid_from.tm_min ||
153 (now.tm_min == cert->valid_from.tm_min &&
154 (now.tm_sec < cert->valid_from.tm_sec
155 ))))))))))) {
156 pr_warn("Cert %s is not yet valid\n", cert->fingerprint);
157 ret = -EKEYREJECTED;
158 goto error_free_cert;
159 }
160 if (now.tm_year > cert->valid_to.tm_year ||
161 (now.tm_year == cert->valid_to.tm_year &&
162 (now.tm_mon > cert->valid_to.tm_mon ||
163 (now.tm_mon == cert->valid_to.tm_mon &&
164 (now.tm_mday > cert->valid_to.tm_mday ||
165 (now.tm_mday == cert->valid_to.tm_mday &&
166 (now.tm_hour > cert->valid_to.tm_hour ||
167 (now.tm_hour == cert->valid_to.tm_hour &&
168 (now.tm_min > cert->valid_to.tm_min ||
169 (now.tm_min == cert->valid_to.tm_min &&
170 (now.tm_sec > cert->valid_to.tm_sec
171 ))))))))))) {
172 pr_warn("Cert %s has expired\n", cert->fingerprint);
173 ret = -EKEYEXPIRED;
174 goto error_free_cert;
175 }
176
177 cert->pub->algo = x509_public_key_algorithms[cert->pkey_algo];
178 cert->pub->id_type = PKEY_ID_X509; 228 cert->pub->id_type = PKEY_ID_X509;
179 229
180 /* Check the signature on the key */ 230 /* Check the signature on the key if it appears to be self-signed */
181 if (strcmp(cert->fingerprint, cert->authority) == 0) { 231 if (!cert->authority ||
182 ret = x509_check_signature(cert->pub, cert); 232 strcmp(cert->fingerprint, cert->authority) == 0) {
233 ret = x509_check_signature(cert->pub, cert); /* self-signed */
183 if (ret < 0) 234 if (ret < 0)
184 goto error_free_cert; 235 goto error_free_cert;
236 } else {
237 ret = x509_validate_trust(cert, system_trusted_keyring);
238 if (!ret)
239 prep->trusted = 1;
185 } 240 }
186 241
187 /* Propose a description */ 242 /* Propose a description */
@@ -237,3 +292,6 @@ static void __exit x509_key_exit(void)
237 292
238module_init(x509_key_init); 293module_init(x509_key_init);
239module_exit(x509_key_exit); 294module_exit(x509_key_exit);
295
296MODULE_DESCRIPTION("X.509 certificate parser");
297MODULE_LICENSE("GPL");
diff --git a/crypto/hash_info.c b/crypto/hash_info.c
new file mode 100644
index 000000000000..3e7ff46f26e8
--- /dev/null
+++ b/crypto/hash_info.c
@@ -0,0 +1,56 @@
1/*
2 * Hash Info: Hash algorithms information
3 *
4 * Copyright (c) 2013 Dmitry Kasatkin <d.kasatkin@samsung.com>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
9 * any later version.
10 *
11 */
12
13#include <linux/export.h>
14#include <crypto/hash_info.h>
15
16const char *const hash_algo_name[HASH_ALGO__LAST] = {
17 [HASH_ALGO_MD4] = "md4",
18 [HASH_ALGO_MD5] = "md5",
19 [HASH_ALGO_SHA1] = "sha1",
20 [HASH_ALGO_RIPE_MD_160] = "rmd160",
21 [HASH_ALGO_SHA256] = "sha256",
22 [HASH_ALGO_SHA384] = "sha384",
23 [HASH_ALGO_SHA512] = "sha512",
24 [HASH_ALGO_SHA224] = "sha224",
25 [HASH_ALGO_RIPE_MD_128] = "rmd128",
26 [HASH_ALGO_RIPE_MD_256] = "rmd256",
27 [HASH_ALGO_RIPE_MD_320] = "rmd320",
28 [HASH_ALGO_WP_256] = "wp256",
29 [HASH_ALGO_WP_384] = "wp384",
30 [HASH_ALGO_WP_512] = "wp512",
31 [HASH_ALGO_TGR_128] = "tgr128",
32 [HASH_ALGO_TGR_160] = "tgr160",
33 [HASH_ALGO_TGR_192] = "tgr192",
34};
35EXPORT_SYMBOL_GPL(hash_algo_name);
36
37const int hash_digest_size[HASH_ALGO__LAST] = {
38 [HASH_ALGO_MD4] = MD5_DIGEST_SIZE,
39 [HASH_ALGO_MD5] = MD5_DIGEST_SIZE,
40 [HASH_ALGO_SHA1] = SHA1_DIGEST_SIZE,
41 [HASH_ALGO_RIPE_MD_160] = RMD160_DIGEST_SIZE,
42 [HASH_ALGO_SHA256] = SHA256_DIGEST_SIZE,
43 [HASH_ALGO_SHA384] = SHA384_DIGEST_SIZE,
44 [HASH_ALGO_SHA512] = SHA512_DIGEST_SIZE,
45 [HASH_ALGO_SHA224] = SHA224_DIGEST_SIZE,
46 [HASH_ALGO_RIPE_MD_128] = RMD128_DIGEST_SIZE,
47 [HASH_ALGO_RIPE_MD_256] = RMD256_DIGEST_SIZE,
48 [HASH_ALGO_RIPE_MD_320] = RMD320_DIGEST_SIZE,
49 [HASH_ALGO_WP_256] = WP256_DIGEST_SIZE,
50 [HASH_ALGO_WP_384] = WP384_DIGEST_SIZE,
51 [HASH_ALGO_WP_512] = WP512_DIGEST_SIZE,
52 [HASH_ALGO_TGR_128] = TGR128_DIGEST_SIZE,
53 [HASH_ALGO_TGR_160] = TGR160_DIGEST_SIZE,
54 [HASH_ALGO_TGR_192] = TGR192_DIGEST_SIZE,
55};
56EXPORT_SYMBOL_GPL(hash_digest_size);
diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
index 94c0c74434ea..1a65838888cd 100644
--- a/drivers/char/tpm/Kconfig
+++ b/drivers/char/tpm/Kconfig
@@ -33,6 +33,15 @@ config TCG_TIS
33 from within Linux. To compile this driver as a module, choose 33 from within Linux. To compile this driver as a module, choose
34 M here; the module will be called tpm_tis. 34 M here; the module will be called tpm_tis.
35 35
36config TCG_TIS_I2C_ATMEL
37 tristate "TPM Interface Specification 1.2 Interface (I2C - Atmel)"
38 depends on I2C
39 ---help---
40 If you have an Atmel I2C TPM security chip say Yes and it will be
41 accessible from within Linux.
42 To compile this driver as a module, choose M here; the module will
43 be called tpm_tis_i2c_atmel.
44
36config TCG_TIS_I2C_INFINEON 45config TCG_TIS_I2C_INFINEON
37 tristate "TPM Interface Specification 1.2 Interface (I2C - Infineon)" 46 tristate "TPM Interface Specification 1.2 Interface (I2C - Infineon)"
38 depends on I2C 47 depends on I2C
@@ -42,7 +51,17 @@ config TCG_TIS_I2C_INFINEON
42 Specification 0.20 say Yes and it will be accessible from within 51 Specification 0.20 say Yes and it will be accessible from within
43 Linux. 52 Linux.
44 To compile this driver as a module, choose M here; the module 53 To compile this driver as a module, choose M here; the module
45 will be called tpm_tis_i2c_infineon. 54 will be called tpm_i2c_infineon.
55
56config TCG_TIS_I2C_NUVOTON
57 tristate "TPM Interface Specification 1.2 Interface (I2C - Nuvoton)"
58 depends on I2C
59 ---help---
60 If you have a TPM security chip with an I2C interface from
61 Nuvoton Technology Corp. say Yes and it will be accessible
62 from within Linux.
63 To compile this driver as a module, choose M here; the module
64 will be called tpm_i2c_nuvoton.
46 65
47config TCG_NSC 66config TCG_NSC
48 tristate "National Semiconductor TPM Interface" 67 tristate "National Semiconductor TPM Interface"
@@ -82,14 +101,14 @@ config TCG_IBMVTPM
82 as a module, choose M here; the module will be called tpm_ibmvtpm. 101 as a module, choose M here; the module will be called tpm_ibmvtpm.
83 102
84config TCG_ST33_I2C 103config TCG_ST33_I2C
85 tristate "STMicroelectronics ST33 I2C TPM" 104 tristate "STMicroelectronics ST33 I2C TPM"
86 depends on I2C 105 depends on I2C
87 depends on GPIOLIB 106 depends on GPIOLIB
88 ---help--- 107 ---help---
89 If you have a TPM security chip from STMicroelectronics working with 108 If you have a TPM security chip from STMicroelectronics working with
90 an I2C bus say Yes and it will be accessible from within Linux. 109 an I2C bus say Yes and it will be accessible from within Linux.
91 To compile this driver as a module, choose M here; the module will be 110 To compile this driver as a module, choose M here; the module will be
92 called tpm_stm_st33_i2c. 111 called tpm_stm_st33_i2c.
93 112
94config TCG_XEN 113config TCG_XEN
95 tristate "XEN TPM Interface" 114 tristate "XEN TPM Interface"
diff --git a/drivers/char/tpm/Makefile b/drivers/char/tpm/Makefile
index eb41ff97d0ad..b80a4000daee 100644
--- a/drivers/char/tpm/Makefile
+++ b/drivers/char/tpm/Makefile
@@ -2,17 +2,20 @@
2# Makefile for the kernel tpm device drivers. 2# Makefile for the kernel tpm device drivers.
3# 3#
4obj-$(CONFIG_TCG_TPM) += tpm.o 4obj-$(CONFIG_TCG_TPM) += tpm.o
5tpm-y := tpm-interface.o
6tpm-$(CONFIG_ACPI) += tpm_ppi.o
7
5ifdef CONFIG_ACPI 8ifdef CONFIG_ACPI
6 obj-$(CONFIG_TCG_TPM) += tpm_bios.o 9 tpm-y += tpm_eventlog.o tpm_acpi.o
7 tpm_bios-objs += tpm_eventlog.o tpm_acpi.o tpm_ppi.o
8else 10else
9ifdef CONFIG_TCG_IBMVTPM 11ifdef CONFIG_TCG_IBMVTPM
10 obj-$(CONFIG_TCG_TPM) += tpm_bios.o 12 tpm-y += tpm_eventlog.o tpm_of.o
11 tpm_bios-objs += tpm_eventlog.o tpm_of.o
12endif 13endif
13endif 14endif
14obj-$(CONFIG_TCG_TIS) += tpm_tis.o 15obj-$(CONFIG_TCG_TIS) += tpm_tis.o
16obj-$(CONFIG_TCG_TIS_I2C_ATMEL) += tpm_i2c_atmel.o
15obj-$(CONFIG_TCG_TIS_I2C_INFINEON) += tpm_i2c_infineon.o 17obj-$(CONFIG_TCG_TIS_I2C_INFINEON) += tpm_i2c_infineon.o
18obj-$(CONFIG_TCG_TIS_I2C_NUVOTON) += tpm_i2c_nuvoton.o
16obj-$(CONFIG_TCG_NSC) += tpm_nsc.o 19obj-$(CONFIG_TCG_NSC) += tpm_nsc.o
17obj-$(CONFIG_TCG_ATMEL) += tpm_atmel.o 20obj-$(CONFIG_TCG_ATMEL) += tpm_atmel.o
18obj-$(CONFIG_TCG_INFINEON) += tpm_infineon.o 21obj-$(CONFIG_TCG_INFINEON) += tpm_infineon.o
diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm-interface.c
index e3c974a6c522..6ae41d337630 100644
--- a/drivers/char/tpm/tpm.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -10,13 +10,13 @@
10 * Maintained by: <tpmdd-devel@lists.sourceforge.net> 10 * Maintained by: <tpmdd-devel@lists.sourceforge.net>
11 * 11 *
12 * Device driver for TCG/TCPA TPM (trusted platform module). 12 * Device driver for TCG/TCPA TPM (trusted platform module).
13 * Specifications at www.trustedcomputinggroup.org 13 * Specifications at www.trustedcomputinggroup.org
14 * 14 *
15 * This program is free software; you can redistribute it and/or 15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License as 16 * modify it under the terms of the GNU General Public License as
17 * published by the Free Software Foundation, version 2 of the 17 * published by the Free Software Foundation, version 2 of the
18 * License. 18 * License.
19 * 19 *
20 * Note, the TPM chip is not interrupt driven (only polling) 20 * Note, the TPM chip is not interrupt driven (only polling)
21 * and can have very long timeouts (minutes!). Hence the unusual 21 * and can have very long timeouts (minutes!). Hence the unusual
22 * calls to msleep. 22 * calls to msleep.
@@ -371,13 +371,14 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
371 return -ENODATA; 371 return -ENODATA;
372 if (count > bufsiz) { 372 if (count > bufsiz) {
373 dev_err(chip->dev, 373 dev_err(chip->dev,
374 "invalid count value %x %zx \n", count, bufsiz); 374 "invalid count value %x %zx\n", count, bufsiz);
375 return -E2BIG; 375 return -E2BIG;
376 } 376 }
377 377
378 mutex_lock(&chip->tpm_mutex); 378 mutex_lock(&chip->tpm_mutex);
379 379
380 if ((rc = chip->vendor.send(chip, (u8 *) buf, count)) < 0) { 380 rc = chip->vendor.send(chip, (u8 *) buf, count);
381 if (rc < 0) {
381 dev_err(chip->dev, 382 dev_err(chip->dev,
382 "tpm_transmit: tpm_send: error %zd\n", rc); 383 "tpm_transmit: tpm_send: error %zd\n", rc);
383 goto out; 384 goto out;
@@ -444,7 +445,7 @@ static ssize_t transmit_cmd(struct tpm_chip *chip, struct tpm_cmd_t *cmd,
444{ 445{
445 int err; 446 int err;
446 447
447 len = tpm_transmit(chip,(u8 *) cmd, len); 448 len = tpm_transmit(chip, (u8 *) cmd, len);
448 if (len < 0) 449 if (len < 0)
449 return len; 450 return len;
450 else if (len < TPM_HEADER_SIZE) 451 else if (len < TPM_HEADER_SIZE)
@@ -658,7 +659,7 @@ static int tpm_continue_selftest(struct tpm_chip *chip)
658 return rc; 659 return rc;
659} 660}
660 661
661ssize_t tpm_show_enabled(struct device * dev, struct device_attribute * attr, 662ssize_t tpm_show_enabled(struct device *dev, struct device_attribute *attr,
662 char *buf) 663 char *buf)
663{ 664{
664 cap_t cap; 665 cap_t cap;
@@ -674,7 +675,7 @@ ssize_t tpm_show_enabled(struct device * dev, struct device_attribute * attr,
674} 675}
675EXPORT_SYMBOL_GPL(tpm_show_enabled); 676EXPORT_SYMBOL_GPL(tpm_show_enabled);
676 677
677ssize_t tpm_show_active(struct device * dev, struct device_attribute * attr, 678ssize_t tpm_show_active(struct device *dev, struct device_attribute *attr,
678 char *buf) 679 char *buf)
679{ 680{
680 cap_t cap; 681 cap_t cap;
@@ -690,7 +691,7 @@ ssize_t tpm_show_active(struct device * dev, struct device_attribute * attr,
690} 691}
691EXPORT_SYMBOL_GPL(tpm_show_active); 692EXPORT_SYMBOL_GPL(tpm_show_active);
692 693
693ssize_t tpm_show_owned(struct device * dev, struct device_attribute * attr, 694ssize_t tpm_show_owned(struct device *dev, struct device_attribute *attr,
694 char *buf) 695 char *buf)
695{ 696{
696 cap_t cap; 697 cap_t cap;
@@ -706,8 +707,8 @@ ssize_t tpm_show_owned(struct device * dev, struct device_attribute * attr,
706} 707}
707EXPORT_SYMBOL_GPL(tpm_show_owned); 708EXPORT_SYMBOL_GPL(tpm_show_owned);
708 709
709ssize_t tpm_show_temp_deactivated(struct device * dev, 710ssize_t tpm_show_temp_deactivated(struct device *dev,
710 struct device_attribute * attr, char *buf) 711 struct device_attribute *attr, char *buf)
711{ 712{
712 cap_t cap; 713 cap_t cap;
713 ssize_t rc; 714 ssize_t rc;
@@ -769,10 +770,10 @@ static int __tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
769 770
770/** 771/**
771 * tpm_pcr_read - read a pcr value 772 * tpm_pcr_read - read a pcr value
772 * @chip_num: tpm idx # or ANY 773 * @chip_num: tpm idx # or ANY
773 * @pcr_idx: pcr idx to retrieve 774 * @pcr_idx: pcr idx to retrieve
774 * @res_buf: TPM_PCR value 775 * @res_buf: TPM_PCR value
775 * size of res_buf is 20 bytes (or NULL if you don't care) 776 * size of res_buf is 20 bytes (or NULL if you don't care)
776 * 777 *
777 * The TPM driver should be built-in, but for whatever reason it 778 * The TPM driver should be built-in, but for whatever reason it
778 * isn't, protect against the chip disappearing, by incrementing 779 * isn't, protect against the chip disappearing, by incrementing
@@ -794,9 +795,9 @@ EXPORT_SYMBOL_GPL(tpm_pcr_read);
794 795
795/** 796/**
796 * tpm_pcr_extend - extend pcr value with hash 797 * tpm_pcr_extend - extend pcr value with hash
797 * @chip_num: tpm idx # or AN& 798 * @chip_num: tpm idx # or AN&
798 * @pcr_idx: pcr idx to extend 799 * @pcr_idx: pcr idx to extend
799 * @hash: hash value used to extend pcr value 800 * @hash: hash value used to extend pcr value
800 * 801 *
801 * The TPM driver should be built-in, but for whatever reason it 802 * The TPM driver should be built-in, but for whatever reason it
802 * isn't, protect against the chip disappearing, by incrementing 803 * isn't, protect against the chip disappearing, by incrementing
@@ -847,8 +848,7 @@ int tpm_do_selftest(struct tpm_chip *chip)
847 unsigned long duration; 848 unsigned long duration;
848 struct tpm_cmd_t cmd; 849 struct tpm_cmd_t cmd;
849 850
850 duration = tpm_calc_ordinal_duration(chip, 851 duration = tpm_calc_ordinal_duration(chip, TPM_ORD_CONTINUE_SELFTEST);
851 TPM_ORD_CONTINUE_SELFTEST);
852 852
853 loops = jiffies_to_msecs(duration) / delay_msec; 853 loops = jiffies_to_msecs(duration) / delay_msec;
854 854
@@ -965,12 +965,12 @@ ssize_t tpm_show_pubek(struct device *dev, struct device_attribute *attr,
965 if (err) 965 if (err)
966 goto out; 966 goto out;
967 967
968 /* 968 /*
969 ignore header 10 bytes 969 ignore header 10 bytes
970 algorithm 32 bits (1 == RSA ) 970 algorithm 32 bits (1 == RSA )
971 encscheme 16 bits 971 encscheme 16 bits
972 sigscheme 16 bits 972 sigscheme 16 bits
973 parameters (RSA 12->bytes: keybit, #primes, expbit) 973 parameters (RSA 12->bytes: keybit, #primes, expbit)
974 keylenbytes 32 bits 974 keylenbytes 32 bits
975 256 byte modulus 975 256 byte modulus
976 ignore checksum 20 bytes 976 ignore checksum 20 bytes
@@ -1020,43 +1020,33 @@ ssize_t tpm_show_caps(struct device *dev, struct device_attribute *attr,
1020 str += sprintf(str, "Manufacturer: 0x%x\n", 1020 str += sprintf(str, "Manufacturer: 0x%x\n",
1021 be32_to_cpu(cap.manufacturer_id)); 1021 be32_to_cpu(cap.manufacturer_id));
1022 1022
1023 rc = tpm_getcap(dev, CAP_VERSION_1_1, &cap, 1023 /* Try to get a TPM version 1.2 TPM_CAP_VERSION_INFO */
1024 "attempting to determine the 1.1 version");
1025 if (rc)
1026 return 0;
1027 str += sprintf(str,
1028 "TCG version: %d.%d\nFirmware version: %d.%d\n",
1029 cap.tpm_version.Major, cap.tpm_version.Minor,
1030 cap.tpm_version.revMajor, cap.tpm_version.revMinor);
1031 return str - buf;
1032}
1033EXPORT_SYMBOL_GPL(tpm_show_caps);
1034
1035ssize_t tpm_show_caps_1_2(struct device * dev,
1036 struct device_attribute * attr, char *buf)
1037{
1038 cap_t cap;
1039 ssize_t rc;
1040 char *str = buf;
1041
1042 rc = tpm_getcap(dev, TPM_CAP_PROP_MANUFACTURER, &cap,
1043 "attempting to determine the manufacturer");
1044 if (rc)
1045 return 0;
1046 str += sprintf(str, "Manufacturer: 0x%x\n",
1047 be32_to_cpu(cap.manufacturer_id));
1048 rc = tpm_getcap(dev, CAP_VERSION_1_2, &cap, 1024 rc = tpm_getcap(dev, CAP_VERSION_1_2, &cap,
1049 "attempting to determine the 1.2 version"); 1025 "attempting to determine the 1.2 version");
1050 if (rc) 1026 if (!rc) {
1051 return 0; 1027 str += sprintf(str,
1052 str += sprintf(str, 1028 "TCG version: %d.%d\nFirmware version: %d.%d\n",
1053 "TCG version: %d.%d\nFirmware version: %d.%d\n", 1029 cap.tpm_version_1_2.Major,
1054 cap.tpm_version_1_2.Major, cap.tpm_version_1_2.Minor, 1030 cap.tpm_version_1_2.Minor,
1055 cap.tpm_version_1_2.revMajor, 1031 cap.tpm_version_1_2.revMajor,
1056 cap.tpm_version_1_2.revMinor); 1032 cap.tpm_version_1_2.revMinor);
1033 } else {
1034 /* Otherwise just use TPM_STRUCT_VER */
1035 rc = tpm_getcap(dev, CAP_VERSION_1_1, &cap,
1036 "attempting to determine the 1.1 version");
1037 if (rc)
1038 return 0;
1039 str += sprintf(str,
1040 "TCG version: %d.%d\nFirmware version: %d.%d\n",
1041 cap.tpm_version.Major,
1042 cap.tpm_version.Minor,
1043 cap.tpm_version.revMajor,
1044 cap.tpm_version.revMinor);
1045 }
1046
1057 return str - buf; 1047 return str - buf;
1058} 1048}
1059EXPORT_SYMBOL_GPL(tpm_show_caps_1_2); 1049EXPORT_SYMBOL_GPL(tpm_show_caps);
1060 1050
1061ssize_t tpm_show_durations(struct device *dev, struct device_attribute *attr, 1051ssize_t tpm_show_durations(struct device *dev, struct device_attribute *attr,
1062 char *buf) 1052 char *buf)
@@ -1102,8 +1092,8 @@ ssize_t tpm_store_cancel(struct device *dev, struct device_attribute *attr,
1102} 1092}
1103EXPORT_SYMBOL_GPL(tpm_store_cancel); 1093EXPORT_SYMBOL_GPL(tpm_store_cancel);
1104 1094
1105static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask, bool check_cancel, 1095static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask,
1106 bool *canceled) 1096 bool check_cancel, bool *canceled)
1107{ 1097{
1108 u8 status = chip->vendor.status(chip); 1098 u8 status = chip->vendor.status(chip);
1109 1099
@@ -1170,38 +1160,25 @@ EXPORT_SYMBOL_GPL(wait_for_tpm_stat);
1170 */ 1160 */
1171int tpm_open(struct inode *inode, struct file *file) 1161int tpm_open(struct inode *inode, struct file *file)
1172{ 1162{
1173 int minor = iminor(inode); 1163 struct miscdevice *misc = file->private_data;
1174 struct tpm_chip *chip = NULL, *pos; 1164 struct tpm_chip *chip = container_of(misc, struct tpm_chip,
1175 1165 vendor.miscdev);
1176 rcu_read_lock();
1177 list_for_each_entry_rcu(pos, &tpm_chip_list, list) {
1178 if (pos->vendor.miscdev.minor == minor) {
1179 chip = pos;
1180 get_device(chip->dev);
1181 break;
1182 }
1183 }
1184 rcu_read_unlock();
1185
1186 if (!chip)
1187 return -ENODEV;
1188 1166
1189 if (test_and_set_bit(0, &chip->is_open)) { 1167 if (test_and_set_bit(0, &chip->is_open)) {
1190 dev_dbg(chip->dev, "Another process owns this TPM\n"); 1168 dev_dbg(chip->dev, "Another process owns this TPM\n");
1191 put_device(chip->dev);
1192 return -EBUSY; 1169 return -EBUSY;
1193 } 1170 }
1194 1171
1195 chip->data_buffer = kzalloc(TPM_BUFSIZE, GFP_KERNEL); 1172 chip->data_buffer = kzalloc(TPM_BUFSIZE, GFP_KERNEL);
1196 if (chip->data_buffer == NULL) { 1173 if (chip->data_buffer == NULL) {
1197 clear_bit(0, &chip->is_open); 1174 clear_bit(0, &chip->is_open);
1198 put_device(chip->dev);
1199 return -ENOMEM; 1175 return -ENOMEM;
1200 } 1176 }
1201 1177
1202 atomic_set(&chip->data_pending, 0); 1178 atomic_set(&chip->data_pending, 0);
1203 1179
1204 file->private_data = chip; 1180 file->private_data = chip;
1181 get_device(chip->dev);
1205 return 0; 1182 return 0;
1206} 1183}
1207EXPORT_SYMBOL_GPL(tpm_open); 1184EXPORT_SYMBOL_GPL(tpm_open);
@@ -1463,7 +1440,6 @@ void tpm_dev_vendor_release(struct tpm_chip *chip)
1463 chip->vendor.release(chip->dev); 1440 chip->vendor.release(chip->dev);
1464 1441
1465 clear_bit(chip->dev_num, dev_mask); 1442 clear_bit(chip->dev_num, dev_mask);
1466 kfree(chip->vendor.miscdev.name);
1467} 1443}
1468EXPORT_SYMBOL_GPL(tpm_dev_vendor_release); 1444EXPORT_SYMBOL_GPL(tpm_dev_vendor_release);
1469 1445
@@ -1487,7 +1463,7 @@ void tpm_dev_release(struct device *dev)
1487EXPORT_SYMBOL_GPL(tpm_dev_release); 1463EXPORT_SYMBOL_GPL(tpm_dev_release);
1488 1464
1489/* 1465/*
1490 * Called from tpm_<specific>.c probe function only for devices 1466 * Called from tpm_<specific>.c probe function only for devices
1491 * the driver has determined it should claim. Prior to calling 1467 * the driver has determined it should claim. Prior to calling
1492 * this function the specific probe function has called pci_enable_device 1468 * this function the specific probe function has called pci_enable_device
1493 * upon errant exit from this function specific probe function should call 1469 * upon errant exit from this function specific probe function should call
@@ -1496,17 +1472,13 @@ EXPORT_SYMBOL_GPL(tpm_dev_release);
1496struct tpm_chip *tpm_register_hardware(struct device *dev, 1472struct tpm_chip *tpm_register_hardware(struct device *dev,
1497 const struct tpm_vendor_specific *entry) 1473 const struct tpm_vendor_specific *entry)
1498{ 1474{
1499#define DEVNAME_SIZE 7
1500
1501 char *devname;
1502 struct tpm_chip *chip; 1475 struct tpm_chip *chip;
1503 1476
1504 /* Driver specific per-device data */ 1477 /* Driver specific per-device data */
1505 chip = kzalloc(sizeof(*chip), GFP_KERNEL); 1478 chip = kzalloc(sizeof(*chip), GFP_KERNEL);
1506 devname = kmalloc(DEVNAME_SIZE, GFP_KERNEL);
1507 1479
1508 if (chip == NULL || devname == NULL) 1480 if (chip == NULL)
1509 goto out_free; 1481 return NULL;
1510 1482
1511 mutex_init(&chip->buffer_mutex); 1483 mutex_init(&chip->buffer_mutex);
1512 mutex_init(&chip->tpm_mutex); 1484 mutex_init(&chip->tpm_mutex);
@@ -1531,8 +1503,9 @@ struct tpm_chip *tpm_register_hardware(struct device *dev,
1531 1503
1532 set_bit(chip->dev_num, dev_mask); 1504 set_bit(chip->dev_num, dev_mask);
1533 1505
1534 scnprintf(devname, DEVNAME_SIZE, "%s%d", "tpm", chip->dev_num); 1506 scnprintf(chip->devname, sizeof(chip->devname), "%s%d", "tpm",
1535 chip->vendor.miscdev.name = devname; 1507 chip->dev_num);
1508 chip->vendor.miscdev.name = chip->devname;
1536 1509
1537 chip->vendor.miscdev.parent = dev; 1510 chip->vendor.miscdev.parent = dev;
1538 chip->dev = get_device(dev); 1511 chip->dev = get_device(dev);
@@ -1558,7 +1531,7 @@ struct tpm_chip *tpm_register_hardware(struct device *dev,
1558 goto put_device; 1531 goto put_device;
1559 } 1532 }
1560 1533
1561 chip->bios_dir = tpm_bios_log_setup(devname); 1534 chip->bios_dir = tpm_bios_log_setup(chip->devname);
1562 1535
1563 /* Make chip available */ 1536 /* Make chip available */
1564 spin_lock(&driver_lock); 1537 spin_lock(&driver_lock);
@@ -1571,7 +1544,6 @@ put_device:
1571 put_device(chip->dev); 1544 put_device(chip->dev);
1572out_free: 1545out_free:
1573 kfree(chip); 1546 kfree(chip);
1574 kfree(devname);
1575 return NULL; 1547 return NULL;
1576} 1548}
1577EXPORT_SYMBOL_GPL(tpm_register_hardware); 1549EXPORT_SYMBOL_GPL(tpm_register_hardware);
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index a7bfc176ed43..f32847872193 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -59,8 +59,6 @@ extern ssize_t tpm_show_pcrs(struct device *, struct device_attribute *attr,
59 char *); 59 char *);
60extern ssize_t tpm_show_caps(struct device *, struct device_attribute *attr, 60extern ssize_t tpm_show_caps(struct device *, struct device_attribute *attr,
61 char *); 61 char *);
62extern ssize_t tpm_show_caps_1_2(struct device *, struct device_attribute *attr,
63 char *);
64extern ssize_t tpm_store_cancel(struct device *, struct device_attribute *attr, 62extern ssize_t tpm_store_cancel(struct device *, struct device_attribute *attr,
65 const char *, size_t); 63 const char *, size_t);
66extern ssize_t tpm_show_enabled(struct device *, struct device_attribute *attr, 64extern ssize_t tpm_show_enabled(struct device *, struct device_attribute *attr,
@@ -122,6 +120,7 @@ struct tpm_chip {
122 struct device *dev; /* Device stuff */ 120 struct device *dev; /* Device stuff */
123 121
124 int dev_num; /* /dev/tpm# */ 122 int dev_num; /* /dev/tpm# */
123 char devname[7];
125 unsigned long is_open; /* only one allowed */ 124 unsigned long is_open; /* only one allowed */
126 int time_expired; 125 int time_expired;
127 126
diff --git a/drivers/char/tpm/tpm_atmel.c b/drivers/char/tpm/tpm_atmel.c
index 99d6820c611d..c9a528d25d22 100644
--- a/drivers/char/tpm/tpm_atmel.c
+++ b/drivers/char/tpm/tpm_atmel.c
@@ -202,7 +202,7 @@ static int __init init_atmel(void)
202 202
203 have_region = 203 have_region =
204 (atmel_request_region 204 (atmel_request_region
205 (tpm_atmel.base, region_size, "tpm_atmel0") == NULL) ? 0 : 1; 205 (base, region_size, "tpm_atmel0") == NULL) ? 0 : 1;
206 206
207 pdev = platform_device_register_simple("tpm_atmel", -1, NULL, 0); 207 pdev = platform_device_register_simple("tpm_atmel", -1, NULL, 0);
208 if (IS_ERR(pdev)) { 208 if (IS_ERR(pdev)) {
diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c
index 84ddc557b8f8..59f7cb28260b 100644
--- a/drivers/char/tpm/tpm_eventlog.c
+++ b/drivers/char/tpm/tpm_eventlog.c
@@ -406,7 +406,6 @@ out_tpm:
406out: 406out:
407 return NULL; 407 return NULL;
408} 408}
409EXPORT_SYMBOL_GPL(tpm_bios_log_setup);
410 409
411void tpm_bios_log_teardown(struct dentry **lst) 410void tpm_bios_log_teardown(struct dentry **lst)
412{ 411{
@@ -415,5 +414,3 @@ void tpm_bios_log_teardown(struct dentry **lst)
415 for (i = 0; i < 3; i++) 414 for (i = 0; i < 3; i++)
416 securityfs_remove(lst[i]); 415 securityfs_remove(lst[i]);
417} 416}
418EXPORT_SYMBOL_GPL(tpm_bios_log_teardown);
419MODULE_LICENSE("GPL");
diff --git a/drivers/char/tpm/tpm_i2c_atmel.c b/drivers/char/tpm/tpm_i2c_atmel.c
new file mode 100644
index 000000000000..c3cd7fe481a1
--- /dev/null
+++ b/drivers/char/tpm/tpm_i2c_atmel.c
@@ -0,0 +1,284 @@
1/*
2 * ATMEL I2C TPM AT97SC3204T
3 *
4 * Copyright (C) 2012 V Lab Technologies
5 * Teddy Reed <teddy@prosauce.org>
6 * Copyright (C) 2013, Obsidian Research Corp.
7 * Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
8 * Device driver for ATMEL I2C TPMs.
9 *
10 * Teddy Reed determined the basic I2C command flow, unlike other I2C TPM
11 * devices the raw TCG formatted TPM command data is written via I2C and then
12 * raw TCG formatted TPM command data is returned via I2C.
13 *
14 * TGC status/locality/etc functions seen in the LPC implementation do not
15 * seem to be present.
16 *
17 * This program is free software: you can redistribute it and/or modify
18 * it under the terms of the GNU General Public License as published by
19 * the Free Software Foundation, either version 2 of the License, or
20 * (at your option) any later version.
21 *
22 * This program is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * You should have received a copy of the GNU General Public License
28 * along with this program. If not, see http://www.gnu.org/licenses/>.
29 */
30#include <linux/init.h>
31#include <linux/module.h>
32#include <linux/moduleparam.h>
33#include <linux/slab.h>
34#include <linux/i2c.h>
35#include "tpm.h"
36
37#define I2C_DRIVER_NAME "tpm_i2c_atmel"
38
39#define TPM_I2C_SHORT_TIMEOUT 750 /* ms */
40#define TPM_I2C_LONG_TIMEOUT 2000 /* 2 sec */
41
42#define ATMEL_STS_OK 1
43
44struct priv_data {
45 size_t len;
46 /* This is the amount we read on the first try. 25 was chosen to fit a
47 * fair number of read responses in the buffer so a 2nd retry can be
48 * avoided in small message cases. */
49 u8 buffer[sizeof(struct tpm_output_header) + 25];
50};
51
52static int i2c_atmel_send(struct tpm_chip *chip, u8 *buf, size_t len)
53{
54 struct priv_data *priv = chip->vendor.priv;
55 struct i2c_client *client = to_i2c_client(chip->dev);
56 s32 status;
57
58 priv->len = 0;
59
60 if (len <= 2)
61 return -EIO;
62
63 status = i2c_master_send(client, buf, len);
64
65 dev_dbg(chip->dev,
66 "%s(buf=%*ph len=%0zx) -> sts=%d\n", __func__,
67 (int)min_t(size_t, 64, len), buf, len, status);
68 return status;
69}
70
71static int i2c_atmel_recv(struct tpm_chip *chip, u8 *buf, size_t count)
72{
73 struct priv_data *priv = chip->vendor.priv;
74 struct i2c_client *client = to_i2c_client(chip->dev);
75 struct tpm_output_header *hdr =
76 (struct tpm_output_header *)priv->buffer;
77 u32 expected_len;
78 int rc;
79
80 if (priv->len == 0)
81 return -EIO;
82
83 /* Get the message size from the message header, if we didn't get the
84 * whole message in read_status then we need to re-read the
85 * message. */
86 expected_len = be32_to_cpu(hdr->length);
87 if (expected_len > count)
88 return -ENOMEM;
89
90 if (priv->len >= expected_len) {
91 dev_dbg(chip->dev,
92 "%s early(buf=%*ph count=%0zx) -> ret=%d\n", __func__,
93 (int)min_t(size_t, 64, expected_len), buf, count,
94 expected_len);
95 memcpy(buf, priv->buffer, expected_len);
96 return expected_len;
97 }
98
99 rc = i2c_master_recv(client, buf, expected_len);
100 dev_dbg(chip->dev,
101 "%s reread(buf=%*ph count=%0zx) -> ret=%d\n", __func__,
102 (int)min_t(size_t, 64, expected_len), buf, count,
103 expected_len);
104 return rc;
105}
106
107static void i2c_atmel_cancel(struct tpm_chip *chip)
108{
109 dev_err(chip->dev, "TPM operation cancellation was requested, but is not supported");
110}
111
112static u8 i2c_atmel_read_status(struct tpm_chip *chip)
113{
114 struct priv_data *priv = chip->vendor.priv;
115 struct i2c_client *client = to_i2c_client(chip->dev);
116 int rc;
117
118 /* The TPM fails the I2C read until it is ready, so we do the entire
119 * transfer here and buffer it locally. This way the common code can
120 * properly handle the timeouts. */
121 priv->len = 0;
122 memset(priv->buffer, 0, sizeof(priv->buffer));
123
124
125 /* Once the TPM has completed the command the command remains readable
126 * until another command is issued. */
127 rc = i2c_master_recv(client, priv->buffer, sizeof(priv->buffer));
128 dev_dbg(chip->dev,
129 "%s: sts=%d", __func__, rc);
130 if (rc <= 0)
131 return 0;
132
133 priv->len = rc;
134
135 return ATMEL_STS_OK;
136}
137
138static const struct file_operations i2c_atmel_ops = {
139 .owner = THIS_MODULE,
140 .llseek = no_llseek,
141 .open = tpm_open,
142 .read = tpm_read,
143 .write = tpm_write,
144 .release = tpm_release,
145};
146
147static DEVICE_ATTR(pubek, S_IRUGO, tpm_show_pubek, NULL);
148static DEVICE_ATTR(pcrs, S_IRUGO, tpm_show_pcrs, NULL);
149static DEVICE_ATTR(enabled, S_IRUGO, tpm_show_enabled, NULL);
150static DEVICE_ATTR(active, S_IRUGO, tpm_show_active, NULL);
151static DEVICE_ATTR(owned, S_IRUGO, tpm_show_owned, NULL);
152static DEVICE_ATTR(temp_deactivated, S_IRUGO, tpm_show_temp_deactivated, NULL);
153static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps, NULL);
154static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel);
155static DEVICE_ATTR(durations, S_IRUGO, tpm_show_durations, NULL);
156static DEVICE_ATTR(timeouts, S_IRUGO, tpm_show_timeouts, NULL);
157
158static struct attribute *i2c_atmel_attrs[] = {
159 &dev_attr_pubek.attr,
160 &dev_attr_pcrs.attr,
161 &dev_attr_enabled.attr,
162 &dev_attr_active.attr,
163 &dev_attr_owned.attr,
164 &dev_attr_temp_deactivated.attr,
165 &dev_attr_caps.attr,
166 &dev_attr_cancel.attr,
167 &dev_attr_durations.attr,
168 &dev_attr_timeouts.attr,
169 NULL,
170};
171
172static struct attribute_group i2c_atmel_attr_grp = {
173 .attrs = i2c_atmel_attrs
174};
175
176static bool i2c_atmel_req_canceled(struct tpm_chip *chip, u8 status)
177{
178 return 0;
179}
180
181static const struct tpm_vendor_specific i2c_atmel = {
182 .status = i2c_atmel_read_status,
183 .recv = i2c_atmel_recv,
184 .send = i2c_atmel_send,
185 .cancel = i2c_atmel_cancel,
186 .req_complete_mask = ATMEL_STS_OK,
187 .req_complete_val = ATMEL_STS_OK,
188 .req_canceled = i2c_atmel_req_canceled,
189 .attr_group = &i2c_atmel_attr_grp,
190 .miscdev.fops = &i2c_atmel_ops,
191};
192
193static int i2c_atmel_probe(struct i2c_client *client,
194 const struct i2c_device_id *id)
195{
196 int rc;
197 struct tpm_chip *chip;
198 struct device *dev = &client->dev;
199
200 if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C))
201 return -ENODEV;
202
203 chip = tpm_register_hardware(dev, &i2c_atmel);
204 if (!chip) {
205 dev_err(dev, "%s() error in tpm_register_hardware\n", __func__);
206 return -ENODEV;
207 }
208
209 chip->vendor.priv = devm_kzalloc(dev, sizeof(struct priv_data),
210 GFP_KERNEL);
211
212 /* Default timeouts */
213 chip->vendor.timeout_a = msecs_to_jiffies(TPM_I2C_SHORT_TIMEOUT);
214 chip->vendor.timeout_b = msecs_to_jiffies(TPM_I2C_LONG_TIMEOUT);
215 chip->vendor.timeout_c = msecs_to_jiffies(TPM_I2C_SHORT_TIMEOUT);
216 chip->vendor.timeout_d = msecs_to_jiffies(TPM_I2C_SHORT_TIMEOUT);
217 chip->vendor.irq = 0;
218
219 /* There is no known way to probe for this device, and all version
220 * information seems to be read via TPM commands. Thus we rely on the
221 * TPM startup process in the common code to detect the device. */
222 if (tpm_get_timeouts(chip)) {
223 rc = -ENODEV;
224 goto out_err;
225 }
226
227 if (tpm_do_selftest(chip)) {
228 rc = -ENODEV;
229 goto out_err;
230 }
231
232 return 0;
233
234out_err:
235 tpm_dev_vendor_release(chip);
236 tpm_remove_hardware(chip->dev);
237 return rc;
238}
239
240static int i2c_atmel_remove(struct i2c_client *client)
241{
242 struct device *dev = &(client->dev);
243 struct tpm_chip *chip = dev_get_drvdata(dev);
244
245 if (chip)
246 tpm_dev_vendor_release(chip);
247 tpm_remove_hardware(dev);
248 kfree(chip);
249 return 0;
250}
251
252static const struct i2c_device_id i2c_atmel_id[] = {
253 {I2C_DRIVER_NAME, 0},
254 {}
255};
256MODULE_DEVICE_TABLE(i2c, i2c_atmel_id);
257
258#ifdef CONFIG_OF
259static const struct of_device_id i2c_atmel_of_match[] = {
260 {.compatible = "atmel,at97sc3204t"},
261 {},
262};
263MODULE_DEVICE_TABLE(of, i2c_atmel_of_match);
264#endif
265
266static SIMPLE_DEV_PM_OPS(i2c_atmel_pm_ops, tpm_pm_suspend, tpm_pm_resume);
267
268static struct i2c_driver i2c_atmel_driver = {
269 .id_table = i2c_atmel_id,
270 .probe = i2c_atmel_probe,
271 .remove = i2c_atmel_remove,
272 .driver = {
273 .name = I2C_DRIVER_NAME,
274 .owner = THIS_MODULE,
275 .pm = &i2c_atmel_pm_ops,
276 .of_match_table = of_match_ptr(i2c_atmel_of_match),
277 },
278};
279
280module_i2c_driver(i2c_atmel_driver);
281
282MODULE_AUTHOR("Jason Gunthorpe <jgunthorpe@obsidianresearch.com>");
283MODULE_DESCRIPTION("Atmel TPM I2C Driver");
284MODULE_LICENSE("GPL");
diff --git a/drivers/char/tpm/tpm_i2c_infineon.c b/drivers/char/tpm/tpm_i2c_infineon.c
index b8735de8ce95..fefd2aa5c81e 100644
--- a/drivers/char/tpm/tpm_i2c_infineon.c
+++ b/drivers/char/tpm/tpm_i2c_infineon.c
@@ -581,7 +581,7 @@ static DEVICE_ATTR(enabled, S_IRUGO, tpm_show_enabled, NULL);
581static DEVICE_ATTR(active, S_IRUGO, tpm_show_active, NULL); 581static DEVICE_ATTR(active, S_IRUGO, tpm_show_active, NULL);
582static DEVICE_ATTR(owned, S_IRUGO, tpm_show_owned, NULL); 582static DEVICE_ATTR(owned, S_IRUGO, tpm_show_owned, NULL);
583static DEVICE_ATTR(temp_deactivated, S_IRUGO, tpm_show_temp_deactivated, NULL); 583static DEVICE_ATTR(temp_deactivated, S_IRUGO, tpm_show_temp_deactivated, NULL);
584static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps_1_2, NULL); 584static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps, NULL);
585static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel); 585static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel);
586static DEVICE_ATTR(durations, S_IRUGO, tpm_show_durations, NULL); 586static DEVICE_ATTR(durations, S_IRUGO, tpm_show_durations, NULL);
587static DEVICE_ATTR(timeouts, S_IRUGO, tpm_show_timeouts, NULL); 587static DEVICE_ATTR(timeouts, S_IRUGO, tpm_show_timeouts, NULL);
@@ -685,7 +685,6 @@ out_vendor:
685 chip->dev->release = NULL; 685 chip->dev->release = NULL;
686 chip->release = NULL; 686 chip->release = NULL;
687 tpm_dev.client = NULL; 687 tpm_dev.client = NULL;
688 dev_set_drvdata(chip->dev, chip);
689out_err: 688out_err:
690 return rc; 689 return rc;
691} 690}
@@ -766,7 +765,6 @@ static int tpm_tis_i2c_remove(struct i2c_client *client)
766 chip->dev->release = NULL; 765 chip->dev->release = NULL;
767 chip->release = NULL; 766 chip->release = NULL;
768 tpm_dev.client = NULL; 767 tpm_dev.client = NULL;
769 dev_set_drvdata(chip->dev, chip);
770 768
771 return 0; 769 return 0;
772} 770}
diff --git a/drivers/char/tpm/tpm_i2c_nuvoton.c b/drivers/char/tpm/tpm_i2c_nuvoton.c
new file mode 100644
index 000000000000..6276fea01ff0
--- /dev/null
+++ b/drivers/char/tpm/tpm_i2c_nuvoton.c
@@ -0,0 +1,710 @@
1/******************************************************************************
2 * Nuvoton TPM I2C Device Driver Interface for WPCT301/NPCT501,
3 * based on the TCG TPM Interface Spec version 1.2.
4 * Specifications at www.trustedcomputinggroup.org
5 *
6 * Copyright (C) 2011, Nuvoton Technology Corporation.
7 * Dan Morav <dan.morav@nuvoton.com>
8 * Copyright (C) 2013, Obsidian Research Corp.
9 * Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
10 *
11 * This program is free software: you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation, either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program. If not, see http://www.gnu.org/licenses/>.
23 *
24 * Nuvoton contact information: APC.Support@nuvoton.com
25 *****************************************************************************/
26
27#include <linux/init.h>
28#include <linux/module.h>
29#include <linux/moduleparam.h>
30#include <linux/slab.h>
31#include <linux/interrupt.h>
32#include <linux/wait.h>
33#include <linux/i2c.h>
34#include "tpm.h"
35
36/* I2C interface offsets */
37#define TPM_STS 0x00
38#define TPM_BURST_COUNT 0x01
39#define TPM_DATA_FIFO_W 0x20
40#define TPM_DATA_FIFO_R 0x40
41#define TPM_VID_DID_RID 0x60
42/* TPM command header size */
43#define TPM_HEADER_SIZE 10
44#define TPM_RETRY 5
45/*
46 * I2C bus device maximum buffer size w/o counting I2C address or command
47 * i.e. max size required for I2C write is 34 = addr, command, 32 bytes data
48 */
49#define TPM_I2C_MAX_BUF_SIZE 32
50#define TPM_I2C_RETRY_COUNT 32
51#define TPM_I2C_BUS_DELAY 1 /* msec */
52#define TPM_I2C_RETRY_DELAY_SHORT 2 /* msec */
53#define TPM_I2C_RETRY_DELAY_LONG 10 /* msec */
54
55#define I2C_DRIVER_NAME "tpm_i2c_nuvoton"
56
57struct priv_data {
58 unsigned int intrs;
59};
60
61static s32 i2c_nuvoton_read_buf(struct i2c_client *client, u8 offset, u8 size,
62 u8 *data)
63{
64 s32 status;
65
66 status = i2c_smbus_read_i2c_block_data(client, offset, size, data);
67 dev_dbg(&client->dev,
68 "%s(offset=%u size=%u data=%*ph) -> sts=%d\n", __func__,
69 offset, size, (int)size, data, status);
70 return status;
71}
72
73static s32 i2c_nuvoton_write_buf(struct i2c_client *client, u8 offset, u8 size,
74 u8 *data)
75{
76 s32 status;
77
78 status = i2c_smbus_write_i2c_block_data(client, offset, size, data);
79 dev_dbg(&client->dev,
80 "%s(offset=%u size=%u data=%*ph) -> sts=%d\n", __func__,
81 offset, size, (int)size, data, status);
82 return status;
83}
84
85#define TPM_STS_VALID 0x80
86#define TPM_STS_COMMAND_READY 0x40
87#define TPM_STS_GO 0x20
88#define TPM_STS_DATA_AVAIL 0x10
89#define TPM_STS_EXPECT 0x08
90#define TPM_STS_RESPONSE_RETRY 0x02
91#define TPM_STS_ERR_VAL 0x07 /* bit2...bit0 reads always 0 */
92
93#define TPM_I2C_SHORT_TIMEOUT 750 /* ms */
94#define TPM_I2C_LONG_TIMEOUT 2000 /* 2 sec */
95
96/* read TPM_STS register */
97static u8 i2c_nuvoton_read_status(struct tpm_chip *chip)
98{
99 struct i2c_client *client = to_i2c_client(chip->dev);
100 s32 status;
101 u8 data;
102
103 status = i2c_nuvoton_read_buf(client, TPM_STS, 1, &data);
104 if (status <= 0) {
105 dev_err(chip->dev, "%s() error return %d\n", __func__,
106 status);
107 data = TPM_STS_ERR_VAL;
108 }
109
110 return data;
111}
112
113/* write byte to TPM_STS register */
114static s32 i2c_nuvoton_write_status(struct i2c_client *client, u8 data)
115{
116 s32 status;
117 int i;
118
119 /* this causes the current command to be aborted */
120 for (i = 0, status = -1; i < TPM_I2C_RETRY_COUNT && status < 0; i++) {
121 status = i2c_nuvoton_write_buf(client, TPM_STS, 1, &data);
122 msleep(TPM_I2C_BUS_DELAY);
123 }
124 return status;
125}
126
127/* write commandReady to TPM_STS register */
128static void i2c_nuvoton_ready(struct tpm_chip *chip)
129{
130 struct i2c_client *client = to_i2c_client(chip->dev);
131 s32 status;
132
133 /* this causes the current command to be aborted */
134 status = i2c_nuvoton_write_status(client, TPM_STS_COMMAND_READY);
135 if (status < 0)
136 dev_err(chip->dev,
137 "%s() fail to write TPM_STS.commandReady\n", __func__);
138}
139
140/* read burstCount field from TPM_STS register
141 * return -1 on fail to read */
142static int i2c_nuvoton_get_burstcount(struct i2c_client *client,
143 struct tpm_chip *chip)
144{
145 unsigned long stop = jiffies + chip->vendor.timeout_d;
146 s32 status;
147 int burst_count = -1;
148 u8 data;
149
150 /* wait for burstcount to be non-zero */
151 do {
152 /* in I2C burstCount is 1 byte */
153 status = i2c_nuvoton_read_buf(client, TPM_BURST_COUNT, 1,
154 &data);
155 if (status > 0 && data > 0) {
156 burst_count = min_t(u8, TPM_I2C_MAX_BUF_SIZE, data);
157 break;
158 }
159 msleep(TPM_I2C_BUS_DELAY);
160 } while (time_before(jiffies, stop));
161
162 return burst_count;
163}
164
165/*
166 * WPCT301/NPCT501 SINT# supports only dataAvail
167 * any call to this function which is not waiting for dataAvail will
168 * set queue to NULL to avoid waiting for interrupt
169 */
170static bool i2c_nuvoton_check_status(struct tpm_chip *chip, u8 mask, u8 value)
171{
172 u8 status = i2c_nuvoton_read_status(chip);
173 return (status != TPM_STS_ERR_VAL) && ((status & mask) == value);
174}
175
176static int i2c_nuvoton_wait_for_stat(struct tpm_chip *chip, u8 mask, u8 value,
177 u32 timeout, wait_queue_head_t *queue)
178{
179 if (chip->vendor.irq && queue) {
180 s32 rc;
181 DEFINE_WAIT(wait);
182 struct priv_data *priv = chip->vendor.priv;
183 unsigned int cur_intrs = priv->intrs;
184
185 enable_irq(chip->vendor.irq);
186 rc = wait_event_interruptible_timeout(*queue,
187 cur_intrs != priv->intrs,
188 timeout);
189 if (rc > 0)
190 return 0;
191 /* At this point we know that the SINT pin is asserted, so we
192 * do not need to do i2c_nuvoton_check_status */
193 } else {
194 unsigned long ten_msec, stop;
195 bool status_valid;
196
197 /* check current status */
198 status_valid = i2c_nuvoton_check_status(chip, mask, value);
199 if (status_valid)
200 return 0;
201
202 /* use polling to wait for the event */
203 ten_msec = jiffies + msecs_to_jiffies(TPM_I2C_RETRY_DELAY_LONG);
204 stop = jiffies + timeout;
205 do {
206 if (time_before(jiffies, ten_msec))
207 msleep(TPM_I2C_RETRY_DELAY_SHORT);
208 else
209 msleep(TPM_I2C_RETRY_DELAY_LONG);
210 status_valid = i2c_nuvoton_check_status(chip, mask,
211 value);
212 if (status_valid)
213 return 0;
214 } while (time_before(jiffies, stop));
215 }
216 dev_err(chip->dev, "%s(%02x, %02x) -> timeout\n", __func__, mask,
217 value);
218 return -ETIMEDOUT;
219}
220
221/* wait for dataAvail field to be set in the TPM_STS register */
222static int i2c_nuvoton_wait_for_data_avail(struct tpm_chip *chip, u32 timeout,
223 wait_queue_head_t *queue)
224{
225 return i2c_nuvoton_wait_for_stat(chip,
226 TPM_STS_DATA_AVAIL | TPM_STS_VALID,
227 TPM_STS_DATA_AVAIL | TPM_STS_VALID,
228 timeout, queue);
229}
230
231/* Read @count bytes into @buf from TPM_RD_FIFO register */
232static int i2c_nuvoton_recv_data(struct i2c_client *client,
233 struct tpm_chip *chip, u8 *buf, size_t count)
234{
235 s32 rc;
236 int burst_count, bytes2read, size = 0;
237
238 while (size < count &&
239 i2c_nuvoton_wait_for_data_avail(chip,
240 chip->vendor.timeout_c,
241 &chip->vendor.read_queue) == 0) {
242 burst_count = i2c_nuvoton_get_burstcount(client, chip);
243 if (burst_count < 0) {
244 dev_err(chip->dev,
245 "%s() fail to read burstCount=%d\n", __func__,
246 burst_count);
247 return -EIO;
248 }
249 bytes2read = min_t(size_t, burst_count, count - size);
250 rc = i2c_nuvoton_read_buf(client, TPM_DATA_FIFO_R,
251 bytes2read, &buf[size]);
252 if (rc < 0) {
253 dev_err(chip->dev,
254 "%s() fail on i2c_nuvoton_read_buf()=%d\n",
255 __func__, rc);
256 return -EIO;
257 }
258 dev_dbg(chip->dev, "%s(%d):", __func__, bytes2read);
259 size += bytes2read;
260 }
261
262 return size;
263}
264
265/* Read TPM command results */
266static int i2c_nuvoton_recv(struct tpm_chip *chip, u8 *buf, size_t count)
267{
268 struct device *dev = chip->dev;
269 struct i2c_client *client = to_i2c_client(dev);
270 s32 rc;
271 int expected, status, burst_count, retries, size = 0;
272
273 if (count < TPM_HEADER_SIZE) {
274 i2c_nuvoton_ready(chip); /* return to idle */
275 dev_err(dev, "%s() count < header size\n", __func__);
276 return -EIO;
277 }
278 for (retries = 0; retries < TPM_RETRY; retries++) {
279 if (retries > 0) {
280 /* if this is not the first trial, set responseRetry */
281 i2c_nuvoton_write_status(client,
282 TPM_STS_RESPONSE_RETRY);
283 }
284 /*
285 * read first available (> 10 bytes), including:
286 * tag, paramsize, and result
287 */
288 status = i2c_nuvoton_wait_for_data_avail(
289 chip, chip->vendor.timeout_c, &chip->vendor.read_queue);
290 if (status != 0) {
291 dev_err(dev, "%s() timeout on dataAvail\n", __func__);
292 size = -ETIMEDOUT;
293 continue;
294 }
295 burst_count = i2c_nuvoton_get_burstcount(client, chip);
296 if (burst_count < 0) {
297 dev_err(dev, "%s() fail to get burstCount\n", __func__);
298 size = -EIO;
299 continue;
300 }
301 size = i2c_nuvoton_recv_data(client, chip, buf,
302 burst_count);
303 if (size < TPM_HEADER_SIZE) {
304 dev_err(dev, "%s() fail to read header\n", __func__);
305 size = -EIO;
306 continue;
307 }
308 /*
309 * convert number of expected bytes field from big endian 32 bit
310 * to machine native
311 */
312 expected = be32_to_cpu(*(__be32 *) (buf + 2));
313 if (expected > count) {
314 dev_err(dev, "%s() expected > count\n", __func__);
315 size = -EIO;
316 continue;
317 }
318 rc = i2c_nuvoton_recv_data(client, chip, &buf[size],
319 expected - size);
320 size += rc;
321 if (rc < 0 || size < expected) {
322 dev_err(dev, "%s() fail to read remainder of result\n",
323 __func__);
324 size = -EIO;
325 continue;
326 }
327 if (i2c_nuvoton_wait_for_stat(
328 chip, TPM_STS_VALID | TPM_STS_DATA_AVAIL,
329 TPM_STS_VALID, chip->vendor.timeout_c,
330 NULL)) {
331 dev_err(dev, "%s() error left over data\n", __func__);
332 size = -ETIMEDOUT;
333 continue;
334 }
335 break;
336 }
337 i2c_nuvoton_ready(chip);
338 dev_dbg(chip->dev, "%s() -> %d\n", __func__, size);
339 return size;
340}
341
342/*
343 * Send TPM command.
344 *
345 * If interrupts are used (signaled by an irq set in the vendor structure)
346 * tpm.c can skip polling for the data to be available as the interrupt is
347 * waited for here
348 */
349static int i2c_nuvoton_send(struct tpm_chip *chip, u8 *buf, size_t len)
350{
351 struct device *dev = chip->dev;
352 struct i2c_client *client = to_i2c_client(dev);
353 u32 ordinal;
354 size_t count = 0;
355 int burst_count, bytes2write, retries, rc = -EIO;
356
357 for (retries = 0; retries < TPM_RETRY; retries++) {
358 i2c_nuvoton_ready(chip);
359 if (i2c_nuvoton_wait_for_stat(chip, TPM_STS_COMMAND_READY,
360 TPM_STS_COMMAND_READY,
361 chip->vendor.timeout_b, NULL)) {
362 dev_err(dev, "%s() timeout on commandReady\n",
363 __func__);
364 rc = -EIO;
365 continue;
366 }
367 rc = 0;
368 while (count < len - 1) {
369 burst_count = i2c_nuvoton_get_burstcount(client,
370 chip);
371 if (burst_count < 0) {
372 dev_err(dev, "%s() fail get burstCount\n",
373 __func__);
374 rc = -EIO;
375 break;
376 }
377 bytes2write = min_t(size_t, burst_count,
378 len - 1 - count);
379 rc = i2c_nuvoton_write_buf(client, TPM_DATA_FIFO_W,
380 bytes2write, &buf[count]);
381 if (rc < 0) {
382 dev_err(dev, "%s() fail i2cWriteBuf\n",
383 __func__);
384 break;
385 }
386 dev_dbg(dev, "%s(%d):", __func__, bytes2write);
387 count += bytes2write;
388 rc = i2c_nuvoton_wait_for_stat(chip,
389 TPM_STS_VALID |
390 TPM_STS_EXPECT,
391 TPM_STS_VALID |
392 TPM_STS_EXPECT,
393 chip->vendor.timeout_c,
394 NULL);
395 if (rc < 0) {
396 dev_err(dev, "%s() timeout on Expect\n",
397 __func__);
398 rc = -ETIMEDOUT;
399 break;
400 }
401 }
402 if (rc < 0)
403 continue;
404
405 /* write last byte */
406 rc = i2c_nuvoton_write_buf(client, TPM_DATA_FIFO_W, 1,
407 &buf[count]);
408 if (rc < 0) {
409 dev_err(dev, "%s() fail to write last byte\n",
410 __func__);
411 rc = -EIO;
412 continue;
413 }
414 dev_dbg(dev, "%s(last): %02x", __func__, buf[count]);
415 rc = i2c_nuvoton_wait_for_stat(chip,
416 TPM_STS_VALID | TPM_STS_EXPECT,
417 TPM_STS_VALID,
418 chip->vendor.timeout_c, NULL);
419 if (rc) {
420 dev_err(dev, "%s() timeout on Expect to clear\n",
421 __func__);
422 rc = -ETIMEDOUT;
423 continue;
424 }
425 break;
426 }
427 if (rc < 0) {
428 /* retries == TPM_RETRY */
429 i2c_nuvoton_ready(chip);
430 return rc;
431 }
432 /* execute the TPM command */
433 rc = i2c_nuvoton_write_status(client, TPM_STS_GO);
434 if (rc < 0) {
435 dev_err(dev, "%s() fail to write Go\n", __func__);
436 i2c_nuvoton_ready(chip);
437 return rc;
438 }
439 ordinal = be32_to_cpu(*((__be32 *) (buf + 6)));
440 rc = i2c_nuvoton_wait_for_data_avail(chip,
441 tpm_calc_ordinal_duration(chip,
442 ordinal),
443 &chip->vendor.read_queue);
444 if (rc) {
445 dev_err(dev, "%s() timeout command duration\n", __func__);
446 i2c_nuvoton_ready(chip);
447 return rc;
448 }
449
450 dev_dbg(dev, "%s() -> %zd\n", __func__, len);
451 return len;
452}
453
454static bool i2c_nuvoton_req_canceled(struct tpm_chip *chip, u8 status)
455{
456 return (status == TPM_STS_COMMAND_READY);
457}
458
459static const struct file_operations i2c_nuvoton_ops = {
460 .owner = THIS_MODULE,
461 .llseek = no_llseek,
462 .open = tpm_open,
463 .read = tpm_read,
464 .write = tpm_write,
465 .release = tpm_release,
466};
467
468static DEVICE_ATTR(pubek, S_IRUGO, tpm_show_pubek, NULL);
469static DEVICE_ATTR(pcrs, S_IRUGO, tpm_show_pcrs, NULL);
470static DEVICE_ATTR(enabled, S_IRUGO, tpm_show_enabled, NULL);
471static DEVICE_ATTR(active, S_IRUGO, tpm_show_active, NULL);
472static DEVICE_ATTR(owned, S_IRUGO, tpm_show_owned, NULL);
473static DEVICE_ATTR(temp_deactivated, S_IRUGO, tpm_show_temp_deactivated, NULL);
474static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps, NULL);
475static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel);
476static DEVICE_ATTR(durations, S_IRUGO, tpm_show_durations, NULL);
477static DEVICE_ATTR(timeouts, S_IRUGO, tpm_show_timeouts, NULL);
478
479static struct attribute *i2c_nuvoton_attrs[] = {
480 &dev_attr_pubek.attr,
481 &dev_attr_pcrs.attr,
482 &dev_attr_enabled.attr,
483 &dev_attr_active.attr,
484 &dev_attr_owned.attr,
485 &dev_attr_temp_deactivated.attr,
486 &dev_attr_caps.attr,
487 &dev_attr_cancel.attr,
488 &dev_attr_durations.attr,
489 &dev_attr_timeouts.attr,
490 NULL,
491};
492
493static struct attribute_group i2c_nuvoton_attr_grp = {
494 .attrs = i2c_nuvoton_attrs
495};
496
497static const struct tpm_vendor_specific tpm_i2c = {
498 .status = i2c_nuvoton_read_status,
499 .recv = i2c_nuvoton_recv,
500 .send = i2c_nuvoton_send,
501 .cancel = i2c_nuvoton_ready,
502 .req_complete_mask = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
503 .req_complete_val = TPM_STS_DATA_AVAIL | TPM_STS_VALID,
504 .req_canceled = i2c_nuvoton_req_canceled,
505 .attr_group = &i2c_nuvoton_attr_grp,
506 .miscdev.fops = &i2c_nuvoton_ops,
507};
508
509/* The only purpose for the handler is to signal to any waiting threads that
510 * the interrupt is currently being asserted. The driver does not do any
511 * processing triggered by interrupts, and the chip provides no way to mask at
512 * the source (plus that would be slow over I2C). Run the IRQ as a one-shot,
513 * this means it cannot be shared. */
514static irqreturn_t i2c_nuvoton_int_handler(int dummy, void *dev_id)
515{
516 struct tpm_chip *chip = dev_id;
517 struct priv_data *priv = chip->vendor.priv;
518
519 priv->intrs++;
520 wake_up(&chip->vendor.read_queue);
521 disable_irq_nosync(chip->vendor.irq);
522 return IRQ_HANDLED;
523}
524
525static int get_vid(struct i2c_client *client, u32 *res)
526{
527 static const u8 vid_did_rid_value[] = { 0x50, 0x10, 0xfe };
528 u32 temp;
529 s32 rc;
530
531 if (!i2c_check_functionality(client->adapter, I2C_FUNC_SMBUS_BYTE_DATA))
532 return -ENODEV;
533 rc = i2c_nuvoton_read_buf(client, TPM_VID_DID_RID, 4, (u8 *)&temp);
534 if (rc < 0)
535 return rc;
536
537 /* check WPCT301 values - ignore RID */
538 if (memcmp(&temp, vid_did_rid_value, sizeof(vid_did_rid_value))) {
539 /*
540 * f/w rev 2.81 has an issue where the VID_DID_RID is not
541 * reporting the right value. so give it another chance at
542 * offset 0x20 (FIFO_W).
543 */
544 rc = i2c_nuvoton_read_buf(client, TPM_DATA_FIFO_W, 4,
545 (u8 *) (&temp));
546 if (rc < 0)
547 return rc;
548
549 /* check WPCT301 values - ignore RID */
550 if (memcmp(&temp, vid_did_rid_value,
551 sizeof(vid_did_rid_value)))
552 return -ENODEV;
553 }
554
555 *res = temp;
556 return 0;
557}
558
559static int i2c_nuvoton_probe(struct i2c_client *client,
560 const struct i2c_device_id *id)
561{
562 int rc;
563 struct tpm_chip *chip;
564 struct device *dev = &client->dev;
565 u32 vid = 0;
566
567 rc = get_vid(client, &vid);
568 if (rc)
569 return rc;
570
571 dev_info(dev, "VID: %04X DID: %02X RID: %02X\n", (u16) vid,
572 (u8) (vid >> 16), (u8) (vid >> 24));
573
574 chip = tpm_register_hardware(dev, &tpm_i2c);
575 if (!chip) {
576 dev_err(dev, "%s() error in tpm_register_hardware\n", __func__);
577 return -ENODEV;
578 }
579
580 chip->vendor.priv = devm_kzalloc(dev, sizeof(struct priv_data),
581 GFP_KERNEL);
582 init_waitqueue_head(&chip->vendor.read_queue);
583 init_waitqueue_head(&chip->vendor.int_queue);
584
585 /* Default timeouts */
586 chip->vendor.timeout_a = msecs_to_jiffies(TPM_I2C_SHORT_TIMEOUT);
587 chip->vendor.timeout_b = msecs_to_jiffies(TPM_I2C_LONG_TIMEOUT);
588 chip->vendor.timeout_c = msecs_to_jiffies(TPM_I2C_SHORT_TIMEOUT);
589 chip->vendor.timeout_d = msecs_to_jiffies(TPM_I2C_SHORT_TIMEOUT);
590
591 /*
592 * I2C intfcaps (interrupt capabilitieis) in the chip are hard coded to:
593 * TPM_INTF_INT_LEVEL_LOW | TPM_INTF_DATA_AVAIL_INT
594 * The IRQ should be set in the i2c_board_info (which is done
595 * automatically in of_i2c_register_devices, for device tree users */
596 chip->vendor.irq = client->irq;
597
598 if (chip->vendor.irq) {
599 dev_dbg(dev, "%s() chip-vendor.irq\n", __func__);
600 rc = devm_request_irq(dev, chip->vendor.irq,
601 i2c_nuvoton_int_handler,
602 IRQF_TRIGGER_LOW,
603 chip->vendor.miscdev.name,
604 chip);
605 if (rc) {
606 dev_err(dev, "%s() Unable to request irq: %d for use\n",
607 __func__, chip->vendor.irq);
608 chip->vendor.irq = 0;
609 } else {
610 /* Clear any pending interrupt */
611 i2c_nuvoton_ready(chip);
612 /* - wait for TPM_STS==0xA0 (stsValid, commandReady) */
613 rc = i2c_nuvoton_wait_for_stat(chip,
614 TPM_STS_COMMAND_READY,
615 TPM_STS_COMMAND_READY,
616 chip->vendor.timeout_b,
617 NULL);
618 if (rc == 0) {
619 /*
620 * TIS is in ready state
621 * write dummy byte to enter reception state
622 * TPM_DATA_FIFO_W <- rc (0)
623 */
624 rc = i2c_nuvoton_write_buf(client,
625 TPM_DATA_FIFO_W,
626 1, (u8 *) (&rc));
627 if (rc < 0)
628 goto out_err;
629 /* TPM_STS <- 0x40 (commandReady) */
630 i2c_nuvoton_ready(chip);
631 } else {
632 /*
633 * timeout_b reached - command was
634 * aborted. TIS should now be in idle state -
635 * only TPM_STS_VALID should be set
636 */
637 if (i2c_nuvoton_read_status(chip) !=
638 TPM_STS_VALID) {
639 rc = -EIO;
640 goto out_err;
641 }
642 }
643 }
644 }
645
646 if (tpm_get_timeouts(chip)) {
647 rc = -ENODEV;
648 goto out_err;
649 }
650
651 if (tpm_do_selftest(chip)) {
652 rc = -ENODEV;
653 goto out_err;
654 }
655
656 return 0;
657
658out_err:
659 tpm_dev_vendor_release(chip);
660 tpm_remove_hardware(chip->dev);
661 return rc;
662}
663
664static int i2c_nuvoton_remove(struct i2c_client *client)
665{
666 struct device *dev = &(client->dev);
667 struct tpm_chip *chip = dev_get_drvdata(dev);
668
669 if (chip)
670 tpm_dev_vendor_release(chip);
671 tpm_remove_hardware(dev);
672 kfree(chip);
673 return 0;
674}
675
676
677static const struct i2c_device_id i2c_nuvoton_id[] = {
678 {I2C_DRIVER_NAME, 0},
679 {}
680};
681MODULE_DEVICE_TABLE(i2c, i2c_nuvoton_id);
682
683#ifdef CONFIG_OF
684static const struct of_device_id i2c_nuvoton_of_match[] = {
685 {.compatible = "nuvoton,npct501"},
686 {.compatible = "winbond,wpct301"},
687 {},
688};
689MODULE_DEVICE_TABLE(of, i2c_nuvoton_of_match);
690#endif
691
692static SIMPLE_DEV_PM_OPS(i2c_nuvoton_pm_ops, tpm_pm_suspend, tpm_pm_resume);
693
694static struct i2c_driver i2c_nuvoton_driver = {
695 .id_table = i2c_nuvoton_id,
696 .probe = i2c_nuvoton_probe,
697 .remove = i2c_nuvoton_remove,
698 .driver = {
699 .name = I2C_DRIVER_NAME,
700 .owner = THIS_MODULE,
701 .pm = &i2c_nuvoton_pm_ops,
702 .of_match_table = of_match_ptr(i2c_nuvoton_of_match),
703 },
704};
705
706module_i2c_driver(i2c_nuvoton_driver);
707
708MODULE_AUTHOR("Dan Morav (dan.morav@nuvoton.com)");
709MODULE_DESCRIPTION("Nuvoton TPM I2C Driver");
710MODULE_LICENSE("GPL");
diff --git a/drivers/char/tpm/tpm_i2c_stm_st33.c b/drivers/char/tpm/tpm_i2c_stm_st33.c
index 5bb8e2ddd3b3..a0d6ceb5d005 100644
--- a/drivers/char/tpm/tpm_i2c_stm_st33.c
+++ b/drivers/char/tpm/tpm_i2c_stm_st33.c
@@ -584,7 +584,7 @@ static DEVICE_ATTR(enabled, S_IRUGO, tpm_show_enabled, NULL);
584static DEVICE_ATTR(active, S_IRUGO, tpm_show_active, NULL); 584static DEVICE_ATTR(active, S_IRUGO, tpm_show_active, NULL);
585static DEVICE_ATTR(owned, S_IRUGO, tpm_show_owned, NULL); 585static DEVICE_ATTR(owned, S_IRUGO, tpm_show_owned, NULL);
586static DEVICE_ATTR(temp_deactivated, S_IRUGO, tpm_show_temp_deactivated, NULL); 586static DEVICE_ATTR(temp_deactivated, S_IRUGO, tpm_show_temp_deactivated, NULL);
587static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps_1_2, NULL); 587static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps, NULL);
588static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel); 588static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel);
589 589
590static struct attribute *stm_tpm_attrs[] = { 590static struct attribute *stm_tpm_attrs[] = {
@@ -746,8 +746,6 @@ tpm_st33_i2c_probe(struct i2c_client *client, const struct i2c_device_id *id)
746 746
747 tpm_get_timeouts(chip); 747 tpm_get_timeouts(chip);
748 748
749 i2c_set_clientdata(client, chip);
750
751 dev_info(chip->dev, "TPM I2C Initialized\n"); 749 dev_info(chip->dev, "TPM I2C Initialized\n");
752 return 0; 750 return 0;
753_irq_set: 751_irq_set:
@@ -807,24 +805,18 @@ static int tpm_st33_i2c_remove(struct i2c_client *client)
807#ifdef CONFIG_PM_SLEEP 805#ifdef CONFIG_PM_SLEEP
808/* 806/*
809 * tpm_st33_i2c_pm_suspend suspend the TPM device 807 * tpm_st33_i2c_pm_suspend suspend the TPM device
810 * Added: Work around when suspend and no tpm application is running, suspend
811 * may fail because chip->data_buffer is not set (only set in tpm_open in Linux
812 * TPM core)
813 * @param: client, the i2c_client drescription (TPM I2C description). 808 * @param: client, the i2c_client drescription (TPM I2C description).
814 * @param: mesg, the power management message. 809 * @param: mesg, the power management message.
815 * @return: 0 in case of success. 810 * @return: 0 in case of success.
816 */ 811 */
817static int tpm_st33_i2c_pm_suspend(struct device *dev) 812static int tpm_st33_i2c_pm_suspend(struct device *dev)
818{ 813{
819 struct tpm_chip *chip = dev_get_drvdata(dev);
820 struct st33zp24_platform_data *pin_infos = dev->platform_data; 814 struct st33zp24_platform_data *pin_infos = dev->platform_data;
821 int ret = 0; 815 int ret = 0;
822 816
823 if (power_mgt) { 817 if (power_mgt) {
824 gpio_set_value(pin_infos->io_lpcpd, 0); 818 gpio_set_value(pin_infos->io_lpcpd, 0);
825 } else { 819 } else {
826 if (chip->data_buffer == NULL)
827 chip->data_buffer = pin_infos->tpm_i2c_buffer[0];
828 ret = tpm_pm_suspend(dev); 820 ret = tpm_pm_suspend(dev);
829 } 821 }
830 return ret; 822 return ret;
@@ -849,8 +841,6 @@ static int tpm_st33_i2c_pm_resume(struct device *dev)
849 TPM_STS_VALID) == TPM_STS_VALID, 841 TPM_STS_VALID) == TPM_STS_VALID,
850 chip->vendor.timeout_b); 842 chip->vendor.timeout_b);
851 } else { 843 } else {
852 if (chip->data_buffer == NULL)
853 chip->data_buffer = pin_infos->tpm_i2c_buffer[0];
854 ret = tpm_pm_resume(dev); 844 ret = tpm_pm_resume(dev);
855 if (!ret) 845 if (!ret)
856 tpm_do_selftest(chip); 846 tpm_do_selftest(chip);
diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c
index 56b07c35a13e..2783a42aa732 100644
--- a/drivers/char/tpm/tpm_ibmvtpm.c
+++ b/drivers/char/tpm/tpm_ibmvtpm.c
@@ -98,7 +98,7 @@ static int tpm_ibmvtpm_recv(struct tpm_chip *chip, u8 *buf, size_t count)
98 98
99 if (count < len) { 99 if (count < len) {
100 dev_err(ibmvtpm->dev, 100 dev_err(ibmvtpm->dev,
101 "Invalid size in recv: count=%ld, crq_size=%d\n", 101 "Invalid size in recv: count=%zd, crq_size=%d\n",
102 count, len); 102 count, len);
103 return -EIO; 103 return -EIO;
104 } 104 }
@@ -136,7 +136,7 @@ static int tpm_ibmvtpm_send(struct tpm_chip *chip, u8 *buf, size_t count)
136 136
137 if (count > ibmvtpm->rtce_size) { 137 if (count > ibmvtpm->rtce_size) {
138 dev_err(ibmvtpm->dev, 138 dev_err(ibmvtpm->dev,
139 "Invalid size in send: count=%ld, rtce_size=%d\n", 139 "Invalid size in send: count=%zd, rtce_size=%d\n",
140 count, ibmvtpm->rtce_size); 140 count, ibmvtpm->rtce_size);
141 return -EIO; 141 return -EIO;
142 } 142 }
@@ -419,7 +419,7 @@ static DEVICE_ATTR(active, S_IRUGO, tpm_show_active, NULL);
419static DEVICE_ATTR(owned, S_IRUGO, tpm_show_owned, NULL); 419static DEVICE_ATTR(owned, S_IRUGO, tpm_show_owned, NULL);
420static DEVICE_ATTR(temp_deactivated, S_IRUGO, tpm_show_temp_deactivated, 420static DEVICE_ATTR(temp_deactivated, S_IRUGO, tpm_show_temp_deactivated,
421 NULL); 421 NULL);
422static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps_1_2, NULL); 422static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps, NULL);
423static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel); 423static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel);
424static DEVICE_ATTR(durations, S_IRUGO, tpm_show_durations, NULL); 424static DEVICE_ATTR(durations, S_IRUGO, tpm_show_durations, NULL);
425static DEVICE_ATTR(timeouts, S_IRUGO, tpm_show_timeouts, NULL); 425static DEVICE_ATTR(timeouts, S_IRUGO, tpm_show_timeouts, NULL);
diff --git a/drivers/char/tpm/tpm_ppi.c b/drivers/char/tpm/tpm_ppi.c
index 2168d15bc728..8e562dc65601 100644
--- a/drivers/char/tpm/tpm_ppi.c
+++ b/drivers/char/tpm/tpm_ppi.c
@@ -452,12 +452,8 @@ int tpm_add_ppi(struct kobject *parent)
452{ 452{
453 return sysfs_create_group(parent, &ppi_attr_grp); 453 return sysfs_create_group(parent, &ppi_attr_grp);
454} 454}
455EXPORT_SYMBOL_GPL(tpm_add_ppi);
456 455
457void tpm_remove_ppi(struct kobject *parent) 456void tpm_remove_ppi(struct kobject *parent)
458{ 457{
459 sysfs_remove_group(parent, &ppi_attr_grp); 458 sysfs_remove_group(parent, &ppi_attr_grp);
460} 459}
461EXPORT_SYMBOL_GPL(tpm_remove_ppi);
462
463MODULE_LICENSE("GPL");
diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
index 5796d0157ce0..1b74459c0723 100644
--- a/drivers/char/tpm/tpm_tis.c
+++ b/drivers/char/tpm/tpm_tis.c
@@ -448,7 +448,7 @@ static DEVICE_ATTR(active, S_IRUGO, tpm_show_active, NULL);
448static DEVICE_ATTR(owned, S_IRUGO, tpm_show_owned, NULL); 448static DEVICE_ATTR(owned, S_IRUGO, tpm_show_owned, NULL);
449static DEVICE_ATTR(temp_deactivated, S_IRUGO, tpm_show_temp_deactivated, 449static DEVICE_ATTR(temp_deactivated, S_IRUGO, tpm_show_temp_deactivated,
450 NULL); 450 NULL);
451static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps_1_2, NULL); 451static DEVICE_ATTR(caps, S_IRUGO, tpm_show_caps, NULL);
452static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel); 452static DEVICE_ATTR(cancel, S_IWUSR | S_IWGRP, NULL, tpm_store_cancel);
453static DEVICE_ATTR(durations, S_IRUGO, tpm_show_durations, NULL); 453static DEVICE_ATTR(durations, S_IRUGO, tpm_show_durations, NULL);
454static DEVICE_ATTR(timeouts, S_IRUGO, tpm_show_timeouts, NULL); 454static DEVICE_ATTR(timeouts, S_IRUGO, tpm_show_timeouts, NULL);
diff --git a/drivers/char/tpm/xen-tpmfront.c b/drivers/char/tpm/xen-tpmfront.c
index 94c280d36e8b..c8ff4df81779 100644
--- a/drivers/char/tpm/xen-tpmfront.c
+++ b/drivers/char/tpm/xen-tpmfront.c
@@ -351,8 +351,6 @@ static int tpmfront_probe(struct xenbus_device *dev,
351 351
352 tpm_get_timeouts(priv->chip); 352 tpm_get_timeouts(priv->chip);
353 353
354 dev_set_drvdata(&dev->dev, priv->chip);
355
356 return rv; 354 return rv;
357} 355}
358 356
diff --git a/include/crypto/hash_info.h b/include/crypto/hash_info.h
new file mode 100644
index 000000000000..e1e5a3e5dd1b
--- /dev/null
+++ b/include/crypto/hash_info.h
@@ -0,0 +1,40 @@
1/*
2 * Hash Info: Hash algorithms information
3 *
4 * Copyright (c) 2013 Dmitry Kasatkin <d.kasatkin@samsung.com>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
9 * any later version.
10 *
11 */
12
13#ifndef _CRYPTO_HASH_INFO_H
14#define _CRYPTO_HASH_INFO_H
15
16#include <crypto/sha.h>
17#include <crypto/md5.h>
18
19#include <uapi/linux/hash_info.h>
20
21/* not defined in include/crypto/ */
22#define RMD128_DIGEST_SIZE 16
23#define RMD160_DIGEST_SIZE 20
24#define RMD256_DIGEST_SIZE 32
25#define RMD320_DIGEST_SIZE 40
26
27/* not defined in include/crypto/ */
28#define WP512_DIGEST_SIZE 64
29#define WP384_DIGEST_SIZE 48
30#define WP256_DIGEST_SIZE 32
31
32/* not defined in include/crypto/ */
33#define TGR128_DIGEST_SIZE 16
34#define TGR160_DIGEST_SIZE 20
35#define TGR192_DIGEST_SIZE 24
36
37extern const char *const hash_algo_name[HASH_ALGO__LAST];
38extern const int hash_digest_size[HASH_ALGO__LAST];
39
40#endif /* _CRYPTO_HASH_INFO_H */
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index f5b0224c9967..fc09732613ad 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -15,6 +15,7 @@
15#define _LINUX_PUBLIC_KEY_H 15#define _LINUX_PUBLIC_KEY_H
16 16
17#include <linux/mpi.h> 17#include <linux/mpi.h>
18#include <crypto/hash_info.h>
18 19
19enum pkey_algo { 20enum pkey_algo {
20 PKEY_ALGO_DSA, 21 PKEY_ALGO_DSA,
@@ -22,21 +23,11 @@ enum pkey_algo {
22 PKEY_ALGO__LAST 23 PKEY_ALGO__LAST
23}; 24};
24 25
25extern const char *const pkey_algo[PKEY_ALGO__LAST]; 26extern const char *const pkey_algo_name[PKEY_ALGO__LAST];
27extern const struct public_key_algorithm *pkey_algo[PKEY_ALGO__LAST];
26 28
27enum pkey_hash_algo { 29/* asymmetric key implementation supports only up to SHA224 */
28 PKEY_HASH_MD4, 30#define PKEY_HASH__LAST (HASH_ALGO_SHA224 + 1)
29 PKEY_HASH_MD5,
30 PKEY_HASH_SHA1,
31 PKEY_HASH_RIPE_MD_160,
32 PKEY_HASH_SHA256,
33 PKEY_HASH_SHA384,
34 PKEY_HASH_SHA512,
35 PKEY_HASH_SHA224,
36 PKEY_HASH__LAST
37};
38
39extern const char *const pkey_hash_algo[PKEY_HASH__LAST];
40 31
41enum pkey_id_type { 32enum pkey_id_type {
42 PKEY_ID_PGP, /* OpenPGP generated key ID */ 33 PKEY_ID_PGP, /* OpenPGP generated key ID */
@@ -44,7 +35,7 @@ enum pkey_id_type {
44 PKEY_ID_TYPE__LAST 35 PKEY_ID_TYPE__LAST
45}; 36};
46 37
47extern const char *const pkey_id_type[PKEY_ID_TYPE__LAST]; 38extern const char *const pkey_id_type_name[PKEY_ID_TYPE__LAST];
48 39
49/* 40/*
50 * Cryptographic data for the public-key subtype of the asymmetric key type. 41 * Cryptographic data for the public-key subtype of the asymmetric key type.
@@ -59,6 +50,7 @@ struct public_key {
59#define PKEY_CAN_DECRYPT 0x02 50#define PKEY_CAN_DECRYPT 0x02
60#define PKEY_CAN_SIGN 0x04 51#define PKEY_CAN_SIGN 0x04
61#define PKEY_CAN_VERIFY 0x08 52#define PKEY_CAN_VERIFY 0x08
53 enum pkey_algo pkey_algo : 8;
62 enum pkey_id_type id_type : 8; 54 enum pkey_id_type id_type : 8;
63 union { 55 union {
64 MPI mpi[5]; 56 MPI mpi[5];
@@ -88,7 +80,8 @@ struct public_key_signature {
88 u8 *digest; 80 u8 *digest;
89 u8 digest_size; /* Number of bytes in digest */ 81 u8 digest_size; /* Number of bytes in digest */
90 u8 nr_mpi; /* Occupancy of mpi[] */ 82 u8 nr_mpi; /* Occupancy of mpi[] */
91 enum pkey_hash_algo pkey_hash_algo : 8; 83 enum pkey_algo pkey_algo : 8;
84 enum hash_algo pkey_hash_algo : 8;
92 union { 85 union {
93 MPI mpi[2]; 86 MPI mpi[2];
94 struct { 87 struct {
diff --git a/include/keys/big_key-type.h b/include/keys/big_key-type.h
new file mode 100644
index 000000000000..d69bc8af3292
--- /dev/null
+++ b/include/keys/big_key-type.h
@@ -0,0 +1,25 @@
1/* Big capacity key type.
2 *
3 * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#ifndef _KEYS_BIG_KEY_TYPE_H
13#define _KEYS_BIG_KEY_TYPE_H
14
15#include <linux/key-type.h>
16
17extern struct key_type key_type_big_key;
18
19extern int big_key_instantiate(struct key *key, struct key_preparsed_payload *prep);
20extern void big_key_revoke(struct key *key);
21extern void big_key_destroy(struct key *key);
22extern void big_key_describe(const struct key *big_key, struct seq_file *m);
23extern long big_key_read(const struct key *key, char __user *buffer, size_t buflen);
24
25#endif /* _KEYS_BIG_KEY_TYPE_H */
diff --git a/include/keys/keyring-type.h b/include/keys/keyring-type.h
index cf49159b0e3a..fca5c62340a4 100644
--- a/include/keys/keyring-type.h
+++ b/include/keys/keyring-type.h
@@ -1,6 +1,6 @@
1/* Keyring key type 1/* Keyring key type
2 * 2 *
3 * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2008, 2013 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
5 * 5 *
6 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -13,19 +13,6 @@
13#define _KEYS_KEYRING_TYPE_H 13#define _KEYS_KEYRING_TYPE_H
14 14
15#include <linux/key.h> 15#include <linux/key.h>
16#include <linux/rcupdate.h> 16#include <linux/assoc_array.h>
17
18/*
19 * the keyring payload contains a list of the keys to which the keyring is
20 * subscribed
21 */
22struct keyring_list {
23 struct rcu_head rcu; /* RCU deletion hook */
24 unsigned short maxkeys; /* max keys this list can hold */
25 unsigned short nkeys; /* number of keys currently held */
26 unsigned short delkey; /* key to be unlinked by RCU */
27 struct key __rcu *keys[0];
28};
29
30 17
31#endif /* _KEYS_KEYRING_TYPE_H */ 18#endif /* _KEYS_KEYRING_TYPE_H */
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
new file mode 100644
index 000000000000..8dabc399bd1d
--- /dev/null
+++ b/include/keys/system_keyring.h
@@ -0,0 +1,23 @@
1/* System keyring containing trusted public keys.
2 *
3 * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#ifndef _KEYS_SYSTEM_KEYRING_H
13#define _KEYS_SYSTEM_KEYRING_H
14
15#ifdef CONFIG_SYSTEM_TRUSTED_KEYRING
16
17#include <linux/key.h>
18
19extern struct key *system_trusted_keyring;
20
21#endif
22
23#endif /* _KEYS_SYSTEM_KEYRING_H */
diff --git a/include/linux/assoc_array.h b/include/linux/assoc_array.h
new file mode 100644
index 000000000000..9a193b84238a
--- /dev/null
+++ b/include/linux/assoc_array.h
@@ -0,0 +1,92 @@
1/* Generic associative array implementation.
2 *
3 * See Documentation/assoc_array.txt for information.
4 *
5 * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
6 * Written by David Howells (dhowells@redhat.com)
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public Licence
10 * as published by the Free Software Foundation; either version
11 * 2 of the Licence, or (at your option) any later version.
12 */
13
14#ifndef _LINUX_ASSOC_ARRAY_H
15#define _LINUX_ASSOC_ARRAY_H
16
17#ifdef CONFIG_ASSOCIATIVE_ARRAY
18
19#include <linux/types.h>
20
21#define ASSOC_ARRAY_KEY_CHUNK_SIZE BITS_PER_LONG /* Key data retrieved in chunks of this size */
22
23/*
24 * Generic associative array.
25 */
26struct assoc_array {
27 struct assoc_array_ptr *root; /* The node at the root of the tree */
28 unsigned long nr_leaves_on_tree;
29};
30
31/*
32 * Operations on objects and index keys for use by array manipulation routines.
33 */
34struct assoc_array_ops {
35 /* Method to get a chunk of an index key from caller-supplied data */
36 unsigned long (*get_key_chunk)(const void *index_key, int level);
37
38 /* Method to get a piece of an object's index key */
39 unsigned long (*get_object_key_chunk)(const void *object, int level);
40
41 /* Is this the object we're looking for? */
42 bool (*compare_object)(const void *object, const void *index_key);
43
44 /* How different are two objects, to a bit position in their keys? (or
45 * -1 if they're the same)
46 */
47 int (*diff_objects)(const void *a, const void *b);
48
49 /* Method to free an object. */
50 void (*free_object)(void *object);
51};
52
53/*
54 * Access and manipulation functions.
55 */
56struct assoc_array_edit;
57
58static inline void assoc_array_init(struct assoc_array *array)
59{
60 array->root = NULL;
61 array->nr_leaves_on_tree = 0;
62}
63
64extern int assoc_array_iterate(const struct assoc_array *array,
65 int (*iterator)(const void *object,
66 void *iterator_data),
67 void *iterator_data);
68extern void *assoc_array_find(const struct assoc_array *array,
69 const struct assoc_array_ops *ops,
70 const void *index_key);
71extern void assoc_array_destroy(struct assoc_array *array,
72 const struct assoc_array_ops *ops);
73extern struct assoc_array_edit *assoc_array_insert(struct assoc_array *array,
74 const struct assoc_array_ops *ops,
75 const void *index_key,
76 void *object);
77extern void assoc_array_insert_set_object(struct assoc_array_edit *edit,
78 void *object);
79extern struct assoc_array_edit *assoc_array_delete(struct assoc_array *array,
80 const struct assoc_array_ops *ops,
81 const void *index_key);
82extern struct assoc_array_edit *assoc_array_clear(struct assoc_array *array,
83 const struct assoc_array_ops *ops);
84extern void assoc_array_apply_edit(struct assoc_array_edit *edit);
85extern void assoc_array_cancel_edit(struct assoc_array_edit *edit);
86extern int assoc_array_gc(struct assoc_array *array,
87 const struct assoc_array_ops *ops,
88 bool (*iterator)(void *object, void *iterator_data),
89 void *iterator_data);
90
91#endif /* CONFIG_ASSOCIATIVE_ARRAY */
92#endif /* _LINUX_ASSOC_ARRAY_H */
diff --git a/include/linux/assoc_array_priv.h b/include/linux/assoc_array_priv.h
new file mode 100644
index 000000000000..711275e6681c
--- /dev/null
+++ b/include/linux/assoc_array_priv.h
@@ -0,0 +1,182 @@
1/* Private definitions for the generic associative array implementation.
2 *
3 * See Documentation/assoc_array.txt for information.
4 *
5 * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
6 * Written by David Howells (dhowells@redhat.com)
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public Licence
10 * as published by the Free Software Foundation; either version
11 * 2 of the Licence, or (at your option) any later version.
12 */
13
14#ifndef _LINUX_ASSOC_ARRAY_PRIV_H
15#define _LINUX_ASSOC_ARRAY_PRIV_H
16
17#ifdef CONFIG_ASSOCIATIVE_ARRAY
18
19#include <linux/assoc_array.h>
20
21#define ASSOC_ARRAY_FAN_OUT 16 /* Number of slots per node */
22#define ASSOC_ARRAY_FAN_MASK (ASSOC_ARRAY_FAN_OUT - 1)
23#define ASSOC_ARRAY_LEVEL_STEP (ilog2(ASSOC_ARRAY_FAN_OUT))
24#define ASSOC_ARRAY_LEVEL_STEP_MASK (ASSOC_ARRAY_LEVEL_STEP - 1)
25#define ASSOC_ARRAY_KEY_CHUNK_MASK (ASSOC_ARRAY_KEY_CHUNK_SIZE - 1)
26#define ASSOC_ARRAY_KEY_CHUNK_SHIFT (ilog2(BITS_PER_LONG))
27
28/*
29 * Undefined type representing a pointer with type information in the bottom
30 * two bits.
31 */
32struct assoc_array_ptr;
33
34/*
35 * An N-way node in the tree.
36 *
37 * Each slot contains one of four things:
38 *
39 * (1) Nothing (NULL).
40 *
41 * (2) A leaf object (pointer types 0).
42 *
43 * (3) A next-level node (pointer type 1, subtype 0).
44 *
45 * (4) A shortcut (pointer type 1, subtype 1).
46 *
47 * The tree is optimised for search-by-ID, but permits reasonable iteration
48 * also.
49 *
50 * The tree is navigated by constructing an index key consisting of an array of
51 * segments, where each segment is ilog2(ASSOC_ARRAY_FAN_OUT) bits in size.
52 *
53 * The segments correspond to levels of the tree (the first segment is used at
54 * level 0, the second at level 1, etc.).
55 */
56struct assoc_array_node {
57 struct assoc_array_ptr *back_pointer;
58 u8 parent_slot;
59 struct assoc_array_ptr *slots[ASSOC_ARRAY_FAN_OUT];
60 unsigned long nr_leaves_on_branch;
61};
62
63/*
64 * A shortcut through the index space out to where a collection of nodes/leaves
65 * with the same IDs live.
66 */
67struct assoc_array_shortcut {
68 struct assoc_array_ptr *back_pointer;
69 int parent_slot;
70 int skip_to_level;
71 struct assoc_array_ptr *next_node;
72 unsigned long index_key[];
73};
74
75/*
76 * Preallocation cache.
77 */
78struct assoc_array_edit {
79 struct rcu_head rcu;
80 struct assoc_array *array;
81 const struct assoc_array_ops *ops;
82 const struct assoc_array_ops *ops_for_excised_subtree;
83 struct assoc_array_ptr *leaf;
84 struct assoc_array_ptr **leaf_p;
85 struct assoc_array_ptr *dead_leaf;
86 struct assoc_array_ptr *new_meta[3];
87 struct assoc_array_ptr *excised_meta[1];
88 struct assoc_array_ptr *excised_subtree;
89 struct assoc_array_ptr **set_backpointers[ASSOC_ARRAY_FAN_OUT];
90 struct assoc_array_ptr *set_backpointers_to;
91 struct assoc_array_node *adjust_count_on;
92 long adjust_count_by;
93 struct {
94 struct assoc_array_ptr **ptr;
95 struct assoc_array_ptr *to;
96 } set[2];
97 struct {
98 u8 *p;
99 u8 to;
100 } set_parent_slot[1];
101 u8 segment_cache[ASSOC_ARRAY_FAN_OUT + 1];
102};
103
104/*
105 * Internal tree member pointers are marked in the bottom one or two bits to
106 * indicate what type they are so that we don't have to look behind every
107 * pointer to see what it points to.
108 *
109 * We provide functions to test type annotations and to create and translate
110 * the annotated pointers.
111 */
112#define ASSOC_ARRAY_PTR_TYPE_MASK 0x1UL
113#define ASSOC_ARRAY_PTR_LEAF_TYPE 0x0UL /* Points to leaf (or nowhere) */
114#define ASSOC_ARRAY_PTR_META_TYPE 0x1UL /* Points to node or shortcut */
115#define ASSOC_ARRAY_PTR_SUBTYPE_MASK 0x2UL
116#define ASSOC_ARRAY_PTR_NODE_SUBTYPE 0x0UL
117#define ASSOC_ARRAY_PTR_SHORTCUT_SUBTYPE 0x2UL
118
119static inline bool assoc_array_ptr_is_meta(const struct assoc_array_ptr *x)
120{
121 return (unsigned long)x & ASSOC_ARRAY_PTR_TYPE_MASK;
122}
123static inline bool assoc_array_ptr_is_leaf(const struct assoc_array_ptr *x)
124{
125 return !assoc_array_ptr_is_meta(x);
126}
127static inline bool assoc_array_ptr_is_shortcut(const struct assoc_array_ptr *x)
128{
129 return (unsigned long)x & ASSOC_ARRAY_PTR_SUBTYPE_MASK;
130}
131static inline bool assoc_array_ptr_is_node(const struct assoc_array_ptr *x)
132{
133 return !assoc_array_ptr_is_shortcut(x);
134}
135
136static inline void *assoc_array_ptr_to_leaf(const struct assoc_array_ptr *x)
137{
138 return (void *)((unsigned long)x & ~ASSOC_ARRAY_PTR_TYPE_MASK);
139}
140
141static inline
142unsigned long __assoc_array_ptr_to_meta(const struct assoc_array_ptr *x)
143{
144 return (unsigned long)x &
145 ~(ASSOC_ARRAY_PTR_SUBTYPE_MASK | ASSOC_ARRAY_PTR_TYPE_MASK);
146}
147static inline
148struct assoc_array_node *assoc_array_ptr_to_node(const struct assoc_array_ptr *x)
149{
150 return (struct assoc_array_node *)__assoc_array_ptr_to_meta(x);
151}
152static inline
153struct assoc_array_shortcut *assoc_array_ptr_to_shortcut(const struct assoc_array_ptr *x)
154{
155 return (struct assoc_array_shortcut *)__assoc_array_ptr_to_meta(x);
156}
157
158static inline
159struct assoc_array_ptr *__assoc_array_x_to_ptr(const void *p, unsigned long t)
160{
161 return (struct assoc_array_ptr *)((unsigned long)p | t);
162}
163static inline
164struct assoc_array_ptr *assoc_array_leaf_to_ptr(const void *p)
165{
166 return __assoc_array_x_to_ptr(p, ASSOC_ARRAY_PTR_LEAF_TYPE);
167}
168static inline
169struct assoc_array_ptr *assoc_array_node_to_ptr(const struct assoc_array_node *p)
170{
171 return __assoc_array_x_to_ptr(
172 p, ASSOC_ARRAY_PTR_META_TYPE | ASSOC_ARRAY_PTR_NODE_SUBTYPE);
173}
174static inline
175struct assoc_array_ptr *assoc_array_shortcut_to_ptr(const struct assoc_array_shortcut *p)
176{
177 return __assoc_array_x_to_ptr(
178 p, ASSOC_ARRAY_PTR_META_TYPE | ASSOC_ARRAY_PTR_SHORTCUT_SUBTYPE);
179}
180
181#endif /* CONFIG_ASSOCIATIVE_ARRAY */
182#endif /* _LINUX_ASSOC_ARRAY_PRIV_H */
diff --git a/include/linux/key-type.h b/include/linux/key-type.h
index 518a53afb9ea..a74c3a84dfdd 100644
--- a/include/linux/key-type.h
+++ b/include/linux/key-type.h
@@ -45,6 +45,7 @@ struct key_preparsed_payload {
45 const void *data; /* Raw data */ 45 const void *data; /* Raw data */
46 size_t datalen; /* Raw datalen */ 46 size_t datalen; /* Raw datalen */
47 size_t quotalen; /* Quota length for proposed payload */ 47 size_t quotalen; /* Quota length for proposed payload */
48 bool trusted; /* True if key is trusted */
48}; 49};
49 50
50typedef int (*request_key_actor_t)(struct key_construction *key, 51typedef int (*request_key_actor_t)(struct key_construction *key,
@@ -63,6 +64,11 @@ struct key_type {
63 */ 64 */
64 size_t def_datalen; 65 size_t def_datalen;
65 66
67 /* Default key search algorithm. */
68 unsigned def_lookup_type;
69#define KEYRING_SEARCH_LOOKUP_DIRECT 0x0000 /* Direct lookup by description. */
70#define KEYRING_SEARCH_LOOKUP_ITERATE 0x0001 /* Iterative search. */
71
66 /* vet a description */ 72 /* vet a description */
67 int (*vet_description)(const char *description); 73 int (*vet_description)(const char *description);
68 74
diff --git a/include/linux/key.h b/include/linux/key.h
index 4dfde1161c5e..80d677483e31 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -22,6 +22,7 @@
22#include <linux/sysctl.h> 22#include <linux/sysctl.h>
23#include <linux/rwsem.h> 23#include <linux/rwsem.h>
24#include <linux/atomic.h> 24#include <linux/atomic.h>
25#include <linux/assoc_array.h>
25 26
26#ifdef __KERNEL__ 27#ifdef __KERNEL__
27#include <linux/uidgid.h> 28#include <linux/uidgid.h>
@@ -82,6 +83,12 @@ struct key_owner;
82struct keyring_list; 83struct keyring_list;
83struct keyring_name; 84struct keyring_name;
84 85
86struct keyring_index_key {
87 struct key_type *type;
88 const char *description;
89 size_t desc_len;
90};
91
85/*****************************************************************************/ 92/*****************************************************************************/
86/* 93/*
87 * key reference with possession attribute handling 94 * key reference with possession attribute handling
@@ -99,7 +106,7 @@ struct keyring_name;
99typedef struct __key_reference_with_attributes *key_ref_t; 106typedef struct __key_reference_with_attributes *key_ref_t;
100 107
101static inline key_ref_t make_key_ref(const struct key *key, 108static inline key_ref_t make_key_ref(const struct key *key,
102 unsigned long possession) 109 bool possession)
103{ 110{
104 return (key_ref_t) ((unsigned long) key | possession); 111 return (key_ref_t) ((unsigned long) key | possession);
105} 112}
@@ -109,7 +116,7 @@ static inline struct key *key_ref_to_ptr(const key_ref_t key_ref)
109 return (struct key *) ((unsigned long) key_ref & ~1UL); 116 return (struct key *) ((unsigned long) key_ref & ~1UL);
110} 117}
111 118
112static inline unsigned long is_key_possessed(const key_ref_t key_ref) 119static inline bool is_key_possessed(const key_ref_t key_ref)
113{ 120{
114 return (unsigned long) key_ref & 1UL; 121 return (unsigned long) key_ref & 1UL;
115} 122}
@@ -129,7 +136,6 @@ struct key {
129 struct list_head graveyard_link; 136 struct list_head graveyard_link;
130 struct rb_node serial_node; 137 struct rb_node serial_node;
131 }; 138 };
132 struct key_type *type; /* type of key */
133 struct rw_semaphore sem; /* change vs change sem */ 139 struct rw_semaphore sem; /* change vs change sem */
134 struct key_user *user; /* owner of this key */ 140 struct key_user *user; /* owner of this key */
135 void *security; /* security data for this key */ 141 void *security; /* security data for this key */
@@ -162,13 +168,21 @@ struct key {
162#define KEY_FLAG_NEGATIVE 5 /* set if key is negative */ 168#define KEY_FLAG_NEGATIVE 5 /* set if key is negative */
163#define KEY_FLAG_ROOT_CAN_CLEAR 6 /* set if key can be cleared by root without permission */ 169#define KEY_FLAG_ROOT_CAN_CLEAR 6 /* set if key can be cleared by root without permission */
164#define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */ 170#define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */
171#define KEY_FLAG_TRUSTED 8 /* set if key is trusted */
172#define KEY_FLAG_TRUSTED_ONLY 9 /* set if keyring only accepts links to trusted keys */
165 173
166 /* the description string 174 /* the key type and key description string
167 * - this is used to match a key against search criteria 175 * - the desc is used to match a key against search criteria
168 * - this should be a printable string 176 * - it should be a printable string
169 * - eg: for krb5 AFS, this might be "afs@REDHAT.COM" 177 * - eg: for krb5 AFS, this might be "afs@REDHAT.COM"
170 */ 178 */
171 char *description; 179 union {
180 struct keyring_index_key index_key;
181 struct {
182 struct key_type *type; /* type of key */
183 char *description;
184 };
185 };
172 186
173 /* type specific data 187 /* type specific data
174 * - this is used by the keyring type to index the name 188 * - this is used by the keyring type to index the name
@@ -185,11 +199,14 @@ struct key {
185 * whatever 199 * whatever
186 */ 200 */
187 union { 201 union {
188 unsigned long value; 202 union {
189 void __rcu *rcudata; 203 unsigned long value;
190 void *data; 204 void __rcu *rcudata;
191 struct keyring_list __rcu *subscriptions; 205 void *data;
192 } payload; 206 void *data2[2];
207 } payload;
208 struct assoc_array keys;
209 };
193}; 210};
194 211
195extern struct key *key_alloc(struct key_type *type, 212extern struct key *key_alloc(struct key_type *type,
@@ -203,18 +220,23 @@ extern struct key *key_alloc(struct key_type *type,
203#define KEY_ALLOC_IN_QUOTA 0x0000 /* add to quota, reject if would overrun */ 220#define KEY_ALLOC_IN_QUOTA 0x0000 /* add to quota, reject if would overrun */
204#define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */ 221#define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */
205#define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */ 222#define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */
223#define KEY_ALLOC_TRUSTED 0x0004 /* Key should be flagged as trusted */
206 224
207extern void key_revoke(struct key *key); 225extern void key_revoke(struct key *key);
208extern void key_invalidate(struct key *key); 226extern void key_invalidate(struct key *key);
209extern void key_put(struct key *key); 227extern void key_put(struct key *key);
210 228
211static inline struct key *key_get(struct key *key) 229static inline struct key *__key_get(struct key *key)
212{ 230{
213 if (key) 231 atomic_inc(&key->usage);
214 atomic_inc(&key->usage);
215 return key; 232 return key;
216} 233}
217 234
235static inline struct key *key_get(struct key *key)
236{
237 return key ? __key_get(key) : key;
238}
239
218static inline void key_ref_put(key_ref_t key_ref) 240static inline void key_ref_put(key_ref_t key_ref)
219{ 241{
220 key_put(key_ref_to_ptr(key_ref)); 242 key_put(key_ref_to_ptr(key_ref));
diff --git a/include/linux/security.h b/include/linux/security.h
index 9d37e2b9d3ec..5623a7f965b7 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1052,17 +1052,25 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1052 * @xfrm_policy_delete_security: 1052 * @xfrm_policy_delete_security:
1053 * @ctx contains the xfrm_sec_ctx. 1053 * @ctx contains the xfrm_sec_ctx.
1054 * Authorize deletion of xp->security. 1054 * Authorize deletion of xp->security.
1055 * @xfrm_state_alloc_security: 1055 * @xfrm_state_alloc:
1056 * @x contains the xfrm_state being added to the Security Association 1056 * @x contains the xfrm_state being added to the Security Association
1057 * Database by the XFRM system. 1057 * Database by the XFRM system.
1058 * @sec_ctx contains the security context information being provided by 1058 * @sec_ctx contains the security context information being provided by
1059 * the user-level SA generation program (e.g., setkey or racoon). 1059 * the user-level SA generation program (e.g., setkey or racoon).
1060 * @secid contains the secid from which to take the mls portion of the context.
1061 * Allocate a security structure to the x->security field; the security 1060 * Allocate a security structure to the x->security field; the security
1062 * field is initialized to NULL when the xfrm_state is allocated. Set the 1061 * field is initialized to NULL when the xfrm_state is allocated. Set the
1063 * context to correspond to either sec_ctx or polsec, with the mls portion 1062 * context to correspond to sec_ctx. Return 0 if operation was successful
1064 * taken from secid in the latter case. 1063 * (memory to allocate, legal context).
1065 * Return 0 if operation was successful (memory to allocate, legal context). 1064 * @xfrm_state_alloc_acquire:
1065 * @x contains the xfrm_state being added to the Security Association
1066 * Database by the XFRM system.
1067 * @polsec contains the policy's security context.
1068 * @secid contains the secid from which to take the mls portion of the
1069 * context.
1070 * Allocate a security structure to the x->security field; the security
1071 * field is initialized to NULL when the xfrm_state is allocated. Set the
1072 * context to correspond to secid. Return 0 if operation was successful
1073 * (memory to allocate, legal context).
1066 * @xfrm_state_free_security: 1074 * @xfrm_state_free_security:
1067 * @x contains the xfrm_state. 1075 * @x contains the xfrm_state.
1068 * Deallocate x->security. 1076 * Deallocate x->security.
@@ -1679,9 +1687,11 @@ struct security_operations {
1679 int (*xfrm_policy_clone_security) (struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctx); 1687 int (*xfrm_policy_clone_security) (struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctx);
1680 void (*xfrm_policy_free_security) (struct xfrm_sec_ctx *ctx); 1688 void (*xfrm_policy_free_security) (struct xfrm_sec_ctx *ctx);
1681 int (*xfrm_policy_delete_security) (struct xfrm_sec_ctx *ctx); 1689 int (*xfrm_policy_delete_security) (struct xfrm_sec_ctx *ctx);
1682 int (*xfrm_state_alloc_security) (struct xfrm_state *x, 1690 int (*xfrm_state_alloc) (struct xfrm_state *x,
1683 struct xfrm_user_sec_ctx *sec_ctx, 1691 struct xfrm_user_sec_ctx *sec_ctx);
1684 u32 secid); 1692 int (*xfrm_state_alloc_acquire) (struct xfrm_state *x,
1693 struct xfrm_sec_ctx *polsec,
1694 u32 secid);
1685 void (*xfrm_state_free_security) (struct xfrm_state *x); 1695 void (*xfrm_state_free_security) (struct xfrm_state *x);
1686 int (*xfrm_state_delete_security) (struct xfrm_state *x); 1696 int (*xfrm_state_delete_security) (struct xfrm_state *x);
1687 int (*xfrm_policy_lookup) (struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir); 1697 int (*xfrm_policy_lookup) (struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index 4db29859464f..4836ba3c1cd8 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -27,6 +27,12 @@ struct user_namespace {
27 kuid_t owner; 27 kuid_t owner;
28 kgid_t group; 28 kgid_t group;
29 unsigned int proc_inum; 29 unsigned int proc_inum;
30
31 /* Register of per-UID persistent keyrings for this namespace */
32#ifdef CONFIG_PERSISTENT_KEYRINGS
33 struct key *persistent_keyring_register;
34 struct rw_semaphore persistent_keyring_register_sem;
35#endif
30}; 36};
31 37
32extern struct user_namespace init_user_ns; 38extern struct user_namespace init_user_ns;
diff --git a/include/uapi/linux/hash_info.h b/include/uapi/linux/hash_info.h
new file mode 100644
index 000000000000..ca18c45f8304
--- /dev/null
+++ b/include/uapi/linux/hash_info.h
@@ -0,0 +1,37 @@
1/*
2 * Hash Info: Hash algorithms information
3 *
4 * Copyright (c) 2013 Dmitry Kasatkin <d.kasatkin@samsung.com>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
9 * any later version.
10 *
11 */
12
13#ifndef _UAPI_LINUX_HASH_INFO_H
14#define _UAPI_LINUX_HASH_INFO_H
15
16enum hash_algo {
17 HASH_ALGO_MD4,
18 HASH_ALGO_MD5,
19 HASH_ALGO_SHA1,
20 HASH_ALGO_RIPE_MD_160,
21 HASH_ALGO_SHA256,
22 HASH_ALGO_SHA384,
23 HASH_ALGO_SHA512,
24 HASH_ALGO_SHA224,
25 HASH_ALGO_RIPE_MD_128,
26 HASH_ALGO_RIPE_MD_256,
27 HASH_ALGO_RIPE_MD_320,
28 HASH_ALGO_WP_256,
29 HASH_ALGO_WP_384,
30 HASH_ALGO_WP_512,
31 HASH_ALGO_TGR_128,
32 HASH_ALGO_TGR_160,
33 HASH_ALGO_TGR_192,
34 HASH_ALGO__LAST
35};
36
37#endif /* _UAPI_LINUX_HASH_INFO_H */
diff --git a/include/uapi/linux/keyctl.h b/include/uapi/linux/keyctl.h
index c9b7f4faf97a..840cb990abe2 100644
--- a/include/uapi/linux/keyctl.h
+++ b/include/uapi/linux/keyctl.h
@@ -56,5 +56,6 @@
56#define KEYCTL_REJECT 19 /* reject a partially constructed key */ 56#define KEYCTL_REJECT 19 /* reject a partially constructed key */
57#define KEYCTL_INSTANTIATE_IOV 20 /* instantiate a partially constructed key */ 57#define KEYCTL_INSTANTIATE_IOV 20 /* instantiate a partially constructed key */
58#define KEYCTL_INVALIDATE 21 /* invalidate a key */ 58#define KEYCTL_INVALIDATE 21 /* invalidate a key */
59#define KEYCTL_GET_PERSISTENT 22 /* get a user's persistent keyring */
59 60
60#endif /* _LINUX_KEYCTL_H */ 61#endif /* _LINUX_KEYCTL_H */
diff --git a/init/Kconfig b/init/Kconfig
index 296dfcaf613f..79383d3aa5dc 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1655,6 +1655,18 @@ config BASE_SMALL
1655 default 0 if BASE_FULL 1655 default 0 if BASE_FULL
1656 default 1 if !BASE_FULL 1656 default 1 if !BASE_FULL
1657 1657
1658config SYSTEM_TRUSTED_KEYRING
1659 bool "Provide system-wide ring of trusted keys"
1660 depends on KEYS
1661 help
1662 Provide a system keyring to which trusted keys can be added. Keys in
1663 the keyring are considered to be trusted. Keys may be added at will
1664 by the kernel from compiled-in data and from hardware key stores, but
1665 userspace may only add extra keys if those keys can be verified by
1666 keys already in the keyring.
1667
1668 Keys in this keyring are used by module signature checking.
1669
1658menuconfig MODULES 1670menuconfig MODULES
1659 bool "Enable loadable module support" 1671 bool "Enable loadable module support"
1660 option modules 1672 option modules
@@ -1728,6 +1740,7 @@ config MODULE_SRCVERSION_ALL
1728config MODULE_SIG 1740config MODULE_SIG
1729 bool "Module signature verification" 1741 bool "Module signature verification"
1730 depends on MODULES 1742 depends on MODULES
1743 select SYSTEM_TRUSTED_KEYRING
1731 select KEYS 1744 select KEYS
1732 select CRYPTO 1745 select CRYPTO
1733 select ASYMMETRIC_KEY_TYPE 1746 select ASYMMETRIC_KEY_TYPE
diff --git a/kernel/Makefile b/kernel/Makefile
index 09a9c94f42bd..bbaf7d59c1bb 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -41,8 +41,9 @@ ifneq ($(CONFIG_SMP),y)
41obj-y += up.o 41obj-y += up.o
42endif 42endif
43obj-$(CONFIG_UID16) += uid16.o 43obj-$(CONFIG_UID16) += uid16.o
44obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
44obj-$(CONFIG_MODULES) += module.o 45obj-$(CONFIG_MODULES) += module.o
45obj-$(CONFIG_MODULE_SIG) += module_signing.o modsign_pubkey.o modsign_certificate.o 46obj-$(CONFIG_MODULE_SIG) += module_signing.o
46obj-$(CONFIG_KALLSYMS) += kallsyms.o 47obj-$(CONFIG_KALLSYMS) += kallsyms.o
47obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o 48obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
48obj-$(CONFIG_KEXEC) += kexec.o 49obj-$(CONFIG_KEXEC) += kexec.o
@@ -122,19 +123,52 @@ targets += timeconst.h
122$(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE 123$(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE
123 $(call if_changed,bc) 124 $(call if_changed,bc)
124 125
125ifeq ($(CONFIG_MODULE_SIG),y) 126###############################################################################
127#
128# Roll all the X.509 certificates that we can find together and pull them into
129# the kernel so that they get loaded into the system trusted keyring during
130# boot.
126# 131#
127# Pull the signing certificate and any extra certificates into the kernel 132# We look in the source root and the build root for all files whose name ends
133# in ".x509". Unfortunately, this will generate duplicate filenames, so we
134# have make canonicalise the pathnames and then sort them to discard the
135# duplicates.
128# 136#
137###############################################################################
138ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
139X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509)
140X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += signing_key.x509
141X509_CERTIFICATES := $(sort $(foreach CERT,$(X509_CERTIFICATES-y), \
142 $(or $(realpath $(CERT)),$(CERT))))
143
144ifeq ($(X509_CERTIFICATES),)
145$(warning *** No X.509 certificates found ***)
146endif
147
148ifneq ($(wildcard $(obj)/.x509.list),)
149ifneq ($(shell cat $(obj)/.x509.list),$(X509_CERTIFICATES))
150$(info X.509 certificate list changed)
151$(shell rm $(obj)/.x509.list)
152endif
153endif
154
155kernel/system_certificates.o: $(obj)/x509_certificate_list
129 156
130quiet_cmd_touch = TOUCH $@ 157quiet_cmd_x509certs = CERTS $@
131 cmd_touch = touch $@ 158 cmd_x509certs = cat $(X509_CERTIFICATES) /dev/null >$@ $(foreach X509,$(X509_CERTIFICATES),; echo " - Including cert $(X509)")
132 159
133extra_certificates: 160targets += $(obj)/x509_certificate_list
134 $(call cmd,touch) 161$(obj)/x509_certificate_list: $(X509_CERTIFICATES) $(obj)/.x509.list
162 $(call if_changed,x509certs)
135 163
136kernel/modsign_certificate.o: signing_key.x509 extra_certificates 164targets += $(obj)/.x509.list
165$(obj)/.x509.list:
166 @echo $(X509_CERTIFICATES) >$@
137 167
168clean-files := x509_certificate_list .x509.list
169endif
170
171ifeq ($(CONFIG_MODULE_SIG),y)
138############################################################################### 172###############################################################################
139# 173#
140# If module signing is requested, say by allyesconfig, but a key has not been 174# If module signing is requested, say by allyesconfig, but a key has not been
diff --git a/kernel/modsign_certificate.S b/kernel/modsign_certificate.S
deleted file mode 100644
index 4a9a86d12c8b..000000000000
--- a/kernel/modsign_certificate.S
+++ /dev/null
@@ -1,12 +0,0 @@
1#include <linux/export.h>
2
3#define GLOBAL(name) \
4 .globl VMLINUX_SYMBOL(name); \
5 VMLINUX_SYMBOL(name):
6
7 .section ".init.data","aw"
8
9GLOBAL(modsign_certificate_list)
10 .incbin "signing_key.x509"
11 .incbin "extra_certificates"
12GLOBAL(modsign_certificate_list_end)
diff --git a/kernel/modsign_pubkey.c b/kernel/modsign_pubkey.c
deleted file mode 100644
index 7cbd4507a7e6..000000000000
--- a/kernel/modsign_pubkey.c
+++ /dev/null
@@ -1,104 +0,0 @@
1/* Public keys for module signature verification
2 *
3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#include <linux/kernel.h>
13#include <linux/sched.h>
14#include <linux/cred.h>
15#include <linux/err.h>
16#include <keys/asymmetric-type.h>
17#include "module-internal.h"
18
19struct key *modsign_keyring;
20
21extern __initconst const u8 modsign_certificate_list[];
22extern __initconst const u8 modsign_certificate_list_end[];
23
24/*
25 * We need to make sure ccache doesn't cache the .o file as it doesn't notice
26 * if modsign.pub changes.
27 */
28static __initconst const char annoy_ccache[] = __TIME__ "foo";
29
30/*
31 * Load the compiled-in keys
32 */
33static __init int module_verify_init(void)
34{
35 pr_notice("Initialise module verification\n");
36
37 modsign_keyring = keyring_alloc(".module_sign",
38 KUIDT_INIT(0), KGIDT_INIT(0),
39 current_cred(),
40 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
41 KEY_USR_VIEW | KEY_USR_READ),
42 KEY_ALLOC_NOT_IN_QUOTA, NULL);
43 if (IS_ERR(modsign_keyring))
44 panic("Can't allocate module signing keyring\n");
45
46 return 0;
47}
48
49/*
50 * Must be initialised before we try and load the keys into the keyring.
51 */
52device_initcall(module_verify_init);
53
54/*
55 * Load the compiled-in keys
56 */
57static __init int load_module_signing_keys(void)
58{
59 key_ref_t key;
60 const u8 *p, *end;
61 size_t plen;
62
63 pr_notice("Loading module verification certificates\n");
64
65 end = modsign_certificate_list_end;
66 p = modsign_certificate_list;
67 while (p < end) {
68 /* Each cert begins with an ASN.1 SEQUENCE tag and must be more
69 * than 256 bytes in size.
70 */
71 if (end - p < 4)
72 goto dodgy_cert;
73 if (p[0] != 0x30 &&
74 p[1] != 0x82)
75 goto dodgy_cert;
76 plen = (p[2] << 8) | p[3];
77 plen += 4;
78 if (plen > end - p)
79 goto dodgy_cert;
80
81 key = key_create_or_update(make_key_ref(modsign_keyring, 1),
82 "asymmetric",
83 NULL,
84 p,
85 plen,
86 (KEY_POS_ALL & ~KEY_POS_SETATTR) |
87 KEY_USR_VIEW,
88 KEY_ALLOC_NOT_IN_QUOTA);
89 if (IS_ERR(key))
90 pr_err("MODSIGN: Problem loading in-kernel X.509 certificate (%ld)\n",
91 PTR_ERR(key));
92 else
93 pr_notice("MODSIGN: Loaded cert '%s'\n",
94 key_ref_to_ptr(key)->description);
95 p += plen;
96 }
97
98 return 0;
99
100dodgy_cert:
101 pr_err("MODSIGN: Problem parsing in-kernel X.509 certificate list\n");
102 return 0;
103}
104late_initcall(load_module_signing_keys);
diff --git a/kernel/module-internal.h b/kernel/module-internal.h
index 24f9247b7d02..915e123a430f 100644
--- a/kernel/module-internal.h
+++ b/kernel/module-internal.h
@@ -9,6 +9,4 @@
9 * 2 of the Licence, or (at your option) any later version. 9 * 2 of the Licence, or (at your option) any later version.
10 */ 10 */
11 11
12extern struct key *modsign_keyring;
13
14extern int mod_verify_sig(const void *mod, unsigned long *_modlen); 12extern int mod_verify_sig(const void *mod, unsigned long *_modlen);
diff --git a/kernel/module_signing.c b/kernel/module_signing.c
index f2970bddc5ea..be5b8fac4bd0 100644
--- a/kernel/module_signing.c
+++ b/kernel/module_signing.c
@@ -14,6 +14,7 @@
14#include <crypto/public_key.h> 14#include <crypto/public_key.h>
15#include <crypto/hash.h> 15#include <crypto/hash.h>
16#include <keys/asymmetric-type.h> 16#include <keys/asymmetric-type.h>
17#include <keys/system_keyring.h>
17#include "module-internal.h" 18#include "module-internal.h"
18 19
19/* 20/*
@@ -28,7 +29,7 @@
28 */ 29 */
29struct module_signature { 30struct module_signature {
30 u8 algo; /* Public-key crypto algorithm [enum pkey_algo] */ 31 u8 algo; /* Public-key crypto algorithm [enum pkey_algo] */
31 u8 hash; /* Digest algorithm [enum pkey_hash_algo] */ 32 u8 hash; /* Digest algorithm [enum hash_algo] */
32 u8 id_type; /* Key identifier type [enum pkey_id_type] */ 33 u8 id_type; /* Key identifier type [enum pkey_id_type] */
33 u8 signer_len; /* Length of signer's name */ 34 u8 signer_len; /* Length of signer's name */
34 u8 key_id_len; /* Length of key identifier */ 35 u8 key_id_len; /* Length of key identifier */
@@ -39,7 +40,7 @@ struct module_signature {
39/* 40/*
40 * Digest the module contents. 41 * Digest the module contents.
41 */ 42 */
42static struct public_key_signature *mod_make_digest(enum pkey_hash_algo hash, 43static struct public_key_signature *mod_make_digest(enum hash_algo hash,
43 const void *mod, 44 const void *mod,
44 unsigned long modlen) 45 unsigned long modlen)
45{ 46{
@@ -54,7 +55,7 @@ static struct public_key_signature *mod_make_digest(enum pkey_hash_algo hash,
54 /* Allocate the hashing algorithm we're going to need and find out how 55 /* Allocate the hashing algorithm we're going to need and find out how
55 * big the hash operational data will be. 56 * big the hash operational data will be.
56 */ 57 */
57 tfm = crypto_alloc_shash(pkey_hash_algo[hash], 0, 0); 58 tfm = crypto_alloc_shash(hash_algo_name[hash], 0, 0);
58 if (IS_ERR(tfm)) 59 if (IS_ERR(tfm))
59 return (PTR_ERR(tfm) == -ENOENT) ? ERR_PTR(-ENOPKG) : ERR_CAST(tfm); 60 return (PTR_ERR(tfm) == -ENOENT) ? ERR_PTR(-ENOPKG) : ERR_CAST(tfm);
60 61
@@ -157,7 +158,7 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
157 158
158 pr_debug("Look up: \"%s\"\n", id); 159 pr_debug("Look up: \"%s\"\n", id);
159 160
160 key = keyring_search(make_key_ref(modsign_keyring, 1), 161 key = keyring_search(make_key_ref(system_trusted_keyring, 1),
161 &key_type_asymmetric, id); 162 &key_type_asymmetric, id);
162 if (IS_ERR(key)) 163 if (IS_ERR(key))
163 pr_warn("Request for unknown module key '%s' err %ld\n", 164 pr_warn("Request for unknown module key '%s' err %ld\n",
@@ -217,7 +218,7 @@ int mod_verify_sig(const void *mod, unsigned long *_modlen)
217 return -ENOPKG; 218 return -ENOPKG;
218 219
219 if (ms.hash >= PKEY_HASH__LAST || 220 if (ms.hash >= PKEY_HASH__LAST ||
220 !pkey_hash_algo[ms.hash]) 221 !hash_algo_name[ms.hash])
221 return -ENOPKG; 222 return -ENOPKG;
222 223
223 key = request_asymmetric_key(sig, ms.signer_len, 224 key = request_asymmetric_key(sig, ms.signer_len,
diff --git a/kernel/system_certificates.S b/kernel/system_certificates.S
new file mode 100644
index 000000000000..4aef390671cb
--- /dev/null
+++ b/kernel/system_certificates.S
@@ -0,0 +1,10 @@
1#include <linux/export.h>
2#include <linux/init.h>
3
4 __INITRODATA
5
6 .globl VMLINUX_SYMBOL(system_certificate_list)
7VMLINUX_SYMBOL(system_certificate_list):
8 .incbin "kernel/x509_certificate_list"
9 .globl VMLINUX_SYMBOL(system_certificate_list_end)
10VMLINUX_SYMBOL(system_certificate_list_end):
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
new file mode 100644
index 000000000000..564dd93430a2
--- /dev/null
+++ b/kernel/system_keyring.c
@@ -0,0 +1,105 @@
1/* System trusted keyring for trusted public keys
2 *
3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#include <linux/export.h>
13#include <linux/kernel.h>
14#include <linux/sched.h>
15#include <linux/cred.h>
16#include <linux/err.h>
17#include <keys/asymmetric-type.h>
18#include <keys/system_keyring.h>
19#include "module-internal.h"
20
21struct key *system_trusted_keyring;
22EXPORT_SYMBOL_GPL(system_trusted_keyring);
23
24extern __initconst const u8 system_certificate_list[];
25extern __initconst const u8 system_certificate_list_end[];
26
27/*
28 * Load the compiled-in keys
29 */
30static __init int system_trusted_keyring_init(void)
31{
32 pr_notice("Initialise system trusted keyring\n");
33
34 system_trusted_keyring =
35 keyring_alloc(".system_keyring",
36 KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
37 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
38 KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
39 KEY_ALLOC_NOT_IN_QUOTA, NULL);
40 if (IS_ERR(system_trusted_keyring))
41 panic("Can't allocate system trusted keyring\n");
42
43 set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
44 return 0;
45}
46
47/*
48 * Must be initialised before we try and load the keys into the keyring.
49 */
50device_initcall(system_trusted_keyring_init);
51
52/*
53 * Load the compiled-in list of X.509 certificates.
54 */
55static __init int load_system_certificate_list(void)
56{
57 key_ref_t key;
58 const u8 *p, *end;
59 size_t plen;
60
61 pr_notice("Loading compiled-in X.509 certificates\n");
62
63 end = system_certificate_list_end;
64 p = system_certificate_list;
65 while (p < end) {
66 /* Each cert begins with an ASN.1 SEQUENCE tag and must be more
67 * than 256 bytes in size.
68 */
69 if (end - p < 4)
70 goto dodgy_cert;
71 if (p[0] != 0x30 &&
72 p[1] != 0x82)
73 goto dodgy_cert;
74 plen = (p[2] << 8) | p[3];
75 plen += 4;
76 if (plen > end - p)
77 goto dodgy_cert;
78
79 key = key_create_or_update(make_key_ref(system_trusted_keyring, 1),
80 "asymmetric",
81 NULL,
82 p,
83 plen,
84 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
85 KEY_USR_VIEW | KEY_USR_READ),
86 KEY_ALLOC_NOT_IN_QUOTA |
87 KEY_ALLOC_TRUSTED);
88 if (IS_ERR(key)) {
89 pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
90 PTR_ERR(key));
91 } else {
92 pr_notice("Loaded X.509 cert '%s'\n",
93 key_ref_to_ptr(key)->description);
94 key_ref_put(key);
95 }
96 p += plen;
97 }
98
99 return 0;
100
101dodgy_cert:
102 pr_err("Problem parsing in-kernel X.509 certificate list\n");
103 return 0;
104}
105late_initcall(load_system_certificate_list);
diff --git a/kernel/user.c b/kernel/user.c
index 5bbb91988e69..a3a0dbfda329 100644
--- a/kernel/user.c
+++ b/kernel/user.c
@@ -51,6 +51,10 @@ struct user_namespace init_user_ns = {
51 .owner = GLOBAL_ROOT_UID, 51 .owner = GLOBAL_ROOT_UID,
52 .group = GLOBAL_ROOT_GID, 52 .group = GLOBAL_ROOT_GID,
53 .proc_inum = PROC_USER_INIT_INO, 53 .proc_inum = PROC_USER_INIT_INO,
54#ifdef CONFIG_KEYS_KERBEROS_CACHE
55 .krb_cache_register_sem =
56 __RWSEM_INITIALIZER(init_user_ns.krb_cache_register_sem),
57#endif
54}; 58};
55EXPORT_SYMBOL_GPL(init_user_ns); 59EXPORT_SYMBOL_GPL(init_user_ns);
56 60
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 13fb1134ba58..240fb62cf394 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -101,6 +101,9 @@ int create_user_ns(struct cred *new)
101 101
102 set_cred_user_ns(new, ns); 102 set_cred_user_ns(new, ns);
103 103
104#ifdef CONFIG_PERSISTENT_KEYRINGS
105 init_rwsem(&ns->persistent_keyring_register_sem);
106#endif
104 return 0; 107 return 0;
105} 108}
106 109
@@ -130,6 +133,9 @@ void free_user_ns(struct user_namespace *ns)
130 133
131 do { 134 do {
132 parent = ns->parent; 135 parent = ns->parent;
136#ifdef CONFIG_PERSISTENT_KEYRINGS
137 key_put(ns->persistent_keyring_register);
138#endif
133 proc_free_inum(ns->proc_inum); 139 proc_free_inum(ns->proc_inum);
134 kmem_cache_free(user_ns_cachep, ns); 140 kmem_cache_free(user_ns_cachep, ns);
135 ns = parent; 141 ns = parent;
diff --git a/lib/Kconfig b/lib/Kconfig
index 06dc74200a51..991c98bc4a3f 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -322,6 +322,20 @@ config TEXTSEARCH_FSM
322config BTREE 322config BTREE
323 boolean 323 boolean
324 324
325config ASSOCIATIVE_ARRAY
326 bool
327 help
328 Generic associative array. Can be searched and iterated over whilst
329 it is being modified. It is also reasonably quick to search and
330 modify. The algorithms are non-recursive, and the trees are highly
331 capacious.
332
333 See:
334
335 Documentation/assoc_array.txt
336
337 for more information.
338
325config HAS_IOMEM 339config HAS_IOMEM
326 boolean 340 boolean
327 depends on !NO_IOMEM 341 depends on !NO_IOMEM
diff --git a/lib/Makefile b/lib/Makefile
index d480a8c92385..b46065fd67a4 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -47,6 +47,7 @@ CFLAGS_hweight.o = $(subst $(quote),,$(CONFIG_ARCH_HWEIGHT_CFLAGS))
47obj-$(CONFIG_GENERIC_HWEIGHT) += hweight.o 47obj-$(CONFIG_GENERIC_HWEIGHT) += hweight.o
48 48
49obj-$(CONFIG_BTREE) += btree.o 49obj-$(CONFIG_BTREE) += btree.o
50obj-$(CONFIG_ASSOCIATIVE_ARRAY) += assoc_array.o
50obj-$(CONFIG_DEBUG_PREEMPT) += smp_processor_id.o 51obj-$(CONFIG_DEBUG_PREEMPT) += smp_processor_id.o
51obj-$(CONFIG_DEBUG_LIST) += list_debug.o 52obj-$(CONFIG_DEBUG_LIST) += list_debug.o
52obj-$(CONFIG_DEBUG_OBJECTS) += debugobjects.o 53obj-$(CONFIG_DEBUG_OBJECTS) += debugobjects.o
diff --git a/lib/assoc_array.c b/lib/assoc_array.c
new file mode 100644
index 000000000000..17edeaf19180
--- /dev/null
+++ b/lib/assoc_array.c
@@ -0,0 +1,1746 @@
1/* Generic associative array implementation.
2 *
3 * See Documentation/assoc_array.txt for information.
4 *
5 * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
6 * Written by David Howells (dhowells@redhat.com)
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public Licence
10 * as published by the Free Software Foundation; either version
11 * 2 of the Licence, or (at your option) any later version.
12 */
13//#define DEBUG
14#include <linux/slab.h>
15#include <linux/err.h>
16#include <linux/assoc_array_priv.h>
17
18/*
19 * Iterate over an associative array. The caller must hold the RCU read lock
20 * or better.
21 */
22static int assoc_array_subtree_iterate(const struct assoc_array_ptr *root,
23 const struct assoc_array_ptr *stop,
24 int (*iterator)(const void *leaf,
25 void *iterator_data),
26 void *iterator_data)
27{
28 const struct assoc_array_shortcut *shortcut;
29 const struct assoc_array_node *node;
30 const struct assoc_array_ptr *cursor, *ptr, *parent;
31 unsigned long has_meta;
32 int slot, ret;
33
34 cursor = root;
35
36begin_node:
37 if (assoc_array_ptr_is_shortcut(cursor)) {
38 /* Descend through a shortcut */
39 shortcut = assoc_array_ptr_to_shortcut(cursor);
40 smp_read_barrier_depends();
41 cursor = ACCESS_ONCE(shortcut->next_node);
42 }
43
44 node = assoc_array_ptr_to_node(cursor);
45 smp_read_barrier_depends();
46 slot = 0;
47
48 /* We perform two passes of each node.
49 *
50 * The first pass does all the leaves in this node. This means we
51 * don't miss any leaves if the node is split up by insertion whilst
52 * we're iterating over the branches rooted here (we may, however, see
53 * some leaves twice).
54 */
55 has_meta = 0;
56 for (; slot < ASSOC_ARRAY_FAN_OUT; slot++) {
57 ptr = ACCESS_ONCE(node->slots[slot]);
58 has_meta |= (unsigned long)ptr;
59 if (ptr && assoc_array_ptr_is_leaf(ptr)) {
60 /* We need a barrier between the read of the pointer
61 * and dereferencing the pointer - but only if we are
62 * actually going to dereference it.
63 */
64 smp_read_barrier_depends();
65
66 /* Invoke the callback */
67 ret = iterator(assoc_array_ptr_to_leaf(ptr),
68 iterator_data);
69 if (ret)
70 return ret;
71 }
72 }
73
74 /* The second pass attends to all the metadata pointers. If we follow
75 * one of these we may find that we don't come back here, but rather go
76 * back to a replacement node with the leaves in a different layout.
77 *
78 * We are guaranteed to make progress, however, as the slot number for
79 * a particular portion of the key space cannot change - and we
80 * continue at the back pointer + 1.
81 */
82 if (!(has_meta & ASSOC_ARRAY_PTR_META_TYPE))
83 goto finished_node;
84 slot = 0;
85
86continue_node:
87 node = assoc_array_ptr_to_node(cursor);
88 smp_read_barrier_depends();
89
90 for (; slot < ASSOC_ARRAY_FAN_OUT; slot++) {
91 ptr = ACCESS_ONCE(node->slots[slot]);
92 if (assoc_array_ptr_is_meta(ptr)) {
93 cursor = ptr;
94 goto begin_node;
95 }
96 }
97
98finished_node:
99 /* Move up to the parent (may need to skip back over a shortcut) */
100 parent = ACCESS_ONCE(node->back_pointer);
101 slot = node->parent_slot;
102 if (parent == stop)
103 return 0;
104
105 if (assoc_array_ptr_is_shortcut(parent)) {
106 shortcut = assoc_array_ptr_to_shortcut(parent);
107 smp_read_barrier_depends();
108 cursor = parent;
109 parent = ACCESS_ONCE(shortcut->back_pointer);
110 slot = shortcut->parent_slot;
111 if (parent == stop)
112 return 0;
113 }
114
115 /* Ascend to next slot in parent node */
116 cursor = parent;
117 slot++;
118 goto continue_node;
119}
120
121/**
122 * assoc_array_iterate - Pass all objects in the array to a callback
123 * @array: The array to iterate over.
124 * @iterator: The callback function.
125 * @iterator_data: Private data for the callback function.
126 *
127 * Iterate over all the objects in an associative array. Each one will be
128 * presented to the iterator function.
129 *
130 * If the array is being modified concurrently with the iteration then it is
131 * possible that some objects in the array will be passed to the iterator
132 * callback more than once - though every object should be passed at least
133 * once. If this is undesirable then the caller must lock against modification
134 * for the duration of this function.
135 *
136 * The function will return 0 if no objects were in the array or else it will
137 * return the result of the last iterator function called. Iteration stops
138 * immediately if any call to the iteration function results in a non-zero
139 * return.
140 *
141 * The caller should hold the RCU read lock or better if concurrent
142 * modification is possible.
143 */
144int assoc_array_iterate(const struct assoc_array *array,
145 int (*iterator)(const void *object,
146 void *iterator_data),
147 void *iterator_data)
148{
149 struct assoc_array_ptr *root = ACCESS_ONCE(array->root);
150
151 if (!root)
152 return 0;
153 return assoc_array_subtree_iterate(root, NULL, iterator, iterator_data);
154}
155
156enum assoc_array_walk_status {
157 assoc_array_walk_tree_empty,
158 assoc_array_walk_found_terminal_node,
159 assoc_array_walk_found_wrong_shortcut,
160} status;
161
162struct assoc_array_walk_result {
163 struct {
164 struct assoc_array_node *node; /* Node in which leaf might be found */
165 int level;
166 int slot;
167 } terminal_node;
168 struct {
169 struct assoc_array_shortcut *shortcut;
170 int level;
171 int sc_level;
172 unsigned long sc_segments;
173 unsigned long dissimilarity;
174 } wrong_shortcut;
175};
176
177/*
178 * Navigate through the internal tree looking for the closest node to the key.
179 */
180static enum assoc_array_walk_status
181assoc_array_walk(const struct assoc_array *array,
182 const struct assoc_array_ops *ops,
183 const void *index_key,
184 struct assoc_array_walk_result *result)
185{
186 struct assoc_array_shortcut *shortcut;
187 struct assoc_array_node *node;
188 struct assoc_array_ptr *cursor, *ptr;
189 unsigned long sc_segments, dissimilarity;
190 unsigned long segments;
191 int level, sc_level, next_sc_level;
192 int slot;
193
194 pr_devel("-->%s()\n", __func__);
195
196 cursor = ACCESS_ONCE(array->root);
197 if (!cursor)
198 return assoc_array_walk_tree_empty;
199
200 level = 0;
201
202 /* Use segments from the key for the new leaf to navigate through the
203 * internal tree, skipping through nodes and shortcuts that are on
204 * route to the destination. Eventually we'll come to a slot that is
205 * either empty or contains a leaf at which point we've found a node in
206 * which the leaf we're looking for might be found or into which it
207 * should be inserted.
208 */
209jumped:
210 segments = ops->get_key_chunk(index_key, level);
211 pr_devel("segments[%d]: %lx\n", level, segments);
212
213 if (assoc_array_ptr_is_shortcut(cursor))
214 goto follow_shortcut;
215
216consider_node:
217 node = assoc_array_ptr_to_node(cursor);
218 smp_read_barrier_depends();
219
220 slot = segments >> (level & ASSOC_ARRAY_KEY_CHUNK_MASK);
221 slot &= ASSOC_ARRAY_FAN_MASK;
222 ptr = ACCESS_ONCE(node->slots[slot]);
223
224 pr_devel("consider slot %x [ix=%d type=%lu]\n",
225 slot, level, (unsigned long)ptr & 3);
226
227 if (!assoc_array_ptr_is_meta(ptr)) {
228 /* The node doesn't have a node/shortcut pointer in the slot
229 * corresponding to the index key that we have to follow.
230 */
231 result->terminal_node.node = node;
232 result->terminal_node.level = level;
233 result->terminal_node.slot = slot;
234 pr_devel("<--%s() = terminal_node\n", __func__);
235 return assoc_array_walk_found_terminal_node;
236 }
237
238 if (assoc_array_ptr_is_node(ptr)) {
239 /* There is a pointer to a node in the slot corresponding to
240 * this index key segment, so we need to follow it.
241 */
242 cursor = ptr;
243 level += ASSOC_ARRAY_LEVEL_STEP;
244 if ((level & ASSOC_ARRAY_KEY_CHUNK_MASK) != 0)
245 goto consider_node;
246 goto jumped;
247 }
248
249 /* There is a shortcut in the slot corresponding to the index key
250 * segment. We follow the shortcut if its partial index key matches
251 * this leaf's. Otherwise we need to split the shortcut.
252 */
253 cursor = ptr;
254follow_shortcut:
255 shortcut = assoc_array_ptr_to_shortcut(cursor);
256 smp_read_barrier_depends();
257 pr_devel("shortcut to %d\n", shortcut->skip_to_level);
258 sc_level = level + ASSOC_ARRAY_LEVEL_STEP;
259 BUG_ON(sc_level > shortcut->skip_to_level);
260
261 do {
262 /* Check the leaf against the shortcut's index key a word at a
263 * time, trimming the final word (the shortcut stores the index
264 * key completely from the root to the shortcut's target).
265 */
266 if ((sc_level & ASSOC_ARRAY_KEY_CHUNK_MASK) == 0)
267 segments = ops->get_key_chunk(index_key, sc_level);
268
269 sc_segments = shortcut->index_key[sc_level >> ASSOC_ARRAY_KEY_CHUNK_SHIFT];
270 dissimilarity = segments ^ sc_segments;
271
272 if (round_up(sc_level, ASSOC_ARRAY_KEY_CHUNK_SIZE) > shortcut->skip_to_level) {
273 /* Trim segments that are beyond the shortcut */
274 int shift = shortcut->skip_to_level & ASSOC_ARRAY_KEY_CHUNK_MASK;
275 dissimilarity &= ~(ULONG_MAX << shift);
276 next_sc_level = shortcut->skip_to_level;
277 } else {
278 next_sc_level = sc_level + ASSOC_ARRAY_KEY_CHUNK_SIZE;
279 next_sc_level = round_down(next_sc_level, ASSOC_ARRAY_KEY_CHUNK_SIZE);
280 }
281
282 if (dissimilarity != 0) {
283 /* This shortcut points elsewhere */
284 result->wrong_shortcut.shortcut = shortcut;
285 result->wrong_shortcut.level = level;
286 result->wrong_shortcut.sc_level = sc_level;
287 result->wrong_shortcut.sc_segments = sc_segments;
288 result->wrong_shortcut.dissimilarity = dissimilarity;
289 return assoc_array_walk_found_wrong_shortcut;
290 }
291
292 sc_level = next_sc_level;
293 } while (sc_level < shortcut->skip_to_level);
294
295 /* The shortcut matches the leaf's index to this point. */
296 cursor = ACCESS_ONCE(shortcut->next_node);
297 if (((level ^ sc_level) & ~ASSOC_ARRAY_KEY_CHUNK_MASK) != 0) {
298 level = sc_level;
299 goto jumped;
300 } else {
301 level = sc_level;
302 goto consider_node;
303 }
304}
305
306/**
307 * assoc_array_find - Find an object by index key
308 * @array: The associative array to search.
309 * @ops: The operations to use.
310 * @index_key: The key to the object.
311 *
312 * Find an object in an associative array by walking through the internal tree
313 * to the node that should contain the object and then searching the leaves
314 * there. NULL is returned if the requested object was not found in the array.
315 *
316 * The caller must hold the RCU read lock or better.
317 */
318void *assoc_array_find(const struct assoc_array *array,
319 const struct assoc_array_ops *ops,
320 const void *index_key)
321{
322 struct assoc_array_walk_result result;
323 const struct assoc_array_node *node;
324 const struct assoc_array_ptr *ptr;
325 const void *leaf;
326 int slot;
327
328 if (assoc_array_walk(array, ops, index_key, &result) !=
329 assoc_array_walk_found_terminal_node)
330 return NULL;
331
332 node = result.terminal_node.node;
333 smp_read_barrier_depends();
334
335 /* If the target key is available to us, it's has to be pointed to by
336 * the terminal node.
337 */
338 for (slot = 0; slot < ASSOC_ARRAY_FAN_OUT; slot++) {
339 ptr = ACCESS_ONCE(node->slots[slot]);
340 if (ptr && assoc_array_ptr_is_leaf(ptr)) {
341 /* We need a barrier between the read of the pointer
342 * and dereferencing the pointer - but only if we are
343 * actually going to dereference it.
344 */
345 leaf = assoc_array_ptr_to_leaf(ptr);
346 smp_read_barrier_depends();
347 if (ops->compare_object(leaf, index_key))
348 return (void *)leaf;
349 }
350 }
351
352 return NULL;
353}
354
355/*
356 * Destructively iterate over an associative array. The caller must prevent
357 * other simultaneous accesses.
358 */
359static void assoc_array_destroy_subtree(struct assoc_array_ptr *root,
360 const struct assoc_array_ops *ops)
361{
362 struct assoc_array_shortcut *shortcut;
363 struct assoc_array_node *node;
364 struct assoc_array_ptr *cursor, *parent = NULL;
365 int slot = -1;
366
367 pr_devel("-->%s()\n", __func__);
368
369 cursor = root;
370 if (!cursor) {
371 pr_devel("empty\n");
372 return;
373 }
374
375move_to_meta:
376 if (assoc_array_ptr_is_shortcut(cursor)) {
377 /* Descend through a shortcut */
378 pr_devel("[%d] shortcut\n", slot);
379 BUG_ON(!assoc_array_ptr_is_shortcut(cursor));
380 shortcut = assoc_array_ptr_to_shortcut(cursor);
381 BUG_ON(shortcut->back_pointer != parent);
382 BUG_ON(slot != -1 && shortcut->parent_slot != slot);
383 parent = cursor;
384 cursor = shortcut->next_node;
385 slot = -1;
386 BUG_ON(!assoc_array_ptr_is_node(cursor));
387 }
388
389 pr_devel("[%d] node\n", slot);
390 node = assoc_array_ptr_to_node(cursor);
391 BUG_ON(node->back_pointer != parent);
392 BUG_ON(slot != -1 && node->parent_slot != slot);
393 slot = 0;
394
395continue_node:
396 pr_devel("Node %p [back=%p]\n", node, node->back_pointer);
397 for (; slot < ASSOC_ARRAY_FAN_OUT; slot++) {
398 struct assoc_array_ptr *ptr = node->slots[slot];
399 if (!ptr)
400 continue;
401 if (assoc_array_ptr_is_meta(ptr)) {
402 parent = cursor;
403 cursor = ptr;
404 goto move_to_meta;
405 }
406
407 if (ops) {
408 pr_devel("[%d] free leaf\n", slot);
409 ops->free_object(assoc_array_ptr_to_leaf(ptr));
410 }
411 }
412
413 parent = node->back_pointer;
414 slot = node->parent_slot;
415 pr_devel("free node\n");
416 kfree(node);
417 if (!parent)
418 return; /* Done */
419
420 /* Move back up to the parent (may need to free a shortcut on
421 * the way up) */
422 if (assoc_array_ptr_is_shortcut(parent)) {
423 shortcut = assoc_array_ptr_to_shortcut(parent);
424 BUG_ON(shortcut->next_node != cursor);
425 cursor = parent;
426 parent = shortcut->back_pointer;
427 slot = shortcut->parent_slot;
428 pr_devel("free shortcut\n");
429 kfree(shortcut);
430 if (!parent)
431 return;
432
433 BUG_ON(!assoc_array_ptr_is_node(parent));
434 }
435
436 /* Ascend to next slot in parent node */
437 pr_devel("ascend to %p[%d]\n", parent, slot);
438 cursor = parent;
439 node = assoc_array_ptr_to_node(cursor);
440 slot++;
441 goto continue_node;
442}
443
444/**
445 * assoc_array_destroy - Destroy an associative array
446 * @array: The array to destroy.
447 * @ops: The operations to use.
448 *
449 * Discard all metadata and free all objects in an associative array. The
450 * array will be empty and ready to use again upon completion. This function
451 * cannot fail.
452 *
453 * The caller must prevent all other accesses whilst this takes place as no
454 * attempt is made to adjust pointers gracefully to permit RCU readlock-holding
455 * accesses to continue. On the other hand, no memory allocation is required.
456 */
457void assoc_array_destroy(struct assoc_array *array,
458 const struct assoc_array_ops *ops)
459{
460 assoc_array_destroy_subtree(array->root, ops);
461 array->root = NULL;
462}
463
464/*
465 * Handle insertion into an empty tree.
466 */
467static bool assoc_array_insert_in_empty_tree(struct assoc_array_edit *edit)
468{
469 struct assoc_array_node *new_n0;
470
471 pr_devel("-->%s()\n", __func__);
472
473 new_n0 = kzalloc(sizeof(struct assoc_array_node), GFP_KERNEL);
474 if (!new_n0)
475 return false;
476
477 edit->new_meta[0] = assoc_array_node_to_ptr(new_n0);
478 edit->leaf_p = &new_n0->slots[0];
479 edit->adjust_count_on = new_n0;
480 edit->set[0].ptr = &edit->array->root;
481 edit->set[0].to = assoc_array_node_to_ptr(new_n0);
482
483 pr_devel("<--%s() = ok [no root]\n", __func__);
484 return true;
485}
486
487/*
488 * Handle insertion into a terminal node.
489 */
490static bool assoc_array_insert_into_terminal_node(struct assoc_array_edit *edit,
491 const struct assoc_array_ops *ops,
492 const void *index_key,
493 struct assoc_array_walk_result *result)
494{
495 struct assoc_array_shortcut *shortcut, *new_s0;
496 struct assoc_array_node *node, *new_n0, *new_n1, *side;
497 struct assoc_array_ptr *ptr;
498 unsigned long dissimilarity, base_seg, blank;
499 size_t keylen;
500 bool have_meta;
501 int level, diff;
502 int slot, next_slot, free_slot, i, j;
503
504 node = result->terminal_node.node;
505 level = result->terminal_node.level;
506 edit->segment_cache[ASSOC_ARRAY_FAN_OUT] = result->terminal_node.slot;
507
508 pr_devel("-->%s()\n", __func__);
509
510 /* We arrived at a node which doesn't have an onward node or shortcut
511 * pointer that we have to follow. This means that (a) the leaf we
512 * want must go here (either by insertion or replacement) or (b) we
513 * need to split this node and insert in one of the fragments.
514 */
515 free_slot = -1;
516
517 /* Firstly, we have to check the leaves in this node to see if there's
518 * a matching one we should replace in place.
519 */
520 for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) {
521 ptr = node->slots[i];
522 if (!ptr) {
523 free_slot = i;
524 continue;
525 }
526 if (ops->compare_object(assoc_array_ptr_to_leaf(ptr), index_key)) {
527 pr_devel("replace in slot %d\n", i);
528 edit->leaf_p = &node->slots[i];
529 edit->dead_leaf = node->slots[i];
530 pr_devel("<--%s() = ok [replace]\n", __func__);
531 return true;
532 }
533 }
534
535 /* If there is a free slot in this node then we can just insert the
536 * leaf here.
537 */
538 if (free_slot >= 0) {
539 pr_devel("insert in free slot %d\n", free_slot);
540 edit->leaf_p = &node->slots[free_slot];
541 edit->adjust_count_on = node;
542 pr_devel("<--%s() = ok [insert]\n", __func__);
543 return true;
544 }
545
546 /* The node has no spare slots - so we're either going to have to split
547 * it or insert another node before it.
548 *
549 * Whatever, we're going to need at least two new nodes - so allocate
550 * those now. We may also need a new shortcut, but we deal with that
551 * when we need it.
552 */
553 new_n0 = kzalloc(sizeof(struct assoc_array_node), GFP_KERNEL);
554 if (!new_n0)
555 return false;
556 edit->new_meta[0] = assoc_array_node_to_ptr(new_n0);
557 new_n1 = kzalloc(sizeof(struct assoc_array_node), GFP_KERNEL);
558 if (!new_n1)
559 return false;
560 edit->new_meta[1] = assoc_array_node_to_ptr(new_n1);
561
562 /* We need to find out how similar the leaves are. */
563 pr_devel("no spare slots\n");
564 have_meta = false;
565 for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) {
566 ptr = node->slots[i];
567 if (assoc_array_ptr_is_meta(ptr)) {
568 edit->segment_cache[i] = 0xff;
569 have_meta = true;
570 continue;
571 }
572 base_seg = ops->get_object_key_chunk(
573 assoc_array_ptr_to_leaf(ptr), level);
574 base_seg >>= level & ASSOC_ARRAY_KEY_CHUNK_MASK;
575 edit->segment_cache[i] = base_seg & ASSOC_ARRAY_FAN_MASK;
576 }
577
578 if (have_meta) {
579 pr_devel("have meta\n");
580 goto split_node;
581 }
582
583 /* The node contains only leaves */
584 dissimilarity = 0;
585 base_seg = edit->segment_cache[0];
586 for (i = 1; i < ASSOC_ARRAY_FAN_OUT; i++)
587 dissimilarity |= edit->segment_cache[i] ^ base_seg;
588
589 pr_devel("only leaves; dissimilarity=%lx\n", dissimilarity);
590
591 if ((dissimilarity & ASSOC_ARRAY_FAN_MASK) == 0) {
592 /* The old leaves all cluster in the same slot. We will need
593 * to insert a shortcut if the new node wants to cluster with them.
594 */
595 if ((edit->segment_cache[ASSOC_ARRAY_FAN_OUT] ^ base_seg) == 0)
596 goto all_leaves_cluster_together;
597
598 /* Otherwise we can just insert a new node ahead of the old
599 * one.
600 */
601 goto present_leaves_cluster_but_not_new_leaf;
602 }
603
604split_node:
605 pr_devel("split node\n");
606
607 /* We need to split the current node; we know that the node doesn't
608 * simply contain a full set of leaves that cluster together (it
609 * contains meta pointers and/or non-clustering leaves).
610 *
611 * We need to expel at least two leaves out of a set consisting of the
612 * leaves in the node and the new leaf.
613 *
614 * We need a new node (n0) to replace the current one and a new node to
615 * take the expelled nodes (n1).
616 */
617 edit->set[0].to = assoc_array_node_to_ptr(new_n0);
618 new_n0->back_pointer = node->back_pointer;
619 new_n0->parent_slot = node->parent_slot;
620 new_n1->back_pointer = assoc_array_node_to_ptr(new_n0);
621 new_n1->parent_slot = -1; /* Need to calculate this */
622
623do_split_node:
624 pr_devel("do_split_node\n");
625
626 new_n0->nr_leaves_on_branch = node->nr_leaves_on_branch;
627 new_n1->nr_leaves_on_branch = 0;
628
629 /* Begin by finding two matching leaves. There have to be at least two
630 * that match - even if there are meta pointers - because any leaf that
631 * would match a slot with a meta pointer in it must be somewhere
632 * behind that meta pointer and cannot be here. Further, given N
633 * remaining leaf slots, we now have N+1 leaves to go in them.
634 */
635 for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) {
636 slot = edit->segment_cache[i];
637 if (slot != 0xff)
638 for (j = i + 1; j < ASSOC_ARRAY_FAN_OUT + 1; j++)
639 if (edit->segment_cache[j] == slot)
640 goto found_slot_for_multiple_occupancy;
641 }
642found_slot_for_multiple_occupancy:
643 pr_devel("same slot: %x %x [%02x]\n", i, j, slot);
644 BUG_ON(i >= ASSOC_ARRAY_FAN_OUT);
645 BUG_ON(j >= ASSOC_ARRAY_FAN_OUT + 1);
646 BUG_ON(slot >= ASSOC_ARRAY_FAN_OUT);
647
648 new_n1->parent_slot = slot;
649
650 /* Metadata pointers cannot change slot */
651 for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++)
652 if (assoc_array_ptr_is_meta(node->slots[i]))
653 new_n0->slots[i] = node->slots[i];
654 else
655 new_n0->slots[i] = NULL;
656 BUG_ON(new_n0->slots[slot] != NULL);
657 new_n0->slots[slot] = assoc_array_node_to_ptr(new_n1);
658
659 /* Filter the leaf pointers between the new nodes */
660 free_slot = -1;
661 next_slot = 0;
662 for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) {
663 if (assoc_array_ptr_is_meta(node->slots[i]))
664 continue;
665 if (edit->segment_cache[i] == slot) {
666 new_n1->slots[next_slot++] = node->slots[i];
667 new_n1->nr_leaves_on_branch++;
668 } else {
669 do {
670 free_slot++;
671 } while (new_n0->slots[free_slot] != NULL);
672 new_n0->slots[free_slot] = node->slots[i];
673 }
674 }
675
676 pr_devel("filtered: f=%x n=%x\n", free_slot, next_slot);
677
678 if (edit->segment_cache[ASSOC_ARRAY_FAN_OUT] != slot) {
679 do {
680 free_slot++;
681 } while (new_n0->slots[free_slot] != NULL);
682 edit->leaf_p = &new_n0->slots[free_slot];
683 edit->adjust_count_on = new_n0;
684 } else {
685 edit->leaf_p = &new_n1->slots[next_slot++];
686 edit->adjust_count_on = new_n1;
687 }
688
689 BUG_ON(next_slot <= 1);
690
691 edit->set_backpointers_to = assoc_array_node_to_ptr(new_n0);
692 for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) {
693 if (edit->segment_cache[i] == 0xff) {
694 ptr = node->slots[i];
695 BUG_ON(assoc_array_ptr_is_leaf(ptr));
696 if (assoc_array_ptr_is_node(ptr)) {
697 side = assoc_array_ptr_to_node(ptr);
698 edit->set_backpointers[i] = &side->back_pointer;
699 } else {
700 shortcut = assoc_array_ptr_to_shortcut(ptr);
701 edit->set_backpointers[i] = &shortcut->back_pointer;
702 }
703 }
704 }
705
706 ptr = node->back_pointer;
707 if (!ptr)
708 edit->set[0].ptr = &edit->array->root;
709 else if (assoc_array_ptr_is_node(ptr))
710 edit->set[0].ptr = &assoc_array_ptr_to_node(ptr)->slots[node->parent_slot];
711 else
712 edit->set[0].ptr = &assoc_array_ptr_to_shortcut(ptr)->next_node;
713 edit->excised_meta[0] = assoc_array_node_to_ptr(node);
714 pr_devel("<--%s() = ok [split node]\n", __func__);
715 return true;
716
717present_leaves_cluster_but_not_new_leaf:
718 /* All the old leaves cluster in the same slot, but the new leaf wants
719 * to go into a different slot, so we create a new node to hold the new
720 * leaf and a pointer to a new node holding all the old leaves.
721 */
722 pr_devel("present leaves cluster but not new leaf\n");
723
724 new_n0->back_pointer = node->back_pointer;
725 new_n0->parent_slot = node->parent_slot;
726 new_n0->nr_leaves_on_branch = node->nr_leaves_on_branch;
727 new_n1->back_pointer = assoc_array_node_to_ptr(new_n0);
728 new_n1->parent_slot = edit->segment_cache[0];
729 new_n1->nr_leaves_on_branch = node->nr_leaves_on_branch;
730 edit->adjust_count_on = new_n0;
731
732 for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++)
733 new_n1->slots[i] = node->slots[i];
734
735 new_n0->slots[edit->segment_cache[0]] = assoc_array_node_to_ptr(new_n0);
736 edit->leaf_p = &new_n0->slots[edit->segment_cache[ASSOC_ARRAY_FAN_OUT]];
737
738 edit->set[0].ptr = &assoc_array_ptr_to_node(node->back_pointer)->slots[node->parent_slot];
739 edit->set[0].to = assoc_array_node_to_ptr(new_n0);
740 edit->excised_meta[0] = assoc_array_node_to_ptr(node);
741 pr_devel("<--%s() = ok [insert node before]\n", __func__);
742 return true;
743
744all_leaves_cluster_together:
745 /* All the leaves, new and old, want to cluster together in this node
746 * in the same slot, so we have to replace this node with a shortcut to
747 * skip over the identical parts of the key and then place a pair of
748 * nodes, one inside the other, at the end of the shortcut and
749 * distribute the keys between them.
750 *
751 * Firstly we need to work out where the leaves start diverging as a
752 * bit position into their keys so that we know how big the shortcut
753 * needs to be.
754 *
755 * We only need to make a single pass of N of the N+1 leaves because if
756 * any keys differ between themselves at bit X then at least one of
757 * them must also differ with the base key at bit X or before.
758 */
759 pr_devel("all leaves cluster together\n");
760 diff = INT_MAX;
761 for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) {
762 int x = ops->diff_objects(assoc_array_ptr_to_leaf(edit->leaf),
763 assoc_array_ptr_to_leaf(node->slots[i]));
764 if (x < diff) {
765 BUG_ON(x < 0);
766 diff = x;
767 }
768 }
769 BUG_ON(diff == INT_MAX);
770 BUG_ON(diff < level + ASSOC_ARRAY_LEVEL_STEP);
771
772 keylen = round_up(diff, ASSOC_ARRAY_KEY_CHUNK_SIZE);
773 keylen >>= ASSOC_ARRAY_KEY_CHUNK_SHIFT;
774
775 new_s0 = kzalloc(sizeof(struct assoc_array_shortcut) +
776 keylen * sizeof(unsigned long), GFP_KERNEL);
777 if (!new_s0)
778 return false;
779 edit->new_meta[2] = assoc_array_shortcut_to_ptr(new_s0);
780
781 edit->set[0].to = assoc_array_shortcut_to_ptr(new_s0);
782 new_s0->back_pointer = node->back_pointer;
783 new_s0->parent_slot = node->parent_slot;
784 new_s0->next_node = assoc_array_node_to_ptr(new_n0);
785 new_n0->back_pointer = assoc_array_shortcut_to_ptr(new_s0);
786 new_n0->parent_slot = 0;
787 new_n1->back_pointer = assoc_array_node_to_ptr(new_n0);
788 new_n1->parent_slot = -1; /* Need to calculate this */
789
790 new_s0->skip_to_level = level = diff & ~ASSOC_ARRAY_LEVEL_STEP_MASK;
791 pr_devel("skip_to_level = %d [diff %d]\n", level, diff);
792 BUG_ON(level <= 0);
793
794 for (i = 0; i < keylen; i++)
795 new_s0->index_key[i] =
796 ops->get_key_chunk(index_key, i * ASSOC_ARRAY_KEY_CHUNK_SIZE);
797
798 blank = ULONG_MAX << (level & ASSOC_ARRAY_KEY_CHUNK_MASK);
799 pr_devel("blank off [%zu] %d: %lx\n", keylen - 1, level, blank);
800 new_s0->index_key[keylen - 1] &= ~blank;
801
802 /* This now reduces to a node splitting exercise for which we'll need
803 * to regenerate the disparity table.
804 */
805 for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) {
806 ptr = node->slots[i];
807 base_seg = ops->get_object_key_chunk(assoc_array_ptr_to_leaf(ptr),
808 level);
809 base_seg >>= level & ASSOC_ARRAY_KEY_CHUNK_MASK;
810 edit->segment_cache[i] = base_seg & ASSOC_ARRAY_FAN_MASK;
811 }
812
813 base_seg = ops->get_key_chunk(index_key, level);
814 base_seg >>= level & ASSOC_ARRAY_KEY_CHUNK_MASK;
815 edit->segment_cache[ASSOC_ARRAY_FAN_OUT] = base_seg & ASSOC_ARRAY_FAN_MASK;
816 goto do_split_node;
817}
818
819/*
820 * Handle insertion into the middle of a shortcut.
821 */
822static bool assoc_array_insert_mid_shortcut(struct assoc_array_edit *edit,
823 const struct assoc_array_ops *ops,
824 struct assoc_array_walk_result *result)
825{
826 struct assoc_array_shortcut *shortcut, *new_s0, *new_s1;
827 struct assoc_array_node *node, *new_n0, *side;
828 unsigned long sc_segments, dissimilarity, blank;
829 size_t keylen;
830 int level, sc_level, diff;
831 int sc_slot;
832
833 shortcut = result->wrong_shortcut.shortcut;
834 level = result->wrong_shortcut.level;
835 sc_level = result->wrong_shortcut.sc_level;
836 sc_segments = result->wrong_shortcut.sc_segments;
837 dissimilarity = result->wrong_shortcut.dissimilarity;
838
839 pr_devel("-->%s(ix=%d dis=%lx scix=%d)\n",
840 __func__, level, dissimilarity, sc_level);
841
842 /* We need to split a shortcut and insert a node between the two
843 * pieces. Zero-length pieces will be dispensed with entirely.
844 *
845 * First of all, we need to find out in which level the first
846 * difference was.
847 */
848 diff = __ffs(dissimilarity);
849 diff &= ~ASSOC_ARRAY_LEVEL_STEP_MASK;
850 diff += sc_level & ~ASSOC_ARRAY_KEY_CHUNK_MASK;
851 pr_devel("diff=%d\n", diff);
852
853 if (!shortcut->back_pointer) {
854 edit->set[0].ptr = &edit->array->root;
855 } else if (assoc_array_ptr_is_node(shortcut->back_pointer)) {
856 node = assoc_array_ptr_to_node(shortcut->back_pointer);
857 edit->set[0].ptr = &node->slots[shortcut->parent_slot];
858 } else {
859 BUG();
860 }
861
862 edit->excised_meta[0] = assoc_array_shortcut_to_ptr(shortcut);
863
864 /* Create a new node now since we're going to need it anyway */
865 new_n0 = kzalloc(sizeof(struct assoc_array_node), GFP_KERNEL);
866 if (!new_n0)
867 return false;
868 edit->new_meta[0] = assoc_array_node_to_ptr(new_n0);
869 edit->adjust_count_on = new_n0;
870
871 /* Insert a new shortcut before the new node if this segment isn't of
872 * zero length - otherwise we just connect the new node directly to the
873 * parent.
874 */
875 level += ASSOC_ARRAY_LEVEL_STEP;
876 if (diff > level) {
877 pr_devel("pre-shortcut %d...%d\n", level, diff);
878 keylen = round_up(diff, ASSOC_ARRAY_KEY_CHUNK_SIZE);
879 keylen >>= ASSOC_ARRAY_KEY_CHUNK_SHIFT;
880
881 new_s0 = kzalloc(sizeof(struct assoc_array_shortcut) +
882 keylen * sizeof(unsigned long), GFP_KERNEL);
883 if (!new_s0)
884 return false;
885 edit->new_meta[1] = assoc_array_shortcut_to_ptr(new_s0);
886 edit->set[0].to = assoc_array_shortcut_to_ptr(new_s0);
887 new_s0->back_pointer = shortcut->back_pointer;
888 new_s0->parent_slot = shortcut->parent_slot;
889 new_s0->next_node = assoc_array_node_to_ptr(new_n0);
890 new_s0->skip_to_level = diff;
891
892 new_n0->back_pointer = assoc_array_shortcut_to_ptr(new_s0);
893 new_n0->parent_slot = 0;
894
895 memcpy(new_s0->index_key, shortcut->index_key,
896 keylen * sizeof(unsigned long));
897
898 blank = ULONG_MAX << (diff & ASSOC_ARRAY_KEY_CHUNK_MASK);
899 pr_devel("blank off [%zu] %d: %lx\n", keylen - 1, diff, blank);
900 new_s0->index_key[keylen - 1] &= ~blank;
901 } else {
902 pr_devel("no pre-shortcut\n");
903 edit->set[0].to = assoc_array_node_to_ptr(new_n0);
904 new_n0->back_pointer = shortcut->back_pointer;
905 new_n0->parent_slot = shortcut->parent_slot;
906 }
907
908 side = assoc_array_ptr_to_node(shortcut->next_node);
909 new_n0->nr_leaves_on_branch = side->nr_leaves_on_branch;
910
911 /* We need to know which slot in the new node is going to take a
912 * metadata pointer.
913 */
914 sc_slot = sc_segments >> (diff & ASSOC_ARRAY_KEY_CHUNK_MASK);
915 sc_slot &= ASSOC_ARRAY_FAN_MASK;
916
917 pr_devel("new slot %lx >> %d -> %d\n",
918 sc_segments, diff & ASSOC_ARRAY_KEY_CHUNK_MASK, sc_slot);
919
920 /* Determine whether we need to follow the new node with a replacement
921 * for the current shortcut. We could in theory reuse the current
922 * shortcut if its parent slot number doesn't change - but that's a
923 * 1-in-16 chance so not worth expending the code upon.
924 */
925 level = diff + ASSOC_ARRAY_LEVEL_STEP;
926 if (level < shortcut->skip_to_level) {
927 pr_devel("post-shortcut %d...%d\n", level, shortcut->skip_to_level);
928 keylen = round_up(shortcut->skip_to_level, ASSOC_ARRAY_KEY_CHUNK_SIZE);
929 keylen >>= ASSOC_ARRAY_KEY_CHUNK_SHIFT;
930
931 new_s1 = kzalloc(sizeof(struct assoc_array_shortcut) +
932 keylen * sizeof(unsigned long), GFP_KERNEL);
933 if (!new_s1)
934 return false;
935 edit->new_meta[2] = assoc_array_shortcut_to_ptr(new_s1);
936
937 new_s1->back_pointer = assoc_array_node_to_ptr(new_n0);
938 new_s1->parent_slot = sc_slot;
939 new_s1->next_node = shortcut->next_node;
940 new_s1->skip_to_level = shortcut->skip_to_level;
941
942 new_n0->slots[sc_slot] = assoc_array_shortcut_to_ptr(new_s1);
943
944 memcpy(new_s1->index_key, shortcut->index_key,
945 keylen * sizeof(unsigned long));
946
947 edit->set[1].ptr = &side->back_pointer;
948 edit->set[1].to = assoc_array_shortcut_to_ptr(new_s1);
949 } else {
950 pr_devel("no post-shortcut\n");
951
952 /* We don't have to replace the pointed-to node as long as we
953 * use memory barriers to make sure the parent slot number is
954 * changed before the back pointer (the parent slot number is
955 * irrelevant to the old parent shortcut).
956 */
957 new_n0->slots[sc_slot] = shortcut->next_node;
958 edit->set_parent_slot[0].p = &side->parent_slot;
959 edit->set_parent_slot[0].to = sc_slot;
960 edit->set[1].ptr = &side->back_pointer;
961 edit->set[1].to = assoc_array_node_to_ptr(new_n0);
962 }
963
964 /* Install the new leaf in a spare slot in the new node. */
965 if (sc_slot == 0)
966 edit->leaf_p = &new_n0->slots[1];
967 else
968 edit->leaf_p = &new_n0->slots[0];
969
970 pr_devel("<--%s() = ok [split shortcut]\n", __func__);
971 return edit;
972}
973
974/**
975 * assoc_array_insert - Script insertion of an object into an associative array
976 * @array: The array to insert into.
977 * @ops: The operations to use.
978 * @index_key: The key to insert at.
979 * @object: The object to insert.
980 *
981 * Precalculate and preallocate a script for the insertion or replacement of an
982 * object in an associative array. This results in an edit script that can
983 * either be applied or cancelled.
984 *
985 * The function returns a pointer to an edit script or -ENOMEM.
986 *
987 * The caller should lock against other modifications and must continue to hold
988 * the lock until assoc_array_apply_edit() has been called.
989 *
990 * Accesses to the tree may take place concurrently with this function,
991 * provided they hold the RCU read lock.
992 */
993struct assoc_array_edit *assoc_array_insert(struct assoc_array *array,
994 const struct assoc_array_ops *ops,
995 const void *index_key,
996 void *object)
997{
998 struct assoc_array_walk_result result;
999 struct assoc_array_edit *edit;
1000
1001 pr_devel("-->%s()\n", __func__);
1002
1003 /* The leaf pointer we're given must not have the bottom bit set as we
1004 * use those for type-marking the pointer. NULL pointers are also not
1005 * allowed as they indicate an empty slot but we have to allow them
1006 * here as they can be updated later.
1007 */
1008 BUG_ON(assoc_array_ptr_is_meta(object));
1009
1010 edit = kzalloc(sizeof(struct assoc_array_edit), GFP_KERNEL);
1011 if (!edit)
1012 return ERR_PTR(-ENOMEM);
1013 edit->array = array;
1014 edit->ops = ops;
1015 edit->leaf = assoc_array_leaf_to_ptr(object);
1016 edit->adjust_count_by = 1;
1017
1018 switch (assoc_array_walk(array, ops, index_key, &result)) {
1019 case assoc_array_walk_tree_empty:
1020 /* Allocate a root node if there isn't one yet */
1021 if (!assoc_array_insert_in_empty_tree(edit))
1022 goto enomem;
1023 return edit;
1024
1025 case assoc_array_walk_found_terminal_node:
1026 /* We found a node that doesn't have a node/shortcut pointer in
1027 * the slot corresponding to the index key that we have to
1028 * follow.
1029 */
1030 if (!assoc_array_insert_into_terminal_node(edit, ops, index_key,
1031 &result))
1032 goto enomem;
1033 return edit;
1034
1035 case assoc_array_walk_found_wrong_shortcut:
1036 /* We found a shortcut that didn't match our key in a slot we
1037 * needed to follow.
1038 */
1039 if (!assoc_array_insert_mid_shortcut(edit, ops, &result))
1040 goto enomem;
1041 return edit;
1042 }
1043
1044enomem:
1045 /* Clean up after an out of memory error */
1046 pr_devel("enomem\n");
1047 assoc_array_cancel_edit(edit);
1048 return ERR_PTR(-ENOMEM);
1049}
1050
1051/**
1052 * assoc_array_insert_set_object - Set the new object pointer in an edit script
1053 * @edit: The edit script to modify.
1054 * @object: The object pointer to set.
1055 *
1056 * Change the object to be inserted in an edit script. The object pointed to
1057 * by the old object is not freed. This must be done prior to applying the
1058 * script.
1059 */
1060void assoc_array_insert_set_object(struct assoc_array_edit *edit, void *object)
1061{
1062 BUG_ON(!object);
1063 edit->leaf = assoc_array_leaf_to_ptr(object);
1064}
1065
1066struct assoc_array_delete_collapse_context {
1067 struct assoc_array_node *node;
1068 const void *skip_leaf;
1069 int slot;
1070};
1071
1072/*
1073 * Subtree collapse to node iterator.
1074 */
1075static int assoc_array_delete_collapse_iterator(const void *leaf,
1076 void *iterator_data)
1077{
1078 struct assoc_array_delete_collapse_context *collapse = iterator_data;
1079
1080 if (leaf == collapse->skip_leaf)
1081 return 0;
1082
1083 BUG_ON(collapse->slot >= ASSOC_ARRAY_FAN_OUT);
1084
1085 collapse->node->slots[collapse->slot++] = assoc_array_leaf_to_ptr(leaf);
1086 return 0;
1087}
1088
1089/**
1090 * assoc_array_delete - Script deletion of an object from an associative array
1091 * @array: The array to search.
1092 * @ops: The operations to use.
1093 * @index_key: The key to the object.
1094 *
1095 * Precalculate and preallocate a script for the deletion of an object from an
1096 * associative array. This results in an edit script that can either be
1097 * applied or cancelled.
1098 *
1099 * The function returns a pointer to an edit script if the object was found,
1100 * NULL if the object was not found or -ENOMEM.
1101 *
1102 * The caller should lock against other modifications and must continue to hold
1103 * the lock until assoc_array_apply_edit() has been called.
1104 *
1105 * Accesses to the tree may take place concurrently with this function,
1106 * provided they hold the RCU read lock.
1107 */
1108struct assoc_array_edit *assoc_array_delete(struct assoc_array *array,
1109 const struct assoc_array_ops *ops,
1110 const void *index_key)
1111{
1112 struct assoc_array_delete_collapse_context collapse;
1113 struct assoc_array_walk_result result;
1114 struct assoc_array_node *node, *new_n0;
1115 struct assoc_array_edit *edit;
1116 struct assoc_array_ptr *ptr;
1117 bool has_meta;
1118 int slot, i;
1119
1120 pr_devel("-->%s()\n", __func__);
1121
1122 edit = kzalloc(sizeof(struct assoc_array_edit), GFP_KERNEL);
1123 if (!edit)
1124 return ERR_PTR(-ENOMEM);
1125 edit->array = array;
1126 edit->ops = ops;
1127 edit->adjust_count_by = -1;
1128
1129 switch (assoc_array_walk(array, ops, index_key, &result)) {
1130 case assoc_array_walk_found_terminal_node:
1131 /* We found a node that should contain the leaf we've been
1132 * asked to remove - *if* it's in the tree.
1133 */
1134 pr_devel("terminal_node\n");
1135 node = result.terminal_node.node;
1136
1137 for (slot = 0; slot < ASSOC_ARRAY_FAN_OUT; slot++) {
1138 ptr = node->slots[slot];
1139 if (ptr &&
1140 assoc_array_ptr_is_leaf(ptr) &&
1141 ops->compare_object(assoc_array_ptr_to_leaf(ptr),
1142 index_key))
1143 goto found_leaf;
1144 }
1145 case assoc_array_walk_tree_empty:
1146 case assoc_array_walk_found_wrong_shortcut:
1147 default:
1148 assoc_array_cancel_edit(edit);
1149 pr_devel("not found\n");
1150 return NULL;
1151 }
1152
1153found_leaf:
1154 BUG_ON(array->nr_leaves_on_tree <= 0);
1155
1156 /* In the simplest form of deletion we just clear the slot and release
1157 * the leaf after a suitable interval.
1158 */
1159 edit->dead_leaf = node->slots[slot];
1160 edit->set[0].ptr = &node->slots[slot];
1161 edit->set[0].to = NULL;
1162 edit->adjust_count_on = node;
1163
1164 /* If that concludes erasure of the last leaf, then delete the entire
1165 * internal array.
1166 */
1167 if (array->nr_leaves_on_tree == 1) {
1168 edit->set[1].ptr = &array->root;
1169 edit->set[1].to = NULL;
1170 edit->adjust_count_on = NULL;
1171 edit->excised_subtree = array->root;
1172 pr_devel("all gone\n");
1173 return edit;
1174 }
1175
1176 /* However, we'd also like to clear up some metadata blocks if we
1177 * possibly can.
1178 *
1179 * We go for a simple algorithm of: if this node has FAN_OUT or fewer
1180 * leaves in it, then attempt to collapse it - and attempt to
1181 * recursively collapse up the tree.
1182 *
1183 * We could also try and collapse in partially filled subtrees to take
1184 * up space in this node.
1185 */
1186 if (node->nr_leaves_on_branch <= ASSOC_ARRAY_FAN_OUT + 1) {
1187 struct assoc_array_node *parent, *grandparent;
1188 struct assoc_array_ptr *ptr;
1189
1190 /* First of all, we need to know if this node has metadata so
1191 * that we don't try collapsing if all the leaves are already
1192 * here.
1193 */
1194 has_meta = false;
1195 for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) {
1196 ptr = node->slots[i];
1197 if (assoc_array_ptr_is_meta(ptr)) {
1198 has_meta = true;
1199 break;
1200 }
1201 }
1202
1203 pr_devel("leaves: %ld [m=%d]\n",
1204 node->nr_leaves_on_branch - 1, has_meta);
1205
1206 /* Look further up the tree to see if we can collapse this node
1207 * into a more proximal node too.
1208 */
1209 parent = node;
1210 collapse_up:
1211 pr_devel("collapse subtree: %ld\n", parent->nr_leaves_on_branch);
1212
1213 ptr = parent->back_pointer;
1214 if (!ptr)
1215 goto do_collapse;
1216 if (assoc_array_ptr_is_shortcut(ptr)) {
1217 struct assoc_array_shortcut *s = assoc_array_ptr_to_shortcut(ptr);
1218 ptr = s->back_pointer;
1219 if (!ptr)
1220 goto do_collapse;
1221 }
1222
1223 grandparent = assoc_array_ptr_to_node(ptr);
1224 if (grandparent->nr_leaves_on_branch <= ASSOC_ARRAY_FAN_OUT + 1) {
1225 parent = grandparent;
1226 goto collapse_up;
1227 }
1228
1229 do_collapse:
1230 /* There's no point collapsing if the original node has no meta
1231 * pointers to discard and if we didn't merge into one of that
1232 * node's ancestry.
1233 */
1234 if (has_meta || parent != node) {
1235 node = parent;
1236
1237 /* Create a new node to collapse into */
1238 new_n0 = kzalloc(sizeof(struct assoc_array_node), GFP_KERNEL);
1239 if (!new_n0)
1240 goto enomem;
1241 edit->new_meta[0] = assoc_array_node_to_ptr(new_n0);
1242
1243 new_n0->back_pointer = node->back_pointer;
1244 new_n0->parent_slot = node->parent_slot;
1245 new_n0->nr_leaves_on_branch = node->nr_leaves_on_branch;
1246 edit->adjust_count_on = new_n0;
1247
1248 collapse.node = new_n0;
1249 collapse.skip_leaf = assoc_array_ptr_to_leaf(edit->dead_leaf);
1250 collapse.slot = 0;
1251 assoc_array_subtree_iterate(assoc_array_node_to_ptr(node),
1252 node->back_pointer,
1253 assoc_array_delete_collapse_iterator,
1254 &collapse);
1255 pr_devel("collapsed %d,%lu\n", collapse.slot, new_n0->nr_leaves_on_branch);
1256 BUG_ON(collapse.slot != new_n0->nr_leaves_on_branch - 1);
1257
1258 if (!node->back_pointer) {
1259 edit->set[1].ptr = &array->root;
1260 } else if (assoc_array_ptr_is_leaf(node->back_pointer)) {
1261 BUG();
1262 } else if (assoc_array_ptr_is_node(node->back_pointer)) {
1263 struct assoc_array_node *p =
1264 assoc_array_ptr_to_node(node->back_pointer);
1265 edit->set[1].ptr = &p->slots[node->parent_slot];
1266 } else if (assoc_array_ptr_is_shortcut(node->back_pointer)) {
1267 struct assoc_array_shortcut *s =
1268 assoc_array_ptr_to_shortcut(node->back_pointer);
1269 edit->set[1].ptr = &s->next_node;
1270 }
1271 edit->set[1].to = assoc_array_node_to_ptr(new_n0);
1272 edit->excised_subtree = assoc_array_node_to_ptr(node);
1273 }
1274 }
1275
1276 return edit;
1277
1278enomem:
1279 /* Clean up after an out of memory error */
1280 pr_devel("enomem\n");
1281 assoc_array_cancel_edit(edit);
1282 return ERR_PTR(-ENOMEM);
1283}
1284
1285/**
1286 * assoc_array_clear - Script deletion of all objects from an associative array
1287 * @array: The array to clear.
1288 * @ops: The operations to use.
1289 *
1290 * Precalculate and preallocate a script for the deletion of all the objects
1291 * from an associative array. This results in an edit script that can either
1292 * be applied or cancelled.
1293 *
1294 * The function returns a pointer to an edit script if there are objects to be
1295 * deleted, NULL if there are no objects in the array or -ENOMEM.
1296 *
1297 * The caller should lock against other modifications and must continue to hold
1298 * the lock until assoc_array_apply_edit() has been called.
1299 *
1300 * Accesses to the tree may take place concurrently with this function,
1301 * provided they hold the RCU read lock.
1302 */
1303struct assoc_array_edit *assoc_array_clear(struct assoc_array *array,
1304 const struct assoc_array_ops *ops)
1305{
1306 struct assoc_array_edit *edit;
1307
1308 pr_devel("-->%s()\n", __func__);
1309
1310 if (!array->root)
1311 return NULL;
1312
1313 edit = kzalloc(sizeof(struct assoc_array_edit), GFP_KERNEL);
1314 if (!edit)
1315 return ERR_PTR(-ENOMEM);
1316 edit->array = array;
1317 edit->ops = ops;
1318 edit->set[1].ptr = &array->root;
1319 edit->set[1].to = NULL;
1320 edit->excised_subtree = array->root;
1321 edit->ops_for_excised_subtree = ops;
1322 pr_devel("all gone\n");
1323 return edit;
1324}
1325
1326/*
1327 * Handle the deferred destruction after an applied edit.
1328 */
1329static void assoc_array_rcu_cleanup(struct rcu_head *head)
1330{
1331 struct assoc_array_edit *edit =
1332 container_of(head, struct assoc_array_edit, rcu);
1333 int i;
1334
1335 pr_devel("-->%s()\n", __func__);
1336
1337 if (edit->dead_leaf)
1338 edit->ops->free_object(assoc_array_ptr_to_leaf(edit->dead_leaf));
1339 for (i = 0; i < ARRAY_SIZE(edit->excised_meta); i++)
1340 if (edit->excised_meta[i])
1341 kfree(assoc_array_ptr_to_node(edit->excised_meta[i]));
1342
1343 if (edit->excised_subtree) {
1344 BUG_ON(assoc_array_ptr_is_leaf(edit->excised_subtree));
1345 if (assoc_array_ptr_is_node(edit->excised_subtree)) {
1346 struct assoc_array_node *n =
1347 assoc_array_ptr_to_node(edit->excised_subtree);
1348 n->back_pointer = NULL;
1349 } else {
1350 struct assoc_array_shortcut *s =
1351 assoc_array_ptr_to_shortcut(edit->excised_subtree);
1352 s->back_pointer = NULL;
1353 }
1354 assoc_array_destroy_subtree(edit->excised_subtree,
1355 edit->ops_for_excised_subtree);
1356 }
1357
1358 kfree(edit);
1359}
1360
1361/**
1362 * assoc_array_apply_edit - Apply an edit script to an associative array
1363 * @edit: The script to apply.
1364 *
1365 * Apply an edit script to an associative array to effect an insertion,
1366 * deletion or clearance. As the edit script includes preallocated memory,
1367 * this is guaranteed not to fail.
1368 *
1369 * The edit script, dead objects and dead metadata will be scheduled for
1370 * destruction after an RCU grace period to permit those doing read-only
1371 * accesses on the array to continue to do so under the RCU read lock whilst
1372 * the edit is taking place.
1373 */
1374void assoc_array_apply_edit(struct assoc_array_edit *edit)
1375{
1376 struct assoc_array_shortcut *shortcut;
1377 struct assoc_array_node *node;
1378 struct assoc_array_ptr *ptr;
1379 int i;
1380
1381 pr_devel("-->%s()\n", __func__);
1382
1383 smp_wmb();
1384 if (edit->leaf_p)
1385 *edit->leaf_p = edit->leaf;
1386
1387 smp_wmb();
1388 for (i = 0; i < ARRAY_SIZE(edit->set_parent_slot); i++)
1389 if (edit->set_parent_slot[i].p)
1390 *edit->set_parent_slot[i].p = edit->set_parent_slot[i].to;
1391
1392 smp_wmb();
1393 for (i = 0; i < ARRAY_SIZE(edit->set_backpointers); i++)
1394 if (edit->set_backpointers[i])
1395 *edit->set_backpointers[i] = edit->set_backpointers_to;
1396
1397 smp_wmb();
1398 for (i = 0; i < ARRAY_SIZE(edit->set); i++)
1399 if (edit->set[i].ptr)
1400 *edit->set[i].ptr = edit->set[i].to;
1401
1402 if (edit->array->root == NULL) {
1403 edit->array->nr_leaves_on_tree = 0;
1404 } else if (edit->adjust_count_on) {
1405 node = edit->adjust_count_on;
1406 for (;;) {
1407 node->nr_leaves_on_branch += edit->adjust_count_by;
1408
1409 ptr = node->back_pointer;
1410 if (!ptr)
1411 break;
1412 if (assoc_array_ptr_is_shortcut(ptr)) {
1413 shortcut = assoc_array_ptr_to_shortcut(ptr);
1414 ptr = shortcut->back_pointer;
1415 if (!ptr)
1416 break;
1417 }
1418 BUG_ON(!assoc_array_ptr_is_node(ptr));
1419 node = assoc_array_ptr_to_node(ptr);
1420 }
1421
1422 edit->array->nr_leaves_on_tree += edit->adjust_count_by;
1423 }
1424
1425 call_rcu(&edit->rcu, assoc_array_rcu_cleanup);
1426}
1427
1428/**
1429 * assoc_array_cancel_edit - Discard an edit script.
1430 * @edit: The script to discard.
1431 *
1432 * Free an edit script and all the preallocated data it holds without making
1433 * any changes to the associative array it was intended for.
1434 *
1435 * NOTE! In the case of an insertion script, this does _not_ release the leaf
1436 * that was to be inserted. That is left to the caller.
1437 */
1438void assoc_array_cancel_edit(struct assoc_array_edit *edit)
1439{
1440 struct assoc_array_ptr *ptr;
1441 int i;
1442
1443 pr_devel("-->%s()\n", __func__);
1444
1445 /* Clean up after an out of memory error */
1446 for (i = 0; i < ARRAY_SIZE(edit->new_meta); i++) {
1447 ptr = edit->new_meta[i];
1448 if (ptr) {
1449 if (assoc_array_ptr_is_node(ptr))
1450 kfree(assoc_array_ptr_to_node(ptr));
1451 else
1452 kfree(assoc_array_ptr_to_shortcut(ptr));
1453 }
1454 }
1455 kfree(edit);
1456}
1457
1458/**
1459 * assoc_array_gc - Garbage collect an associative array.
1460 * @array: The array to clean.
1461 * @ops: The operations to use.
1462 * @iterator: A callback function to pass judgement on each object.
1463 * @iterator_data: Private data for the callback function.
1464 *
1465 * Collect garbage from an associative array and pack down the internal tree to
1466 * save memory.
1467 *
1468 * The iterator function is asked to pass judgement upon each object in the
1469 * array. If it returns false, the object is discard and if it returns true,
1470 * the object is kept. If it returns true, it must increment the object's
1471 * usage count (or whatever it needs to do to retain it) before returning.
1472 *
1473 * This function returns 0 if successful or -ENOMEM if out of memory. In the
1474 * latter case, the array is not changed.
1475 *
1476 * The caller should lock against other modifications and must continue to hold
1477 * the lock until assoc_array_apply_edit() has been called.
1478 *
1479 * Accesses to the tree may take place concurrently with this function,
1480 * provided they hold the RCU read lock.
1481 */
1482int assoc_array_gc(struct assoc_array *array,
1483 const struct assoc_array_ops *ops,
1484 bool (*iterator)(void *object, void *iterator_data),
1485 void *iterator_data)
1486{
1487 struct assoc_array_shortcut *shortcut, *new_s;
1488 struct assoc_array_node *node, *new_n;
1489 struct assoc_array_edit *edit;
1490 struct assoc_array_ptr *cursor, *ptr;
1491 struct assoc_array_ptr *new_root, *new_parent, **new_ptr_pp;
1492 unsigned long nr_leaves_on_tree;
1493 int keylen, slot, nr_free, next_slot, i;
1494
1495 pr_devel("-->%s()\n", __func__);
1496
1497 if (!array->root)
1498 return 0;
1499
1500 edit = kzalloc(sizeof(struct assoc_array_edit), GFP_KERNEL);
1501 if (!edit)
1502 return -ENOMEM;
1503 edit->array = array;
1504 edit->ops = ops;
1505 edit->ops_for_excised_subtree = ops;
1506 edit->set[0].ptr = &array->root;
1507 edit->excised_subtree = array->root;
1508
1509 new_root = new_parent = NULL;
1510 new_ptr_pp = &new_root;
1511 cursor = array->root;
1512
1513descend:
1514 /* If this point is a shortcut, then we need to duplicate it and
1515 * advance the target cursor.
1516 */
1517 if (assoc_array_ptr_is_shortcut(cursor)) {
1518 shortcut = assoc_array_ptr_to_shortcut(cursor);
1519 keylen = round_up(shortcut->skip_to_level, ASSOC_ARRAY_KEY_CHUNK_SIZE);
1520 keylen >>= ASSOC_ARRAY_KEY_CHUNK_SHIFT;
1521 new_s = kmalloc(sizeof(struct assoc_array_shortcut) +
1522 keylen * sizeof(unsigned long), GFP_KERNEL);
1523 if (!new_s)
1524 goto enomem;
1525 pr_devel("dup shortcut %p -> %p\n", shortcut, new_s);
1526 memcpy(new_s, shortcut, (sizeof(struct assoc_array_shortcut) +
1527 keylen * sizeof(unsigned long)));
1528 new_s->back_pointer = new_parent;
1529 new_s->parent_slot = shortcut->parent_slot;
1530 *new_ptr_pp = new_parent = assoc_array_shortcut_to_ptr(new_s);
1531 new_ptr_pp = &new_s->next_node;
1532 cursor = shortcut->next_node;
1533 }
1534
1535 /* Duplicate the node at this position */
1536 node = assoc_array_ptr_to_node(cursor);
1537 new_n = kzalloc(sizeof(struct assoc_array_node), GFP_KERNEL);
1538 if (!new_n)
1539 goto enomem;
1540 pr_devel("dup node %p -> %p\n", node, new_n);
1541 new_n->back_pointer = new_parent;
1542 new_n->parent_slot = node->parent_slot;
1543 *new_ptr_pp = new_parent = assoc_array_node_to_ptr(new_n);
1544 new_ptr_pp = NULL;
1545 slot = 0;
1546
1547continue_node:
1548 /* Filter across any leaves and gc any subtrees */
1549 for (; slot < ASSOC_ARRAY_FAN_OUT; slot++) {
1550 ptr = node->slots[slot];
1551 if (!ptr)
1552 continue;
1553
1554 if (assoc_array_ptr_is_leaf(ptr)) {
1555 if (iterator(assoc_array_ptr_to_leaf(ptr),
1556 iterator_data))
1557 /* The iterator will have done any reference
1558 * counting on the object for us.
1559 */
1560 new_n->slots[slot] = ptr;
1561 continue;
1562 }
1563
1564 new_ptr_pp = &new_n->slots[slot];
1565 cursor = ptr;
1566 goto descend;
1567 }
1568
1569 pr_devel("-- compress node %p --\n", new_n);
1570
1571 /* Count up the number of empty slots in this node and work out the
1572 * subtree leaf count.
1573 */
1574 new_n->nr_leaves_on_branch = 0;
1575 nr_free = 0;
1576 for (slot = 0; slot < ASSOC_ARRAY_FAN_OUT; slot++) {
1577 ptr = new_n->slots[slot];
1578 if (!ptr)
1579 nr_free++;
1580 else if (assoc_array_ptr_is_leaf(ptr))
1581 new_n->nr_leaves_on_branch++;
1582 }
1583 pr_devel("free=%d, leaves=%lu\n", nr_free, new_n->nr_leaves_on_branch);
1584
1585 /* See what we can fold in */
1586 next_slot = 0;
1587 for (slot = 0; slot < ASSOC_ARRAY_FAN_OUT; slot++) {
1588 struct assoc_array_shortcut *s;
1589 struct assoc_array_node *child;
1590
1591 ptr = new_n->slots[slot];
1592 if (!ptr || assoc_array_ptr_is_leaf(ptr))
1593 continue;
1594
1595 s = NULL;
1596 if (assoc_array_ptr_is_shortcut(ptr)) {
1597 s = assoc_array_ptr_to_shortcut(ptr);
1598 ptr = s->next_node;
1599 }
1600
1601 child = assoc_array_ptr_to_node(ptr);
1602 new_n->nr_leaves_on_branch += child->nr_leaves_on_branch;
1603
1604 if (child->nr_leaves_on_branch <= nr_free + 1) {
1605 /* Fold the child node into this one */
1606 pr_devel("[%d] fold node %lu/%d [nx %d]\n",
1607 slot, child->nr_leaves_on_branch, nr_free + 1,
1608 next_slot);
1609
1610 /* We would already have reaped an intervening shortcut
1611 * on the way back up the tree.
1612 */
1613 BUG_ON(s);
1614
1615 new_n->slots[slot] = NULL;
1616 nr_free++;
1617 if (slot < next_slot)
1618 next_slot = slot;
1619 for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) {
1620 struct assoc_array_ptr *p = child->slots[i];
1621 if (!p)
1622 continue;
1623 BUG_ON(assoc_array_ptr_is_meta(p));
1624 while (new_n->slots[next_slot])
1625 next_slot++;
1626 BUG_ON(next_slot >= ASSOC_ARRAY_FAN_OUT);
1627 new_n->slots[next_slot++] = p;
1628 nr_free--;
1629 }
1630 kfree(child);
1631 } else {
1632 pr_devel("[%d] retain node %lu/%d [nx %d]\n",
1633 slot, child->nr_leaves_on_branch, nr_free + 1,
1634 next_slot);
1635 }
1636 }
1637
1638 pr_devel("after: %lu\n", new_n->nr_leaves_on_branch);
1639
1640 nr_leaves_on_tree = new_n->nr_leaves_on_branch;
1641
1642 /* Excise this node if it is singly occupied by a shortcut */
1643 if (nr_free == ASSOC_ARRAY_FAN_OUT - 1) {
1644 for (slot = 0; slot < ASSOC_ARRAY_FAN_OUT; slot++)
1645 if ((ptr = new_n->slots[slot]))
1646 break;
1647
1648 if (assoc_array_ptr_is_meta(ptr) &&
1649 assoc_array_ptr_is_shortcut(ptr)) {
1650 pr_devel("excise node %p with 1 shortcut\n", new_n);
1651 new_s = assoc_array_ptr_to_shortcut(ptr);
1652 new_parent = new_n->back_pointer;
1653 slot = new_n->parent_slot;
1654 kfree(new_n);
1655 if (!new_parent) {
1656 new_s->back_pointer = NULL;
1657 new_s->parent_slot = 0;
1658 new_root = ptr;
1659 goto gc_complete;
1660 }
1661
1662 if (assoc_array_ptr_is_shortcut(new_parent)) {
1663 /* We can discard any preceding shortcut also */
1664 struct assoc_array_shortcut *s =
1665 assoc_array_ptr_to_shortcut(new_parent);
1666
1667 pr_devel("excise preceding shortcut\n");
1668
1669 new_parent = new_s->back_pointer = s->back_pointer;
1670 slot = new_s->parent_slot = s->parent_slot;
1671 kfree(s);
1672 if (!new_parent) {
1673 new_s->back_pointer = NULL;
1674 new_s->parent_slot = 0;
1675 new_root = ptr;
1676 goto gc_complete;
1677 }
1678 }
1679
1680 new_s->back_pointer = new_parent;
1681 new_s->parent_slot = slot;
1682 new_n = assoc_array_ptr_to_node(new_parent);
1683 new_n->slots[slot] = ptr;
1684 goto ascend_old_tree;
1685 }
1686 }
1687
1688 /* Excise any shortcuts we might encounter that point to nodes that
1689 * only contain leaves.
1690 */
1691 ptr = new_n->back_pointer;
1692 if (!ptr)
1693 goto gc_complete;
1694
1695 if (assoc_array_ptr_is_shortcut(ptr)) {
1696 new_s = assoc_array_ptr_to_shortcut(ptr);
1697 new_parent = new_s->back_pointer;
1698 slot = new_s->parent_slot;
1699
1700 if (new_n->nr_leaves_on_branch <= ASSOC_ARRAY_FAN_OUT) {
1701 struct assoc_array_node *n;
1702
1703 pr_devel("excise shortcut\n");
1704 new_n->back_pointer = new_parent;
1705 new_n->parent_slot = slot;
1706 kfree(new_s);
1707 if (!new_parent) {
1708 new_root = assoc_array_node_to_ptr(new_n);
1709 goto gc_complete;
1710 }
1711
1712 n = assoc_array_ptr_to_node(new_parent);
1713 n->slots[slot] = assoc_array_node_to_ptr(new_n);
1714 }
1715 } else {
1716 new_parent = ptr;
1717 }
1718 new_n = assoc_array_ptr_to_node(new_parent);
1719
1720ascend_old_tree:
1721 ptr = node->back_pointer;
1722 if (assoc_array_ptr_is_shortcut(ptr)) {
1723 shortcut = assoc_array_ptr_to_shortcut(ptr);
1724 slot = shortcut->parent_slot;
1725 cursor = shortcut->back_pointer;
1726 } else {
1727 slot = node->parent_slot;
1728 cursor = ptr;
1729 }
1730 BUG_ON(!ptr);
1731 node = assoc_array_ptr_to_node(cursor);
1732 slot++;
1733 goto continue_node;
1734
1735gc_complete:
1736 edit->set[0].to = new_root;
1737 assoc_array_apply_edit(edit);
1738 edit->array->nr_leaves_on_tree = nr_leaves_on_tree;
1739 return 0;
1740
1741enomem:
1742 pr_devel("enomem\n");
1743 assoc_array_destroy_subtree(new_root, edit->ops);
1744 kfree(edit);
1745 return -ENOMEM;
1746}
diff --git a/lib/mpi/mpiutil.c b/lib/mpi/mpiutil.c
index 657979f71bef..bf076d281d40 100644
--- a/lib/mpi/mpiutil.c
+++ b/lib/mpi/mpiutil.c
@@ -121,3 +121,6 @@ void mpi_free(MPI a)
121 kfree(a); 121 kfree(a);
122} 122}
123EXPORT_SYMBOL_GPL(mpi_free); 123EXPORT_SYMBOL_GPL(mpi_free);
124
125MODULE_DESCRIPTION("Multiprecision maths library");
126MODULE_LICENSE("GPL");
diff --git a/scripts/asn1_compiler.c b/scripts/asn1_compiler.c
index db0e5cd34c70..91c4117637ae 100644
--- a/scripts/asn1_compiler.c
+++ b/scripts/asn1_compiler.c
@@ -1353,6 +1353,8 @@ static void render_out_of_line_list(FILE *out)
1353 render_opcode(out, "ASN1_OP_END_SET_OF%s,\n", act); 1353 render_opcode(out, "ASN1_OP_END_SET_OF%s,\n", act);
1354 render_opcode(out, "_jump_target(%u),\n", entry); 1354 render_opcode(out, "_jump_target(%u),\n", entry);
1355 break; 1355 break;
1356 default:
1357 break;
1356 } 1358 }
1357 if (e->action) 1359 if (e->action)
1358 render_opcode(out, "_action(ACT_%s),\n", 1360 render_opcode(out, "_action(ACT_%s),\n",
diff --git a/security/Makefile b/security/Makefile
index c26c81e92571..a5918e01a4f7 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -16,7 +16,6 @@ obj-$(CONFIG_MMU) += min_addr.o
16# Object file lists 16# Object file lists
17obj-$(CONFIG_SECURITY) += security.o capability.o 17obj-$(CONFIG_SECURITY) += security.o capability.o
18obj-$(CONFIG_SECURITYFS) += inode.o 18obj-$(CONFIG_SECURITYFS) += inode.o
19# Must precede capability.o in order to stack properly.
20obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o 19obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
21obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o 20obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o
22obj-$(CONFIG_AUDIT) += lsm_audit.o 21obj-$(CONFIG_AUDIT) += lsm_audit.o
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index 031d2d9dd695..89c78658031f 100644
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -111,7 +111,6 @@ static const char *const aa_audit_type[] = {
111static void audit_pre(struct audit_buffer *ab, void *ca) 111static void audit_pre(struct audit_buffer *ab, void *ca)
112{ 112{
113 struct common_audit_data *sa = ca; 113 struct common_audit_data *sa = ca;
114 struct task_struct *tsk = sa->aad->tsk ? sa->aad->tsk : current;
115 114
116 if (aa_g_audit_header) { 115 if (aa_g_audit_header) {
117 audit_log_format(ab, "apparmor="); 116 audit_log_format(ab, "apparmor=");
@@ -132,11 +131,6 @@ static void audit_pre(struct audit_buffer *ab, void *ca)
132 131
133 if (sa->aad->profile) { 132 if (sa->aad->profile) {
134 struct aa_profile *profile = sa->aad->profile; 133 struct aa_profile *profile = sa->aad->profile;
135 pid_t pid;
136 rcu_read_lock();
137 pid = rcu_dereference(tsk->real_parent)->pid;
138 rcu_read_unlock();
139 audit_log_format(ab, " parent=%d", pid);
140 if (profile->ns != root_ns) { 134 if (profile->ns != root_ns) {
141 audit_log_format(ab, " namespace="); 135 audit_log_format(ab, " namespace=");
142 audit_log_untrustedstring(ab, profile->ns->base.hname); 136 audit_log_untrustedstring(ab, profile->ns->base.hname);
@@ -149,12 +143,6 @@ static void audit_pre(struct audit_buffer *ab, void *ca)
149 audit_log_format(ab, " name="); 143 audit_log_format(ab, " name=");
150 audit_log_untrustedstring(ab, sa->aad->name); 144 audit_log_untrustedstring(ab, sa->aad->name);
151 } 145 }
152
153 if (sa->aad->tsk) {
154 audit_log_format(ab, " pid=%d comm=", tsk->pid);
155 audit_log_untrustedstring(ab, tsk->comm);
156 }
157
158} 146}
159 147
160/** 148/**
@@ -212,7 +200,7 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
212 200
213 if (sa->aad->type == AUDIT_APPARMOR_KILL) 201 if (sa->aad->type == AUDIT_APPARMOR_KILL)
214 (void)send_sig_info(SIGKILL, NULL, 202 (void)send_sig_info(SIGKILL, NULL,
215 sa->aad->tsk ? sa->aad->tsk : current); 203 sa->u.tsk ? sa->u.tsk : current);
216 204
217 if (sa->aad->type == AUDIT_APPARMOR_ALLOWED) 205 if (sa->aad->type == AUDIT_APPARMOR_ALLOWED)
218 return complain_error(sa->aad->error); 206 return complain_error(sa->aad->error);
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
index 84d1f5f53877..1101c6f64bb7 100644
--- a/security/apparmor/capability.c
+++ b/security/apparmor/capability.c
@@ -53,8 +53,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
53 53
54/** 54/**
55 * audit_caps - audit a capability 55 * audit_caps - audit a capability
56 * @profile: profile confining task (NOT NULL) 56 * @profile: profile being tested for confinement (NOT NULL)
57 * @task: task capability test was performed against (NOT NULL)
58 * @cap: capability tested 57 * @cap: capability tested
59 * @error: error code returned by test 58 * @error: error code returned by test
60 * 59 *
@@ -63,8 +62,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
63 * 62 *
64 * Returns: 0 or sa->error on success, error code on failure 63 * Returns: 0 or sa->error on success, error code on failure
65 */ 64 */
66static int audit_caps(struct aa_profile *profile, struct task_struct *task, 65static int audit_caps(struct aa_profile *profile, int cap, int error)
67 int cap, int error)
68{ 66{
69 struct audit_cache *ent; 67 struct audit_cache *ent;
70 int type = AUDIT_APPARMOR_AUTO; 68 int type = AUDIT_APPARMOR_AUTO;
@@ -73,7 +71,6 @@ static int audit_caps(struct aa_profile *profile, struct task_struct *task,
73 sa.type = LSM_AUDIT_DATA_CAP; 71 sa.type = LSM_AUDIT_DATA_CAP;
74 sa.aad = &aad; 72 sa.aad = &aad;
75 sa.u.cap = cap; 73 sa.u.cap = cap;
76 sa.aad->tsk = task;
77 sa.aad->op = OP_CAPABLE; 74 sa.aad->op = OP_CAPABLE;
78 sa.aad->error = error; 75 sa.aad->error = error;
79 76
@@ -124,8 +121,7 @@ static int profile_capable(struct aa_profile *profile, int cap)
124 121
125/** 122/**
126 * aa_capable - test permission to use capability 123 * aa_capable - test permission to use capability
127 * @task: task doing capability test against (NOT NULL) 124 * @profile: profile being tested against (NOT NULL)
128 * @profile: profile confining @task (NOT NULL)
129 * @cap: capability to be tested 125 * @cap: capability to be tested
130 * @audit: whether an audit record should be generated 126 * @audit: whether an audit record should be generated
131 * 127 *
@@ -133,8 +129,7 @@ static int profile_capable(struct aa_profile *profile, int cap)
133 * 129 *
134 * Returns: 0 on success, or else an error code. 130 * Returns: 0 on success, or else an error code.
135 */ 131 */
136int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap, 132int aa_capable(struct aa_profile *profile, int cap, int audit)
137 int audit)
138{ 133{
139 int error = profile_capable(profile, cap); 134 int error = profile_capable(profile, cap);
140 135
@@ -144,5 +139,5 @@ int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap,
144 return error; 139 return error;
145 } 140 }
146 141
147 return audit_caps(profile, task, cap, error); 142 return audit_caps(profile, cap, error);
148} 143}
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 26c607c971f5..452567d3a08e 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -50,23 +50,21 @@ void aa_free_domain_entries(struct aa_domain *domain)
50 50
51/** 51/**
52 * may_change_ptraced_domain - check if can change profile on ptraced task 52 * may_change_ptraced_domain - check if can change profile on ptraced task
53 * @task: task we want to change profile of (NOT NULL)
54 * @to_profile: profile to change to (NOT NULL) 53 * @to_profile: profile to change to (NOT NULL)
55 * 54 *
56 * Check if the task is ptraced and if so if the tracing task is allowed 55 * Check if current is ptraced and if so if the tracing task is allowed
57 * to trace the new domain 56 * to trace the new domain
58 * 57 *
59 * Returns: %0 or error if change not allowed 58 * Returns: %0 or error if change not allowed
60 */ 59 */
61static int may_change_ptraced_domain(struct task_struct *task, 60static int may_change_ptraced_domain(struct aa_profile *to_profile)
62 struct aa_profile *to_profile)
63{ 61{
64 struct task_struct *tracer; 62 struct task_struct *tracer;
65 struct aa_profile *tracerp = NULL; 63 struct aa_profile *tracerp = NULL;
66 int error = 0; 64 int error = 0;
67 65
68 rcu_read_lock(); 66 rcu_read_lock();
69 tracer = ptrace_parent(task); 67 tracer = ptrace_parent(current);
70 if (tracer) 68 if (tracer)
71 /* released below */ 69 /* released below */
72 tracerp = aa_get_task_profile(tracer); 70 tracerp = aa_get_task_profile(tracer);
@@ -75,7 +73,7 @@ static int may_change_ptraced_domain(struct task_struct *task,
75 if (!tracer || unconfined(tracerp)) 73 if (!tracer || unconfined(tracerp))
76 goto out; 74 goto out;
77 75
78 error = aa_may_ptrace(tracer, tracerp, to_profile, PTRACE_MODE_ATTACH); 76 error = aa_may_ptrace(tracerp, to_profile, PTRACE_MODE_ATTACH);
79 77
80out: 78out:
81 rcu_read_unlock(); 79 rcu_read_unlock();
@@ -477,7 +475,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
477 } 475 }
478 476
479 if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { 477 if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
480 error = may_change_ptraced_domain(current, new_profile); 478 error = may_change_ptraced_domain(new_profile);
481 if (error) { 479 if (error) {
482 aa_put_profile(new_profile); 480 aa_put_profile(new_profile);
483 goto audit; 481 goto audit;
@@ -690,7 +688,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)
690 } 688 }
691 } 689 }
692 690
693 error = may_change_ptraced_domain(current, hat); 691 error = may_change_ptraced_domain(hat);
694 if (error) { 692 if (error) {
695 info = "ptraced"; 693 info = "ptraced";
696 error = -EPERM; 694 error = -EPERM;
@@ -829,7 +827,7 @@ int aa_change_profile(const char *ns_name, const char *hname, bool onexec,
829 } 827 }
830 828
831 /* check if tracing task is allowed to trace target domain */ 829 /* check if tracing task is allowed to trace target domain */
832 error = may_change_ptraced_domain(current, target); 830 error = may_change_ptraced_domain(target);
833 if (error) { 831 if (error) {
834 info = "ptrace prevents transition"; 832 info = "ptrace prevents transition";
835 goto audit; 833 goto audit;
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
index 30e8d7687259..ba3dfd17f23f 100644
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -109,7 +109,6 @@ struct apparmor_audit_data {
109 void *profile; 109 void *profile;
110 const char *name; 110 const char *name;
111 const char *info; 111 const char *info;
112 struct task_struct *tsk;
113 union { 112 union {
114 void *target; 113 void *target;
115 struct { 114 struct {
diff --git a/security/apparmor/include/capability.h b/security/apparmor/include/capability.h
index 2e7c9d6a2f3b..fc3fa381d850 100644
--- a/security/apparmor/include/capability.h
+++ b/security/apparmor/include/capability.h
@@ -4,7 +4,7 @@
4 * This file contains AppArmor capability mediation definitions. 4 * This file contains AppArmor capability mediation definitions.
5 * 5 *
6 * Copyright (C) 1998-2008 Novell/SUSE 6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd. 7 * Copyright 2009-2013 Canonical Ltd.
8 * 8 *
9 * This program is free software; you can redistribute it and/or 9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as 10 * modify it under the terms of the GNU General Public License as
@@ -38,8 +38,7 @@ struct aa_caps {
38 38
39extern struct aa_fs_entry aa_fs_entry_caps[]; 39extern struct aa_fs_entry aa_fs_entry_caps[];
40 40
41int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap, 41int aa_capable(struct aa_profile *profile, int cap, int audit);
42 int audit);
43 42
44static inline void aa_free_cap_rules(struct aa_caps *caps) 43static inline void aa_free_cap_rules(struct aa_caps *caps)
45{ 44{
diff --git a/security/apparmor/include/ipc.h b/security/apparmor/include/ipc.h
index aeda0fbc8b2f..288ca76e2fb1 100644
--- a/security/apparmor/include/ipc.h
+++ b/security/apparmor/include/ipc.h
@@ -19,8 +19,8 @@
19 19
20struct aa_profile; 20struct aa_profile;
21 21
22int aa_may_ptrace(struct task_struct *tracer_task, struct aa_profile *tracer, 22int aa_may_ptrace(struct aa_profile *tracer, struct aa_profile *tracee,
23 struct aa_profile *tracee, unsigned int mode); 23 unsigned int mode);
24 24
25int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee, 25int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee,
26 unsigned int mode); 26 unsigned int mode);
diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c
index c51d2266587e..777ac1c47253 100644
--- a/security/apparmor/ipc.c
+++ b/security/apparmor/ipc.c
@@ -54,15 +54,14 @@ static int aa_audit_ptrace(struct aa_profile *profile,
54 54
55/** 55/**
56 * aa_may_ptrace - test if tracer task can trace the tracee 56 * aa_may_ptrace - test if tracer task can trace the tracee
57 * @tracer_task: task who will do the tracing (NOT NULL)
58 * @tracer: profile of the task doing the tracing (NOT NULL) 57 * @tracer: profile of the task doing the tracing (NOT NULL)
59 * @tracee: task to be traced 58 * @tracee: task to be traced
60 * @mode: whether PTRACE_MODE_READ || PTRACE_MODE_ATTACH 59 * @mode: whether PTRACE_MODE_READ || PTRACE_MODE_ATTACH
61 * 60 *
62 * Returns: %0 else error code if permission denied or error 61 * Returns: %0 else error code if permission denied or error
63 */ 62 */
64int aa_may_ptrace(struct task_struct *tracer_task, struct aa_profile *tracer, 63int aa_may_ptrace(struct aa_profile *tracer, struct aa_profile *tracee,
65 struct aa_profile *tracee, unsigned int mode) 64 unsigned int mode)
66{ 65{
67 /* TODO: currently only based on capability, not extended ptrace 66 /* TODO: currently only based on capability, not extended ptrace
68 * rules, 67 * rules,
@@ -72,7 +71,7 @@ int aa_may_ptrace(struct task_struct *tracer_task, struct aa_profile *tracer,
72 if (unconfined(tracer) || tracer == tracee) 71 if (unconfined(tracer) || tracer == tracee)
73 return 0; 72 return 0;
74 /* log this capability request */ 73 /* log this capability request */
75 return aa_capable(tracer_task, tracer, CAP_SYS_PTRACE, 1); 74 return aa_capable(tracer, CAP_SYS_PTRACE, 1);
76} 75}
77 76
78/** 77/**
@@ -101,7 +100,7 @@ int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee,
101 if (!unconfined(tracer_p)) { 100 if (!unconfined(tracer_p)) {
102 struct aa_profile *tracee_p = aa_get_task_profile(tracee); 101 struct aa_profile *tracee_p = aa_get_task_profile(tracee);
103 102
104 error = aa_may_ptrace(tracer, tracer_p, tracee_p, mode); 103 error = aa_may_ptrace(tracer_p, tracee_p, mode);
105 error = aa_audit_ptrace(tracer_p, tracee_p, error); 104 error = aa_audit_ptrace(tracer_p, tracee_p, error);
106 105
107 aa_put_profile(tracee_p); 106 aa_put_profile(tracee_p);
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index fb99e18123b4..4257b7e2796b 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -145,7 +145,7 @@ static int apparmor_capable(const struct cred *cred, struct user_namespace *ns,
145 if (!error) { 145 if (!error) {
146 profile = aa_cred_profile(cred); 146 profile = aa_cred_profile(cred);
147 if (!unconfined(profile)) 147 if (!unconfined(profile))
148 error = aa_capable(current, profile, cap, audit); 148 error = aa_capable(profile, cap, audit);
149 } 149 }
150 return error; 150 return error;
151} 151}
diff --git a/security/capability.c b/security/capability.c
index dbeb9bc27b24..8b4f24ae4338 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -777,9 +777,15 @@ static int cap_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx)
777 return 0; 777 return 0;
778} 778}
779 779
780static int cap_xfrm_state_alloc_security(struct xfrm_state *x, 780static int cap_xfrm_state_alloc(struct xfrm_state *x,
781 struct xfrm_user_sec_ctx *sec_ctx, 781 struct xfrm_user_sec_ctx *sec_ctx)
782 u32 secid) 782{
783 return 0;
784}
785
786static int cap_xfrm_state_alloc_acquire(struct xfrm_state *x,
787 struct xfrm_sec_ctx *polsec,
788 u32 secid)
783{ 789{
784 return 0; 790 return 0;
785} 791}
@@ -1101,7 +1107,8 @@ void __init security_fixup_ops(struct security_operations *ops)
1101 set_to_cap_if_null(ops, xfrm_policy_clone_security); 1107 set_to_cap_if_null(ops, xfrm_policy_clone_security);
1102 set_to_cap_if_null(ops, xfrm_policy_free_security); 1108 set_to_cap_if_null(ops, xfrm_policy_free_security);
1103 set_to_cap_if_null(ops, xfrm_policy_delete_security); 1109 set_to_cap_if_null(ops, xfrm_policy_delete_security);
1104 set_to_cap_if_null(ops, xfrm_state_alloc_security); 1110 set_to_cap_if_null(ops, xfrm_state_alloc);
1111 set_to_cap_if_null(ops, xfrm_state_alloc_acquire);
1105 set_to_cap_if_null(ops, xfrm_state_free_security); 1112 set_to_cap_if_null(ops, xfrm_state_free_security);
1106 set_to_cap_if_null(ops, xfrm_state_delete_security); 1113 set_to_cap_if_null(ops, xfrm_state_delete_security);
1107 set_to_cap_if_null(ops, xfrm_policy_lookup); 1114 set_to_cap_if_null(ops, xfrm_policy_lookup);
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index 0b759e17a131..77ca965ab684 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -13,7 +13,9 @@
13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14 14
15#include <linux/err.h> 15#include <linux/err.h>
16#include <linux/sched.h>
16#include <linux/rbtree.h> 17#include <linux/rbtree.h>
18#include <linux/cred.h>
17#include <linux/key-type.h> 19#include <linux/key-type.h>
18#include <linux/digsig.h> 20#include <linux/digsig.h>
19 21
@@ -21,21 +23,29 @@
21 23
22static struct key *keyring[INTEGRITY_KEYRING_MAX]; 24static struct key *keyring[INTEGRITY_KEYRING_MAX];
23 25
26#ifdef CONFIG_IMA_TRUSTED_KEYRING
27static const char *keyring_name[INTEGRITY_KEYRING_MAX] = {
28 ".evm",
29 ".module",
30 ".ima",
31};
32#else
24static const char *keyring_name[INTEGRITY_KEYRING_MAX] = { 33static const char *keyring_name[INTEGRITY_KEYRING_MAX] = {
25 "_evm", 34 "_evm",
26 "_module", 35 "_module",
27 "_ima", 36 "_ima",
28}; 37};
38#endif
29 39
30int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, 40int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
31 const char *digest, int digestlen) 41 const char *digest, int digestlen)
32{ 42{
33 if (id >= INTEGRITY_KEYRING_MAX) 43 if (id >= INTEGRITY_KEYRING_MAX)
34 return -EINVAL; 44 return -EINVAL;
35 45
36 if (!keyring[id]) { 46 if (!keyring[id]) {
37 keyring[id] = 47 keyring[id] =
38 request_key(&key_type_keyring, keyring_name[id], NULL); 48 request_key(&key_type_keyring, keyring_name[id], NULL);
39 if (IS_ERR(keyring[id])) { 49 if (IS_ERR(keyring[id])) {
40 int err = PTR_ERR(keyring[id]); 50 int err = PTR_ERR(keyring[id]);
41 pr_err("no %s keyring: %d\n", keyring_name[id], err); 51 pr_err("no %s keyring: %d\n", keyring_name[id], err);
@@ -44,9 +54,10 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
44 } 54 }
45 } 55 }
46 56
47 switch (sig[0]) { 57 switch (sig[1]) {
48 case 1: 58 case 1:
49 return digsig_verify(keyring[id], sig, siglen, 59 /* v1 API expect signature without xattr type */
60 return digsig_verify(keyring[id], sig + 1, siglen - 1,
50 digest, digestlen); 61 digest, digestlen);
51 case 2: 62 case 2:
52 return asymmetric_verify(keyring[id], sig, siglen, 63 return asymmetric_verify(keyring[id], sig, siglen,
@@ -55,3 +66,21 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
55 66
56 return -EOPNOTSUPP; 67 return -EOPNOTSUPP;
57} 68}
69
70int integrity_init_keyring(const unsigned int id)
71{
72 const struct cred *cred = current_cred();
73 const struct user_struct *user = cred->user;
74
75 keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0),
76 KGIDT_INIT(0), cred,
77 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
78 KEY_USR_VIEW | KEY_USR_READ),
79 KEY_ALLOC_NOT_IN_QUOTA, user->uid_keyring);
80 if (!IS_ERR(keyring[id]))
81 set_bit(KEY_FLAG_TRUSTED_ONLY, &keyring[id]->flags);
82 else
83 pr_info("Can't allocate %s keyring (%ld)\n",
84 keyring_name[id], PTR_ERR(keyring[id]));
85 return 0;
86}
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index b4754667659d..9eae4809006b 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -20,17 +20,6 @@
20#include "integrity.h" 20#include "integrity.h"
21 21
22/* 22/*
23 * signature format v2 - for using with asymmetric keys
24 */
25struct signature_v2_hdr {
26 uint8_t version; /* signature format version */
27 uint8_t hash_algo; /* Digest algorithm [enum pkey_hash_algo] */
28 uint32_t keyid; /* IMA key identifier - not X509/PGP specific*/
29 uint16_t sig_size; /* signature size */
30 uint8_t sig[0]; /* signature payload */
31} __packed;
32
33/*
34 * Request an asymmetric key. 23 * Request an asymmetric key.
35 */ 24 */
36static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) 25static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index af9b6852f4e1..336b3ddfe63f 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -123,7 +123,7 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
123 goto out; 123 goto out;
124 } 124 }
125 125
126 xattr_len = rc - 1; 126 xattr_len = rc;
127 127
128 /* check value type */ 128 /* check value type */
129 switch (xattr_data->type) { 129 switch (xattr_data->type) {
@@ -143,7 +143,7 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
143 if (rc) 143 if (rc)
144 break; 144 break;
145 rc = integrity_digsig_verify(INTEGRITY_KEYRING_EVM, 145 rc = integrity_digsig_verify(INTEGRITY_KEYRING_EVM,
146 xattr_data->digest, xattr_len, 146 (const char *)xattr_data, xattr_len,
147 calc.digest, sizeof(calc.digest)); 147 calc.digest, sizeof(calc.digest));
148 if (!rc) { 148 if (!rc) {
149 /* we probably want to replace rsa with hmac here */ 149 /* we probably want to replace rsa with hmac here */
diff --git a/security/integrity/evm/evm_posix_acl.c b/security/integrity/evm/evm_posix_acl.c
index b1753e98bf9a..46408b9e62e8 100644
--- a/security/integrity/evm/evm_posix_acl.c
+++ b/security/integrity/evm/evm_posix_acl.c
@@ -11,8 +11,9 @@
11 11
12#include <linux/module.h> 12#include <linux/module.h>
13#include <linux/xattr.h> 13#include <linux/xattr.h>
14#include <linux/evm.h>
14 15
15int posix_xattr_acl(char *xattr) 16int posix_xattr_acl(const char *xattr)
16{ 17{
17 int xattr_len = strlen(xattr); 18 int xattr_len = strlen(xattr);
18 19
diff --git a/security/integrity/iint.c b/security/integrity/iint.c
index 74522dbd10a6..c49d3f14cbec 100644
--- a/security/integrity/iint.c
+++ b/security/integrity/iint.c
@@ -70,6 +70,8 @@ struct integrity_iint_cache *integrity_iint_find(struct inode *inode)
70 70
71static void iint_free(struct integrity_iint_cache *iint) 71static void iint_free(struct integrity_iint_cache *iint)
72{ 72{
73 kfree(iint->ima_hash);
74 iint->ima_hash = NULL;
73 iint->version = 0; 75 iint->version = 0;
74 iint->flags = 0UL; 76 iint->flags = 0UL;
75 iint->ima_file_status = INTEGRITY_UNKNOWN; 77 iint->ima_file_status = INTEGRITY_UNKNOWN;
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 39196abaff0d..dad8d4ca2437 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -9,6 +9,7 @@ config IMA
9 select CRYPTO_HMAC 9 select CRYPTO_HMAC
10 select CRYPTO_MD5 10 select CRYPTO_MD5
11 select CRYPTO_SHA1 11 select CRYPTO_SHA1
12 select CRYPTO_HASH_INFO
12 select TCG_TPM if HAS_IOMEM && !UML 13 select TCG_TPM if HAS_IOMEM && !UML
13 select TCG_TIS if TCG_TPM && X86 14 select TCG_TIS if TCG_TPM && X86
14 select TCG_IBMVTPM if TCG_TPM && PPC64 15 select TCG_IBMVTPM if TCG_TPM && PPC64
@@ -45,6 +46,69 @@ config IMA_LSM_RULES
45 help 46 help
46 Disabling this option will disregard LSM based policy rules. 47 Disabling this option will disregard LSM based policy rules.
47 48
49choice
50 prompt "Default template"
51 default IMA_NG_TEMPLATE
52 depends on IMA
53 help
54 Select the default IMA measurement template.
55
56 The original 'ima' measurement list template contains a
57 hash, defined as 20 bytes, and a null terminated pathname,
58 limited to 255 characters. The 'ima-ng' measurement list
59 template permits both larger hash digests and longer
60 pathnames.
61
62 config IMA_TEMPLATE
63 bool "ima"
64 config IMA_NG_TEMPLATE
65 bool "ima-ng (default)"
66 config IMA_SIG_TEMPLATE
67 bool "ima-sig"
68endchoice
69
70config IMA_DEFAULT_TEMPLATE
71 string
72 depends on IMA
73 default "ima" if IMA_TEMPLATE
74 default "ima-ng" if IMA_NG_TEMPLATE
75 default "ima-sig" if IMA_SIG_TEMPLATE
76
77choice
78 prompt "Default integrity hash algorithm"
79 default IMA_DEFAULT_HASH_SHA1
80 depends on IMA
81 help
82 Select the default hash algorithm used for the measurement
83 list, integrity appraisal and audit log. The compiled default
84 hash algorithm can be overwritten using the kernel command
85 line 'ima_hash=' option.
86
87 config IMA_DEFAULT_HASH_SHA1
88 bool "SHA1 (default)"
89 depends on CRYPTO_SHA1
90
91 config IMA_DEFAULT_HASH_SHA256
92 bool "SHA256"
93 depends on CRYPTO_SHA256 && !IMA_TEMPLATE
94
95 config IMA_DEFAULT_HASH_SHA512
96 bool "SHA512"
97 depends on CRYPTO_SHA512 && !IMA_TEMPLATE
98
99 config IMA_DEFAULT_HASH_WP512
100 bool "WP512"
101 depends on CRYPTO_WP512 && !IMA_TEMPLATE
102endchoice
103
104config IMA_DEFAULT_HASH
105 string
106 depends on IMA
107 default "sha1" if IMA_DEFAULT_HASH_SHA1
108 default "sha256" if IMA_DEFAULT_HASH_SHA256
109 default "sha512" if IMA_DEFAULT_HASH_SHA512
110 default "wp512" if IMA_DEFAULT_HASH_WP512
111
48config IMA_APPRAISE 112config IMA_APPRAISE
49 bool "Appraise integrity measurements" 113 bool "Appraise integrity measurements"
50 depends on IMA 114 depends on IMA
@@ -59,3 +123,11 @@ config IMA_APPRAISE
59 For more information on integrity appraisal refer to: 123 For more information on integrity appraisal refer to:
60 <http://linux-ima.sourceforge.net> 124 <http://linux-ima.sourceforge.net>
61 If unsure, say N. 125 If unsure, say N.
126
127config IMA_TRUSTED_KEYRING
128 bool "Require all keys on the _ima keyring be signed"
129 depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING
130 default y
131 help
132 This option requires that all keys added to the _ima
133 keyring be signed by a key on the system trusted keyring.
diff --git a/security/integrity/ima/Makefile b/security/integrity/ima/Makefile
index 56dfee7cbf61..d79263d2fdbf 100644
--- a/security/integrity/ima/Makefile
+++ b/security/integrity/ima/Makefile
@@ -6,5 +6,5 @@
6obj-$(CONFIG_IMA) += ima.o 6obj-$(CONFIG_IMA) += ima.o
7 7
8ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \ 8ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \
9 ima_policy.o 9 ima_policy.o ima_template.o ima_template_lib.o
10ima-$(CONFIG_IMA_APPRAISE) += ima_appraise.o 10ima-$(CONFIG_IMA_APPRAISE) += ima_appraise.o
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index b3dd616560f7..bf03c6a16cc8 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -36,23 +36,48 @@ enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 };
36#define IMA_HASH_BITS 9 36#define IMA_HASH_BITS 9
37#define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS) 37#define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS)
38 38
39#define IMA_TEMPLATE_FIELD_ID_MAX_LEN 16
40#define IMA_TEMPLATE_NUM_FIELDS_MAX 15
41
42#define IMA_TEMPLATE_IMA_NAME "ima"
43#define IMA_TEMPLATE_IMA_FMT "d|n"
44
39/* set during initialization */ 45/* set during initialization */
40extern int ima_initialized; 46extern int ima_initialized;
41extern int ima_used_chip; 47extern int ima_used_chip;
42extern char *ima_hash; 48extern int ima_hash_algo;
43extern int ima_appraise; 49extern int ima_appraise;
44 50
45/* IMA inode template definition */ 51/* IMA template field data definition */
46struct ima_template_data { 52struct ima_field_data {
47 u8 digest[IMA_DIGEST_SIZE]; /* sha1/md5 measurement hash */ 53 u8 *data;
48 char file_name[IMA_EVENT_NAME_LEN_MAX + 1]; /* name + \0 */ 54 u32 len;
55};
56
57/* IMA template field definition */
58struct ima_template_field {
59 const char field_id[IMA_TEMPLATE_FIELD_ID_MAX_LEN];
60 int (*field_init) (struct integrity_iint_cache *iint, struct file *file,
61 const unsigned char *filename,
62 struct evm_ima_xattr_data *xattr_value,
63 int xattr_len, struct ima_field_data *field_data);
64 void (*field_show) (struct seq_file *m, enum ima_show_type show,
65 struct ima_field_data *field_data);
66};
67
68/* IMA template descriptor definition */
69struct ima_template_desc {
70 char *name;
71 char *fmt;
72 int num_fields;
73 struct ima_template_field **fields;
49}; 74};
50 75
51struct ima_template_entry { 76struct ima_template_entry {
52 u8 digest[IMA_DIGEST_SIZE]; /* sha1 or md5 measurement hash */ 77 u8 digest[TPM_DIGEST_SIZE]; /* sha1 or md5 measurement hash */
53 const char *template_name; 78 struct ima_template_desc *template_desc; /* template descriptor */
54 int template_len; 79 u32 template_data_len;
55 struct ima_template_data template; 80 struct ima_field_data template_data[0]; /* template related data */
56}; 81};
57 82
58struct ima_queue_entry { 83struct ima_queue_entry {
@@ -69,13 +94,21 @@ int ima_fs_init(void);
69void ima_fs_cleanup(void); 94void ima_fs_cleanup(void);
70int ima_inode_alloc(struct inode *inode); 95int ima_inode_alloc(struct inode *inode);
71int ima_add_template_entry(struct ima_template_entry *entry, int violation, 96int ima_add_template_entry(struct ima_template_entry *entry, int violation,
72 const char *op, struct inode *inode); 97 const char *op, struct inode *inode,
73int ima_calc_file_hash(struct file *file, char *digest); 98 const unsigned char *filename);
74int ima_calc_buffer_hash(const void *data, int len, char *digest); 99int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash);
75int ima_calc_boot_aggregate(char *digest); 100int ima_calc_field_array_hash(struct ima_field_data *field_data, int num_fields,
76void ima_add_violation(struct inode *inode, const unsigned char *filename, 101 struct ima_digest_data *hash);
102int __init ima_calc_boot_aggregate(struct ima_digest_data *hash);
103void ima_add_violation(struct file *file, const unsigned char *filename,
77 const char *op, const char *cause); 104 const char *op, const char *cause);
78int ima_init_crypto(void); 105int ima_init_crypto(void);
106void ima_putc(struct seq_file *m, void *data, int datalen);
107void ima_print_digest(struct seq_file *m, u8 *digest, int size);
108struct ima_template_desc *ima_template_desc_current(void);
109int ima_init_template(void);
110
111int ima_init_template(void);
79 112
80/* 113/*
81 * used to protect h_table and sha_table 114 * used to protect h_table and sha_table
@@ -98,14 +131,21 @@ static inline unsigned long ima_hash_key(u8 *digest)
98int ima_get_action(struct inode *inode, int mask, int function); 131int ima_get_action(struct inode *inode, int mask, int function);
99int ima_must_measure(struct inode *inode, int mask, int function); 132int ima_must_measure(struct inode *inode, int mask, int function);
100int ima_collect_measurement(struct integrity_iint_cache *iint, 133int ima_collect_measurement(struct integrity_iint_cache *iint,
101 struct file *file); 134 struct file *file,
135 struct evm_ima_xattr_data **xattr_value,
136 int *xattr_len);
102void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file, 137void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
103 const unsigned char *filename); 138 const unsigned char *filename,
139 struct evm_ima_xattr_data *xattr_value,
140 int xattr_len);
104void ima_audit_measurement(struct integrity_iint_cache *iint, 141void ima_audit_measurement(struct integrity_iint_cache *iint,
105 const unsigned char *filename); 142 const unsigned char *filename);
143int ima_alloc_init_template(struct integrity_iint_cache *iint,
144 struct file *file, const unsigned char *filename,
145 struct evm_ima_xattr_data *xattr_value,
146 int xattr_len, struct ima_template_entry **entry);
106int ima_store_template(struct ima_template_entry *entry, int violation, 147int ima_store_template(struct ima_template_entry *entry, int violation,
107 struct inode *inode); 148 struct inode *inode, const unsigned char *filename);
108void ima_template_show(struct seq_file *m, void *e, enum ima_show_type show);
109const char *ima_d_path(struct path *path, char **pathbuf); 149const char *ima_d_path(struct path *path, char **pathbuf);
110 150
111/* rbtree tree calls to lookup, insert, delete 151/* rbtree tree calls to lookup, insert, delete
@@ -131,17 +171,25 @@ void ima_delete_rules(void);
131 171
132#ifdef CONFIG_IMA_APPRAISE 172#ifdef CONFIG_IMA_APPRAISE
133int ima_appraise_measurement(int func, struct integrity_iint_cache *iint, 173int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
134 struct file *file, const unsigned char *filename); 174 struct file *file, const unsigned char *filename,
175 struct evm_ima_xattr_data *xattr_value,
176 int xattr_len);
135int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func); 177int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func);
136void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file); 178void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file);
137enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint, 179enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
138 int func); 180 int func);
181void ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len,
182 struct ima_digest_data *hash);
183int ima_read_xattr(struct dentry *dentry,
184 struct evm_ima_xattr_data **xattr_value);
139 185
140#else 186#else
141static inline int ima_appraise_measurement(int func, 187static inline int ima_appraise_measurement(int func,
142 struct integrity_iint_cache *iint, 188 struct integrity_iint_cache *iint,
143 struct file *file, 189 struct file *file,
144 const unsigned char *filename) 190 const unsigned char *filename,
191 struct evm_ima_xattr_data *xattr_value,
192 int xattr_len)
145{ 193{
146 return INTEGRITY_UNKNOWN; 194 return INTEGRITY_UNKNOWN;
147} 195}
@@ -162,6 +210,19 @@ static inline enum integrity_status ima_get_cache_status(struct integrity_iint_c
162{ 210{
163 return INTEGRITY_UNKNOWN; 211 return INTEGRITY_UNKNOWN;
164} 212}
213
214static inline void ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
215 int xattr_len,
216 struct ima_digest_data *hash)
217{
218}
219
220static inline int ima_read_xattr(struct dentry *dentry,
221 struct evm_ima_xattr_data **xattr_value)
222{
223 return 0;
224}
225
165#endif 226#endif
166 227
167/* LSM based policy rules require audit */ 228/* LSM based policy rules require audit */
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 1c03e8f1e0e1..0e7540863fc2 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -18,9 +18,46 @@
18#include <linux/fs.h> 18#include <linux/fs.h>
19#include <linux/xattr.h> 19#include <linux/xattr.h>
20#include <linux/evm.h> 20#include <linux/evm.h>
21#include <crypto/hash_info.h>
21#include "ima.h" 22#include "ima.h"
22 23
23static const char *IMA_TEMPLATE_NAME = "ima"; 24/*
25 * ima_alloc_init_template - create and initialize a new template entry
26 */
27int ima_alloc_init_template(struct integrity_iint_cache *iint,
28 struct file *file, const unsigned char *filename,
29 struct evm_ima_xattr_data *xattr_value,
30 int xattr_len, struct ima_template_entry **entry)
31{
32 struct ima_template_desc *template_desc = ima_template_desc_current();
33 int i, result = 0;
34
35 *entry = kzalloc(sizeof(**entry) + template_desc->num_fields *
36 sizeof(struct ima_field_data), GFP_NOFS);
37 if (!*entry)
38 return -ENOMEM;
39
40 for (i = 0; i < template_desc->num_fields; i++) {
41 struct ima_template_field *field = template_desc->fields[i];
42 u32 len;
43
44 result = field->field_init(iint, file, filename,
45 xattr_value, xattr_len,
46 &((*entry)->template_data[i]));
47 if (result != 0)
48 goto out;
49
50 len = (*entry)->template_data[i].len;
51 (*entry)->template_data_len += sizeof(len);
52 (*entry)->template_data_len += len;
53 }
54 (*entry)->template_desc = template_desc;
55 return 0;
56out:
57 kfree(*entry);
58 *entry = NULL;
59 return result;
60}
24 61
25/* 62/*
26 * ima_store_template - store ima template measurements 63 * ima_store_template - store ima template measurements
@@ -39,28 +76,34 @@ static const char *IMA_TEMPLATE_NAME = "ima";
39 * Returns 0 on success, error code otherwise 76 * Returns 0 on success, error code otherwise
40 */ 77 */
41int ima_store_template(struct ima_template_entry *entry, 78int ima_store_template(struct ima_template_entry *entry,
42 int violation, struct inode *inode) 79 int violation, struct inode *inode,
80 const unsigned char *filename)
43{ 81{
44 const char *op = "add_template_measure"; 82 const char *op = "add_template_measure";
45 const char *audit_cause = "hashing_error"; 83 const char *audit_cause = "hashing_error";
84 char *template_name = entry->template_desc->name;
46 int result; 85 int result;
47 86 struct {
48 memset(entry->digest, 0, sizeof(entry->digest)); 87 struct ima_digest_data hdr;
49 entry->template_name = IMA_TEMPLATE_NAME; 88 char digest[TPM_DIGEST_SIZE];
50 entry->template_len = sizeof(entry->template); 89 } hash;
51 90
52 if (!violation) { 91 if (!violation) {
53 result = ima_calc_buffer_hash(&entry->template, 92 int num_fields = entry->template_desc->num_fields;
54 entry->template_len, 93
55 entry->digest); 94 /* this function uses default algo */
95 hash.hdr.algo = HASH_ALGO_SHA1;
96 result = ima_calc_field_array_hash(&entry->template_data[0],
97 num_fields, &hash.hdr);
56 if (result < 0) { 98 if (result < 0) {
57 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, 99 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode,
58 entry->template_name, op, 100 template_name, op,
59 audit_cause, result, 0); 101 audit_cause, result, 0);
60 return result; 102 return result;
61 } 103 }
104 memcpy(entry->digest, hash.hdr.digest, hash.hdr.length);
62 } 105 }
63 result = ima_add_template_entry(entry, violation, op, inode); 106 result = ima_add_template_entry(entry, violation, op, inode, filename);
64 return result; 107 return result;
65} 108}
66 109
@@ -71,24 +114,24 @@ int ima_store_template(struct ima_template_entry *entry,
71 * By extending the PCR with 0xFF's instead of with zeroes, the PCR 114 * By extending the PCR with 0xFF's instead of with zeroes, the PCR
72 * value is invalidated. 115 * value is invalidated.
73 */ 116 */
74void ima_add_violation(struct inode *inode, const unsigned char *filename, 117void ima_add_violation(struct file *file, const unsigned char *filename,
75 const char *op, const char *cause) 118 const char *op, const char *cause)
76{ 119{
77 struct ima_template_entry *entry; 120 struct ima_template_entry *entry;
121 struct inode *inode = file->f_dentry->d_inode;
78 int violation = 1; 122 int violation = 1;
79 int result; 123 int result;
80 124
81 /* can overflow, only indicator */ 125 /* can overflow, only indicator */
82 atomic_long_inc(&ima_htable.violations); 126 atomic_long_inc(&ima_htable.violations);
83 127
84 entry = kmalloc(sizeof(*entry), GFP_KERNEL); 128 result = ima_alloc_init_template(NULL, file, filename,
85 if (!entry) { 129 NULL, 0, &entry);
130 if (result < 0) {
86 result = -ENOMEM; 131 result = -ENOMEM;
87 goto err_out; 132 goto err_out;
88 } 133 }
89 memset(&entry->template, 0, sizeof(entry->template)); 134 result = ima_store_template(entry, violation, inode, filename);
90 strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX);
91 result = ima_store_template(entry, violation, inode);
92 if (result < 0) 135 if (result < 0)
93 kfree(entry); 136 kfree(entry);
94err_out: 137err_out:
@@ -138,20 +181,42 @@ int ima_must_measure(struct inode *inode, int mask, int function)
138 * Return 0 on success, error code otherwise 181 * Return 0 on success, error code otherwise
139 */ 182 */
140int ima_collect_measurement(struct integrity_iint_cache *iint, 183int ima_collect_measurement(struct integrity_iint_cache *iint,
141 struct file *file) 184 struct file *file,
185 struct evm_ima_xattr_data **xattr_value,
186 int *xattr_len)
142{ 187{
143 struct inode *inode = file_inode(file); 188 struct inode *inode = file_inode(file);
144 const char *filename = file->f_dentry->d_name.name; 189 const char *filename = file->f_dentry->d_name.name;
145 int result = 0; 190 int result = 0;
191 struct {
192 struct ima_digest_data hdr;
193 char digest[IMA_MAX_DIGEST_SIZE];
194 } hash;
195
196 if (xattr_value)
197 *xattr_len = ima_read_xattr(file->f_dentry, xattr_value);
146 198
147 if (!(iint->flags & IMA_COLLECTED)) { 199 if (!(iint->flags & IMA_COLLECTED)) {
148 u64 i_version = file_inode(file)->i_version; 200 u64 i_version = file_inode(file)->i_version;
149 201
150 iint->ima_xattr.type = IMA_XATTR_DIGEST; 202 /* use default hash algorithm */
151 result = ima_calc_file_hash(file, iint->ima_xattr.digest); 203 hash.hdr.algo = ima_hash_algo;
204
205 if (xattr_value)
206 ima_get_hash_algo(*xattr_value, *xattr_len, &hash.hdr);
207
208 result = ima_calc_file_hash(file, &hash.hdr);
152 if (!result) { 209 if (!result) {
153 iint->version = i_version; 210 int length = sizeof(hash.hdr) + hash.hdr.length;
154 iint->flags |= IMA_COLLECTED; 211 void *tmpbuf = krealloc(iint->ima_hash, length,
212 GFP_NOFS);
213 if (tmpbuf) {
214 iint->ima_hash = tmpbuf;
215 memcpy(iint->ima_hash, &hash, length);
216 iint->version = i_version;
217 iint->flags |= IMA_COLLECTED;
218 } else
219 result = -ENOMEM;
155 } 220 }
156 } 221 }
157 if (result) 222 if (result)
@@ -177,7 +242,9 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
177 * Must be called with iint->mutex held. 242 * Must be called with iint->mutex held.
178 */ 243 */
179void ima_store_measurement(struct integrity_iint_cache *iint, 244void ima_store_measurement(struct integrity_iint_cache *iint,
180 struct file *file, const unsigned char *filename) 245 struct file *file, const unsigned char *filename,
246 struct evm_ima_xattr_data *xattr_value,
247 int xattr_len)
181{ 248{
182 const char *op = "add_template_measure"; 249 const char *op = "add_template_measure";
183 const char *audit_cause = "ENOMEM"; 250 const char *audit_cause = "ENOMEM";
@@ -189,19 +256,15 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
189 if (iint->flags & IMA_MEASURED) 256 if (iint->flags & IMA_MEASURED)
190 return; 257 return;
191 258
192 entry = kmalloc(sizeof(*entry), GFP_KERNEL); 259 result = ima_alloc_init_template(iint, file, filename,
193 if (!entry) { 260 xattr_value, xattr_len, &entry);
261 if (result < 0) {
194 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename, 262 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
195 op, audit_cause, result, 0); 263 op, audit_cause, result, 0);
196 return; 264 return;
197 } 265 }
198 memset(&entry->template, 0, sizeof(entry->template));
199 memcpy(entry->template.digest, iint->ima_xattr.digest, IMA_DIGEST_SIZE);
200 strcpy(entry->template.file_name,
201 (strlen(filename) > IMA_EVENT_NAME_LEN_MAX) ?
202 file->f_dentry->d_name.name : filename);
203 266
204 result = ima_store_template(entry, violation, inode); 267 result = ima_store_template(entry, violation, inode, filename);
205 if (!result || result == -EEXIST) 268 if (!result || result == -EEXIST)
206 iint->flags |= IMA_MEASURED; 269 iint->flags |= IMA_MEASURED;
207 if (result < 0) 270 if (result < 0)
@@ -212,14 +275,16 @@ void ima_audit_measurement(struct integrity_iint_cache *iint,
212 const unsigned char *filename) 275 const unsigned char *filename)
213{ 276{
214 struct audit_buffer *ab; 277 struct audit_buffer *ab;
215 char hash[(IMA_DIGEST_SIZE * 2) + 1]; 278 char hash[(iint->ima_hash->length * 2) + 1];
279 const char *algo_name = hash_algo_name[iint->ima_hash->algo];
280 char algo_hash[sizeof(hash) + strlen(algo_name) + 2];
216 int i; 281 int i;
217 282
218 if (iint->flags & IMA_AUDITED) 283 if (iint->flags & IMA_AUDITED)
219 return; 284 return;
220 285
221 for (i = 0; i < IMA_DIGEST_SIZE; i++) 286 for (i = 0; i < iint->ima_hash->length; i++)
222 hex_byte_pack(hash + (i * 2), iint->ima_xattr.digest[i]); 287 hex_byte_pack(hash + (i * 2), iint->ima_hash->digest[i]);
223 hash[i * 2] = '\0'; 288 hash[i * 2] = '\0';
224 289
225 ab = audit_log_start(current->audit_context, GFP_KERNEL, 290 ab = audit_log_start(current->audit_context, GFP_KERNEL,
@@ -230,7 +295,8 @@ void ima_audit_measurement(struct integrity_iint_cache *iint,
230 audit_log_format(ab, "file="); 295 audit_log_format(ab, "file=");
231 audit_log_untrustedstring(ab, filename); 296 audit_log_untrustedstring(ab, filename);
232 audit_log_format(ab, " hash="); 297 audit_log_format(ab, " hash=");
233 audit_log_untrustedstring(ab, hash); 298 snprintf(algo_hash, sizeof(algo_hash), "%s:%s", algo_name, hash);
299 audit_log_untrustedstring(ab, algo_hash);
234 300
235 audit_log_task_info(ab, current); 301 audit_log_task_info(ab, current);
236 audit_log_end(ab); 302 audit_log_end(ab);
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 2d4becab8918..46353ee517f6 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -15,6 +15,7 @@
15#include <linux/magic.h> 15#include <linux/magic.h>
16#include <linux/ima.h> 16#include <linux/ima.h>
17#include <linux/evm.h> 17#include <linux/evm.h>
18#include <crypto/hash_info.h>
18 19
19#include "ima.h" 20#include "ima.h"
20 21
@@ -43,19 +44,31 @@ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func)
43} 44}
44 45
45static int ima_fix_xattr(struct dentry *dentry, 46static int ima_fix_xattr(struct dentry *dentry,
46 struct integrity_iint_cache *iint) 47 struct integrity_iint_cache *iint)
47{ 48{
48 iint->ima_xattr.type = IMA_XATTR_DIGEST; 49 int rc, offset;
49 return __vfs_setxattr_noperm(dentry, XATTR_NAME_IMA, 50 u8 algo = iint->ima_hash->algo;
50 (u8 *)&iint->ima_xattr, 51
51 sizeof(iint->ima_xattr), 0); 52 if (algo <= HASH_ALGO_SHA1) {
53 offset = 1;
54 iint->ima_hash->xattr.sha1.type = IMA_XATTR_DIGEST;
55 } else {
56 offset = 0;
57 iint->ima_hash->xattr.ng.type = IMA_XATTR_DIGEST_NG;
58 iint->ima_hash->xattr.ng.algo = algo;
59 }
60 rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_IMA,
61 &iint->ima_hash->xattr.data[offset],
62 (sizeof(iint->ima_hash->xattr) - offset) +
63 iint->ima_hash->length, 0);
64 return rc;
52} 65}
53 66
54/* Return specific func appraised cached result */ 67/* Return specific func appraised cached result */
55enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint, 68enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
56 int func) 69 int func)
57{ 70{
58 switch(func) { 71 switch (func) {
59 case MMAP_CHECK: 72 case MMAP_CHECK:
60 return iint->ima_mmap_status; 73 return iint->ima_mmap_status;
61 case BPRM_CHECK: 74 case BPRM_CHECK:
@@ -71,7 +84,7 @@ enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
71static void ima_set_cache_status(struct integrity_iint_cache *iint, 84static void ima_set_cache_status(struct integrity_iint_cache *iint,
72 int func, enum integrity_status status) 85 int func, enum integrity_status status)
73{ 86{
74 switch(func) { 87 switch (func) {
75 case MMAP_CHECK: 88 case MMAP_CHECK:
76 iint->ima_mmap_status = status; 89 iint->ima_mmap_status = status;
77 break; 90 break;
@@ -90,7 +103,7 @@ static void ima_set_cache_status(struct integrity_iint_cache *iint,
90 103
91static void ima_cache_flags(struct integrity_iint_cache *iint, int func) 104static void ima_cache_flags(struct integrity_iint_cache *iint, int func)
92{ 105{
93 switch(func) { 106 switch (func) {
94 case MMAP_CHECK: 107 case MMAP_CHECK:
95 iint->flags |= (IMA_MMAP_APPRAISED | IMA_APPRAISED); 108 iint->flags |= (IMA_MMAP_APPRAISED | IMA_APPRAISED);
96 break; 109 break;
@@ -107,6 +120,50 @@ static void ima_cache_flags(struct integrity_iint_cache *iint, int func)
107 } 120 }
108} 121}
109 122
123void ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len,
124 struct ima_digest_data *hash)
125{
126 struct signature_v2_hdr *sig;
127
128 if (!xattr_value || xattr_len < 2)
129 return;
130
131 switch (xattr_value->type) {
132 case EVM_IMA_XATTR_DIGSIG:
133 sig = (typeof(sig))xattr_value;
134 if (sig->version != 2 || xattr_len <= sizeof(*sig))
135 return;
136 hash->algo = sig->hash_algo;
137 break;
138 case IMA_XATTR_DIGEST_NG:
139 hash->algo = xattr_value->digest[0];
140 break;
141 case IMA_XATTR_DIGEST:
142 /* this is for backward compatibility */
143 if (xattr_len == 21) {
144 unsigned int zero = 0;
145 if (!memcmp(&xattr_value->digest[16], &zero, 4))
146 hash->algo = HASH_ALGO_MD5;
147 else
148 hash->algo = HASH_ALGO_SHA1;
149 } else if (xattr_len == 17)
150 hash->algo = HASH_ALGO_MD5;
151 break;
152 }
153}
154
155int ima_read_xattr(struct dentry *dentry,
156 struct evm_ima_xattr_data **xattr_value)
157{
158 struct inode *inode = dentry->d_inode;
159
160 if (!inode->i_op->getxattr)
161 return 0;
162
163 return vfs_getxattr_alloc(dentry, XATTR_NAME_IMA, (char **)xattr_value,
164 0, GFP_NOFS);
165}
166
110/* 167/*
111 * ima_appraise_measurement - appraise file measurement 168 * ima_appraise_measurement - appraise file measurement
112 * 169 *
@@ -116,23 +173,22 @@ static void ima_cache_flags(struct integrity_iint_cache *iint, int func)
116 * Return 0 on success, error code otherwise 173 * Return 0 on success, error code otherwise
117 */ 174 */
118int ima_appraise_measurement(int func, struct integrity_iint_cache *iint, 175int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
119 struct file *file, const unsigned char *filename) 176 struct file *file, const unsigned char *filename,
177 struct evm_ima_xattr_data *xattr_value,
178 int xattr_len)
120{ 179{
121 struct dentry *dentry = file->f_dentry; 180 struct dentry *dentry = file->f_dentry;
122 struct inode *inode = dentry->d_inode; 181 struct inode *inode = dentry->d_inode;
123 struct evm_ima_xattr_data *xattr_value = NULL;
124 enum integrity_status status = INTEGRITY_UNKNOWN; 182 enum integrity_status status = INTEGRITY_UNKNOWN;
125 const char *op = "appraise_data"; 183 const char *op = "appraise_data";
126 char *cause = "unknown"; 184 char *cause = "unknown";
127 int rc; 185 int rc = xattr_len, hash_start = 0;
128 186
129 if (!ima_appraise) 187 if (!ima_appraise)
130 return 0; 188 return 0;
131 if (!inode->i_op->getxattr) 189 if (!inode->i_op->getxattr)
132 return INTEGRITY_UNKNOWN; 190 return INTEGRITY_UNKNOWN;
133 191
134 rc = vfs_getxattr_alloc(dentry, XATTR_NAME_IMA, (char **)&xattr_value,
135 0, GFP_NOFS);
136 if (rc <= 0) { 192 if (rc <= 0) {
137 if (rc && rc != -ENODATA) 193 if (rc && rc != -ENODATA)
138 goto out; 194 goto out;
@@ -153,14 +209,25 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
153 goto out; 209 goto out;
154 } 210 }
155 switch (xattr_value->type) { 211 switch (xattr_value->type) {
212 case IMA_XATTR_DIGEST_NG:
213 /* first byte contains algorithm id */
214 hash_start = 1;
156 case IMA_XATTR_DIGEST: 215 case IMA_XATTR_DIGEST:
157 if (iint->flags & IMA_DIGSIG_REQUIRED) { 216 if (iint->flags & IMA_DIGSIG_REQUIRED) {
158 cause = "IMA signature required"; 217 cause = "IMA signature required";
159 status = INTEGRITY_FAIL; 218 status = INTEGRITY_FAIL;
160 break; 219 break;
161 } 220 }
162 rc = memcmp(xattr_value->digest, iint->ima_xattr.digest, 221 if (xattr_len - sizeof(xattr_value->type) - hash_start >=
163 IMA_DIGEST_SIZE); 222 iint->ima_hash->length)
223 /* xattr length may be longer. md5 hash in previous
224 version occupied 20 bytes in xattr, instead of 16
225 */
226 rc = memcmp(&xattr_value->digest[hash_start],
227 iint->ima_hash->digest,
228 iint->ima_hash->length);
229 else
230 rc = -EINVAL;
164 if (rc) { 231 if (rc) {
165 cause = "invalid-hash"; 232 cause = "invalid-hash";
166 status = INTEGRITY_FAIL; 233 status = INTEGRITY_FAIL;
@@ -171,9 +238,9 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
171 case EVM_IMA_XATTR_DIGSIG: 238 case EVM_IMA_XATTR_DIGSIG:
172 iint->flags |= IMA_DIGSIG; 239 iint->flags |= IMA_DIGSIG;
173 rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA, 240 rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA,
174 xattr_value->digest, rc - 1, 241 (const char *)xattr_value, rc,
175 iint->ima_xattr.digest, 242 iint->ima_hash->digest,
176 IMA_DIGEST_SIZE); 243 iint->ima_hash->length);
177 if (rc == -EOPNOTSUPP) { 244 if (rc == -EOPNOTSUPP) {
178 status = INTEGRITY_UNKNOWN; 245 status = INTEGRITY_UNKNOWN;
179 } else if (rc) { 246 } else if (rc) {
@@ -203,7 +270,6 @@ out:
203 ima_cache_flags(iint, func); 270 ima_cache_flags(iint, func);
204 } 271 }
205 ima_set_cache_status(iint, func, status); 272 ima_set_cache_status(iint, func, status);
206 kfree(xattr_value);
207 return status; 273 return status;
208} 274}
209 275
@@ -219,7 +285,7 @@ void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file)
219 if (iint->flags & IMA_DIGSIG) 285 if (iint->flags & IMA_DIGSIG)
220 return; 286 return;
221 287
222 rc = ima_collect_measurement(iint, file); 288 rc = ima_collect_measurement(iint, file, NULL, NULL);
223 if (rc < 0) 289 if (rc < 0)
224 return; 290 return;
225 291
@@ -315,3 +381,14 @@ int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name)
315 } 381 }
316 return result; 382 return result;
317} 383}
384
385#ifdef CONFIG_IMA_TRUSTED_KEYRING
386static int __init init_ima_keyring(void)
387{
388 int ret;
389
390 ret = integrity_init_keyring(INTEGRITY_KEYRING_IMA);
391 return 0;
392}
393late_initcall(init_ima_keyring);
394#endif
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index a02e0791cf15..676e0292dfec 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -20,6 +20,7 @@
20#include <linux/err.h> 20#include <linux/err.h>
21#include <linux/slab.h> 21#include <linux/slab.h>
22#include <crypto/hash.h> 22#include <crypto/hash.h>
23#include <crypto/hash_info.h>
23#include "ima.h" 24#include "ima.h"
24 25
25static struct crypto_shash *ima_shash_tfm; 26static struct crypto_shash *ima_shash_tfm;
@@ -28,31 +29,58 @@ int ima_init_crypto(void)
28{ 29{
29 long rc; 30 long rc;
30 31
31 ima_shash_tfm = crypto_alloc_shash(ima_hash, 0, 0); 32 ima_shash_tfm = crypto_alloc_shash(hash_algo_name[ima_hash_algo], 0, 0);
32 if (IS_ERR(ima_shash_tfm)) { 33 if (IS_ERR(ima_shash_tfm)) {
33 rc = PTR_ERR(ima_shash_tfm); 34 rc = PTR_ERR(ima_shash_tfm);
34 pr_err("Can not allocate %s (reason: %ld)\n", ima_hash, rc); 35 pr_err("Can not allocate %s (reason: %ld)\n",
36 hash_algo_name[ima_hash_algo], rc);
35 return rc; 37 return rc;
36 } 38 }
37 return 0; 39 return 0;
38} 40}
39 41
42static struct crypto_shash *ima_alloc_tfm(enum hash_algo algo)
43{
44 struct crypto_shash *tfm = ima_shash_tfm;
45 int rc;
46
47 if (algo != ima_hash_algo && algo < HASH_ALGO__LAST) {
48 tfm = crypto_alloc_shash(hash_algo_name[algo], 0, 0);
49 if (IS_ERR(tfm)) {
50 rc = PTR_ERR(tfm);
51 pr_err("Can not allocate %s (reason: %d)\n",
52 hash_algo_name[algo], rc);
53 }
54 }
55 return tfm;
56}
57
58static void ima_free_tfm(struct crypto_shash *tfm)
59{
60 if (tfm != ima_shash_tfm)
61 crypto_free_shash(tfm);
62}
63
40/* 64/*
41 * Calculate the MD5/SHA1 file digest 65 * Calculate the MD5/SHA1 file digest
42 */ 66 */
43int ima_calc_file_hash(struct file *file, char *digest) 67static int ima_calc_file_hash_tfm(struct file *file,
68 struct ima_digest_data *hash,
69 struct crypto_shash *tfm)
44{ 70{
45 loff_t i_size, offset = 0; 71 loff_t i_size, offset = 0;
46 char *rbuf; 72 char *rbuf;
47 int rc, read = 0; 73 int rc, read = 0;
48 struct { 74 struct {
49 struct shash_desc shash; 75 struct shash_desc shash;
50 char ctx[crypto_shash_descsize(ima_shash_tfm)]; 76 char ctx[crypto_shash_descsize(tfm)];
51 } desc; 77 } desc;
52 78
53 desc.shash.tfm = ima_shash_tfm; 79 desc.shash.tfm = tfm;
54 desc.shash.flags = 0; 80 desc.shash.flags = 0;
55 81
82 hash->length = crypto_shash_digestsize(tfm);
83
56 rc = crypto_shash_init(&desc.shash); 84 rc = crypto_shash_init(&desc.shash);
57 if (rc != 0) 85 if (rc != 0)
58 return rc; 86 return rc;
@@ -85,27 +113,83 @@ int ima_calc_file_hash(struct file *file, char *digest)
85 } 113 }
86 kfree(rbuf); 114 kfree(rbuf);
87 if (!rc) 115 if (!rc)
88 rc = crypto_shash_final(&desc.shash, digest); 116 rc = crypto_shash_final(&desc.shash, hash->digest);
89 if (read) 117 if (read)
90 file->f_mode &= ~FMODE_READ; 118 file->f_mode &= ~FMODE_READ;
91out: 119out:
92 return rc; 120 return rc;
93} 121}
94 122
123int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash)
124{
125 struct crypto_shash *tfm;
126 int rc;
127
128 tfm = ima_alloc_tfm(hash->algo);
129 if (IS_ERR(tfm))
130 return PTR_ERR(tfm);
131
132 rc = ima_calc_file_hash_tfm(file, hash, tfm);
133
134 ima_free_tfm(tfm);
135
136 return rc;
137}
138
95/* 139/*
96 * Calculate the hash of a given buffer 140 * Calculate the hash of template data
97 */ 141 */
98int ima_calc_buffer_hash(const void *data, int len, char *digest) 142static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
143 int num_fields,
144 struct ima_digest_data *hash,
145 struct crypto_shash *tfm)
99{ 146{
100 struct { 147 struct {
101 struct shash_desc shash; 148 struct shash_desc shash;
102 char ctx[crypto_shash_descsize(ima_shash_tfm)]; 149 char ctx[crypto_shash_descsize(tfm)];
103 } desc; 150 } desc;
151 int rc, i;
104 152
105 desc.shash.tfm = ima_shash_tfm; 153 desc.shash.tfm = tfm;
106 desc.shash.flags = 0; 154 desc.shash.flags = 0;
107 155
108 return crypto_shash_digest(&desc.shash, data, len, digest); 156 hash->length = crypto_shash_digestsize(tfm);
157
158 rc = crypto_shash_init(&desc.shash);
159 if (rc != 0)
160 return rc;
161
162 for (i = 0; i < num_fields; i++) {
163 rc = crypto_shash_update(&desc.shash,
164 (const u8 *) &field_data[i].len,
165 sizeof(field_data[i].len));
166 rc = crypto_shash_update(&desc.shash, field_data[i].data,
167 field_data[i].len);
168 if (rc)
169 break;
170 }
171
172 if (!rc)
173 rc = crypto_shash_final(&desc.shash, hash->digest);
174
175 return rc;
176}
177
178int ima_calc_field_array_hash(struct ima_field_data *field_data, int num_fields,
179 struct ima_digest_data *hash)
180{
181 struct crypto_shash *tfm;
182 int rc;
183
184 tfm = ima_alloc_tfm(hash->algo);
185 if (IS_ERR(tfm))
186 return PTR_ERR(tfm);
187
188 rc = ima_calc_field_array_hash_tfm(field_data, num_fields, hash, tfm);
189
190 ima_free_tfm(tfm);
191
192 return rc;
109} 193}
110 194
111static void __init ima_pcrread(int idx, u8 *pcr) 195static void __init ima_pcrread(int idx, u8 *pcr)
@@ -120,16 +204,17 @@ static void __init ima_pcrread(int idx, u8 *pcr)
120/* 204/*
121 * Calculate the boot aggregate hash 205 * Calculate the boot aggregate hash
122 */ 206 */
123int __init ima_calc_boot_aggregate(char *digest) 207static int __init ima_calc_boot_aggregate_tfm(char *digest,
208 struct crypto_shash *tfm)
124{ 209{
125 u8 pcr_i[IMA_DIGEST_SIZE]; 210 u8 pcr_i[TPM_DIGEST_SIZE];
126 int rc, i; 211 int rc, i;
127 struct { 212 struct {
128 struct shash_desc shash; 213 struct shash_desc shash;
129 char ctx[crypto_shash_descsize(ima_shash_tfm)]; 214 char ctx[crypto_shash_descsize(tfm)];
130 } desc; 215 } desc;
131 216
132 desc.shash.tfm = ima_shash_tfm; 217 desc.shash.tfm = tfm;
133 desc.shash.flags = 0; 218 desc.shash.flags = 0;
134 219
135 rc = crypto_shash_init(&desc.shash); 220 rc = crypto_shash_init(&desc.shash);
@@ -140,9 +225,26 @@ int __init ima_calc_boot_aggregate(char *digest)
140 for (i = TPM_PCR0; i < TPM_PCR8; i++) { 225 for (i = TPM_PCR0; i < TPM_PCR8; i++) {
141 ima_pcrread(i, pcr_i); 226 ima_pcrread(i, pcr_i);
142 /* now accumulate with current aggregate */ 227 /* now accumulate with current aggregate */
143 rc = crypto_shash_update(&desc.shash, pcr_i, IMA_DIGEST_SIZE); 228 rc = crypto_shash_update(&desc.shash, pcr_i, TPM_DIGEST_SIZE);
144 } 229 }
145 if (!rc) 230 if (!rc)
146 crypto_shash_final(&desc.shash, digest); 231 crypto_shash_final(&desc.shash, digest);
147 return rc; 232 return rc;
148} 233}
234
235int __init ima_calc_boot_aggregate(struct ima_digest_data *hash)
236{
237 struct crypto_shash *tfm;
238 int rc;
239
240 tfm = ima_alloc_tfm(hash->algo);
241 if (IS_ERR(tfm))
242 return PTR_ERR(tfm);
243
244 hash->length = crypto_shash_digestsize(tfm);
245 rc = ima_calc_boot_aggregate_tfm(hash->digest, tfm);
246
247 ima_free_tfm(tfm);
248
249 return rc;
250}
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 38477c9c3415..d47a7c86a21d 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -88,8 +88,7 @@ static void *ima_measurements_next(struct seq_file *m, void *v, loff_t *pos)
88 * against concurrent list-extension 88 * against concurrent list-extension
89 */ 89 */
90 rcu_read_lock(); 90 rcu_read_lock();
91 qe = list_entry_rcu(qe->later.next, 91 qe = list_entry_rcu(qe->later.next, struct ima_queue_entry, later);
92 struct ima_queue_entry, later);
93 rcu_read_unlock(); 92 rcu_read_unlock();
94 (*pos)++; 93 (*pos)++;
95 94
@@ -100,7 +99,7 @@ static void ima_measurements_stop(struct seq_file *m, void *v)
100{ 99{
101} 100}
102 101
103static void ima_putc(struct seq_file *m, void *data, int datalen) 102void ima_putc(struct seq_file *m, void *data, int datalen)
104{ 103{
105 while (datalen--) 104 while (datalen--)
106 seq_putc(m, *(char *)data++); 105 seq_putc(m, *(char *)data++);
@@ -111,6 +110,7 @@ static void ima_putc(struct seq_file *m, void *data, int datalen)
111 * char[20]=template digest 110 * char[20]=template digest
112 * 32bit-le=template name size 111 * 32bit-le=template name size
113 * char[n]=template name 112 * char[n]=template name
113 * [eventdata length]
114 * eventdata[n]=template specific data 114 * eventdata[n]=template specific data
115 */ 115 */
116static int ima_measurements_show(struct seq_file *m, void *v) 116static int ima_measurements_show(struct seq_file *m, void *v)
@@ -120,6 +120,7 @@ static int ima_measurements_show(struct seq_file *m, void *v)
120 struct ima_template_entry *e; 120 struct ima_template_entry *e;
121 int namelen; 121 int namelen;
122 u32 pcr = CONFIG_IMA_MEASURE_PCR_IDX; 122 u32 pcr = CONFIG_IMA_MEASURE_PCR_IDX;
123 int i;
123 124
124 /* get entry */ 125 /* get entry */
125 e = qe->entry; 126 e = qe->entry;
@@ -134,18 +135,25 @@ static int ima_measurements_show(struct seq_file *m, void *v)
134 ima_putc(m, &pcr, sizeof pcr); 135 ima_putc(m, &pcr, sizeof pcr);
135 136
136 /* 2nd: template digest */ 137 /* 2nd: template digest */
137 ima_putc(m, e->digest, IMA_DIGEST_SIZE); 138 ima_putc(m, e->digest, TPM_DIGEST_SIZE);
138 139
139 /* 3rd: template name size */ 140 /* 3rd: template name size */
140 namelen = strlen(e->template_name); 141 namelen = strlen(e->template_desc->name);
141 ima_putc(m, &namelen, sizeof namelen); 142 ima_putc(m, &namelen, sizeof namelen);
142 143
143 /* 4th: template name */ 144 /* 4th: template name */
144 ima_putc(m, (void *)e->template_name, namelen); 145 ima_putc(m, e->template_desc->name, namelen);
146
147 /* 5th: template length (except for 'ima' template) */
148 if (strcmp(e->template_desc->name, IMA_TEMPLATE_IMA_NAME) != 0)
149 ima_putc(m, &e->template_data_len,
150 sizeof(e->template_data_len));
145 151
146 /* 5th: template specific data */ 152 /* 6th: template specific data */
147 ima_template_show(m, (struct ima_template_data *)&e->template, 153 for (i = 0; i < e->template_desc->num_fields; i++) {
148 IMA_SHOW_BINARY); 154 e->template_desc->fields[i]->field_show(m, IMA_SHOW_BINARY,
155 &e->template_data[i]);
156 }
149 return 0; 157 return 0;
150} 158}
151 159
@@ -168,41 +176,21 @@ static const struct file_operations ima_measurements_ops = {
168 .release = seq_release, 176 .release = seq_release,
169}; 177};
170 178
171static void ima_print_digest(struct seq_file *m, u8 *digest) 179void ima_print_digest(struct seq_file *m, u8 *digest, int size)
172{ 180{
173 int i; 181 int i;
174 182
175 for (i = 0; i < IMA_DIGEST_SIZE; i++) 183 for (i = 0; i < size; i++)
176 seq_printf(m, "%02x", *(digest + i)); 184 seq_printf(m, "%02x", *(digest + i));
177} 185}
178 186
179void ima_template_show(struct seq_file *m, void *e, enum ima_show_type show)
180{
181 struct ima_template_data *entry = e;
182 int namelen;
183
184 switch (show) {
185 case IMA_SHOW_ASCII:
186 ima_print_digest(m, entry->digest);
187 seq_printf(m, " %s\n", entry->file_name);
188 break;
189 case IMA_SHOW_BINARY:
190 ima_putc(m, entry->digest, IMA_DIGEST_SIZE);
191
192 namelen = strlen(entry->file_name);
193 ima_putc(m, &namelen, sizeof namelen);
194 ima_putc(m, entry->file_name, namelen);
195 default:
196 break;
197 }
198}
199
200/* print in ascii */ 187/* print in ascii */
201static int ima_ascii_measurements_show(struct seq_file *m, void *v) 188static int ima_ascii_measurements_show(struct seq_file *m, void *v)
202{ 189{
203 /* the list never shrinks, so we don't need a lock here */ 190 /* the list never shrinks, so we don't need a lock here */
204 struct ima_queue_entry *qe = v; 191 struct ima_queue_entry *qe = v;
205 struct ima_template_entry *e; 192 struct ima_template_entry *e;
193 int i;
206 194
207 /* get entry */ 195 /* get entry */
208 e = qe->entry; 196 e = qe->entry;
@@ -213,14 +201,21 @@ static int ima_ascii_measurements_show(struct seq_file *m, void *v)
213 seq_printf(m, "%2d ", CONFIG_IMA_MEASURE_PCR_IDX); 201 seq_printf(m, "%2d ", CONFIG_IMA_MEASURE_PCR_IDX);
214 202
215 /* 2nd: SHA1 template hash */ 203 /* 2nd: SHA1 template hash */
216 ima_print_digest(m, e->digest); 204 ima_print_digest(m, e->digest, TPM_DIGEST_SIZE);
217 205
218 /* 3th: template name */ 206 /* 3th: template name */
219 seq_printf(m, " %s ", e->template_name); 207 seq_printf(m, " %s", e->template_desc->name);
220 208
221 /* 4th: template specific data */ 209 /* 4th: template specific data */
222 ima_template_show(m, (struct ima_template_data *)&e->template, 210 for (i = 0; i < e->template_desc->num_fields; i++) {
223 IMA_SHOW_ASCII); 211 seq_puts(m, " ");
212 if (e->template_data[i].len == 0)
213 continue;
214
215 e->template_desc->fields[i]->field_show(m, IMA_SHOW_ASCII,
216 &e->template_data[i]);
217 }
218 seq_puts(m, "\n");
224 return 0; 219 return 0;
225} 220}
226 221
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index 162ea723db3d..15f34bd40abe 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -18,6 +18,7 @@
18#include <linux/scatterlist.h> 18#include <linux/scatterlist.h>
19#include <linux/slab.h> 19#include <linux/slab.h>
20#include <linux/err.h> 20#include <linux/err.h>
21#include <crypto/hash_info.h>
21#include "ima.h" 22#include "ima.h"
22 23
23/* name for boot aggregate entry */ 24/* name for boot aggregate entry */
@@ -42,28 +43,38 @@ int ima_used_chip;
42static void __init ima_add_boot_aggregate(void) 43static void __init ima_add_boot_aggregate(void)
43{ 44{
44 struct ima_template_entry *entry; 45 struct ima_template_entry *entry;
46 struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
45 const char *op = "add_boot_aggregate"; 47 const char *op = "add_boot_aggregate";
46 const char *audit_cause = "ENOMEM"; 48 const char *audit_cause = "ENOMEM";
47 int result = -ENOMEM; 49 int result = -ENOMEM;
48 int violation = 1; 50 int violation = 0;
51 struct {
52 struct ima_digest_data hdr;
53 char digest[TPM_DIGEST_SIZE];
54 } hash;
49 55
50 entry = kmalloc(sizeof(*entry), GFP_KERNEL); 56 memset(iint, 0, sizeof(*iint));
51 if (!entry) 57 memset(&hash, 0, sizeof(hash));
52 goto err_out; 58 iint->ima_hash = &hash.hdr;
59 iint->ima_hash->algo = HASH_ALGO_SHA1;
60 iint->ima_hash->length = SHA1_DIGEST_SIZE;
53 61
54 memset(&entry->template, 0, sizeof(entry->template));
55 strncpy(entry->template.file_name, boot_aggregate_name,
56 IMA_EVENT_NAME_LEN_MAX);
57 if (ima_used_chip) { 62 if (ima_used_chip) {
58 violation = 0; 63 result = ima_calc_boot_aggregate(&hash.hdr);
59 result = ima_calc_boot_aggregate(entry->template.digest);
60 if (result < 0) { 64 if (result < 0) {
61 audit_cause = "hashing_error"; 65 audit_cause = "hashing_error";
62 kfree(entry); 66 kfree(entry);
63 goto err_out; 67 goto err_out;
64 } 68 }
65 } 69 }
66 result = ima_store_template(entry, violation, NULL); 70
71 result = ima_alloc_init_template(iint, NULL, boot_aggregate_name,
72 NULL, 0, &entry);
73 if (result < 0)
74 return;
75
76 result = ima_store_template(entry, violation, NULL,
77 boot_aggregate_name);
67 if (result < 0) 78 if (result < 0)
68 kfree(entry); 79 kfree(entry);
69 return; 80 return;
@@ -74,7 +85,7 @@ err_out:
74 85
75int __init ima_init(void) 86int __init ima_init(void)
76{ 87{
77 u8 pcr_i[IMA_DIGEST_SIZE]; 88 u8 pcr_i[TPM_DIGEST_SIZE];
78 int rc; 89 int rc;
79 90
80 ima_used_chip = 0; 91 ima_used_chip = 0;
@@ -88,6 +99,10 @@ int __init ima_init(void)
88 rc = ima_init_crypto(); 99 rc = ima_init_crypto();
89 if (rc) 100 if (rc)
90 return rc; 101 return rc;
102 rc = ima_init_template();
103 if (rc != 0)
104 return rc;
105
91 ima_add_boot_aggregate(); /* boot aggregate must be first entry */ 106 ima_add_boot_aggregate(); /* boot aggregate must be first entry */
92 ima_init_policy(); 107 ima_init_policy();
93 108
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index e9508d5bbfcf..149ee1119f87 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -24,6 +24,7 @@
24#include <linux/slab.h> 24#include <linux/slab.h>
25#include <linux/xattr.h> 25#include <linux/xattr.h>
26#include <linux/ima.h> 26#include <linux/ima.h>
27#include <crypto/hash_info.h>
27 28
28#include "ima.h" 29#include "ima.h"
29 30
@@ -35,11 +36,33 @@ int ima_appraise = IMA_APPRAISE_ENFORCE;
35int ima_appraise; 36int ima_appraise;
36#endif 37#endif
37 38
38char *ima_hash = "sha1"; 39int ima_hash_algo = HASH_ALGO_SHA1;
40static int hash_setup_done;
41
39static int __init hash_setup(char *str) 42static int __init hash_setup(char *str)
40{ 43{
41 if (strncmp(str, "md5", 3) == 0) 44 struct ima_template_desc *template_desc = ima_template_desc_current();
42 ima_hash = "md5"; 45 int i;
46
47 if (hash_setup_done)
48 return 1;
49
50 if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) {
51 if (strncmp(str, "sha1", 4) == 0)
52 ima_hash_algo = HASH_ALGO_SHA1;
53 else if (strncmp(str, "md5", 3) == 0)
54 ima_hash_algo = HASH_ALGO_MD5;
55 goto out;
56 }
57
58 for (i = 0; i < HASH_ALGO__LAST; i++) {
59 if (strcmp(str, hash_algo_name[i]) == 0) {
60 ima_hash_algo = i;
61 break;
62 }
63 }
64out:
65 hash_setup_done = 1;
43 return 1; 66 return 1;
44} 67}
45__setup("ima_hash=", hash_setup); 68__setup("ima_hash=", hash_setup);
@@ -92,10 +115,9 @@ out:
92 pathname = dentry->d_name.name; 115 pathname = dentry->d_name.name;
93 116
94 if (send_tomtou) 117 if (send_tomtou)
95 ima_add_violation(inode, pathname, 118 ima_add_violation(file, pathname, "invalid_pcr", "ToMToU");
96 "invalid_pcr", "ToMToU");
97 if (send_writers) 119 if (send_writers)
98 ima_add_violation(inode, pathname, 120 ima_add_violation(file, pathname,
99 "invalid_pcr", "open_writers"); 121 "invalid_pcr", "open_writers");
100 kfree(pathbuf); 122 kfree(pathbuf);
101} 123}
@@ -144,9 +166,12 @@ static int process_measurement(struct file *file, const char *filename,
144{ 166{
145 struct inode *inode = file_inode(file); 167 struct inode *inode = file_inode(file);
146 struct integrity_iint_cache *iint; 168 struct integrity_iint_cache *iint;
169 struct ima_template_desc *template_desc = ima_template_desc_current();
147 char *pathbuf = NULL; 170 char *pathbuf = NULL;
148 const char *pathname = NULL; 171 const char *pathname = NULL;
149 int rc = -ENOMEM, action, must_appraise, _func; 172 int rc = -ENOMEM, action, must_appraise, _func;
173 struct evm_ima_xattr_data *xattr_value = NULL, **xattr_ptr = NULL;
174 int xattr_len = 0;
150 175
151 if (!ima_initialized || !S_ISREG(inode->i_mode)) 176 if (!ima_initialized || !S_ISREG(inode->i_mode))
152 return 0; 177 return 0;
@@ -185,7 +210,13 @@ static int process_measurement(struct file *file, const char *filename,
185 goto out_digsig; 210 goto out_digsig;
186 } 211 }
187 212
188 rc = ima_collect_measurement(iint, file); 213 if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) {
214 if (action & IMA_APPRAISE_SUBMASK)
215 xattr_ptr = &xattr_value;
216 } else
217 xattr_ptr = &xattr_value;
218
219 rc = ima_collect_measurement(iint, file, xattr_ptr, &xattr_len);
189 if (rc != 0) 220 if (rc != 0)
190 goto out_digsig; 221 goto out_digsig;
191 222
@@ -194,9 +225,11 @@ static int process_measurement(struct file *file, const char *filename,
194 pathname = (const char *)file->f_dentry->d_name.name; 225 pathname = (const char *)file->f_dentry->d_name.name;
195 226
196 if (action & IMA_MEASURE) 227 if (action & IMA_MEASURE)
197 ima_store_measurement(iint, file, pathname); 228 ima_store_measurement(iint, file, pathname,
229 xattr_value, xattr_len);
198 if (action & IMA_APPRAISE_SUBMASK) 230 if (action & IMA_APPRAISE_SUBMASK)
199 rc = ima_appraise_measurement(_func, iint, file, pathname); 231 rc = ima_appraise_measurement(_func, iint, file, pathname,
232 xattr_value, xattr_len);
200 if (action & IMA_AUDIT) 233 if (action & IMA_AUDIT)
201 ima_audit_measurement(iint, pathname); 234 ima_audit_measurement(iint, pathname);
202 kfree(pathbuf); 235 kfree(pathbuf);
@@ -205,6 +238,7 @@ out_digsig:
205 rc = -EACCES; 238 rc = -EACCES;
206out: 239out:
207 mutex_unlock(&inode->i_mutex); 240 mutex_unlock(&inode->i_mutex);
241 kfree(xattr_value);
208 if ((rc && must_appraise) && (ima_appraise & IMA_APPRAISE_ENFORCE)) 242 if ((rc && must_appraise) && (ima_appraise & IMA_APPRAISE_ENFORCE))
209 return -EACCES; 243 return -EACCES;
210 return 0; 244 return 0;
@@ -244,9 +278,9 @@ int ima_file_mmap(struct file *file, unsigned long prot)
244int ima_bprm_check(struct linux_binprm *bprm) 278int ima_bprm_check(struct linux_binprm *bprm)
245{ 279{
246 return process_measurement(bprm->file, 280 return process_measurement(bprm->file,
247 (strcmp(bprm->filename, bprm->interp) == 0) ? 281 (strcmp(bprm->filename, bprm->interp) == 0) ?
248 bprm->filename : bprm->interp, 282 bprm->filename : bprm->interp,
249 MAY_EXEC, BPRM_CHECK); 283 MAY_EXEC, BPRM_CHECK);
250} 284}
251 285
252/** 286/**
@@ -263,8 +297,8 @@ int ima_file_check(struct file *file, int mask)
263{ 297{
264 ima_rdwr_violation_check(file); 298 ima_rdwr_violation_check(file);
265 return process_measurement(file, NULL, 299 return process_measurement(file, NULL,
266 mask & (MAY_READ | MAY_WRITE | MAY_EXEC), 300 mask & (MAY_READ | MAY_WRITE | MAY_EXEC),
267 FILE_CHECK); 301 FILE_CHECK);
268} 302}
269EXPORT_SYMBOL_GPL(ima_file_check); 303EXPORT_SYMBOL_GPL(ima_file_check);
270 304
@@ -294,6 +328,7 @@ static int __init init_ima(void)
294{ 328{
295 int error; 329 int error;
296 330
331 hash_setup(CONFIG_IMA_DEFAULT_HASH);
297 error = ima_init(); 332 error = ima_init();
298 if (!error) 333 if (!error)
299 ima_initialized = 1; 334 ima_initialized = 1;
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 399433ad614e..a9c3d3cd1990 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -73,7 +73,6 @@ static struct ima_rule_entry default_rules[] = {
73 {.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC}, 73 {.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC},
74 {.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC}, 74 {.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC},
75 {.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC}, 75 {.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC},
76 {.action = DONT_MEASURE,.fsmagic = RAMFS_MAGIC,.flags = IMA_FSMAGIC},
77 {.action = DONT_MEASURE,.fsmagic = DEVPTS_SUPER_MAGIC,.flags = IMA_FSMAGIC}, 76 {.action = DONT_MEASURE,.fsmagic = DEVPTS_SUPER_MAGIC,.flags = IMA_FSMAGIC},
78 {.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC}, 77 {.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC},
79 {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC}, 78 {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC},
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index ff63fe00c195..d85e99761f4f 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -50,7 +50,7 @@ static struct ima_queue_entry *ima_lookup_digest_entry(u8 *digest_value)
50 key = ima_hash_key(digest_value); 50 key = ima_hash_key(digest_value);
51 rcu_read_lock(); 51 rcu_read_lock();
52 hlist_for_each_entry_rcu(qe, &ima_htable.queue[key], hnext) { 52 hlist_for_each_entry_rcu(qe, &ima_htable.queue[key], hnext) {
53 rc = memcmp(qe->entry->digest, digest_value, IMA_DIGEST_SIZE); 53 rc = memcmp(qe->entry->digest, digest_value, TPM_DIGEST_SIZE);
54 if (rc == 0) { 54 if (rc == 0) {
55 ret = qe; 55 ret = qe;
56 break; 56 break;
@@ -104,9 +104,10 @@ static int ima_pcr_extend(const u8 *hash)
104 * and extend the pcr. 104 * and extend the pcr.
105 */ 105 */
106int ima_add_template_entry(struct ima_template_entry *entry, int violation, 106int ima_add_template_entry(struct ima_template_entry *entry, int violation,
107 const char *op, struct inode *inode) 107 const char *op, struct inode *inode,
108 const unsigned char *filename)
108{ 109{
109 u8 digest[IMA_DIGEST_SIZE]; 110 u8 digest[TPM_DIGEST_SIZE];
110 const char *audit_cause = "hash_added"; 111 const char *audit_cause = "hash_added";
111 char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX]; 112 char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX];
112 int audit_info = 1; 113 int audit_info = 1;
@@ -141,8 +142,7 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
141 } 142 }
142out: 143out:
143 mutex_unlock(&ima_extend_list_mutex); 144 mutex_unlock(&ima_extend_list_mutex);
144 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, 145 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
145 entry->template.file_name,
146 op, audit_cause, result, audit_info); 146 op, audit_cause, result, audit_info);
147 return result; 147 return result;
148} 148}
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
new file mode 100644
index 000000000000..4e5da990630b
--- /dev/null
+++ b/security/integrity/ima/ima_template.c
@@ -0,0 +1,178 @@
1/*
2 * Copyright (C) 2013 Politecnico di Torino, Italy
3 * TORSEC group -- http://security.polito.it
4 *
5 * Author: Roberto Sassu <roberto.sassu@polito.it>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License as
9 * published by the Free Software Foundation, version 2 of the
10 * License.
11 *
12 * File: ima_template.c
13 * Helpers to manage template descriptors.
14 */
15#include <crypto/hash_info.h>
16
17#include "ima.h"
18#include "ima_template_lib.h"
19
20static struct ima_template_desc defined_templates[] = {
21 {.name = IMA_TEMPLATE_IMA_NAME, .fmt = IMA_TEMPLATE_IMA_FMT},
22 {.name = "ima-ng",.fmt = "d-ng|n-ng"},
23 {.name = "ima-sig",.fmt = "d-ng|n-ng|sig"},
24};
25
26static struct ima_template_field supported_fields[] = {
27 {.field_id = "d",.field_init = ima_eventdigest_init,
28 .field_show = ima_show_template_digest},
29 {.field_id = "n",.field_init = ima_eventname_init,
30 .field_show = ima_show_template_string},
31 {.field_id = "d-ng",.field_init = ima_eventdigest_ng_init,
32 .field_show = ima_show_template_digest_ng},
33 {.field_id = "n-ng",.field_init = ima_eventname_ng_init,
34 .field_show = ima_show_template_string},
35 {.field_id = "sig",.field_init = ima_eventsig_init,
36 .field_show = ima_show_template_sig},
37};
38
39static struct ima_template_desc *ima_template;
40static struct ima_template_desc *lookup_template_desc(const char *name);
41
42static int __init ima_template_setup(char *str)
43{
44 struct ima_template_desc *template_desc;
45 int template_len = strlen(str);
46
47 /*
48 * Verify that a template with the supplied name exists.
49 * If not, use CONFIG_IMA_DEFAULT_TEMPLATE.
50 */
51 template_desc = lookup_template_desc(str);
52 if (!template_desc)
53 return 1;
54
55 /*
56 * Verify whether the current hash algorithm is supported
57 * by the 'ima' template.
58 */
59 if (template_len == 3 && strcmp(str, IMA_TEMPLATE_IMA_NAME) == 0 &&
60 ima_hash_algo != HASH_ALGO_SHA1 && ima_hash_algo != HASH_ALGO_MD5) {
61 pr_err("IMA: template does not support hash alg\n");
62 return 1;
63 }
64
65 ima_template = template_desc;
66 return 1;
67}
68__setup("ima_template=", ima_template_setup);
69
70static struct ima_template_desc *lookup_template_desc(const char *name)
71{
72 int i;
73
74 for (i = 0; i < ARRAY_SIZE(defined_templates); i++) {
75 if (strcmp(defined_templates[i].name, name) == 0)
76 return defined_templates + i;
77 }
78
79 return NULL;
80}
81
82static struct ima_template_field *lookup_template_field(const char *field_id)
83{
84 int i;
85
86 for (i = 0; i < ARRAY_SIZE(supported_fields); i++)
87 if (strncmp(supported_fields[i].field_id, field_id,
88 IMA_TEMPLATE_FIELD_ID_MAX_LEN) == 0)
89 return &supported_fields[i];
90 return NULL;
91}
92
93static int template_fmt_size(char *template_fmt)
94{
95 char c;
96 int template_fmt_len = strlen(template_fmt);
97 int i = 0, j = 0;
98
99 while (i < template_fmt_len) {
100 c = template_fmt[i];
101 if (c == '|')
102 j++;
103 i++;
104 }
105
106 return j + 1;
107}
108
109static int template_desc_init_fields(char *template_fmt,
110 struct ima_template_field ***fields,
111 int *num_fields)
112{
113 char *c, *template_fmt_ptr = template_fmt;
114 int template_num_fields = template_fmt_size(template_fmt);
115 int i, result = 0;
116
117 if (template_num_fields > IMA_TEMPLATE_NUM_FIELDS_MAX)
118 return -EINVAL;
119
120 *fields = kzalloc(template_num_fields * sizeof(*fields), GFP_KERNEL);
121 if (*fields == NULL) {
122 result = -ENOMEM;
123 goto out;
124 }
125 for (i = 0; (c = strsep(&template_fmt_ptr, "|")) != NULL &&
126 i < template_num_fields; i++) {
127 struct ima_template_field *f = lookup_template_field(c);
128
129 if (!f) {
130 result = -ENOENT;
131 goto out;
132 }
133 (*fields)[i] = f;
134 }
135 *num_fields = i;
136 return 0;
137out:
138 kfree(*fields);
139 *fields = NULL;
140 return result;
141}
142
143static int init_defined_templates(void)
144{
145 int i = 0;
146 int result = 0;
147
148 /* Init defined templates. */
149 for (i = 0; i < ARRAY_SIZE(defined_templates); i++) {
150 struct ima_template_desc *template = &defined_templates[i];
151
152 result = template_desc_init_fields(template->fmt,
153 &(template->fields),
154 &(template->num_fields));
155 if (result < 0)
156 return result;
157 }
158 return result;
159}
160
161struct ima_template_desc *ima_template_desc_current(void)
162{
163 if (!ima_template)
164 ima_template =
165 lookup_template_desc(CONFIG_IMA_DEFAULT_TEMPLATE);
166 return ima_template;
167}
168
169int ima_init_template(void)
170{
171 int result;
172
173 result = init_defined_templates();
174 if (result < 0)
175 return result;
176
177 return 0;
178}
diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
new file mode 100644
index 000000000000..6d66ad6ed265
--- /dev/null
+++ b/security/integrity/ima/ima_template_lib.c
@@ -0,0 +1,347 @@
1/*
2 * Copyright (C) 2013 Politecnico di Torino, Italy
3 * TORSEC group -- http://security.polito.it
4 *
5 * Author: Roberto Sassu <roberto.sassu@polito.it>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License as
9 * published by the Free Software Foundation, version 2 of the
10 * License.
11 *
12 * File: ima_template_lib.c
13 * Library of supported template fields.
14 */
15#include <crypto/hash_info.h>
16
17#include "ima_template_lib.h"
18
19static bool ima_template_hash_algo_allowed(u8 algo)
20{
21 if (algo == HASH_ALGO_SHA1 || algo == HASH_ALGO_MD5)
22 return true;
23
24 return false;
25}
26
27enum data_formats {
28 DATA_FMT_DIGEST = 0,
29 DATA_FMT_DIGEST_WITH_ALGO,
30 DATA_FMT_EVENT_NAME,
31 DATA_FMT_STRING,
32 DATA_FMT_HEX
33};
34
35static int ima_write_template_field_data(const void *data, const u32 datalen,
36 enum data_formats datafmt,
37 struct ima_field_data *field_data)
38{
39 u8 *buf, *buf_ptr;
40 u32 buflen;
41
42 switch (datafmt) {
43 case DATA_FMT_EVENT_NAME:
44 buflen = IMA_EVENT_NAME_LEN_MAX + 1;
45 break;
46 case DATA_FMT_STRING:
47 buflen = datalen + 1;
48 break;
49 default:
50 buflen = datalen;
51 }
52
53 buf = kzalloc(buflen, GFP_KERNEL);
54 if (!buf)
55 return -ENOMEM;
56
57 memcpy(buf, data, datalen);
58
59 /*
60 * Replace all space characters with underscore for event names and
61 * strings. This avoid that, during the parsing of a measurements list,
62 * filenames with spaces or that end with the suffix ' (deleted)' are
63 * split into multiple template fields (the space is the delimitator
64 * character for measurements lists in ASCII format).
65 */
66 if (datafmt == DATA_FMT_EVENT_NAME || datafmt == DATA_FMT_STRING) {
67 for (buf_ptr = buf; buf_ptr - buf < datalen; buf_ptr++)
68 if (*buf_ptr == ' ')
69 *buf_ptr = '_';
70 }
71
72 field_data->data = buf;
73 field_data->len = buflen;
74 return 0;
75}
76
77static void ima_show_template_data_ascii(struct seq_file *m,
78 enum ima_show_type show,
79 enum data_formats datafmt,
80 struct ima_field_data *field_data)
81{
82 u8 *buf_ptr = field_data->data, buflen = field_data->len;
83
84 switch (datafmt) {
85 case DATA_FMT_DIGEST_WITH_ALGO:
86 buf_ptr = strnchr(field_data->data, buflen, ':');
87 if (buf_ptr != field_data->data)
88 seq_printf(m, "%s", field_data->data);
89
90 /* skip ':' and '\0' */
91 buf_ptr += 2;
92 buflen -= buf_ptr - field_data->data;
93 case DATA_FMT_DIGEST:
94 case DATA_FMT_HEX:
95 if (!buflen)
96 break;
97 ima_print_digest(m, buf_ptr, buflen);
98 break;
99 case DATA_FMT_STRING:
100 seq_printf(m, "%s", buf_ptr);
101 break;
102 default:
103 break;
104 }
105}
106
107static void ima_show_template_data_binary(struct seq_file *m,
108 enum ima_show_type show,
109 enum data_formats datafmt,
110 struct ima_field_data *field_data)
111{
112 ima_putc(m, &field_data->len, sizeof(u32));
113 if (!field_data->len)
114 return;
115 ima_putc(m, field_data->data, field_data->len);
116}
117
118static void ima_show_template_field_data(struct seq_file *m,
119 enum ima_show_type show,
120 enum data_formats datafmt,
121 struct ima_field_data *field_data)
122{
123 switch (show) {
124 case IMA_SHOW_ASCII:
125 ima_show_template_data_ascii(m, show, datafmt, field_data);
126 break;
127 case IMA_SHOW_BINARY:
128 ima_show_template_data_binary(m, show, datafmt, field_data);
129 break;
130 default:
131 break;
132 }
133}
134
135void ima_show_template_digest(struct seq_file *m, enum ima_show_type show,
136 struct ima_field_data *field_data)
137{
138 ima_show_template_field_data(m, show, DATA_FMT_DIGEST, field_data);
139}
140
141void ima_show_template_digest_ng(struct seq_file *m, enum ima_show_type show,
142 struct ima_field_data *field_data)
143{
144 ima_show_template_field_data(m, show, DATA_FMT_DIGEST_WITH_ALGO,
145 field_data);
146}
147
148void ima_show_template_string(struct seq_file *m, enum ima_show_type show,
149 struct ima_field_data *field_data)
150{
151 ima_show_template_field_data(m, show, DATA_FMT_STRING, field_data);
152}
153
154void ima_show_template_sig(struct seq_file *m, enum ima_show_type show,
155 struct ima_field_data *field_data)
156{
157 ima_show_template_field_data(m, show, DATA_FMT_HEX, field_data);
158}
159
160static int ima_eventdigest_init_common(u8 *digest, u32 digestsize, u8 hash_algo,
161 struct ima_field_data *field_data,
162 bool size_limit)
163{
164 /*
165 * digest formats:
166 * - DATA_FMT_DIGEST: digest
167 * - DATA_FMT_DIGEST_WITH_ALGO: [<hash algo>] + ':' + '\0' + digest,
168 * where <hash algo> is provided if the hash algoritm is not
169 * SHA1 or MD5
170 */
171 u8 buffer[CRYPTO_MAX_ALG_NAME + 2 + IMA_MAX_DIGEST_SIZE] = { 0 };
172 enum data_formats fmt = DATA_FMT_DIGEST;
173 u32 offset = 0;
174
175 if (!size_limit) {
176 fmt = DATA_FMT_DIGEST_WITH_ALGO;
177 if (hash_algo < HASH_ALGO__LAST)
178 offset += snprintf(buffer, CRYPTO_MAX_ALG_NAME + 1,
179 "%s", hash_algo_name[hash_algo]);
180 buffer[offset] = ':';
181 offset += 2;
182 }
183
184 if (digest)
185 memcpy(buffer + offset, digest, digestsize);
186 else
187 /*
188 * If digest is NULL, the event being recorded is a violation.
189 * Make room for the digest by increasing the offset of
190 * IMA_DIGEST_SIZE.
191 */
192 offset += IMA_DIGEST_SIZE;
193
194 return ima_write_template_field_data(buffer, offset + digestsize,
195 fmt, field_data);
196}
197
198/*
199 * This function writes the digest of an event (with size limit).
200 */
201int ima_eventdigest_init(struct integrity_iint_cache *iint, struct file *file,
202 const unsigned char *filename,
203 struct evm_ima_xattr_data *xattr_value, int xattr_len,
204 struct ima_field_data *field_data)
205{
206 struct {
207 struct ima_digest_data hdr;
208 char digest[IMA_MAX_DIGEST_SIZE];
209 } hash;
210 u8 *cur_digest = NULL;
211 u32 cur_digestsize = 0;
212 struct inode *inode;
213 int result;
214
215 memset(&hash, 0, sizeof(hash));
216
217 if (!iint) /* recording a violation. */
218 goto out;
219
220 if (ima_template_hash_algo_allowed(iint->ima_hash->algo)) {
221 cur_digest = iint->ima_hash->digest;
222 cur_digestsize = iint->ima_hash->length;
223 goto out;
224 }
225
226 if (!file) /* missing info to re-calculate the digest */
227 return -EINVAL;
228
229 inode = file_inode(file);
230 hash.hdr.algo = ima_template_hash_algo_allowed(ima_hash_algo) ?
231 ima_hash_algo : HASH_ALGO_SHA1;
232 result = ima_calc_file_hash(file, &hash.hdr);
233 if (result) {
234 integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode,
235 filename, "collect_data",
236 "failed", result, 0);
237 return result;
238 }
239 cur_digest = hash.hdr.digest;
240 cur_digestsize = hash.hdr.length;
241out:
242 return ima_eventdigest_init_common(cur_digest, cur_digestsize, -1,
243 field_data, true);
244}
245
246/*
247 * This function writes the digest of an event (without size limit).
248 */
249int ima_eventdigest_ng_init(struct integrity_iint_cache *iint,
250 struct file *file, const unsigned char *filename,
251 struct evm_ima_xattr_data *xattr_value,
252 int xattr_len, struct ima_field_data *field_data)
253{
254 u8 *cur_digest = NULL, hash_algo = HASH_ALGO__LAST;
255 u32 cur_digestsize = 0;
256
257 /* If iint is NULL, we are recording a violation. */
258 if (!iint)
259 goto out;
260
261 cur_digest = iint->ima_hash->digest;
262 cur_digestsize = iint->ima_hash->length;
263
264 hash_algo = iint->ima_hash->algo;
265out:
266 return ima_eventdigest_init_common(cur_digest, cur_digestsize,
267 hash_algo, field_data, false);
268}
269
270static int ima_eventname_init_common(struct integrity_iint_cache *iint,
271 struct file *file,
272 const unsigned char *filename,
273 struct ima_field_data *field_data,
274 bool size_limit)
275{
276 const char *cur_filename = NULL;
277 u32 cur_filename_len = 0;
278 enum data_formats fmt = size_limit ?
279 DATA_FMT_EVENT_NAME : DATA_FMT_STRING;
280
281 BUG_ON(filename == NULL && file == NULL);
282
283 if (filename) {
284 cur_filename = filename;
285 cur_filename_len = strlen(filename);
286
287 if (!size_limit || cur_filename_len <= IMA_EVENT_NAME_LEN_MAX)
288 goto out;
289 }
290
291 if (file) {
292 cur_filename = file->f_dentry->d_name.name;
293 cur_filename_len = strlen(cur_filename);
294 } else
295 /*
296 * Truncate filename if the latter is too long and
297 * the file descriptor is not available.
298 */
299 cur_filename_len = IMA_EVENT_NAME_LEN_MAX;
300out:
301 return ima_write_template_field_data(cur_filename, cur_filename_len,
302 fmt, field_data);
303}
304
305/*
306 * This function writes the name of an event (with size limit).
307 */
308int ima_eventname_init(struct integrity_iint_cache *iint, struct file *file,
309 const unsigned char *filename,
310 struct evm_ima_xattr_data *xattr_value, int xattr_len,
311 struct ima_field_data *field_data)
312{
313 return ima_eventname_init_common(iint, file, filename,
314 field_data, true);
315}
316
317/*
318 * This function writes the name of an event (without size limit).
319 */
320int ima_eventname_ng_init(struct integrity_iint_cache *iint, struct file *file,
321 const unsigned char *filename,
322 struct evm_ima_xattr_data *xattr_value, int xattr_len,
323 struct ima_field_data *field_data)
324{
325 return ima_eventname_init_common(iint, file, filename,
326 field_data, false);
327}
328
329/*
330 * ima_eventsig_init - include the file signature as part of the template data
331 */
332int ima_eventsig_init(struct integrity_iint_cache *iint, struct file *file,
333 const unsigned char *filename,
334 struct evm_ima_xattr_data *xattr_value, int xattr_len,
335 struct ima_field_data *field_data)
336{
337 enum data_formats fmt = DATA_FMT_HEX;
338 int rc = 0;
339
340 if ((!xattr_value) || (xattr_value->type != EVM_IMA_XATTR_DIGSIG))
341 goto out;
342
343 rc = ima_write_template_field_data(xattr_value, xattr_len, fmt,
344 field_data);
345out:
346 return rc;
347}
diff --git a/security/integrity/ima/ima_template_lib.h b/security/integrity/ima/ima_template_lib.h
new file mode 100644
index 000000000000..63f6b52cb1c2
--- /dev/null
+++ b/security/integrity/ima/ima_template_lib.h
@@ -0,0 +1,49 @@
1/*
2 * Copyright (C) 2013 Politecnico di Torino, Italy
3 * TORSEC group -- http://security.polito.it
4 *
5 * Author: Roberto Sassu <roberto.sassu@polito.it>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License as
9 * published by the Free Software Foundation, version 2 of the
10 * License.
11 *
12 * File: ima_template_lib.h
13 * Header for the library of supported template fields.
14 */
15#ifndef __LINUX_IMA_TEMPLATE_LIB_H
16#define __LINUX_IMA_TEMPLATE_LIB_H
17
18#include <linux/seq_file.h>
19#include "ima.h"
20
21void ima_show_template_digest(struct seq_file *m, enum ima_show_type show,
22 struct ima_field_data *field_data);
23void ima_show_template_digest_ng(struct seq_file *m, enum ima_show_type show,
24 struct ima_field_data *field_data);
25void ima_show_template_string(struct seq_file *m, enum ima_show_type show,
26 struct ima_field_data *field_data);
27void ima_show_template_sig(struct seq_file *m, enum ima_show_type show,
28 struct ima_field_data *field_data);
29int ima_eventdigest_init(struct integrity_iint_cache *iint, struct file *file,
30 const unsigned char *filename,
31 struct evm_ima_xattr_data *xattr_value, int xattr_len,
32 struct ima_field_data *field_data);
33int ima_eventname_init(struct integrity_iint_cache *iint, struct file *file,
34 const unsigned char *filename,
35 struct evm_ima_xattr_data *xattr_value, int xattr_len,
36 struct ima_field_data *field_data);
37int ima_eventdigest_ng_init(struct integrity_iint_cache *iint,
38 struct file *file, const unsigned char *filename,
39 struct evm_ima_xattr_data *xattr_value,
40 int xattr_len, struct ima_field_data *field_data);
41int ima_eventname_ng_init(struct integrity_iint_cache *iint, struct file *file,
42 const unsigned char *filename,
43 struct evm_ima_xattr_data *xattr_value, int xattr_len,
44 struct ima_field_data *field_data);
45int ima_eventsig_init(struct integrity_iint_cache *iint, struct file *file,
46 const unsigned char *filename,
47 struct evm_ima_xattr_data *xattr_value, int xattr_len,
48 struct ima_field_data *field_data);
49#endif /* __LINUX_IMA_TEMPLATE_LIB_H */
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index c42fb7a70dee..b9e7c133734a 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -54,25 +54,57 @@ enum evm_ima_xattr_type {
54 IMA_XATTR_DIGEST = 0x01, 54 IMA_XATTR_DIGEST = 0x01,
55 EVM_XATTR_HMAC, 55 EVM_XATTR_HMAC,
56 EVM_IMA_XATTR_DIGSIG, 56 EVM_IMA_XATTR_DIGSIG,
57 IMA_XATTR_DIGEST_NG,
57}; 58};
58 59
59struct evm_ima_xattr_data { 60struct evm_ima_xattr_data {
60 u8 type; 61 u8 type;
61 u8 digest[SHA1_DIGEST_SIZE]; 62 u8 digest[SHA1_DIGEST_SIZE];
62} __attribute__((packed)); 63} __packed;
64
65#define IMA_MAX_DIGEST_SIZE 64
66
67struct ima_digest_data {
68 u8 algo;
69 u8 length;
70 union {
71 struct {
72 u8 unused;
73 u8 type;
74 } sha1;
75 struct {
76 u8 type;
77 u8 algo;
78 } ng;
79 u8 data[2];
80 } xattr;
81 u8 digest[0];
82} __packed;
83
84/*
85 * signature format v2 - for using with asymmetric keys
86 */
87struct signature_v2_hdr {
88 uint8_t type; /* xattr type */
89 uint8_t version; /* signature format version */
90 uint8_t hash_algo; /* Digest algorithm [enum pkey_hash_algo] */
91 uint32_t keyid; /* IMA key identifier - not X509/PGP specific */
92 uint16_t sig_size; /* signature size */
93 uint8_t sig[0]; /* signature payload */
94} __packed;
63 95
64/* integrity data associated with an inode */ 96/* integrity data associated with an inode */
65struct integrity_iint_cache { 97struct integrity_iint_cache {
66 struct rb_node rb_node; /* rooted in integrity_iint_tree */ 98 struct rb_node rb_node; /* rooted in integrity_iint_tree */
67 struct inode *inode; /* back pointer to inode in question */ 99 struct inode *inode; /* back pointer to inode in question */
68 u64 version; /* track inode changes */ 100 u64 version; /* track inode changes */
69 unsigned long flags; 101 unsigned long flags;
70 struct evm_ima_xattr_data ima_xattr;
71 enum integrity_status ima_file_status:4; 102 enum integrity_status ima_file_status:4;
72 enum integrity_status ima_mmap_status:4; 103 enum integrity_status ima_mmap_status:4;
73 enum integrity_status ima_bprm_status:4; 104 enum integrity_status ima_bprm_status:4;
74 enum integrity_status ima_module_status:4; 105 enum integrity_status ima_module_status:4;
75 enum integrity_status evm_status:4; 106 enum integrity_status evm_status:4;
107 struct ima_digest_data *ima_hash;
76}; 108};
77 109
78/* rbtree tree calls to lookup, insert, delete 110/* rbtree tree calls to lookup, insert, delete
@@ -89,7 +121,7 @@ struct integrity_iint_cache *integrity_iint_find(struct inode *inode);
89#ifdef CONFIG_INTEGRITY_SIGNATURE 121#ifdef CONFIG_INTEGRITY_SIGNATURE
90 122
91int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, 123int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
92 const char *digest, int digestlen); 124 const char *digest, int digestlen);
93 125
94#else 126#else
95 127
@@ -105,12 +137,19 @@ static inline int integrity_digsig_verify(const unsigned int id,
105#ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS 137#ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS
106int asymmetric_verify(struct key *keyring, const char *sig, 138int asymmetric_verify(struct key *keyring, const char *sig,
107 int siglen, const char *data, int datalen); 139 int siglen, const char *data, int datalen);
140
141int integrity_init_keyring(const unsigned int id);
108#else 142#else
109static inline int asymmetric_verify(struct key *keyring, const char *sig, 143static inline int asymmetric_verify(struct key *keyring, const char *sig,
110 int siglen, const char *data, int datalen) 144 int siglen, const char *data, int datalen)
111{ 145{
112 return -EOPNOTSUPP; 146 return -EOPNOTSUPP;
113} 147}
148
149static int integrity_init_keyring(const unsigned int id)
150{
151 return 0;
152}
114#endif 153#endif
115 154
116#ifdef CONFIG_INTEGRITY_AUDIT 155#ifdef CONFIG_INTEGRITY_AUDIT
diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index a90d6d300dbd..a4f3f8c48d6e 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -4,6 +4,7 @@
4 4
5config KEYS 5config KEYS
6 bool "Enable access key retention support" 6 bool "Enable access key retention support"
7 select ASSOCIATIVE_ARRAY
7 help 8 help
8 This option provides support for retaining authentication tokens and 9 This option provides support for retaining authentication tokens and
9 access keys in the kernel. 10 access keys in the kernel.
@@ -19,6 +20,34 @@ config KEYS
19 20
20 If you are unsure as to whether this is required, answer N. 21 If you are unsure as to whether this is required, answer N.
21 22
23config PERSISTENT_KEYRINGS
24 bool "Enable register of persistent per-UID keyrings"
25 depends on KEYS
26 help
27 This option provides a register of persistent per-UID keyrings,
28 primarily aimed at Kerberos key storage. The keyrings are persistent
29 in the sense that they stay around after all processes of that UID
30 have exited, not that they survive the machine being rebooted.
31
32 A particular keyring may be accessed by either the user whose keyring
33 it is or by a process with administrative privileges. The active
34 LSMs gets to rule on which admin-level processes get to access the
35 cache.
36
37 Keyrings are created and added into the register upon demand and get
38 removed if they expire (a default timeout is set upon creation).
39
40config BIG_KEYS
41 bool "Large payload keys"
42 depends on KEYS
43 depends on TMPFS
44 help
45 This option provides support for holding large keys within the kernel
46 (for example Kerberos ticket caches). The data may be stored out to
47 swapspace by tmpfs.
48
49 If you are unsure as to whether this is required, answer N.
50
22config TRUSTED_KEYS 51config TRUSTED_KEYS
23 tristate "TRUSTED KEYS" 52 tristate "TRUSTED KEYS"
24 depends on KEYS && TCG_TPM 53 depends on KEYS && TCG_TPM
diff --git a/security/keys/Makefile b/security/keys/Makefile
index 504aaa008388..dfb3a7bededf 100644
--- a/security/keys/Makefile
+++ b/security/keys/Makefile
@@ -18,9 +18,11 @@ obj-y := \
18obj-$(CONFIG_KEYS_COMPAT) += compat.o 18obj-$(CONFIG_KEYS_COMPAT) += compat.o
19obj-$(CONFIG_PROC_FS) += proc.o 19obj-$(CONFIG_PROC_FS) += proc.o
20obj-$(CONFIG_SYSCTL) += sysctl.o 20obj-$(CONFIG_SYSCTL) += sysctl.o
21obj-$(CONFIG_PERSISTENT_KEYRINGS) += persistent.o
21 22
22# 23#
23# Key types 24# Key types
24# 25#
26obj-$(CONFIG_BIG_KEYS) += big_key.o
25obj-$(CONFIG_TRUSTED_KEYS) += trusted.o 27obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
26obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys/ 28obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys/
diff --git a/security/keys/big_key.c b/security/keys/big_key.c
new file mode 100644
index 000000000000..7f44c3207a9b
--- /dev/null
+++ b/security/keys/big_key.c
@@ -0,0 +1,207 @@
1/* Large capacity key type
2 *
3 * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/seq_file.h>
15#include <linux/file.h>
16#include <linux/shmem_fs.h>
17#include <linux/err.h>
18#include <keys/user-type.h>
19#include <keys/big_key-type.h>
20
21MODULE_LICENSE("GPL");
22
23/*
24 * If the data is under this limit, there's no point creating a shm file to
25 * hold it as the permanently resident metadata for the shmem fs will be at
26 * least as large as the data.
27 */
28#define BIG_KEY_FILE_THRESHOLD (sizeof(struct inode) + sizeof(struct dentry))
29
30/*
31 * big_key defined keys take an arbitrary string as the description and an
32 * arbitrary blob of data as the payload
33 */
34struct key_type key_type_big_key = {
35 .name = "big_key",
36 .def_lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
37 .instantiate = big_key_instantiate,
38 .match = user_match,
39 .revoke = big_key_revoke,
40 .destroy = big_key_destroy,
41 .describe = big_key_describe,
42 .read = big_key_read,
43};
44
45/*
46 * Instantiate a big key
47 */
48int big_key_instantiate(struct key *key, struct key_preparsed_payload *prep)
49{
50 struct path *path = (struct path *)&key->payload.data2;
51 struct file *file;
52 ssize_t written;
53 size_t datalen = prep->datalen;
54 int ret;
55
56 ret = -EINVAL;
57 if (datalen <= 0 || datalen > 1024 * 1024 || !prep->data)
58 goto error;
59
60 /* Set an arbitrary quota */
61 ret = key_payload_reserve(key, 16);
62 if (ret < 0)
63 goto error;
64
65 key->type_data.x[1] = datalen;
66
67 if (datalen > BIG_KEY_FILE_THRESHOLD) {
68 /* Create a shmem file to store the data in. This will permit the data
69 * to be swapped out if needed.
70 *
71 * TODO: Encrypt the stored data with a temporary key.
72 */
73 file = shmem_file_setup("", datalen, 0);
74 if (IS_ERR(file)) {
75 ret = PTR_ERR(file);
76 goto err_quota;
77 }
78
79 written = kernel_write(file, prep->data, prep->datalen, 0);
80 if (written != datalen) {
81 ret = written;
82 if (written >= 0)
83 ret = -ENOMEM;
84 goto err_fput;
85 }
86
87 /* Pin the mount and dentry to the key so that we can open it again
88 * later
89 */
90 *path = file->f_path;
91 path_get(path);
92 fput(file);
93 } else {
94 /* Just store the data in a buffer */
95 void *data = kmalloc(datalen, GFP_KERNEL);
96 if (!data) {
97 ret = -ENOMEM;
98 goto err_quota;
99 }
100
101 key->payload.data = memcpy(data, prep->data, prep->datalen);
102 }
103 return 0;
104
105err_fput:
106 fput(file);
107err_quota:
108 key_payload_reserve(key, 0);
109error:
110 return ret;
111}
112
113/*
114 * dispose of the links from a revoked keyring
115 * - called with the key sem write-locked
116 */
117void big_key_revoke(struct key *key)
118{
119 struct path *path = (struct path *)&key->payload.data2;
120
121 /* clear the quota */
122 key_payload_reserve(key, 0);
123 if (key_is_instantiated(key) && key->type_data.x[1] > BIG_KEY_FILE_THRESHOLD)
124 vfs_truncate(path, 0);
125}
126
127/*
128 * dispose of the data dangling from the corpse of a big_key key
129 */
130void big_key_destroy(struct key *key)
131{
132 if (key->type_data.x[1] > BIG_KEY_FILE_THRESHOLD) {
133 struct path *path = (struct path *)&key->payload.data2;
134 path_put(path);
135 path->mnt = NULL;
136 path->dentry = NULL;
137 } else {
138 kfree(key->payload.data);
139 key->payload.data = NULL;
140 }
141}
142
143/*
144 * describe the big_key key
145 */
146void big_key_describe(const struct key *key, struct seq_file *m)
147{
148 unsigned long datalen = key->type_data.x[1];
149
150 seq_puts(m, key->description);
151
152 if (key_is_instantiated(key))
153 seq_printf(m, ": %lu [%s]",
154 datalen,
155 datalen > BIG_KEY_FILE_THRESHOLD ? "file" : "buff");
156}
157
158/*
159 * read the key data
160 * - the key's semaphore is read-locked
161 */
162long big_key_read(const struct key *key, char __user *buffer, size_t buflen)
163{
164 unsigned long datalen = key->type_data.x[1];
165 long ret;
166
167 if (!buffer || buflen < datalen)
168 return datalen;
169
170 if (datalen > BIG_KEY_FILE_THRESHOLD) {
171 struct path *path = (struct path *)&key->payload.data2;
172 struct file *file;
173 loff_t pos;
174
175 file = dentry_open(path, O_RDONLY, current_cred());
176 if (IS_ERR(file))
177 return PTR_ERR(file);
178
179 pos = 0;
180 ret = vfs_read(file, buffer, datalen, &pos);
181 fput(file);
182 if (ret >= 0 && ret != datalen)
183 ret = -EIO;
184 } else {
185 ret = datalen;
186 if (copy_to_user(buffer, key->payload.data, datalen) != 0)
187 ret = -EFAULT;
188 }
189
190 return ret;
191}
192
193/*
194 * Module stuff
195 */
196static int __init big_key_init(void)
197{
198 return register_key_type(&key_type_big_key);
199}
200
201static void __exit big_key_cleanup(void)
202{
203 unregister_key_type(&key_type_big_key);
204}
205
206module_init(big_key_init);
207module_exit(big_key_cleanup);
diff --git a/security/keys/compat.c b/security/keys/compat.c
index d65fa7fa29ba..bbd32c729dbb 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -138,6 +138,9 @@ asmlinkage long compat_sys_keyctl(u32 option,
138 case KEYCTL_INVALIDATE: 138 case KEYCTL_INVALIDATE:
139 return keyctl_invalidate_key(arg2); 139 return keyctl_invalidate_key(arg2);
140 140
141 case KEYCTL_GET_PERSISTENT:
142 return keyctl_get_persistent(arg2, arg3);
143
141 default: 144 default:
142 return -EOPNOTSUPP; 145 return -EOPNOTSUPP;
143 } 146 }
diff --git a/security/keys/gc.c b/security/keys/gc.c
index d67c97bb1025..d3222b6d7d59 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -131,50 +131,6 @@ void key_gc_keytype(struct key_type *ktype)
131} 131}
132 132
133/* 133/*
134 * Garbage collect pointers from a keyring.
135 *
136 * Not called with any locks held. The keyring's key struct will not be
137 * deallocated under us as only our caller may deallocate it.
138 */
139static void key_gc_keyring(struct key *keyring, time_t limit)
140{
141 struct keyring_list *klist;
142 int loop;
143
144 kenter("%x", key_serial(keyring));
145
146 if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) |
147 (1 << KEY_FLAG_REVOKED)))
148 goto dont_gc;
149
150 /* scan the keyring looking for dead keys */
151 rcu_read_lock();
152 klist = rcu_dereference(keyring->payload.subscriptions);
153 if (!klist)
154 goto unlock_dont_gc;
155
156 loop = klist->nkeys;
157 smp_rmb();
158 for (loop--; loop >= 0; loop--) {
159 struct key *key = rcu_dereference(klist->keys[loop]);
160 if (key_is_dead(key, limit))
161 goto do_gc;
162 }
163
164unlock_dont_gc:
165 rcu_read_unlock();
166dont_gc:
167 kleave(" [no gc]");
168 return;
169
170do_gc:
171 rcu_read_unlock();
172
173 keyring_gc(keyring, limit);
174 kleave(" [gc]");
175}
176
177/*
178 * Garbage collect a list of unreferenced, detached keys 134 * Garbage collect a list of unreferenced, detached keys
179 */ 135 */
180static noinline void key_gc_unused_keys(struct list_head *keys) 136static noinline void key_gc_unused_keys(struct list_head *keys)
@@ -392,8 +348,7 @@ found_unreferenced_key:
392 */ 348 */
393found_keyring: 349found_keyring:
394 spin_unlock(&key_serial_lock); 350 spin_unlock(&key_serial_lock);
395 kdebug("scan keyring %d", key->serial); 351 keyring_gc(key, limit);
396 key_gc_keyring(key, limit);
397 goto maybe_resched; 352 goto maybe_resched;
398 353
399 /* We found a dead key that is still referenced. Reset its type and 354 /* We found a dead key that is still referenced. Reset its type and
diff --git a/security/keys/internal.h b/security/keys/internal.h
index d4f1468b9b50..80b2aac4f50c 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -89,42 +89,53 @@ extern struct key_type *key_type_lookup(const char *type);
89extern void key_type_put(struct key_type *ktype); 89extern void key_type_put(struct key_type *ktype);
90 90
91extern int __key_link_begin(struct key *keyring, 91extern int __key_link_begin(struct key *keyring,
92 const struct key_type *type, 92 const struct keyring_index_key *index_key,
93 const char *description, 93 struct assoc_array_edit **_edit);
94 unsigned long *_prealloc);
95extern int __key_link_check_live_key(struct key *keyring, struct key *key); 94extern int __key_link_check_live_key(struct key *keyring, struct key *key);
96extern void __key_link(struct key *keyring, struct key *key, 95extern void __key_link(struct key *key, struct assoc_array_edit **_edit);
97 unsigned long *_prealloc);
98extern void __key_link_end(struct key *keyring, 96extern void __key_link_end(struct key *keyring,
99 struct key_type *type, 97 const struct keyring_index_key *index_key,
100 unsigned long prealloc); 98 struct assoc_array_edit *edit);
101 99
102extern key_ref_t __keyring_search_one(key_ref_t keyring_ref, 100extern key_ref_t find_key_to_update(key_ref_t keyring_ref,
103 const struct key_type *type, 101 const struct keyring_index_key *index_key);
104 const char *description,
105 key_perm_t perm);
106 102
107extern struct key *keyring_search_instkey(struct key *keyring, 103extern struct key *keyring_search_instkey(struct key *keyring,
108 key_serial_t target_id); 104 key_serial_t target_id);
109 105
106extern int iterate_over_keyring(const struct key *keyring,
107 int (*func)(const struct key *key, void *data),
108 void *data);
109
110typedef int (*key_match_func_t)(const struct key *, const void *); 110typedef int (*key_match_func_t)(const struct key *, const void *);
111 111
112struct keyring_search_context {
113 struct keyring_index_key index_key;
114 const struct cred *cred;
115 key_match_func_t match;
116 const void *match_data;
117 unsigned flags;
118#define KEYRING_SEARCH_LOOKUP_TYPE 0x0001 /* [as type->def_lookup_type] */
119#define KEYRING_SEARCH_NO_STATE_CHECK 0x0002 /* Skip state checks */
120#define KEYRING_SEARCH_DO_STATE_CHECK 0x0004 /* Override NO_STATE_CHECK */
121#define KEYRING_SEARCH_NO_UPDATE_TIME 0x0008 /* Don't update times */
122#define KEYRING_SEARCH_NO_CHECK_PERM 0x0010 /* Don't check permissions */
123#define KEYRING_SEARCH_DETECT_TOO_DEEP 0x0020 /* Give an error on excessive depth */
124
125 int (*iterator)(const void *object, void *iterator_data);
126
127 /* Internal stuff */
128 int skipped_ret;
129 bool possessed;
130 key_ref_t result;
131 struct timespec now;
132};
133
112extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, 134extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
113 const struct cred *cred, 135 struct keyring_search_context *ctx);
114 struct key_type *type, 136
115 const void *description, 137extern key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx);
116 key_match_func_t match, 138extern key_ref_t search_process_keyrings(struct keyring_search_context *ctx);
117 bool no_state_check);
118
119extern key_ref_t search_my_process_keyrings(struct key_type *type,
120 const void *description,
121 key_match_func_t match,
122 bool no_state_check,
123 const struct cred *cred);
124extern key_ref_t search_process_keyrings(struct key_type *type,
125 const void *description,
126 key_match_func_t match,
127 const struct cred *cred);
128 139
129extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check); 140extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check);
130 141
@@ -202,7 +213,7 @@ extern struct key *key_get_instantiation_authkey(key_serial_t target_id);
202/* 213/*
203 * Determine whether a key is dead. 214 * Determine whether a key is dead.
204 */ 215 */
205static inline bool key_is_dead(struct key *key, time_t limit) 216static inline bool key_is_dead(const struct key *key, time_t limit)
206{ 217{
207 return 218 return
208 key->flags & ((1 << KEY_FLAG_DEAD) | 219 key->flags & ((1 << KEY_FLAG_DEAD) |
@@ -244,6 +255,15 @@ extern long keyctl_invalidate_key(key_serial_t);
244extern long keyctl_instantiate_key_common(key_serial_t, 255extern long keyctl_instantiate_key_common(key_serial_t,
245 const struct iovec *, 256 const struct iovec *,
246 unsigned, size_t, key_serial_t); 257 unsigned, size_t, key_serial_t);
258#ifdef CONFIG_PERSISTENT_KEYRINGS
259extern long keyctl_get_persistent(uid_t, key_serial_t);
260extern unsigned persistent_keyring_expiry;
261#else
262static inline long keyctl_get_persistent(uid_t uid, key_serial_t destring)
263{
264 return -EOPNOTSUPP;
265}
266#endif
247 267
248/* 268/*
249 * Debugging key validation 269 * Debugging key validation
diff --git a/security/keys/key.c b/security/keys/key.c
index 8fb7c7bd4657..55d110f0aced 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -242,8 +242,8 @@ struct key *key_alloc(struct key_type *type, const char *desc,
242 } 242 }
243 } 243 }
244 244
245 desclen = strlen(desc) + 1; 245 desclen = strlen(desc);
246 quotalen = desclen + type->def_datalen; 246 quotalen = desclen + 1 + type->def_datalen;
247 247
248 /* get hold of the key tracking for this user */ 248 /* get hold of the key tracking for this user */
249 user = key_user_lookup(uid); 249 user = key_user_lookup(uid);
@@ -277,7 +277,8 @@ struct key *key_alloc(struct key_type *type, const char *desc,
277 goto no_memory_2; 277 goto no_memory_2;
278 278
279 if (desc) { 279 if (desc) {
280 key->description = kmemdup(desc, desclen, GFP_KERNEL); 280 key->index_key.desc_len = desclen;
281 key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL);
281 if (!key->description) 282 if (!key->description)
282 goto no_memory_3; 283 goto no_memory_3;
283 } 284 }
@@ -285,7 +286,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
285 atomic_set(&key->usage, 1); 286 atomic_set(&key->usage, 1);
286 init_rwsem(&key->sem); 287 init_rwsem(&key->sem);
287 lockdep_set_class(&key->sem, &type->lock_class); 288 lockdep_set_class(&key->sem, &type->lock_class);
288 key->type = type; 289 key->index_key.type = type;
289 key->user = user; 290 key->user = user;
290 key->quotalen = quotalen; 291 key->quotalen = quotalen;
291 key->datalen = type->def_datalen; 292 key->datalen = type->def_datalen;
@@ -299,6 +300,8 @@ struct key *key_alloc(struct key_type *type, const char *desc,
299 300
300 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) 301 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA))
301 key->flags |= 1 << KEY_FLAG_IN_QUOTA; 302 key->flags |= 1 << KEY_FLAG_IN_QUOTA;
303 if (flags & KEY_ALLOC_TRUSTED)
304 key->flags |= 1 << KEY_FLAG_TRUSTED;
302 305
303 memset(&key->type_data, 0, sizeof(key->type_data)); 306 memset(&key->type_data, 0, sizeof(key->type_data));
304 307
@@ -408,7 +411,7 @@ static int __key_instantiate_and_link(struct key *key,
408 struct key_preparsed_payload *prep, 411 struct key_preparsed_payload *prep,
409 struct key *keyring, 412 struct key *keyring,
410 struct key *authkey, 413 struct key *authkey,
411 unsigned long *_prealloc) 414 struct assoc_array_edit **_edit)
412{ 415{
413 int ret, awaken; 416 int ret, awaken;
414 417
@@ -435,7 +438,7 @@ static int __key_instantiate_and_link(struct key *key,
435 438
436 /* and link it into the destination keyring */ 439 /* and link it into the destination keyring */
437 if (keyring) 440 if (keyring)
438 __key_link(keyring, key, _prealloc); 441 __key_link(key, _edit);
439 442
440 /* disable the authorisation key */ 443 /* disable the authorisation key */
441 if (authkey) 444 if (authkey)
@@ -475,7 +478,7 @@ int key_instantiate_and_link(struct key *key,
475 struct key *authkey) 478 struct key *authkey)
476{ 479{
477 struct key_preparsed_payload prep; 480 struct key_preparsed_payload prep;
478 unsigned long prealloc; 481 struct assoc_array_edit *edit;
479 int ret; 482 int ret;
480 483
481 memset(&prep, 0, sizeof(prep)); 484 memset(&prep, 0, sizeof(prep));
@@ -489,17 +492,15 @@ int key_instantiate_and_link(struct key *key,
489 } 492 }
490 493
491 if (keyring) { 494 if (keyring) {
492 ret = __key_link_begin(keyring, key->type, key->description, 495 ret = __key_link_begin(keyring, &key->index_key, &edit);
493 &prealloc);
494 if (ret < 0) 496 if (ret < 0)
495 goto error_free_preparse; 497 goto error_free_preparse;
496 } 498 }
497 499
498 ret = __key_instantiate_and_link(key, &prep, keyring, authkey, 500 ret = __key_instantiate_and_link(key, &prep, keyring, authkey, &edit);
499 &prealloc);
500 501
501 if (keyring) 502 if (keyring)
502 __key_link_end(keyring, key->type, prealloc); 503 __key_link_end(keyring, &key->index_key, edit);
503 504
504error_free_preparse: 505error_free_preparse:
505 if (key->type->preparse) 506 if (key->type->preparse)
@@ -537,7 +538,7 @@ int key_reject_and_link(struct key *key,
537 struct key *keyring, 538 struct key *keyring,
538 struct key *authkey) 539 struct key *authkey)
539{ 540{
540 unsigned long prealloc; 541 struct assoc_array_edit *edit;
541 struct timespec now; 542 struct timespec now;
542 int ret, awaken, link_ret = 0; 543 int ret, awaken, link_ret = 0;
543 544
@@ -548,8 +549,7 @@ int key_reject_and_link(struct key *key,
548 ret = -EBUSY; 549 ret = -EBUSY;
549 550
550 if (keyring) 551 if (keyring)
551 link_ret = __key_link_begin(keyring, key->type, 552 link_ret = __key_link_begin(keyring, &key->index_key, &edit);
552 key->description, &prealloc);
553 553
554 mutex_lock(&key_construction_mutex); 554 mutex_lock(&key_construction_mutex);
555 555
@@ -557,9 +557,10 @@ int key_reject_and_link(struct key *key,
557 if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { 557 if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
558 /* mark the key as being negatively instantiated */ 558 /* mark the key as being negatively instantiated */
559 atomic_inc(&key->user->nikeys); 559 atomic_inc(&key->user->nikeys);
560 key->type_data.reject_error = -error;
561 smp_wmb();
560 set_bit(KEY_FLAG_NEGATIVE, &key->flags); 562 set_bit(KEY_FLAG_NEGATIVE, &key->flags);
561 set_bit(KEY_FLAG_INSTANTIATED, &key->flags); 563 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
562 key->type_data.reject_error = -error;
563 now = current_kernel_time(); 564 now = current_kernel_time();
564 key->expiry = now.tv_sec + timeout; 565 key->expiry = now.tv_sec + timeout;
565 key_schedule_gc(key->expiry + key_gc_delay); 566 key_schedule_gc(key->expiry + key_gc_delay);
@@ -571,7 +572,7 @@ int key_reject_and_link(struct key *key,
571 572
572 /* and link it into the destination keyring */ 573 /* and link it into the destination keyring */
573 if (keyring && link_ret == 0) 574 if (keyring && link_ret == 0)
574 __key_link(keyring, key, &prealloc); 575 __key_link(key, &edit);
575 576
576 /* disable the authorisation key */ 577 /* disable the authorisation key */
577 if (authkey) 578 if (authkey)
@@ -581,7 +582,7 @@ int key_reject_and_link(struct key *key,
581 mutex_unlock(&key_construction_mutex); 582 mutex_unlock(&key_construction_mutex);
582 583
583 if (keyring) 584 if (keyring)
584 __key_link_end(keyring, key->type, prealloc); 585 __key_link_end(keyring, &key->index_key, edit);
585 586
586 /* wake up anyone waiting for a key to be constructed */ 587 /* wake up anyone waiting for a key to be constructed */
587 if (awaken) 588 if (awaken)
@@ -645,7 +646,7 @@ found:
645 /* this races with key_put(), but that doesn't matter since key_put() 646 /* this races with key_put(), but that doesn't matter since key_put()
646 * doesn't actually change the key 647 * doesn't actually change the key
647 */ 648 */
648 atomic_inc(&key->usage); 649 __key_get(key);
649 650
650error: 651error:
651 spin_unlock(&key_serial_lock); 652 spin_unlock(&key_serial_lock);
@@ -780,25 +781,27 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
780 key_perm_t perm, 781 key_perm_t perm,
781 unsigned long flags) 782 unsigned long flags)
782{ 783{
783 unsigned long prealloc; 784 struct keyring_index_key index_key = {
785 .description = description,
786 };
784 struct key_preparsed_payload prep; 787 struct key_preparsed_payload prep;
788 struct assoc_array_edit *edit;
785 const struct cred *cred = current_cred(); 789 const struct cred *cred = current_cred();
786 struct key_type *ktype;
787 struct key *keyring, *key = NULL; 790 struct key *keyring, *key = NULL;
788 key_ref_t key_ref; 791 key_ref_t key_ref;
789 int ret; 792 int ret;
790 793
791 /* look up the key type to see if it's one of the registered kernel 794 /* look up the key type to see if it's one of the registered kernel
792 * types */ 795 * types */
793 ktype = key_type_lookup(type); 796 index_key.type = key_type_lookup(type);
794 if (IS_ERR(ktype)) { 797 if (IS_ERR(index_key.type)) {
795 key_ref = ERR_PTR(-ENODEV); 798 key_ref = ERR_PTR(-ENODEV);
796 goto error; 799 goto error;
797 } 800 }
798 801
799 key_ref = ERR_PTR(-EINVAL); 802 key_ref = ERR_PTR(-EINVAL);
800 if (!ktype->match || !ktype->instantiate || 803 if (!index_key.type->match || !index_key.type->instantiate ||
801 (!description && !ktype->preparse)) 804 (!index_key.description && !index_key.type->preparse))
802 goto error_put_type; 805 goto error_put_type;
803 806
804 keyring = key_ref_to_ptr(keyring_ref); 807 keyring = key_ref_to_ptr(keyring_ref);
@@ -812,21 +815,28 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
812 memset(&prep, 0, sizeof(prep)); 815 memset(&prep, 0, sizeof(prep));
813 prep.data = payload; 816 prep.data = payload;
814 prep.datalen = plen; 817 prep.datalen = plen;
815 prep.quotalen = ktype->def_datalen; 818 prep.quotalen = index_key.type->def_datalen;
816 if (ktype->preparse) { 819 prep.trusted = flags & KEY_ALLOC_TRUSTED;
817 ret = ktype->preparse(&prep); 820 if (index_key.type->preparse) {
821 ret = index_key.type->preparse(&prep);
818 if (ret < 0) { 822 if (ret < 0) {
819 key_ref = ERR_PTR(ret); 823 key_ref = ERR_PTR(ret);
820 goto error_put_type; 824 goto error_put_type;
821 } 825 }
822 if (!description) 826 if (!index_key.description)
823 description = prep.description; 827 index_key.description = prep.description;
824 key_ref = ERR_PTR(-EINVAL); 828 key_ref = ERR_PTR(-EINVAL);
825 if (!description) 829 if (!index_key.description)
826 goto error_free_prep; 830 goto error_free_prep;
827 } 831 }
832 index_key.desc_len = strlen(index_key.description);
833
834 key_ref = ERR_PTR(-EPERM);
835 if (!prep.trusted && test_bit(KEY_FLAG_TRUSTED_ONLY, &keyring->flags))
836 goto error_free_prep;
837 flags |= prep.trusted ? KEY_ALLOC_TRUSTED : 0;
828 838
829 ret = __key_link_begin(keyring, ktype, description, &prealloc); 839 ret = __key_link_begin(keyring, &index_key, &edit);
830 if (ret < 0) { 840 if (ret < 0) {
831 key_ref = ERR_PTR(ret); 841 key_ref = ERR_PTR(ret);
832 goto error_free_prep; 842 goto error_free_prep;
@@ -844,10 +854,9 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
844 * key of the same type and description in the destination keyring and 854 * key of the same type and description in the destination keyring and
845 * update that instead if possible 855 * update that instead if possible
846 */ 856 */
847 if (ktype->update) { 857 if (index_key.type->update) {
848 key_ref = __keyring_search_one(keyring_ref, ktype, description, 858 key_ref = find_key_to_update(keyring_ref, &index_key);
849 0); 859 if (key_ref)
850 if (!IS_ERR(key_ref))
851 goto found_matching_key; 860 goto found_matching_key;
852 } 861 }
853 862
@@ -856,23 +865,24 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
856 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; 865 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
857 perm |= KEY_USR_VIEW; 866 perm |= KEY_USR_VIEW;
858 867
859 if (ktype->read) 868 if (index_key.type->read)
860 perm |= KEY_POS_READ; 869 perm |= KEY_POS_READ;
861 870
862 if (ktype == &key_type_keyring || ktype->update) 871 if (index_key.type == &key_type_keyring ||
872 index_key.type->update)
863 perm |= KEY_POS_WRITE; 873 perm |= KEY_POS_WRITE;
864 } 874 }
865 875
866 /* allocate a new key */ 876 /* allocate a new key */
867 key = key_alloc(ktype, description, cred->fsuid, cred->fsgid, cred, 877 key = key_alloc(index_key.type, index_key.description,
868 perm, flags); 878 cred->fsuid, cred->fsgid, cred, perm, flags);
869 if (IS_ERR(key)) { 879 if (IS_ERR(key)) {
870 key_ref = ERR_CAST(key); 880 key_ref = ERR_CAST(key);
871 goto error_link_end; 881 goto error_link_end;
872 } 882 }
873 883
874 /* instantiate it and link it into the target keyring */ 884 /* instantiate it and link it into the target keyring */
875 ret = __key_instantiate_and_link(key, &prep, keyring, NULL, &prealloc); 885 ret = __key_instantiate_and_link(key, &prep, keyring, NULL, &edit);
876 if (ret < 0) { 886 if (ret < 0) {
877 key_put(key); 887 key_put(key);
878 key_ref = ERR_PTR(ret); 888 key_ref = ERR_PTR(ret);
@@ -882,12 +892,12 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
882 key_ref = make_key_ref(key, is_key_possessed(keyring_ref)); 892 key_ref = make_key_ref(key, is_key_possessed(keyring_ref));
883 893
884error_link_end: 894error_link_end:
885 __key_link_end(keyring, ktype, prealloc); 895 __key_link_end(keyring, &index_key, edit);
886error_free_prep: 896error_free_prep:
887 if (ktype->preparse) 897 if (index_key.type->preparse)
888 ktype->free_preparse(&prep); 898 index_key.type->free_preparse(&prep);
889error_put_type: 899error_put_type:
890 key_type_put(ktype); 900 key_type_put(index_key.type);
891error: 901error:
892 return key_ref; 902 return key_ref;
893 903
@@ -895,7 +905,7 @@ error:
895 /* we found a matching key, so we're going to try to update it 905 /* we found a matching key, so we're going to try to update it
896 * - we can drop the locks first as we have the key pinned 906 * - we can drop the locks first as we have the key pinned
897 */ 907 */
898 __key_link_end(keyring, ktype, prealloc); 908 __key_link_end(keyring, &index_key, edit);
899 909
900 key_ref = __key_update(key_ref, &prep); 910 key_ref = __key_update(key_ref, &prep);
901 goto error_free_prep; 911 goto error_free_prep;
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 33cfd27b4de2..cee72ce64222 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1667,6 +1667,9 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
1667 case KEYCTL_INVALIDATE: 1667 case KEYCTL_INVALIDATE:
1668 return keyctl_invalidate_key((key_serial_t) arg2); 1668 return keyctl_invalidate_key((key_serial_t) arg2);
1669 1669
1670 case KEYCTL_GET_PERSISTENT:
1671 return keyctl_get_persistent((uid_t)arg2, (key_serial_t)arg3);
1672
1670 default: 1673 default:
1671 return -EOPNOTSUPP; 1674 return -EOPNOTSUPP;
1672 } 1675 }
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 6ece7f2e5707..69f0cb7bab7e 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -1,6 +1,6 @@
1/* Keyring handling 1/* Keyring handling
2 * 2 *
3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004-2005, 2008, 2013 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
5 * 5 *
6 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -17,25 +17,11 @@
17#include <linux/seq_file.h> 17#include <linux/seq_file.h>
18#include <linux/err.h> 18#include <linux/err.h>
19#include <keys/keyring-type.h> 19#include <keys/keyring-type.h>
20#include <keys/user-type.h>
21#include <linux/assoc_array_priv.h>
20#include <linux/uaccess.h> 22#include <linux/uaccess.h>
21#include "internal.h" 23#include "internal.h"
22 24
23#define rcu_dereference_locked_keyring(keyring) \
24 (rcu_dereference_protected( \
25 (keyring)->payload.subscriptions, \
26 rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))
27
28#define rcu_deref_link_locked(klist, index, keyring) \
29 (rcu_dereference_protected( \
30 (klist)->keys[index], \
31 rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))
32
33#define MAX_KEYRING_LINKS \
34 min_t(size_t, USHRT_MAX - 1, \
35 ((PAGE_SIZE - sizeof(struct keyring_list)) / sizeof(struct key *)))
36
37#define KEY_LINK_FIXQUOTA 1UL
38
39/* 25/*
40 * When plumbing the depths of the key tree, this sets a hard limit 26 * When plumbing the depths of the key tree, this sets a hard limit
41 * set on how deep we're willing to go. 27 * set on how deep we're willing to go.
@@ -47,6 +33,28 @@
47 */ 33 */
48#define KEYRING_NAME_HASH_SIZE (1 << 5) 34#define KEYRING_NAME_HASH_SIZE (1 << 5)
49 35
36/*
37 * We mark pointers we pass to the associative array with bit 1 set if
38 * they're keyrings and clear otherwise.
39 */
40#define KEYRING_PTR_SUBTYPE 0x2UL
41
42static inline bool keyring_ptr_is_keyring(const struct assoc_array_ptr *x)
43{
44 return (unsigned long)x & KEYRING_PTR_SUBTYPE;
45}
46static inline struct key *keyring_ptr_to_key(const struct assoc_array_ptr *x)
47{
48 void *object = assoc_array_ptr_to_leaf(x);
49 return (struct key *)((unsigned long)object & ~KEYRING_PTR_SUBTYPE);
50}
51static inline void *keyring_key_to_ptr(struct key *key)
52{
53 if (key->type == &key_type_keyring)
54 return (void *)((unsigned long)key | KEYRING_PTR_SUBTYPE);
55 return key;
56}
57
50static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE]; 58static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE];
51static DEFINE_RWLOCK(keyring_name_lock); 59static DEFINE_RWLOCK(keyring_name_lock);
52 60
@@ -67,7 +75,6 @@ static inline unsigned keyring_hash(const char *desc)
67 */ 75 */
68static int keyring_instantiate(struct key *keyring, 76static int keyring_instantiate(struct key *keyring,
69 struct key_preparsed_payload *prep); 77 struct key_preparsed_payload *prep);
70static int keyring_match(const struct key *keyring, const void *criterion);
71static void keyring_revoke(struct key *keyring); 78static void keyring_revoke(struct key *keyring);
72static void keyring_destroy(struct key *keyring); 79static void keyring_destroy(struct key *keyring);
73static void keyring_describe(const struct key *keyring, struct seq_file *m); 80static void keyring_describe(const struct key *keyring, struct seq_file *m);
@@ -76,9 +83,9 @@ static long keyring_read(const struct key *keyring,
76 83
77struct key_type key_type_keyring = { 84struct key_type key_type_keyring = {
78 .name = "keyring", 85 .name = "keyring",
79 .def_datalen = sizeof(struct keyring_list), 86 .def_datalen = 0,
80 .instantiate = keyring_instantiate, 87 .instantiate = keyring_instantiate,
81 .match = keyring_match, 88 .match = user_match,
82 .revoke = keyring_revoke, 89 .revoke = keyring_revoke,
83 .destroy = keyring_destroy, 90 .destroy = keyring_destroy,
84 .describe = keyring_describe, 91 .describe = keyring_describe,
@@ -127,6 +134,7 @@ static int keyring_instantiate(struct key *keyring,
127 134
128 ret = -EINVAL; 135 ret = -EINVAL;
129 if (prep->datalen == 0) { 136 if (prep->datalen == 0) {
137 assoc_array_init(&keyring->keys);
130 /* make the keyring available by name if it has one */ 138 /* make the keyring available by name if it has one */
131 keyring_publish_name(keyring); 139 keyring_publish_name(keyring);
132 ret = 0; 140 ret = 0;
@@ -136,15 +144,226 @@ static int keyring_instantiate(struct key *keyring,
136} 144}
137 145
138/* 146/*
139 * Match keyrings on their name 147 * Multiply 64-bits by 32-bits to 96-bits and fold back to 64-bit. Ideally we'd
148 * fold the carry back too, but that requires inline asm.
149 */
150static u64 mult_64x32_and_fold(u64 x, u32 y)
151{
152 u64 hi = (u64)(u32)(x >> 32) * y;
153 u64 lo = (u64)(u32)(x) * y;
154 return lo + ((u64)(u32)hi << 32) + (u32)(hi >> 32);
155}
156
157/*
158 * Hash a key type and description.
159 */
160static unsigned long hash_key_type_and_desc(const struct keyring_index_key *index_key)
161{
162 const unsigned level_shift = ASSOC_ARRAY_LEVEL_STEP;
163 const unsigned long level_mask = ASSOC_ARRAY_LEVEL_STEP_MASK;
164 const char *description = index_key->description;
165 unsigned long hash, type;
166 u32 piece;
167 u64 acc;
168 int n, desc_len = index_key->desc_len;
169
170 type = (unsigned long)index_key->type;
171
172 acc = mult_64x32_and_fold(type, desc_len + 13);
173 acc = mult_64x32_and_fold(acc, 9207);
174 for (;;) {
175 n = desc_len;
176 if (n <= 0)
177 break;
178 if (n > 4)
179 n = 4;
180 piece = 0;
181 memcpy(&piece, description, n);
182 description += n;
183 desc_len -= n;
184 acc = mult_64x32_and_fold(acc, piece);
185 acc = mult_64x32_and_fold(acc, 9207);
186 }
187
188 /* Fold the hash down to 32 bits if need be. */
189 hash = acc;
190 if (ASSOC_ARRAY_KEY_CHUNK_SIZE == 32)
191 hash ^= acc >> 32;
192
193 /* Squidge all the keyrings into a separate part of the tree to
194 * ordinary keys by making sure the lowest level segment in the hash is
195 * zero for keyrings and non-zero otherwise.
196 */
197 if (index_key->type != &key_type_keyring && (hash & level_mask) == 0)
198 return hash | (hash >> (ASSOC_ARRAY_KEY_CHUNK_SIZE - level_shift)) | 1;
199 if (index_key->type == &key_type_keyring && (hash & level_mask) != 0)
200 return (hash + (hash << level_shift)) & ~level_mask;
201 return hash;
202}
203
204/*
205 * Build the next index key chunk.
206 *
207 * On 32-bit systems the index key is laid out as:
208 *
209 * 0 4 5 9...
210 * hash desclen typeptr desc[]
211 *
212 * On 64-bit systems:
213 *
214 * 0 8 9 17...
215 * hash desclen typeptr desc[]
216 *
217 * We return it one word-sized chunk at a time.
140 */ 218 */
141static int keyring_match(const struct key *keyring, const void *description) 219static unsigned long keyring_get_key_chunk(const void *data, int level)
220{
221 const struct keyring_index_key *index_key = data;
222 unsigned long chunk = 0;
223 long offset = 0;
224 int desc_len = index_key->desc_len, n = sizeof(chunk);
225
226 level /= ASSOC_ARRAY_KEY_CHUNK_SIZE;
227 switch (level) {
228 case 0:
229 return hash_key_type_and_desc(index_key);
230 case 1:
231 return ((unsigned long)index_key->type << 8) | desc_len;
232 case 2:
233 if (desc_len == 0)
234 return (u8)((unsigned long)index_key->type >>
235 (ASSOC_ARRAY_KEY_CHUNK_SIZE - 8));
236 n--;
237 offset = 1;
238 default:
239 offset += sizeof(chunk) - 1;
240 offset += (level - 3) * sizeof(chunk);
241 if (offset >= desc_len)
242 return 0;
243 desc_len -= offset;
244 if (desc_len > n)
245 desc_len = n;
246 offset += desc_len;
247 do {
248 chunk <<= 8;
249 chunk |= ((u8*)index_key->description)[--offset];
250 } while (--desc_len > 0);
251
252 if (level == 2) {
253 chunk <<= 8;
254 chunk |= (u8)((unsigned long)index_key->type >>
255 (ASSOC_ARRAY_KEY_CHUNK_SIZE - 8));
256 }
257 return chunk;
258 }
259}
260
261static unsigned long keyring_get_object_key_chunk(const void *object, int level)
262{
263 const struct key *key = keyring_ptr_to_key(object);
264 return keyring_get_key_chunk(&key->index_key, level);
265}
266
267static bool keyring_compare_object(const void *object, const void *data)
142{ 268{
143 return keyring->description && 269 const struct keyring_index_key *index_key = data;
144 strcmp(keyring->description, description) == 0; 270 const struct key *key = keyring_ptr_to_key(object);
271
272 return key->index_key.type == index_key->type &&
273 key->index_key.desc_len == index_key->desc_len &&
274 memcmp(key->index_key.description, index_key->description,
275 index_key->desc_len) == 0;
145} 276}
146 277
147/* 278/*
279 * Compare the index keys of a pair of objects and determine the bit position
280 * at which they differ - if they differ.
281 */
282static int keyring_diff_objects(const void *_a, const void *_b)
283{
284 const struct key *key_a = keyring_ptr_to_key(_a);
285 const struct key *key_b = keyring_ptr_to_key(_b);
286 const struct keyring_index_key *a = &key_a->index_key;
287 const struct keyring_index_key *b = &key_b->index_key;
288 unsigned long seg_a, seg_b;
289 int level, i;
290
291 level = 0;
292 seg_a = hash_key_type_and_desc(a);
293 seg_b = hash_key_type_and_desc(b);
294 if ((seg_a ^ seg_b) != 0)
295 goto differ;
296
297 /* The number of bits contributed by the hash is controlled by a
298 * constant in the assoc_array headers. Everything else thereafter we
299 * can deal with as being machine word-size dependent.
300 */
301 level += ASSOC_ARRAY_KEY_CHUNK_SIZE / 8;
302 seg_a = a->desc_len;
303 seg_b = b->desc_len;
304 if ((seg_a ^ seg_b) != 0)
305 goto differ;
306
307 /* The next bit may not work on big endian */
308 level++;
309 seg_a = (unsigned long)a->type;
310 seg_b = (unsigned long)b->type;
311 if ((seg_a ^ seg_b) != 0)
312 goto differ;
313
314 level += sizeof(unsigned long);
315 if (a->desc_len == 0)
316 goto same;
317
318 i = 0;
319 if (((unsigned long)a->description | (unsigned long)b->description) &
320 (sizeof(unsigned long) - 1)) {
321 do {
322 seg_a = *(unsigned long *)(a->description + i);
323 seg_b = *(unsigned long *)(b->description + i);
324 if ((seg_a ^ seg_b) != 0)
325 goto differ_plus_i;
326 i += sizeof(unsigned long);
327 } while (i < (a->desc_len & (sizeof(unsigned long) - 1)));
328 }
329
330 for (; i < a->desc_len; i++) {
331 seg_a = *(unsigned char *)(a->description + i);
332 seg_b = *(unsigned char *)(b->description + i);
333 if ((seg_a ^ seg_b) != 0)
334 goto differ_plus_i;
335 }
336
337same:
338 return -1;
339
340differ_plus_i:
341 level += i;
342differ:
343 i = level * 8 + __ffs(seg_a ^ seg_b);
344 return i;
345}
346
347/*
348 * Free an object after stripping the keyring flag off of the pointer.
349 */
350static void keyring_free_object(void *object)
351{
352 key_put(keyring_ptr_to_key(object));
353}
354
355/*
356 * Operations for keyring management by the index-tree routines.
357 */
358static const struct assoc_array_ops keyring_assoc_array_ops = {
359 .get_key_chunk = keyring_get_key_chunk,
360 .get_object_key_chunk = keyring_get_object_key_chunk,
361 .compare_object = keyring_compare_object,
362 .diff_objects = keyring_diff_objects,
363 .free_object = keyring_free_object,
364};
365
366/*
148 * Clean up a keyring when it is destroyed. Unpublish its name if it had one 367 * Clean up a keyring when it is destroyed. Unpublish its name if it had one
149 * and dispose of its data. 368 * and dispose of its data.
150 * 369 *
@@ -155,9 +374,6 @@ static int keyring_match(const struct key *keyring, const void *description)
155 */ 374 */
156static void keyring_destroy(struct key *keyring) 375static void keyring_destroy(struct key *keyring)
157{ 376{
158 struct keyring_list *klist;
159 int loop;
160
161 if (keyring->description) { 377 if (keyring->description) {
162 write_lock(&keyring_name_lock); 378 write_lock(&keyring_name_lock);
163 379
@@ -168,12 +384,7 @@ static void keyring_destroy(struct key *keyring)
168 write_unlock(&keyring_name_lock); 384 write_unlock(&keyring_name_lock);
169 } 385 }
170 386
171 klist = rcu_access_pointer(keyring->payload.subscriptions); 387 assoc_array_destroy(&keyring->keys, &keyring_assoc_array_ops);
172 if (klist) {
173 for (loop = klist->nkeys - 1; loop >= 0; loop--)
174 key_put(rcu_access_pointer(klist->keys[loop]));
175 kfree(klist);
176 }
177} 388}
178 389
179/* 390/*
@@ -181,76 +392,88 @@ static void keyring_destroy(struct key *keyring)
181 */ 392 */
182static void keyring_describe(const struct key *keyring, struct seq_file *m) 393static void keyring_describe(const struct key *keyring, struct seq_file *m)
183{ 394{
184 struct keyring_list *klist;
185
186 if (keyring->description) 395 if (keyring->description)
187 seq_puts(m, keyring->description); 396 seq_puts(m, keyring->description);
188 else 397 else
189 seq_puts(m, "[anon]"); 398 seq_puts(m, "[anon]");
190 399
191 if (key_is_instantiated(keyring)) { 400 if (key_is_instantiated(keyring)) {
192 rcu_read_lock(); 401 if (keyring->keys.nr_leaves_on_tree != 0)
193 klist = rcu_dereference(keyring->payload.subscriptions); 402 seq_printf(m, ": %lu", keyring->keys.nr_leaves_on_tree);
194 if (klist)
195 seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys);
196 else 403 else
197 seq_puts(m, ": empty"); 404 seq_puts(m, ": empty");
198 rcu_read_unlock();
199 } 405 }
200} 406}
201 407
408struct keyring_read_iterator_context {
409 size_t qty;
410 size_t count;
411 key_serial_t __user *buffer;
412};
413
414static int keyring_read_iterator(const void *object, void *data)
415{
416 struct keyring_read_iterator_context *ctx = data;
417 const struct key *key = keyring_ptr_to_key(object);
418 int ret;
419
420 kenter("{%s,%d},,{%zu/%zu}",
421 key->type->name, key->serial, ctx->count, ctx->qty);
422
423 if (ctx->count >= ctx->qty)
424 return 1;
425
426 ret = put_user(key->serial, ctx->buffer);
427 if (ret < 0)
428 return ret;
429 ctx->buffer++;
430 ctx->count += sizeof(key->serial);
431 return 0;
432}
433
202/* 434/*
203 * Read a list of key IDs from the keyring's contents in binary form 435 * Read a list of key IDs from the keyring's contents in binary form
204 * 436 *
205 * The keyring's semaphore is read-locked by the caller. 437 * The keyring's semaphore is read-locked by the caller. This prevents someone
438 * from modifying it under us - which could cause us to read key IDs multiple
439 * times.
206 */ 440 */
207static long keyring_read(const struct key *keyring, 441static long keyring_read(const struct key *keyring,
208 char __user *buffer, size_t buflen) 442 char __user *buffer, size_t buflen)
209{ 443{
210 struct keyring_list *klist; 444 struct keyring_read_iterator_context ctx;
211 struct key *key; 445 unsigned long nr_keys;
212 size_t qty, tmp; 446 int ret;
213 int loop, ret;
214 447
215 ret = 0; 448 kenter("{%d},,%zu", key_serial(keyring), buflen);
216 klist = rcu_dereference_locked_keyring(keyring); 449
217 if (klist) { 450 if (buflen & (sizeof(key_serial_t) - 1))
218 /* calculate how much data we could return */ 451 return -EINVAL;
219 qty = klist->nkeys * sizeof(key_serial_t); 452
220 453 nr_keys = keyring->keys.nr_leaves_on_tree;
221 if (buffer && buflen > 0) { 454 if (nr_keys == 0)
222 if (buflen > qty) 455 return 0;
223 buflen = qty;
224
225 /* copy the IDs of the subscribed keys into the
226 * buffer */
227 ret = -EFAULT;
228
229 for (loop = 0; loop < klist->nkeys; loop++) {
230 key = rcu_deref_link_locked(klist, loop,
231 keyring);
232
233 tmp = sizeof(key_serial_t);
234 if (tmp > buflen)
235 tmp = buflen;
236
237 if (copy_to_user(buffer,
238 &key->serial,
239 tmp) != 0)
240 goto error;
241
242 buflen -= tmp;
243 if (buflen == 0)
244 break;
245 buffer += tmp;
246 }
247 }
248 456
249 ret = qty; 457 /* Calculate how much data we could return */
458 ctx.qty = nr_keys * sizeof(key_serial_t);
459
460 if (!buffer || !buflen)
461 return ctx.qty;
462
463 if (buflen > ctx.qty)
464 ctx.qty = buflen;
465
466 /* Copy the IDs of the subscribed keys into the buffer */
467 ctx.buffer = (key_serial_t __user *)buffer;
468 ctx.count = 0;
469 ret = assoc_array_iterate(&keyring->keys, keyring_read_iterator, &ctx);
470 if (ret < 0) {
471 kleave(" = %d [iterate]", ret);
472 return ret;
250 } 473 }
251 474
252error: 475 kleave(" = %zu [ok]", ctx.count);
253 return ret; 476 return ctx.count;
254} 477}
255 478
256/* 479/*
@@ -277,227 +500,361 @@ struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
277} 500}
278EXPORT_SYMBOL(keyring_alloc); 501EXPORT_SYMBOL(keyring_alloc);
279 502
280/** 503/*
281 * keyring_search_aux - Search a keyring tree for a key matching some criteria 504 * Iteration function to consider each key found.
282 * @keyring_ref: A pointer to the keyring with possession indicator.
283 * @cred: The credentials to use for permissions checks.
284 * @type: The type of key to search for.
285 * @description: Parameter for @match.
286 * @match: Function to rule on whether or not a key is the one required.
287 * @no_state_check: Don't check if a matching key is bad
288 *
289 * Search the supplied keyring tree for a key that matches the criteria given.
290 * The root keyring and any linked keyrings must grant Search permission to the
291 * caller to be searchable and keys can only be found if they too grant Search
292 * to the caller. The possession flag on the root keyring pointer controls use
293 * of the possessor bits in permissions checking of the entire tree. In
294 * addition, the LSM gets to forbid keyring searches and key matches.
295 *
296 * The search is performed as a breadth-then-depth search up to the prescribed
297 * limit (KEYRING_SEARCH_MAX_DEPTH).
298 *
299 * Keys are matched to the type provided and are then filtered by the match
300 * function, which is given the description to use in any way it sees fit. The
301 * match function may use any attributes of a key that it wishes to to
302 * determine the match. Normally the match function from the key type would be
303 * used.
304 *
305 * RCU is used to prevent the keyring key lists from disappearing without the
306 * need to take lots of locks.
307 *
308 * Returns a pointer to the found key and increments the key usage count if
309 * successful; -EAGAIN if no matching keys were found, or if expired or revoked
310 * keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the
311 * specified keyring wasn't a keyring.
312 *
313 * In the case of a successful return, the possession attribute from
314 * @keyring_ref is propagated to the returned key reference.
315 */ 505 */
316key_ref_t keyring_search_aux(key_ref_t keyring_ref, 506static int keyring_search_iterator(const void *object, void *iterator_data)
317 const struct cred *cred,
318 struct key_type *type,
319 const void *description,
320 key_match_func_t match,
321 bool no_state_check)
322{ 507{
323 struct { 508 struct keyring_search_context *ctx = iterator_data;
324 /* Need a separate keylist pointer for RCU purposes */ 509 const struct key *key = keyring_ptr_to_key(object);
325 struct key *keyring; 510 unsigned long kflags = key->flags;
326 struct keyring_list *keylist;
327 int kix;
328 } stack[KEYRING_SEARCH_MAX_DEPTH];
329
330 struct keyring_list *keylist;
331 struct timespec now;
332 unsigned long possessed, kflags;
333 struct key *keyring, *key;
334 key_ref_t key_ref;
335 long err;
336 int sp, nkeys, kix;
337 511
338 keyring = key_ref_to_ptr(keyring_ref); 512 kenter("{%d}", key->serial);
339 possessed = is_key_possessed(keyring_ref);
340 key_check(keyring);
341 513
342 /* top keyring must have search permission to begin the search */ 514 /* ignore keys not of this type */
343 err = key_task_permission(keyring_ref, cred, KEY_SEARCH); 515 if (key->type != ctx->index_key.type) {
344 if (err < 0) { 516 kleave(" = 0 [!type]");
345 key_ref = ERR_PTR(err); 517 return 0;
346 goto error;
347 } 518 }
348 519
349 key_ref = ERR_PTR(-ENOTDIR); 520 /* skip invalidated, revoked and expired keys */
350 if (keyring->type != &key_type_keyring) 521 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) {
351 goto error; 522 if (kflags & ((1 << KEY_FLAG_INVALIDATED) |
523 (1 << KEY_FLAG_REVOKED))) {
524 ctx->result = ERR_PTR(-EKEYREVOKED);
525 kleave(" = %d [invrev]", ctx->skipped_ret);
526 goto skipped;
527 }
352 528
353 rcu_read_lock(); 529 if (key->expiry && ctx->now.tv_sec >= key->expiry) {
530 ctx->result = ERR_PTR(-EKEYEXPIRED);
531 kleave(" = %d [expire]", ctx->skipped_ret);
532 goto skipped;
533 }
534 }
354 535
355 now = current_kernel_time(); 536 /* keys that don't match */
356 err = -EAGAIN; 537 if (!ctx->match(key, ctx->match_data)) {
357 sp = 0; 538 kleave(" = 0 [!match]");
358 539 return 0;
359 /* firstly we should check to see if this top-level keyring is what we 540 }
360 * are looking for */
361 key_ref = ERR_PTR(-EAGAIN);
362 kflags = keyring->flags;
363 if (keyring->type == type && match(keyring, description)) {
364 key = keyring;
365 if (no_state_check)
366 goto found;
367 541
368 /* check it isn't negative and hasn't expired or been 542 /* key must have search permissions */
369 * revoked */ 543 if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) &&
370 if (kflags & (1 << KEY_FLAG_REVOKED)) 544 key_task_permission(make_key_ref(key, ctx->possessed),
371 goto error_2; 545 ctx->cred, KEY_SEARCH) < 0) {
372 if (key->expiry && now.tv_sec >= key->expiry) 546 ctx->result = ERR_PTR(-EACCES);
373 goto error_2; 547 kleave(" = %d [!perm]", ctx->skipped_ret);
374 key_ref = ERR_PTR(key->type_data.reject_error); 548 goto skipped;
375 if (kflags & (1 << KEY_FLAG_NEGATIVE))
376 goto error_2;
377 goto found;
378 } 549 }
379 550
380 /* otherwise, the top keyring must not be revoked, expired, or 551 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) {
381 * negatively instantiated if we are to search it */ 552 /* we set a different error code if we pass a negative key */
382 key_ref = ERR_PTR(-EAGAIN); 553 if (kflags & (1 << KEY_FLAG_NEGATIVE)) {
383 if (kflags & ((1 << KEY_FLAG_INVALIDATED) | 554 smp_rmb();
384 (1 << KEY_FLAG_REVOKED) | 555 ctx->result = ERR_PTR(key->type_data.reject_error);
385 (1 << KEY_FLAG_NEGATIVE)) || 556 kleave(" = %d [neg]", ctx->skipped_ret);
386 (keyring->expiry && now.tv_sec >= keyring->expiry)) 557 goto skipped;
387 goto error_2; 558 }
388 559 }
389 /* start processing a new keyring */
390descend:
391 kflags = keyring->flags;
392 if (kflags & ((1 << KEY_FLAG_INVALIDATED) |
393 (1 << KEY_FLAG_REVOKED)))
394 goto not_this_keyring;
395 560
396 keylist = rcu_dereference(keyring->payload.subscriptions); 561 /* Found */
397 if (!keylist) 562 ctx->result = make_key_ref(key, ctx->possessed);
398 goto not_this_keyring; 563 kleave(" = 1 [found]");
564 return 1;
399 565
400 /* iterate through the keys in this keyring first */ 566skipped:
401 nkeys = keylist->nkeys; 567 return ctx->skipped_ret;
402 smp_rmb(); 568}
403 for (kix = 0; kix < nkeys; kix++) {
404 key = rcu_dereference(keylist->keys[kix]);
405 kflags = key->flags;
406 569
407 /* ignore keys not of this type */ 570/*
408 if (key->type != type) 571 * Search inside a keyring for a key. We can search by walking to it
409 continue; 572 * directly based on its index-key or we can iterate over the entire
573 * tree looking for it, based on the match function.
574 */
575static int search_keyring(struct key *keyring, struct keyring_search_context *ctx)
576{
577 if ((ctx->flags & KEYRING_SEARCH_LOOKUP_TYPE) ==
578 KEYRING_SEARCH_LOOKUP_DIRECT) {
579 const void *object;
580
581 object = assoc_array_find(&keyring->keys,
582 &keyring_assoc_array_ops,
583 &ctx->index_key);
584 return object ? ctx->iterator(object, ctx) : 0;
585 }
586 return assoc_array_iterate(&keyring->keys, ctx->iterator, ctx);
587}
410 588
411 /* skip invalidated, revoked and expired keys */ 589/*
412 if (!no_state_check) { 590 * Search a tree of keyrings that point to other keyrings up to the maximum
413 if (kflags & ((1 << KEY_FLAG_INVALIDATED) | 591 * depth.
414 (1 << KEY_FLAG_REVOKED))) 592 */
415 continue; 593static bool search_nested_keyrings(struct key *keyring,
594 struct keyring_search_context *ctx)
595{
596 struct {
597 struct key *keyring;
598 struct assoc_array_node *node;
599 int slot;
600 } stack[KEYRING_SEARCH_MAX_DEPTH];
416 601
417 if (key->expiry && now.tv_sec >= key->expiry) 602 struct assoc_array_shortcut *shortcut;
418 continue; 603 struct assoc_array_node *node;
419 } 604 struct assoc_array_ptr *ptr;
605 struct key *key;
606 int sp = 0, slot;
420 607
421 /* keys that don't match */ 608 kenter("{%d},{%s,%s}",
422 if (!match(key, description)) 609 keyring->serial,
423 continue; 610 ctx->index_key.type->name,
611 ctx->index_key.description);
424 612
425 /* key must have search permissions */ 613 if (ctx->index_key.description)
426 if (key_task_permission(make_key_ref(key, possessed), 614 ctx->index_key.desc_len = strlen(ctx->index_key.description);
427 cred, KEY_SEARCH) < 0)
428 continue;
429 615
430 if (no_state_check) 616 /* Check to see if this top-level keyring is what we are looking for
617 * and whether it is valid or not.
618 */
619 if (ctx->flags & KEYRING_SEARCH_LOOKUP_ITERATE ||
620 keyring_compare_object(keyring, &ctx->index_key)) {
621 ctx->skipped_ret = 2;
622 ctx->flags |= KEYRING_SEARCH_DO_STATE_CHECK;
623 switch (ctx->iterator(keyring_key_to_ptr(keyring), ctx)) {
624 case 1:
431 goto found; 625 goto found;
432 626 case 2:
433 /* we set a different error code if we pass a negative key */ 627 return false;
434 if (kflags & (1 << KEY_FLAG_NEGATIVE)) { 628 default:
435 err = key->type_data.reject_error; 629 break;
436 continue;
437 } 630 }
631 }
632
633 ctx->skipped_ret = 0;
634 if (ctx->flags & KEYRING_SEARCH_NO_STATE_CHECK)
635 ctx->flags &= ~KEYRING_SEARCH_DO_STATE_CHECK;
438 636
637 /* Start processing a new keyring */
638descend_to_keyring:
639 kdebug("descend to %d", keyring->serial);
640 if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) |
641 (1 << KEY_FLAG_REVOKED)))
642 goto not_this_keyring;
643
644 /* Search through the keys in this keyring before its searching its
645 * subtrees.
646 */
647 if (search_keyring(keyring, ctx))
439 goto found; 648 goto found;
440 }
441 649
442 /* search through the keyrings nested in this one */ 650 /* Then manually iterate through the keyrings nested in this one.
443 kix = 0; 651 *
444ascend: 652 * Start from the root node of the index tree. Because of the way the
445 nkeys = keylist->nkeys; 653 * hash function has been set up, keyrings cluster on the leftmost
446 smp_rmb(); 654 * branch of the root node (root slot 0) or in the root node itself.
447 for (; kix < nkeys; kix++) { 655 * Non-keyrings avoid the leftmost branch of the root entirely (root
448 key = rcu_dereference(keylist->keys[kix]); 656 * slots 1-15).
449 if (key->type != &key_type_keyring) 657 */
450 continue; 658 ptr = ACCESS_ONCE(keyring->keys.root);
659 if (!ptr)
660 goto not_this_keyring;
451 661
452 /* recursively search nested keyrings 662 if (assoc_array_ptr_is_shortcut(ptr)) {
453 * - only search keyrings for which we have search permission 663 /* If the root is a shortcut, either the keyring only contains
664 * keyring pointers (everything clusters behind root slot 0) or
665 * doesn't contain any keyring pointers.
454 */ 666 */
455 if (sp >= KEYRING_SEARCH_MAX_DEPTH) 667 shortcut = assoc_array_ptr_to_shortcut(ptr);
668 smp_read_barrier_depends();
669 if ((shortcut->index_key[0] & ASSOC_ARRAY_FAN_MASK) != 0)
670 goto not_this_keyring;
671
672 ptr = ACCESS_ONCE(shortcut->next_node);
673 node = assoc_array_ptr_to_node(ptr);
674 goto begin_node;
675 }
676
677 node = assoc_array_ptr_to_node(ptr);
678 smp_read_barrier_depends();
679
680 ptr = node->slots[0];
681 if (!assoc_array_ptr_is_meta(ptr))
682 goto begin_node;
683
684descend_to_node:
685 /* Descend to a more distal node in this keyring's content tree and go
686 * through that.
687 */
688 kdebug("descend");
689 if (assoc_array_ptr_is_shortcut(ptr)) {
690 shortcut = assoc_array_ptr_to_shortcut(ptr);
691 smp_read_barrier_depends();
692 ptr = ACCESS_ONCE(shortcut->next_node);
693 BUG_ON(!assoc_array_ptr_is_node(ptr));
694 node = assoc_array_ptr_to_node(ptr);
695 }
696
697begin_node:
698 kdebug("begin_node");
699 smp_read_barrier_depends();
700 slot = 0;
701ascend_to_node:
702 /* Go through the slots in a node */
703 for (; slot < ASSOC_ARRAY_FAN_OUT; slot++) {
704 ptr = ACCESS_ONCE(node->slots[slot]);
705
706 if (assoc_array_ptr_is_meta(ptr) && node->back_pointer)
707 goto descend_to_node;
708
709 if (!keyring_ptr_is_keyring(ptr))
456 continue; 710 continue;
457 711
458 if (key_task_permission(make_key_ref(key, possessed), 712 key = keyring_ptr_to_key(ptr);
459 cred, KEY_SEARCH) < 0) 713
714 if (sp >= KEYRING_SEARCH_MAX_DEPTH) {
715 if (ctx->flags & KEYRING_SEARCH_DETECT_TOO_DEEP) {
716 ctx->result = ERR_PTR(-ELOOP);
717 return false;
718 }
719 goto not_this_keyring;
720 }
721
722 /* Search a nested keyring */
723 if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) &&
724 key_task_permission(make_key_ref(key, ctx->possessed),
725 ctx->cred, KEY_SEARCH) < 0)
460 continue; 726 continue;
461 727
462 /* stack the current position */ 728 /* stack the current position */
463 stack[sp].keyring = keyring; 729 stack[sp].keyring = keyring;
464 stack[sp].keylist = keylist; 730 stack[sp].node = node;
465 stack[sp].kix = kix; 731 stack[sp].slot = slot;
466 sp++; 732 sp++;
467 733
468 /* begin again with the new keyring */ 734 /* begin again with the new keyring */
469 keyring = key; 735 keyring = key;
470 goto descend; 736 goto descend_to_keyring;
471 } 737 }
472 738
473 /* the keyring we're looking at was disqualified or didn't contain a 739 /* We've dealt with all the slots in the current node, so now we need
474 * matching key */ 740 * to ascend to the parent and continue processing there.
741 */
742 ptr = ACCESS_ONCE(node->back_pointer);
743 slot = node->parent_slot;
744
745 if (ptr && assoc_array_ptr_is_shortcut(ptr)) {
746 shortcut = assoc_array_ptr_to_shortcut(ptr);
747 smp_read_barrier_depends();
748 ptr = ACCESS_ONCE(shortcut->back_pointer);
749 slot = shortcut->parent_slot;
750 }
751 if (!ptr)
752 goto not_this_keyring;
753 node = assoc_array_ptr_to_node(ptr);
754 smp_read_barrier_depends();
755 slot++;
756
757 /* If we've ascended to the root (zero backpointer), we must have just
758 * finished processing the leftmost branch rather than the root slots -
759 * so there can't be any more keyrings for us to find.
760 */
761 if (node->back_pointer) {
762 kdebug("ascend %d", slot);
763 goto ascend_to_node;
764 }
765
766 /* The keyring we're looking at was disqualified or didn't contain a
767 * matching key.
768 */
475not_this_keyring: 769not_this_keyring:
476 if (sp > 0) { 770 kdebug("not_this_keyring %d", sp);
477 /* resume the processing of a keyring higher up in the tree */ 771 if (sp <= 0) {
478 sp--; 772 kleave(" = false");
479 keyring = stack[sp].keyring; 773 return false;
480 keylist = stack[sp].keylist;
481 kix = stack[sp].kix + 1;
482 goto ascend;
483 } 774 }
484 775
485 key_ref = ERR_PTR(err); 776 /* Resume the processing of a keyring higher up in the tree */
486 goto error_2; 777 sp--;
778 keyring = stack[sp].keyring;
779 node = stack[sp].node;
780 slot = stack[sp].slot + 1;
781 kdebug("ascend to %d [%d]", keyring->serial, slot);
782 goto ascend_to_node;
487 783
488 /* we found a viable match */ 784 /* We found a viable match */
489found: 785found:
490 atomic_inc(&key->usage); 786 key = key_ref_to_ptr(ctx->result);
491 key->last_used_at = now.tv_sec;
492 keyring->last_used_at = now.tv_sec;
493 while (sp > 0)
494 stack[--sp].keyring->last_used_at = now.tv_sec;
495 key_check(key); 787 key_check(key);
496 key_ref = make_key_ref(key, possessed); 788 if (!(ctx->flags & KEYRING_SEARCH_NO_UPDATE_TIME)) {
497error_2: 789 key->last_used_at = ctx->now.tv_sec;
790 keyring->last_used_at = ctx->now.tv_sec;
791 while (sp > 0)
792 stack[--sp].keyring->last_used_at = ctx->now.tv_sec;
793 }
794 kleave(" = true");
795 return true;
796}
797
798/**
799 * keyring_search_aux - Search a keyring tree for a key matching some criteria
800 * @keyring_ref: A pointer to the keyring with possession indicator.
801 * @ctx: The keyring search context.
802 *
803 * Search the supplied keyring tree for a key that matches the criteria given.
804 * The root keyring and any linked keyrings must grant Search permission to the
805 * caller to be searchable and keys can only be found if they too grant Search
806 * to the caller. The possession flag on the root keyring pointer controls use
807 * of the possessor bits in permissions checking of the entire tree. In
808 * addition, the LSM gets to forbid keyring searches and key matches.
809 *
810 * The search is performed as a breadth-then-depth search up to the prescribed
811 * limit (KEYRING_SEARCH_MAX_DEPTH).
812 *
813 * Keys are matched to the type provided and are then filtered by the match
814 * function, which is given the description to use in any way it sees fit. The
815 * match function may use any attributes of a key that it wishes to to
816 * determine the match. Normally the match function from the key type would be
817 * used.
818 *
819 * RCU can be used to prevent the keyring key lists from disappearing without
820 * the need to take lots of locks.
821 *
822 * Returns a pointer to the found key and increments the key usage count if
823 * successful; -EAGAIN if no matching keys were found, or if expired or revoked
824 * keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the
825 * specified keyring wasn't a keyring.
826 *
827 * In the case of a successful return, the possession attribute from
828 * @keyring_ref is propagated to the returned key reference.
829 */
830key_ref_t keyring_search_aux(key_ref_t keyring_ref,
831 struct keyring_search_context *ctx)
832{
833 struct key *keyring;
834 long err;
835
836 ctx->iterator = keyring_search_iterator;
837 ctx->possessed = is_key_possessed(keyring_ref);
838 ctx->result = ERR_PTR(-EAGAIN);
839
840 keyring = key_ref_to_ptr(keyring_ref);
841 key_check(keyring);
842
843 if (keyring->type != &key_type_keyring)
844 return ERR_PTR(-ENOTDIR);
845
846 if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM)) {
847 err = key_task_permission(keyring_ref, ctx->cred, KEY_SEARCH);
848 if (err < 0)
849 return ERR_PTR(err);
850 }
851
852 rcu_read_lock();
853 ctx->now = current_kernel_time();
854 if (search_nested_keyrings(keyring, ctx))
855 __key_get(key_ref_to_ptr(ctx->result));
498 rcu_read_unlock(); 856 rcu_read_unlock();
499error: 857 return ctx->result;
500 return key_ref;
501} 858}
502 859
503/** 860/**
@@ -507,77 +864,73 @@ error:
507 * @description: The name of the keyring we want to find. 864 * @description: The name of the keyring we want to find.
508 * 865 *
509 * As keyring_search_aux() above, but using the current task's credentials and 866 * As keyring_search_aux() above, but using the current task's credentials and
510 * type's default matching function. 867 * type's default matching function and preferred search method.
511 */ 868 */
512key_ref_t keyring_search(key_ref_t keyring, 869key_ref_t keyring_search(key_ref_t keyring,
513 struct key_type *type, 870 struct key_type *type,
514 const char *description) 871 const char *description)
515{ 872{
516 if (!type->match) 873 struct keyring_search_context ctx = {
874 .index_key.type = type,
875 .index_key.description = description,
876 .cred = current_cred(),
877 .match = type->match,
878 .match_data = description,
879 .flags = (type->def_lookup_type |
880 KEYRING_SEARCH_DO_STATE_CHECK),
881 };
882
883 if (!ctx.match)
517 return ERR_PTR(-ENOKEY); 884 return ERR_PTR(-ENOKEY);
518 885
519 return keyring_search_aux(keyring, current->cred, 886 return keyring_search_aux(keyring, &ctx);
520 type, description, type->match, false);
521} 887}
522EXPORT_SYMBOL(keyring_search); 888EXPORT_SYMBOL(keyring_search);
523 889
524/* 890/*
525 * Search the given keyring only (no recursion). 891 * Search the given keyring for a key that might be updated.
526 * 892 *
527 * The caller must guarantee that the keyring is a keyring and that the 893 * The caller must guarantee that the keyring is a keyring and that the
528 * permission is granted to search the keyring as no check is made here. 894 * permission is granted to modify the keyring as no check is made here. The
529 * 895 * caller must also hold a lock on the keyring semaphore.
530 * RCU is used to make it unnecessary to lock the keyring key list here.
531 * 896 *
532 * Returns a pointer to the found key with usage count incremented if 897 * Returns a pointer to the found key with usage count incremented if
533 * successful and returns -ENOKEY if not found. Revoked keys and keys not 898 * successful and returns NULL if not found. Revoked and invalidated keys are
534 * providing the requested permission are skipped over. 899 * skipped over.
535 * 900 *
536 * If successful, the possession indicator is propagated from the keyring ref 901 * If successful, the possession indicator is propagated from the keyring ref
537 * to the returned key reference. 902 * to the returned key reference.
538 */ 903 */
539key_ref_t __keyring_search_one(key_ref_t keyring_ref, 904key_ref_t find_key_to_update(key_ref_t keyring_ref,
540 const struct key_type *ktype, 905 const struct keyring_index_key *index_key)
541 const char *description,
542 key_perm_t perm)
543{ 906{
544 struct keyring_list *klist;
545 unsigned long possessed;
546 struct key *keyring, *key; 907 struct key *keyring, *key;
547 int nkeys, loop; 908 const void *object;
548 909
549 keyring = key_ref_to_ptr(keyring_ref); 910 keyring = key_ref_to_ptr(keyring_ref);
550 possessed = is_key_possessed(keyring_ref);
551 911
552 rcu_read_lock(); 912 kenter("{%d},{%s,%s}",
913 keyring->serial, index_key->type->name, index_key->description);
553 914
554 klist = rcu_dereference(keyring->payload.subscriptions); 915 object = assoc_array_find(&keyring->keys, &keyring_assoc_array_ops,
555 if (klist) { 916 index_key);
556 nkeys = klist->nkeys;
557 smp_rmb();
558 for (loop = 0; loop < nkeys ; loop++) {
559 key = rcu_dereference(klist->keys[loop]);
560 if (key->type == ktype &&
561 (!key->type->match ||
562 key->type->match(key, description)) &&
563 key_permission(make_key_ref(key, possessed),
564 perm) == 0 &&
565 !(key->flags & ((1 << KEY_FLAG_INVALIDATED) |
566 (1 << KEY_FLAG_REVOKED)))
567 )
568 goto found;
569 }
570 }
571 917
572 rcu_read_unlock(); 918 if (object)
573 return ERR_PTR(-ENOKEY); 919 goto found;
920
921 kleave(" = NULL");
922 return NULL;
574 923
575found: 924found:
576 atomic_inc(&key->usage); 925 key = keyring_ptr_to_key(object);
577 keyring->last_used_at = key->last_used_at = 926 if (key->flags & ((1 << KEY_FLAG_INVALIDATED) |
578 current_kernel_time().tv_sec; 927 (1 << KEY_FLAG_REVOKED))) {
579 rcu_read_unlock(); 928 kleave(" = NULL [x]");
580 return make_key_ref(key, possessed); 929 return NULL;
930 }
931 __key_get(key);
932 kleave(" = {%d}", key->serial);
933 return make_key_ref(key, is_key_possessed(keyring_ref));
581} 934}
582 935
583/* 936/*
@@ -640,6 +993,19 @@ out:
640 return keyring; 993 return keyring;
641} 994}
642 995
996static int keyring_detect_cycle_iterator(const void *object,
997 void *iterator_data)
998{
999 struct keyring_search_context *ctx = iterator_data;
1000 const struct key *key = keyring_ptr_to_key(object);
1001
1002 kenter("{%d}", key->serial);
1003
1004 BUG_ON(key != ctx->match_data);
1005 ctx->result = ERR_PTR(-EDEADLK);
1006 return 1;
1007}
1008
643/* 1009/*
644 * See if a cycle will will be created by inserting acyclic tree B in acyclic 1010 * See if a cycle will will be created by inserting acyclic tree B in acyclic
645 * tree A at the topmost level (ie: as a direct child of A). 1011 * tree A at the topmost level (ie: as a direct child of A).
@@ -649,116 +1015,39 @@ out:
649 */ 1015 */
650static int keyring_detect_cycle(struct key *A, struct key *B) 1016static int keyring_detect_cycle(struct key *A, struct key *B)
651{ 1017{
652 struct { 1018 struct keyring_search_context ctx = {
653 struct keyring_list *keylist; 1019 .index_key = A->index_key,
654 int kix; 1020 .match_data = A,
655 } stack[KEYRING_SEARCH_MAX_DEPTH]; 1021 .iterator = keyring_detect_cycle_iterator,
656 1022 .flags = (KEYRING_SEARCH_LOOKUP_DIRECT |
657 struct keyring_list *keylist; 1023 KEYRING_SEARCH_NO_STATE_CHECK |
658 struct key *subtree, *key; 1024 KEYRING_SEARCH_NO_UPDATE_TIME |
659 int sp, nkeys, kix, ret; 1025 KEYRING_SEARCH_NO_CHECK_PERM |
1026 KEYRING_SEARCH_DETECT_TOO_DEEP),
1027 };
660 1028
661 rcu_read_lock(); 1029 rcu_read_lock();
662 1030 search_nested_keyrings(B, &ctx);
663 ret = -EDEADLK;
664 if (A == B)
665 goto cycle_detected;
666
667 subtree = B;
668 sp = 0;
669
670 /* start processing a new keyring */
671descend:
672 if (test_bit(KEY_FLAG_REVOKED, &subtree->flags))
673 goto not_this_keyring;
674
675 keylist = rcu_dereference(subtree->payload.subscriptions);
676 if (!keylist)
677 goto not_this_keyring;
678 kix = 0;
679
680ascend:
681 /* iterate through the remaining keys in this keyring */
682 nkeys = keylist->nkeys;
683 smp_rmb();
684 for (; kix < nkeys; kix++) {
685 key = rcu_dereference(keylist->keys[kix]);
686
687 if (key == A)
688 goto cycle_detected;
689
690 /* recursively check nested keyrings */
691 if (key->type == &key_type_keyring) {
692 if (sp >= KEYRING_SEARCH_MAX_DEPTH)
693 goto too_deep;
694
695 /* stack the current position */
696 stack[sp].keylist = keylist;
697 stack[sp].kix = kix;
698 sp++;
699
700 /* begin again with the new keyring */
701 subtree = key;
702 goto descend;
703 }
704 }
705
706 /* the keyring we're looking at was disqualified or didn't contain a
707 * matching key */
708not_this_keyring:
709 if (sp > 0) {
710 /* resume the checking of a keyring higher up in the tree */
711 sp--;
712 keylist = stack[sp].keylist;
713 kix = stack[sp].kix + 1;
714 goto ascend;
715 }
716
717 ret = 0; /* no cycles detected */
718
719error:
720 rcu_read_unlock(); 1031 rcu_read_unlock();
721 return ret; 1032 return PTR_ERR(ctx.result) == -EAGAIN ? 0 : PTR_ERR(ctx.result);
722
723too_deep:
724 ret = -ELOOP;
725 goto error;
726
727cycle_detected:
728 ret = -EDEADLK;
729 goto error;
730}
731
732/*
733 * Dispose of a keyring list after the RCU grace period, freeing the unlinked
734 * key
735 */
736static void keyring_unlink_rcu_disposal(struct rcu_head *rcu)
737{
738 struct keyring_list *klist =
739 container_of(rcu, struct keyring_list, rcu);
740
741 if (klist->delkey != USHRT_MAX)
742 key_put(rcu_access_pointer(klist->keys[klist->delkey]));
743 kfree(klist);
744} 1033}
745 1034
746/* 1035/*
747 * Preallocate memory so that a key can be linked into to a keyring. 1036 * Preallocate memory so that a key can be linked into to a keyring.
748 */ 1037 */
749int __key_link_begin(struct key *keyring, const struct key_type *type, 1038int __key_link_begin(struct key *keyring,
750 const char *description, unsigned long *_prealloc) 1039 const struct keyring_index_key *index_key,
1040 struct assoc_array_edit **_edit)
751 __acquires(&keyring->sem) 1041 __acquires(&keyring->sem)
752 __acquires(&keyring_serialise_link_sem) 1042 __acquires(&keyring_serialise_link_sem)
753{ 1043{
754 struct keyring_list *klist, *nklist; 1044 struct assoc_array_edit *edit;
755 unsigned long prealloc; 1045 int ret;
756 unsigned max; 1046
757 time_t lowest_lru; 1047 kenter("%d,%s,%s,",
758 size_t size; 1048 keyring->serial, index_key->type->name, index_key->description);
759 int loop, lru, ret;
760 1049
761 kenter("%d,%s,%s,", key_serial(keyring), type->name, description); 1050 BUG_ON(index_key->desc_len == 0);
762 1051
763 if (keyring->type != &key_type_keyring) 1052 if (keyring->type != &key_type_keyring)
764 return -ENOTDIR; 1053 return -ENOTDIR;
@@ -771,100 +1060,39 @@ int __key_link_begin(struct key *keyring, const struct key_type *type,
771 1060
772 /* serialise link/link calls to prevent parallel calls causing a cycle 1061 /* serialise link/link calls to prevent parallel calls causing a cycle
773 * when linking two keyring in opposite orders */ 1062 * when linking two keyring in opposite orders */
774 if (type == &key_type_keyring) 1063 if (index_key->type == &key_type_keyring)
775 down_write(&keyring_serialise_link_sem); 1064 down_write(&keyring_serialise_link_sem);
776 1065
777 klist = rcu_dereference_locked_keyring(keyring); 1066 /* Create an edit script that will insert/replace the key in the
778 1067 * keyring tree.
779 /* see if there's a matching key we can displace */ 1068 */
780 lru = -1; 1069 edit = assoc_array_insert(&keyring->keys,
781 if (klist && klist->nkeys > 0) { 1070 &keyring_assoc_array_ops,
782 lowest_lru = TIME_T_MAX; 1071 index_key,
783 for (loop = klist->nkeys - 1; loop >= 0; loop--) { 1072 NULL);
784 struct key *key = rcu_deref_link_locked(klist, loop, 1073 if (IS_ERR(edit)) {
785 keyring); 1074 ret = PTR_ERR(edit);
786 if (key->type == type &&
787 strcmp(key->description, description) == 0) {
788 /* Found a match - we'll replace the link with
789 * one to the new key. We record the slot
790 * position.
791 */
792 klist->delkey = loop;
793 prealloc = 0;
794 goto done;
795 }
796 if (key->last_used_at < lowest_lru) {
797 lowest_lru = key->last_used_at;
798 lru = loop;
799 }
800 }
801 }
802
803 /* If the keyring is full then do an LRU discard */
804 if (klist &&
805 klist->nkeys == klist->maxkeys &&
806 klist->maxkeys >= MAX_KEYRING_LINKS) {
807 kdebug("LRU discard %d\n", lru);
808 klist->delkey = lru;
809 prealloc = 0;
810 goto done;
811 }
812
813 /* check that we aren't going to overrun the user's quota */
814 ret = key_payload_reserve(keyring,
815 keyring->datalen + KEYQUOTA_LINK_BYTES);
816 if (ret < 0)
817 goto error_sem; 1075 goto error_sem;
1076 }
818 1077
819 if (klist && klist->nkeys < klist->maxkeys) { 1078 /* If we're not replacing a link in-place then we're going to need some
820 /* there's sufficient slack space to append directly */ 1079 * extra quota.
821 klist->delkey = klist->nkeys; 1080 */
822 prealloc = KEY_LINK_FIXQUOTA; 1081 if (!edit->dead_leaf) {
823 } else { 1082 ret = key_payload_reserve(keyring,
824 /* grow the key list */ 1083 keyring->datalen + KEYQUOTA_LINK_BYTES);
825 max = 4; 1084 if (ret < 0)
826 if (klist) { 1085 goto error_cancel;
827 max += klist->maxkeys;
828 if (max > MAX_KEYRING_LINKS)
829 max = MAX_KEYRING_LINKS;
830 BUG_ON(max <= klist->maxkeys);
831 }
832
833 size = sizeof(*klist) + sizeof(struct key *) * max;
834
835 ret = -ENOMEM;
836 nklist = kmalloc(size, GFP_KERNEL);
837 if (!nklist)
838 goto error_quota;
839
840 nklist->maxkeys = max;
841 if (klist) {
842 memcpy(nklist->keys, klist->keys,
843 sizeof(struct key *) * klist->nkeys);
844 nklist->delkey = klist->nkeys;
845 nklist->nkeys = klist->nkeys + 1;
846 klist->delkey = USHRT_MAX;
847 } else {
848 nklist->nkeys = 1;
849 nklist->delkey = 0;
850 }
851
852 /* add the key into the new space */
853 RCU_INIT_POINTER(nklist->keys[nklist->delkey], NULL);
854 prealloc = (unsigned long)nklist | KEY_LINK_FIXQUOTA;
855 } 1086 }
856 1087
857done: 1088 *_edit = edit;
858 *_prealloc = prealloc;
859 kleave(" = 0"); 1089 kleave(" = 0");
860 return 0; 1090 return 0;
861 1091
862error_quota: 1092error_cancel:
863 /* undo the quota changes */ 1093 assoc_array_cancel_edit(edit);
864 key_payload_reserve(keyring,
865 keyring->datalen - KEYQUOTA_LINK_BYTES);
866error_sem: 1094error_sem:
867 if (type == &key_type_keyring) 1095 if (index_key->type == &key_type_keyring)
868 up_write(&keyring_serialise_link_sem); 1096 up_write(&keyring_serialise_link_sem);
869error_krsem: 1097error_krsem:
870 up_write(&keyring->sem); 1098 up_write(&keyring->sem);
@@ -895,60 +1123,12 @@ int __key_link_check_live_key(struct key *keyring, struct key *key)
895 * holds at most one link to any given key of a particular type+description 1123 * holds at most one link to any given key of a particular type+description
896 * combination. 1124 * combination.
897 */ 1125 */
898void __key_link(struct key *keyring, struct key *key, 1126void __key_link(struct key *key, struct assoc_array_edit **_edit)
899 unsigned long *_prealloc)
900{ 1127{
901 struct keyring_list *klist, *nklist; 1128 __key_get(key);
902 struct key *discard; 1129 assoc_array_insert_set_object(*_edit, keyring_key_to_ptr(key));
903 1130 assoc_array_apply_edit(*_edit);
904 nklist = (struct keyring_list *)(*_prealloc & ~KEY_LINK_FIXQUOTA); 1131 *_edit = NULL;
905 *_prealloc = 0;
906
907 kenter("%d,%d,%p", keyring->serial, key->serial, nklist);
908
909 klist = rcu_dereference_locked_keyring(keyring);
910
911 atomic_inc(&key->usage);
912 keyring->last_used_at = key->last_used_at =
913 current_kernel_time().tv_sec;
914
915 /* there's a matching key we can displace or an empty slot in a newly
916 * allocated list we can fill */
917 if (nklist) {
918 kdebug("reissue %hu/%hu/%hu",
919 nklist->delkey, nklist->nkeys, nklist->maxkeys);
920
921 RCU_INIT_POINTER(nklist->keys[nklist->delkey], key);
922
923 rcu_assign_pointer(keyring->payload.subscriptions, nklist);
924
925 /* dispose of the old keyring list and, if there was one, the
926 * displaced key */
927 if (klist) {
928 kdebug("dispose %hu/%hu/%hu",
929 klist->delkey, klist->nkeys, klist->maxkeys);
930 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
931 }
932 } else if (klist->delkey < klist->nkeys) {
933 kdebug("replace %hu/%hu/%hu",
934 klist->delkey, klist->nkeys, klist->maxkeys);
935
936 discard = rcu_dereference_protected(
937 klist->keys[klist->delkey],
938 rwsem_is_locked(&keyring->sem));
939 rcu_assign_pointer(klist->keys[klist->delkey], key);
940 /* The garbage collector will take care of RCU
941 * synchronisation */
942 key_put(discard);
943 } else {
944 /* there's sufficient slack space to append directly */
945 kdebug("append %hu/%hu/%hu",
946 klist->delkey, klist->nkeys, klist->maxkeys);
947
948 RCU_INIT_POINTER(klist->keys[klist->delkey], key);
949 smp_wmb();
950 klist->nkeys++;
951 }
952} 1132}
953 1133
954/* 1134/*
@@ -956,24 +1136,22 @@ void __key_link(struct key *keyring, struct key *key,
956 * 1136 *
957 * Must be called with __key_link_begin() having being called. 1137 * Must be called with __key_link_begin() having being called.
958 */ 1138 */
959void __key_link_end(struct key *keyring, struct key_type *type, 1139void __key_link_end(struct key *keyring,
960 unsigned long prealloc) 1140 const struct keyring_index_key *index_key,
1141 struct assoc_array_edit *edit)
961 __releases(&keyring->sem) 1142 __releases(&keyring->sem)
962 __releases(&keyring_serialise_link_sem) 1143 __releases(&keyring_serialise_link_sem)
963{ 1144{
964 BUG_ON(type == NULL); 1145 BUG_ON(index_key->type == NULL);
965 BUG_ON(type->name == NULL); 1146 kenter("%d,%s,", keyring->serial, index_key->type->name);
966 kenter("%d,%s,%lx", keyring->serial, type->name, prealloc);
967 1147
968 if (type == &key_type_keyring) 1148 if (index_key->type == &key_type_keyring)
969 up_write(&keyring_serialise_link_sem); 1149 up_write(&keyring_serialise_link_sem);
970 1150
971 if (prealloc) { 1151 if (edit && !edit->dead_leaf) {
972 if (prealloc & KEY_LINK_FIXQUOTA) 1152 key_payload_reserve(keyring,
973 key_payload_reserve(keyring, 1153 keyring->datalen - KEYQUOTA_LINK_BYTES);
974 keyring->datalen - 1154 assoc_array_cancel_edit(edit);
975 KEYQUOTA_LINK_BYTES);
976 kfree((struct keyring_list *)(prealloc & ~KEY_LINK_FIXQUOTA));
977 } 1155 }
978 up_write(&keyring->sem); 1156 up_write(&keyring->sem);
979} 1157}
@@ -1000,20 +1178,28 @@ void __key_link_end(struct key *keyring, struct key_type *type,
1000 */ 1178 */
1001int key_link(struct key *keyring, struct key *key) 1179int key_link(struct key *keyring, struct key *key)
1002{ 1180{
1003 unsigned long prealloc; 1181 struct assoc_array_edit *edit;
1004 int ret; 1182 int ret;
1005 1183
1184 kenter("{%d,%d}", keyring->serial, atomic_read(&keyring->usage));
1185
1006 key_check(keyring); 1186 key_check(keyring);
1007 key_check(key); 1187 key_check(key);
1008 1188
1009 ret = __key_link_begin(keyring, key->type, key->description, &prealloc); 1189 if (test_bit(KEY_FLAG_TRUSTED_ONLY, &keyring->flags) &&
1190 !test_bit(KEY_FLAG_TRUSTED, &key->flags))
1191 return -EPERM;
1192
1193 ret = __key_link_begin(keyring, &key->index_key, &edit);
1010 if (ret == 0) { 1194 if (ret == 0) {
1195 kdebug("begun {%d,%d}", keyring->serial, atomic_read(&keyring->usage));
1011 ret = __key_link_check_live_key(keyring, key); 1196 ret = __key_link_check_live_key(keyring, key);
1012 if (ret == 0) 1197 if (ret == 0)
1013 __key_link(keyring, key, &prealloc); 1198 __key_link(key, &edit);
1014 __key_link_end(keyring, key->type, prealloc); 1199 __key_link_end(keyring, &key->index_key, edit);
1015 } 1200 }
1016 1201
1202 kleave(" = %d {%d,%d}", ret, keyring->serial, atomic_read(&keyring->usage));
1017 return ret; 1203 return ret;
1018} 1204}
1019EXPORT_SYMBOL(key_link); 1205EXPORT_SYMBOL(key_link);
@@ -1037,90 +1223,37 @@ EXPORT_SYMBOL(key_link);
1037 */ 1223 */
1038int key_unlink(struct key *keyring, struct key *key) 1224int key_unlink(struct key *keyring, struct key *key)
1039{ 1225{
1040 struct keyring_list *klist, *nklist; 1226 struct assoc_array_edit *edit;
1041 int loop, ret; 1227 int ret;
1042 1228
1043 key_check(keyring); 1229 key_check(keyring);
1044 key_check(key); 1230 key_check(key);
1045 1231
1046 ret = -ENOTDIR;
1047 if (keyring->type != &key_type_keyring) 1232 if (keyring->type != &key_type_keyring)
1048 goto error; 1233 return -ENOTDIR;
1049 1234
1050 down_write(&keyring->sem); 1235 down_write(&keyring->sem);
1051 1236
1052 klist = rcu_dereference_locked_keyring(keyring); 1237 edit = assoc_array_delete(&keyring->keys, &keyring_assoc_array_ops,
1053 if (klist) { 1238 &key->index_key);
1054 /* search the keyring for the key */ 1239 if (IS_ERR(edit)) {
1055 for (loop = 0; loop < klist->nkeys; loop++) 1240 ret = PTR_ERR(edit);
1056 if (rcu_access_pointer(klist->keys[loop]) == key) 1241 goto error;
1057 goto key_is_present;
1058 } 1242 }
1059
1060 up_write(&keyring->sem);
1061 ret = -ENOENT; 1243 ret = -ENOENT;
1062 goto error; 1244 if (edit == NULL)
1063 1245 goto error;
1064key_is_present:
1065 /* we need to copy the key list for RCU purposes */
1066 nklist = kmalloc(sizeof(*klist) +
1067 sizeof(struct key *) * klist->maxkeys,
1068 GFP_KERNEL);
1069 if (!nklist)
1070 goto nomem;
1071 nklist->maxkeys = klist->maxkeys;
1072 nklist->nkeys = klist->nkeys - 1;
1073
1074 if (loop > 0)
1075 memcpy(&nklist->keys[0],
1076 &klist->keys[0],
1077 loop * sizeof(struct key *));
1078
1079 if (loop < nklist->nkeys)
1080 memcpy(&nklist->keys[loop],
1081 &klist->keys[loop + 1],
1082 (nklist->nkeys - loop) * sizeof(struct key *));
1083
1084 /* adjust the user's quota */
1085 key_payload_reserve(keyring,
1086 keyring->datalen - KEYQUOTA_LINK_BYTES);
1087
1088 rcu_assign_pointer(keyring->payload.subscriptions, nklist);
1089
1090 up_write(&keyring->sem);
1091
1092 /* schedule for later cleanup */
1093 klist->delkey = loop;
1094 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
1095 1246
1247 assoc_array_apply_edit(edit);
1248 key_payload_reserve(keyring, keyring->datalen - KEYQUOTA_LINK_BYTES);
1096 ret = 0; 1249 ret = 0;
1097 1250
1098error: 1251error:
1099 return ret;
1100nomem:
1101 ret = -ENOMEM;
1102 up_write(&keyring->sem); 1252 up_write(&keyring->sem);
1103 goto error; 1253 return ret;
1104} 1254}
1105EXPORT_SYMBOL(key_unlink); 1255EXPORT_SYMBOL(key_unlink);
1106 1256
1107/*
1108 * Dispose of a keyring list after the RCU grace period, releasing the keys it
1109 * links to.
1110 */
1111static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
1112{
1113 struct keyring_list *klist;
1114 int loop;
1115
1116 klist = container_of(rcu, struct keyring_list, rcu);
1117
1118 for (loop = klist->nkeys - 1; loop >= 0; loop--)
1119 key_put(rcu_access_pointer(klist->keys[loop]));
1120
1121 kfree(klist);
1122}
1123
1124/** 1257/**
1125 * keyring_clear - Clear a keyring 1258 * keyring_clear - Clear a keyring
1126 * @keyring: The keyring to clear. 1259 * @keyring: The keyring to clear.
@@ -1131,33 +1264,25 @@ static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
1131 */ 1264 */
1132int keyring_clear(struct key *keyring) 1265int keyring_clear(struct key *keyring)
1133{ 1266{
1134 struct keyring_list *klist; 1267 struct assoc_array_edit *edit;
1135 int ret; 1268 int ret;
1136 1269
1137 ret = -ENOTDIR; 1270 if (keyring->type != &key_type_keyring)
1138 if (keyring->type == &key_type_keyring) { 1271 return -ENOTDIR;
1139 /* detach the pointer block with the locks held */
1140 down_write(&keyring->sem);
1141
1142 klist = rcu_dereference_locked_keyring(keyring);
1143 if (klist) {
1144 /* adjust the quota */
1145 key_payload_reserve(keyring,
1146 sizeof(struct keyring_list));
1147
1148 rcu_assign_pointer(keyring->payload.subscriptions,
1149 NULL);
1150 }
1151
1152 up_write(&keyring->sem);
1153 1272
1154 /* free the keys after the locks have been dropped */ 1273 down_write(&keyring->sem);
1155 if (klist)
1156 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1157 1274
1275 edit = assoc_array_clear(&keyring->keys, &keyring_assoc_array_ops);
1276 if (IS_ERR(edit)) {
1277 ret = PTR_ERR(edit);
1278 } else {
1279 if (edit)
1280 assoc_array_apply_edit(edit);
1281 key_payload_reserve(keyring, 0);
1158 ret = 0; 1282 ret = 0;
1159 } 1283 }
1160 1284
1285 up_write(&keyring->sem);
1161 return ret; 1286 return ret;
1162} 1287}
1163EXPORT_SYMBOL(keyring_clear); 1288EXPORT_SYMBOL(keyring_clear);
@@ -1169,111 +1294,68 @@ EXPORT_SYMBOL(keyring_clear);
1169 */ 1294 */
1170static void keyring_revoke(struct key *keyring) 1295static void keyring_revoke(struct key *keyring)
1171{ 1296{
1172 struct keyring_list *klist; 1297 struct assoc_array_edit *edit;
1298
1299 edit = assoc_array_clear(&keyring->keys, &keyring_assoc_array_ops);
1300 if (!IS_ERR(edit)) {
1301 if (edit)
1302 assoc_array_apply_edit(edit);
1303 key_payload_reserve(keyring, 0);
1304 }
1305}
1306
1307static bool keyring_gc_select_iterator(void *object, void *iterator_data)
1308{
1309 struct key *key = keyring_ptr_to_key(object);
1310 time_t *limit = iterator_data;
1173 1311
1174 klist = rcu_dereference_locked_keyring(keyring); 1312 if (key_is_dead(key, *limit))
1313 return false;
1314 key_get(key);
1315 return true;
1316}
1175 1317
1176 /* adjust the quota */ 1318static int keyring_gc_check_iterator(const void *object, void *iterator_data)
1177 key_payload_reserve(keyring, 0); 1319{
1320 const struct key *key = keyring_ptr_to_key(object);
1321 time_t *limit = iterator_data;
1178 1322
1179 if (klist) { 1323 key_check(key);
1180 rcu_assign_pointer(keyring->payload.subscriptions, NULL); 1324 return key_is_dead(key, *limit);
1181 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1182 }
1183} 1325}
1184 1326
1185/* 1327/*
1186 * Collect garbage from the contents of a keyring, replacing the old list with 1328 * Garbage collect pointers from a keyring.
1187 * a new one with the pointers all shuffled down.
1188 * 1329 *
1189 * Dead keys are classed as oned that are flagged as being dead or are revoked, 1330 * Not called with any locks held. The keyring's key struct will not be
1190 * expired or negative keys that were revoked or expired before the specified 1331 * deallocated under us as only our caller may deallocate it.
1191 * limit.
1192 */ 1332 */
1193void keyring_gc(struct key *keyring, time_t limit) 1333void keyring_gc(struct key *keyring, time_t limit)
1194{ 1334{
1195 struct keyring_list *klist, *new; 1335 int result;
1196 struct key *key;
1197 int loop, keep, max;
1198
1199 kenter("{%x,%s}", key_serial(keyring), keyring->description);
1200
1201 down_write(&keyring->sem);
1202
1203 klist = rcu_dereference_locked_keyring(keyring);
1204 if (!klist)
1205 goto no_klist;
1206
1207 /* work out how many subscriptions we're keeping */
1208 keep = 0;
1209 for (loop = klist->nkeys - 1; loop >= 0; loop--)
1210 if (!key_is_dead(rcu_deref_link_locked(klist, loop, keyring),
1211 limit))
1212 keep++;
1213
1214 if (keep == klist->nkeys)
1215 goto just_return;
1216
1217 /* allocate a new keyring payload */
1218 max = roundup(keep, 4);
1219 new = kmalloc(sizeof(struct keyring_list) + max * sizeof(struct key *),
1220 GFP_KERNEL);
1221 if (!new)
1222 goto nomem;
1223 new->maxkeys = max;
1224 new->nkeys = 0;
1225 new->delkey = 0;
1226
1227 /* install the live keys
1228 * - must take care as expired keys may be updated back to life
1229 */
1230 keep = 0;
1231 for (loop = klist->nkeys - 1; loop >= 0; loop--) {
1232 key = rcu_deref_link_locked(klist, loop, keyring);
1233 if (!key_is_dead(key, limit)) {
1234 if (keep >= max)
1235 goto discard_new;
1236 RCU_INIT_POINTER(new->keys[keep++], key_get(key));
1237 }
1238 }
1239 new->nkeys = keep;
1240
1241 /* adjust the quota */
1242 key_payload_reserve(keyring,
1243 sizeof(struct keyring_list) +
1244 KEYQUOTA_LINK_BYTES * keep);
1245 1336
1246 if (keep == 0) { 1337 kenter("%x{%s}", keyring->serial, keyring->description ?: "");
1247 rcu_assign_pointer(keyring->payload.subscriptions, NULL);
1248 kfree(new);
1249 } else {
1250 rcu_assign_pointer(keyring->payload.subscriptions, new);
1251 }
1252 1338
1253 up_write(&keyring->sem); 1339 if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) |
1340 (1 << KEY_FLAG_REVOKED)))
1341 goto dont_gc;
1254 1342
1255 call_rcu(&klist->rcu, keyring_clear_rcu_disposal); 1343 /* scan the keyring looking for dead keys */
1256 kleave(" [yes]"); 1344 rcu_read_lock();
1257 return; 1345 result = assoc_array_iterate(&keyring->keys,
1258 1346 keyring_gc_check_iterator, &limit);
1259discard_new: 1347 rcu_read_unlock();
1260 new->nkeys = keep; 1348 if (result == true)
1261 keyring_clear_rcu_disposal(&new->rcu); 1349 goto do_gc;
1262 up_write(&keyring->sem);
1263 kleave(" [discard]");
1264 return;
1265
1266just_return:
1267 up_write(&keyring->sem);
1268 kleave(" [no dead]");
1269 return;
1270 1350
1271no_klist: 1351dont_gc:
1272 up_write(&keyring->sem); 1352 kleave(" [no gc]");
1273 kleave(" [no_klist]");
1274 return; 1353 return;
1275 1354
1276nomem: 1355do_gc:
1356 down_write(&keyring->sem);
1357 assoc_array_gc(&keyring->keys, &keyring_assoc_array_ops,
1358 keyring_gc_select_iterator, &limit);
1277 up_write(&keyring->sem); 1359 up_write(&keyring->sem);
1278 kleave(" [oom]"); 1360 kleave(" [gc]");
1279} 1361}
diff --git a/security/keys/persistent.c b/security/keys/persistent.c
new file mode 100644
index 000000000000..0ad3ee283781
--- /dev/null
+++ b/security/keys/persistent.c
@@ -0,0 +1,167 @@
1/* General persistent per-UID keyrings register
2 *
3 * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#include <linux/user_namespace.h>
13#include "internal.h"
14
15unsigned persistent_keyring_expiry = 3 * 24 * 3600; /* Expire after 3 days of non-use */
16
17/*
18 * Create the persistent keyring register for the current user namespace.
19 *
20 * Called with the namespace's sem locked for writing.
21 */
22static int key_create_persistent_register(struct user_namespace *ns)
23{
24 struct key *reg = keyring_alloc(".persistent_register",
25 KUIDT_INIT(0), KGIDT_INIT(0),
26 current_cred(),
27 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
28 KEY_USR_VIEW | KEY_USR_READ),
29 KEY_ALLOC_NOT_IN_QUOTA, NULL);
30 if (IS_ERR(reg))
31 return PTR_ERR(reg);
32
33 ns->persistent_keyring_register = reg;
34 return 0;
35}
36
37/*
38 * Create the persistent keyring for the specified user.
39 *
40 * Called with the namespace's sem locked for writing.
41 */
42static key_ref_t key_create_persistent(struct user_namespace *ns, kuid_t uid,
43 struct keyring_index_key *index_key)
44{
45 struct key *persistent;
46 key_ref_t reg_ref, persistent_ref;
47
48 if (!ns->persistent_keyring_register) {
49 long err = key_create_persistent_register(ns);
50 if (err < 0)
51 return ERR_PTR(err);
52 } else {
53 reg_ref = make_key_ref(ns->persistent_keyring_register, true);
54 persistent_ref = find_key_to_update(reg_ref, index_key);
55 if (persistent_ref)
56 return persistent_ref;
57 }
58
59 persistent = keyring_alloc(index_key->description,
60 uid, INVALID_GID, current_cred(),
61 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
62 KEY_USR_VIEW | KEY_USR_READ),
63 KEY_ALLOC_NOT_IN_QUOTA,
64 ns->persistent_keyring_register);
65 if (IS_ERR(persistent))
66 return ERR_CAST(persistent);
67
68 return make_key_ref(persistent, true);
69}
70
71/*
72 * Get the persistent keyring for a specific UID and link it to the nominated
73 * keyring.
74 */
75static long key_get_persistent(struct user_namespace *ns, kuid_t uid,
76 key_ref_t dest_ref)
77{
78 struct keyring_index_key index_key;
79 struct key *persistent;
80 key_ref_t reg_ref, persistent_ref;
81 char buf[32];
82 long ret;
83
84 /* Look in the register if it exists */
85 index_key.type = &key_type_keyring;
86 index_key.description = buf;
87 index_key.desc_len = sprintf(buf, "_persistent.%u", from_kuid(ns, uid));
88
89 if (ns->persistent_keyring_register) {
90 reg_ref = make_key_ref(ns->persistent_keyring_register, true);
91 down_read(&ns->persistent_keyring_register_sem);
92 persistent_ref = find_key_to_update(reg_ref, &index_key);
93 up_read(&ns->persistent_keyring_register_sem);
94
95 if (persistent_ref)
96 goto found;
97 }
98
99 /* It wasn't in the register, so we'll need to create it. We might
100 * also need to create the register.
101 */
102 down_write(&ns->persistent_keyring_register_sem);
103 persistent_ref = key_create_persistent(ns, uid, &index_key);
104 up_write(&ns->persistent_keyring_register_sem);
105 if (!IS_ERR(persistent_ref))
106 goto found;
107
108 return PTR_ERR(persistent_ref);
109
110found:
111 ret = key_task_permission(persistent_ref, current_cred(), KEY_LINK);
112 if (ret == 0) {
113 persistent = key_ref_to_ptr(persistent_ref);
114 ret = key_link(key_ref_to_ptr(dest_ref), persistent);
115 if (ret == 0) {
116 key_set_timeout(persistent, persistent_keyring_expiry);
117 ret = persistent->serial;
118 }
119 }
120
121 key_ref_put(persistent_ref);
122 return ret;
123}
124
125/*
126 * Get the persistent keyring for a specific UID and link it to the nominated
127 * keyring.
128 */
129long keyctl_get_persistent(uid_t _uid, key_serial_t destid)
130{
131 struct user_namespace *ns = current_user_ns();
132 key_ref_t dest_ref;
133 kuid_t uid;
134 long ret;
135
136 /* -1 indicates the current user */
137 if (_uid == (uid_t)-1) {
138 uid = current_uid();
139 } else {
140 uid = make_kuid(ns, _uid);
141 if (!uid_valid(uid))
142 return -EINVAL;
143
144 /* You can only see your own persistent cache if you're not
145 * sufficiently privileged.
146 */
147 if (!uid_eq(uid, current_uid()) &&
148 !uid_eq(uid, current_euid()) &&
149 !ns_capable(ns, CAP_SETUID))
150 return -EPERM;
151 }
152
153 /* There must be a destination keyring */
154 dest_ref = lookup_user_key(destid, KEY_LOOKUP_CREATE, KEY_WRITE);
155 if (IS_ERR(dest_ref))
156 return PTR_ERR(dest_ref);
157 if (key_ref_to_ptr(dest_ref)->type != &key_type_keyring) {
158 ret = -ENOTDIR;
159 goto out_put_dest;
160 }
161
162 ret = key_get_persistent(ns, uid, dest_ref);
163
164out_put_dest:
165 key_ref_put(dest_ref);
166 return ret;
167}
diff --git a/security/keys/proc.c b/security/keys/proc.c
index 217b6855e815..88e9a466940f 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -182,7 +182,6 @@ static void proc_keys_stop(struct seq_file *p, void *v)
182 182
183static int proc_keys_show(struct seq_file *m, void *v) 183static int proc_keys_show(struct seq_file *m, void *v)
184{ 184{
185 const struct cred *cred = current_cred();
186 struct rb_node *_p = v; 185 struct rb_node *_p = v;
187 struct key *key = rb_entry(_p, struct key, serial_node); 186 struct key *key = rb_entry(_p, struct key, serial_node);
188 struct timespec now; 187 struct timespec now;
@@ -191,15 +190,23 @@ static int proc_keys_show(struct seq_file *m, void *v)
191 char xbuf[12]; 190 char xbuf[12];
192 int rc; 191 int rc;
193 192
193 struct keyring_search_context ctx = {
194 .index_key.type = key->type,
195 .index_key.description = key->description,
196 .cred = current_cred(),
197 .match = lookup_user_key_possessed,
198 .match_data = key,
199 .flags = (KEYRING_SEARCH_NO_STATE_CHECK |
200 KEYRING_SEARCH_LOOKUP_DIRECT),
201 };
202
194 key_ref = make_key_ref(key, 0); 203 key_ref = make_key_ref(key, 0);
195 204
196 /* determine if the key is possessed by this process (a test we can 205 /* determine if the key is possessed by this process (a test we can
197 * skip if the key does not indicate the possessor can view it 206 * skip if the key does not indicate the possessor can view it
198 */ 207 */
199 if (key->perm & KEY_POS_VIEW) { 208 if (key->perm & KEY_POS_VIEW) {
200 skey_ref = search_my_process_keyrings(key->type, key, 209 skey_ref = search_my_process_keyrings(&ctx);
201 lookup_user_key_possessed,
202 true, cred);
203 if (!IS_ERR(skey_ref)) { 210 if (!IS_ERR(skey_ref)) {
204 key_ref_put(skey_ref); 211 key_ref_put(skey_ref);
205 key_ref = make_key_ref(key, 1); 212 key_ref = make_key_ref(key, 1);
@@ -211,7 +218,7 @@ static int proc_keys_show(struct seq_file *m, void *v)
211 * - the caller holds a spinlock, and thus the RCU read lock, making our 218 * - the caller holds a spinlock, and thus the RCU read lock, making our
212 * access to __current_cred() safe 219 * access to __current_cred() safe
213 */ 220 */
214 rc = key_task_permission(key_ref, cred, KEY_VIEW); 221 rc = key_task_permission(key_ref, ctx.cred, KEY_VIEW);
215 if (rc < 0) 222 if (rc < 0)
216 return 0; 223 return 0;
217 224
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 42defae1e161..0cf8a130a267 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -235,7 +235,7 @@ int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
235 if (IS_ERR(keyring)) 235 if (IS_ERR(keyring))
236 return PTR_ERR(keyring); 236 return PTR_ERR(keyring);
237 } else { 237 } else {
238 atomic_inc(&keyring->usage); 238 __key_get(keyring);
239 } 239 }
240 240
241 /* install the keyring */ 241 /* install the keyring */
@@ -319,11 +319,7 @@ void key_fsgid_changed(struct task_struct *tsk)
319 * In the case of a successful return, the possession attribute is set on the 319 * In the case of a successful return, the possession attribute is set on the
320 * returned key reference. 320 * returned key reference.
321 */ 321 */
322key_ref_t search_my_process_keyrings(struct key_type *type, 322key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
323 const void *description,
324 key_match_func_t match,
325 bool no_state_check,
326 const struct cred *cred)
327{ 323{
328 key_ref_t key_ref, ret, err; 324 key_ref_t key_ref, ret, err;
329 325
@@ -339,10 +335,9 @@ key_ref_t search_my_process_keyrings(struct key_type *type,
339 err = ERR_PTR(-EAGAIN); 335 err = ERR_PTR(-EAGAIN);
340 336
341 /* search the thread keyring first */ 337 /* search the thread keyring first */
342 if (cred->thread_keyring) { 338 if (ctx->cred->thread_keyring) {
343 key_ref = keyring_search_aux( 339 key_ref = keyring_search_aux(
344 make_key_ref(cred->thread_keyring, 1), 340 make_key_ref(ctx->cred->thread_keyring, 1), ctx);
345 cred, type, description, match, no_state_check);
346 if (!IS_ERR(key_ref)) 341 if (!IS_ERR(key_ref))
347 goto found; 342 goto found;
348 343
@@ -358,10 +353,9 @@ key_ref_t search_my_process_keyrings(struct key_type *type,
358 } 353 }
359 354
360 /* search the process keyring second */ 355 /* search the process keyring second */
361 if (cred->process_keyring) { 356 if (ctx->cred->process_keyring) {
362 key_ref = keyring_search_aux( 357 key_ref = keyring_search_aux(
363 make_key_ref(cred->process_keyring, 1), 358 make_key_ref(ctx->cred->process_keyring, 1), ctx);
364 cred, type, description, match, no_state_check);
365 if (!IS_ERR(key_ref)) 359 if (!IS_ERR(key_ref))
366 goto found; 360 goto found;
367 361
@@ -379,11 +373,11 @@ key_ref_t search_my_process_keyrings(struct key_type *type,
379 } 373 }
380 374
381 /* search the session keyring */ 375 /* search the session keyring */
382 if (cred->session_keyring) { 376 if (ctx->cred->session_keyring) {
383 rcu_read_lock(); 377 rcu_read_lock();
384 key_ref = keyring_search_aux( 378 key_ref = keyring_search_aux(
385 make_key_ref(rcu_dereference(cred->session_keyring), 1), 379 make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1),
386 cred, type, description, match, no_state_check); 380 ctx);
387 rcu_read_unlock(); 381 rcu_read_unlock();
388 382
389 if (!IS_ERR(key_ref)) 383 if (!IS_ERR(key_ref))
@@ -402,10 +396,10 @@ key_ref_t search_my_process_keyrings(struct key_type *type,
402 } 396 }
403 } 397 }
404 /* or search the user-session keyring */ 398 /* or search the user-session keyring */
405 else if (cred->user->session_keyring) { 399 else if (ctx->cred->user->session_keyring) {
406 key_ref = keyring_search_aux( 400 key_ref = keyring_search_aux(
407 make_key_ref(cred->user->session_keyring, 1), 401 make_key_ref(ctx->cred->user->session_keyring, 1),
408 cred, type, description, match, no_state_check); 402 ctx);
409 if (!IS_ERR(key_ref)) 403 if (!IS_ERR(key_ref))
410 goto found; 404 goto found;
411 405
@@ -437,18 +431,14 @@ found:
437 * 431 *
438 * Return same as search_my_process_keyrings(). 432 * Return same as search_my_process_keyrings().
439 */ 433 */
440key_ref_t search_process_keyrings(struct key_type *type, 434key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
441 const void *description,
442 key_match_func_t match,
443 const struct cred *cred)
444{ 435{
445 struct request_key_auth *rka; 436 struct request_key_auth *rka;
446 key_ref_t key_ref, ret = ERR_PTR(-EACCES), err; 437 key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
447 438
448 might_sleep(); 439 might_sleep();
449 440
450 key_ref = search_my_process_keyrings(type, description, match, 441 key_ref = search_my_process_keyrings(ctx);
451 false, cred);
452 if (!IS_ERR(key_ref)) 442 if (!IS_ERR(key_ref))
453 goto found; 443 goto found;
454 err = key_ref; 444 err = key_ref;
@@ -457,18 +447,21 @@ key_ref_t search_process_keyrings(struct key_type *type,
457 * search the keyrings of the process mentioned there 447 * search the keyrings of the process mentioned there
458 * - we don't permit access to request_key auth keys via this method 448 * - we don't permit access to request_key auth keys via this method
459 */ 449 */
460 if (cred->request_key_auth && 450 if (ctx->cred->request_key_auth &&
461 cred == current_cred() && 451 ctx->cred == current_cred() &&
462 type != &key_type_request_key_auth 452 ctx->index_key.type != &key_type_request_key_auth
463 ) { 453 ) {
454 const struct cred *cred = ctx->cred;
455
464 /* defend against the auth key being revoked */ 456 /* defend against the auth key being revoked */
465 down_read(&cred->request_key_auth->sem); 457 down_read(&cred->request_key_auth->sem);
466 458
467 if (key_validate(cred->request_key_auth) == 0) { 459 if (key_validate(ctx->cred->request_key_auth) == 0) {
468 rka = cred->request_key_auth->payload.data; 460 rka = ctx->cred->request_key_auth->payload.data;
469 461
470 key_ref = search_process_keyrings(type, description, 462 ctx->cred = rka->cred;
471 match, rka->cred); 463 key_ref = search_process_keyrings(ctx);
464 ctx->cred = cred;
472 465
473 up_read(&cred->request_key_auth->sem); 466 up_read(&cred->request_key_auth->sem);
474 467
@@ -522,19 +515,23 @@ int lookup_user_key_possessed(const struct key *key, const void *target)
522key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, 515key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
523 key_perm_t perm) 516 key_perm_t perm)
524{ 517{
518 struct keyring_search_context ctx = {
519 .match = lookup_user_key_possessed,
520 .flags = (KEYRING_SEARCH_NO_STATE_CHECK |
521 KEYRING_SEARCH_LOOKUP_DIRECT),
522 };
525 struct request_key_auth *rka; 523 struct request_key_auth *rka;
526 const struct cred *cred;
527 struct key *key; 524 struct key *key;
528 key_ref_t key_ref, skey_ref; 525 key_ref_t key_ref, skey_ref;
529 int ret; 526 int ret;
530 527
531try_again: 528try_again:
532 cred = get_current_cred(); 529 ctx.cred = get_current_cred();
533 key_ref = ERR_PTR(-ENOKEY); 530 key_ref = ERR_PTR(-ENOKEY);
534 531
535 switch (id) { 532 switch (id) {
536 case KEY_SPEC_THREAD_KEYRING: 533 case KEY_SPEC_THREAD_KEYRING:
537 if (!cred->thread_keyring) { 534 if (!ctx.cred->thread_keyring) {
538 if (!(lflags & KEY_LOOKUP_CREATE)) 535 if (!(lflags & KEY_LOOKUP_CREATE))
539 goto error; 536 goto error;
540 537
@@ -546,13 +543,13 @@ try_again:
546 goto reget_creds; 543 goto reget_creds;
547 } 544 }
548 545
549 key = cred->thread_keyring; 546 key = ctx.cred->thread_keyring;
550 atomic_inc(&key->usage); 547 __key_get(key);
551 key_ref = make_key_ref(key, 1); 548 key_ref = make_key_ref(key, 1);
552 break; 549 break;
553 550
554 case KEY_SPEC_PROCESS_KEYRING: 551 case KEY_SPEC_PROCESS_KEYRING:
555 if (!cred->process_keyring) { 552 if (!ctx.cred->process_keyring) {
556 if (!(lflags & KEY_LOOKUP_CREATE)) 553 if (!(lflags & KEY_LOOKUP_CREATE))
557 goto error; 554 goto error;
558 555
@@ -564,13 +561,13 @@ try_again:
564 goto reget_creds; 561 goto reget_creds;
565 } 562 }
566 563
567 key = cred->process_keyring; 564 key = ctx.cred->process_keyring;
568 atomic_inc(&key->usage); 565 __key_get(key);
569 key_ref = make_key_ref(key, 1); 566 key_ref = make_key_ref(key, 1);
570 break; 567 break;
571 568
572 case KEY_SPEC_SESSION_KEYRING: 569 case KEY_SPEC_SESSION_KEYRING:
573 if (!cred->session_keyring) { 570 if (!ctx.cred->session_keyring) {
574 /* always install a session keyring upon access if one 571 /* always install a session keyring upon access if one
575 * doesn't exist yet */ 572 * doesn't exist yet */
576 ret = install_user_keyrings(); 573 ret = install_user_keyrings();
@@ -580,13 +577,13 @@ try_again:
580 ret = join_session_keyring(NULL); 577 ret = join_session_keyring(NULL);
581 else 578 else
582 ret = install_session_keyring( 579 ret = install_session_keyring(
583 cred->user->session_keyring); 580 ctx.cred->user->session_keyring);
584 581
585 if (ret < 0) 582 if (ret < 0)
586 goto error; 583 goto error;
587 goto reget_creds; 584 goto reget_creds;
588 } else if (cred->session_keyring == 585 } else if (ctx.cred->session_keyring ==
589 cred->user->session_keyring && 586 ctx.cred->user->session_keyring &&
590 lflags & KEY_LOOKUP_CREATE) { 587 lflags & KEY_LOOKUP_CREATE) {
591 ret = join_session_keyring(NULL); 588 ret = join_session_keyring(NULL);
592 if (ret < 0) 589 if (ret < 0)
@@ -595,33 +592,33 @@ try_again:
595 } 592 }
596 593
597 rcu_read_lock(); 594 rcu_read_lock();
598 key = rcu_dereference(cred->session_keyring); 595 key = rcu_dereference(ctx.cred->session_keyring);
599 atomic_inc(&key->usage); 596 __key_get(key);
600 rcu_read_unlock(); 597 rcu_read_unlock();
601 key_ref = make_key_ref(key, 1); 598 key_ref = make_key_ref(key, 1);
602 break; 599 break;
603 600
604 case KEY_SPEC_USER_KEYRING: 601 case KEY_SPEC_USER_KEYRING:
605 if (!cred->user->uid_keyring) { 602 if (!ctx.cred->user->uid_keyring) {
606 ret = install_user_keyrings(); 603 ret = install_user_keyrings();
607 if (ret < 0) 604 if (ret < 0)
608 goto error; 605 goto error;
609 } 606 }
610 607
611 key = cred->user->uid_keyring; 608 key = ctx.cred->user->uid_keyring;
612 atomic_inc(&key->usage); 609 __key_get(key);
613 key_ref = make_key_ref(key, 1); 610 key_ref = make_key_ref(key, 1);
614 break; 611 break;
615 612
616 case KEY_SPEC_USER_SESSION_KEYRING: 613 case KEY_SPEC_USER_SESSION_KEYRING:
617 if (!cred->user->session_keyring) { 614 if (!ctx.cred->user->session_keyring) {
618 ret = install_user_keyrings(); 615 ret = install_user_keyrings();
619 if (ret < 0) 616 if (ret < 0)
620 goto error; 617 goto error;
621 } 618 }
622 619
623 key = cred->user->session_keyring; 620 key = ctx.cred->user->session_keyring;
624 atomic_inc(&key->usage); 621 __key_get(key);
625 key_ref = make_key_ref(key, 1); 622 key_ref = make_key_ref(key, 1);
626 break; 623 break;
627 624
@@ -631,29 +628,29 @@ try_again:
631 goto error; 628 goto error;
632 629
633 case KEY_SPEC_REQKEY_AUTH_KEY: 630 case KEY_SPEC_REQKEY_AUTH_KEY:
634 key = cred->request_key_auth; 631 key = ctx.cred->request_key_auth;
635 if (!key) 632 if (!key)
636 goto error; 633 goto error;
637 634
638 atomic_inc(&key->usage); 635 __key_get(key);
639 key_ref = make_key_ref(key, 1); 636 key_ref = make_key_ref(key, 1);
640 break; 637 break;
641 638
642 case KEY_SPEC_REQUESTOR_KEYRING: 639 case KEY_SPEC_REQUESTOR_KEYRING:
643 if (!cred->request_key_auth) 640 if (!ctx.cred->request_key_auth)
644 goto error; 641 goto error;
645 642
646 down_read(&cred->request_key_auth->sem); 643 down_read(&ctx.cred->request_key_auth->sem);
647 if (test_bit(KEY_FLAG_REVOKED, 644 if (test_bit(KEY_FLAG_REVOKED,
648 &cred->request_key_auth->flags)) { 645 &ctx.cred->request_key_auth->flags)) {
649 key_ref = ERR_PTR(-EKEYREVOKED); 646 key_ref = ERR_PTR(-EKEYREVOKED);
650 key = NULL; 647 key = NULL;
651 } else { 648 } else {
652 rka = cred->request_key_auth->payload.data; 649 rka = ctx.cred->request_key_auth->payload.data;
653 key = rka->dest_keyring; 650 key = rka->dest_keyring;
654 atomic_inc(&key->usage); 651 __key_get(key);
655 } 652 }
656 up_read(&cred->request_key_auth->sem); 653 up_read(&ctx.cred->request_key_auth->sem);
657 if (!key) 654 if (!key)
658 goto error; 655 goto error;
659 key_ref = make_key_ref(key, 1); 656 key_ref = make_key_ref(key, 1);
@@ -673,9 +670,13 @@ try_again:
673 key_ref = make_key_ref(key, 0); 670 key_ref = make_key_ref(key, 0);
674 671
675 /* check to see if we possess the key */ 672 /* check to see if we possess the key */
676 skey_ref = search_process_keyrings(key->type, key, 673 ctx.index_key.type = key->type;
677 lookup_user_key_possessed, 674 ctx.index_key.description = key->description;
678 cred); 675 ctx.index_key.desc_len = strlen(key->description);
676 ctx.match_data = key;
677 kdebug("check possessed");
678 skey_ref = search_process_keyrings(&ctx);
679 kdebug("possessed=%p", skey_ref);
679 680
680 if (!IS_ERR(skey_ref)) { 681 if (!IS_ERR(skey_ref)) {
681 key_put(key); 682 key_put(key);
@@ -715,14 +716,14 @@ try_again:
715 goto invalid_key; 716 goto invalid_key;
716 717
717 /* check the permissions */ 718 /* check the permissions */
718 ret = key_task_permission(key_ref, cred, perm); 719 ret = key_task_permission(key_ref, ctx.cred, perm);
719 if (ret < 0) 720 if (ret < 0)
720 goto invalid_key; 721 goto invalid_key;
721 722
722 key->last_used_at = current_kernel_time().tv_sec; 723 key->last_used_at = current_kernel_time().tv_sec;
723 724
724error: 725error:
725 put_cred(cred); 726 put_cred(ctx.cred);
726 return key_ref; 727 return key_ref;
727 728
728invalid_key: 729invalid_key:
@@ -733,7 +734,7 @@ invalid_key:
733 /* if we attempted to install a keyring, then it may have caused new 734 /* if we attempted to install a keyring, then it may have caused new
734 * creds to be installed */ 735 * creds to be installed */
735reget_creds: 736reget_creds:
736 put_cred(cred); 737 put_cred(ctx.cred);
737 goto try_again; 738 goto try_again;
738} 739}
739 740
@@ -856,3 +857,13 @@ void key_change_session_keyring(struct callback_head *twork)
856 857
857 commit_creds(new); 858 commit_creds(new);
858} 859}
860
861/*
862 * Make sure that root's user and user-session keyrings exist.
863 */
864static int __init init_root_keyring(void)
865{
866 return install_user_keyrings();
867}
868
869late_initcall(init_root_keyring);
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index c411f9bb156b..381411941cc1 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -345,33 +345,34 @@ static void construct_get_dest_keyring(struct key **_dest_keyring)
345 * May return a key that's already under construction instead if there was a 345 * May return a key that's already under construction instead if there was a
346 * race between two thread calling request_key(). 346 * race between two thread calling request_key().
347 */ 347 */
348static int construct_alloc_key(struct key_type *type, 348static int construct_alloc_key(struct keyring_search_context *ctx,
349 const char *description,
350 struct key *dest_keyring, 349 struct key *dest_keyring,
351 unsigned long flags, 350 unsigned long flags,
352 struct key_user *user, 351 struct key_user *user,
353 struct key **_key) 352 struct key **_key)
354{ 353{
355 const struct cred *cred = current_cred(); 354 struct assoc_array_edit *edit;
356 unsigned long prealloc;
357 struct key *key; 355 struct key *key;
358 key_perm_t perm; 356 key_perm_t perm;
359 key_ref_t key_ref; 357 key_ref_t key_ref;
360 int ret; 358 int ret;
361 359
362 kenter("%s,%s,,,", type->name, description); 360 kenter("%s,%s,,,",
361 ctx->index_key.type->name, ctx->index_key.description);
363 362
364 *_key = NULL; 363 *_key = NULL;
365 mutex_lock(&user->cons_lock); 364 mutex_lock(&user->cons_lock);
366 365
367 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; 366 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
368 perm |= KEY_USR_VIEW; 367 perm |= KEY_USR_VIEW;
369 if (type->read) 368 if (ctx->index_key.type->read)
370 perm |= KEY_POS_READ; 369 perm |= KEY_POS_READ;
371 if (type == &key_type_keyring || type->update) 370 if (ctx->index_key.type == &key_type_keyring ||
371 ctx->index_key.type->update)
372 perm |= KEY_POS_WRITE; 372 perm |= KEY_POS_WRITE;
373 373
374 key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred, 374 key = key_alloc(ctx->index_key.type, ctx->index_key.description,
375 ctx->cred->fsuid, ctx->cred->fsgid, ctx->cred,
375 perm, flags); 376 perm, flags);
376 if (IS_ERR(key)) 377 if (IS_ERR(key))
377 goto alloc_failed; 378 goto alloc_failed;
@@ -379,8 +380,7 @@ static int construct_alloc_key(struct key_type *type,
379 set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); 380 set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
380 381
381 if (dest_keyring) { 382 if (dest_keyring) {
382 ret = __key_link_begin(dest_keyring, type, description, 383 ret = __key_link_begin(dest_keyring, &ctx->index_key, &edit);
383 &prealloc);
384 if (ret < 0) 384 if (ret < 0)
385 goto link_prealloc_failed; 385 goto link_prealloc_failed;
386 } 386 }
@@ -390,16 +390,16 @@ static int construct_alloc_key(struct key_type *type,
390 * waited for locks */ 390 * waited for locks */
391 mutex_lock(&key_construction_mutex); 391 mutex_lock(&key_construction_mutex);
392 392
393 key_ref = search_process_keyrings(type, description, type->match, cred); 393 key_ref = search_process_keyrings(ctx);
394 if (!IS_ERR(key_ref)) 394 if (!IS_ERR(key_ref))
395 goto key_already_present; 395 goto key_already_present;
396 396
397 if (dest_keyring) 397 if (dest_keyring)
398 __key_link(dest_keyring, key, &prealloc); 398 __key_link(key, &edit);
399 399
400 mutex_unlock(&key_construction_mutex); 400 mutex_unlock(&key_construction_mutex);
401 if (dest_keyring) 401 if (dest_keyring)
402 __key_link_end(dest_keyring, type, prealloc); 402 __key_link_end(dest_keyring, &ctx->index_key, edit);
403 mutex_unlock(&user->cons_lock); 403 mutex_unlock(&user->cons_lock);
404 *_key = key; 404 *_key = key;
405 kleave(" = 0 [%d]", key_serial(key)); 405 kleave(" = 0 [%d]", key_serial(key));
@@ -414,8 +414,8 @@ key_already_present:
414 if (dest_keyring) { 414 if (dest_keyring) {
415 ret = __key_link_check_live_key(dest_keyring, key); 415 ret = __key_link_check_live_key(dest_keyring, key);
416 if (ret == 0) 416 if (ret == 0)
417 __key_link(dest_keyring, key, &prealloc); 417 __key_link(key, &edit);
418 __key_link_end(dest_keyring, type, prealloc); 418 __key_link_end(dest_keyring, &ctx->index_key, edit);
419 if (ret < 0) 419 if (ret < 0)
420 goto link_check_failed; 420 goto link_check_failed;
421 } 421 }
@@ -444,8 +444,7 @@ alloc_failed:
444/* 444/*
445 * Commence key construction. 445 * Commence key construction.
446 */ 446 */
447static struct key *construct_key_and_link(struct key_type *type, 447static struct key *construct_key_and_link(struct keyring_search_context *ctx,
448 const char *description,
449 const char *callout_info, 448 const char *callout_info,
450 size_t callout_len, 449 size_t callout_len,
451 void *aux, 450 void *aux,
@@ -464,8 +463,7 @@ static struct key *construct_key_and_link(struct key_type *type,
464 463
465 construct_get_dest_keyring(&dest_keyring); 464 construct_get_dest_keyring(&dest_keyring);
466 465
467 ret = construct_alloc_key(type, description, dest_keyring, flags, user, 466 ret = construct_alloc_key(ctx, dest_keyring, flags, user, &key);
468 &key);
469 key_user_put(user); 467 key_user_put(user);
470 468
471 if (ret == 0) { 469 if (ret == 0) {
@@ -529,17 +527,24 @@ struct key *request_key_and_link(struct key_type *type,
529 struct key *dest_keyring, 527 struct key *dest_keyring,
530 unsigned long flags) 528 unsigned long flags)
531{ 529{
532 const struct cred *cred = current_cred(); 530 struct keyring_search_context ctx = {
531 .index_key.type = type,
532 .index_key.description = description,
533 .cred = current_cred(),
534 .match = type->match,
535 .match_data = description,
536 .flags = KEYRING_SEARCH_LOOKUP_DIRECT,
537 };
533 struct key *key; 538 struct key *key;
534 key_ref_t key_ref; 539 key_ref_t key_ref;
535 int ret; 540 int ret;
536 541
537 kenter("%s,%s,%p,%zu,%p,%p,%lx", 542 kenter("%s,%s,%p,%zu,%p,%p,%lx",
538 type->name, description, callout_info, callout_len, aux, 543 ctx.index_key.type->name, ctx.index_key.description,
539 dest_keyring, flags); 544 callout_info, callout_len, aux, dest_keyring, flags);
540 545
541 /* search all the process keyrings for a key */ 546 /* search all the process keyrings for a key */
542 key_ref = search_process_keyrings(type, description, type->match, cred); 547 key_ref = search_process_keyrings(&ctx);
543 548
544 if (!IS_ERR(key_ref)) { 549 if (!IS_ERR(key_ref)) {
545 key = key_ref_to_ptr(key_ref); 550 key = key_ref_to_ptr(key_ref);
@@ -562,9 +567,8 @@ struct key *request_key_and_link(struct key_type *type,
562 if (!callout_info) 567 if (!callout_info)
563 goto error; 568 goto error;
564 569
565 key = construct_key_and_link(type, description, callout_info, 570 key = construct_key_and_link(&ctx, callout_info, callout_len,
566 callout_len, aux, dest_keyring, 571 aux, dest_keyring, flags);
567 flags);
568 } 572 }
569 573
570error: 574error:
@@ -592,8 +596,10 @@ int wait_for_key_construction(struct key *key, bool intr)
592 intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE); 596 intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
593 if (ret < 0) 597 if (ret < 0)
594 return ret; 598 return ret;
595 if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) 599 if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
600 smp_rmb();
596 return key->type_data.reject_error; 601 return key->type_data.reject_error;
602 }
597 return key_validate(key); 603 return key_validate(key);
598} 604}
599EXPORT_SYMBOL(wait_for_key_construction); 605EXPORT_SYMBOL(wait_for_key_construction);
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index 85730d5a5a59..7495a93b4b90 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -18,6 +18,7 @@
18#include <linux/slab.h> 18#include <linux/slab.h>
19#include <asm/uaccess.h> 19#include <asm/uaccess.h>
20#include "internal.h" 20#include "internal.h"
21#include <keys/user-type.h>
21 22
22static int request_key_auth_instantiate(struct key *, 23static int request_key_auth_instantiate(struct key *,
23 struct key_preparsed_payload *); 24 struct key_preparsed_payload *);
@@ -222,32 +223,26 @@ error_alloc:
222} 223}
223 224
224/* 225/*
225 * See if an authorisation key is associated with a particular key.
226 */
227static int key_get_instantiation_authkey_match(const struct key *key,
228 const void *_id)
229{
230 struct request_key_auth *rka = key->payload.data;
231 key_serial_t id = (key_serial_t)(unsigned long) _id;
232
233 return rka->target_key->serial == id;
234}
235
236/*
237 * Search the current process's keyrings for the authorisation key for 226 * Search the current process's keyrings for the authorisation key for
238 * instantiation of a key. 227 * instantiation of a key.
239 */ 228 */
240struct key *key_get_instantiation_authkey(key_serial_t target_id) 229struct key *key_get_instantiation_authkey(key_serial_t target_id)
241{ 230{
242 const struct cred *cred = current_cred(); 231 char description[16];
232 struct keyring_search_context ctx = {
233 .index_key.type = &key_type_request_key_auth,
234 .index_key.description = description,
235 .cred = current_cred(),
236 .match = user_match,
237 .match_data = description,
238 .flags = KEYRING_SEARCH_LOOKUP_DIRECT,
239 };
243 struct key *authkey; 240 struct key *authkey;
244 key_ref_t authkey_ref; 241 key_ref_t authkey_ref;
245 242
246 authkey_ref = search_process_keyrings( 243 sprintf(description, "%x", target_id);
247 &key_type_request_key_auth, 244
248 (void *) (unsigned long) target_id, 245 authkey_ref = search_process_keyrings(&ctx);
249 key_get_instantiation_authkey_match,
250 cred);
251 246
252 if (IS_ERR(authkey_ref)) { 247 if (IS_ERR(authkey_ref)) {
253 authkey = ERR_CAST(authkey_ref); 248 authkey = ERR_CAST(authkey_ref);
diff --git a/security/keys/sysctl.c b/security/keys/sysctl.c
index ee32d181764a..8c0af08760c8 100644
--- a/security/keys/sysctl.c
+++ b/security/keys/sysctl.c
@@ -61,5 +61,16 @@ ctl_table key_sysctls[] = {
61 .extra1 = (void *) &zero, 61 .extra1 = (void *) &zero,
62 .extra2 = (void *) &max, 62 .extra2 = (void *) &max,
63 }, 63 },
64#ifdef CONFIG_PERSISTENT_KEYRINGS
65 {
66 .procname = "persistent_keyring_expiry",
67 .data = &persistent_keyring_expiry,
68 .maxlen = sizeof(unsigned),
69 .mode = 0644,
70 .proc_handler = proc_dointvec_minmax,
71 .extra1 = (void *) &zero,
72 .extra2 = (void *) &max,
73 },
74#endif
64 { } 75 { }
65}; 76};
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index 55dc88939185..faa2caeb593f 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -25,14 +25,15 @@ static int logon_vet_description(const char *desc);
25 * arbitrary blob of data as the payload 25 * arbitrary blob of data as the payload
26 */ 26 */
27struct key_type key_type_user = { 27struct key_type key_type_user = {
28 .name = "user", 28 .name = "user",
29 .instantiate = user_instantiate, 29 .def_lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
30 .update = user_update, 30 .instantiate = user_instantiate,
31 .match = user_match, 31 .update = user_update,
32 .revoke = user_revoke, 32 .match = user_match,
33 .destroy = user_destroy, 33 .revoke = user_revoke,
34 .describe = user_describe, 34 .destroy = user_destroy,
35 .read = user_read, 35 .describe = user_describe,
36 .read = user_read,
36}; 37};
37 38
38EXPORT_SYMBOL_GPL(key_type_user); 39EXPORT_SYMBOL_GPL(key_type_user);
@@ -45,6 +46,7 @@ EXPORT_SYMBOL_GPL(key_type_user);
45 */ 46 */
46struct key_type key_type_logon = { 47struct key_type key_type_logon = {
47 .name = "logon", 48 .name = "logon",
49 .def_lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
48 .instantiate = user_instantiate, 50 .instantiate = user_instantiate,
49 .update = user_update, 51 .update = user_update,
50 .match = user_match, 52 .match = user_match,
diff --git a/security/security.c b/security/security.c
index 4dc31f4f2700..15b6928592ef 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1340,22 +1340,17 @@ int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
1340 return security_ops->xfrm_policy_delete_security(ctx); 1340 return security_ops->xfrm_policy_delete_security(ctx);
1341} 1341}
1342 1342
1343int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) 1343int security_xfrm_state_alloc(struct xfrm_state *x,
1344 struct xfrm_user_sec_ctx *sec_ctx)
1344{ 1345{
1345 return security_ops->xfrm_state_alloc_security(x, sec_ctx, 0); 1346 return security_ops->xfrm_state_alloc(x, sec_ctx);
1346} 1347}
1347EXPORT_SYMBOL(security_xfrm_state_alloc); 1348EXPORT_SYMBOL(security_xfrm_state_alloc);
1348 1349
1349int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 1350int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
1350 struct xfrm_sec_ctx *polsec, u32 secid) 1351 struct xfrm_sec_ctx *polsec, u32 secid)
1351{ 1352{
1352 if (!polsec) 1353 return security_ops->xfrm_state_alloc_acquire(x, polsec, secid);
1353 return 0;
1354 /*
1355 * We want the context to be taken from secid which is usually
1356 * from the sock.
1357 */
1358 return security_ops->xfrm_state_alloc_security(x, NULL, secid);
1359} 1354}
1360 1355
1361int security_xfrm_state_delete(struct xfrm_state *x) 1356int security_xfrm_state_delete(struct xfrm_state *x)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index c540795fb3f2..794c3ca49eac 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -95,7 +95,9 @@
95#include "audit.h" 95#include "audit.h"
96#include "avc_ss.h" 96#include "avc_ss.h"
97 97
98#define NUM_SEL_MNT_OPTS 5 98#define SB_TYPE_FMT "%s%s%s"
99#define SB_SUBTYPE(sb) (sb->s_subtype && sb->s_subtype[0])
100#define SB_TYPE_ARGS(sb) sb->s_type->name, SB_SUBTYPE(sb) ? "." : "", SB_SUBTYPE(sb) ? sb->s_subtype : ""
99 101
100extern struct security_operations *security_ops; 102extern struct security_operations *security_ops;
101 103
@@ -139,12 +141,28 @@ static struct kmem_cache *sel_inode_cache;
139 * This function checks the SECMARK reference counter to see if any SECMARK 141 * This function checks the SECMARK reference counter to see if any SECMARK
140 * targets are currently configured, if the reference counter is greater than 142 * targets are currently configured, if the reference counter is greater than
141 * zero SECMARK is considered to be enabled. Returns true (1) if SECMARK is 143 * zero SECMARK is considered to be enabled. Returns true (1) if SECMARK is
142 * enabled, false (0) if SECMARK is disabled. 144 * enabled, false (0) if SECMARK is disabled. If the always_check_network
145 * policy capability is enabled, SECMARK is always considered enabled.
143 * 146 *
144 */ 147 */
145static int selinux_secmark_enabled(void) 148static int selinux_secmark_enabled(void)
146{ 149{
147 return (atomic_read(&selinux_secmark_refcount) > 0); 150 return (selinux_policycap_alwaysnetwork || atomic_read(&selinux_secmark_refcount));
151}
152
153/**
154 * selinux_peerlbl_enabled - Check to see if peer labeling is currently enabled
155 *
156 * Description:
157 * This function checks if NetLabel or labeled IPSEC is enabled. Returns true
158 * (1) if any are enabled or false (0) if neither are enabled. If the
159 * always_check_network policy capability is enabled, peer labeling
160 * is always considered enabled.
161 *
162 */
163static int selinux_peerlbl_enabled(void)
164{
165 return (selinux_policycap_alwaysnetwork || netlbl_enabled() || selinux_xfrm_enabled());
148} 166}
149 167
150/* 168/*
@@ -309,8 +327,11 @@ enum {
309 Opt_defcontext = 3, 327 Opt_defcontext = 3,
310 Opt_rootcontext = 4, 328 Opt_rootcontext = 4,
311 Opt_labelsupport = 5, 329 Opt_labelsupport = 5,
330 Opt_nextmntopt = 6,
312}; 331};
313 332
333#define NUM_SEL_MNT_OPTS (Opt_nextmntopt - 1)
334
314static const match_table_t tokens = { 335static const match_table_t tokens = {
315 {Opt_context, CONTEXT_STR "%s"}, 336 {Opt_context, CONTEXT_STR "%s"},
316 {Opt_fscontext, FSCONTEXT_STR "%s"}, 337 {Opt_fscontext, FSCONTEXT_STR "%s"},
@@ -355,6 +376,29 @@ static int may_context_mount_inode_relabel(u32 sid,
355 return rc; 376 return rc;
356} 377}
357 378
379static int selinux_is_sblabel_mnt(struct super_block *sb)
380{
381 struct superblock_security_struct *sbsec = sb->s_security;
382
383 if (sbsec->behavior == SECURITY_FS_USE_XATTR ||
384 sbsec->behavior == SECURITY_FS_USE_TRANS ||
385 sbsec->behavior == SECURITY_FS_USE_TASK)
386 return 1;
387
388 /* Special handling for sysfs. Is genfs but also has setxattr handler*/
389 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
390 return 1;
391
392 /*
393 * Special handling for rootfs. Is genfs but supports
394 * setting SELinux context on in-core inodes.
395 */
396 if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0)
397 return 1;
398
399 return 0;
400}
401
358static int sb_finish_set_opts(struct super_block *sb) 402static int sb_finish_set_opts(struct super_block *sb)
359{ 403{
360 struct superblock_security_struct *sbsec = sb->s_security; 404 struct superblock_security_struct *sbsec = sb->s_security;
@@ -369,8 +413,8 @@ static int sb_finish_set_opts(struct super_block *sb)
369 the first boot of the SELinux kernel before we have 413 the first boot of the SELinux kernel before we have
370 assigned xattr values to the filesystem. */ 414 assigned xattr values to the filesystem. */
371 if (!root_inode->i_op->getxattr) { 415 if (!root_inode->i_op->getxattr) {
372 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no " 416 printk(KERN_WARNING "SELinux: (dev %s, type "SB_TYPE_FMT") has no "
373 "xattr support\n", sb->s_id, sb->s_type->name); 417 "xattr support\n", sb->s_id, SB_TYPE_ARGS(sb));
374 rc = -EOPNOTSUPP; 418 rc = -EOPNOTSUPP;
375 goto out; 419 goto out;
376 } 420 }
@@ -378,35 +422,27 @@ static int sb_finish_set_opts(struct super_block *sb)
378 if (rc < 0 && rc != -ENODATA) { 422 if (rc < 0 && rc != -ENODATA) {
379 if (rc == -EOPNOTSUPP) 423 if (rc == -EOPNOTSUPP)
380 printk(KERN_WARNING "SELinux: (dev %s, type " 424 printk(KERN_WARNING "SELinux: (dev %s, type "
381 "%s) has no security xattr handler\n", 425 SB_TYPE_FMT") has no security xattr handler\n",
382 sb->s_id, sb->s_type->name); 426 sb->s_id, SB_TYPE_ARGS(sb));
383 else 427 else
384 printk(KERN_WARNING "SELinux: (dev %s, type " 428 printk(KERN_WARNING "SELinux: (dev %s, type "
385 "%s) getxattr errno %d\n", sb->s_id, 429 SB_TYPE_FMT") getxattr errno %d\n", sb->s_id,
386 sb->s_type->name, -rc); 430 SB_TYPE_ARGS(sb), -rc);
387 goto out; 431 goto out;
388 } 432 }
389 } 433 }
390 434
391 sbsec->flags |= (SE_SBINITIALIZED | SE_SBLABELSUPP);
392
393 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) 435 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
394 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n", 436 printk(KERN_ERR "SELinux: initialized (dev %s, type "SB_TYPE_FMT"), unknown behavior\n",
395 sb->s_id, sb->s_type->name); 437 sb->s_id, SB_TYPE_ARGS(sb));
396 else 438 else
397 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n", 439 printk(KERN_DEBUG "SELinux: initialized (dev %s, type "SB_TYPE_FMT"), %s\n",
398 sb->s_id, sb->s_type->name, 440 sb->s_id, SB_TYPE_ARGS(sb),
399 labeling_behaviors[sbsec->behavior-1]); 441 labeling_behaviors[sbsec->behavior-1]);
400 442
401 if (sbsec->behavior == SECURITY_FS_USE_GENFS || 443 sbsec->flags |= SE_SBINITIALIZED;
402 sbsec->behavior == SECURITY_FS_USE_MNTPOINT || 444 if (selinux_is_sblabel_mnt(sb))
403 sbsec->behavior == SECURITY_FS_USE_NONE || 445 sbsec->flags |= SBLABEL_MNT;
404 sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
405 sbsec->flags &= ~SE_SBLABELSUPP;
406
407 /* Special handling for sysfs. Is genfs but also has setxattr handler*/
408 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
409 sbsec->flags |= SE_SBLABELSUPP;
410 446
411 /* Initialize the root inode. */ 447 /* Initialize the root inode. */
412 rc = inode_doinit_with_dentry(root_inode, root); 448 rc = inode_doinit_with_dentry(root_inode, root);
@@ -460,15 +496,18 @@ static int selinux_get_mnt_opts(const struct super_block *sb,
460 if (!ss_initialized) 496 if (!ss_initialized)
461 return -EINVAL; 497 return -EINVAL;
462 498
499 /* make sure we always check enough bits to cover the mask */
500 BUILD_BUG_ON(SE_MNTMASK >= (1 << NUM_SEL_MNT_OPTS));
501
463 tmp = sbsec->flags & SE_MNTMASK; 502 tmp = sbsec->flags & SE_MNTMASK;
464 /* count the number of mount options for this sb */ 503 /* count the number of mount options for this sb */
465 for (i = 0; i < 8; i++) { 504 for (i = 0; i < NUM_SEL_MNT_OPTS; i++) {
466 if (tmp & 0x01) 505 if (tmp & 0x01)
467 opts->num_mnt_opts++; 506 opts->num_mnt_opts++;
468 tmp >>= 1; 507 tmp >>= 1;
469 } 508 }
470 /* Check if the Label support flag is set */ 509 /* Check if the Label support flag is set */
471 if (sbsec->flags & SE_SBLABELSUPP) 510 if (sbsec->flags & SBLABEL_MNT)
472 opts->num_mnt_opts++; 511 opts->num_mnt_opts++;
473 512
474 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC); 513 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
@@ -515,9 +554,9 @@ static int selinux_get_mnt_opts(const struct super_block *sb,
515 opts->mnt_opts[i] = context; 554 opts->mnt_opts[i] = context;
516 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT; 555 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
517 } 556 }
518 if (sbsec->flags & SE_SBLABELSUPP) { 557 if (sbsec->flags & SBLABEL_MNT) {
519 opts->mnt_opts[i] = NULL; 558 opts->mnt_opts[i] = NULL;
520 opts->mnt_opts_flags[i++] = SE_SBLABELSUPP; 559 opts->mnt_opts_flags[i++] = SBLABEL_MNT;
521 } 560 }
522 561
523 BUG_ON(i != opts->num_mnt_opts); 562 BUG_ON(i != opts->num_mnt_opts);
@@ -561,7 +600,6 @@ static int selinux_set_mnt_opts(struct super_block *sb,
561 const struct cred *cred = current_cred(); 600 const struct cred *cred = current_cred();
562 int rc = 0, i; 601 int rc = 0, i;
563 struct superblock_security_struct *sbsec = sb->s_security; 602 struct superblock_security_struct *sbsec = sb->s_security;
564 const char *name = sb->s_type->name;
565 struct inode *inode = sbsec->sb->s_root->d_inode; 603 struct inode *inode = sbsec->sb->s_root->d_inode;
566 struct inode_security_struct *root_isec = inode->i_security; 604 struct inode_security_struct *root_isec = inode->i_security;
567 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; 605 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
@@ -614,14 +652,14 @@ static int selinux_set_mnt_opts(struct super_block *sb,
614 for (i = 0; i < num_opts; i++) { 652 for (i = 0; i < num_opts; i++) {
615 u32 sid; 653 u32 sid;
616 654
617 if (flags[i] == SE_SBLABELSUPP) 655 if (flags[i] == SBLABEL_MNT)
618 continue; 656 continue;
619 rc = security_context_to_sid(mount_options[i], 657 rc = security_context_to_sid(mount_options[i],
620 strlen(mount_options[i]), &sid); 658 strlen(mount_options[i]), &sid);
621 if (rc) { 659 if (rc) {
622 printk(KERN_WARNING "SELinux: security_context_to_sid" 660 printk(KERN_WARNING "SELinux: security_context_to_sid"
623 "(%s) failed for (dev %s, type %s) errno=%d\n", 661 "(%s) failed for (dev %s, type "SB_TYPE_FMT") errno=%d\n",
624 mount_options[i], sb->s_id, name, rc); 662 mount_options[i], sb->s_id, SB_TYPE_ARGS(sb), rc);
625 goto out; 663 goto out;
626 } 664 }
627 switch (flags[i]) { 665 switch (flags[i]) {
@@ -685,9 +723,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
685 * Determine the labeling behavior to use for this 723 * Determine the labeling behavior to use for this
686 * filesystem type. 724 * filesystem type.
687 */ 725 */
688 rc = security_fs_use((sbsec->flags & SE_SBPROC) ? 726 rc = security_fs_use(sb);
689 "proc" : sb->s_type->name,
690 &sbsec->behavior, &sbsec->sid);
691 if (rc) { 727 if (rc) {
692 printk(KERN_WARNING 728 printk(KERN_WARNING
693 "%s: security_fs_use(%s) returned %d\n", 729 "%s: security_fs_use(%s) returned %d\n",
@@ -770,7 +806,8 @@ out:
770out_double_mount: 806out_double_mount:
771 rc = -EINVAL; 807 rc = -EINVAL;
772 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different " 808 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
773 "security settings for (dev %s, type %s)\n", sb->s_id, name); 809 "security settings for (dev %s, type "SB_TYPE_FMT")\n", sb->s_id,
810 SB_TYPE_ARGS(sb));
774 goto out; 811 goto out;
775} 812}
776 813
@@ -1037,7 +1074,7 @@ static void selinux_write_opts(struct seq_file *m,
1037 case DEFCONTEXT_MNT: 1074 case DEFCONTEXT_MNT:
1038 prefix = DEFCONTEXT_STR; 1075 prefix = DEFCONTEXT_STR;
1039 break; 1076 break;
1040 case SE_SBLABELSUPP: 1077 case SBLABEL_MNT:
1041 seq_putc(m, ','); 1078 seq_putc(m, ',');
1042 seq_puts(m, LABELSUPP_STR); 1079 seq_puts(m, LABELSUPP_STR);
1043 continue; 1080 continue;
@@ -1649,7 +1686,7 @@ static int may_create(struct inode *dir,
1649 if (rc) 1686 if (rc)
1650 return rc; 1687 return rc;
1651 1688
1652 if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) { 1689 if (!newsid || !(sbsec->flags & SBLABEL_MNT)) {
1653 rc = security_transition_sid(sid, dsec->sid, tclass, 1690 rc = security_transition_sid(sid, dsec->sid, tclass,
1654 &dentry->d_name, &newsid); 1691 &dentry->d_name, &newsid);
1655 if (rc) 1692 if (rc)
@@ -2437,14 +2474,14 @@ static int selinux_sb_remount(struct super_block *sb, void *data)
2437 u32 sid; 2474 u32 sid;
2438 size_t len; 2475 size_t len;
2439 2476
2440 if (flags[i] == SE_SBLABELSUPP) 2477 if (flags[i] == SBLABEL_MNT)
2441 continue; 2478 continue;
2442 len = strlen(mount_options[i]); 2479 len = strlen(mount_options[i]);
2443 rc = security_context_to_sid(mount_options[i], len, &sid); 2480 rc = security_context_to_sid(mount_options[i], len, &sid);
2444 if (rc) { 2481 if (rc) {
2445 printk(KERN_WARNING "SELinux: security_context_to_sid" 2482 printk(KERN_WARNING "SELinux: security_context_to_sid"
2446 "(%s) failed for (dev %s, type %s) errno=%d\n", 2483 "(%s) failed for (dev %s, type "SB_TYPE_FMT") errno=%d\n",
2447 mount_options[i], sb->s_id, sb->s_type->name, rc); 2484 mount_options[i], sb->s_id, SB_TYPE_ARGS(sb), rc);
2448 goto out_free_opts; 2485 goto out_free_opts;
2449 } 2486 }
2450 rc = -EINVAL; 2487 rc = -EINVAL;
@@ -2482,8 +2519,8 @@ out_free_secdata:
2482 return rc; 2519 return rc;
2483out_bad_option: 2520out_bad_option:
2484 printk(KERN_WARNING "SELinux: unable to change security options " 2521 printk(KERN_WARNING "SELinux: unable to change security options "
2485 "during remount (dev %s, type=%s)\n", sb->s_id, 2522 "during remount (dev %s, type "SB_TYPE_FMT")\n", sb->s_id,
2486 sb->s_type->name); 2523 SB_TYPE_ARGS(sb));
2487 goto out_free_opts; 2524 goto out_free_opts;
2488} 2525}
2489 2526
@@ -2606,7 +2643,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2606 if ((sbsec->flags & SE_SBINITIALIZED) && 2643 if ((sbsec->flags & SE_SBINITIALIZED) &&
2607 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) 2644 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT))
2608 newsid = sbsec->mntpoint_sid; 2645 newsid = sbsec->mntpoint_sid;
2609 else if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) { 2646 else if (!newsid || !(sbsec->flags & SBLABEL_MNT)) {
2610 rc = security_transition_sid(sid, dsec->sid, 2647 rc = security_transition_sid(sid, dsec->sid,
2611 inode_mode_to_security_class(inode->i_mode), 2648 inode_mode_to_security_class(inode->i_mode),
2612 qstr, &newsid); 2649 qstr, &newsid);
@@ -2628,7 +2665,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2628 isec->initialized = 1; 2665 isec->initialized = 1;
2629 } 2666 }
2630 2667
2631 if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP)) 2668 if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))
2632 return -EOPNOTSUPP; 2669 return -EOPNOTSUPP;
2633 2670
2634 if (name) 2671 if (name)
@@ -2830,7 +2867,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2830 return selinux_inode_setotherxattr(dentry, name); 2867 return selinux_inode_setotherxattr(dentry, name);
2831 2868
2832 sbsec = inode->i_sb->s_security; 2869 sbsec = inode->i_sb->s_security;
2833 if (!(sbsec->flags & SE_SBLABELSUPP)) 2870 if (!(sbsec->flags & SBLABEL_MNT))
2834 return -EOPNOTSUPP; 2871 return -EOPNOTSUPP;
2835 2872
2836 if (!inode_owner_or_capable(inode)) 2873 if (!inode_owner_or_capable(inode))
@@ -3791,8 +3828,12 @@ static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3791 u32 nlbl_sid; 3828 u32 nlbl_sid;
3792 u32 nlbl_type; 3829 u32 nlbl_type;
3793 3830
3794 selinux_skb_xfrm_sid(skb, &xfrm_sid); 3831 err = selinux_skb_xfrm_sid(skb, &xfrm_sid);
3795 selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid); 3832 if (unlikely(err))
3833 return -EACCES;
3834 err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3835 if (unlikely(err))
3836 return -EACCES;
3796 3837
3797 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid); 3838 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3798 if (unlikely(err)) { 3839 if (unlikely(err)) {
@@ -4246,7 +4287,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4246 return selinux_sock_rcv_skb_compat(sk, skb, family); 4287 return selinux_sock_rcv_skb_compat(sk, skb, family);
4247 4288
4248 secmark_active = selinux_secmark_enabled(); 4289 secmark_active = selinux_secmark_enabled();
4249 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled(); 4290 peerlbl_active = selinux_peerlbl_enabled();
4250 if (!secmark_active && !peerlbl_active) 4291 if (!secmark_active && !peerlbl_active)
4251 return 0; 4292 return 0;
4252 4293
@@ -4628,7 +4669,7 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4628 4669
4629 secmark_active = selinux_secmark_enabled(); 4670 secmark_active = selinux_secmark_enabled();
4630 netlbl_active = netlbl_enabled(); 4671 netlbl_active = netlbl_enabled();
4631 peerlbl_active = netlbl_active || selinux_xfrm_enabled(); 4672 peerlbl_active = selinux_peerlbl_enabled();
4632 if (!secmark_active && !peerlbl_active) 4673 if (!secmark_active && !peerlbl_active)
4633 return NF_ACCEPT; 4674 return NF_ACCEPT;
4634 4675
@@ -4780,7 +4821,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4780 return NF_ACCEPT; 4821 return NF_ACCEPT;
4781#endif 4822#endif
4782 secmark_active = selinux_secmark_enabled(); 4823 secmark_active = selinux_secmark_enabled();
4783 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled(); 4824 peerlbl_active = selinux_peerlbl_enabled();
4784 if (!secmark_active && !peerlbl_active) 4825 if (!secmark_active && !peerlbl_active)
4785 return NF_ACCEPT; 4826 return NF_ACCEPT;
4786 4827
@@ -5784,7 +5825,8 @@ static struct security_operations selinux_ops = {
5784 .xfrm_policy_clone_security = selinux_xfrm_policy_clone, 5825 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
5785 .xfrm_policy_free_security = selinux_xfrm_policy_free, 5826 .xfrm_policy_free_security = selinux_xfrm_policy_free,
5786 .xfrm_policy_delete_security = selinux_xfrm_policy_delete, 5827 .xfrm_policy_delete_security = selinux_xfrm_policy_delete,
5787 .xfrm_state_alloc_security = selinux_xfrm_state_alloc, 5828 .xfrm_state_alloc = selinux_xfrm_state_alloc,
5829 .xfrm_state_alloc_acquire = selinux_xfrm_state_alloc_acquire,
5788 .xfrm_state_free_security = selinux_xfrm_state_free, 5830 .xfrm_state_free_security = selinux_xfrm_state_free,
5789 .xfrm_state_delete_security = selinux_xfrm_state_delete, 5831 .xfrm_state_delete_security = selinux_xfrm_state_delete,
5790 .xfrm_policy_lookup = selinux_xfrm_policy_lookup, 5832 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index aa47bcabb5f6..b1dfe1049450 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -58,8 +58,8 @@ struct superblock_security_struct {
58 u32 sid; /* SID of file system superblock */ 58 u32 sid; /* SID of file system superblock */
59 u32 def_sid; /* default SID for labeling */ 59 u32 def_sid; /* default SID for labeling */
60 u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */ 60 u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */
61 unsigned int behavior; /* labeling behavior */ 61 unsigned short behavior; /* labeling behavior */
62 unsigned char flags; /* which mount options were specified */ 62 unsigned short flags; /* which mount options were specified */
63 struct mutex lock; 63 struct mutex lock;
64 struct list_head isec_head; 64 struct list_head isec_head;
65 spinlock_t isec_lock; 65 spinlock_t isec_lock;
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 8fd8e18ea340..fe341ae37004 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -45,14 +45,15 @@
45/* Mask for just the mount related flags */ 45/* Mask for just the mount related flags */
46#define SE_MNTMASK 0x0f 46#define SE_MNTMASK 0x0f
47/* Super block security struct flags for mount options */ 47/* Super block security struct flags for mount options */
48/* BE CAREFUL, these need to be the low order bits for selinux_get_mnt_opts */
48#define CONTEXT_MNT 0x01 49#define CONTEXT_MNT 0x01
49#define FSCONTEXT_MNT 0x02 50#define FSCONTEXT_MNT 0x02
50#define ROOTCONTEXT_MNT 0x04 51#define ROOTCONTEXT_MNT 0x04
51#define DEFCONTEXT_MNT 0x08 52#define DEFCONTEXT_MNT 0x08
53#define SBLABEL_MNT 0x10
52/* Non-mount related flags */ 54/* Non-mount related flags */
53#define SE_SBINITIALIZED 0x10 55#define SE_SBINITIALIZED 0x0100
54#define SE_SBPROC 0x20 56#define SE_SBPROC 0x0200
55#define SE_SBLABELSUPP 0x40
56 57
57#define CONTEXT_STR "context=" 58#define CONTEXT_STR "context="
58#define FSCONTEXT_STR "fscontext=" 59#define FSCONTEXT_STR "fscontext="
@@ -68,12 +69,15 @@ extern int selinux_enabled;
68enum { 69enum {
69 POLICYDB_CAPABILITY_NETPEER, 70 POLICYDB_CAPABILITY_NETPEER,
70 POLICYDB_CAPABILITY_OPENPERM, 71 POLICYDB_CAPABILITY_OPENPERM,
72 POLICYDB_CAPABILITY_REDHAT1,
73 POLICYDB_CAPABILITY_ALWAYSNETWORK,
71 __POLICYDB_CAPABILITY_MAX 74 __POLICYDB_CAPABILITY_MAX
72}; 75};
73#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) 76#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
74 77
75extern int selinux_policycap_netpeer; 78extern int selinux_policycap_netpeer;
76extern int selinux_policycap_openperm; 79extern int selinux_policycap_openperm;
80extern int selinux_policycap_alwaysnetwork;
77 81
78/* 82/*
79 * type_datum properties 83 * type_datum properties
@@ -172,8 +176,7 @@ int security_get_allow_unknown(void);
172#define SECURITY_FS_USE_NATIVE 7 /* use native label support */ 176#define SECURITY_FS_USE_NATIVE 7 /* use native label support */
173#define SECURITY_FS_USE_MAX 7 /* Highest SECURITY_FS_USE_XXX */ 177#define SECURITY_FS_USE_MAX 7 /* Highest SECURITY_FS_USE_XXX */
174 178
175int security_fs_use(const char *fstype, unsigned int *behavior, 179int security_fs_use(struct super_block *sb);
176 u32 *sid);
177 180
178int security_genfs_sid(const char *fstype, char *name, u16 sclass, 181int security_genfs_sid(const char *fstype, char *name, u16 sclass,
179 u32 *sid); 182 u32 *sid);
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
index 6713f04e30ba..0dec76c64cf5 100644
--- a/security/selinux/include/xfrm.h
+++ b/security/selinux/include/xfrm.h
@@ -10,29 +10,21 @@
10#include <net/flow.h> 10#include <net/flow.h>
11 11
12int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, 12int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
13 struct xfrm_user_sec_ctx *sec_ctx); 13 struct xfrm_user_sec_ctx *uctx);
14int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, 14int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
15 struct xfrm_sec_ctx **new_ctxp); 15 struct xfrm_sec_ctx **new_ctxp);
16void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx); 16void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
17int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx); 17int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
18int selinux_xfrm_state_alloc(struct xfrm_state *x, 18int selinux_xfrm_state_alloc(struct xfrm_state *x,
19 struct xfrm_user_sec_ctx *sec_ctx, u32 secid); 19 struct xfrm_user_sec_ctx *uctx);
20int selinux_xfrm_state_alloc_acquire(struct xfrm_state *x,
21 struct xfrm_sec_ctx *polsec, u32 secid);
20void selinux_xfrm_state_free(struct xfrm_state *x); 22void selinux_xfrm_state_free(struct xfrm_state *x);
21int selinux_xfrm_state_delete(struct xfrm_state *x); 23int selinux_xfrm_state_delete(struct xfrm_state *x);
22int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir); 24int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
23int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, 25int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
24 struct xfrm_policy *xp, const struct flowi *fl); 26 struct xfrm_policy *xp,
25 27 const struct flowi *fl);
26/*
27 * Extract the security blob from the sock (it's actually on the socket)
28 */
29static inline struct inode_security_struct *get_sock_isec(struct sock *sk)
30{
31 if (!sk->sk_socket)
32 return NULL;
33
34 return SOCK_INODE(sk->sk_socket)->i_security;
35}
36 28
37#ifdef CONFIG_SECURITY_NETWORK_XFRM 29#ifdef CONFIG_SECURITY_NETWORK_XFRM
38extern atomic_t selinux_xfrm_refcount; 30extern atomic_t selinux_xfrm_refcount;
@@ -42,10 +34,10 @@ static inline int selinux_xfrm_enabled(void)
42 return (atomic_read(&selinux_xfrm_refcount) > 0); 34 return (atomic_read(&selinux_xfrm_refcount) > 0);
43} 35}
44 36
45int selinux_xfrm_sock_rcv_skb(u32 sid, struct sk_buff *skb, 37int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
46 struct common_audit_data *ad); 38 struct common_audit_data *ad);
47int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb, 39int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
48 struct common_audit_data *ad, u8 proto); 40 struct common_audit_data *ad, u8 proto);
49int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall); 41int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
50 42
51static inline void selinux_xfrm_notify_policyload(void) 43static inline void selinux_xfrm_notify_policyload(void)
@@ -64,19 +56,21 @@ static inline int selinux_xfrm_enabled(void)
64 return 0; 56 return 0;
65} 57}
66 58
67static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb, 59static inline int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
68 struct common_audit_data *ad) 60 struct common_audit_data *ad)
69{ 61{
70 return 0; 62 return 0;
71} 63}
72 64
73static inline int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb, 65static inline int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
74 struct common_audit_data *ad, u8 proto) 66 struct common_audit_data *ad,
67 u8 proto)
75{ 68{
76 return 0; 69 return 0;
77} 70}
78 71
79static inline int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall) 72static inline int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid,
73 int ckall)
80{ 74{
81 *sid = SECSID_NULL; 75 *sid = SECSID_NULL;
82 return 0; 76 return 0;
@@ -87,10 +81,9 @@ static inline void selinux_xfrm_notify_policyload(void)
87} 81}
88#endif 82#endif
89 83
90static inline void selinux_skb_xfrm_sid(struct sk_buff *skb, u32 *sid) 84static inline int selinux_skb_xfrm_sid(struct sk_buff *skb, u32 *sid)
91{ 85{
92 int err = selinux_xfrm_decode_session(skb, sid, 0); 86 return selinux_xfrm_decode_session(skb, sid, 0);
93 BUG_ON(err);
94} 87}
95 88
96#endif /* _SELINUX_XFRM_H_ */ 89#endif /* _SELINUX_XFRM_H_ */
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index da4b8b233280..6235d052338b 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -442,8 +442,7 @@ int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr)
442 sksec->nlbl_state != NLBL_CONNLABELED) 442 sksec->nlbl_state != NLBL_CONNLABELED)
443 return 0; 443 return 0;
444 444
445 local_bh_disable(); 445 lock_sock(sk);
446 bh_lock_sock_nested(sk);
447 446
448 /* connected sockets are allowed to disconnect when the address family 447 /* connected sockets are allowed to disconnect when the address family
449 * is set to AF_UNSPEC, if that is what is happening we want to reset 448 * is set to AF_UNSPEC, if that is what is happening we want to reset
@@ -464,7 +463,6 @@ int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr)
464 sksec->nlbl_state = NLBL_CONNLABELED; 463 sksec->nlbl_state = NLBL_CONNLABELED;
465 464
466socket_connect_return: 465socket_connect_return:
467 bh_unlock_sock(sk); 466 release_sock(sk);
468 local_bh_enable();
469 return rc; 467 return rc;
470} 468}
diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index c5454c0477c3..03a72c32afd7 100644
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -166,6 +166,7 @@ static void sel_netnode_insert(struct sel_netnode *node)
166 break; 166 break;
167 default: 167 default:
168 BUG(); 168 BUG();
169 return;
169 } 170 }
170 171
171 /* we need to impose a limit on the growth of the hash table so check 172 /* we need to impose a limit on the growth of the hash table so check
@@ -225,6 +226,7 @@ static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid)
225 break; 226 break;
226 default: 227 default:
227 BUG(); 228 BUG();
229 ret = -EINVAL;
228 } 230 }
229 if (ret != 0) 231 if (ret != 0)
230 goto out; 232 goto out;
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index ff427733c290..5122affe06a8 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -44,7 +44,9 @@
44/* Policy capability filenames */ 44/* Policy capability filenames */
45static char *policycap_names[] = { 45static char *policycap_names[] = {
46 "network_peer_controls", 46 "network_peer_controls",
47 "open_perms" 47 "open_perms",
48 "redhat1",
49 "always_check_network"
48}; 50};
49 51
50unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE; 52unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
index 30f119b1d1ec..820313a04d49 100644
--- a/security/selinux/ss/ebitmap.c
+++ b/security/selinux/ss/ebitmap.c
@@ -213,7 +213,12 @@ netlbl_import_failure:
213} 213}
214#endif /* CONFIG_NETLABEL */ 214#endif /* CONFIG_NETLABEL */
215 215
216int ebitmap_contains(struct ebitmap *e1, struct ebitmap *e2) 216/*
217 * Check to see if all the bits set in e2 are also set in e1. Optionally,
218 * if last_e2bit is non-zero, the highest set bit in e2 cannot exceed
219 * last_e2bit.
220 */
221int ebitmap_contains(struct ebitmap *e1, struct ebitmap *e2, u32 last_e2bit)
217{ 222{
218 struct ebitmap_node *n1, *n2; 223 struct ebitmap_node *n1, *n2;
219 int i; 224 int i;
@@ -223,14 +228,25 @@ int ebitmap_contains(struct ebitmap *e1, struct ebitmap *e2)
223 228
224 n1 = e1->node; 229 n1 = e1->node;
225 n2 = e2->node; 230 n2 = e2->node;
231
226 while (n1 && n2 && (n1->startbit <= n2->startbit)) { 232 while (n1 && n2 && (n1->startbit <= n2->startbit)) {
227 if (n1->startbit < n2->startbit) { 233 if (n1->startbit < n2->startbit) {
228 n1 = n1->next; 234 n1 = n1->next;
229 continue; 235 continue;
230 } 236 }
231 for (i = 0; i < EBITMAP_UNIT_NUMS; i++) { 237 for (i = EBITMAP_UNIT_NUMS - 1; (i >= 0) && !n2->maps[i]; )
238 i--; /* Skip trailing NULL map entries */
239 if (last_e2bit && (i >= 0)) {
240 u32 lastsetbit = n2->startbit + i * EBITMAP_UNIT_SIZE +
241 __fls(n2->maps[i]);
242 if (lastsetbit > last_e2bit)
243 return 0;
244 }
245
246 while (i >= 0) {
232 if ((n1->maps[i] & n2->maps[i]) != n2->maps[i]) 247 if ((n1->maps[i] & n2->maps[i]) != n2->maps[i])
233 return 0; 248 return 0;
249 i--;
234 } 250 }
235 251
236 n1 = n1->next; 252 n1 = n1->next;
diff --git a/security/selinux/ss/ebitmap.h b/security/selinux/ss/ebitmap.h
index 922f8afa89dd..712c8a7b8e8b 100644
--- a/security/selinux/ss/ebitmap.h
+++ b/security/selinux/ss/ebitmap.h
@@ -16,7 +16,13 @@
16 16
17#include <net/netlabel.h> 17#include <net/netlabel.h>
18 18
19#define EBITMAP_UNIT_NUMS ((32 - sizeof(void *) - sizeof(u32)) \ 19#ifdef CONFIG_64BIT
20#define EBITMAP_NODE_SIZE 64
21#else
22#define EBITMAP_NODE_SIZE 32
23#endif
24
25#define EBITMAP_UNIT_NUMS ((EBITMAP_NODE_SIZE-sizeof(void *)-sizeof(u32))\
20 / sizeof(unsigned long)) 26 / sizeof(unsigned long))
21#define EBITMAP_UNIT_SIZE BITS_PER_LONG 27#define EBITMAP_UNIT_SIZE BITS_PER_LONG
22#define EBITMAP_SIZE (EBITMAP_UNIT_NUMS * EBITMAP_UNIT_SIZE) 28#define EBITMAP_SIZE (EBITMAP_UNIT_NUMS * EBITMAP_UNIT_SIZE)
@@ -117,7 +123,7 @@ static inline void ebitmap_node_clr_bit(struct ebitmap_node *n,
117 123
118int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2); 124int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2);
119int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src); 125int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src);
120int ebitmap_contains(struct ebitmap *e1, struct ebitmap *e2); 126int ebitmap_contains(struct ebitmap *e1, struct ebitmap *e2, u32 last_e2bit);
121int ebitmap_get_bit(struct ebitmap *e, unsigned long bit); 127int ebitmap_get_bit(struct ebitmap *e, unsigned long bit);
122int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value); 128int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value);
123void ebitmap_destroy(struct ebitmap *e); 129void ebitmap_destroy(struct ebitmap *e);
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index 40de8d3f208e..c85bc1ec040c 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -160,8 +160,6 @@ void mls_sid_to_context(struct context *context,
160int mls_level_isvalid(struct policydb *p, struct mls_level *l) 160int mls_level_isvalid(struct policydb *p, struct mls_level *l)
161{ 161{
162 struct level_datum *levdatum; 162 struct level_datum *levdatum;
163 struct ebitmap_node *node;
164 int i;
165 163
166 if (!l->sens || l->sens > p->p_levels.nprim) 164 if (!l->sens || l->sens > p->p_levels.nprim)
167 return 0; 165 return 0;
@@ -170,19 +168,13 @@ int mls_level_isvalid(struct policydb *p, struct mls_level *l)
170 if (!levdatum) 168 if (!levdatum)
171 return 0; 169 return 0;
172 170
173 ebitmap_for_each_positive_bit(&l->cat, node, i) { 171 /*
174 if (i > p->p_cats.nprim) 172 * Return 1 iff all the bits set in l->cat are also be set in
175 return 0; 173 * levdatum->level->cat and no bit in l->cat is larger than
176 if (!ebitmap_get_bit(&levdatum->level->cat, i)) { 174 * p->p_cats.nprim.
177 /* 175 */
178 * Category may not be associated with 176 return ebitmap_contains(&levdatum->level->cat, &l->cat,
179 * sensitivity. 177 p->p_cats.nprim);
180 */
181 return 0;
182 }
183 }
184
185 return 1;
186} 178}
187 179
188int mls_range_isvalid(struct policydb *p, struct mls_range *r) 180int mls_range_isvalid(struct policydb *p, struct mls_range *r)
diff --git a/security/selinux/ss/mls_types.h b/security/selinux/ss/mls_types.h
index 03bed52a8052..e93648774137 100644
--- a/security/selinux/ss/mls_types.h
+++ b/security/selinux/ss/mls_types.h
@@ -35,7 +35,7 @@ static inline int mls_level_eq(struct mls_level *l1, struct mls_level *l2)
35static inline int mls_level_dom(struct mls_level *l1, struct mls_level *l2) 35static inline int mls_level_dom(struct mls_level *l1, struct mls_level *l2)
36{ 36{
37 return ((l1->sens >= l2->sens) && 37 return ((l1->sens >= l2->sens) &&
38 ebitmap_contains(&l1->cat, &l2->cat)); 38 ebitmap_contains(&l1->cat, &l2->cat, 0));
39} 39}
40 40
41#define mls_level_incomp(l1, l2) \ 41#define mls_level_incomp(l1, l2) \
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index c8adde3aff8f..f6195ebde3c9 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -3203,9 +3203,8 @@ static int range_write_helper(void *key, void *data, void *ptr)
3203 3203
3204static int range_write(struct policydb *p, void *fp) 3204static int range_write(struct policydb *p, void *fp)
3205{ 3205{
3206 size_t nel;
3207 __le32 buf[1]; 3206 __le32 buf[1];
3208 int rc; 3207 int rc, nel;
3209 struct policy_data pd; 3208 struct policy_data pd;
3210 3209
3211 pd.p = p; 3210 pd.p = p;
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index b4feecc3fe01..ee470a0b5c27 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -72,6 +72,7 @@
72 72
73int selinux_policycap_netpeer; 73int selinux_policycap_netpeer;
74int selinux_policycap_openperm; 74int selinux_policycap_openperm;
75int selinux_policycap_alwaysnetwork;
75 76
76static DEFINE_RWLOCK(policy_rwlock); 77static DEFINE_RWLOCK(policy_rwlock);
77 78
@@ -1812,6 +1813,8 @@ static void security_load_policycaps(void)
1812 POLICYDB_CAPABILITY_NETPEER); 1813 POLICYDB_CAPABILITY_NETPEER);
1813 selinux_policycap_openperm = ebitmap_get_bit(&policydb.policycaps, 1814 selinux_policycap_openperm = ebitmap_get_bit(&policydb.policycaps,
1814 POLICYDB_CAPABILITY_OPENPERM); 1815 POLICYDB_CAPABILITY_OPENPERM);
1816 selinux_policycap_alwaysnetwork = ebitmap_get_bit(&policydb.policycaps,
1817 POLICYDB_CAPABILITY_ALWAYSNETWORK);
1815} 1818}
1816 1819
1817static int security_preserve_bools(struct policydb *p); 1820static int security_preserve_bools(struct policydb *p);
@@ -2323,43 +2326,74 @@ out:
2323 2326
2324/** 2327/**
2325 * security_fs_use - Determine how to handle labeling for a filesystem. 2328 * security_fs_use - Determine how to handle labeling for a filesystem.
2326 * @fstype: filesystem type 2329 * @sb: superblock in question
2327 * @behavior: labeling behavior
2328 * @sid: SID for filesystem (superblock)
2329 */ 2330 */
2330int security_fs_use( 2331int security_fs_use(struct super_block *sb)
2331 const char *fstype,
2332 unsigned int *behavior,
2333 u32 *sid)
2334{ 2332{
2335 int rc = 0; 2333 int rc = 0;
2336 struct ocontext *c; 2334 struct ocontext *c;
2335 struct superblock_security_struct *sbsec = sb->s_security;
2336 const char *fstype = sb->s_type->name;
2337 const char *subtype = (sb->s_subtype && sb->s_subtype[0]) ? sb->s_subtype : NULL;
2338 struct ocontext *base = NULL;
2337 2339
2338 read_lock(&policy_rwlock); 2340 read_lock(&policy_rwlock);
2339 2341
2340 c = policydb.ocontexts[OCON_FSUSE]; 2342 for (c = policydb.ocontexts[OCON_FSUSE]; c; c = c->next) {
2341 while (c) { 2343 char *sub;
2342 if (strcmp(fstype, c->u.name) == 0) 2344 int baselen;
2345
2346 baselen = strlen(fstype);
2347
2348 /* if base does not match, this is not the one */
2349 if (strncmp(fstype, c->u.name, baselen))
2350 continue;
2351
2352 /* if there is no subtype, this is the one! */
2353 if (!subtype)
2354 break;
2355
2356 /* skip past the base in this entry */
2357 sub = c->u.name + baselen;
2358
2359 /* entry is only a base. save it. keep looking for subtype */
2360 if (sub[0] == '\0') {
2361 base = c;
2362 continue;
2363 }
2364
2365 /* entry is not followed by a subtype, so it is not a match */
2366 if (sub[0] != '.')
2367 continue;
2368
2369 /* whew, we found a subtype of this fstype */
2370 sub++; /* move past '.' */
2371
2372 /* exact match of fstype AND subtype */
2373 if (!strcmp(subtype, sub))
2343 break; 2374 break;
2344 c = c->next;
2345 } 2375 }
2346 2376
2377 /* in case we had found an fstype match but no subtype match */
2378 if (!c)
2379 c = base;
2380
2347 if (c) { 2381 if (c) {
2348 *behavior = c->v.behavior; 2382 sbsec->behavior = c->v.behavior;
2349 if (!c->sid[0]) { 2383 if (!c->sid[0]) {
2350 rc = sidtab_context_to_sid(&sidtab, &c->context[0], 2384 rc = sidtab_context_to_sid(&sidtab, &c->context[0],
2351 &c->sid[0]); 2385 &c->sid[0]);
2352 if (rc) 2386 if (rc)
2353 goto out; 2387 goto out;
2354 } 2388 }
2355 *sid = c->sid[0]; 2389 sbsec->sid = c->sid[0];
2356 } else { 2390 } else {
2357 rc = security_genfs_sid(fstype, "/", SECCLASS_DIR, sid); 2391 rc = security_genfs_sid(fstype, "/", SECCLASS_DIR, &sbsec->sid);
2358 if (rc) { 2392 if (rc) {
2359 *behavior = SECURITY_FS_USE_NONE; 2393 sbsec->behavior = SECURITY_FS_USE_NONE;
2360 rc = 0; 2394 rc = 0;
2361 } else { 2395 } else {
2362 *behavior = SECURITY_FS_USE_GENFS; 2396 sbsec->behavior = SECURITY_FS_USE_GENFS;
2363 } 2397 }
2364 } 2398 }
2365 2399
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index d03081886214..a91d205ec0c6 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -56,7 +56,7 @@
56atomic_t selinux_xfrm_refcount = ATOMIC_INIT(0); 56atomic_t selinux_xfrm_refcount = ATOMIC_INIT(0);
57 57
58/* 58/*
59 * Returns true if an LSM/SELinux context 59 * Returns true if the context is an LSM/SELinux context.
60 */ 60 */
61static inline int selinux_authorizable_ctx(struct xfrm_sec_ctx *ctx) 61static inline int selinux_authorizable_ctx(struct xfrm_sec_ctx *ctx)
62{ 62{
@@ -66,7 +66,7 @@ static inline int selinux_authorizable_ctx(struct xfrm_sec_ctx *ctx)
66} 66}
67 67
68/* 68/*
69 * Returns true if the xfrm contains a security blob for SELinux 69 * Returns true if the xfrm contains a security blob for SELinux.
70 */ 70 */
71static inline int selinux_authorizable_xfrm(struct xfrm_state *x) 71static inline int selinux_authorizable_xfrm(struct xfrm_state *x)
72{ 72{
@@ -74,48 +74,111 @@ static inline int selinux_authorizable_xfrm(struct xfrm_state *x)
74} 74}
75 75
76/* 76/*
77 * LSM hook implementation that authorizes that a flow can use 77 * Allocates a xfrm_sec_state and populates it using the supplied security
78 * a xfrm policy rule. 78 * xfrm_user_sec_ctx context.
79 */ 79 */
80int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) 80static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp,
81 struct xfrm_user_sec_ctx *uctx)
81{ 82{
82 int rc; 83 int rc;
83 u32 sel_sid; 84 const struct task_security_struct *tsec = current_security();
85 struct xfrm_sec_ctx *ctx = NULL;
86 u32 str_len;
84 87
85 /* Context sid is either set to label or ANY_ASSOC */ 88 if (ctxp == NULL || uctx == NULL ||
86 if (ctx) { 89 uctx->ctx_doi != XFRM_SC_DOI_LSM ||
87 if (!selinux_authorizable_ctx(ctx)) 90 uctx->ctx_alg != XFRM_SC_ALG_SELINUX)
88 return -EINVAL; 91 return -EINVAL;
89
90 sel_sid = ctx->ctx_sid;
91 } else
92 /*
93 * All flows should be treated as polmatch'ing an
94 * otherwise applicable "non-labeled" policy. This
95 * would prevent inadvertent "leaks".
96 */
97 return 0;
98 92
99 rc = avc_has_perm(fl_secid, sel_sid, SECCLASS_ASSOCIATION, 93 str_len = uctx->ctx_len;
100 ASSOCIATION__POLMATCH, 94 if (str_len >= PAGE_SIZE)
101 NULL); 95 return -ENOMEM;
102 96
103 if (rc == -EACCES) 97 ctx = kmalloc(sizeof(*ctx) + str_len + 1, GFP_KERNEL);
104 return -ESRCH; 98 if (!ctx)
99 return -ENOMEM;
105 100
101 ctx->ctx_doi = XFRM_SC_DOI_LSM;
102 ctx->ctx_alg = XFRM_SC_ALG_SELINUX;
103 ctx->ctx_len = str_len;
104 memcpy(ctx->ctx_str, &uctx[1], str_len);
105 ctx->ctx_str[str_len] = '\0';
106 rc = security_context_to_sid(ctx->ctx_str, str_len, &ctx->ctx_sid);
107 if (rc)
108 goto err;
109
110 rc = avc_has_perm(tsec->sid, ctx->ctx_sid,
111 SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, NULL);
112 if (rc)
113 goto err;
114
115 *ctxp = ctx;
116 atomic_inc(&selinux_xfrm_refcount);
117 return 0;
118
119err:
120 kfree(ctx);
106 return rc; 121 return rc;
107} 122}
108 123
109/* 124/*
125 * Free the xfrm_sec_ctx structure.
126 */
127static void selinux_xfrm_free(struct xfrm_sec_ctx *ctx)
128{
129 if (!ctx)
130 return;
131
132 atomic_dec(&selinux_xfrm_refcount);
133 kfree(ctx);
134}
135
136/*
137 * Authorize the deletion of a labeled SA or policy rule.
138 */
139static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx)
140{
141 const struct task_security_struct *tsec = current_security();
142
143 if (!ctx)
144 return 0;
145
146 return avc_has_perm(tsec->sid, ctx->ctx_sid,
147 SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT,
148 NULL);
149}
150
151/*
152 * LSM hook implementation that authorizes that a flow can use a xfrm policy
153 * rule.
154 */
155int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
156{
157 int rc;
158
159 /* All flows should be treated as polmatch'ing an otherwise applicable
160 * "non-labeled" policy. This would prevent inadvertent "leaks". */
161 if (!ctx)
162 return 0;
163
164 /* Context sid is either set to label or ANY_ASSOC */
165 if (!selinux_authorizable_ctx(ctx))
166 return -EINVAL;
167
168 rc = avc_has_perm(fl_secid, ctx->ctx_sid,
169 SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, NULL);
170 return (rc == -EACCES ? -ESRCH : rc);
171}
172
173/*
110 * LSM hook implementation that authorizes that a state matches 174 * LSM hook implementation that authorizes that a state matches
111 * the given policy, flow combo. 175 * the given policy, flow combo.
112 */ 176 */
113 177int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
114int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, struct xfrm_policy *xp, 178 struct xfrm_policy *xp,
115 const struct flowi *fl) 179 const struct flowi *fl)
116{ 180{
117 u32 state_sid; 181 u32 state_sid;
118 int rc;
119 182
120 if (!xp->security) 183 if (!xp->security)
121 if (x->security) 184 if (x->security)
@@ -138,187 +201,80 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, struct xfrm_policy *
138 if (fl->flowi_secid != state_sid) 201 if (fl->flowi_secid != state_sid)
139 return 0; 202 return 0;
140 203
141 rc = avc_has_perm(fl->flowi_secid, state_sid, SECCLASS_ASSOCIATION, 204 /* We don't need a separate SA Vs. policy polmatch check since the SA
142 ASSOCIATION__SENDTO, 205 * is now of the same label as the flow and a flow Vs. policy polmatch
143 NULL)? 0:1; 206 * check had already happened in selinux_xfrm_policy_lookup() above. */
144 207 return (avc_has_perm(fl->flowi_secid, state_sid,
145 /* 208 SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO,
146 * We don't need a separate SA Vs. policy polmatch check 209 NULL) ? 0 : 1);
147 * since the SA is now of the same label as the flow and
148 * a flow Vs. policy polmatch check had already happened
149 * in selinux_xfrm_policy_lookup() above.
150 */
151
152 return rc;
153} 210}
154 211
155/* 212/*
156 * LSM hook implementation that checks and/or returns the xfrm sid for the 213 * LSM hook implementation that checks and/or returns the xfrm sid for the
157 * incoming packet. 214 * incoming packet.
158 */ 215 */
159
160int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall) 216int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall)
161{ 217{
218 u32 sid_session = SECSID_NULL;
162 struct sec_path *sp; 219 struct sec_path *sp;
163 220
164 *sid = SECSID_NULL;
165
166 if (skb == NULL) 221 if (skb == NULL)
167 return 0; 222 goto out;
168 223
169 sp = skb->sp; 224 sp = skb->sp;
170 if (sp) { 225 if (sp) {
171 int i, sid_set = 0; 226 int i;
172 227
173 for (i = sp->len-1; i >= 0; i--) { 228 for (i = sp->len - 1; i >= 0; i--) {
174 struct xfrm_state *x = sp->xvec[i]; 229 struct xfrm_state *x = sp->xvec[i];
175 if (selinux_authorizable_xfrm(x)) { 230 if (selinux_authorizable_xfrm(x)) {
176 struct xfrm_sec_ctx *ctx = x->security; 231 struct xfrm_sec_ctx *ctx = x->security;
177 232
178 if (!sid_set) { 233 if (sid_session == SECSID_NULL) {
179 *sid = ctx->ctx_sid; 234 sid_session = ctx->ctx_sid;
180 sid_set = 1;
181
182 if (!ckall) 235 if (!ckall)
183 break; 236 goto out;
184 } else if (*sid != ctx->ctx_sid) 237 } else if (sid_session != ctx->ctx_sid) {
238 *sid = SECSID_NULL;
185 return -EINVAL; 239 return -EINVAL;
240 }
186 } 241 }
187 } 242 }
188 } 243 }
189 244
190 return 0;
191}
192
193/*
194 * Security blob allocation for xfrm_policy and xfrm_state
195 * CTX does not have a meaningful value on input
196 */
197static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
198 struct xfrm_user_sec_ctx *uctx, u32 sid)
199{
200 int rc = 0;
201 const struct task_security_struct *tsec = current_security();
202 struct xfrm_sec_ctx *ctx = NULL;
203 char *ctx_str = NULL;
204 u32 str_len;
205
206 BUG_ON(uctx && sid);
207
208 if (!uctx)
209 goto not_from_user;
210
211 if (uctx->ctx_alg != XFRM_SC_ALG_SELINUX)
212 return -EINVAL;
213
214 str_len = uctx->ctx_len;
215 if (str_len >= PAGE_SIZE)
216 return -ENOMEM;
217
218 *ctxp = ctx = kmalloc(sizeof(*ctx) +
219 str_len + 1,
220 GFP_KERNEL);
221
222 if (!ctx)
223 return -ENOMEM;
224
225 ctx->ctx_doi = uctx->ctx_doi;
226 ctx->ctx_len = str_len;
227 ctx->ctx_alg = uctx->ctx_alg;
228
229 memcpy(ctx->ctx_str,
230 uctx+1,
231 str_len);
232 ctx->ctx_str[str_len] = 0;
233 rc = security_context_to_sid(ctx->ctx_str,
234 str_len,
235 &ctx->ctx_sid);
236
237 if (rc)
238 goto out;
239
240 /*
241 * Does the subject have permission to set security context?
242 */
243 rc = avc_has_perm(tsec->sid, ctx->ctx_sid,
244 SECCLASS_ASSOCIATION,
245 ASSOCIATION__SETCONTEXT, NULL);
246 if (rc)
247 goto out;
248
249 return rc;
250
251not_from_user:
252 rc = security_sid_to_context(sid, &ctx_str, &str_len);
253 if (rc)
254 goto out;
255
256 *ctxp = ctx = kmalloc(sizeof(*ctx) +
257 str_len,
258 GFP_ATOMIC);
259
260 if (!ctx) {
261 rc = -ENOMEM;
262 goto out;
263 }
264
265 ctx->ctx_doi = XFRM_SC_DOI_LSM;
266 ctx->ctx_alg = XFRM_SC_ALG_SELINUX;
267 ctx->ctx_sid = sid;
268 ctx->ctx_len = str_len;
269 memcpy(ctx->ctx_str,
270 ctx_str,
271 str_len);
272
273 goto out2;
274
275out: 245out:
276 *ctxp = NULL; 246 *sid = sid_session;
277 kfree(ctx); 247 return 0;
278out2:
279 kfree(ctx_str);
280 return rc;
281} 248}
282 249
283/* 250/*
284 * LSM hook implementation that allocs and transfers uctx spec to 251 * LSM hook implementation that allocs and transfers uctx spec to xfrm_policy.
285 * xfrm_policy.
286 */ 252 */
287int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, 253int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
288 struct xfrm_user_sec_ctx *uctx) 254 struct xfrm_user_sec_ctx *uctx)
289{ 255{
290 int err; 256 return selinux_xfrm_alloc_user(ctxp, uctx);
291
292 BUG_ON(!uctx);
293
294 err = selinux_xfrm_sec_ctx_alloc(ctxp, uctx, 0);
295 if (err == 0)
296 atomic_inc(&selinux_xfrm_refcount);
297
298 return err;
299} 257}
300 258
301
302/* 259/*
303 * LSM hook implementation that copies security data structure from old to 260 * LSM hook implementation that copies security data structure from old to new
304 * new for policy cloning. 261 * for policy cloning.
305 */ 262 */
306int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, 263int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
307 struct xfrm_sec_ctx **new_ctxp) 264 struct xfrm_sec_ctx **new_ctxp)
308{ 265{
309 struct xfrm_sec_ctx *new_ctx; 266 struct xfrm_sec_ctx *new_ctx;
310 267
311 if (old_ctx) { 268 if (!old_ctx)
312 new_ctx = kmalloc(sizeof(*old_ctx) + old_ctx->ctx_len, 269 return 0;
313 GFP_ATOMIC); 270
314 if (!new_ctx) 271 new_ctx = kmemdup(old_ctx, sizeof(*old_ctx) + old_ctx->ctx_len,
315 return -ENOMEM; 272 GFP_ATOMIC);
273 if (!new_ctx)
274 return -ENOMEM;
275 atomic_inc(&selinux_xfrm_refcount);
276 *new_ctxp = new_ctx;
316 277
317 memcpy(new_ctx, old_ctx, sizeof(*new_ctx));
318 memcpy(new_ctx->ctx_str, old_ctx->ctx_str, new_ctx->ctx_len);
319 atomic_inc(&selinux_xfrm_refcount);
320 *new_ctxp = new_ctx;
321 }
322 return 0; 278 return 0;
323} 279}
324 280
@@ -327,8 +283,7 @@ int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
327 */ 283 */
328void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx) 284void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
329{ 285{
330 atomic_dec(&selinux_xfrm_refcount); 286 selinux_xfrm_free(ctx);
331 kfree(ctx);
332} 287}
333 288
334/* 289/*
@@ -336,31 +291,55 @@ void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
336 */ 291 */
337int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) 292int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
338{ 293{
339 const struct task_security_struct *tsec = current_security(); 294 return selinux_xfrm_delete(ctx);
340 295}
341 if (!ctx)
342 return 0;
343 296
344 return avc_has_perm(tsec->sid, ctx->ctx_sid, 297/*
345 SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, 298 * LSM hook implementation that allocates a xfrm_sec_state, populates it using
346 NULL); 299 * the supplied security context, and assigns it to the xfrm_state.
300 */
301int selinux_xfrm_state_alloc(struct xfrm_state *x,
302 struct xfrm_user_sec_ctx *uctx)
303{
304 return selinux_xfrm_alloc_user(&x->security, uctx);
347} 305}
348 306
349/* 307/*
350 * LSM hook implementation that allocs and transfers sec_ctx spec to 308 * LSM hook implementation that allocates a xfrm_sec_state and populates based
351 * xfrm_state. 309 * on a secid.
352 */ 310 */
353int selinux_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *uctx, 311int selinux_xfrm_state_alloc_acquire(struct xfrm_state *x,
354 u32 secid) 312 struct xfrm_sec_ctx *polsec, u32 secid)
355{ 313{
356 int err; 314 int rc;
315 struct xfrm_sec_ctx *ctx;
316 char *ctx_str = NULL;
317 int str_len;
318
319 if (!polsec)
320 return 0;
357 321
358 BUG_ON(!x); 322 if (secid == 0)
323 return -EINVAL;
359 324
360 err = selinux_xfrm_sec_ctx_alloc(&x->security, uctx, secid); 325 rc = security_sid_to_context(secid, &ctx_str, &str_len);
361 if (err == 0) 326 if (rc)
362 atomic_inc(&selinux_xfrm_refcount); 327 return rc;
363 return err; 328
329 ctx = kmalloc(sizeof(*ctx) + str_len, GFP_ATOMIC);
330 if (!ctx)
331 return -ENOMEM;
332
333 ctx->ctx_doi = XFRM_SC_DOI_LSM;
334 ctx->ctx_alg = XFRM_SC_ALG_SELINUX;
335 ctx->ctx_sid = secid;
336 ctx->ctx_len = str_len;
337 memcpy(ctx->ctx_str, ctx_str, str_len);
338 kfree(ctx_str);
339
340 x->security = ctx;
341 atomic_inc(&selinux_xfrm_refcount);
342 return 0;
364} 343}
365 344
366/* 345/*
@@ -368,24 +347,15 @@ int selinux_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *uct
368 */ 347 */
369void selinux_xfrm_state_free(struct xfrm_state *x) 348void selinux_xfrm_state_free(struct xfrm_state *x)
370{ 349{
371 atomic_dec(&selinux_xfrm_refcount); 350 selinux_xfrm_free(x->security);
372 kfree(x->security);
373} 351}
374 352
375 /* 353/*
376 * LSM hook implementation that authorizes deletion of labeled SAs. 354 * LSM hook implementation that authorizes deletion of labeled SAs.
377 */ 355 */
378int selinux_xfrm_state_delete(struct xfrm_state *x) 356int selinux_xfrm_state_delete(struct xfrm_state *x)
379{ 357{
380 const struct task_security_struct *tsec = current_security(); 358 return selinux_xfrm_delete(x->security);
381 struct xfrm_sec_ctx *ctx = x->security;
382
383 if (!ctx)
384 return 0;
385
386 return avc_has_perm(tsec->sid, ctx->ctx_sid,
387 SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT,
388 NULL);
389} 359}
390 360
391/* 361/*
@@ -395,14 +365,12 @@ int selinux_xfrm_state_delete(struct xfrm_state *x)
395 * we need to check for unlabelled access since this may not have 365 * we need to check for unlabelled access since this may not have
396 * gone thru the IPSec process. 366 * gone thru the IPSec process.
397 */ 367 */
398int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb, 368int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
399 struct common_audit_data *ad) 369 struct common_audit_data *ad)
400{ 370{
401 int i, rc = 0; 371 int i;
402 struct sec_path *sp; 372 struct sec_path *sp = skb->sp;
403 u32 sel_sid = SECINITSID_UNLABELED; 373 u32 peer_sid = SECINITSID_UNLABELED;
404
405 sp = skb->sp;
406 374
407 if (sp) { 375 if (sp) {
408 for (i = 0; i < sp->len; i++) { 376 for (i = 0; i < sp->len; i++) {
@@ -410,23 +378,17 @@ int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
410 378
411 if (x && selinux_authorizable_xfrm(x)) { 379 if (x && selinux_authorizable_xfrm(x)) {
412 struct xfrm_sec_ctx *ctx = x->security; 380 struct xfrm_sec_ctx *ctx = x->security;
413 sel_sid = ctx->ctx_sid; 381 peer_sid = ctx->ctx_sid;
414 break; 382 break;
415 } 383 }
416 } 384 }
417 } 385 }
418 386
419 /* 387 /* This check even when there's no association involved is intended,
420 * This check even when there's no association involved is 388 * according to Trent Jaeger, to make sure a process can't engage in
421 * intended, according to Trent Jaeger, to make sure a 389 * non-IPsec communication unless explicitly allowed by policy. */
422 * process can't engage in non-ipsec communication unless 390 return avc_has_perm(sk_sid, peer_sid,
423 * explicitly allowed by policy. 391 SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, ad);
424 */
425
426 rc = avc_has_perm(isec_sid, sel_sid, SECCLASS_ASSOCIATION,
427 ASSOCIATION__RECVFROM, ad);
428
429 return rc;
430} 392}
431 393
432/* 394/*
@@ -436,49 +398,38 @@ int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
436 * If we do have a authorizable security association, then it has already been 398 * If we do have a authorizable security association, then it has already been
437 * checked in the selinux_xfrm_state_pol_flow_match hook above. 399 * checked in the selinux_xfrm_state_pol_flow_match hook above.
438 */ 400 */
439int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb, 401int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb,
440 struct common_audit_data *ad, u8 proto) 402 struct common_audit_data *ad, u8 proto)
441{ 403{
442 struct dst_entry *dst; 404 struct dst_entry *dst;
443 int rc = 0;
444
445 dst = skb_dst(skb);
446
447 if (dst) {
448 struct dst_entry *dst_test;
449
450 for (dst_test = dst; dst_test != NULL;
451 dst_test = dst_test->child) {
452 struct xfrm_state *x = dst_test->xfrm;
453
454 if (x && selinux_authorizable_xfrm(x))
455 goto out;
456 }
457 }
458 405
459 switch (proto) { 406 switch (proto) {
460 case IPPROTO_AH: 407 case IPPROTO_AH:
461 case IPPROTO_ESP: 408 case IPPROTO_ESP:
462 case IPPROTO_COMP: 409 case IPPROTO_COMP:
463 /* 410 /* We should have already seen this packet once before it
464 * We should have already seen this packet once before 411 * underwent xfrm(s). No need to subject it to the unlabeled
465 * it underwent xfrm(s). No need to subject it to the 412 * check. */
466 * unlabeled check. 413 return 0;
467 */
468 goto out;
469 default: 414 default:
470 break; 415 break;
471 } 416 }
472 417
473 /* 418 dst = skb_dst(skb);
474 * This check even when there's no association involved is 419 if (dst) {
475 * intended, according to Trent Jaeger, to make sure a 420 struct dst_entry *iter;
476 * process can't engage in non-ipsec communication unless
477 * explicitly allowed by policy.
478 */
479 421
480 rc = avc_has_perm(isec_sid, SECINITSID_UNLABELED, SECCLASS_ASSOCIATION, 422 for (iter = dst; iter != NULL; iter = iter->child) {
481 ASSOCIATION__SENDTO, ad); 423 struct xfrm_state *x = iter->xfrm;
482out: 424
483 return rc; 425 if (x && selinux_authorizable_xfrm(x))
426 return 0;
427 }
428 }
429
430 /* This check even when there's no association involved is intended,
431 * according to Trent Jaeger, to make sure a process can't engage in
432 * non-IPsec communication unless explicitly allowed by policy. */
433 return avc_has_perm(sk_sid, SECINITSID_UNLABELED,
434 SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, ad);
484} 435}
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 076b8e8a51ab..364cc64fce71 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -177,9 +177,13 @@ struct smk_port_label {
177#define SMACK_CIPSO_MAXCATNUM 184 /* 23 * 8 */ 177#define SMACK_CIPSO_MAXCATNUM 184 /* 23 * 8 */
178 178
179/* 179/*
180 * Flag for transmute access 180 * Flags for untraditional access modes.
181 * It shouldn't be necessary to avoid conflicts with definitions
182 * in fs.h, but do so anyway.
181 */ 183 */
182#define MAY_TRANSMUTE 64 184#define MAY_TRANSMUTE 0x00001000 /* Controls directory labeling */
185#define MAY_LOCK 0x00002000 /* Locks should be writes, but ... */
186
183/* 187/*
184 * Just to make the common cases easier to deal with 188 * Just to make the common cases easier to deal with
185 */ 189 */
@@ -188,9 +192,9 @@ struct smk_port_label {
188#define MAY_NOT 0 192#define MAY_NOT 0
189 193
190/* 194/*
191 * Number of access types used by Smack (rwxat) 195 * Number of access types used by Smack (rwxatl)
192 */ 196 */
193#define SMK_NUM_ACCESS_TYPE 5 197#define SMK_NUM_ACCESS_TYPE 6
194 198
195/* SMACK data */ 199/* SMACK data */
196struct smack_audit_data { 200struct smack_audit_data {
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index b3b59b1e93d6..14293cd9b1e5 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -84,6 +84,8 @@ int log_policy = SMACK_AUDIT_DENIED;
84 * 84 *
85 * Do the object check first because that is more 85 * Do the object check first because that is more
86 * likely to differ. 86 * likely to differ.
87 *
88 * Allowing write access implies allowing locking.
87 */ 89 */
88int smk_access_entry(char *subject_label, char *object_label, 90int smk_access_entry(char *subject_label, char *object_label,
89 struct list_head *rule_list) 91 struct list_head *rule_list)
@@ -99,6 +101,11 @@ int smk_access_entry(char *subject_label, char *object_label,
99 } 101 }
100 } 102 }
101 103
104 /*
105 * MAY_WRITE implies MAY_LOCK.
106 */
107 if ((may & MAY_WRITE) == MAY_WRITE)
108 may |= MAY_LOCK;
102 return may; 109 return may;
103} 110}
104 111
@@ -245,6 +252,7 @@ out_audit:
245static inline void smack_str_from_perm(char *string, int access) 252static inline void smack_str_from_perm(char *string, int access)
246{ 253{
247 int i = 0; 254 int i = 0;
255
248 if (access & MAY_READ) 256 if (access & MAY_READ)
249 string[i++] = 'r'; 257 string[i++] = 'r';
250 if (access & MAY_WRITE) 258 if (access & MAY_WRITE)
@@ -255,6 +263,8 @@ static inline void smack_str_from_perm(char *string, int access)
255 string[i++] = 'a'; 263 string[i++] = 'a';
256 if (access & MAY_TRANSMUTE) 264 if (access & MAY_TRANSMUTE)
257 string[i++] = 't'; 265 string[i++] = 't';
266 if (access & MAY_LOCK)
267 string[i++] = 'l';
258 string[i] = '\0'; 268 string[i] = '\0';
259} 269}
260/** 270/**
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 8825375cc031..b0be893ad44d 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -185,7 +185,7 @@ static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
185 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); 185 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
186 smk_ad_setfield_u_tsk(&ad, ctp); 186 smk_ad_setfield_u_tsk(&ad, ctp);
187 187
188 rc = smk_curacc(skp->smk_known, MAY_READWRITE, &ad); 188 rc = smk_curacc(skp->smk_known, mode, &ad);
189 return rc; 189 return rc;
190} 190}
191 191
@@ -1146,7 +1146,7 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd,
1146 * @file: the object 1146 * @file: the object
1147 * @cmd: unused 1147 * @cmd: unused
1148 * 1148 *
1149 * Returns 0 if current has write access, error code otherwise 1149 * Returns 0 if current has lock access, error code otherwise
1150 */ 1150 */
1151static int smack_file_lock(struct file *file, unsigned int cmd) 1151static int smack_file_lock(struct file *file, unsigned int cmd)
1152{ 1152{
@@ -1154,7 +1154,7 @@ static int smack_file_lock(struct file *file, unsigned int cmd)
1154 1154
1155 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1155 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1156 smk_ad_setfield_u_fs_path(&ad, file->f_path); 1156 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1157 return smk_curacc(file->f_security, MAY_WRITE, &ad); 1157 return smk_curacc(file->f_security, MAY_LOCK, &ad);
1158} 1158}
1159 1159
1160/** 1160/**
@@ -1178,8 +1178,13 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd,
1178 1178
1179 switch (cmd) { 1179 switch (cmd) {
1180 case F_GETLK: 1180 case F_GETLK:
1181 break;
1181 case F_SETLK: 1182 case F_SETLK:
1182 case F_SETLKW: 1183 case F_SETLKW:
1184 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1185 smk_ad_setfield_u_fs_path(&ad, file->f_path);
1186 rc = smk_curacc(file->f_security, MAY_LOCK, &ad);
1187 break;
1183 case F_SETOWN: 1188 case F_SETOWN:
1184 case F_SETSIG: 1189 case F_SETSIG:
1185 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); 1190 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 80f4b4a45725..160aa08e3cd5 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -139,7 +139,7 @@ const char *smack_cipso_option = SMACK_CIPSO_OPTION;
139 * SMK_LOADLEN: Smack rule length 139 * SMK_LOADLEN: Smack rule length
140 */ 140 */
141#define SMK_OACCESS "rwxa" 141#define SMK_OACCESS "rwxa"
142#define SMK_ACCESS "rwxat" 142#define SMK_ACCESS "rwxatl"
143#define SMK_OACCESSLEN (sizeof(SMK_OACCESS) - 1) 143#define SMK_OACCESSLEN (sizeof(SMK_OACCESS) - 1)
144#define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1) 144#define SMK_ACCESSLEN (sizeof(SMK_ACCESS) - 1)
145#define SMK_OLOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN) 145#define SMK_OLOADLEN (SMK_LABELLEN + SMK_LABELLEN + SMK_OACCESSLEN)
@@ -282,6 +282,10 @@ static int smk_perm_from_str(const char *string)
282 case 'T': 282 case 'T':
283 perm |= MAY_TRANSMUTE; 283 perm |= MAY_TRANSMUTE;
284 break; 284 break;
285 case 'l':
286 case 'L':
287 perm |= MAY_LOCK;
288 break;
285 default: 289 default:
286 return perm; 290 return perm;
287 } 291 }
@@ -452,7 +456,7 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
452 /* 456 /*
453 * Minor hack for backward compatibility 457 * Minor hack for backward compatibility
454 */ 458 */
455 if (count != SMK_OLOADLEN && count != SMK_LOADLEN) 459 if (count < SMK_OLOADLEN || count > SMK_LOADLEN)
456 return -EINVAL; 460 return -EINVAL;
457 } else { 461 } else {
458 if (count >= PAGE_SIZE) { 462 if (count >= PAGE_SIZE) {
@@ -592,6 +596,8 @@ static void smk_rule_show(struct seq_file *s, struct smack_rule *srp, int max)
592 seq_putc(s, 'a'); 596 seq_putc(s, 'a');
593 if (srp->smk_access & MAY_TRANSMUTE) 597 if (srp->smk_access & MAY_TRANSMUTE)
594 seq_putc(s, 't'); 598 seq_putc(s, 't');
599 if (srp->smk_access & MAY_LOCK)
600 seq_putc(s, 'l');
595 601
596 seq_putc(s, '\n'); 602 seq_putc(s, '\n');
597} 603}
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-22 17:38:53 -0400