aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys/keyring.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/keys/keyring.c')
-rw-r--r--security/keys/keyring.c231
1 files changed, 159 insertions, 72 deletions
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 0a2b8e916d97..92024ed12e0a 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -26,13 +26,13 @@
26 rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem))) 26 rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))
27 27
28/* 28/*
29 * when plumbing the depths of the key tree, this sets a hard limit set on how 29 * When plumbing the depths of the key tree, this sets a hard limit
30 * deep we're willing to go 30 * set on how deep we're willing to go.
31 */ 31 */
32#define KEYRING_SEARCH_MAX_DEPTH 6 32#define KEYRING_SEARCH_MAX_DEPTH 6
33 33
34/* 34/*
35 * we keep all named keyrings in a hash to speed looking them up 35 * We keep all named keyrings in a hash to speed looking them up.
36 */ 36 */
37#define KEYRING_NAME_HASH_SIZE (1 << 5) 37#define KEYRING_NAME_HASH_SIZE (1 << 5)
38 38
@@ -50,7 +50,9 @@ static inline unsigned keyring_hash(const char *desc)
50} 50}
51 51
52/* 52/*
53 * the keyring type definition 53 * The keyring key type definition. Keyrings are simply keys of this type and
54 * can be treated as ordinary keys in addition to having their own special
55 * operations.
54 */ 56 */
55static int keyring_instantiate(struct key *keyring, 57static int keyring_instantiate(struct key *keyring,
56 const void *data, size_t datalen); 58 const void *data, size_t datalen);
@@ -71,18 +73,17 @@ struct key_type key_type_keyring = {
71 .describe = keyring_describe, 73 .describe = keyring_describe,
72 .read = keyring_read, 74 .read = keyring_read,
73}; 75};
74
75EXPORT_SYMBOL(key_type_keyring); 76EXPORT_SYMBOL(key_type_keyring);
76 77
77/* 78/*
78 * semaphore to serialise link/link calls to prevent two link calls in parallel 79 * Semaphore to serialise link/link calls to prevent two link calls in parallel
79 * introducing a cycle 80 * introducing a cycle.
80 */ 81 */
81static DECLARE_RWSEM(keyring_serialise_link_sem); 82static DECLARE_RWSEM(keyring_serialise_link_sem);
82 83
83/* 84/*
84 * publish the name of a keyring so that it can be found by name (if it has 85 * Publish the name of a keyring so that it can be found by name (if it has
85 * one) 86 * one).
86 */ 87 */
87static void keyring_publish_name(struct key *keyring) 88static void keyring_publish_name(struct key *keyring)
88{ 89{
@@ -104,8 +105,9 @@ static void keyring_publish_name(struct key *keyring)
104} 105}
105 106
106/* 107/*
107 * initialise a keyring 108 * Initialise a keyring.
108 * - we object if we were given any data 109 *
110 * Returns 0 on success, -EINVAL if given any data.
109 */ 111 */
110static int keyring_instantiate(struct key *keyring, 112static int keyring_instantiate(struct key *keyring,
111 const void *data, size_t datalen) 113 const void *data, size_t datalen)
@@ -123,7 +125,7 @@ static int keyring_instantiate(struct key *keyring,
123} 125}
124 126
125/* 127/*
126 * match keyrings on their name 128 * Match keyrings on their name
127 */ 129 */
128static int keyring_match(const struct key *keyring, const void *description) 130static int keyring_match(const struct key *keyring, const void *description)
129{ 131{
@@ -132,7 +134,8 @@ static int keyring_match(const struct key *keyring, const void *description)
132} 134}
133 135
134/* 136/*
135 * dispose of the data dangling from the corpse of a keyring 137 * Clean up a keyring when it is destroyed. Unpublish its name if it had one
138 * and dispose of its data.
136 */ 139 */
137static void keyring_destroy(struct key *keyring) 140static void keyring_destroy(struct key *keyring)
138{ 141{
@@ -160,7 +163,7 @@ static void keyring_destroy(struct key *keyring)
160} 163}
161 164
162/* 165/*
163 * describe the keyring 166 * Describe a keyring for /proc.
164 */ 167 */
165static void keyring_describe(const struct key *keyring, struct seq_file *m) 168static void keyring_describe(const struct key *keyring, struct seq_file *m)
166{ 169{
@@ -181,8 +184,9 @@ static void keyring_describe(const struct key *keyring, struct seq_file *m)
181} 184}
182 185
183/* 186/*
184 * read a list of key IDs from the keyring's contents 187 * Read a list of key IDs from the keyring's contents in binary form
185 * - the keyring's semaphore is read-locked 188 *
189 * The keyring's semaphore is read-locked by the caller.
186 */ 190 */
187static long keyring_read(const struct key *keyring, 191static long keyring_read(const struct key *keyring,
188 char __user *buffer, size_t buflen) 192 char __user *buffer, size_t buflen)
@@ -233,7 +237,7 @@ error:
233} 237}
234 238
235/* 239/*
236 * allocate a keyring and link into the destination keyring 240 * Allocate a keyring and link into the destination keyring.
237 */ 241 */
238struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, 242struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
239 const struct cred *cred, unsigned long flags, 243 const struct cred *cred, unsigned long flags,
@@ -258,16 +262,40 @@ struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
258 return keyring; 262 return keyring;
259} 263}
260 264
261/* 265/**
262 * search the supplied keyring tree for a key that matches the criterion 266 * keyring_search_aux - Search a keyring tree for a key matching some criteria
263 * - perform a breadth-then-depth search up to the prescribed limit 267 * @keyring_ref: A pointer to the keyring with possession indicator.
264 * - we only find keys on which we have search permission 268 * @cred: The credentials to use for permissions checks.
265 * - we use the supplied match function to see if the description (or other 269 * @type: The type of key to search for.
266 * feature of interest) matches 270 * @description: Parameter for @match.
267 * - we rely on RCU to prevent the keyring lists from disappearing on us 271 * @match: Function to rule on whether or not a key is the one required.
268 * - we return -EAGAIN if we didn't find any matching key 272 *
269 * - we return -ENOKEY if we only found negative matching keys 273 * Search the supplied keyring tree for a key that matches the criteria given.
270 * - we propagate the possession attribute from the keyring ref to the key ref 274 * The root keyring and any linked keyrings must grant Search permission to the
275 * caller to be searchable and keys can only be found if they too grant Search
276 * to the caller. The possession flag on the root keyring pointer controls use
277 * of the possessor bits in permissions checking of the entire tree. In
278 * addition, the LSM gets to forbid keyring searches and key matches.
279 *
280 * The search is performed as a breadth-then-depth search up to the prescribed
281 * limit (KEYRING_SEARCH_MAX_DEPTH).
282 *
283 * Keys are matched to the type provided and are then filtered by the match
284 * function, which is given the description to use in any way it sees fit. The
285 * match function may use any attributes of a key that it wishes to to
286 * determine the match. Normally the match function from the key type would be
287 * used.
288 *
289 * RCU is used to prevent the keyring key lists from disappearing without the
290 * need to take lots of locks.
291 *
292 * Returns a pointer to the found key and increments the key usage count if
293 * successful; -EAGAIN if no matching keys were found, or if expired or revoked
294 * keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the
295 * specified keyring wasn't a keyring.
296 *
297 * In the case of a successful return, the possession attribute from
298 * @keyring_ref is propagated to the returned key reference.
271 */ 299 */
272key_ref_t keyring_search_aux(key_ref_t keyring_ref, 300key_ref_t keyring_search_aux(key_ref_t keyring_ref,
273 const struct cred *cred, 301 const struct cred *cred,
@@ -431,13 +459,14 @@ error:
431 return key_ref; 459 return key_ref;
432} 460}
433 461
434/* 462/**
435 * search the supplied keyring tree for a key that matches the criterion 463 * keyring_search - Search the supplied keyring tree for a matching key
436 * - perform a breadth-then-depth search up to the prescribed limit 464 * @keyring: The root of the keyring tree to be searched.
437 * - we only find keys on which we have search permission 465 * @type: The type of keyring we want to find.
438 * - we readlock the keyrings as we search down the tree 466 * @description: The name of the keyring we want to find.
439 * - we return -EAGAIN if we didn't find any matching key 467 *
440 * - we return -ENOKEY if we only found negative matching keys 468 * As keyring_search_aux() above, but using the current task's credentials and
469 * type's default matching function.
441 */ 470 */
442key_ref_t keyring_search(key_ref_t keyring, 471key_ref_t keyring_search(key_ref_t keyring,
443 struct key_type *type, 472 struct key_type *type,
@@ -449,13 +478,22 @@ key_ref_t keyring_search(key_ref_t keyring,
449 return keyring_search_aux(keyring, current->cred, 478 return keyring_search_aux(keyring, current->cred,
450 type, description, type->match); 479 type, description, type->match);
451} 480}
452
453EXPORT_SYMBOL(keyring_search); 481EXPORT_SYMBOL(keyring_search);
454 482
455/* 483/*
456 * search the given keyring only (no recursion) 484 * Search the given keyring only (no recursion).
457 * - keyring must be locked by caller 485 *
458 * - caller must guarantee that the keyring is a keyring 486 * The caller must guarantee that the keyring is a keyring and that the
487 * permission is granted to search the keyring as no check is made here.
488 *
489 * RCU is used to make it unnecessary to lock the keyring key list here.
490 *
491 * Returns a pointer to the found key with usage count incremented if
492 * successful and returns -ENOKEY if not found. Revoked keys and keys not
493 * providing the requested permission are skipped over.
494 *
495 * If successful, the possession indicator is propagated from the keyring ref
496 * to the returned key reference.
459 */ 497 */
460key_ref_t __keyring_search_one(key_ref_t keyring_ref, 498key_ref_t __keyring_search_one(key_ref_t keyring_ref,
461 const struct key_type *ktype, 499 const struct key_type *ktype,
@@ -498,9 +536,15 @@ found:
498} 536}
499 537
500/* 538/*
501 * find a keyring with the specified name 539 * Find a keyring with the specified name.
502 * - all named keyrings are searched 540 *
503 * - normally only finds keyrings with search permission for the current process 541 * All named keyrings in the current user namespace are searched, provided they
542 * grant Search permission directly to the caller (unless this check is
543 * skipped). Keyrings whose usage points have reached zero or who have been
544 * revoked are skipped.
545 *
546 * Returns a pointer to the keyring with the keyring's refcount having being
547 * incremented on success. -ENOKEY is returned if a key could not be found.
504 */ 548 */
505struct key *find_keyring_by_name(const char *name, bool skip_perm_check) 549struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
506{ 550{
@@ -551,10 +595,11 @@ out:
551} 595}
552 596
553/* 597/*
554 * see if a cycle will will be created by inserting acyclic tree B in acyclic 598 * See if a cycle will will be created by inserting acyclic tree B in acyclic
555 * tree A at the topmost level (ie: as a direct child of A) 599 * tree A at the topmost level (ie: as a direct child of A).
556 * - since we are adding B to A at the top level, checking for cycles should 600 *
557 * just be a matter of seeing if node A is somewhere in tree B 601 * Since we are adding B to A at the top level, checking for cycles should just
602 * be a matter of seeing if node A is somewhere in tree B.
558 */ 603 */
559static int keyring_detect_cycle(struct key *A, struct key *B) 604static int keyring_detect_cycle(struct key *A, struct key *B)
560{ 605{
@@ -637,7 +682,7 @@ cycle_detected:
637} 682}
638 683
639/* 684/*
640 * dispose of a keyring list after the RCU grace period, freeing the unlinked 685 * Dispose of a keyring list after the RCU grace period, freeing the unlinked
641 * key 686 * key
642 */ 687 */
643static void keyring_unlink_rcu_disposal(struct rcu_head *rcu) 688static void keyring_unlink_rcu_disposal(struct rcu_head *rcu)
@@ -651,7 +696,7 @@ static void keyring_unlink_rcu_disposal(struct rcu_head *rcu)
651} 696}
652 697
653/* 698/*
654 * preallocate memory so that a key can be linked into to a keyring 699 * Preallocate memory so that a key can be linked into to a keyring.
655 */ 700 */
656int __key_link_begin(struct key *keyring, const struct key_type *type, 701int __key_link_begin(struct key *keyring, const struct key_type *type,
657 const char *description, 702 const char *description,
@@ -768,10 +813,10 @@ error_krsem:
768} 813}
769 814
770/* 815/*
771 * check already instantiated keys aren't going to be a problem 816 * Check already instantiated keys aren't going to be a problem.
772 * - the caller must have called __key_link_begin() 817 *
773 * - don't need to call this for keys that were created since __key_link_begin() 818 * The caller must have called __key_link_begin(). Don't need to call this for
774 * was called 819 * keys that were created since __key_link_begin() was called.
775 */ 820 */
776int __key_link_check_live_key(struct key *keyring, struct key *key) 821int __key_link_check_live_key(struct key *keyring, struct key *key)
777{ 822{
@@ -783,9 +828,12 @@ int __key_link_check_live_key(struct key *keyring, struct key *key)
783} 828}
784 829
785/* 830/*
786 * link a key into to a keyring 831 * Link a key into to a keyring.
787 * - must be called with __key_link_begin() having being called 832 *
788 * - discard already extant link to matching key if there is one 833 * Must be called with __key_link_begin() having being called. Discards any
834 * already extant link to matching key if there is one, so that each keyring
835 * holds at most one link to any given key of a particular type+description
836 * combination.
789 */ 837 */
790void __key_link(struct key *keyring, struct key *key, 838void __key_link(struct key *keyring, struct key *key,
791 struct keyring_list **_prealloc) 839 struct keyring_list **_prealloc)
@@ -828,8 +876,9 @@ void __key_link(struct key *keyring, struct key *key,
828} 876}
829 877
830/* 878/*
831 * finish linking a key into to a keyring 879 * Finish linking a key into to a keyring.
832 * - must be called with __key_link_begin() having being called 880 *
881 * Must be called with __key_link_begin() having being called.
833 */ 882 */
834void __key_link_end(struct key *keyring, struct key_type *type, 883void __key_link_end(struct key *keyring, struct key_type *type,
835 struct keyring_list *prealloc) 884 struct keyring_list *prealloc)
@@ -850,8 +899,25 @@ void __key_link_end(struct key *keyring, struct key_type *type,
850 up_write(&keyring->sem); 899 up_write(&keyring->sem);
851} 900}
852 901
853/* 902/**
854 * link a key to a keyring 903 * key_link - Link a key to a keyring
904 * @keyring: The keyring to make the link in.
905 * @key: The key to link to.
906 *
907 * Make a link in a keyring to a key, such that the keyring holds a reference
908 * on that key and the key can potentially be found by searching that keyring.
909 *
910 * This function will write-lock the keyring's semaphore and will consume some
911 * of the user's key data quota to hold the link.
912 *
913 * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring,
914 * -EKEYREVOKED if the keyring has been revoked, -ENFILE if the keyring is
915 * full, -EDQUOT if there is insufficient key data quota remaining to add
916 * another link or -ENOMEM if there's insufficient memory.
917 *
918 * It is assumed that the caller has checked that it is permitted for a link to
919 * be made (the keyring should have Write permission and the key Link
920 * permission).
855 */ 921 */
856int key_link(struct key *keyring, struct key *key) 922int key_link(struct key *keyring, struct key *key)
857{ 923{
@@ -871,11 +937,24 @@ int key_link(struct key *keyring, struct key *key)
871 937
872 return ret; 938 return ret;
873} 939}
874
875EXPORT_SYMBOL(key_link); 940EXPORT_SYMBOL(key_link);
876 941
877/* 942/**
878 * unlink the first link to a key from a keyring 943 * key_unlink - Unlink the first link to a key from a keyring.
944 * @keyring: The keyring to remove the link from.
945 * @key: The key the link is to.
946 *
947 * Remove a link from a keyring to a key.
948 *
949 * This function will write-lock the keyring's semaphore.
950 *
951 * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring, -ENOENT if
952 * the key isn't linked to by the keyring or -ENOMEM if there's insufficient
953 * memory.
954 *
955 * It is assumed that the caller has checked that it is permitted for a link to
956 * be removed (the keyring should have Write permission; no permissions are
957 * required on the key).
879 */ 958 */
880int key_unlink(struct key *keyring, struct key *key) 959int key_unlink(struct key *keyring, struct key *key)
881{ 960{
@@ -944,12 +1023,11 @@ nomem:
944 up_write(&keyring->sem); 1023 up_write(&keyring->sem);
945 goto error; 1024 goto error;
946} 1025}
947
948EXPORT_SYMBOL(key_unlink); 1026EXPORT_SYMBOL(key_unlink);
949 1027
950/* 1028/*
951 * dispose of a keyring list after the RCU grace period, releasing the keys it 1029 * Dispose of a keyring list after the RCU grace period, releasing the keys it
952 * links to 1030 * links to.
953 */ 1031 */
954static void keyring_clear_rcu_disposal(struct rcu_head *rcu) 1032static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
955{ 1033{
@@ -964,9 +1042,13 @@ static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
964 kfree(klist); 1042 kfree(klist);
965} 1043}
966 1044
967/* 1045/**
968 * clear the specified process keyring 1046 * keyring_clear - Clear a keyring
969 * - implements keyctl(KEYCTL_CLEAR) 1047 * @keyring: The keyring to clear.
1048 *
1049 * Clear the contents of the specified keyring.
1050 *
1051 * Returns 0 if successful or -ENOTDIR if the keyring isn't a keyring.
970 */ 1052 */
971int keyring_clear(struct key *keyring) 1053int keyring_clear(struct key *keyring)
972{ 1054{
@@ -999,12 +1081,12 @@ int keyring_clear(struct key *keyring)
999 1081
1000 return ret; 1082 return ret;
1001} 1083}
1002
1003EXPORT_SYMBOL(keyring_clear); 1084EXPORT_SYMBOL(keyring_clear);
1004 1085
1005/* 1086/*
1006 * dispose of the links from a revoked keyring 1087 * Dispose of the links from a revoked keyring.
1007 * - called with the key sem write-locked 1088 *
1089 * This is called with the key sem write-locked.
1008 */ 1090 */
1009static void keyring_revoke(struct key *keyring) 1091static void keyring_revoke(struct key *keyring)
1010{ 1092{
@@ -1022,7 +1104,7 @@ static void keyring_revoke(struct key *keyring)
1022} 1104}
1023 1105
1024/* 1106/*
1025 * Determine whether a key is dead 1107 * Determine whether a key is dead.
1026 */ 1108 */
1027static bool key_is_dead(struct key *key, time_t limit) 1109static bool key_is_dead(struct key *key, time_t limit)
1028{ 1110{
@@ -1031,7 +1113,12 @@ static bool key_is_dead(struct key *key, time_t limit)
1031} 1113}
1032 1114
1033/* 1115/*
1034 * Collect garbage from the contents of a keyring 1116 * Collect garbage from the contents of a keyring, replacing the old list with
1117 * a new one with the pointers all shuffled down.
1118 *
1119 * Dead keys are classed as oned that are flagged as being dead or are revoked,
1120 * expired or negative keys that were revoked or expired before the specified
1121 * limit.
1035 */ 1122 */
1036void keyring_gc(struct key *keyring, time_t limit) 1123void keyring_gc(struct key *keyring, time_t limit)
1037{ 1124{