| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | /* Basic authentication token and access key management | 
|  | 2 | * | 
|  | 3 | * Copyright (C) 2004-2008 Red Hat, Inc. All Rights Reserved. | 
|  | 4 | * Written by David Howells (dhowells@redhat.com) | 
|  | 5 | * | 
|  | 6 | * This program is free software; you can redistribute it and/or | 
|  | 7 | * modify it under the terms of the GNU General Public License | 
|  | 8 | * as published by the Free Software Foundation; either version | 
|  | 9 | * 2 of the License, or (at your option) any later version. | 
|  | 10 | */ | 
|  | 11 |  | 
|  | 12 | #include <linux/module.h> | 
|  | 13 | #include <linux/init.h> | 
|  | 14 | #include <linux/poison.h> | 
|  | 15 | #include <linux/sched.h> | 
|  | 16 | #include <linux/slab.h> | 
|  | 17 | #include <linux/security.h> | 
|  | 18 | #include <linux/workqueue.h> | 
|  | 19 | #include <linux/random.h> | 
|  | 20 | #include <linux/err.h> | 
|  | 21 | #include <linux/user_namespace.h> | 
|  | 22 | #include "internal.h" | 
|  | 23 |  | 
|  | 24 | struct kmem_cache *key_jar; | 
|  | 25 | struct rb_root		key_serial_tree; /* tree of keys indexed by serial */ | 
|  | 26 | DEFINE_SPINLOCK(key_serial_lock); | 
|  | 27 |  | 
|  | 28 | struct rb_root	key_user_tree; /* tree of quota records indexed by UID */ | 
|  | 29 | DEFINE_SPINLOCK(key_user_lock); | 
|  | 30 |  | 
|  | 31 | unsigned int key_quota_root_maxkeys = 200;	/* root's key count quota */ | 
|  | 32 | unsigned int key_quota_root_maxbytes = 20000;	/* root's key space quota */ | 
|  | 33 | unsigned int key_quota_maxkeys = 200;		/* general key count quota */ | 
|  | 34 | unsigned int key_quota_maxbytes = 20000;	/* general key space quota */ | 
|  | 35 |  | 
|  | 36 | static LIST_HEAD(key_types_list); | 
|  | 37 | static DECLARE_RWSEM(key_types_sem); | 
|  | 38 |  | 
|  | 39 | /* We serialise key instantiation and link */ | 
|  | 40 | DEFINE_MUTEX(key_construction_mutex); | 
|  | 41 |  | 
|  | 42 | #ifdef KEY_DEBUGGING | 
|  | 43 | void __key_check(const struct key *key) | 
|  | 44 | { | 
|  | 45 | printk("__key_check: key %p {%08x} should be {%08x}\n", | 
|  | 46 | key, key->magic, KEY_DEBUG_MAGIC); | 
|  | 47 | BUG(); | 
|  | 48 | } | 
|  | 49 | #endif | 
|  | 50 |  | 
|  | 51 | /* | 
|  | 52 | * Get the key quota record for a user, allocating a new record if one doesn't | 
|  | 53 | * already exist. | 
|  | 54 | */ | 
|  | 55 | struct key_user *key_user_lookup(uid_t uid, struct user_namespace *user_ns) | 
|  | 56 | { | 
|  | 57 | struct key_user *candidate = NULL, *user; | 
|  | 58 | struct rb_node *parent = NULL; | 
|  | 59 | struct rb_node **p; | 
|  | 60 |  | 
|  | 61 | try_again: | 
|  | 62 | p = &key_user_tree.rb_node; | 
|  | 63 | spin_lock(&key_user_lock); | 
|  | 64 |  | 
|  | 65 | /* search the tree for a user record with a matching UID */ | 
|  | 66 | while (*p) { | 
|  | 67 | parent = *p; | 
|  | 68 | user = rb_entry(parent, struct key_user, node); | 
|  | 69 |  | 
|  | 70 | if (uid < user->uid) | 
|  | 71 | p = &(*p)->rb_left; | 
|  | 72 | else if (uid > user->uid) | 
|  | 73 | p = &(*p)->rb_right; | 
|  | 74 | else if (user_ns < user->user_ns) | 
|  | 75 | p = &(*p)->rb_left; | 
|  | 76 | else if (user_ns > user->user_ns) | 
|  | 77 | p = &(*p)->rb_right; | 
|  | 78 | else | 
|  | 79 | goto found; | 
|  | 80 | } | 
|  | 81 |  | 
|  | 82 | /* if we get here, we failed to find a match in the tree */ | 
|  | 83 | if (!candidate) { | 
|  | 84 | /* allocate a candidate user record if we don't already have | 
|  | 85 | * one */ | 
|  | 86 | spin_unlock(&key_user_lock); | 
|  | 87 |  | 
|  | 88 | user = NULL; | 
|  | 89 | candidate = kmalloc(sizeof(struct key_user), GFP_KERNEL); | 
|  | 90 | if (unlikely(!candidate)) | 
|  | 91 | goto out; | 
|  | 92 |  | 
|  | 93 | /* the allocation may have scheduled, so we need to repeat the | 
|  | 94 | * search lest someone else added the record whilst we were | 
|  | 95 | * asleep */ | 
|  | 96 | goto try_again; | 
|  | 97 | } | 
|  | 98 |  | 
|  | 99 | /* if we get here, then the user record still hadn't appeared on the | 
|  | 100 | * second pass - so we use the candidate record */ | 
|  | 101 | atomic_set(&candidate->usage, 1); | 
|  | 102 | atomic_set(&candidate->nkeys, 0); | 
|  | 103 | atomic_set(&candidate->nikeys, 0); | 
|  | 104 | candidate->uid = uid; | 
|  | 105 | candidate->user_ns = get_user_ns(user_ns); | 
|  | 106 | candidate->qnkeys = 0; | 
|  | 107 | candidate->qnbytes = 0; | 
|  | 108 | spin_lock_init(&candidate->lock); | 
|  | 109 | mutex_init(&candidate->cons_lock); | 
|  | 110 |  | 
|  | 111 | rb_link_node(&candidate->node, parent, p); | 
|  | 112 | rb_insert_color(&candidate->node, &key_user_tree); | 
|  | 113 | spin_unlock(&key_user_lock); | 
|  | 114 | user = candidate; | 
|  | 115 | goto out; | 
|  | 116 |  | 
|  | 117 | /* okay - we found a user record for this UID */ | 
|  | 118 | found: | 
|  | 119 | atomic_inc(&user->usage); | 
|  | 120 | spin_unlock(&key_user_lock); | 
|  | 121 | kfree(candidate); | 
|  | 122 | out: | 
|  | 123 | return user; | 
|  | 124 | } | 
|  | 125 |  | 
|  | 126 | /* | 
|  | 127 | * Dispose of a user structure | 
|  | 128 | */ | 
|  | 129 | void key_user_put(struct key_user *user) | 
|  | 130 | { | 
|  | 131 | if (atomic_dec_and_lock(&user->usage, &key_user_lock)) { | 
|  | 132 | rb_erase(&user->node, &key_user_tree); | 
|  | 133 | spin_unlock(&key_user_lock); | 
|  | 134 | put_user_ns(user->user_ns); | 
|  | 135 |  | 
|  | 136 | kfree(user); | 
|  | 137 | } | 
|  | 138 | } | 
|  | 139 |  | 
|  | 140 | /* | 
|  | 141 | * Allocate a serial number for a key.  These are assigned randomly to avoid | 
|  | 142 | * security issues through covert channel problems. | 
|  | 143 | */ | 
|  | 144 | static inline void key_alloc_serial(struct key *key) | 
|  | 145 | { | 
|  | 146 | struct rb_node *parent, **p; | 
|  | 147 | struct key *xkey; | 
|  | 148 |  | 
|  | 149 | /* propose a random serial number and look for a hole for it in the | 
|  | 150 | * serial number tree */ | 
|  | 151 | do { | 
|  | 152 | get_random_bytes(&key->serial, sizeof(key->serial)); | 
|  | 153 |  | 
|  | 154 | key->serial >>= 1; /* negative numbers are not permitted */ | 
|  | 155 | } while (key->serial < 3); | 
|  | 156 |  | 
|  | 157 | spin_lock(&key_serial_lock); | 
|  | 158 |  | 
|  | 159 | attempt_insertion: | 
|  | 160 | parent = NULL; | 
|  | 161 | p = &key_serial_tree.rb_node; | 
|  | 162 |  | 
|  | 163 | while (*p) { | 
|  | 164 | parent = *p; | 
|  | 165 | xkey = rb_entry(parent, struct key, serial_node); | 
|  | 166 |  | 
|  | 167 | if (key->serial < xkey->serial) | 
|  | 168 | p = &(*p)->rb_left; | 
|  | 169 | else if (key->serial > xkey->serial) | 
|  | 170 | p = &(*p)->rb_right; | 
|  | 171 | else | 
|  | 172 | goto serial_exists; | 
|  | 173 | } | 
|  | 174 |  | 
|  | 175 | /* we've found a suitable hole - arrange for this key to occupy it */ | 
|  | 176 | rb_link_node(&key->serial_node, parent, p); | 
|  | 177 | rb_insert_color(&key->serial_node, &key_serial_tree); | 
|  | 178 |  | 
|  | 179 | spin_unlock(&key_serial_lock); | 
|  | 180 | return; | 
|  | 181 |  | 
|  | 182 | /* we found a key with the proposed serial number - walk the tree from | 
|  | 183 | * that point looking for the next unused serial number */ | 
|  | 184 | serial_exists: | 
|  | 185 | for (;;) { | 
|  | 186 | key->serial++; | 
|  | 187 | if (key->serial < 3) { | 
|  | 188 | key->serial = 3; | 
|  | 189 | goto attempt_insertion; | 
|  | 190 | } | 
|  | 191 |  | 
|  | 192 | parent = rb_next(parent); | 
|  | 193 | if (!parent) | 
|  | 194 | goto attempt_insertion; | 
|  | 195 |  | 
|  | 196 | xkey = rb_entry(parent, struct key, serial_node); | 
|  | 197 | if (key->serial < xkey->serial) | 
|  | 198 | goto attempt_insertion; | 
|  | 199 | } | 
|  | 200 | } | 
|  | 201 |  | 
|  | 202 | /** | 
|  | 203 | * key_alloc - Allocate a key of the specified type. | 
|  | 204 | * @type: The type of key to allocate. | 
|  | 205 | * @desc: The key description to allow the key to be searched out. | 
|  | 206 | * @uid: The owner of the new key. | 
|  | 207 | * @gid: The group ID for the new key's group permissions. | 
|  | 208 | * @cred: The credentials specifying UID namespace. | 
|  | 209 | * @perm: The permissions mask of the new key. | 
|  | 210 | * @flags: Flags specifying quota properties. | 
|  | 211 | * | 
|  | 212 | * Allocate a key of the specified type with the attributes given.  The key is | 
|  | 213 | * returned in an uninstantiated state and the caller needs to instantiate the | 
|  | 214 | * key before returning. | 
|  | 215 | * | 
|  | 216 | * The user's key count quota is updated to reflect the creation of the key and | 
|  | 217 | * the user's key data quota has the default for the key type reserved.  The | 
|  | 218 | * instantiation function should amend this as necessary.  If insufficient | 
|  | 219 | * quota is available, -EDQUOT will be returned. | 
|  | 220 | * | 
|  | 221 | * The LSM security modules can prevent a key being created, in which case | 
|  | 222 | * -EACCES will be returned. | 
|  | 223 | * | 
|  | 224 | * Returns a pointer to the new key if successful and an error code otherwise. | 
|  | 225 | * | 
|  | 226 | * Note that the caller needs to ensure the key type isn't uninstantiated. | 
|  | 227 | * Internally this can be done by locking key_types_sem.  Externally, this can | 
|  | 228 | * be done by either never unregistering the key type, or making sure | 
|  | 229 | * key_alloc() calls don't race with module unloading. | 
|  | 230 | */ | 
|  | 231 | struct key *key_alloc(struct key_type *type, const char *desc, | 
|  | 232 | uid_t uid, gid_t gid, const struct cred *cred, | 
|  | 233 | key_perm_t perm, unsigned long flags) | 
|  | 234 | { | 
|  | 235 | struct key_user *user = NULL; | 
|  | 236 | struct key *key; | 
|  | 237 | size_t desclen, quotalen; | 
|  | 238 | int ret; | 
|  | 239 |  | 
|  | 240 | key = ERR_PTR(-EINVAL); | 
|  | 241 | if (!desc || !*desc) | 
|  | 242 | goto error; | 
|  | 243 |  | 
|  | 244 | if (type->vet_description) { | 
|  | 245 | ret = type->vet_description(desc); | 
|  | 246 | if (ret < 0) { | 
|  | 247 | key = ERR_PTR(ret); | 
|  | 248 | goto error; | 
|  | 249 | } | 
|  | 250 | } | 
|  | 251 |  | 
|  | 252 | desclen = strlen(desc) + 1; | 
|  | 253 | quotalen = desclen + type->def_datalen; | 
|  | 254 |  | 
|  | 255 | /* get hold of the key tracking for this user */ | 
|  | 256 | user = key_user_lookup(uid, cred->user->user_ns); | 
|  | 257 | if (!user) | 
|  | 258 | goto no_memory_1; | 
|  | 259 |  | 
|  | 260 | /* check that the user's quota permits allocation of another key and | 
|  | 261 | * its description */ | 
|  | 262 | if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) { | 
|  | 263 | unsigned maxkeys = (uid == 0) ? | 
|  | 264 | key_quota_root_maxkeys : key_quota_maxkeys; | 
|  | 265 | unsigned maxbytes = (uid == 0) ? | 
|  | 266 | key_quota_root_maxbytes : key_quota_maxbytes; | 
|  | 267 |  | 
|  | 268 | spin_lock(&user->lock); | 
|  | 269 | if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) { | 
|  | 270 | if (user->qnkeys + 1 >= maxkeys || | 
|  | 271 | user->qnbytes + quotalen >= maxbytes || | 
|  | 272 | user->qnbytes + quotalen < user->qnbytes) | 
|  | 273 | goto no_quota; | 
|  | 274 | } | 
|  | 275 |  | 
|  | 276 | user->qnkeys++; | 
|  | 277 | user->qnbytes += quotalen; | 
|  | 278 | spin_unlock(&user->lock); | 
|  | 279 | } | 
|  | 280 |  | 
|  | 281 | /* allocate and initialise the key and its description */ | 
|  | 282 | key = kmem_cache_alloc(key_jar, GFP_KERNEL); | 
|  | 283 | if (!key) | 
|  | 284 | goto no_memory_2; | 
|  | 285 |  | 
|  | 286 | if (desc) { | 
|  | 287 | key->description = kmemdup(desc, desclen, GFP_KERNEL); | 
|  | 288 | if (!key->description) | 
|  | 289 | goto no_memory_3; | 
|  | 290 | } | 
|  | 291 |  | 
|  | 292 | atomic_set(&key->usage, 1); | 
|  | 293 | init_rwsem(&key->sem); | 
|  | 294 | lockdep_set_class(&key->sem, &type->lock_class); | 
|  | 295 | key->type = type; | 
|  | 296 | key->user = user; | 
|  | 297 | key->quotalen = quotalen; | 
|  | 298 | key->datalen = type->def_datalen; | 
|  | 299 | key->uid = uid; | 
|  | 300 | key->gid = gid; | 
|  | 301 | key->perm = perm; | 
|  | 302 | key->flags = 0; | 
|  | 303 | key->expiry = 0; | 
|  | 304 | key->payload.data = NULL; | 
|  | 305 | key->security = NULL; | 
|  | 306 |  | 
|  | 307 | if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) | 
|  | 308 | key->flags |= 1 << KEY_FLAG_IN_QUOTA; | 
|  | 309 |  | 
|  | 310 | memset(&key->type_data, 0, sizeof(key->type_data)); | 
|  | 311 |  | 
|  | 312 | #ifdef KEY_DEBUGGING | 
|  | 313 | key->magic = KEY_DEBUG_MAGIC; | 
|  | 314 | #endif | 
|  | 315 |  | 
|  | 316 | /* let the security module know about the key */ | 
|  | 317 | ret = security_key_alloc(key, cred, flags); | 
|  | 318 | if (ret < 0) | 
|  | 319 | goto security_error; | 
|  | 320 |  | 
|  | 321 | /* publish the key by giving it a serial number */ | 
|  | 322 | atomic_inc(&user->nkeys); | 
|  | 323 | key_alloc_serial(key); | 
|  | 324 |  | 
|  | 325 | error: | 
|  | 326 | return key; | 
|  | 327 |  | 
|  | 328 | security_error: | 
|  | 329 | kfree(key->description); | 
|  | 330 | kmem_cache_free(key_jar, key); | 
|  | 331 | if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) { | 
|  | 332 | spin_lock(&user->lock); | 
|  | 333 | user->qnkeys--; | 
|  | 334 | user->qnbytes -= quotalen; | 
|  | 335 | spin_unlock(&user->lock); | 
|  | 336 | } | 
|  | 337 | key_user_put(user); | 
|  | 338 | key = ERR_PTR(ret); | 
|  | 339 | goto error; | 
|  | 340 |  | 
|  | 341 | no_memory_3: | 
|  | 342 | kmem_cache_free(key_jar, key); | 
|  | 343 | no_memory_2: | 
|  | 344 | if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) { | 
|  | 345 | spin_lock(&user->lock); | 
|  | 346 | user->qnkeys--; | 
|  | 347 | user->qnbytes -= quotalen; | 
|  | 348 | spin_unlock(&user->lock); | 
|  | 349 | } | 
|  | 350 | key_user_put(user); | 
|  | 351 | no_memory_1: | 
|  | 352 | key = ERR_PTR(-ENOMEM); | 
|  | 353 | goto error; | 
|  | 354 |  | 
|  | 355 | no_quota: | 
|  | 356 | spin_unlock(&user->lock); | 
|  | 357 | key_user_put(user); | 
|  | 358 | key = ERR_PTR(-EDQUOT); | 
|  | 359 | goto error; | 
|  | 360 | } | 
|  | 361 | EXPORT_SYMBOL(key_alloc); | 
|  | 362 |  | 
|  | 363 | /** | 
|  | 364 | * key_payload_reserve - Adjust data quota reservation for the key's payload | 
|  | 365 | * @key: The key to make the reservation for. | 
|  | 366 | * @datalen: The amount of data payload the caller now wants. | 
|  | 367 | * | 
|  | 368 | * Adjust the amount of the owning user's key data quota that a key reserves. | 
|  | 369 | * If the amount is increased, then -EDQUOT may be returned if there isn't | 
|  | 370 | * enough free quota available. | 
|  | 371 | * | 
|  | 372 | * If successful, 0 is returned. | 
|  | 373 | */ | 
|  | 374 | int key_payload_reserve(struct key *key, size_t datalen) | 
|  | 375 | { | 
|  | 376 | int delta = (int)datalen - key->datalen; | 
|  | 377 | int ret = 0; | 
|  | 378 |  | 
|  | 379 | key_check(key); | 
|  | 380 |  | 
|  | 381 | /* contemplate the quota adjustment */ | 
|  | 382 | if (delta != 0 && test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { | 
|  | 383 | unsigned maxbytes = (key->user->uid == 0) ? | 
|  | 384 | key_quota_root_maxbytes : key_quota_maxbytes; | 
|  | 385 |  | 
|  | 386 | spin_lock(&key->user->lock); | 
|  | 387 |  | 
|  | 388 | if (delta > 0 && | 
|  | 389 | (key->user->qnbytes + delta >= maxbytes || | 
|  | 390 | key->user->qnbytes + delta < key->user->qnbytes)) { | 
|  | 391 | ret = -EDQUOT; | 
|  | 392 | } | 
|  | 393 | else { | 
|  | 394 | key->user->qnbytes += delta; | 
|  | 395 | key->quotalen += delta; | 
|  | 396 | } | 
|  | 397 | spin_unlock(&key->user->lock); | 
|  | 398 | } | 
|  | 399 |  | 
|  | 400 | /* change the recorded data length if that didn't generate an error */ | 
|  | 401 | if (ret == 0) | 
|  | 402 | key->datalen = datalen; | 
|  | 403 |  | 
|  | 404 | return ret; | 
|  | 405 | } | 
|  | 406 | EXPORT_SYMBOL(key_payload_reserve); | 
|  | 407 |  | 
|  | 408 | /* | 
|  | 409 | * Instantiate a key and link it into the target keyring atomically.  Must be | 
|  | 410 | * called with the target keyring's semaphore writelocked.  The target key's | 
|  | 411 | * semaphore need not be locked as instantiation is serialised by | 
|  | 412 | * key_construction_mutex. | 
|  | 413 | */ | 
|  | 414 | static int __key_instantiate_and_link(struct key *key, | 
|  | 415 | const void *data, | 
|  | 416 | size_t datalen, | 
|  | 417 | struct key *keyring, | 
|  | 418 | struct key *authkey, | 
|  | 419 | unsigned long *_prealloc) | 
|  | 420 | { | 
|  | 421 | int ret, awaken; | 
|  | 422 |  | 
|  | 423 | key_check(key); | 
|  | 424 | key_check(keyring); | 
|  | 425 |  | 
|  | 426 | awaken = 0; | 
|  | 427 | ret = -EBUSY; | 
|  | 428 |  | 
|  | 429 | mutex_lock(&key_construction_mutex); | 
|  | 430 |  | 
|  | 431 | /* can't instantiate twice */ | 
|  | 432 | if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { | 
|  | 433 | /* instantiate the key */ | 
|  | 434 | ret = key->type->instantiate(key, data, datalen); | 
|  | 435 |  | 
|  | 436 | if (ret == 0) { | 
|  | 437 | /* mark the key as being instantiated */ | 
|  | 438 | atomic_inc(&key->user->nikeys); | 
|  | 439 | set_bit(KEY_FLAG_INSTANTIATED, &key->flags); | 
|  | 440 |  | 
|  | 441 | if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags)) | 
|  | 442 | awaken = 1; | 
|  | 443 |  | 
|  | 444 | /* and link it into the destination keyring */ | 
|  | 445 | if (keyring) | 
|  | 446 | __key_link(keyring, key, _prealloc); | 
|  | 447 |  | 
|  | 448 | /* disable the authorisation key */ | 
|  | 449 | if (authkey) | 
|  | 450 | key_revoke(authkey); | 
|  | 451 | } | 
|  | 452 | } | 
|  | 453 |  | 
|  | 454 | mutex_unlock(&key_construction_mutex); | 
|  | 455 |  | 
|  | 456 | /* wake up anyone waiting for a key to be constructed */ | 
|  | 457 | if (awaken) | 
|  | 458 | wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT); | 
|  | 459 |  | 
|  | 460 | return ret; | 
|  | 461 | } | 
|  | 462 |  | 
|  | 463 | /** | 
|  | 464 | * key_instantiate_and_link - Instantiate a key and link it into the keyring. | 
|  | 465 | * @key: The key to instantiate. | 
|  | 466 | * @data: The data to use to instantiate the keyring. | 
|  | 467 | * @datalen: The length of @data. | 
|  | 468 | * @keyring: Keyring to create a link in on success (or NULL). | 
|  | 469 | * @authkey: The authorisation token permitting instantiation. | 
|  | 470 | * | 
|  | 471 | * Instantiate a key that's in the uninstantiated state using the provided data | 
|  | 472 | * and, if successful, link it in to the destination keyring if one is | 
|  | 473 | * supplied. | 
|  | 474 | * | 
|  | 475 | * If successful, 0 is returned, the authorisation token is revoked and anyone | 
|  | 476 | * waiting for the key is woken up.  If the key was already instantiated, | 
|  | 477 | * -EBUSY will be returned. | 
|  | 478 | */ | 
|  | 479 | int key_instantiate_and_link(struct key *key, | 
|  | 480 | const void *data, | 
|  | 481 | size_t datalen, | 
|  | 482 | struct key *keyring, | 
|  | 483 | struct key *authkey) | 
|  | 484 | { | 
|  | 485 | unsigned long prealloc; | 
|  | 486 | int ret; | 
|  | 487 |  | 
|  | 488 | if (keyring) { | 
|  | 489 | ret = __key_link_begin(keyring, key->type, key->description, | 
|  | 490 | &prealloc); | 
|  | 491 | if (ret < 0) | 
|  | 492 | return ret; | 
|  | 493 | } | 
|  | 494 |  | 
|  | 495 | ret = __key_instantiate_and_link(key, data, datalen, keyring, authkey, | 
|  | 496 | &prealloc); | 
|  | 497 |  | 
|  | 498 | if (keyring) | 
|  | 499 | __key_link_end(keyring, key->type, prealloc); | 
|  | 500 |  | 
|  | 501 | return ret; | 
|  | 502 | } | 
|  | 503 |  | 
|  | 504 | EXPORT_SYMBOL(key_instantiate_and_link); | 
|  | 505 |  | 
|  | 506 | /** | 
|  | 507 | * key_reject_and_link - Negatively instantiate a key and link it into the keyring. | 
|  | 508 | * @key: The key to instantiate. | 
|  | 509 | * @timeout: The timeout on the negative key. | 
|  | 510 | * @error: The error to return when the key is hit. | 
|  | 511 | * @keyring: Keyring to create a link in on success (or NULL). | 
|  | 512 | * @authkey: The authorisation token permitting instantiation. | 
|  | 513 | * | 
|  | 514 | * Negatively instantiate a key that's in the uninstantiated state and, if | 
|  | 515 | * successful, set its timeout and stored error and link it in to the | 
|  | 516 | * destination keyring if one is supplied.  The key and any links to the key | 
|  | 517 | * will be automatically garbage collected after the timeout expires. | 
|  | 518 | * | 
|  | 519 | * Negative keys are used to rate limit repeated request_key() calls by causing | 
|  | 520 | * them to return the stored error code (typically ENOKEY) until the negative | 
|  | 521 | * key expires. | 
|  | 522 | * | 
|  | 523 | * If successful, 0 is returned, the authorisation token is revoked and anyone | 
|  | 524 | * waiting for the key is woken up.  If the key was already instantiated, | 
|  | 525 | * -EBUSY will be returned. | 
|  | 526 | */ | 
|  | 527 | int key_reject_and_link(struct key *key, | 
|  | 528 | unsigned timeout, | 
|  | 529 | unsigned error, | 
|  | 530 | struct key *keyring, | 
|  | 531 | struct key *authkey) | 
|  | 532 | { | 
|  | 533 | unsigned long prealloc; | 
|  | 534 | struct timespec now; | 
|  | 535 | int ret, awaken, link_ret = 0; | 
|  | 536 |  | 
|  | 537 | key_check(key); | 
|  | 538 | key_check(keyring); | 
|  | 539 |  | 
|  | 540 | awaken = 0; | 
|  | 541 | ret = -EBUSY; | 
|  | 542 |  | 
|  | 543 | if (keyring) | 
|  | 544 | link_ret = __key_link_begin(keyring, key->type, | 
|  | 545 | key->description, &prealloc); | 
|  | 546 |  | 
|  | 547 | mutex_lock(&key_construction_mutex); | 
|  | 548 |  | 
|  | 549 | /* can't instantiate twice */ | 
|  | 550 | if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { | 
|  | 551 | /* mark the key as being negatively instantiated */ | 
|  | 552 | atomic_inc(&key->user->nikeys); | 
|  | 553 | set_bit(KEY_FLAG_NEGATIVE, &key->flags); | 
|  | 554 | set_bit(KEY_FLAG_INSTANTIATED, &key->flags); | 
|  | 555 | key->type_data.reject_error = -error; | 
|  | 556 | now = current_kernel_time(); | 
|  | 557 | key->expiry = now.tv_sec + timeout; | 
|  | 558 | key_schedule_gc(key->expiry + key_gc_delay); | 
|  | 559 |  | 
|  | 560 | if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags)) | 
|  | 561 | awaken = 1; | 
|  | 562 |  | 
|  | 563 | ret = 0; | 
|  | 564 |  | 
|  | 565 | /* and link it into the destination keyring */ | 
|  | 566 | if (keyring && link_ret == 0) | 
|  | 567 | __key_link(keyring, key, &prealloc); | 
|  | 568 |  | 
|  | 569 | /* disable the authorisation key */ | 
|  | 570 | if (authkey) | 
|  | 571 | key_revoke(authkey); | 
|  | 572 | } | 
|  | 573 |  | 
|  | 574 | mutex_unlock(&key_construction_mutex); | 
|  | 575 |  | 
|  | 576 | if (keyring) | 
|  | 577 | __key_link_end(keyring, key->type, prealloc); | 
|  | 578 |  | 
|  | 579 | /* wake up anyone waiting for a key to be constructed */ | 
|  | 580 | if (awaken) | 
|  | 581 | wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT); | 
|  | 582 |  | 
|  | 583 | return ret == 0 ? link_ret : ret; | 
|  | 584 | } | 
|  | 585 | EXPORT_SYMBOL(key_reject_and_link); | 
|  | 586 |  | 
|  | 587 | /** | 
|  | 588 | * key_put - Discard a reference to a key. | 
|  | 589 | * @key: The key to discard a reference from. | 
|  | 590 | * | 
|  | 591 | * Discard a reference to a key, and when all the references are gone, we | 
|  | 592 | * schedule the cleanup task to come and pull it out of the tree in process | 
|  | 593 | * context at some later time. | 
|  | 594 | */ | 
|  | 595 | void key_put(struct key *key) | 
|  | 596 | { | 
|  | 597 | if (key) { | 
|  | 598 | key_check(key); | 
|  | 599 |  | 
|  | 600 | if (atomic_dec_and_test(&key->usage)) | 
|  | 601 | queue_work(system_nrt_wq, &key_gc_work); | 
|  | 602 | } | 
|  | 603 | } | 
|  | 604 | EXPORT_SYMBOL(key_put); | 
|  | 605 |  | 
|  | 606 | /* | 
|  | 607 | * Find a key by its serial number. | 
|  | 608 | */ | 
|  | 609 | struct key *key_lookup(key_serial_t id) | 
|  | 610 | { | 
|  | 611 | struct rb_node *n; | 
|  | 612 | struct key *key; | 
|  | 613 |  | 
|  | 614 | spin_lock(&key_serial_lock); | 
|  | 615 |  | 
|  | 616 | /* search the tree for the specified key */ | 
|  | 617 | n = key_serial_tree.rb_node; | 
|  | 618 | while (n) { | 
|  | 619 | key = rb_entry(n, struct key, serial_node); | 
|  | 620 |  | 
|  | 621 | if (id < key->serial) | 
|  | 622 | n = n->rb_left; | 
|  | 623 | else if (id > key->serial) | 
|  | 624 | n = n->rb_right; | 
|  | 625 | else | 
|  | 626 | goto found; | 
|  | 627 | } | 
|  | 628 |  | 
|  | 629 | not_found: | 
|  | 630 | key = ERR_PTR(-ENOKEY); | 
|  | 631 | goto error; | 
|  | 632 |  | 
|  | 633 | found: | 
|  | 634 | /* pretend it doesn't exist if it is awaiting deletion */ | 
|  | 635 | if (atomic_read(&key->usage) == 0) | 
|  | 636 | goto not_found; | 
|  | 637 |  | 
|  | 638 | /* this races with key_put(), but that doesn't matter since key_put() | 
|  | 639 | * doesn't actually change the key | 
|  | 640 | */ | 
|  | 641 | atomic_inc(&key->usage); | 
|  | 642 |  | 
|  | 643 | error: | 
|  | 644 | spin_unlock(&key_serial_lock); | 
|  | 645 | return key; | 
|  | 646 | } | 
|  | 647 |  | 
|  | 648 | /* | 
|  | 649 | * Find and lock the specified key type against removal. | 
|  | 650 | * | 
|  | 651 | * We return with the sem read-locked if successful.  If the type wasn't | 
|  | 652 | * available -ENOKEY is returned instead. | 
|  | 653 | */ | 
|  | 654 | struct key_type *key_type_lookup(const char *type) | 
|  | 655 | { | 
|  | 656 | struct key_type *ktype; | 
|  | 657 |  | 
|  | 658 | down_read(&key_types_sem); | 
|  | 659 |  | 
|  | 660 | /* look up the key type to see if it's one of the registered kernel | 
|  | 661 | * types */ | 
|  | 662 | list_for_each_entry(ktype, &key_types_list, link) { | 
|  | 663 | if (strcmp(ktype->name, type) == 0) | 
|  | 664 | goto found_kernel_type; | 
|  | 665 | } | 
|  | 666 |  | 
|  | 667 | up_read(&key_types_sem); | 
|  | 668 | ktype = ERR_PTR(-ENOKEY); | 
|  | 669 |  | 
|  | 670 | found_kernel_type: | 
|  | 671 | return ktype; | 
|  | 672 | } | 
|  | 673 |  | 
|  | 674 | void key_set_timeout(struct key *key, unsigned timeout) | 
|  | 675 | { | 
|  | 676 | struct timespec now; | 
|  | 677 | time_t expiry = 0; | 
|  | 678 |  | 
|  | 679 | /* make the changes with the locks held to prevent races */ | 
|  | 680 | down_write(&key->sem); | 
|  | 681 |  | 
|  | 682 | if (timeout > 0) { | 
|  | 683 | now = current_kernel_time(); | 
|  | 684 | expiry = now.tv_sec + timeout; | 
|  | 685 | } | 
|  | 686 |  | 
|  | 687 | key->expiry = expiry; | 
|  | 688 | key_schedule_gc(key->expiry + key_gc_delay); | 
|  | 689 |  | 
|  | 690 | up_write(&key->sem); | 
|  | 691 | } | 
|  | 692 | EXPORT_SYMBOL_GPL(key_set_timeout); | 
|  | 693 |  | 
|  | 694 | /* | 
|  | 695 | * Unlock a key type locked by key_type_lookup(). | 
|  | 696 | */ | 
|  | 697 | void key_type_put(struct key_type *ktype) | 
|  | 698 | { | 
|  | 699 | up_read(&key_types_sem); | 
|  | 700 | } | 
|  | 701 |  | 
|  | 702 | /* | 
|  | 703 | * Attempt to update an existing key. | 
|  | 704 | * | 
|  | 705 | * The key is given to us with an incremented refcount that we need to discard | 
|  | 706 | * if we get an error. | 
|  | 707 | */ | 
|  | 708 | static inline key_ref_t __key_update(key_ref_t key_ref, | 
|  | 709 | const void *payload, size_t plen) | 
|  | 710 | { | 
|  | 711 | struct key *key = key_ref_to_ptr(key_ref); | 
|  | 712 | int ret; | 
|  | 713 |  | 
|  | 714 | /* need write permission on the key to update it */ | 
|  | 715 | ret = key_permission(key_ref, KEY_WRITE); | 
|  | 716 | if (ret < 0) | 
|  | 717 | goto error; | 
|  | 718 |  | 
|  | 719 | ret = -EEXIST; | 
|  | 720 | if (!key->type->update) | 
|  | 721 | goto error; | 
|  | 722 |  | 
|  | 723 | down_write(&key->sem); | 
|  | 724 |  | 
|  | 725 | ret = key->type->update(key, payload, plen); | 
|  | 726 | if (ret == 0) | 
|  | 727 | /* updating a negative key instantiates it */ | 
|  | 728 | clear_bit(KEY_FLAG_NEGATIVE, &key->flags); | 
|  | 729 |  | 
|  | 730 | up_write(&key->sem); | 
|  | 731 |  | 
|  | 732 | if (ret < 0) | 
|  | 733 | goto error; | 
|  | 734 | out: | 
|  | 735 | return key_ref; | 
|  | 736 |  | 
|  | 737 | error: | 
|  | 738 | key_put(key); | 
|  | 739 | key_ref = ERR_PTR(ret); | 
|  | 740 | goto out; | 
|  | 741 | } | 
|  | 742 |  | 
|  | 743 | /** | 
|  | 744 | * key_create_or_update - Update or create and instantiate a key. | 
|  | 745 | * @keyring_ref: A pointer to the destination keyring with possession flag. | 
|  | 746 | * @type: The type of key. | 
|  | 747 | * @description: The searchable description for the key. | 
|  | 748 | * @payload: The data to use to instantiate or update the key. | 
|  | 749 | * @plen: The length of @payload. | 
|  | 750 | * @perm: The permissions mask for a new key. | 
|  | 751 | * @flags: The quota flags for a new key. | 
|  | 752 | * | 
|  | 753 | * Search the destination keyring for a key of the same description and if one | 
|  | 754 | * is found, update it, otherwise create and instantiate a new one and create a | 
|  | 755 | * link to it from that keyring. | 
|  | 756 | * | 
|  | 757 | * If perm is KEY_PERM_UNDEF then an appropriate key permissions mask will be | 
|  | 758 | * concocted. | 
|  | 759 | * | 
|  | 760 | * Returns a pointer to the new key if successful, -ENODEV if the key type | 
|  | 761 | * wasn't available, -ENOTDIR if the keyring wasn't a keyring, -EACCES if the | 
|  | 762 | * caller isn't permitted to modify the keyring or the LSM did not permit | 
|  | 763 | * creation of the key. | 
|  | 764 | * | 
|  | 765 | * On success, the possession flag from the keyring ref will be tacked on to | 
|  | 766 | * the key ref before it is returned. | 
|  | 767 | */ | 
|  | 768 | key_ref_t key_create_or_update(key_ref_t keyring_ref, | 
|  | 769 | const char *type, | 
|  | 770 | const char *description, | 
|  | 771 | const void *payload, | 
|  | 772 | size_t plen, | 
|  | 773 | key_perm_t perm, | 
|  | 774 | unsigned long flags) | 
|  | 775 | { | 
|  | 776 | unsigned long prealloc; | 
|  | 777 | const struct cred *cred = current_cred(); | 
|  | 778 | struct key_type *ktype; | 
|  | 779 | struct key *keyring, *key = NULL; | 
|  | 780 | key_ref_t key_ref; | 
|  | 781 | int ret; | 
|  | 782 |  | 
|  | 783 | /* look up the key type to see if it's one of the registered kernel | 
|  | 784 | * types */ | 
|  | 785 | ktype = key_type_lookup(type); | 
|  | 786 | if (IS_ERR(ktype)) { | 
|  | 787 | key_ref = ERR_PTR(-ENODEV); | 
|  | 788 | goto error; | 
|  | 789 | } | 
|  | 790 |  | 
|  | 791 | key_ref = ERR_PTR(-EINVAL); | 
|  | 792 | if (!ktype->match || !ktype->instantiate) | 
|  | 793 | goto error_2; | 
|  | 794 |  | 
|  | 795 | keyring = key_ref_to_ptr(keyring_ref); | 
|  | 796 |  | 
|  | 797 | key_check(keyring); | 
|  | 798 |  | 
|  | 799 | key_ref = ERR_PTR(-ENOTDIR); | 
|  | 800 | if (keyring->type != &key_type_keyring) | 
|  | 801 | goto error_2; | 
|  | 802 |  | 
|  | 803 | ret = __key_link_begin(keyring, ktype, description, &prealloc); | 
|  | 804 | if (ret < 0) | 
|  | 805 | goto error_2; | 
|  | 806 |  | 
|  | 807 | /* if we're going to allocate a new key, we're going to have | 
|  | 808 | * to modify the keyring */ | 
|  | 809 | ret = key_permission(keyring_ref, KEY_WRITE); | 
|  | 810 | if (ret < 0) { | 
|  | 811 | key_ref = ERR_PTR(ret); | 
|  | 812 | goto error_3; | 
|  | 813 | } | 
|  | 814 |  | 
|  | 815 | /* if it's possible to update this type of key, search for an existing | 
|  | 816 | * key of the same type and description in the destination keyring and | 
|  | 817 | * update that instead if possible | 
|  | 818 | */ | 
|  | 819 | if (ktype->update) { | 
|  | 820 | key_ref = __keyring_search_one(keyring_ref, ktype, description, | 
|  | 821 | 0); | 
|  | 822 | if (!IS_ERR(key_ref)) | 
|  | 823 | goto found_matching_key; | 
|  | 824 | } | 
|  | 825 |  | 
|  | 826 | /* if the client doesn't provide, decide on the permissions we want */ | 
|  | 827 | if (perm == KEY_PERM_UNDEF) { | 
|  | 828 | perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; | 
|  | 829 | perm |= KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_LINK | KEY_USR_SETATTR; | 
|  | 830 |  | 
|  | 831 | if (ktype->read) | 
|  | 832 | perm |= KEY_POS_READ | KEY_USR_READ; | 
|  | 833 |  | 
|  | 834 | if (ktype == &key_type_keyring || ktype->update) | 
|  | 835 | perm |= KEY_USR_WRITE; | 
|  | 836 | } | 
|  | 837 |  | 
|  | 838 | /* allocate a new key */ | 
|  | 839 | key = key_alloc(ktype, description, cred->fsuid, cred->fsgid, cred, | 
|  | 840 | perm, flags); | 
|  | 841 | if (IS_ERR(key)) { | 
|  | 842 | key_ref = ERR_CAST(key); | 
|  | 843 | goto error_3; | 
|  | 844 | } | 
|  | 845 |  | 
|  | 846 | /* instantiate it and link it into the target keyring */ | 
|  | 847 | ret = __key_instantiate_and_link(key, payload, plen, keyring, NULL, | 
|  | 848 | &prealloc); | 
|  | 849 | if (ret < 0) { | 
|  | 850 | key_put(key); | 
|  | 851 | key_ref = ERR_PTR(ret); | 
|  | 852 | goto error_3; | 
|  | 853 | } | 
|  | 854 |  | 
|  | 855 | key_ref = make_key_ref(key, is_key_possessed(keyring_ref)); | 
|  | 856 |  | 
|  | 857 | error_3: | 
|  | 858 | __key_link_end(keyring, ktype, prealloc); | 
|  | 859 | error_2: | 
|  | 860 | key_type_put(ktype); | 
|  | 861 | error: | 
|  | 862 | return key_ref; | 
|  | 863 |  | 
|  | 864 | found_matching_key: | 
|  | 865 | /* we found a matching key, so we're going to try to update it | 
|  | 866 | * - we can drop the locks first as we have the key pinned | 
|  | 867 | */ | 
|  | 868 | __key_link_end(keyring, ktype, prealloc); | 
|  | 869 | key_type_put(ktype); | 
|  | 870 |  | 
|  | 871 | key_ref = __key_update(key_ref, payload, plen); | 
|  | 872 | goto error; | 
|  | 873 | } | 
|  | 874 | EXPORT_SYMBOL(key_create_or_update); | 
|  | 875 |  | 
|  | 876 | /** | 
|  | 877 | * key_update - Update a key's contents. | 
|  | 878 | * @key_ref: The pointer (plus possession flag) to the key. | 
|  | 879 | * @payload: The data to be used to update the key. | 
|  | 880 | * @plen: The length of @payload. | 
|  | 881 | * | 
|  | 882 | * Attempt to update the contents of a key with the given payload data.  The | 
|  | 883 | * caller must be granted Write permission on the key.  Negative keys can be | 
|  | 884 | * instantiated by this method. | 
|  | 885 | * | 
|  | 886 | * Returns 0 on success, -EACCES if not permitted and -EOPNOTSUPP if the key | 
|  | 887 | * type does not support updating.  The key type may return other errors. | 
|  | 888 | */ | 
|  | 889 | int key_update(key_ref_t key_ref, const void *payload, size_t plen) | 
|  | 890 | { | 
|  | 891 | struct key *key = key_ref_to_ptr(key_ref); | 
|  | 892 | int ret; | 
|  | 893 |  | 
|  | 894 | key_check(key); | 
|  | 895 |  | 
|  | 896 | /* the key must be writable */ | 
|  | 897 | ret = key_permission(key_ref, KEY_WRITE); | 
|  | 898 | if (ret < 0) | 
|  | 899 | goto error; | 
|  | 900 |  | 
|  | 901 | /* attempt to update it if supported */ | 
|  | 902 | ret = -EOPNOTSUPP; | 
|  | 903 | if (key->type->update) { | 
|  | 904 | down_write(&key->sem); | 
|  | 905 |  | 
|  | 906 | ret = key->type->update(key, payload, plen); | 
|  | 907 | if (ret == 0) | 
|  | 908 | /* updating a negative key instantiates it */ | 
|  | 909 | clear_bit(KEY_FLAG_NEGATIVE, &key->flags); | 
|  | 910 |  | 
|  | 911 | up_write(&key->sem); | 
|  | 912 | } | 
|  | 913 |  | 
|  | 914 | error: | 
|  | 915 | return ret; | 
|  | 916 | } | 
|  | 917 | EXPORT_SYMBOL(key_update); | 
|  | 918 |  | 
|  | 919 | /** | 
|  | 920 | * key_revoke - Revoke a key. | 
|  | 921 | * @key: The key to be revoked. | 
|  | 922 | * | 
|  | 923 | * Mark a key as being revoked and ask the type to free up its resources.  The | 
|  | 924 | * revocation timeout is set and the key and all its links will be | 
|  | 925 | * automatically garbage collected after key_gc_delay amount of time if they | 
|  | 926 | * are not manually dealt with first. | 
|  | 927 | */ | 
|  | 928 | void key_revoke(struct key *key) | 
|  | 929 | { | 
|  | 930 | struct timespec now; | 
|  | 931 | time_t time; | 
|  | 932 |  | 
|  | 933 | key_check(key); | 
|  | 934 |  | 
|  | 935 | /* make sure no one's trying to change or use the key when we mark it | 
|  | 936 | * - we tell lockdep that we might nest because we might be revoking an | 
|  | 937 | *   authorisation key whilst holding the sem on a key we've just | 
|  | 938 | *   instantiated | 
|  | 939 | */ | 
|  | 940 | down_write_nested(&key->sem, 1); | 
|  | 941 | if (!test_and_set_bit(KEY_FLAG_REVOKED, &key->flags) && | 
|  | 942 | key->type->revoke) | 
|  | 943 | key->type->revoke(key); | 
|  | 944 |  | 
|  | 945 | /* set the death time to no more than the expiry time */ | 
|  | 946 | now = current_kernel_time(); | 
|  | 947 | time = now.tv_sec; | 
|  | 948 | if (key->revoked_at == 0 || key->revoked_at > time) { | 
|  | 949 | key->revoked_at = time; | 
|  | 950 | key_schedule_gc(key->revoked_at + key_gc_delay); | 
|  | 951 | } | 
|  | 952 |  | 
|  | 953 | up_write(&key->sem); | 
|  | 954 | } | 
|  | 955 | EXPORT_SYMBOL(key_revoke); | 
|  | 956 |  | 
|  | 957 | /** | 
|  | 958 | * register_key_type - Register a type of key. | 
|  | 959 | * @ktype: The new key type. | 
|  | 960 | * | 
|  | 961 | * Register a new key type. | 
|  | 962 | * | 
|  | 963 | * Returns 0 on success or -EEXIST if a type of this name already exists. | 
|  | 964 | */ | 
|  | 965 | int register_key_type(struct key_type *ktype) | 
|  | 966 | { | 
|  | 967 | struct key_type *p; | 
|  | 968 | int ret; | 
|  | 969 |  | 
|  | 970 | memset(&ktype->lock_class, 0, sizeof(ktype->lock_class)); | 
|  | 971 |  | 
|  | 972 | ret = -EEXIST; | 
|  | 973 | down_write(&key_types_sem); | 
|  | 974 |  | 
|  | 975 | /* disallow key types with the same name */ | 
|  | 976 | list_for_each_entry(p, &key_types_list, link) { | 
|  | 977 | if (strcmp(p->name, ktype->name) == 0) | 
|  | 978 | goto out; | 
|  | 979 | } | 
|  | 980 |  | 
|  | 981 | /* store the type */ | 
|  | 982 | list_add(&ktype->link, &key_types_list); | 
|  | 983 | ret = 0; | 
|  | 984 |  | 
|  | 985 | out: | 
|  | 986 | up_write(&key_types_sem); | 
|  | 987 | return ret; | 
|  | 988 | } | 
|  | 989 | EXPORT_SYMBOL(register_key_type); | 
|  | 990 |  | 
|  | 991 | /** | 
|  | 992 | * unregister_key_type - Unregister a type of key. | 
|  | 993 | * @ktype: The key type. | 
|  | 994 | * | 
|  | 995 | * Unregister a key type and mark all the extant keys of this type as dead. | 
|  | 996 | * Those keys of this type are then destroyed to get rid of their payloads and | 
|  | 997 | * they and their links will be garbage collected as soon as possible. | 
|  | 998 | */ | 
|  | 999 | void unregister_key_type(struct key_type *ktype) | 
|  | 1000 | { | 
|  | 1001 | down_write(&key_types_sem); | 
|  | 1002 | list_del_init(&ktype->link); | 
|  | 1003 | downgrade_write(&key_types_sem); | 
|  | 1004 | key_gc_keytype(ktype); | 
|  | 1005 | up_read(&key_types_sem); | 
|  | 1006 | } | 
|  | 1007 | EXPORT_SYMBOL(unregister_key_type); | 
|  | 1008 |  | 
|  | 1009 | /* | 
|  | 1010 | * Initialise the key management state. | 
|  | 1011 | */ | 
|  | 1012 | void __init key_init(void) | 
|  | 1013 | { | 
|  | 1014 | /* allocate a slab in which we can store keys */ | 
|  | 1015 | key_jar = kmem_cache_create("key_jar", sizeof(struct key), | 
|  | 1016 | 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); | 
|  | 1017 |  | 
|  | 1018 | /* add the special key types */ | 
|  | 1019 | list_add_tail(&key_type_keyring.link, &key_types_list); | 
|  | 1020 | list_add_tail(&key_type_dead.link, &key_types_list); | 
|  | 1021 | list_add_tail(&key_type_user.link, &key_types_list); | 
|  | 1022 | list_add_tail(&key_type_logon.link, &key_types_list); | 
|  | 1023 |  | 
|  | 1024 | /* record the root user tracking */ | 
|  | 1025 | rb_link_node(&root_key_user.node, | 
|  | 1026 | NULL, | 
|  | 1027 | &key_user_tree.rb_node); | 
|  | 1028 |  | 
|  | 1029 | rb_insert_color(&root_key_user.node, | 
|  | 1030 | &key_user_tree); | 
|  | 1031 | } |