aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys
diff options
context:
space:
mode:
Diffstat (limited to 'security/keys')
-rw-r--r--security/keys/Kconfig29
-rw-r--r--security/keys/Makefile2
-rw-r--r--security/keys/big_key.c207
-rw-r--r--security/keys/compat.c3
-rw-r--r--security/keys/gc.c47
-rw-r--r--security/keys/internal.h74
-rw-r--r--security/keys/key.c110
-rw-r--r--security/keys/keyctl.c3
-rw-r--r--security/keys/keyring.c1535
-rw-r--r--security/keys/persistent.c167
-rw-r--r--security/keys/proc.c17
-rw-r--r--security/keys/process_keys.c141
-rw-r--r--security/keys/request_key.c60
-rw-r--r--security/keys/request_key_auth.c31
-rw-r--r--security/keys/sysctl.c11
-rw-r--r--security/keys/user_defined.c18
16 files changed, 1479 insertions, 976 deletions
diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index a90d6d300dbd..a4f3f8c48d6e 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -4,6 +4,7 @@
4 4
5config KEYS 5config KEYS
6 bool "Enable access key retention support" 6 bool "Enable access key retention support"
7 select ASSOCIATIVE_ARRAY
7 help 8 help
8 This option provides support for retaining authentication tokens and 9 This option provides support for retaining authentication tokens and
9 access keys in the kernel. 10 access keys in the kernel.
@@ -19,6 +20,34 @@ config KEYS
19 20
20 If you are unsure as to whether this is required, answer N. 21 If you are unsure as to whether this is required, answer N.
21 22
23config PERSISTENT_KEYRINGS
24 bool "Enable register of persistent per-UID keyrings"
25 depends on KEYS
26 help
27 This option provides a register of persistent per-UID keyrings,
28 primarily aimed at Kerberos key storage. The keyrings are persistent
29 in the sense that they stay around after all processes of that UID
30 have exited, not that they survive the machine being rebooted.
31
32 A particular keyring may be accessed by either the user whose keyring
33 it is or by a process with administrative privileges. The active
34 LSMs gets to rule on which admin-level processes get to access the
35 cache.
36
37 Keyrings are created and added into the register upon demand and get
38 removed if they expire (a default timeout is set upon creation).
39
40config BIG_KEYS
41 bool "Large payload keys"
42 depends on KEYS
43 depends on TMPFS
44 help
45 This option provides support for holding large keys within the kernel
46 (for example Kerberos ticket caches). The data may be stored out to
47 swapspace by tmpfs.
48
49 If you are unsure as to whether this is required, answer N.
50
22config TRUSTED_KEYS 51config TRUSTED_KEYS
23 tristate "TRUSTED KEYS" 52 tristate "TRUSTED KEYS"
24 depends on KEYS && TCG_TPM 53 depends on KEYS && TCG_TPM
diff --git a/security/keys/Makefile b/security/keys/Makefile
index 504aaa008388..dfb3a7bededf 100644
--- a/security/keys/Makefile
+++ b/security/keys/Makefile
@@ -18,9 +18,11 @@ obj-y := \
18obj-$(CONFIG_KEYS_COMPAT) += compat.o 18obj-$(CONFIG_KEYS_COMPAT) += compat.o
19obj-$(CONFIG_PROC_FS) += proc.o 19obj-$(CONFIG_PROC_FS) += proc.o
20obj-$(CONFIG_SYSCTL) += sysctl.o 20obj-$(CONFIG_SYSCTL) += sysctl.o
21obj-$(CONFIG_PERSISTENT_KEYRINGS) += persistent.o
21 22
22# 23#
23# Key types 24# Key types
24# 25#
26obj-$(CONFIG_BIG_KEYS) += big_key.o
25obj-$(CONFIG_TRUSTED_KEYS) += trusted.o 27obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
26obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys/ 28obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys/
diff --git a/security/keys/big_key.c b/security/keys/big_key.c
new file mode 100644
index 000000000000..8137b27d641d
--- /dev/null
+++ b/security/keys/big_key.c
@@ -0,0 +1,207 @@
1/* Large capacity key type
2 *
3 * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/seq_file.h>
15#include <linux/file.h>
16#include <linux/shmem_fs.h>
17#include <linux/err.h>
18#include <keys/user-type.h>
19#include <keys/big_key-type.h>
20
21MODULE_LICENSE("GPL");
22
23/*
24 * If the data is under this limit, there's no point creating a shm file to
25 * hold it as the permanently resident metadata for the shmem fs will be at
26 * least as large as the data.
27 */
28#define BIG_KEY_FILE_THRESHOLD (sizeof(struct inode) + sizeof(struct dentry))
29
30/*
31 * big_key defined keys take an arbitrary string as the description and an
32 * arbitrary blob of data as the payload
33 */
34struct key_type key_type_big_key = {
35 .name = "big_key",
36 .def_lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
37 .instantiate = big_key_instantiate,
38 .match = user_match,
39 .revoke = big_key_revoke,
40 .destroy = big_key_destroy,
41 .describe = big_key_describe,
42 .read = big_key_read,
43};
44
45/*
46 * Instantiate a big key
47 */
48int big_key_instantiate(struct key *key, struct key_preparsed_payload *prep)
49{
50 struct path *path = (struct path *)&key->payload.data2;
51 struct file *file;
52 ssize_t written;
53 size_t datalen = prep->datalen;
54 int ret;
55
56 ret = -EINVAL;
57 if (datalen <= 0 || datalen > 1024 * 1024 || !prep->data)
58 goto error;
59
60 /* Set an arbitrary quota */
61 ret = key_payload_reserve(key, 16);
62 if (ret < 0)
63 goto error;
64
65 key->type_data.x[1] = datalen;
66
67 if (datalen > BIG_KEY_FILE_THRESHOLD) {
68 /* Create a shmem file to store the data in. This will permit the data
69 * to be swapped out if needed.
70 *
71 * TODO: Encrypt the stored data with a temporary key.
72 */
73 file = shmem_kernel_file_setup("", datalen, 0);
74 if (IS_ERR(file)) {
75 ret = PTR_ERR(file);
76 goto err_quota;
77 }
78
79 written = kernel_write(file, prep->data, prep->datalen, 0);
80 if (written != datalen) {
81 ret = written;
82 if (written >= 0)
83 ret = -ENOMEM;
84 goto err_fput;
85 }
86
87 /* Pin the mount and dentry to the key so that we can open it again
88 * later
89 */
90 *path = file->f_path;
91 path_get(path);
92 fput(file);
93 } else {
94 /* Just store the data in a buffer */
95 void *data = kmalloc(datalen, GFP_KERNEL);
96 if (!data) {
97 ret = -ENOMEM;
98 goto err_quota;
99 }
100
101 key->payload.data = memcpy(data, prep->data, prep->datalen);
102 }
103 return 0;
104
105err_fput:
106 fput(file);
107err_quota:
108 key_payload_reserve(key, 0);
109error:
110 return ret;
111}
112
113/*
114 * dispose of the links from a revoked keyring
115 * - called with the key sem write-locked
116 */
117void big_key_revoke(struct key *key)
118{
119 struct path *path = (struct path *)&key->payload.data2;
120
121 /* clear the quota */
122 key_payload_reserve(key, 0);
123 if (key_is_instantiated(key) && key->type_data.x[1] > BIG_KEY_FILE_THRESHOLD)
124 vfs_truncate(path, 0);
125}
126
127/*
128 * dispose of the data dangling from the corpse of a big_key key
129 */
130void big_key_destroy(struct key *key)
131{
132 if (key->type_data.x[1] > BIG_KEY_FILE_THRESHOLD) {
133 struct path *path = (struct path *)&key->payload.data2;
134 path_put(path);
135 path->mnt = NULL;
136 path->dentry = NULL;
137 } else {
138 kfree(key->payload.data);
139 key->payload.data = NULL;
140 }
141}
142
143/*
144 * describe the big_key key
145 */
146void big_key_describe(const struct key *key, struct seq_file *m)
147{
148 unsigned long datalen = key->type_data.x[1];
149
150 seq_puts(m, key->description);
151
152 if (key_is_instantiated(key))
153 seq_printf(m, ": %lu [%s]",
154 datalen,
155 datalen > BIG_KEY_FILE_THRESHOLD ? "file" : "buff");
156}
157
158/*
159 * read the key data
160 * - the key's semaphore is read-locked
161 */
162long big_key_read(const struct key *key, char __user *buffer, size_t buflen)
163{
164 unsigned long datalen = key->type_data.x[1];
165 long ret;
166
167 if (!buffer || buflen < datalen)
168 return datalen;
169
170 if (datalen > BIG_KEY_FILE_THRESHOLD) {
171 struct path *path = (struct path *)&key->payload.data2;
172 struct file *file;
173 loff_t pos;
174
175 file = dentry_open(path, O_RDONLY, current_cred());
176 if (IS_ERR(file))
177 return PTR_ERR(file);
178
179 pos = 0;
180 ret = vfs_read(file, buffer, datalen, &pos);
181 fput(file);
182 if (ret >= 0 && ret != datalen)
183 ret = -EIO;
184 } else {
185 ret = datalen;
186 if (copy_to_user(buffer, key->payload.data, datalen) != 0)
187 ret = -EFAULT;
188 }
189
190 return ret;
191}
192
193/*
194 * Module stuff
195 */
196static int __init big_key_init(void)
197{
198 return register_key_type(&key_type_big_key);
199}
200
201static void __exit big_key_cleanup(void)
202{
203 unregister_key_type(&key_type_big_key);
204}
205
206module_init(big_key_init);
207module_exit(big_key_cleanup);
diff --git a/security/keys/compat.c b/security/keys/compat.c
index d65fa7fa29ba..bbd32c729dbb 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -138,6 +138,9 @@ asmlinkage long compat_sys_keyctl(u32 option,
138 case KEYCTL_INVALIDATE: 138 case KEYCTL_INVALIDATE:
139 return keyctl_invalidate_key(arg2); 139 return keyctl_invalidate_key(arg2);
140 140
141 case KEYCTL_GET_PERSISTENT:
142 return keyctl_get_persistent(arg2, arg3);
143
141 default: 144 default:
142 return -EOPNOTSUPP; 145 return -EOPNOTSUPP;
143 } 146 }
diff --git a/security/keys/gc.c b/security/keys/gc.c
index d67c97bb1025..d3222b6d7d59 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -131,50 +131,6 @@ void key_gc_keytype(struct key_type *ktype)
131} 131}
132 132
133/* 133/*
134 * Garbage collect pointers from a keyring.
135 *
136 * Not called with any locks held. The keyring's key struct will not be
137 * deallocated under us as only our caller may deallocate it.
138 */
139static void key_gc_keyring(struct key *keyring, time_t limit)
140{
141 struct keyring_list *klist;
142 int loop;
143
144 kenter("%x", key_serial(keyring));
145
146 if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) |
147 (1 << KEY_FLAG_REVOKED)))
148 goto dont_gc;
149
150 /* scan the keyring looking for dead keys */
151 rcu_read_lock();
152 klist = rcu_dereference(keyring->payload.subscriptions);
153 if (!klist)
154 goto unlock_dont_gc;
155
156 loop = klist->nkeys;
157 smp_rmb();
158 for (loop--; loop >= 0; loop--) {
159 struct key *key = rcu_dereference(klist->keys[loop]);
160 if (key_is_dead(key, limit))
161 goto do_gc;
162 }
163
164unlock_dont_gc:
165 rcu_read_unlock();
166dont_gc:
167 kleave(" [no gc]");
168 return;
169
170do_gc:
171 rcu_read_unlock();
172
173 keyring_gc(keyring, limit);
174 kleave(" [gc]");
175}
176
177/*
178 * Garbage collect a list of unreferenced, detached keys 134 * Garbage collect a list of unreferenced, detached keys
179 */ 135 */
180static noinline void key_gc_unused_keys(struct list_head *keys) 136static noinline void key_gc_unused_keys(struct list_head *keys)
@@ -392,8 +348,7 @@ found_unreferenced_key:
392 */ 348 */
393found_keyring: 349found_keyring:
394 spin_unlock(&key_serial_lock); 350 spin_unlock(&key_serial_lock);
395 kdebug("scan keyring %d", key->serial); 351 keyring_gc(key, limit);
396 key_gc_keyring(key, limit);
397 goto maybe_resched; 352 goto maybe_resched;
398 353
399 /* We found a dead key that is still referenced. Reset its type and 354 /* We found a dead key that is still referenced. Reset its type and
diff --git a/security/keys/internal.h b/security/keys/internal.h
index d4f1468b9b50..80b2aac4f50c 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -89,42 +89,53 @@ extern struct key_type *key_type_lookup(const char *type);
89extern void key_type_put(struct key_type *ktype); 89extern void key_type_put(struct key_type *ktype);
90 90
91extern int __key_link_begin(struct key *keyring, 91extern int __key_link_begin(struct key *keyring,
92 const struct key_type *type, 92 const struct keyring_index_key *index_key,
93 const char *description, 93 struct assoc_array_edit **_edit);
94 unsigned long *_prealloc);
95extern int __key_link_check_live_key(struct key *keyring, struct key *key); 94extern int __key_link_check_live_key(struct key *keyring, struct key *key);
96extern void __key_link(struct key *keyring, struct key *key, 95extern void __key_link(struct key *key, struct assoc_array_edit **_edit);
97 unsigned long *_prealloc);
98extern void __key_link_end(struct key *keyring, 96extern void __key_link_end(struct key *keyring,
99 struct key_type *type, 97 const struct keyring_index_key *index_key,
100 unsigned long prealloc); 98 struct assoc_array_edit *edit);
101 99
102extern key_ref_t __keyring_search_one(key_ref_t keyring_ref, 100extern key_ref_t find_key_to_update(key_ref_t keyring_ref,
103 const struct key_type *type, 101 const struct keyring_index_key *index_key);
104 const char *description,
105 key_perm_t perm);
106 102
107extern struct key *keyring_search_instkey(struct key *keyring, 103extern struct key *keyring_search_instkey(struct key *keyring,
108 key_serial_t target_id); 104 key_serial_t target_id);
109 105
106extern int iterate_over_keyring(const struct key *keyring,
107 int (*func)(const struct key *key, void *data),
108 void *data);
109
110typedef int (*key_match_func_t)(const struct key *, const void *); 110typedef int (*key_match_func_t)(const struct key *, const void *);
111 111
112struct keyring_search_context {
113 struct keyring_index_key index_key;
114 const struct cred *cred;
115 key_match_func_t match;
116 const void *match_data;
117 unsigned flags;
118#define KEYRING_SEARCH_LOOKUP_TYPE 0x0001 /* [as type->def_lookup_type] */
119#define KEYRING_SEARCH_NO_STATE_CHECK 0x0002 /* Skip state checks */
120#define KEYRING_SEARCH_DO_STATE_CHECK 0x0004 /* Override NO_STATE_CHECK */
121#define KEYRING_SEARCH_NO_UPDATE_TIME 0x0008 /* Don't update times */
122#define KEYRING_SEARCH_NO_CHECK_PERM 0x0010 /* Don't check permissions */
123#define KEYRING_SEARCH_DETECT_TOO_DEEP 0x0020 /* Give an error on excessive depth */
124
125 int (*iterator)(const void *object, void *iterator_data);
126
127 /* Internal stuff */
128 int skipped_ret;
129 bool possessed;
130 key_ref_t result;
131 struct timespec now;
132};
133
112extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, 134extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
113 const struct cred *cred, 135 struct keyring_search_context *ctx);
114 struct key_type *type, 136
115 const void *description, 137extern key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx);
116 key_match_func_t match, 138extern key_ref_t search_process_keyrings(struct keyring_search_context *ctx);
117 bool no_state_check);
118
119extern key_ref_t search_my_process_keyrings(struct key_type *type,
120 const void *description,
121 key_match_func_t match,
122 bool no_state_check,
123 const struct cred *cred);
124extern key_ref_t search_process_keyrings(struct key_type *type,
125 const void *description,
126 key_match_func_t match,
127 const struct cred *cred);
128 139
129extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check); 140extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check);
130 141
@@ -202,7 +213,7 @@ extern struct key *key_get_instantiation_authkey(key_serial_t target_id);
202/* 213/*
203 * Determine whether a key is dead. 214 * Determine whether a key is dead.
204 */ 215 */
205static inline bool key_is_dead(struct key *key, time_t limit) 216static inline bool key_is_dead(const struct key *key, time_t limit)
206{ 217{
207 return 218 return
208 key->flags & ((1 << KEY_FLAG_DEAD) | 219 key->flags & ((1 << KEY_FLAG_DEAD) |
@@ -244,6 +255,15 @@ extern long keyctl_invalidate_key(key_serial_t);
244extern long keyctl_instantiate_key_common(key_serial_t, 255extern long keyctl_instantiate_key_common(key_serial_t,
245 const struct iovec *, 256 const struct iovec *,
246 unsigned, size_t, key_serial_t); 257 unsigned, size_t, key_serial_t);
258#ifdef CONFIG_PERSISTENT_KEYRINGS
259extern long keyctl_get_persistent(uid_t, key_serial_t);
260extern unsigned persistent_keyring_expiry;
261#else
262static inline long keyctl_get_persistent(uid_t uid, key_serial_t destring)
263{
264 return -EOPNOTSUPP;
265}
266#endif
247 267
248/* 268/*
249 * Debugging key validation 269 * Debugging key validation
diff --git a/security/keys/key.c b/security/keys/key.c
index 8fb7c7bd4657..6e21c11e48bc 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -242,8 +242,8 @@ struct key *key_alloc(struct key_type *type, const char *desc,
242 } 242 }
243 } 243 }
244 244
245 desclen = strlen(desc) + 1; 245 desclen = strlen(desc);
246 quotalen = desclen + type->def_datalen; 246 quotalen = desclen + 1 + type->def_datalen;
247 247
248 /* get hold of the key tracking for this user */ 248 /* get hold of the key tracking for this user */
249 user = key_user_lookup(uid); 249 user = key_user_lookup(uid);
@@ -272,12 +272,13 @@ struct key *key_alloc(struct key_type *type, const char *desc,
272 } 272 }
273 273
274 /* allocate and initialise the key and its description */ 274 /* allocate and initialise the key and its description */
275 key = kmem_cache_alloc(key_jar, GFP_KERNEL); 275 key = kmem_cache_zalloc(key_jar, GFP_KERNEL);
276 if (!key) 276 if (!key)
277 goto no_memory_2; 277 goto no_memory_2;
278 278
279 if (desc) { 279 if (desc) {
280 key->description = kmemdup(desc, desclen, GFP_KERNEL); 280 key->index_key.desc_len = desclen;
281 key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL);
281 if (!key->description) 282 if (!key->description)
282 goto no_memory_3; 283 goto no_memory_3;
283 } 284 }
@@ -285,22 +286,18 @@ struct key *key_alloc(struct key_type *type, const char *desc,
285 atomic_set(&key->usage, 1); 286 atomic_set(&key->usage, 1);
286 init_rwsem(&key->sem); 287 init_rwsem(&key->sem);
287 lockdep_set_class(&key->sem, &type->lock_class); 288 lockdep_set_class(&key->sem, &type->lock_class);
288 key->type = type; 289 key->index_key.type = type;
289 key->user = user; 290 key->user = user;
290 key->quotalen = quotalen; 291 key->quotalen = quotalen;
291 key->datalen = type->def_datalen; 292 key->datalen = type->def_datalen;
292 key->uid = uid; 293 key->uid = uid;
293 key->gid = gid; 294 key->gid = gid;
294 key->perm = perm; 295 key->perm = perm;
295 key->flags = 0;
296 key->expiry = 0;
297 key->payload.data = NULL;
298 key->security = NULL;
299 296
300 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) 297 if (!(flags & KEY_ALLOC_NOT_IN_QUOTA))
301 key->flags |= 1 << KEY_FLAG_IN_QUOTA; 298 key->flags |= 1 << KEY_FLAG_IN_QUOTA;
302 299 if (flags & KEY_ALLOC_TRUSTED)
303 memset(&key->type_data, 0, sizeof(key->type_data)); 300 key->flags |= 1 << KEY_FLAG_TRUSTED;
304 301
305#ifdef KEY_DEBUGGING 302#ifdef KEY_DEBUGGING
306 key->magic = KEY_DEBUG_MAGIC; 303 key->magic = KEY_DEBUG_MAGIC;
@@ -408,7 +405,7 @@ static int __key_instantiate_and_link(struct key *key,
408 struct key_preparsed_payload *prep, 405 struct key_preparsed_payload *prep,
409 struct key *keyring, 406 struct key *keyring,
410 struct key *authkey, 407 struct key *authkey,
411 unsigned long *_prealloc) 408 struct assoc_array_edit **_edit)
412{ 409{
413 int ret, awaken; 410 int ret, awaken;
414 411
@@ -435,7 +432,7 @@ static int __key_instantiate_and_link(struct key *key,
435 432
436 /* and link it into the destination keyring */ 433 /* and link it into the destination keyring */
437 if (keyring) 434 if (keyring)
438 __key_link(keyring, key, _prealloc); 435 __key_link(key, _edit);
439 436
440 /* disable the authorisation key */ 437 /* disable the authorisation key */
441 if (authkey) 438 if (authkey)
@@ -475,7 +472,7 @@ int key_instantiate_and_link(struct key *key,
475 struct key *authkey) 472 struct key *authkey)
476{ 473{
477 struct key_preparsed_payload prep; 474 struct key_preparsed_payload prep;
478 unsigned long prealloc; 475 struct assoc_array_edit *edit;
479 int ret; 476 int ret;
480 477
481 memset(&prep, 0, sizeof(prep)); 478 memset(&prep, 0, sizeof(prep));
@@ -489,17 +486,15 @@ int key_instantiate_and_link(struct key *key,
489 } 486 }
490 487
491 if (keyring) { 488 if (keyring) {
492 ret = __key_link_begin(keyring, key->type, key->description, 489 ret = __key_link_begin(keyring, &key->index_key, &edit);
493 &prealloc);
494 if (ret < 0) 490 if (ret < 0)
495 goto error_free_preparse; 491 goto error_free_preparse;
496 } 492 }
497 493
498 ret = __key_instantiate_and_link(key, &prep, keyring, authkey, 494 ret = __key_instantiate_and_link(key, &prep, keyring, authkey, &edit);
499 &prealloc);
500 495
501 if (keyring) 496 if (keyring)
502 __key_link_end(keyring, key->type, prealloc); 497 __key_link_end(keyring, &key->index_key, edit);
503 498
504error_free_preparse: 499error_free_preparse:
505 if (key->type->preparse) 500 if (key->type->preparse)
@@ -537,7 +532,7 @@ int key_reject_and_link(struct key *key,
537 struct key *keyring, 532 struct key *keyring,
538 struct key *authkey) 533 struct key *authkey)
539{ 534{
540 unsigned long prealloc; 535 struct assoc_array_edit *edit;
541 struct timespec now; 536 struct timespec now;
542 int ret, awaken, link_ret = 0; 537 int ret, awaken, link_ret = 0;
543 538
@@ -548,8 +543,7 @@ int key_reject_and_link(struct key *key,
548 ret = -EBUSY; 543 ret = -EBUSY;
549 544
550 if (keyring) 545 if (keyring)
551 link_ret = __key_link_begin(keyring, key->type, 546 link_ret = __key_link_begin(keyring, &key->index_key, &edit);
552 key->description, &prealloc);
553 547
554 mutex_lock(&key_construction_mutex); 548 mutex_lock(&key_construction_mutex);
555 549
@@ -557,9 +551,10 @@ int key_reject_and_link(struct key *key,
557 if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { 551 if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
558 /* mark the key as being negatively instantiated */ 552 /* mark the key as being negatively instantiated */
559 atomic_inc(&key->user->nikeys); 553 atomic_inc(&key->user->nikeys);
554 key->type_data.reject_error = -error;
555 smp_wmb();
560 set_bit(KEY_FLAG_NEGATIVE, &key->flags); 556 set_bit(KEY_FLAG_NEGATIVE, &key->flags);
561 set_bit(KEY_FLAG_INSTANTIATED, &key->flags); 557 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
562 key->type_data.reject_error = -error;
563 now = current_kernel_time(); 558 now = current_kernel_time();
564 key->expiry = now.tv_sec + timeout; 559 key->expiry = now.tv_sec + timeout;
565 key_schedule_gc(key->expiry + key_gc_delay); 560 key_schedule_gc(key->expiry + key_gc_delay);
@@ -571,7 +566,7 @@ int key_reject_and_link(struct key *key,
571 566
572 /* and link it into the destination keyring */ 567 /* and link it into the destination keyring */
573 if (keyring && link_ret == 0) 568 if (keyring && link_ret == 0)
574 __key_link(keyring, key, &prealloc); 569 __key_link(key, &edit);
575 570
576 /* disable the authorisation key */ 571 /* disable the authorisation key */
577 if (authkey) 572 if (authkey)
@@ -581,7 +576,7 @@ int key_reject_and_link(struct key *key,
581 mutex_unlock(&key_construction_mutex); 576 mutex_unlock(&key_construction_mutex);
582 577
583 if (keyring) 578 if (keyring)
584 __key_link_end(keyring, key->type, prealloc); 579 __key_link_end(keyring, &key->index_key, edit);
585 580
586 /* wake up anyone waiting for a key to be constructed */ 581 /* wake up anyone waiting for a key to be constructed */
587 if (awaken) 582 if (awaken)
@@ -645,7 +640,7 @@ found:
645 /* this races with key_put(), but that doesn't matter since key_put() 640 /* this races with key_put(), but that doesn't matter since key_put()
646 * doesn't actually change the key 641 * doesn't actually change the key
647 */ 642 */
648 atomic_inc(&key->usage); 643 __key_get(key);
649 644
650error: 645error:
651 spin_unlock(&key_serial_lock); 646 spin_unlock(&key_serial_lock);
@@ -780,25 +775,27 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
780 key_perm_t perm, 775 key_perm_t perm,
781 unsigned long flags) 776 unsigned long flags)
782{ 777{
783 unsigned long prealloc; 778 struct keyring_index_key index_key = {
779 .description = description,
780 };
784 struct key_preparsed_payload prep; 781 struct key_preparsed_payload prep;
782 struct assoc_array_edit *edit;
785 const struct cred *cred = current_cred(); 783 const struct cred *cred = current_cred();
786 struct key_type *ktype;
787 struct key *keyring, *key = NULL; 784 struct key *keyring, *key = NULL;
788 key_ref_t key_ref; 785 key_ref_t key_ref;
789 int ret; 786 int ret;
790 787
791 /* look up the key type to see if it's one of the registered kernel 788 /* look up the key type to see if it's one of the registered kernel
792 * types */ 789 * types */
793 ktype = key_type_lookup(type); 790 index_key.type = key_type_lookup(type);
794 if (IS_ERR(ktype)) { 791 if (IS_ERR(index_key.type)) {
795 key_ref = ERR_PTR(-ENODEV); 792 key_ref = ERR_PTR(-ENODEV);
796 goto error; 793 goto error;
797 } 794 }
798 795
799 key_ref = ERR_PTR(-EINVAL); 796 key_ref = ERR_PTR(-EINVAL);
800 if (!ktype->match || !ktype->instantiate || 797 if (!index_key.type->match || !index_key.type->instantiate ||
801 (!description && !ktype->preparse)) 798 (!index_key.description && !index_key.type->preparse))
802 goto error_put_type; 799 goto error_put_type;
803 800
804 keyring = key_ref_to_ptr(keyring_ref); 801 keyring = key_ref_to_ptr(keyring_ref);
@@ -812,21 +809,28 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
812 memset(&prep, 0, sizeof(prep)); 809 memset(&prep, 0, sizeof(prep));
813 prep.data = payload; 810 prep.data = payload;
814 prep.datalen = plen; 811 prep.datalen = plen;
815 prep.quotalen = ktype->def_datalen; 812 prep.quotalen = index_key.type->def_datalen;
816 if (ktype->preparse) { 813 prep.trusted = flags & KEY_ALLOC_TRUSTED;
817 ret = ktype->preparse(&prep); 814 if (index_key.type->preparse) {
815 ret = index_key.type->preparse(&prep);
818 if (ret < 0) { 816 if (ret < 0) {
819 key_ref = ERR_PTR(ret); 817 key_ref = ERR_PTR(ret);
820 goto error_put_type; 818 goto error_put_type;
821 } 819 }
822 if (!description) 820 if (!index_key.description)
823 description = prep.description; 821 index_key.description = prep.description;
824 key_ref = ERR_PTR(-EINVAL); 822 key_ref = ERR_PTR(-EINVAL);
825 if (!description) 823 if (!index_key.description)
826 goto error_free_prep; 824 goto error_free_prep;
827 } 825 }
826 index_key.desc_len = strlen(index_key.description);
827
828 key_ref = ERR_PTR(-EPERM);
829 if (!prep.trusted && test_bit(KEY_FLAG_TRUSTED_ONLY, &keyring->flags))
830 goto error_free_prep;
831 flags |= prep.trusted ? KEY_ALLOC_TRUSTED : 0;
828 832
829 ret = __key_link_begin(keyring, ktype, description, &prealloc); 833 ret = __key_link_begin(keyring, &index_key, &edit);
830 if (ret < 0) { 834 if (ret < 0) {
831 key_ref = ERR_PTR(ret); 835 key_ref = ERR_PTR(ret);
832 goto error_free_prep; 836 goto error_free_prep;
@@ -844,10 +848,9 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
844 * key of the same type and description in the destination keyring and 848 * key of the same type and description in the destination keyring and
845 * update that instead if possible 849 * update that instead if possible
846 */ 850 */
847 if (ktype->update) { 851 if (index_key.type->update) {
848 key_ref = __keyring_search_one(keyring_ref, ktype, description, 852 key_ref = find_key_to_update(keyring_ref, &index_key);
849 0); 853 if (key_ref)
850 if (!IS_ERR(key_ref))
851 goto found_matching_key; 854 goto found_matching_key;
852 } 855 }
853 856
@@ -856,23 +859,24 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
856 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; 859 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
857 perm |= KEY_USR_VIEW; 860 perm |= KEY_USR_VIEW;
858 861
859 if (ktype->read) 862 if (index_key.type->read)
860 perm |= KEY_POS_READ; 863 perm |= KEY_POS_READ;
861 864
862 if (ktype == &key_type_keyring || ktype->update) 865 if (index_key.type == &key_type_keyring ||
866 index_key.type->update)
863 perm |= KEY_POS_WRITE; 867 perm |= KEY_POS_WRITE;
864 } 868 }
865 869
866 /* allocate a new key */ 870 /* allocate a new key */
867 key = key_alloc(ktype, description, cred->fsuid, cred->fsgid, cred, 871 key = key_alloc(index_key.type, index_key.description,
868 perm, flags); 872 cred->fsuid, cred->fsgid, cred, perm, flags);
869 if (IS_ERR(key)) { 873 if (IS_ERR(key)) {
870 key_ref = ERR_CAST(key); 874 key_ref = ERR_CAST(key);
871 goto error_link_end; 875 goto error_link_end;
872 } 876 }
873 877
874 /* instantiate it and link it into the target keyring */ 878 /* instantiate it and link it into the target keyring */
875 ret = __key_instantiate_and_link(key, &prep, keyring, NULL, &prealloc); 879 ret = __key_instantiate_and_link(key, &prep, keyring, NULL, &edit);
876 if (ret < 0) { 880 if (ret < 0) {
877 key_put(key); 881 key_put(key);
878 key_ref = ERR_PTR(ret); 882 key_ref = ERR_PTR(ret);
@@ -882,12 +886,12 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
882 key_ref = make_key_ref(key, is_key_possessed(keyring_ref)); 886 key_ref = make_key_ref(key, is_key_possessed(keyring_ref));
883 887
884error_link_end: 888error_link_end:
885 __key_link_end(keyring, ktype, prealloc); 889 __key_link_end(keyring, &index_key, edit);
886error_free_prep: 890error_free_prep:
887 if (ktype->preparse) 891 if (index_key.type->preparse)
888 ktype->free_preparse(&prep); 892 index_key.type->free_preparse(&prep);
889error_put_type: 893error_put_type:
890 key_type_put(ktype); 894 key_type_put(index_key.type);
891error: 895error:
892 return key_ref; 896 return key_ref;
893 897
@@ -895,7 +899,7 @@ error:
895 /* we found a matching key, so we're going to try to update it 899 /* we found a matching key, so we're going to try to update it
896 * - we can drop the locks first as we have the key pinned 900 * - we can drop the locks first as we have the key pinned
897 */ 901 */
898 __key_link_end(keyring, ktype, prealloc); 902 __key_link_end(keyring, &index_key, edit);
899 903
900 key_ref = __key_update(key_ref, &prep); 904 key_ref = __key_update(key_ref, &prep);
901 goto error_free_prep; 905 goto error_free_prep;
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 33cfd27b4de2..cee72ce64222 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1667,6 +1667,9 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
1667 case KEYCTL_INVALIDATE: 1667 case KEYCTL_INVALIDATE:
1668 return keyctl_invalidate_key((key_serial_t) arg2); 1668 return keyctl_invalidate_key((key_serial_t) arg2);
1669 1669
1670 case KEYCTL_GET_PERSISTENT:
1671 return keyctl_get_persistent((uid_t)arg2, (key_serial_t)arg3);
1672
1670 default: 1673 default:
1671 return -EOPNOTSUPP; 1674 return -EOPNOTSUPP;
1672 } 1675 }
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 6ece7f2e5707..d46cbc5e335e 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -1,6 +1,6 @@
1/* Keyring handling 1/* Keyring handling
2 * 2 *
3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004-2005, 2008, 2013 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
5 * 5 *
6 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -17,25 +17,11 @@
17#include <linux/seq_file.h> 17#include <linux/seq_file.h>
18#include <linux/err.h> 18#include <linux/err.h>
19#include <keys/keyring-type.h> 19#include <keys/keyring-type.h>
20#include <keys/user-type.h>
21#include <linux/assoc_array_priv.h>
20#include <linux/uaccess.h> 22#include <linux/uaccess.h>
21#include "internal.h" 23#include "internal.h"
22 24
23#define rcu_dereference_locked_keyring(keyring) \
24 (rcu_dereference_protected( \
25 (keyring)->payload.subscriptions, \
26 rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))
27
28#define rcu_deref_link_locked(klist, index, keyring) \
29 (rcu_dereference_protected( \
30 (klist)->keys[index], \
31 rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))
32
33#define MAX_KEYRING_LINKS \
34 min_t(size_t, USHRT_MAX - 1, \
35 ((PAGE_SIZE - sizeof(struct keyring_list)) / sizeof(struct key *)))
36
37#define KEY_LINK_FIXQUOTA 1UL
38
39/* 25/*
40 * When plumbing the depths of the key tree, this sets a hard limit 26 * When plumbing the depths of the key tree, this sets a hard limit
41 * set on how deep we're willing to go. 27 * set on how deep we're willing to go.
@@ -47,6 +33,28 @@
47 */ 33 */
48#define KEYRING_NAME_HASH_SIZE (1 << 5) 34#define KEYRING_NAME_HASH_SIZE (1 << 5)
49 35
36/*
37 * We mark pointers we pass to the associative array with bit 1 set if
38 * they're keyrings and clear otherwise.
39 */
40#define KEYRING_PTR_SUBTYPE 0x2UL
41
42static inline bool keyring_ptr_is_keyring(const struct assoc_array_ptr *x)
43{
44 return (unsigned long)x & KEYRING_PTR_SUBTYPE;
45}
46static inline struct key *keyring_ptr_to_key(const struct assoc_array_ptr *x)
47{
48 void *object = assoc_array_ptr_to_leaf(x);
49 return (struct key *)((unsigned long)object & ~KEYRING_PTR_SUBTYPE);
50}
51static inline void *keyring_key_to_ptr(struct key *key)
52{
53 if (key->type == &key_type_keyring)
54 return (void *)((unsigned long)key | KEYRING_PTR_SUBTYPE);
55 return key;
56}
57
50static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE]; 58static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE];
51static DEFINE_RWLOCK(keyring_name_lock); 59static DEFINE_RWLOCK(keyring_name_lock);
52 60
@@ -67,7 +75,6 @@ static inline unsigned keyring_hash(const char *desc)
67 */ 75 */
68static int keyring_instantiate(struct key *keyring, 76static int keyring_instantiate(struct key *keyring,
69 struct key_preparsed_payload *prep); 77 struct key_preparsed_payload *prep);
70static int keyring_match(const struct key *keyring, const void *criterion);
71static void keyring_revoke(struct key *keyring); 78static void keyring_revoke(struct key *keyring);
72static void keyring_destroy(struct key *keyring); 79static void keyring_destroy(struct key *keyring);
73static void keyring_describe(const struct key *keyring, struct seq_file *m); 80static void keyring_describe(const struct key *keyring, struct seq_file *m);
@@ -76,9 +83,9 @@ static long keyring_read(const struct key *keyring,
76 83
77struct key_type key_type_keyring = { 84struct key_type key_type_keyring = {
78 .name = "keyring", 85 .name = "keyring",
79 .def_datalen = sizeof(struct keyring_list), 86 .def_datalen = 0,
80 .instantiate = keyring_instantiate, 87 .instantiate = keyring_instantiate,
81 .match = keyring_match, 88 .match = user_match,
82 .revoke = keyring_revoke, 89 .revoke = keyring_revoke,
83 .destroy = keyring_destroy, 90 .destroy = keyring_destroy,
84 .describe = keyring_describe, 91 .describe = keyring_describe,
@@ -127,6 +134,7 @@ static int keyring_instantiate(struct key *keyring,
127 134
128 ret = -EINVAL; 135 ret = -EINVAL;
129 if (prep->datalen == 0) { 136 if (prep->datalen == 0) {
137 assoc_array_init(&keyring->keys);
130 /* make the keyring available by name if it has one */ 138 /* make the keyring available by name if it has one */
131 keyring_publish_name(keyring); 139 keyring_publish_name(keyring);
132 ret = 0; 140 ret = 0;
@@ -136,15 +144,225 @@ static int keyring_instantiate(struct key *keyring,
136} 144}
137 145
138/* 146/*
139 * Match keyrings on their name 147 * Multiply 64-bits by 32-bits to 96-bits and fold back to 64-bit. Ideally we'd
148 * fold the carry back too, but that requires inline asm.
149 */
150static u64 mult_64x32_and_fold(u64 x, u32 y)
151{
152 u64 hi = (u64)(u32)(x >> 32) * y;
153 u64 lo = (u64)(u32)(x) * y;
154 return lo + ((u64)(u32)hi << 32) + (u32)(hi >> 32);
155}
156
157/*
158 * Hash a key type and description.
159 */
160static unsigned long hash_key_type_and_desc(const struct keyring_index_key *index_key)
161{
162 const unsigned level_shift = ASSOC_ARRAY_LEVEL_STEP;
163 const unsigned long fan_mask = ASSOC_ARRAY_FAN_MASK;
164 const char *description = index_key->description;
165 unsigned long hash, type;
166 u32 piece;
167 u64 acc;
168 int n, desc_len = index_key->desc_len;
169
170 type = (unsigned long)index_key->type;
171
172 acc = mult_64x32_and_fold(type, desc_len + 13);
173 acc = mult_64x32_and_fold(acc, 9207);
174 for (;;) {
175 n = desc_len;
176 if (n <= 0)
177 break;
178 if (n > 4)
179 n = 4;
180 piece = 0;
181 memcpy(&piece, description, n);
182 description += n;
183 desc_len -= n;
184 acc = mult_64x32_and_fold(acc, piece);
185 acc = mult_64x32_and_fold(acc, 9207);
186 }
187
188 /* Fold the hash down to 32 bits if need be. */
189 hash = acc;
190 if (ASSOC_ARRAY_KEY_CHUNK_SIZE == 32)
191 hash ^= acc >> 32;
192
193 /* Squidge all the keyrings into a separate part of the tree to
194 * ordinary keys by making sure the lowest level segment in the hash is
195 * zero for keyrings and non-zero otherwise.
196 */
197 if (index_key->type != &key_type_keyring && (hash & fan_mask) == 0)
198 return hash | (hash >> (ASSOC_ARRAY_KEY_CHUNK_SIZE - level_shift)) | 1;
199 if (index_key->type == &key_type_keyring && (hash & fan_mask) != 0)
200 return (hash + (hash << level_shift)) & ~fan_mask;
201 return hash;
202}
203
204/*
205 * Build the next index key chunk.
206 *
207 * On 32-bit systems the index key is laid out as:
208 *
209 * 0 4 5 9...
210 * hash desclen typeptr desc[]
211 *
212 * On 64-bit systems:
213 *
214 * 0 8 9 17...
215 * hash desclen typeptr desc[]
216 *
217 * We return it one word-sized chunk at a time.
140 */ 218 */
141static int keyring_match(const struct key *keyring, const void *description) 219static unsigned long keyring_get_key_chunk(const void *data, int level)
220{
221 const struct keyring_index_key *index_key = data;
222 unsigned long chunk = 0;
223 long offset = 0;
224 int desc_len = index_key->desc_len, n = sizeof(chunk);
225
226 level /= ASSOC_ARRAY_KEY_CHUNK_SIZE;
227 switch (level) {
228 case 0:
229 return hash_key_type_and_desc(index_key);
230 case 1:
231 return ((unsigned long)index_key->type << 8) | desc_len;
232 case 2:
233 if (desc_len == 0)
234 return (u8)((unsigned long)index_key->type >>
235 (ASSOC_ARRAY_KEY_CHUNK_SIZE - 8));
236 n--;
237 offset = 1;
238 default:
239 offset += sizeof(chunk) - 1;
240 offset += (level - 3) * sizeof(chunk);
241 if (offset >= desc_len)
242 return 0;
243 desc_len -= offset;
244 if (desc_len > n)
245 desc_len = n;
246 offset += desc_len;
247 do {
248 chunk <<= 8;
249 chunk |= ((u8*)index_key->description)[--offset];
250 } while (--desc_len > 0);
251
252 if (level == 2) {
253 chunk <<= 8;
254 chunk |= (u8)((unsigned long)index_key->type >>
255 (ASSOC_ARRAY_KEY_CHUNK_SIZE - 8));
256 }
257 return chunk;
258 }
259}
260
261static unsigned long keyring_get_object_key_chunk(const void *object, int level)
262{
263 const struct key *key = keyring_ptr_to_key(object);
264 return keyring_get_key_chunk(&key->index_key, level);
265}
266
267static bool keyring_compare_object(const void *object, const void *data)
142{ 268{
143 return keyring->description && 269 const struct keyring_index_key *index_key = data;
144 strcmp(keyring->description, description) == 0; 270 const struct key *key = keyring_ptr_to_key(object);
271
272 return key->index_key.type == index_key->type &&
273 key->index_key.desc_len == index_key->desc_len &&
274 memcmp(key->index_key.description, index_key->description,
275 index_key->desc_len) == 0;
145} 276}
146 277
147/* 278/*
279 * Compare the index keys of a pair of objects and determine the bit position
280 * at which they differ - if they differ.
281 */
282static int keyring_diff_objects(const void *object, const void *data)
283{
284 const struct key *key_a = keyring_ptr_to_key(object);
285 const struct keyring_index_key *a = &key_a->index_key;
286 const struct keyring_index_key *b = data;
287 unsigned long seg_a, seg_b;
288 int level, i;
289
290 level = 0;
291 seg_a = hash_key_type_and_desc(a);
292 seg_b = hash_key_type_and_desc(b);
293 if ((seg_a ^ seg_b) != 0)
294 goto differ;
295
296 /* The number of bits contributed by the hash is controlled by a
297 * constant in the assoc_array headers. Everything else thereafter we
298 * can deal with as being machine word-size dependent.
299 */
300 level += ASSOC_ARRAY_KEY_CHUNK_SIZE / 8;
301 seg_a = a->desc_len;
302 seg_b = b->desc_len;
303 if ((seg_a ^ seg_b) != 0)
304 goto differ;
305
306 /* The next bit may not work on big endian */
307 level++;
308 seg_a = (unsigned long)a->type;
309 seg_b = (unsigned long)b->type;
310 if ((seg_a ^ seg_b) != 0)
311 goto differ;
312
313 level += sizeof(unsigned long);
314 if (a->desc_len == 0)
315 goto same;
316
317 i = 0;
318 if (((unsigned long)a->description | (unsigned long)b->description) &
319 (sizeof(unsigned long) - 1)) {
320 do {
321 seg_a = *(unsigned long *)(a->description + i);
322 seg_b = *(unsigned long *)(b->description + i);
323 if ((seg_a ^ seg_b) != 0)
324 goto differ_plus_i;
325 i += sizeof(unsigned long);
326 } while (i < (a->desc_len & (sizeof(unsigned long) - 1)));
327 }
328
329 for (; i < a->desc_len; i++) {
330 seg_a = *(unsigned char *)(a->description + i);
331 seg_b = *(unsigned char *)(b->description + i);
332 if ((seg_a ^ seg_b) != 0)
333 goto differ_plus_i;
334 }
335
336same:
337 return -1;
338
339differ_plus_i:
340 level += i;
341differ:
342 i = level * 8 + __ffs(seg_a ^ seg_b);
343 return i;
344}
345
346/*
347 * Free an object after stripping the keyring flag off of the pointer.
348 */
349static void keyring_free_object(void *object)
350{
351 key_put(keyring_ptr_to_key(object));
352}
353
354/*
355 * Operations for keyring management by the index-tree routines.
356 */
357static const struct assoc_array_ops keyring_assoc_array_ops = {
358 .get_key_chunk = keyring_get_key_chunk,
359 .get_object_key_chunk = keyring_get_object_key_chunk,
360 .compare_object = keyring_compare_object,
361 .diff_objects = keyring_diff_objects,
362 .free_object = keyring_free_object,
363};
364
365/*
148 * Clean up a keyring when it is destroyed. Unpublish its name if it had one 366 * Clean up a keyring when it is destroyed. Unpublish its name if it had one
149 * and dispose of its data. 367 * and dispose of its data.
150 * 368 *
@@ -155,9 +373,6 @@ static int keyring_match(const struct key *keyring, const void *description)
155 */ 373 */
156static void keyring_destroy(struct key *keyring) 374static void keyring_destroy(struct key *keyring)
157{ 375{
158 struct keyring_list *klist;
159 int loop;
160
161 if (keyring->description) { 376 if (keyring->description) {
162 write_lock(&keyring_name_lock); 377 write_lock(&keyring_name_lock);
163 378
@@ -168,12 +383,7 @@ static void keyring_destroy(struct key *keyring)
168 write_unlock(&keyring_name_lock); 383 write_unlock(&keyring_name_lock);
169 } 384 }
170 385
171 klist = rcu_access_pointer(keyring->payload.subscriptions); 386 assoc_array_destroy(&keyring->keys, &keyring_assoc_array_ops);
172 if (klist) {
173 for (loop = klist->nkeys - 1; loop >= 0; loop--)
174 key_put(rcu_access_pointer(klist->keys[loop]));
175 kfree(klist);
176 }
177} 387}
178 388
179/* 389/*
@@ -181,76 +391,88 @@ static void keyring_destroy(struct key *keyring)
181 */ 391 */
182static void keyring_describe(const struct key *keyring, struct seq_file *m) 392static void keyring_describe(const struct key *keyring, struct seq_file *m)
183{ 393{
184 struct keyring_list *klist;
185
186 if (keyring->description) 394 if (keyring->description)
187 seq_puts(m, keyring->description); 395 seq_puts(m, keyring->description);
188 else 396 else
189 seq_puts(m, "[anon]"); 397 seq_puts(m, "[anon]");
190 398
191 if (key_is_instantiated(keyring)) { 399 if (key_is_instantiated(keyring)) {
192 rcu_read_lock(); 400 if (keyring->keys.nr_leaves_on_tree != 0)
193 klist = rcu_dereference(keyring->payload.subscriptions); 401 seq_printf(m, ": %lu", keyring->keys.nr_leaves_on_tree);
194 if (klist)
195 seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys);
196 else 402 else
197 seq_puts(m, ": empty"); 403 seq_puts(m, ": empty");
198 rcu_read_unlock();
199 } 404 }
200} 405}
201 406
407struct keyring_read_iterator_context {
408 size_t qty;
409 size_t count;
410 key_serial_t __user *buffer;
411};
412
413static int keyring_read_iterator(const void *object, void *data)
414{
415 struct keyring_read_iterator_context *ctx = data;
416 const struct key *key = keyring_ptr_to_key(object);
417 int ret;
418
419 kenter("{%s,%d},,{%zu/%zu}",
420 key->type->name, key->serial, ctx->count, ctx->qty);
421
422 if (ctx->count >= ctx->qty)
423 return 1;
424
425 ret = put_user(key->serial, ctx->buffer);
426 if (ret < 0)
427 return ret;
428 ctx->buffer++;
429 ctx->count += sizeof(key->serial);
430 return 0;
431}
432
202/* 433/*
203 * Read a list of key IDs from the keyring's contents in binary form 434 * Read a list of key IDs from the keyring's contents in binary form
204 * 435 *
205 * The keyring's semaphore is read-locked by the caller. 436 * The keyring's semaphore is read-locked by the caller. This prevents someone
437 * from modifying it under us - which could cause us to read key IDs multiple
438 * times.
206 */ 439 */
207static long keyring_read(const struct key *keyring, 440static long keyring_read(const struct key *keyring,
208 char __user *buffer, size_t buflen) 441 char __user *buffer, size_t buflen)
209{ 442{
210 struct keyring_list *klist; 443 struct keyring_read_iterator_context ctx;
211 struct key *key; 444 unsigned long nr_keys;
212 size_t qty, tmp; 445 int ret;
213 int loop, ret;
214 446
215 ret = 0; 447 kenter("{%d},,%zu", key_serial(keyring), buflen);
216 klist = rcu_dereference_locked_keyring(keyring); 448
217 if (klist) { 449 if (buflen & (sizeof(key_serial_t) - 1))
218 /* calculate how much data we could return */ 450 return -EINVAL;
219 qty = klist->nkeys * sizeof(key_serial_t); 451
220 452 nr_keys = keyring->keys.nr_leaves_on_tree;
221 if (buffer && buflen > 0) { 453 if (nr_keys == 0)
222 if (buflen > qty) 454 return 0;
223 buflen = qty;
224
225 /* copy the IDs of the subscribed keys into the
226 * buffer */
227 ret = -EFAULT;
228
229 for (loop = 0; loop < klist->nkeys; loop++) {
230 key = rcu_deref_link_locked(klist, loop,
231 keyring);
232
233 tmp = sizeof(key_serial_t);
234 if (tmp > buflen)
235 tmp = buflen;
236
237 if (copy_to_user(buffer,
238 &key->serial,
239 tmp) != 0)
240 goto error;
241
242 buflen -= tmp;
243 if (buflen == 0)
244 break;
245 buffer += tmp;
246 }
247 }
248 455
249 ret = qty; 456 /* Calculate how much data we could return */
457 ctx.qty = nr_keys * sizeof(key_serial_t);
458
459 if (!buffer || !buflen)
460 return ctx.qty;
461
462 if (buflen > ctx.qty)
463 ctx.qty = buflen;
464
465 /* Copy the IDs of the subscribed keys into the buffer */
466 ctx.buffer = (key_serial_t __user *)buffer;
467 ctx.count = 0;
468 ret = assoc_array_iterate(&keyring->keys, keyring_read_iterator, &ctx);
469 if (ret < 0) {
470 kleave(" = %d [iterate]", ret);
471 return ret;
250 } 472 }
251 473
252error: 474 kleave(" = %zu [ok]", ctx.count);
253 return ret; 475 return ctx.count;
254} 476}
255 477
256/* 478/*
@@ -277,227 +499,361 @@ struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
277} 499}
278EXPORT_SYMBOL(keyring_alloc); 500EXPORT_SYMBOL(keyring_alloc);
279 501
280/** 502/*
281 * keyring_search_aux - Search a keyring tree for a key matching some criteria 503 * Iteration function to consider each key found.
282 * @keyring_ref: A pointer to the keyring with possession indicator.
283 * @cred: The credentials to use for permissions checks.
284 * @type: The type of key to search for.
285 * @description: Parameter for @match.
286 * @match: Function to rule on whether or not a key is the one required.
287 * @no_state_check: Don't check if a matching key is bad
288 *
289 * Search the supplied keyring tree for a key that matches the criteria given.
290 * The root keyring and any linked keyrings must grant Search permission to the
291 * caller to be searchable and keys can only be found if they too grant Search
292 * to the caller. The possession flag on the root keyring pointer controls use
293 * of the possessor bits in permissions checking of the entire tree. In
294 * addition, the LSM gets to forbid keyring searches and key matches.
295 *
296 * The search is performed as a breadth-then-depth search up to the prescribed
297 * limit (KEYRING_SEARCH_MAX_DEPTH).
298 *
299 * Keys are matched to the type provided and are then filtered by the match
300 * function, which is given the description to use in any way it sees fit. The
301 * match function may use any attributes of a key that it wishes to to
302 * determine the match. Normally the match function from the key type would be
303 * used.
304 *
305 * RCU is used to prevent the keyring key lists from disappearing without the
306 * need to take lots of locks.
307 *
308 * Returns a pointer to the found key and increments the key usage count if
309 * successful; -EAGAIN if no matching keys were found, or if expired or revoked
310 * keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the
311 * specified keyring wasn't a keyring.
312 *
313 * In the case of a successful return, the possession attribute from
314 * @keyring_ref is propagated to the returned key reference.
315 */ 504 */
316key_ref_t keyring_search_aux(key_ref_t keyring_ref, 505static int keyring_search_iterator(const void *object, void *iterator_data)
317 const struct cred *cred,
318 struct key_type *type,
319 const void *description,
320 key_match_func_t match,
321 bool no_state_check)
322{ 506{
323 struct { 507 struct keyring_search_context *ctx = iterator_data;
324 /* Need a separate keylist pointer for RCU purposes */ 508 const struct key *key = keyring_ptr_to_key(object);
325 struct key *keyring; 509 unsigned long kflags = key->flags;
326 struct keyring_list *keylist;
327 int kix;
328 } stack[KEYRING_SEARCH_MAX_DEPTH];
329
330 struct keyring_list *keylist;
331 struct timespec now;
332 unsigned long possessed, kflags;
333 struct key *keyring, *key;
334 key_ref_t key_ref;
335 long err;
336 int sp, nkeys, kix;
337 510
338 keyring = key_ref_to_ptr(keyring_ref); 511 kenter("{%d}", key->serial);
339 possessed = is_key_possessed(keyring_ref);
340 key_check(keyring);
341 512
342 /* top keyring must have search permission to begin the search */ 513 /* ignore keys not of this type */
343 err = key_task_permission(keyring_ref, cred, KEY_SEARCH); 514 if (key->type != ctx->index_key.type) {
344 if (err < 0) { 515 kleave(" = 0 [!type]");
345 key_ref = ERR_PTR(err); 516 return 0;
346 goto error;
347 } 517 }
348 518
349 key_ref = ERR_PTR(-ENOTDIR); 519 /* skip invalidated, revoked and expired keys */
350 if (keyring->type != &key_type_keyring) 520 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) {
351 goto error; 521 if (kflags & ((1 << KEY_FLAG_INVALIDATED) |
522 (1 << KEY_FLAG_REVOKED))) {
523 ctx->result = ERR_PTR(-EKEYREVOKED);
524 kleave(" = %d [invrev]", ctx->skipped_ret);
525 goto skipped;
526 }
352 527
353 rcu_read_lock(); 528 if (key->expiry && ctx->now.tv_sec >= key->expiry) {
529 ctx->result = ERR_PTR(-EKEYEXPIRED);
530 kleave(" = %d [expire]", ctx->skipped_ret);
531 goto skipped;
532 }
533 }
354 534
355 now = current_kernel_time(); 535 /* keys that don't match */
356 err = -EAGAIN; 536 if (!ctx->match(key, ctx->match_data)) {
357 sp = 0; 537 kleave(" = 0 [!match]");
358 538 return 0;
359 /* firstly we should check to see if this top-level keyring is what we 539 }
360 * are looking for */
361 key_ref = ERR_PTR(-EAGAIN);
362 kflags = keyring->flags;
363 if (keyring->type == type && match(keyring, description)) {
364 key = keyring;
365 if (no_state_check)
366 goto found;
367 540
368 /* check it isn't negative and hasn't expired or been 541 /* key must have search permissions */
369 * revoked */ 542 if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) &&
370 if (kflags & (1 << KEY_FLAG_REVOKED)) 543 key_task_permission(make_key_ref(key, ctx->possessed),
371 goto error_2; 544 ctx->cred, KEY_SEARCH) < 0) {
372 if (key->expiry && now.tv_sec >= key->expiry) 545 ctx->result = ERR_PTR(-EACCES);
373 goto error_2; 546 kleave(" = %d [!perm]", ctx->skipped_ret);
374 key_ref = ERR_PTR(key->type_data.reject_error); 547 goto skipped;
375 if (kflags & (1 << KEY_FLAG_NEGATIVE))
376 goto error_2;
377 goto found;
378 } 548 }
379 549
380 /* otherwise, the top keyring must not be revoked, expired, or 550 if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) {
381 * negatively instantiated if we are to search it */ 551 /* we set a different error code if we pass a negative key */
382 key_ref = ERR_PTR(-EAGAIN); 552 if (kflags & (1 << KEY_FLAG_NEGATIVE)) {
383 if (kflags & ((1 << KEY_FLAG_INVALIDATED) | 553 smp_rmb();
384 (1 << KEY_FLAG_REVOKED) | 554 ctx->result = ERR_PTR(key->type_data.reject_error);
385 (1 << KEY_FLAG_NEGATIVE)) || 555 kleave(" = %d [neg]", ctx->skipped_ret);
386 (keyring->expiry && now.tv_sec >= keyring->expiry)) 556 goto skipped;
387 goto error_2; 557 }
388 558 }
389 /* start processing a new keyring */
390descend:
391 kflags = keyring->flags;
392 if (kflags & ((1 << KEY_FLAG_INVALIDATED) |
393 (1 << KEY_FLAG_REVOKED)))
394 goto not_this_keyring;
395 559
396 keylist = rcu_dereference(keyring->payload.subscriptions); 560 /* Found */
397 if (!keylist) 561 ctx->result = make_key_ref(key, ctx->possessed);
398 goto not_this_keyring; 562 kleave(" = 1 [found]");
563 return 1;
399 564
400 /* iterate through the keys in this keyring first */ 565skipped:
401 nkeys = keylist->nkeys; 566 return ctx->skipped_ret;
402 smp_rmb(); 567}
403 for (kix = 0; kix < nkeys; kix++) {
404 key = rcu_dereference(keylist->keys[kix]);
405 kflags = key->flags;
406 568
407 /* ignore keys not of this type */ 569/*
408 if (key->type != type) 570 * Search inside a keyring for a key. We can search by walking to it
409 continue; 571 * directly based on its index-key or we can iterate over the entire
572 * tree looking for it, based on the match function.
573 */
574static int search_keyring(struct key *keyring, struct keyring_search_context *ctx)
575{
576 if ((ctx->flags & KEYRING_SEARCH_LOOKUP_TYPE) ==
577 KEYRING_SEARCH_LOOKUP_DIRECT) {
578 const void *object;
579
580 object = assoc_array_find(&keyring->keys,
581 &keyring_assoc_array_ops,
582 &ctx->index_key);
583 return object ? ctx->iterator(object, ctx) : 0;
584 }
585 return assoc_array_iterate(&keyring->keys, ctx->iterator, ctx);
586}
410 587
411 /* skip invalidated, revoked and expired keys */ 588/*
412 if (!no_state_check) { 589 * Search a tree of keyrings that point to other keyrings up to the maximum
413 if (kflags & ((1 << KEY_FLAG_INVALIDATED) | 590 * depth.
414 (1 << KEY_FLAG_REVOKED))) 591 */
415 continue; 592static bool search_nested_keyrings(struct key *keyring,
593 struct keyring_search_context *ctx)
594{
595 struct {
596 struct key *keyring;
597 struct assoc_array_node *node;
598 int slot;
599 } stack[KEYRING_SEARCH_MAX_DEPTH];
416 600
417 if (key->expiry && now.tv_sec >= key->expiry) 601 struct assoc_array_shortcut *shortcut;
418 continue; 602 struct assoc_array_node *node;
419 } 603 struct assoc_array_ptr *ptr;
604 struct key *key;
605 int sp = 0, slot;
420 606
421 /* keys that don't match */ 607 kenter("{%d},{%s,%s}",
422 if (!match(key, description)) 608 keyring->serial,
423 continue; 609 ctx->index_key.type->name,
610 ctx->index_key.description);
424 611
425 /* key must have search permissions */ 612 if (ctx->index_key.description)
426 if (key_task_permission(make_key_ref(key, possessed), 613 ctx->index_key.desc_len = strlen(ctx->index_key.description);
427 cred, KEY_SEARCH) < 0)
428 continue;
429 614
430 if (no_state_check) 615 /* Check to see if this top-level keyring is what we are looking for
616 * and whether it is valid or not.
617 */
618 if (ctx->flags & KEYRING_SEARCH_LOOKUP_ITERATE ||
619 keyring_compare_object(keyring, &ctx->index_key)) {
620 ctx->skipped_ret = 2;
621 ctx->flags |= KEYRING_SEARCH_DO_STATE_CHECK;
622 switch (ctx->iterator(keyring_key_to_ptr(keyring), ctx)) {
623 case 1:
431 goto found; 624 goto found;
432 625 case 2:
433 /* we set a different error code if we pass a negative key */ 626 return false;
434 if (kflags & (1 << KEY_FLAG_NEGATIVE)) { 627 default:
435 err = key->type_data.reject_error; 628 break;
436 continue;
437 } 629 }
630 }
631
632 ctx->skipped_ret = 0;
633 if (ctx->flags & KEYRING_SEARCH_NO_STATE_CHECK)
634 ctx->flags &= ~KEYRING_SEARCH_DO_STATE_CHECK;
438 635
636 /* Start processing a new keyring */
637descend_to_keyring:
638 kdebug("descend to %d", keyring->serial);
639 if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) |
640 (1 << KEY_FLAG_REVOKED)))
641 goto not_this_keyring;
642
643 /* Search through the keys in this keyring before its searching its
644 * subtrees.
645 */
646 if (search_keyring(keyring, ctx))
439 goto found; 647 goto found;
440 }
441 648
442 /* search through the keyrings nested in this one */ 649 /* Then manually iterate through the keyrings nested in this one.
443 kix = 0; 650 *
444ascend: 651 * Start from the root node of the index tree. Because of the way the
445 nkeys = keylist->nkeys; 652 * hash function has been set up, keyrings cluster on the leftmost
446 smp_rmb(); 653 * branch of the root node (root slot 0) or in the root node itself.
447 for (; kix < nkeys; kix++) { 654 * Non-keyrings avoid the leftmost branch of the root entirely (root
448 key = rcu_dereference(keylist->keys[kix]); 655 * slots 1-15).
449 if (key->type != &key_type_keyring) 656 */
450 continue; 657 ptr = ACCESS_ONCE(keyring->keys.root);
658 if (!ptr)
659 goto not_this_keyring;
451 660
452 /* recursively search nested keyrings 661 if (assoc_array_ptr_is_shortcut(ptr)) {
453 * - only search keyrings for which we have search permission 662 /* If the root is a shortcut, either the keyring only contains
663 * keyring pointers (everything clusters behind root slot 0) or
664 * doesn't contain any keyring pointers.
454 */ 665 */
455 if (sp >= KEYRING_SEARCH_MAX_DEPTH) 666 shortcut = assoc_array_ptr_to_shortcut(ptr);
667 smp_read_barrier_depends();
668 if ((shortcut->index_key[0] & ASSOC_ARRAY_FAN_MASK) != 0)
669 goto not_this_keyring;
670
671 ptr = ACCESS_ONCE(shortcut->next_node);
672 node = assoc_array_ptr_to_node(ptr);
673 goto begin_node;
674 }
675
676 node = assoc_array_ptr_to_node(ptr);
677 smp_read_barrier_depends();
678
679 ptr = node->slots[0];
680 if (!assoc_array_ptr_is_meta(ptr))
681 goto begin_node;
682
683descend_to_node:
684 /* Descend to a more distal node in this keyring's content tree and go
685 * through that.
686 */
687 kdebug("descend");
688 if (assoc_array_ptr_is_shortcut(ptr)) {
689 shortcut = assoc_array_ptr_to_shortcut(ptr);
690 smp_read_barrier_depends();
691 ptr = ACCESS_ONCE(shortcut->next_node);
692 BUG_ON(!assoc_array_ptr_is_node(ptr));
693 }
694 node = assoc_array_ptr_to_node(ptr);
695
696begin_node:
697 kdebug("begin_node");
698 smp_read_barrier_depends();
699 slot = 0;
700ascend_to_node:
701 /* Go through the slots in a node */
702 for (; slot < ASSOC_ARRAY_FAN_OUT; slot++) {
703 ptr = ACCESS_ONCE(node->slots[slot]);
704
705 if (assoc_array_ptr_is_meta(ptr) && node->back_pointer)
706 goto descend_to_node;
707
708 if (!keyring_ptr_is_keyring(ptr))
456 continue; 709 continue;
457 710
458 if (key_task_permission(make_key_ref(key, possessed), 711 key = keyring_ptr_to_key(ptr);
459 cred, KEY_SEARCH) < 0) 712
713 if (sp >= KEYRING_SEARCH_MAX_DEPTH) {
714 if (ctx->flags & KEYRING_SEARCH_DETECT_TOO_DEEP) {
715 ctx->result = ERR_PTR(-ELOOP);
716 return false;
717 }
718 goto not_this_keyring;
719 }
720
721 /* Search a nested keyring */
722 if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) &&
723 key_task_permission(make_key_ref(key, ctx->possessed),
724 ctx->cred, KEY_SEARCH) < 0)
460 continue; 725 continue;
461 726
462 /* stack the current position */ 727 /* stack the current position */
463 stack[sp].keyring = keyring; 728 stack[sp].keyring = keyring;
464 stack[sp].keylist = keylist; 729 stack[sp].node = node;
465 stack[sp].kix = kix; 730 stack[sp].slot = slot;
466 sp++; 731 sp++;
467 732
468 /* begin again with the new keyring */ 733 /* begin again with the new keyring */
469 keyring = key; 734 keyring = key;
470 goto descend; 735 goto descend_to_keyring;
471 } 736 }
472 737
473 /* the keyring we're looking at was disqualified or didn't contain a 738 /* We've dealt with all the slots in the current node, so now we need
474 * matching key */ 739 * to ascend to the parent and continue processing there.
740 */
741 ptr = ACCESS_ONCE(node->back_pointer);
742 slot = node->parent_slot;
743
744 if (ptr && assoc_array_ptr_is_shortcut(ptr)) {
745 shortcut = assoc_array_ptr_to_shortcut(ptr);
746 smp_read_barrier_depends();
747 ptr = ACCESS_ONCE(shortcut->back_pointer);
748 slot = shortcut->parent_slot;
749 }
750 if (!ptr)
751 goto not_this_keyring;
752 node = assoc_array_ptr_to_node(ptr);
753 smp_read_barrier_depends();
754 slot++;
755
756 /* If we've ascended to the root (zero backpointer), we must have just
757 * finished processing the leftmost branch rather than the root slots -
758 * so there can't be any more keyrings for us to find.
759 */
760 if (node->back_pointer) {
761 kdebug("ascend %d", slot);
762 goto ascend_to_node;
763 }
764
765 /* The keyring we're looking at was disqualified or didn't contain a
766 * matching key.
767 */
475not_this_keyring: 768not_this_keyring:
476 if (sp > 0) { 769 kdebug("not_this_keyring %d", sp);
477 /* resume the processing of a keyring higher up in the tree */ 770 if (sp <= 0) {
478 sp--; 771 kleave(" = false");
479 keyring = stack[sp].keyring; 772 return false;
480 keylist = stack[sp].keylist;
481 kix = stack[sp].kix + 1;
482 goto ascend;
483 } 773 }
484 774
485 key_ref = ERR_PTR(err); 775 /* Resume the processing of a keyring higher up in the tree */
486 goto error_2; 776 sp--;
777 keyring = stack[sp].keyring;
778 node = stack[sp].node;
779 slot = stack[sp].slot + 1;
780 kdebug("ascend to %d [%d]", keyring->serial, slot);
781 goto ascend_to_node;
487 782
488 /* we found a viable match */ 783 /* We found a viable match */
489found: 784found:
490 atomic_inc(&key->usage); 785 key = key_ref_to_ptr(ctx->result);
491 key->last_used_at = now.tv_sec;
492 keyring->last_used_at = now.tv_sec;
493 while (sp > 0)
494 stack[--sp].keyring->last_used_at = now.tv_sec;
495 key_check(key); 786 key_check(key);
496 key_ref = make_key_ref(key, possessed); 787 if (!(ctx->flags & KEYRING_SEARCH_NO_UPDATE_TIME)) {
497error_2: 788 key->last_used_at = ctx->now.tv_sec;
789 keyring->last_used_at = ctx->now.tv_sec;
790 while (sp > 0)
791 stack[--sp].keyring->last_used_at = ctx->now.tv_sec;
792 }
793 kleave(" = true");
794 return true;
795}
796
797/**
798 * keyring_search_aux - Search a keyring tree for a key matching some criteria
799 * @keyring_ref: A pointer to the keyring with possession indicator.
800 * @ctx: The keyring search context.
801 *
802 * Search the supplied keyring tree for a key that matches the criteria given.
803 * The root keyring and any linked keyrings must grant Search permission to the
804 * caller to be searchable and keys can only be found if they too grant Search
805 * to the caller. The possession flag on the root keyring pointer controls use
806 * of the possessor bits in permissions checking of the entire tree. In
807 * addition, the LSM gets to forbid keyring searches and key matches.
808 *
809 * The search is performed as a breadth-then-depth search up to the prescribed
810 * limit (KEYRING_SEARCH_MAX_DEPTH).
811 *
812 * Keys are matched to the type provided and are then filtered by the match
813 * function, which is given the description to use in any way it sees fit. The
814 * match function may use any attributes of a key that it wishes to to
815 * determine the match. Normally the match function from the key type would be
816 * used.
817 *
818 * RCU can be used to prevent the keyring key lists from disappearing without
819 * the need to take lots of locks.
820 *
821 * Returns a pointer to the found key and increments the key usage count if
822 * successful; -EAGAIN if no matching keys were found, or if expired or revoked
823 * keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the
824 * specified keyring wasn't a keyring.
825 *
826 * In the case of a successful return, the possession attribute from
827 * @keyring_ref is propagated to the returned key reference.
828 */
829key_ref_t keyring_search_aux(key_ref_t keyring_ref,
830 struct keyring_search_context *ctx)
831{
832 struct key *keyring;
833 long err;
834
835 ctx->iterator = keyring_search_iterator;
836 ctx->possessed = is_key_possessed(keyring_ref);
837 ctx->result = ERR_PTR(-EAGAIN);
838
839 keyring = key_ref_to_ptr(keyring_ref);
840 key_check(keyring);
841
842 if (keyring->type != &key_type_keyring)
843 return ERR_PTR(-ENOTDIR);
844
845 if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM)) {
846 err = key_task_permission(keyring_ref, ctx->cred, KEY_SEARCH);
847 if (err < 0)
848 return ERR_PTR(err);
849 }
850
851 rcu_read_lock();
852 ctx->now = current_kernel_time();
853 if (search_nested_keyrings(keyring, ctx))
854 __key_get(key_ref_to_ptr(ctx->result));
498 rcu_read_unlock(); 855 rcu_read_unlock();
499error: 856 return ctx->result;
500 return key_ref;
501} 857}
502 858
503/** 859/**
@@ -507,77 +863,73 @@ error:
507 * @description: The name of the keyring we want to find. 863 * @description: The name of the keyring we want to find.
508 * 864 *
509 * As keyring_search_aux() above, but using the current task's credentials and 865 * As keyring_search_aux() above, but using the current task's credentials and
510 * type's default matching function. 866 * type's default matching function and preferred search method.
511 */ 867 */
512key_ref_t keyring_search(key_ref_t keyring, 868key_ref_t keyring_search(key_ref_t keyring,
513 struct key_type *type, 869 struct key_type *type,
514 const char *description) 870 const char *description)
515{ 871{
516 if (!type->match) 872 struct keyring_search_context ctx = {
873 .index_key.type = type,
874 .index_key.description = description,
875 .cred = current_cred(),
876 .match = type->match,
877 .match_data = description,
878 .flags = (type->def_lookup_type |
879 KEYRING_SEARCH_DO_STATE_CHECK),
880 };
881
882 if (!ctx.match)
517 return ERR_PTR(-ENOKEY); 883 return ERR_PTR(-ENOKEY);
518 884
519 return keyring_search_aux(keyring, current->cred, 885 return keyring_search_aux(keyring, &ctx);
520 type, description, type->match, false);
521} 886}
522EXPORT_SYMBOL(keyring_search); 887EXPORT_SYMBOL(keyring_search);
523 888
524/* 889/*
525 * Search the given keyring only (no recursion). 890 * Search the given keyring for a key that might be updated.
526 * 891 *
527 * The caller must guarantee that the keyring is a keyring and that the 892 * The caller must guarantee that the keyring is a keyring and that the
528 * permission is granted to search the keyring as no check is made here. 893 * permission is granted to modify the keyring as no check is made here. The
529 * 894 * caller must also hold a lock on the keyring semaphore.
530 * RCU is used to make it unnecessary to lock the keyring key list here.
531 * 895 *
532 * Returns a pointer to the found key with usage count incremented if 896 * Returns a pointer to the found key with usage count incremented if
533 * successful and returns -ENOKEY if not found. Revoked keys and keys not 897 * successful and returns NULL if not found. Revoked and invalidated keys are
534 * providing the requested permission are skipped over. 898 * skipped over.
535 * 899 *
536 * If successful, the possession indicator is propagated from the keyring ref 900 * If successful, the possession indicator is propagated from the keyring ref
537 * to the returned key reference. 901 * to the returned key reference.
538 */ 902 */
539key_ref_t __keyring_search_one(key_ref_t keyring_ref, 903key_ref_t find_key_to_update(key_ref_t keyring_ref,
540 const struct key_type *ktype, 904 const struct keyring_index_key *index_key)
541 const char *description,
542 key_perm_t perm)
543{ 905{
544 struct keyring_list *klist;
545 unsigned long possessed;
546 struct key *keyring, *key; 906 struct key *keyring, *key;
547 int nkeys, loop; 907 const void *object;
548 908
549 keyring = key_ref_to_ptr(keyring_ref); 909 keyring = key_ref_to_ptr(keyring_ref);
550 possessed = is_key_possessed(keyring_ref);
551 910
552 rcu_read_lock(); 911 kenter("{%d},{%s,%s}",
912 keyring->serial, index_key->type->name, index_key->description);
553 913
554 klist = rcu_dereference(keyring->payload.subscriptions); 914 object = assoc_array_find(&keyring->keys, &keyring_assoc_array_ops,
555 if (klist) { 915 index_key);
556 nkeys = klist->nkeys;
557 smp_rmb();
558 for (loop = 0; loop < nkeys ; loop++) {
559 key = rcu_dereference(klist->keys[loop]);
560 if (key->type == ktype &&
561 (!key->type->match ||
562 key->type->match(key, description)) &&
563 key_permission(make_key_ref(key, possessed),
564 perm) == 0 &&
565 !(key->flags & ((1 << KEY_FLAG_INVALIDATED) |
566 (1 << KEY_FLAG_REVOKED)))
567 )
568 goto found;
569 }
570 }
571 916
572 rcu_read_unlock(); 917 if (object)
573 return ERR_PTR(-ENOKEY); 918 goto found;
919
920 kleave(" = NULL");
921 return NULL;
574 922
575found: 923found:
576 atomic_inc(&key->usage); 924 key = keyring_ptr_to_key(object);
577 keyring->last_used_at = key->last_used_at = 925 if (key->flags & ((1 << KEY_FLAG_INVALIDATED) |
578 current_kernel_time().tv_sec; 926 (1 << KEY_FLAG_REVOKED))) {
579 rcu_read_unlock(); 927 kleave(" = NULL [x]");
580 return make_key_ref(key, possessed); 928 return NULL;
929 }
930 __key_get(key);
931 kleave(" = {%d}", key->serial);
932 return make_key_ref(key, is_key_possessed(keyring_ref));
581} 933}
582 934
583/* 935/*
@@ -640,6 +992,19 @@ out:
640 return keyring; 992 return keyring;
641} 993}
642 994
995static int keyring_detect_cycle_iterator(const void *object,
996 void *iterator_data)
997{
998 struct keyring_search_context *ctx = iterator_data;
999 const struct key *key = keyring_ptr_to_key(object);
1000
1001 kenter("{%d}", key->serial);
1002
1003 BUG_ON(key != ctx->match_data);
1004 ctx->result = ERR_PTR(-EDEADLK);
1005 return 1;
1006}
1007
643/* 1008/*
644 * See if a cycle will will be created by inserting acyclic tree B in acyclic 1009 * See if a cycle will will be created by inserting acyclic tree B in acyclic
645 * tree A at the topmost level (ie: as a direct child of A). 1010 * tree A at the topmost level (ie: as a direct child of A).
@@ -649,116 +1014,39 @@ out:
649 */ 1014 */
650static int keyring_detect_cycle(struct key *A, struct key *B) 1015static int keyring_detect_cycle(struct key *A, struct key *B)
651{ 1016{
652 struct { 1017 struct keyring_search_context ctx = {
653 struct keyring_list *keylist; 1018 .index_key = A->index_key,
654 int kix; 1019 .match_data = A,
655 } stack[KEYRING_SEARCH_MAX_DEPTH]; 1020 .iterator = keyring_detect_cycle_iterator,
656 1021 .flags = (KEYRING_SEARCH_LOOKUP_DIRECT |
657 struct keyring_list *keylist; 1022 KEYRING_SEARCH_NO_STATE_CHECK |
658 struct key *subtree, *key; 1023 KEYRING_SEARCH_NO_UPDATE_TIME |
659 int sp, nkeys, kix, ret; 1024 KEYRING_SEARCH_NO_CHECK_PERM |
1025 KEYRING_SEARCH_DETECT_TOO_DEEP),
1026 };
660 1027
661 rcu_read_lock(); 1028 rcu_read_lock();
662 1029 search_nested_keyrings(B, &ctx);
663 ret = -EDEADLK;
664 if (A == B)
665 goto cycle_detected;
666
667 subtree = B;
668 sp = 0;
669
670 /* start processing a new keyring */
671descend:
672 if (test_bit(KEY_FLAG_REVOKED, &subtree->flags))
673 goto not_this_keyring;
674
675 keylist = rcu_dereference(subtree->payload.subscriptions);
676 if (!keylist)
677 goto not_this_keyring;
678 kix = 0;
679
680ascend:
681 /* iterate through the remaining keys in this keyring */
682 nkeys = keylist->nkeys;
683 smp_rmb();
684 for (; kix < nkeys; kix++) {
685 key = rcu_dereference(keylist->keys[kix]);
686
687 if (key == A)
688 goto cycle_detected;
689
690 /* recursively check nested keyrings */
691 if (key->type == &key_type_keyring) {
692 if (sp >= KEYRING_SEARCH_MAX_DEPTH)
693 goto too_deep;
694
695 /* stack the current position */
696 stack[sp].keylist = keylist;
697 stack[sp].kix = kix;
698 sp++;
699
700 /* begin again with the new keyring */
701 subtree = key;
702 goto descend;
703 }
704 }
705
706 /* the keyring we're looking at was disqualified or didn't contain a
707 * matching key */
708not_this_keyring:
709 if (sp > 0) {
710 /* resume the checking of a keyring higher up in the tree */
711 sp--;
712 keylist = stack[sp].keylist;
713 kix = stack[sp].kix + 1;
714 goto ascend;
715 }
716
717 ret = 0; /* no cycles detected */
718
719error:
720 rcu_read_unlock(); 1030 rcu_read_unlock();
721 return ret; 1031 return PTR_ERR(ctx.result) == -EAGAIN ? 0 : PTR_ERR(ctx.result);
722
723too_deep:
724 ret = -ELOOP;
725 goto error;
726
727cycle_detected:
728 ret = -EDEADLK;
729 goto error;
730}
731
732/*
733 * Dispose of a keyring list after the RCU grace period, freeing the unlinked
734 * key
735 */
736static void keyring_unlink_rcu_disposal(struct rcu_head *rcu)
737{
738 struct keyring_list *klist =
739 container_of(rcu, struct keyring_list, rcu);
740
741 if (klist->delkey != USHRT_MAX)
742 key_put(rcu_access_pointer(klist->keys[klist->delkey]));
743 kfree(klist);
744} 1032}
745 1033
746/* 1034/*
747 * Preallocate memory so that a key can be linked into to a keyring. 1035 * Preallocate memory so that a key can be linked into to a keyring.
748 */ 1036 */
749int __key_link_begin(struct key *keyring, const struct key_type *type, 1037int __key_link_begin(struct key *keyring,
750 const char *description, unsigned long *_prealloc) 1038 const struct keyring_index_key *index_key,
1039 struct assoc_array_edit **_edit)
751 __acquires(&keyring->sem) 1040 __acquires(&keyring->sem)
752 __acquires(&keyring_serialise_link_sem) 1041 __acquires(&keyring_serialise_link_sem)
753{ 1042{
754 struct keyring_list *klist, *nklist; 1043 struct assoc_array_edit *edit;
755 unsigned long prealloc; 1044 int ret;
756 unsigned max; 1045
757 time_t lowest_lru; 1046 kenter("%d,%s,%s,",
758 size_t size; 1047 keyring->serial, index_key->type->name, index_key->description);
759 int loop, lru, ret;
760 1048
761 kenter("%d,%s,%s,", key_serial(keyring), type->name, description); 1049 BUG_ON(index_key->desc_len == 0);
762 1050
763 if (keyring->type != &key_type_keyring) 1051 if (keyring->type != &key_type_keyring)
764 return -ENOTDIR; 1052 return -ENOTDIR;
@@ -771,100 +1059,39 @@ int __key_link_begin(struct key *keyring, const struct key_type *type,
771 1059
772 /* serialise link/link calls to prevent parallel calls causing a cycle 1060 /* serialise link/link calls to prevent parallel calls causing a cycle
773 * when linking two keyring in opposite orders */ 1061 * when linking two keyring in opposite orders */
774 if (type == &key_type_keyring) 1062 if (index_key->type == &key_type_keyring)
775 down_write(&keyring_serialise_link_sem); 1063 down_write(&keyring_serialise_link_sem);
776 1064
777 klist = rcu_dereference_locked_keyring(keyring); 1065 /* Create an edit script that will insert/replace the key in the
778 1066 * keyring tree.
779 /* see if there's a matching key we can displace */ 1067 */
780 lru = -1; 1068 edit = assoc_array_insert(&keyring->keys,
781 if (klist && klist->nkeys > 0) { 1069 &keyring_assoc_array_ops,
782 lowest_lru = TIME_T_MAX; 1070 index_key,
783 for (loop = klist->nkeys - 1; loop >= 0; loop--) { 1071 NULL);
784 struct key *key = rcu_deref_link_locked(klist, loop, 1072 if (IS_ERR(edit)) {
785 keyring); 1073 ret = PTR_ERR(edit);
786 if (key->type == type &&
787 strcmp(key->description, description) == 0) {
788 /* Found a match - we'll replace the link with
789 * one to the new key. We record the slot
790 * position.
791 */
792 klist->delkey = loop;
793 prealloc = 0;
794 goto done;
795 }
796 if (key->last_used_at < lowest_lru) {
797 lowest_lru = key->last_used_at;
798 lru = loop;
799 }
800 }
801 }
802
803 /* If the keyring is full then do an LRU discard */
804 if (klist &&
805 klist->nkeys == klist->maxkeys &&
806 klist->maxkeys >= MAX_KEYRING_LINKS) {
807 kdebug("LRU discard %d\n", lru);
808 klist->delkey = lru;
809 prealloc = 0;
810 goto done;
811 }
812
813 /* check that we aren't going to overrun the user's quota */
814 ret = key_payload_reserve(keyring,
815 keyring->datalen + KEYQUOTA_LINK_BYTES);
816 if (ret < 0)
817 goto error_sem; 1074 goto error_sem;
1075 }
818 1076
819 if (klist && klist->nkeys < klist->maxkeys) { 1077 /* If we're not replacing a link in-place then we're going to need some
820 /* there's sufficient slack space to append directly */ 1078 * extra quota.
821 klist->delkey = klist->nkeys; 1079 */
822 prealloc = KEY_LINK_FIXQUOTA; 1080 if (!edit->dead_leaf) {
823 } else { 1081 ret = key_payload_reserve(keyring,
824 /* grow the key list */ 1082 keyring->datalen + KEYQUOTA_LINK_BYTES);
825 max = 4; 1083 if (ret < 0)
826 if (klist) { 1084 goto error_cancel;
827 max += klist->maxkeys;
828 if (max > MAX_KEYRING_LINKS)
829 max = MAX_KEYRING_LINKS;
830 BUG_ON(max <= klist->maxkeys);
831 }
832
833 size = sizeof(*klist) + sizeof(struct key *) * max;
834
835 ret = -ENOMEM;
836 nklist = kmalloc(size, GFP_KERNEL);
837 if (!nklist)
838 goto error_quota;
839
840 nklist->maxkeys = max;
841 if (klist) {
842 memcpy(nklist->keys, klist->keys,
843 sizeof(struct key *) * klist->nkeys);
844 nklist->delkey = klist->nkeys;
845 nklist->nkeys = klist->nkeys + 1;
846 klist->delkey = USHRT_MAX;
847 } else {
848 nklist->nkeys = 1;
849 nklist->delkey = 0;
850 }
851
852 /* add the key into the new space */
853 RCU_INIT_POINTER(nklist->keys[nklist->delkey], NULL);
854 prealloc = (unsigned long)nklist | KEY_LINK_FIXQUOTA;
855 } 1085 }
856 1086
857done: 1087 *_edit = edit;
858 *_prealloc = prealloc;
859 kleave(" = 0"); 1088 kleave(" = 0");
860 return 0; 1089 return 0;
861 1090
862error_quota: 1091error_cancel:
863 /* undo the quota changes */ 1092 assoc_array_cancel_edit(edit);
864 key_payload_reserve(keyring,
865 keyring->datalen - KEYQUOTA_LINK_BYTES);
866error_sem: 1093error_sem:
867 if (type == &key_type_keyring) 1094 if (index_key->type == &key_type_keyring)
868 up_write(&keyring_serialise_link_sem); 1095 up_write(&keyring_serialise_link_sem);
869error_krsem: 1096error_krsem:
870 up_write(&keyring->sem); 1097 up_write(&keyring->sem);
@@ -895,60 +1122,12 @@ int __key_link_check_live_key(struct key *keyring, struct key *key)
895 * holds at most one link to any given key of a particular type+description 1122 * holds at most one link to any given key of a particular type+description
896 * combination. 1123 * combination.
897 */ 1124 */
898void __key_link(struct key *keyring, struct key *key, 1125void __key_link(struct key *key, struct assoc_array_edit **_edit)
899 unsigned long *_prealloc)
900{ 1126{
901 struct keyring_list *klist, *nklist; 1127 __key_get(key);
902 struct key *discard; 1128 assoc_array_insert_set_object(*_edit, keyring_key_to_ptr(key));
903 1129 assoc_array_apply_edit(*_edit);
904 nklist = (struct keyring_list *)(*_prealloc & ~KEY_LINK_FIXQUOTA); 1130 *_edit = NULL;
905 *_prealloc = 0;
906
907 kenter("%d,%d,%p", keyring->serial, key->serial, nklist);
908
909 klist = rcu_dereference_locked_keyring(keyring);
910
911 atomic_inc(&key->usage);
912 keyring->last_used_at = key->last_used_at =
913 current_kernel_time().tv_sec;
914
915 /* there's a matching key we can displace or an empty slot in a newly
916 * allocated list we can fill */
917 if (nklist) {
918 kdebug("reissue %hu/%hu/%hu",
919 nklist->delkey, nklist->nkeys, nklist->maxkeys);
920
921 RCU_INIT_POINTER(nklist->keys[nklist->delkey], key);
922
923 rcu_assign_pointer(keyring->payload.subscriptions, nklist);
924
925 /* dispose of the old keyring list and, if there was one, the
926 * displaced key */
927 if (klist) {
928 kdebug("dispose %hu/%hu/%hu",
929 klist->delkey, klist->nkeys, klist->maxkeys);
930 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
931 }
932 } else if (klist->delkey < klist->nkeys) {
933 kdebug("replace %hu/%hu/%hu",
934 klist->delkey, klist->nkeys, klist->maxkeys);
935
936 discard = rcu_dereference_protected(
937 klist->keys[klist->delkey],
938 rwsem_is_locked(&keyring->sem));
939 rcu_assign_pointer(klist->keys[klist->delkey], key);
940 /* The garbage collector will take care of RCU
941 * synchronisation */
942 key_put(discard);
943 } else {
944 /* there's sufficient slack space to append directly */
945 kdebug("append %hu/%hu/%hu",
946 klist->delkey, klist->nkeys, klist->maxkeys);
947
948 RCU_INIT_POINTER(klist->keys[klist->delkey], key);
949 smp_wmb();
950 klist->nkeys++;
951 }
952} 1131}
953 1132
954/* 1133/*
@@ -956,24 +1135,22 @@ void __key_link(struct key *keyring, struct key *key,
956 * 1135 *
957 * Must be called with __key_link_begin() having being called. 1136 * Must be called with __key_link_begin() having being called.
958 */ 1137 */
959void __key_link_end(struct key *keyring, struct key_type *type, 1138void __key_link_end(struct key *keyring,
960 unsigned long prealloc) 1139 const struct keyring_index_key *index_key,
1140 struct assoc_array_edit *edit)
961 __releases(&keyring->sem) 1141 __releases(&keyring->sem)
962 __releases(&keyring_serialise_link_sem) 1142 __releases(&keyring_serialise_link_sem)
963{ 1143{
964 BUG_ON(type == NULL); 1144 BUG_ON(index_key->type == NULL);
965 BUG_ON(type->name == NULL); 1145 kenter("%d,%s,", keyring->serial, index_key->type->name);
966 kenter("%d,%s,%lx", keyring->serial, type->name, prealloc);
967 1146
968 if (type == &key_type_keyring) 1147 if (index_key->type == &key_type_keyring)
969 up_write(&keyring_serialise_link_sem); 1148 up_write(&keyring_serialise_link_sem);
970 1149
971 if (prealloc) { 1150 if (edit && !edit->dead_leaf) {
972 if (prealloc & KEY_LINK_FIXQUOTA) 1151 key_payload_reserve(keyring,
973 key_payload_reserve(keyring, 1152 keyring->datalen - KEYQUOTA_LINK_BYTES);
974 keyring->datalen - 1153 assoc_array_cancel_edit(edit);
975 KEYQUOTA_LINK_BYTES);
976 kfree((struct keyring_list *)(prealloc & ~KEY_LINK_FIXQUOTA));
977 } 1154 }
978 up_write(&keyring->sem); 1155 up_write(&keyring->sem);
979} 1156}
@@ -1000,20 +1177,28 @@ void __key_link_end(struct key *keyring, struct key_type *type,
1000 */ 1177 */
1001int key_link(struct key *keyring, struct key *key) 1178int key_link(struct key *keyring, struct key *key)
1002{ 1179{
1003 unsigned long prealloc; 1180 struct assoc_array_edit *edit;
1004 int ret; 1181 int ret;
1005 1182
1183 kenter("{%d,%d}", keyring->serial, atomic_read(&keyring->usage));
1184
1006 key_check(keyring); 1185 key_check(keyring);
1007 key_check(key); 1186 key_check(key);
1008 1187
1009 ret = __key_link_begin(keyring, key->type, key->description, &prealloc); 1188 if (test_bit(KEY_FLAG_TRUSTED_ONLY, &keyring->flags) &&
1189 !test_bit(KEY_FLAG_TRUSTED, &key->flags))
1190 return -EPERM;
1191
1192 ret = __key_link_begin(keyring, &key->index_key, &edit);
1010 if (ret == 0) { 1193 if (ret == 0) {
1194 kdebug("begun {%d,%d}", keyring->serial, atomic_read(&keyring->usage));
1011 ret = __key_link_check_live_key(keyring, key); 1195 ret = __key_link_check_live_key(keyring, key);
1012 if (ret == 0) 1196 if (ret == 0)
1013 __key_link(keyring, key, &prealloc); 1197 __key_link(key, &edit);
1014 __key_link_end(keyring, key->type, prealloc); 1198 __key_link_end(keyring, &key->index_key, edit);
1015 } 1199 }
1016 1200
1201 kleave(" = %d {%d,%d}", ret, keyring->serial, atomic_read(&keyring->usage));
1017 return ret; 1202 return ret;
1018} 1203}
1019EXPORT_SYMBOL(key_link); 1204EXPORT_SYMBOL(key_link);
@@ -1037,90 +1222,37 @@ EXPORT_SYMBOL(key_link);
1037 */ 1222 */
1038int key_unlink(struct key *keyring, struct key *key) 1223int key_unlink(struct key *keyring, struct key *key)
1039{ 1224{
1040 struct keyring_list *klist, *nklist; 1225 struct assoc_array_edit *edit;
1041 int loop, ret; 1226 int ret;
1042 1227
1043 key_check(keyring); 1228 key_check(keyring);
1044 key_check(key); 1229 key_check(key);
1045 1230
1046 ret = -ENOTDIR;
1047 if (keyring->type != &key_type_keyring) 1231 if (keyring->type != &key_type_keyring)
1048 goto error; 1232 return -ENOTDIR;
1049 1233
1050 down_write(&keyring->sem); 1234 down_write(&keyring->sem);
1051 1235
1052 klist = rcu_dereference_locked_keyring(keyring); 1236 edit = assoc_array_delete(&keyring->keys, &keyring_assoc_array_ops,
1053 if (klist) { 1237 &key->index_key);
1054 /* search the keyring for the key */ 1238 if (IS_ERR(edit)) {
1055 for (loop = 0; loop < klist->nkeys; loop++) 1239 ret = PTR_ERR(edit);
1056 if (rcu_access_pointer(klist->keys[loop]) == key) 1240 goto error;
1057 goto key_is_present;
1058 } 1241 }
1059
1060 up_write(&keyring->sem);
1061 ret = -ENOENT; 1242 ret = -ENOENT;
1062 goto error; 1243 if (edit == NULL)
1063 1244 goto error;
1064key_is_present:
1065 /* we need to copy the key list for RCU purposes */
1066 nklist = kmalloc(sizeof(*klist) +
1067 sizeof(struct key *) * klist->maxkeys,
1068 GFP_KERNEL);
1069 if (!nklist)
1070 goto nomem;
1071 nklist->maxkeys = klist->maxkeys;
1072 nklist->nkeys = klist->nkeys - 1;
1073
1074 if (loop > 0)
1075 memcpy(&nklist->keys[0],
1076 &klist->keys[0],
1077 loop * sizeof(struct key *));
1078
1079 if (loop < nklist->nkeys)
1080 memcpy(&nklist->keys[loop],
1081 &klist->keys[loop + 1],
1082 (nklist->nkeys - loop) * sizeof(struct key *));
1083
1084 /* adjust the user's quota */
1085 key_payload_reserve(keyring,
1086 keyring->datalen - KEYQUOTA_LINK_BYTES);
1087
1088 rcu_assign_pointer(keyring->payload.subscriptions, nklist);
1089
1090 up_write(&keyring->sem);
1091
1092 /* schedule for later cleanup */
1093 klist->delkey = loop;
1094 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
1095 1245
1246 assoc_array_apply_edit(edit);
1247 key_payload_reserve(keyring, keyring->datalen - KEYQUOTA_LINK_BYTES);
1096 ret = 0; 1248 ret = 0;
1097 1249
1098error: 1250error:
1099 return ret;
1100nomem:
1101 ret = -ENOMEM;
1102 up_write(&keyring->sem); 1251 up_write(&keyring->sem);
1103 goto error; 1252 return ret;
1104} 1253}
1105EXPORT_SYMBOL(key_unlink); 1254EXPORT_SYMBOL(key_unlink);
1106 1255
1107/*
1108 * Dispose of a keyring list after the RCU grace period, releasing the keys it
1109 * links to.
1110 */
1111static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
1112{
1113 struct keyring_list *klist;
1114 int loop;
1115
1116 klist = container_of(rcu, struct keyring_list, rcu);
1117
1118 for (loop = klist->nkeys - 1; loop >= 0; loop--)
1119 key_put(rcu_access_pointer(klist->keys[loop]));
1120
1121 kfree(klist);
1122}
1123
1124/** 1256/**
1125 * keyring_clear - Clear a keyring 1257 * keyring_clear - Clear a keyring
1126 * @keyring: The keyring to clear. 1258 * @keyring: The keyring to clear.
@@ -1131,33 +1263,25 @@ static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
1131 */ 1263 */
1132int keyring_clear(struct key *keyring) 1264int keyring_clear(struct key *keyring)
1133{ 1265{
1134 struct keyring_list *klist; 1266 struct assoc_array_edit *edit;
1135 int ret; 1267 int ret;
1136 1268
1137 ret = -ENOTDIR; 1269 if (keyring->type != &key_type_keyring)
1138 if (keyring->type == &key_type_keyring) { 1270 return -ENOTDIR;
1139 /* detach the pointer block with the locks held */
1140 down_write(&keyring->sem);
1141
1142 klist = rcu_dereference_locked_keyring(keyring);
1143 if (klist) {
1144 /* adjust the quota */
1145 key_payload_reserve(keyring,
1146 sizeof(struct keyring_list));
1147
1148 rcu_assign_pointer(keyring->payload.subscriptions,
1149 NULL);
1150 }
1151
1152 up_write(&keyring->sem);
1153 1271
1154 /* free the keys after the locks have been dropped */ 1272 down_write(&keyring->sem);
1155 if (klist)
1156 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1157 1273
1274 edit = assoc_array_clear(&keyring->keys, &keyring_assoc_array_ops);
1275 if (IS_ERR(edit)) {
1276 ret = PTR_ERR(edit);
1277 } else {
1278 if (edit)
1279 assoc_array_apply_edit(edit);
1280 key_payload_reserve(keyring, 0);
1158 ret = 0; 1281 ret = 0;
1159 } 1282 }
1160 1283
1284 up_write(&keyring->sem);
1161 return ret; 1285 return ret;
1162} 1286}
1163EXPORT_SYMBOL(keyring_clear); 1287EXPORT_SYMBOL(keyring_clear);
@@ -1169,111 +1293,68 @@ EXPORT_SYMBOL(keyring_clear);
1169 */ 1293 */
1170static void keyring_revoke(struct key *keyring) 1294static void keyring_revoke(struct key *keyring)
1171{ 1295{
1172 struct keyring_list *klist; 1296 struct assoc_array_edit *edit;
1297
1298 edit = assoc_array_clear(&keyring->keys, &keyring_assoc_array_ops);
1299 if (!IS_ERR(edit)) {
1300 if (edit)
1301 assoc_array_apply_edit(edit);
1302 key_payload_reserve(keyring, 0);
1303 }
1304}
1305
1306static bool keyring_gc_select_iterator(void *object, void *iterator_data)
1307{
1308 struct key *key = keyring_ptr_to_key(object);
1309 time_t *limit = iterator_data;
1173 1310
1174 klist = rcu_dereference_locked_keyring(keyring); 1311 if (key_is_dead(key, *limit))
1312 return false;
1313 key_get(key);
1314 return true;
1315}
1175 1316
1176 /* adjust the quota */ 1317static int keyring_gc_check_iterator(const void *object, void *iterator_data)
1177 key_payload_reserve(keyring, 0); 1318{
1319 const struct key *key = keyring_ptr_to_key(object);
1320 time_t *limit = iterator_data;
1178 1321
1179 if (klist) { 1322 key_check(key);
1180 rcu_assign_pointer(keyring->payload.subscriptions, NULL); 1323 return key_is_dead(key, *limit);
1181 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1182 }
1183} 1324}
1184 1325
1185/* 1326/*
1186 * Collect garbage from the contents of a keyring, replacing the old list with 1327 * Garbage collect pointers from a keyring.
1187 * a new one with the pointers all shuffled down.
1188 * 1328 *
1189 * Dead keys are classed as oned that are flagged as being dead or are revoked, 1329 * Not called with any locks held. The keyring's key struct will not be
1190 * expired or negative keys that were revoked or expired before the specified 1330 * deallocated under us as only our caller may deallocate it.
1191 * limit.
1192 */ 1331 */
1193void keyring_gc(struct key *keyring, time_t limit) 1332void keyring_gc(struct key *keyring, time_t limit)
1194{ 1333{
1195 struct keyring_list *klist, *new; 1334 int result;
1196 struct key *key;
1197 int loop, keep, max;
1198
1199 kenter("{%x,%s}", key_serial(keyring), keyring->description);
1200
1201 down_write(&keyring->sem);
1202
1203 klist = rcu_dereference_locked_keyring(keyring);
1204 if (!klist)
1205 goto no_klist;
1206
1207 /* work out how many subscriptions we're keeping */
1208 keep = 0;
1209 for (loop = klist->nkeys - 1; loop >= 0; loop--)
1210 if (!key_is_dead(rcu_deref_link_locked(klist, loop, keyring),
1211 limit))
1212 keep++;
1213
1214 if (keep == klist->nkeys)
1215 goto just_return;
1216
1217 /* allocate a new keyring payload */
1218 max = roundup(keep, 4);
1219 new = kmalloc(sizeof(struct keyring_list) + max * sizeof(struct key *),
1220 GFP_KERNEL);
1221 if (!new)
1222 goto nomem;
1223 new->maxkeys = max;
1224 new->nkeys = 0;
1225 new->delkey = 0;
1226
1227 /* install the live keys
1228 * - must take care as expired keys may be updated back to life
1229 */
1230 keep = 0;
1231 for (loop = klist->nkeys - 1; loop >= 0; loop--) {
1232 key = rcu_deref_link_locked(klist, loop, keyring);
1233 if (!key_is_dead(key, limit)) {
1234 if (keep >= max)
1235 goto discard_new;
1236 RCU_INIT_POINTER(new->keys[keep++], key_get(key));
1237 }
1238 }
1239 new->nkeys = keep;
1240
1241 /* adjust the quota */
1242 key_payload_reserve(keyring,
1243 sizeof(struct keyring_list) +
1244 KEYQUOTA_LINK_BYTES * keep);
1245 1335
1246 if (keep == 0) { 1336 kenter("%x{%s}", keyring->serial, keyring->description ?: "");
1247 rcu_assign_pointer(keyring->payload.subscriptions, NULL);
1248 kfree(new);
1249 } else {
1250 rcu_assign_pointer(keyring->payload.subscriptions, new);
1251 }
1252 1337
1253 up_write(&keyring->sem); 1338 if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) |
1339 (1 << KEY_FLAG_REVOKED)))
1340 goto dont_gc;
1254 1341
1255 call_rcu(&klist->rcu, keyring_clear_rcu_disposal); 1342 /* scan the keyring looking for dead keys */
1256 kleave(" [yes]"); 1343 rcu_read_lock();
1257 return; 1344 result = assoc_array_iterate(&keyring->keys,
1258 1345 keyring_gc_check_iterator, &limit);
1259discard_new: 1346 rcu_read_unlock();
1260 new->nkeys = keep; 1347 if (result == true)
1261 keyring_clear_rcu_disposal(&new->rcu); 1348 goto do_gc;
1262 up_write(&keyring->sem);
1263 kleave(" [discard]");
1264 return;
1265
1266just_return:
1267 up_write(&keyring->sem);
1268 kleave(" [no dead]");
1269 return;
1270 1349
1271no_klist: 1350dont_gc:
1272 up_write(&keyring->sem); 1351 kleave(" [no gc]");
1273 kleave(" [no_klist]");
1274 return; 1352 return;
1275 1353
1276nomem: 1354do_gc:
1355 down_write(&keyring->sem);
1356 assoc_array_gc(&keyring->keys, &keyring_assoc_array_ops,
1357 keyring_gc_select_iterator, &limit);
1277 up_write(&keyring->sem); 1358 up_write(&keyring->sem);
1278 kleave(" [oom]"); 1359 kleave(" [gc]");
1279} 1360}
diff --git a/security/keys/persistent.c b/security/keys/persistent.c
new file mode 100644
index 000000000000..0ad3ee283781
--- /dev/null
+++ b/security/keys/persistent.c
@@ -0,0 +1,167 @@
1/* General persistent per-UID keyrings register
2 *
3 * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#include <linux/user_namespace.h>
13#include "internal.h"
14
15unsigned persistent_keyring_expiry = 3 * 24 * 3600; /* Expire after 3 days of non-use */
16
17/*
18 * Create the persistent keyring register for the current user namespace.
19 *
20 * Called with the namespace's sem locked for writing.
21 */
22static int key_create_persistent_register(struct user_namespace *ns)
23{
24 struct key *reg = keyring_alloc(".persistent_register",
25 KUIDT_INIT(0), KGIDT_INIT(0),
26 current_cred(),
27 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
28 KEY_USR_VIEW | KEY_USR_READ),
29 KEY_ALLOC_NOT_IN_QUOTA, NULL);
30 if (IS_ERR(reg))
31 return PTR_ERR(reg);
32
33 ns->persistent_keyring_register = reg;
34 return 0;
35}
36
37/*
38 * Create the persistent keyring for the specified user.
39 *
40 * Called with the namespace's sem locked for writing.
41 */
42static key_ref_t key_create_persistent(struct user_namespace *ns, kuid_t uid,
43 struct keyring_index_key *index_key)
44{
45 struct key *persistent;
46 key_ref_t reg_ref, persistent_ref;
47
48 if (!ns->persistent_keyring_register) {
49 long err = key_create_persistent_register(ns);
50 if (err < 0)
51 return ERR_PTR(err);
52 } else {
53 reg_ref = make_key_ref(ns->persistent_keyring_register, true);
54 persistent_ref = find_key_to_update(reg_ref, index_key);
55 if (persistent_ref)
56 return persistent_ref;
57 }
58
59 persistent = keyring_alloc(index_key->description,
60 uid, INVALID_GID, current_cred(),
61 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
62 KEY_USR_VIEW | KEY_USR_READ),
63 KEY_ALLOC_NOT_IN_QUOTA,
64 ns->persistent_keyring_register);
65 if (IS_ERR(persistent))
66 return ERR_CAST(persistent);
67
68 return make_key_ref(persistent, true);
69}
70
71/*
72 * Get the persistent keyring for a specific UID and link it to the nominated
73 * keyring.
74 */
75static long key_get_persistent(struct user_namespace *ns, kuid_t uid,
76 key_ref_t dest_ref)
77{
78 struct keyring_index_key index_key;
79 struct key *persistent;
80 key_ref_t reg_ref, persistent_ref;
81 char buf[32];
82 long ret;
83
84 /* Look in the register if it exists */
85 index_key.type = &key_type_keyring;
86 index_key.description = buf;
87 index_key.desc_len = sprintf(buf, "_persistent.%u", from_kuid(ns, uid));
88
89 if (ns->persistent_keyring_register) {
90 reg_ref = make_key_ref(ns->persistent_keyring_register, true);
91 down_read(&ns->persistent_keyring_register_sem);
92 persistent_ref = find_key_to_update(reg_ref, &index_key);
93 up_read(&ns->persistent_keyring_register_sem);
94
95 if (persistent_ref)
96 goto found;
97 }
98
99 /* It wasn't in the register, so we'll need to create it. We might
100 * also need to create the register.
101 */
102 down_write(&ns->persistent_keyring_register_sem);
103 persistent_ref = key_create_persistent(ns, uid, &index_key);
104 up_write(&ns->persistent_keyring_register_sem);
105 if (!IS_ERR(persistent_ref))
106 goto found;
107
108 return PTR_ERR(persistent_ref);
109
110found:
111 ret = key_task_permission(persistent_ref, current_cred(), KEY_LINK);
112 if (ret == 0) {
113 persistent = key_ref_to_ptr(persistent_ref);
114 ret = key_link(key_ref_to_ptr(dest_ref), persistent);
115 if (ret == 0) {
116 key_set_timeout(persistent, persistent_keyring_expiry);
117 ret = persistent->serial;
118 }
119 }
120
121 key_ref_put(persistent_ref);
122 return ret;
123}
124
125/*
126 * Get the persistent keyring for a specific UID and link it to the nominated
127 * keyring.
128 */
129long keyctl_get_persistent(uid_t _uid, key_serial_t destid)
130{
131 struct user_namespace *ns = current_user_ns();
132 key_ref_t dest_ref;
133 kuid_t uid;
134 long ret;
135
136 /* -1 indicates the current user */
137 if (_uid == (uid_t)-1) {
138 uid = current_uid();
139 } else {
140 uid = make_kuid(ns, _uid);
141 if (!uid_valid(uid))
142 return -EINVAL;
143
144 /* You can only see your own persistent cache if you're not
145 * sufficiently privileged.
146 */
147 if (!uid_eq(uid, current_uid()) &&
148 !uid_eq(uid, current_euid()) &&
149 !ns_capable(ns, CAP_SETUID))
150 return -EPERM;
151 }
152
153 /* There must be a destination keyring */
154 dest_ref = lookup_user_key(destid, KEY_LOOKUP_CREATE, KEY_WRITE);
155 if (IS_ERR(dest_ref))
156 return PTR_ERR(dest_ref);
157 if (key_ref_to_ptr(dest_ref)->type != &key_type_keyring) {
158 ret = -ENOTDIR;
159 goto out_put_dest;
160 }
161
162 ret = key_get_persistent(ns, uid, dest_ref);
163
164out_put_dest:
165 key_ref_put(dest_ref);
166 return ret;
167}
diff --git a/security/keys/proc.c b/security/keys/proc.c
index 217b6855e815..88e9a466940f 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -182,7 +182,6 @@ static void proc_keys_stop(struct seq_file *p, void *v)
182 182
183static int proc_keys_show(struct seq_file *m, void *v) 183static int proc_keys_show(struct seq_file *m, void *v)
184{ 184{
185 const struct cred *cred = current_cred();
186 struct rb_node *_p = v; 185 struct rb_node *_p = v;
187 struct key *key = rb_entry(_p, struct key, serial_node); 186 struct key *key = rb_entry(_p, struct key, serial_node);
188 struct timespec now; 187 struct timespec now;
@@ -191,15 +190,23 @@ static int proc_keys_show(struct seq_file *m, void *v)
191 char xbuf[12]; 190 char xbuf[12];
192 int rc; 191 int rc;
193 192
193 struct keyring_search_context ctx = {
194 .index_key.type = key->type,
195 .index_key.description = key->description,
196 .cred = current_cred(),
197 .match = lookup_user_key_possessed,
198 .match_data = key,
199 .flags = (KEYRING_SEARCH_NO_STATE_CHECK |
200 KEYRING_SEARCH_LOOKUP_DIRECT),
201 };
202
194 key_ref = make_key_ref(key, 0); 203 key_ref = make_key_ref(key, 0);
195 204
196 /* determine if the key is possessed by this process (a test we can 205 /* determine if the key is possessed by this process (a test we can
197 * skip if the key does not indicate the possessor can view it 206 * skip if the key does not indicate the possessor can view it
198 */ 207 */
199 if (key->perm & KEY_POS_VIEW) { 208 if (key->perm & KEY_POS_VIEW) {
200 skey_ref = search_my_process_keyrings(key->type, key, 209 skey_ref = search_my_process_keyrings(&ctx);
201 lookup_user_key_possessed,
202 true, cred);
203 if (!IS_ERR(skey_ref)) { 210 if (!IS_ERR(skey_ref)) {
204 key_ref_put(skey_ref); 211 key_ref_put(skey_ref);
205 key_ref = make_key_ref(key, 1); 212 key_ref = make_key_ref(key, 1);
@@ -211,7 +218,7 @@ static int proc_keys_show(struct seq_file *m, void *v)
211 * - the caller holds a spinlock, and thus the RCU read lock, making our 218 * - the caller holds a spinlock, and thus the RCU read lock, making our
212 * access to __current_cred() safe 219 * access to __current_cred() safe
213 */ 220 */
214 rc = key_task_permission(key_ref, cred, KEY_VIEW); 221 rc = key_task_permission(key_ref, ctx.cred, KEY_VIEW);
215 if (rc < 0) 222 if (rc < 0)
216 return 0; 223 return 0;
217 224
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 42defae1e161..0cf8a130a267 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -235,7 +235,7 @@ int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
235 if (IS_ERR(keyring)) 235 if (IS_ERR(keyring))
236 return PTR_ERR(keyring); 236 return PTR_ERR(keyring);
237 } else { 237 } else {
238 atomic_inc(&keyring->usage); 238 __key_get(keyring);
239 } 239 }
240 240
241 /* install the keyring */ 241 /* install the keyring */
@@ -319,11 +319,7 @@ void key_fsgid_changed(struct task_struct *tsk)
319 * In the case of a successful return, the possession attribute is set on the 319 * In the case of a successful return, the possession attribute is set on the
320 * returned key reference. 320 * returned key reference.
321 */ 321 */
322key_ref_t search_my_process_keyrings(struct key_type *type, 322key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
323 const void *description,
324 key_match_func_t match,
325 bool no_state_check,
326 const struct cred *cred)
327{ 323{
328 key_ref_t key_ref, ret, err; 324 key_ref_t key_ref, ret, err;
329 325
@@ -339,10 +335,9 @@ key_ref_t search_my_process_keyrings(struct key_type *type,
339 err = ERR_PTR(-EAGAIN); 335 err = ERR_PTR(-EAGAIN);
340 336
341 /* search the thread keyring first */ 337 /* search the thread keyring first */
342 if (cred->thread_keyring) { 338 if (ctx->cred->thread_keyring) {
343 key_ref = keyring_search_aux( 339 key_ref = keyring_search_aux(
344 make_key_ref(cred->thread_keyring, 1), 340 make_key_ref(ctx->cred->thread_keyring, 1), ctx);
345 cred, type, description, match, no_state_check);
346 if (!IS_ERR(key_ref)) 341 if (!IS_ERR(key_ref))
347 goto found; 342 goto found;
348 343
@@ -358,10 +353,9 @@ key_ref_t search_my_process_keyrings(struct key_type *type,
358 } 353 }
359 354
360 /* search the process keyring second */ 355 /* search the process keyring second */
361 if (cred->process_keyring) { 356 if (ctx->cred->process_keyring) {
362 key_ref = keyring_search_aux( 357 key_ref = keyring_search_aux(
363 make_key_ref(cred->process_keyring, 1), 358 make_key_ref(ctx->cred->process_keyring, 1), ctx);
364 cred, type, description, match, no_state_check);
365 if (!IS_ERR(key_ref)) 359 if (!IS_ERR(key_ref))
366 goto found; 360 goto found;
367 361
@@ -379,11 +373,11 @@ key_ref_t search_my_process_keyrings(struct key_type *type,
379 } 373 }
380 374
381 /* search the session keyring */ 375 /* search the session keyring */
382 if (cred->session_keyring) { 376 if (ctx->cred->session_keyring) {
383 rcu_read_lock(); 377 rcu_read_lock();
384 key_ref = keyring_search_aux( 378 key_ref = keyring_search_aux(
385 make_key_ref(rcu_dereference(cred->session_keyring), 1), 379 make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1),
386 cred, type, description, match, no_state_check); 380 ctx);
387 rcu_read_unlock(); 381 rcu_read_unlock();
388 382
389 if (!IS_ERR(key_ref)) 383 if (!IS_ERR(key_ref))
@@ -402,10 +396,10 @@ key_ref_t search_my_process_keyrings(struct key_type *type,
402 } 396 }
403 } 397 }
404 /* or search the user-session keyring */ 398 /* or search the user-session keyring */
405 else if (cred->user->session_keyring) { 399 else if (ctx->cred->user->session_keyring) {
406 key_ref = keyring_search_aux( 400 key_ref = keyring_search_aux(
407 make_key_ref(cred->user->session_keyring, 1), 401 make_key_ref(ctx->cred->user->session_keyring, 1),
408 cred, type, description, match, no_state_check); 402 ctx);
409 if (!IS_ERR(key_ref)) 403 if (!IS_ERR(key_ref))
410 goto found; 404 goto found;
411 405
@@ -437,18 +431,14 @@ found:
437 * 431 *
438 * Return same as search_my_process_keyrings(). 432 * Return same as search_my_process_keyrings().
439 */ 433 */
440key_ref_t search_process_keyrings(struct key_type *type, 434key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
441 const void *description,
442 key_match_func_t match,
443 const struct cred *cred)
444{ 435{
445 struct request_key_auth *rka; 436 struct request_key_auth *rka;
446 key_ref_t key_ref, ret = ERR_PTR(-EACCES), err; 437 key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
447 438
448 might_sleep(); 439 might_sleep();
449 440
450 key_ref = search_my_process_keyrings(type, description, match, 441 key_ref = search_my_process_keyrings(ctx);
451 false, cred);
452 if (!IS_ERR(key_ref)) 442 if (!IS_ERR(key_ref))
453 goto found; 443 goto found;
454 err = key_ref; 444 err = key_ref;
@@ -457,18 +447,21 @@ key_ref_t search_process_keyrings(struct key_type *type,
457 * search the keyrings of the process mentioned there 447 * search the keyrings of the process mentioned there
458 * - we don't permit access to request_key auth keys via this method 448 * - we don't permit access to request_key auth keys via this method
459 */ 449 */
460 if (cred->request_key_auth && 450 if (ctx->cred->request_key_auth &&
461 cred == current_cred() && 451 ctx->cred == current_cred() &&
462 type != &key_type_request_key_auth 452 ctx->index_key.type != &key_type_request_key_auth
463 ) { 453 ) {
454 const struct cred *cred = ctx->cred;
455
464 /* defend against the auth key being revoked */ 456 /* defend against the auth key being revoked */
465 down_read(&cred->request_key_auth->sem); 457 down_read(&cred->request_key_auth->sem);
466 458
467 if (key_validate(cred->request_key_auth) == 0) { 459 if (key_validate(ctx->cred->request_key_auth) == 0) {
468 rka = cred->request_key_auth->payload.data; 460 rka = ctx->cred->request_key_auth->payload.data;
469 461
470 key_ref = search_process_keyrings(type, description, 462 ctx->cred = rka->cred;
471 match, rka->cred); 463 key_ref = search_process_keyrings(ctx);
464 ctx->cred = cred;
472 465
473 up_read(&cred->request_key_auth->sem); 466 up_read(&cred->request_key_auth->sem);
474 467
@@ -522,19 +515,23 @@ int lookup_user_key_possessed(const struct key *key, const void *target)
522key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, 515key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
523 key_perm_t perm) 516 key_perm_t perm)
524{ 517{
518 struct keyring_search_context ctx = {
519 .match = lookup_user_key_possessed,
520 .flags = (KEYRING_SEARCH_NO_STATE_CHECK |
521 KEYRING_SEARCH_LOOKUP_DIRECT),
522 };
525 struct request_key_auth *rka; 523 struct request_key_auth *rka;
526 const struct cred *cred;
527 struct key *key; 524 struct key *key;
528 key_ref_t key_ref, skey_ref; 525 key_ref_t key_ref, skey_ref;
529 int ret; 526 int ret;
530 527
531try_again: 528try_again:
532 cred = get_current_cred(); 529 ctx.cred = get_current_cred();
533 key_ref = ERR_PTR(-ENOKEY); 530 key_ref = ERR_PTR(-ENOKEY);
534 531
535 switch (id) { 532 switch (id) {
536 case KEY_SPEC_THREAD_KEYRING: 533 case KEY_SPEC_THREAD_KEYRING:
537 if (!cred->thread_keyring) { 534 if (!ctx.cred->thread_keyring) {
538 if (!(lflags & KEY_LOOKUP_CREATE)) 535 if (!(lflags & KEY_LOOKUP_CREATE))
539 goto error; 536 goto error;
540 537
@@ -546,13 +543,13 @@ try_again:
546 goto reget_creds; 543 goto reget_creds;
547 } 544 }
548 545
549 key = cred->thread_keyring; 546 key = ctx.cred->thread_keyring;
550 atomic_inc(&key->usage); 547 __key_get(key);
551 key_ref = make_key_ref(key, 1); 548 key_ref = make_key_ref(key, 1);
552 break; 549 break;
553 550
554 case KEY_SPEC_PROCESS_KEYRING: 551 case KEY_SPEC_PROCESS_KEYRING:
555 if (!cred->process_keyring) { 552 if (!ctx.cred->process_keyring) {
556 if (!(lflags & KEY_LOOKUP_CREATE)) 553 if (!(lflags & KEY_LOOKUP_CREATE))
557 goto error; 554 goto error;
558 555
@@ -564,13 +561,13 @@ try_again:
564 goto reget_creds; 561 goto reget_creds;
565 } 562 }
566 563
567 key = cred->process_keyring; 564 key = ctx.cred->process_keyring;
568 atomic_inc(&key->usage); 565 __key_get(key);
569 key_ref = make_key_ref(key, 1); 566 key_ref = make_key_ref(key, 1);
570 break; 567 break;
571 568
572 case KEY_SPEC_SESSION_KEYRING: 569 case KEY_SPEC_SESSION_KEYRING:
573 if (!cred->session_keyring) { 570 if (!ctx.cred->session_keyring) {
574 /* always install a session keyring upon access if one 571 /* always install a session keyring upon access if one
575 * doesn't exist yet */ 572 * doesn't exist yet */
576 ret = install_user_keyrings(); 573 ret = install_user_keyrings();
@@ -580,13 +577,13 @@ try_again:
580 ret = join_session_keyring(NULL); 577 ret = join_session_keyring(NULL);
581 else 578 else
582 ret = install_session_keyring( 579 ret = install_session_keyring(
583 cred->user->session_keyring); 580 ctx.cred->user->session_keyring);
584 581
585 if (ret < 0) 582 if (ret < 0)
586 goto error; 583 goto error;
587 goto reget_creds; 584 goto reget_creds;
588 } else if (cred->session_keyring == 585 } else if (ctx.cred->session_keyring ==
589 cred->user->session_keyring && 586 ctx.cred->user->session_keyring &&
590 lflags & KEY_LOOKUP_CREATE) { 587 lflags & KEY_LOOKUP_CREATE) {
591 ret = join_session_keyring(NULL); 588 ret = join_session_keyring(NULL);
592 if (ret < 0) 589 if (ret < 0)
@@ -595,33 +592,33 @@ try_again:
595 } 592 }
596 593
597 rcu_read_lock(); 594 rcu_read_lock();
598 key = rcu_dereference(cred->session_keyring); 595 key = rcu_dereference(ctx.cred->session_keyring);
599 atomic_inc(&key->usage); 596 __key_get(key);
600 rcu_read_unlock(); 597 rcu_read_unlock();
601 key_ref = make_key_ref(key, 1); 598 key_ref = make_key_ref(key, 1);
602 break; 599 break;
603 600
604 case KEY_SPEC_USER_KEYRING: 601 case KEY_SPEC_USER_KEYRING:
605 if (!cred->user->uid_keyring) { 602 if (!ctx.cred->user->uid_keyring) {
606 ret = install_user_keyrings(); 603 ret = install_user_keyrings();
607 if (ret < 0) 604 if (ret < 0)
608 goto error; 605 goto error;
609 } 606 }
610 607
611 key = cred->user->uid_keyring; 608 key = ctx.cred->user->uid_keyring;
612 atomic_inc(&key->usage); 609 __key_get(key);
613 key_ref = make_key_ref(key, 1); 610 key_ref = make_key_ref(key, 1);
614 break; 611 break;
615 612
616 case KEY_SPEC_USER_SESSION_KEYRING: 613 case KEY_SPEC_USER_SESSION_KEYRING:
617 if (!cred->user->session_keyring) { 614 if (!ctx.cred->user->session_keyring) {
618 ret = install_user_keyrings(); 615 ret = install_user_keyrings();
619 if (ret < 0) 616 if (ret < 0)
620 goto error; 617 goto error;
621 } 618 }
622 619
623 key = cred->user->session_keyring; 620 key = ctx.cred->user->session_keyring;
624 atomic_inc(&key->usage); 621 __key_get(key);
625 key_ref = make_key_ref(key, 1); 622 key_ref = make_key_ref(key, 1);
626 break; 623 break;
627 624
@@ -631,29 +628,29 @@ try_again:
631 goto error; 628 goto error;
632 629
633 case KEY_SPEC_REQKEY_AUTH_KEY: 630 case KEY_SPEC_REQKEY_AUTH_KEY:
634 key = cred->request_key_auth; 631 key = ctx.cred->request_key_auth;
635 if (!key) 632 if (!key)
636 goto error; 633 goto error;
637 634
638 atomic_inc(&key->usage); 635 __key_get(key);
639 key_ref = make_key_ref(key, 1); 636 key_ref = make_key_ref(key, 1);
640 break; 637 break;
641 638
642 case KEY_SPEC_REQUESTOR_KEYRING: 639 case KEY_SPEC_REQUESTOR_KEYRING:
643 if (!cred->request_key_auth) 640 if (!ctx.cred->request_key_auth)
644 goto error; 641 goto error;
645 642
646 down_read(&cred->request_key_auth->sem); 643 down_read(&ctx.cred->request_key_auth->sem);
647 if (test_bit(KEY_FLAG_REVOKED, 644 if (test_bit(KEY_FLAG_REVOKED,
648 &cred->request_key_auth->flags)) { 645 &ctx.cred->request_key_auth->flags)) {
649 key_ref = ERR_PTR(-EKEYREVOKED); 646 key_ref = ERR_PTR(-EKEYREVOKED);
650 key = NULL; 647 key = NULL;
651 } else { 648 } else {
652 rka = cred->request_key_auth->payload.data; 649 rka = ctx.cred->request_key_auth->payload.data;
653 key = rka->dest_keyring; 650 key = rka->dest_keyring;
654 atomic_inc(&key->usage); 651 __key_get(key);
655 } 652 }
656 up_read(&cred->request_key_auth->sem); 653 up_read(&ctx.cred->request_key_auth->sem);
657 if (!key) 654 if (!key)
658 goto error; 655 goto error;
659 key_ref = make_key_ref(key, 1); 656 key_ref = make_key_ref(key, 1);
@@ -673,9 +670,13 @@ try_again:
673 key_ref = make_key_ref(key, 0); 670 key_ref = make_key_ref(key, 0);
674 671
675 /* check to see if we possess the key */ 672 /* check to see if we possess the key */
676 skey_ref = search_process_keyrings(key->type, key, 673 ctx.index_key.type = key->type;
677 lookup_user_key_possessed, 674 ctx.index_key.description = key->description;
678 cred); 675 ctx.index_key.desc_len = strlen(key->description);
676 ctx.match_data = key;
677 kdebug("check possessed");
678 skey_ref = search_process_keyrings(&ctx);
679 kdebug("possessed=%p", skey_ref);
679 680
680 if (!IS_ERR(skey_ref)) { 681 if (!IS_ERR(skey_ref)) {
681 key_put(key); 682 key_put(key);
@@ -715,14 +716,14 @@ try_again:
715 goto invalid_key; 716 goto invalid_key;
716 717
717 /* check the permissions */ 718 /* check the permissions */
718 ret = key_task_permission(key_ref, cred, perm); 719 ret = key_task_permission(key_ref, ctx.cred, perm);
719 if (ret < 0) 720 if (ret < 0)
720 goto invalid_key; 721 goto invalid_key;
721 722
722 key->last_used_at = current_kernel_time().tv_sec; 723 key->last_used_at = current_kernel_time().tv_sec;
723 724
724error: 725error:
725 put_cred(cred); 726 put_cred(ctx.cred);
726 return key_ref; 727 return key_ref;
727 728
728invalid_key: 729invalid_key:
@@ -733,7 +734,7 @@ invalid_key:
733 /* if we attempted to install a keyring, then it may have caused new 734 /* if we attempted to install a keyring, then it may have caused new
734 * creds to be installed */ 735 * creds to be installed */
735reget_creds: 736reget_creds:
736 put_cred(cred); 737 put_cred(ctx.cred);
737 goto try_again; 738 goto try_again;
738} 739}
739 740
@@ -856,3 +857,13 @@ void key_change_session_keyring(struct callback_head *twork)
856 857
857 commit_creds(new); 858 commit_creds(new);
858} 859}
860
861/*
862 * Make sure that root's user and user-session keyrings exist.
863 */
864static int __init init_root_keyring(void)
865{
866 return install_user_keyrings();
867}
868
869late_initcall(init_root_keyring);
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index c411f9bb156b..381411941cc1 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -345,33 +345,34 @@ static void construct_get_dest_keyring(struct key **_dest_keyring)
345 * May return a key that's already under construction instead if there was a 345 * May return a key that's already under construction instead if there was a
346 * race between two thread calling request_key(). 346 * race between two thread calling request_key().
347 */ 347 */
348static int construct_alloc_key(struct key_type *type, 348static int construct_alloc_key(struct keyring_search_context *ctx,
349 const char *description,
350 struct key *dest_keyring, 349 struct key *dest_keyring,
351 unsigned long flags, 350 unsigned long flags,
352 struct key_user *user, 351 struct key_user *user,
353 struct key **_key) 352 struct key **_key)
354{ 353{
355 const struct cred *cred = current_cred(); 354 struct assoc_array_edit *edit;
356 unsigned long prealloc;
357 struct key *key; 355 struct key *key;
358 key_perm_t perm; 356 key_perm_t perm;
359 key_ref_t key_ref; 357 key_ref_t key_ref;
360 int ret; 358 int ret;
361 359
362 kenter("%s,%s,,,", type->name, description); 360 kenter("%s,%s,,,",
361 ctx->index_key.type->name, ctx->index_key.description);
363 362
364 *_key = NULL; 363 *_key = NULL;
365 mutex_lock(&user->cons_lock); 364 mutex_lock(&user->cons_lock);
366 365
367 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; 366 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
368 perm |= KEY_USR_VIEW; 367 perm |= KEY_USR_VIEW;
369 if (type->read) 368 if (ctx->index_key.type->read)
370 perm |= KEY_POS_READ; 369 perm |= KEY_POS_READ;
371 if (type == &key_type_keyring || type->update) 370 if (ctx->index_key.type == &key_type_keyring ||
371 ctx->index_key.type->update)
372 perm |= KEY_POS_WRITE; 372 perm |= KEY_POS_WRITE;
373 373
374 key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred, 374 key = key_alloc(ctx->index_key.type, ctx->index_key.description,
375 ctx->cred->fsuid, ctx->cred->fsgid, ctx->cred,
375 perm, flags); 376 perm, flags);
376 if (IS_ERR(key)) 377 if (IS_ERR(key))
377 goto alloc_failed; 378 goto alloc_failed;
@@ -379,8 +380,7 @@ static int construct_alloc_key(struct key_type *type,
379 set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); 380 set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
380 381
381 if (dest_keyring) { 382 if (dest_keyring) {
382 ret = __key_link_begin(dest_keyring, type, description, 383 ret = __key_link_begin(dest_keyring, &ctx->index_key, &edit);
383 &prealloc);
384 if (ret < 0) 384 if (ret < 0)
385 goto link_prealloc_failed; 385 goto link_prealloc_failed;
386 } 386 }
@@ -390,16 +390,16 @@ static int construct_alloc_key(struct key_type *type,
390 * waited for locks */ 390 * waited for locks */
391 mutex_lock(&key_construction_mutex); 391 mutex_lock(&key_construction_mutex);
392 392
393 key_ref = search_process_keyrings(type, description, type->match, cred); 393 key_ref = search_process_keyrings(ctx);
394 if (!IS_ERR(key_ref)) 394 if (!IS_ERR(key_ref))
395 goto key_already_present; 395 goto key_already_present;
396 396
397 if (dest_keyring) 397 if (dest_keyring)
398 __key_link(dest_keyring, key, &prealloc); 398 __key_link(key, &edit);
399 399
400 mutex_unlock(&key_construction_mutex); 400 mutex_unlock(&key_construction_mutex);
401 if (dest_keyring) 401 if (dest_keyring)
402 __key_link_end(dest_keyring, type, prealloc); 402 __key_link_end(dest_keyring, &ctx->index_key, edit);
403 mutex_unlock(&user->cons_lock); 403 mutex_unlock(&user->cons_lock);
404 *_key = key; 404 *_key = key;
405 kleave(" = 0 [%d]", key_serial(key)); 405 kleave(" = 0 [%d]", key_serial(key));
@@ -414,8 +414,8 @@ key_already_present:
414 if (dest_keyring) { 414 if (dest_keyring) {
415 ret = __key_link_check_live_key(dest_keyring, key); 415 ret = __key_link_check_live_key(dest_keyring, key);
416 if (ret == 0) 416 if (ret == 0)
417 __key_link(dest_keyring, key, &prealloc); 417 __key_link(key, &edit);
418 __key_link_end(dest_keyring, type, prealloc); 418 __key_link_end(dest_keyring, &ctx->index_key, edit);
419 if (ret < 0) 419 if (ret < 0)
420 goto link_check_failed; 420 goto link_check_failed;
421 } 421 }
@@ -444,8 +444,7 @@ alloc_failed:
444/* 444/*
445 * Commence key construction. 445 * Commence key construction.
446 */ 446 */
447static struct key *construct_key_and_link(struct key_type *type, 447static struct key *construct_key_and_link(struct keyring_search_context *ctx,
448 const char *description,
449 const char *callout_info, 448 const char *callout_info,
450 size_t callout_len, 449 size_t callout_len,
451 void *aux, 450 void *aux,
@@ -464,8 +463,7 @@ static struct key *construct_key_and_link(struct key_type *type,
464 463
465 construct_get_dest_keyring(&dest_keyring); 464 construct_get_dest_keyring(&dest_keyring);
466 465
467 ret = construct_alloc_key(type, description, dest_keyring, flags, user, 466 ret = construct_alloc_key(ctx, dest_keyring, flags, user, &key);
468 &key);
469 key_user_put(user); 467 key_user_put(user);
470 468
471 if (ret == 0) { 469 if (ret == 0) {
@@ -529,17 +527,24 @@ struct key *request_key_and_link(struct key_type *type,
529 struct key *dest_keyring, 527 struct key *dest_keyring,
530 unsigned long flags) 528 unsigned long flags)
531{ 529{
532 const struct cred *cred = current_cred(); 530 struct keyring_search_context ctx = {
531 .index_key.type = type,
532 .index_key.description = description,
533 .cred = current_cred(),
534 .match = type->match,
535 .match_data = description,
536 .flags = KEYRING_SEARCH_LOOKUP_DIRECT,
537 };
533 struct key *key; 538 struct key *key;
534 key_ref_t key_ref; 539 key_ref_t key_ref;
535 int ret; 540 int ret;
536 541
537 kenter("%s,%s,%p,%zu,%p,%p,%lx", 542 kenter("%s,%s,%p,%zu,%p,%p,%lx",
538 type->name, description, callout_info, callout_len, aux, 543 ctx.index_key.type->name, ctx.index_key.description,
539 dest_keyring, flags); 544 callout_info, callout_len, aux, dest_keyring, flags);
540 545
541 /* search all the process keyrings for a key */ 546 /* search all the process keyrings for a key */
542 key_ref = search_process_keyrings(type, description, type->match, cred); 547 key_ref = search_process_keyrings(&ctx);
543 548
544 if (!IS_ERR(key_ref)) { 549 if (!IS_ERR(key_ref)) {
545 key = key_ref_to_ptr(key_ref); 550 key = key_ref_to_ptr(key_ref);
@@ -562,9 +567,8 @@ struct key *request_key_and_link(struct key_type *type,
562 if (!callout_info) 567 if (!callout_info)
563 goto error; 568 goto error;
564 569
565 key = construct_key_and_link(type, description, callout_info, 570 key = construct_key_and_link(&ctx, callout_info, callout_len,
566 callout_len, aux, dest_keyring, 571 aux, dest_keyring, flags);
567 flags);
568 } 572 }
569 573
570error: 574error:
@@ -592,8 +596,10 @@ int wait_for_key_construction(struct key *key, bool intr)
592 intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE); 596 intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
593 if (ret < 0) 597 if (ret < 0)
594 return ret; 598 return ret;
595 if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) 599 if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
600 smp_rmb();
596 return key->type_data.reject_error; 601 return key->type_data.reject_error;
602 }
597 return key_validate(key); 603 return key_validate(key);
598} 604}
599EXPORT_SYMBOL(wait_for_key_construction); 605EXPORT_SYMBOL(wait_for_key_construction);
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index 85730d5a5a59..7495a93b4b90 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -18,6 +18,7 @@
18#include <linux/slab.h> 18#include <linux/slab.h>
19#include <asm/uaccess.h> 19#include <asm/uaccess.h>
20#include "internal.h" 20#include "internal.h"
21#include <keys/user-type.h>
21 22
22static int request_key_auth_instantiate(struct key *, 23static int request_key_auth_instantiate(struct key *,
23 struct key_preparsed_payload *); 24 struct key_preparsed_payload *);
@@ -222,32 +223,26 @@ error_alloc:
222} 223}
223 224
224/* 225/*
225 * See if an authorisation key is associated with a particular key.
226 */
227static int key_get_instantiation_authkey_match(const struct key *key,
228 const void *_id)
229{
230 struct request_key_auth *rka = key->payload.data;
231 key_serial_t id = (key_serial_t)(unsigned long) _id;
232
233 return rka->target_key->serial == id;
234}
235
236/*
237 * Search the current process's keyrings for the authorisation key for 226 * Search the current process's keyrings for the authorisation key for
238 * instantiation of a key. 227 * instantiation of a key.
239 */ 228 */
240struct key *key_get_instantiation_authkey(key_serial_t target_id) 229struct key *key_get_instantiation_authkey(key_serial_t target_id)
241{ 230{
242 const struct cred *cred = current_cred(); 231 char description[16];
232 struct keyring_search_context ctx = {
233 .index_key.type = &key_type_request_key_auth,
234 .index_key.description = description,
235 .cred = current_cred(),
236 .match = user_match,
237 .match_data = description,
238 .flags = KEYRING_SEARCH_LOOKUP_DIRECT,
239 };
243 struct key *authkey; 240 struct key *authkey;
244 key_ref_t authkey_ref; 241 key_ref_t authkey_ref;
245 242
246 authkey_ref = search_process_keyrings( 243 sprintf(description, "%x", target_id);
247 &key_type_request_key_auth, 244
248 (void *) (unsigned long) target_id, 245 authkey_ref = search_process_keyrings(&ctx);
249 key_get_instantiation_authkey_match,
250 cred);
251 246
252 if (IS_ERR(authkey_ref)) { 247 if (IS_ERR(authkey_ref)) {
253 authkey = ERR_CAST(authkey_ref); 248 authkey = ERR_CAST(authkey_ref);
diff --git a/security/keys/sysctl.c b/security/keys/sysctl.c
index ee32d181764a..8c0af08760c8 100644
--- a/security/keys/sysctl.c
+++ b/security/keys/sysctl.c
@@ -61,5 +61,16 @@ ctl_table key_sysctls[] = {
61 .extra1 = (void *) &zero, 61 .extra1 = (void *) &zero,
62 .extra2 = (void *) &max, 62 .extra2 = (void *) &max,
63 }, 63 },
64#ifdef CONFIG_PERSISTENT_KEYRINGS
65 {
66 .procname = "persistent_keyring_expiry",
67 .data = &persistent_keyring_expiry,
68 .maxlen = sizeof(unsigned),
69 .mode = 0644,
70 .proc_handler = proc_dointvec_minmax,
71 .extra1 = (void *) &zero,
72 .extra2 = (void *) &max,
73 },
74#endif
64 { } 75 { }
65}; 76};
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index 55dc88939185..faa2caeb593f 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -25,14 +25,15 @@ static int logon_vet_description(const char *desc);
25 * arbitrary blob of data as the payload 25 * arbitrary blob of data as the payload
26 */ 26 */
27struct key_type key_type_user = { 27struct key_type key_type_user = {
28 .name = "user", 28 .name = "user",
29 .instantiate = user_instantiate, 29 .def_lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
30 .update = user_update, 30 .instantiate = user_instantiate,
31 .match = user_match, 31 .update = user_update,
32 .revoke = user_revoke, 32 .match = user_match,
33 .destroy = user_destroy, 33 .revoke = user_revoke,
34 .describe = user_describe, 34 .destroy = user_destroy,
35 .read = user_read, 35 .describe = user_describe,
36 .read = user_read,
36}; 37};
37 38
38EXPORT_SYMBOL_GPL(key_type_user); 39EXPORT_SYMBOL_GPL(key_type_user);
@@ -45,6 +46,7 @@ EXPORT_SYMBOL_GPL(key_type_user);
45 */ 46 */
46struct key_type key_type_logon = { 47struct key_type key_type_logon = {
47 .name = "logon", 48 .name = "logon",
49 .def_lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
48 .instantiate = user_instantiate, 50 .instantiate = user_instantiate,
49 .update = user_update, 51 .update = user_update,
50 .match = user_match, 52 .match = user_match,
generated by cgit v1.2.2 (git 2.25.0) at 2026-04-08 14:32:18 -0400