^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /* Key garbage collector
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) * Copyright (C) 2009-2011 Red Hat, Inc. All Rights Reserved.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Written by David Howells (dhowells@redhat.com)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) #include <linux/security.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <keys/keyring-type.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include "internal.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) * Delay between key revocation/expiry in seconds
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) unsigned key_gc_delay = 5 * 60;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) * Reaper for unused keys.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) static void key_garbage_collector(struct work_struct *work);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) DECLARE_WORK(key_gc_work, key_garbage_collector);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) * Reaper for links from keyrings to dead keys.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) static void key_gc_timer_func(struct timer_list *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) static DEFINE_TIMER(key_gc_timer, key_gc_timer_func);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) static time64_t key_gc_next_run = TIME64_MAX;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) static struct key_type *key_gc_dead_keytype;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) static unsigned long key_gc_flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) #define KEY_GC_KEY_EXPIRED 0 /* A key expired and needs unlinking */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) #define KEY_GC_REAP_KEYTYPE 1 /* A keytype is being unregistered */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) #define KEY_GC_REAPING_KEYTYPE 2 /* Cleared when keytype reaped */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) * Any key whose type gets unregistered will be re-typed to this if it can't be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) * immediately unlinked.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) struct key_type key_type_dead = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) .name = ".dead",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) * Schedule a garbage collection run.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) * - time precision isn't particularly important
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) void key_schedule_gc(time64_t gc_at)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) unsigned long expires;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) time64_t now = ktime_get_real_seconds();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) kenter("%lld", gc_at - now);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) if (gc_at <= now || test_bit(KEY_GC_REAP_KEYTYPE, &key_gc_flags)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) kdebug("IMMEDIATE");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) schedule_work(&key_gc_work);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) } else if (gc_at < key_gc_next_run) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) kdebug("DEFERRED");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) key_gc_next_run = gc_at;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) expires = jiffies + (gc_at - now) * HZ;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) mod_timer(&key_gc_timer, expires);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) * Schedule a dead links collection run.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) void key_schedule_gc_links(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) set_bit(KEY_GC_KEY_EXPIRED, &key_gc_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) schedule_work(&key_gc_work);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) * Some key's cleanup time was met after it expired, so we need to get the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) * reaper to go through a cycle finding expired keys.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) static void key_gc_timer_func(struct timer_list *unused)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) kenter("");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) key_gc_next_run = TIME64_MAX;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) key_schedule_gc_links();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) * Reap keys of dead type.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) * We use three flags to make sure we see three complete cycles of the garbage
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) * collector: the first to mark keys of that type as being dead, the second to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) * collect dead links and the third to clean up the dead keys. We have to be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) * careful as there may already be a cycle in progress.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) * The caller must be holding key_types_sem.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) void key_gc_keytype(struct key_type *ktype)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) kenter("%s", ktype->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) key_gc_dead_keytype = ktype;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) set_bit(KEY_GC_REAPING_KEYTYPE, &key_gc_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) smp_mb();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) set_bit(KEY_GC_REAP_KEYTYPE, &key_gc_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) kdebug("schedule");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) schedule_work(&key_gc_work);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) kdebug("sleep");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) wait_on_bit(&key_gc_flags, KEY_GC_REAPING_KEYTYPE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) TASK_UNINTERRUPTIBLE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) key_gc_dead_keytype = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) kleave("");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) * Garbage collect a list of unreferenced, detached keys
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) static noinline void key_gc_unused_keys(struct list_head *keys)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) while (!list_empty(keys)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) struct key *key =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) list_entry(keys->next, struct key, graveyard_link);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) short state = key->state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) list_del(&key->graveyard_link);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) kdebug("- %u", key->serial);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) key_check(key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) #ifdef CONFIG_KEY_NOTIFICATIONS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) remove_watch_list(key->watchers, key->serial);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) key->watchers = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) /* Throw away the key data if the key is instantiated */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) if (state == KEY_IS_POSITIVE && key->type->destroy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) key->type->destroy(key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) security_key_free(key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) /* deal with the user's key tracking and quota */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) spin_lock(&key->user->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) key->user->qnkeys--;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) key->user->qnbytes -= key->quotalen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) spin_unlock(&key->user->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) atomic_dec(&key->user->nkeys);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) if (state != KEY_IS_UNINSTANTIATED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) atomic_dec(&key->user->nikeys);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) key_user_put(key->user);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) key_put_tag(key->domain_tag);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) kfree(key->description);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) memzero_explicit(key, sizeof(*key));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) kmem_cache_free(key_jar, key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) * Garbage collector for unused keys.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) * This is done in process context so that we don't have to disable interrupts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) * all over the place. key_put() schedules this rather than trying to do the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) * cleanup itself, which means key_put() doesn't have to sleep.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) static void key_garbage_collector(struct work_struct *work)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) static LIST_HEAD(graveyard);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) static u8 gc_state; /* Internal persistent state */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) #define KEY_GC_REAP_AGAIN 0x01 /* - Need another cycle */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) #define KEY_GC_REAPING_LINKS 0x02 /* - We need to reap links */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) #define KEY_GC_SET_TIMER 0x04 /* - We need to restart the timer */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) #define KEY_GC_REAPING_DEAD_1 0x10 /* - We need to mark dead keys */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) #define KEY_GC_REAPING_DEAD_2 0x20 /* - We need to reap dead key links */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) #define KEY_GC_REAPING_DEAD_3 0x40 /* - We need to reap dead keys */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) #define KEY_GC_FOUND_DEAD_KEY 0x80 /* - We found at least one dead key */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) struct rb_node *cursor;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) struct key *key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) time64_t new_timer, limit;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) kenter("[%lx,%x]", key_gc_flags, gc_state);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) limit = ktime_get_real_seconds();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) if (limit > key_gc_delay)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) limit -= key_gc_delay;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) limit = key_gc_delay;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) /* Work out what we're going to be doing in this pass */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) gc_state &= KEY_GC_REAPING_DEAD_1 | KEY_GC_REAPING_DEAD_2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) gc_state <<= 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) if (test_and_clear_bit(KEY_GC_KEY_EXPIRED, &key_gc_flags))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) gc_state |= KEY_GC_REAPING_LINKS | KEY_GC_SET_TIMER;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) if (test_and_clear_bit(KEY_GC_REAP_KEYTYPE, &key_gc_flags))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) gc_state |= KEY_GC_REAPING_DEAD_1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) kdebug("new pass %x", gc_state);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) new_timer = TIME64_MAX;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) /* As only this function is permitted to remove things from the key
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) * serial tree, if cursor is non-NULL then it will always point to a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) * valid node in the tree - even if lock got dropped.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) spin_lock(&key_serial_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) cursor = rb_first(&key_serial_tree);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) continue_scanning:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) while (cursor) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) key = rb_entry(cursor, struct key, serial_node);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) cursor = rb_next(cursor);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) if (refcount_read(&key->usage) == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) goto found_unreferenced_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) if (unlikely(gc_state & KEY_GC_REAPING_DEAD_1)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) if (key->type == key_gc_dead_keytype) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) gc_state |= KEY_GC_FOUND_DEAD_KEY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) set_bit(KEY_FLAG_DEAD, &key->flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) key->perm = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) goto skip_dead_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) } else if (key->type == &key_type_keyring &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) key->restrict_link) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) goto found_restricted_keyring;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) if (gc_state & KEY_GC_SET_TIMER) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) if (key->expiry > limit && key->expiry < new_timer) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) kdebug("will expire %x in %lld",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) key_serial(key), key->expiry - limit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) new_timer = key->expiry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) if (unlikely(gc_state & KEY_GC_REAPING_DEAD_2))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) if (key->type == key_gc_dead_keytype)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) gc_state |= KEY_GC_FOUND_DEAD_KEY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) if ((gc_state & KEY_GC_REAPING_LINKS) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) unlikely(gc_state & KEY_GC_REAPING_DEAD_2)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) if (key->type == &key_type_keyring)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) goto found_keyring;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) if (unlikely(gc_state & KEY_GC_REAPING_DEAD_3))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) if (key->type == key_gc_dead_keytype)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) goto destroy_dead_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) skip_dead_key:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) if (spin_is_contended(&key_serial_lock) || need_resched())
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) goto contended;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) contended:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) spin_unlock(&key_serial_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) maybe_resched:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) if (cursor) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) cond_resched();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) spin_lock(&key_serial_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) goto continue_scanning;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) /* We've completed the pass. Set the timer if we need to and queue a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) * new cycle if necessary. We keep executing cycles until we find one
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) * where we didn't reap any keys.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) kdebug("pass complete");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) if (gc_state & KEY_GC_SET_TIMER && new_timer != (time64_t)TIME64_MAX) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) new_timer += key_gc_delay;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) key_schedule_gc(new_timer);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) if (unlikely(gc_state & KEY_GC_REAPING_DEAD_2) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) !list_empty(&graveyard)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) /* Make sure that all pending keyring payload destructions are
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) * fulfilled and that people aren't now looking at dead or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) * dying keys that they don't have a reference upon or a link
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) * to.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) kdebug("gc sync");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) synchronize_rcu();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) if (!list_empty(&graveyard)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) kdebug("gc keys");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) key_gc_unused_keys(&graveyard);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) if (unlikely(gc_state & (KEY_GC_REAPING_DEAD_1 |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) KEY_GC_REAPING_DEAD_2))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) if (!(gc_state & KEY_GC_FOUND_DEAD_KEY)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) /* No remaining dead keys: short circuit the remaining
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) * keytype reap cycles.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) kdebug("dead short");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) gc_state &= ~(KEY_GC_REAPING_DEAD_1 | KEY_GC_REAPING_DEAD_2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) gc_state |= KEY_GC_REAPING_DEAD_3;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) gc_state |= KEY_GC_REAP_AGAIN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) if (unlikely(gc_state & KEY_GC_REAPING_DEAD_3)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) kdebug("dead wake");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) smp_mb();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) clear_bit(KEY_GC_REAPING_KEYTYPE, &key_gc_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) wake_up_bit(&key_gc_flags, KEY_GC_REAPING_KEYTYPE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) if (gc_state & KEY_GC_REAP_AGAIN)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) schedule_work(&key_gc_work);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) kleave(" [end %x]", gc_state);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) /* We found an unreferenced key - once we've removed it from the tree,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) * we can safely drop the lock.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) found_unreferenced_key:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) kdebug("unrefd key %d", key->serial);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) rb_erase(&key->serial_node, &key_serial_tree);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) spin_unlock(&key_serial_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) list_add_tail(&key->graveyard_link, &graveyard);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) gc_state |= KEY_GC_REAP_AGAIN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) goto maybe_resched;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) /* We found a restricted keyring and need to update the restriction if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) * it is associated with the dead key type.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) found_restricted_keyring:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) spin_unlock(&key_serial_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) keyring_restriction_gc(key, key_gc_dead_keytype);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) goto maybe_resched;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) /* We found a keyring and we need to check the payload for links to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) * dead or expired keys. We don't flag another reap immediately as we
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) * have to wait for the old payload to be destroyed by RCU before we
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) * can reap the keys to which it refers.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) found_keyring:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) spin_unlock(&key_serial_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) keyring_gc(key, limit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) goto maybe_resched;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) /* We found a dead key that is still referenced. Reset its type and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) * destroy its payload with its semaphore held.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) destroy_dead_key:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) spin_unlock(&key_serial_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) kdebug("destroy key %d", key->serial);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) down_write(&key->sem);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) key->type = &key_type_dead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) if (key_gc_dead_keytype->destroy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) key_gc_dead_keytype->destroy(key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) memset(&key->payload, KEY_DESTROY, sizeof(key->payload));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) up_write(&key->sem);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) goto maybe_resched;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags