78 static int keyring_instantiate(struct key *keyring,
80 static void keyring_revoke(struct key *keyring);
81 static void keyring_destroy(struct key *keyring);
82 static void keyring_describe(const struct key *keyring, struct seq_file *m);
83 static long keyring_read(const struct key *keyring,
109 static void keyring_publish_name(struct key *keyring)  in keyring_publish_name()  argument
113 	if (keyring->description) {  in keyring_publish_name()
114 		bucket = keyring_hash(keyring->description);  in keyring_publish_name()
121 		list_add_tail(&keyring->name_link,  in keyring_publish_name()
148 static int keyring_instantiate(struct key *keyring,  in keyring_instantiate()  argument
151 	assoc_array_init(&keyring->keys);  in keyring_instantiate()
153 	keyring_publish_name(keyring);  in keyring_instantiate()
385 static void keyring_destroy(struct key *keyring)  in keyring_destroy()  argument
387 	if (keyring->description) {  in keyring_destroy()
390 		if (keyring->name_link.next != NULL &&  in keyring_destroy()
391 		    !list_empty(&keyring->name_link))  in keyring_destroy()
392 			list_del(&keyring->name_link);  in keyring_destroy()
397 	if (keyring->restrict_link) {  in keyring_destroy()
398 		struct key_restriction *keyres = keyring->restrict_link;  in keyring_destroy()
404 	assoc_array_destroy(&keyring->keys, &keyring_assoc_array_ops);  in keyring_destroy()
410 static void keyring_describe(const struct key *keyring, struct seq_file *m)  in keyring_describe()  argument
412 	if (keyring->description)  in keyring_describe()
413 		seq_puts(m, keyring->description);  in keyring_describe()
417 	if (key_is_positive(keyring)) {  in keyring_describe()
418 		if (keyring->keys.nr_leaves_on_tree != 0)  in keyring_describe()
419 			seq_printf(m, ": %lu", keyring->keys.nr_leaves_on_tree);  in keyring_describe()
458 static long keyring_read(const struct key *keyring,  in keyring_read()  argument
464 	kenter("{%d},,%zu", key_serial(keyring), buflen);  in keyring_read()
474 		ret = assoc_array_iterate(&keyring->keys,  in keyring_read()
483 	ret = keyring->keys.nr_leaves_on_tree * sizeof(key_serial_t);  in keyring_read()
500 	struct key *keyring;  in keyring_alloc()  local
503 	keyring = key_alloc(&key_type_keyring, description,  in keyring_alloc()
505 	if (!IS_ERR(keyring)) {  in keyring_alloc()
506 		ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);  in keyring_alloc()
508 			key_put(keyring);  in keyring_alloc()
509 			keyring = ERR_PTR(ret);  in keyring_alloc()
513 	return keyring;  in keyring_alloc()
531 int restrict_link_reject(struct key *keyring,  in restrict_link_reject()  argument
623 static int search_keyring(struct key *keyring, struct keyring_search_context *ctx)  in search_keyring()  argument
628 		object = assoc_array_find(&keyring->keys,  in search_keyring()
633 	return assoc_array_iterate(&keyring->keys, ctx->iterator, ctx);  in search_keyring()
640 static bool search_nested_keyrings(struct key *keyring,  in search_nested_keyrings()  argument
644 		struct key *keyring;  in search_nested_keyrings()  member
656 	       keyring->serial,  in search_nested_keyrings()
671 	    keyring_compare_object(keyring, &ctx->index_key)) {  in search_nested_keyrings()
673 		switch (ctx->iterator(keyring_key_to_ptr(keyring), ctx)) {  in search_nested_keyrings()
687 	kdebug("descend to %d", keyring->serial);  in search_nested_keyrings()
688 	if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) |  in search_nested_keyrings()
695 	if (search_keyring(keyring, ctx))  in search_nested_keyrings()
706 	ptr = READ_ONCE(keyring->keys.root);  in search_nested_keyrings()
772 		stack[sp].keyring = keyring;  in search_nested_keyrings()
778 		keyring = key;  in search_nested_keyrings()
819 	keyring = stack[sp].keyring;  in search_nested_keyrings()
822 	kdebug("ascend to %d [%d]", keyring->serial, slot);  in search_nested_keyrings()
831 		keyring->last_used_at = ctx->now;  in search_nested_keyrings()
833 			stack[--sp].keyring->last_used_at = ctx->now;  in search_nested_keyrings()
874 	struct key *keyring;  in keyring_search_aux()  local
881 	keyring = key_ref_to_ptr(keyring_ref);  in keyring_search_aux()
882 	key_check(keyring);  in keyring_search_aux()
884 	if (keyring->type != &key_type_keyring)  in keyring_search_aux()
895 	if (search_nested_keyrings(keyring, ctx))  in keyring_search_aux()
910 key_ref_t keyring_search(key_ref_t keyring,  in keyring_search()  argument
932 	key = keyring_search_aux(keyring, &ctx);  in keyring_search()
987 	struct key *keyring;  in keyring_restrict()  local
992 	keyring = key_ref_to_ptr(keyring_ref);  in keyring_restrict()
993 	key_check(keyring);  in keyring_restrict()
995 	if (keyring->type != &key_type_keyring)  in keyring_restrict()
1019 	down_write(&keyring->sem);  in keyring_restrict()
1022 	if (keyring->restrict_link)  in keyring_restrict()
1024 	else if (keyring_detect_restriction_cycle(keyring, restrict_link))  in keyring_restrict()
1027 		keyring->restrict_link = restrict_link;  in keyring_restrict()
1030 	up_write(&keyring->sem);  in keyring_restrict()
1062 	struct key *keyring, *key;  in find_key_to_update()  local
1065 	keyring = key_ref_to_ptr(keyring_ref);  in find_key_to_update()
1068 	       keyring->serial, index_key->type->name, index_key->description);  in find_key_to_update()
1070 	object = assoc_array_find(&keyring->keys, &keyring_assoc_array_ops,  in find_key_to_update()
1104 	struct key *keyring;  in find_keyring_by_name()  local
1117 		list_for_each_entry(keyring,  in find_keyring_by_name()
1121 			if (!kuid_has_mapping(current_user_ns(), keyring->user->uid))  in find_keyring_by_name()
1124 			if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))  in find_keyring_by_name()
1127 			if (strcmp(keyring->description, name) != 0)  in find_keyring_by_name()
1132 					      &keyring->flags))  in find_keyring_by_name()
1135 				if (key_permission(make_key_ref(keyring, 0),  in find_keyring_by_name()
1143 			if (!refcount_inc_not_zero(&keyring->usage))  in find_keyring_by_name()
1145 			keyring->last_used_at = ktime_get_real_seconds();  in find_keyring_by_name()
1150 	keyring = ERR_PTR(-ENOKEY);  in find_keyring_by_name()
1153 	return keyring;  in find_keyring_by_name()
1202 int __key_link_begin(struct key *keyring,  in __key_link_begin()  argument
1205 	__acquires(&keyring->sem)  in __key_link_begin()
1212 	       keyring->serial, index_key->type->name, index_key->description);  in __key_link_begin()
1216 	if (keyring->type != &key_type_keyring)  in __key_link_begin()
1219 	down_write(&keyring->sem);  in __key_link_begin()
1222 	if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))  in __key_link_begin()
1233 	edit = assoc_array_insert(&keyring->keys,  in __key_link_begin()
1246 		ret = key_payload_reserve(keyring,  in __key_link_begin()
1247 					  keyring->datalen + KEYQUOTA_LINK_BYTES);  in __key_link_begin()
1262 	up_write(&keyring->sem);  in __key_link_begin()
1273 int __key_link_check_live_key(struct key *keyring, struct key *key)  in __key_link_check_live_key()  argument
1278 		return keyring_detect_cycle(keyring, key);  in __key_link_check_live_key()
1303 void __key_link_end(struct key *keyring,  in __key_link_end()  argument
1306 	__releases(&keyring->sem)  in __key_link_end()
1310 	kenter("%d,%s,", keyring->serial, index_key->type->name);  in __key_link_end()
1317 			key_payload_reserve(keyring,  in __key_link_end()
1318 				keyring->datalen - KEYQUOTA_LINK_BYTES);  in __key_link_end()
1322 	up_write(&keyring->sem);  in __key_link_end()
1328 static int __key_link_check_restriction(struct key *keyring, struct key *key)  in __key_link_check_restriction()  argument
1330 	if (!keyring->restrict_link || !keyring->restrict_link->check)  in __key_link_check_restriction()
1332 	return keyring->restrict_link->check(keyring, key->type, &key->payload,  in __key_link_check_restriction()
1333 					     keyring->restrict_link->key);  in __key_link_check_restriction()
1356 int key_link(struct key *keyring, struct key *key)  in key_link()  argument
1361 	kenter("{%d,%d}", keyring->serial, refcount_read(&keyring->usage));  in key_link()
1363 	key_check(keyring);  in key_link()
1366 	ret = __key_link_begin(keyring, &key->index_key, &edit);  in key_link()
1368 		kdebug("begun {%d,%d}", keyring->serial, refcount_read(&keyring->usage));  in key_link()
1369 		ret = __key_link_check_restriction(keyring, key);  in key_link()
1371 			ret = __key_link_check_live_key(keyring, key);  in key_link()
1374 		__key_link_end(keyring, &key->index_key, edit);  in key_link()
1377 	kleave(" = %d {%d,%d}", ret, keyring->serial, refcount_read(&keyring->usage));  in key_link()
1399 int key_unlink(struct key *keyring, struct key *key)  in key_unlink()  argument
1404 	key_check(keyring);  in key_unlink()
1407 	if (keyring->type != &key_type_keyring)  in key_unlink()
1410 	down_write(&keyring->sem);  in key_unlink()
1412 	edit = assoc_array_delete(&keyring->keys, &keyring_assoc_array_ops,  in key_unlink()
1423 	key_payload_reserve(keyring, keyring->datalen - KEYQUOTA_LINK_BYTES);  in key_unlink()
1427 	up_write(&keyring->sem);  in key_unlink()
1440 int keyring_clear(struct key *keyring)  in keyring_clear()  argument
1445 	if (keyring->type != &key_type_keyring)  in keyring_clear()
1448 	down_write(&keyring->sem);  in keyring_clear()
1450 	edit = assoc_array_clear(&keyring->keys, &keyring_assoc_array_ops);  in keyring_clear()
1456 		key_payload_reserve(keyring, 0);  in keyring_clear()
1460 	up_write(&keyring->sem);  in keyring_clear()
1470 static void keyring_revoke(struct key *keyring)  in keyring_revoke()  argument
1474 	edit = assoc_array_clear(&keyring->keys, &keyring_assoc_array_ops);  in keyring_revoke()
1478 		key_payload_reserve(keyring, 0);  in keyring_revoke()
1508 void keyring_gc(struct key *keyring, time64_t limit)  in keyring_gc()  argument
1512 	kenter("%x{%s}", keyring->serial, keyring->description ?: "");  in keyring_gc()
1514 	if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) |  in keyring_gc()
1520 	result = assoc_array_iterate(&keyring->keys,  in keyring_gc()
1531 	down_write(&keyring->sem);  in keyring_gc()
1532 	assoc_array_gc(&keyring->keys, &keyring_assoc_array_ops,  in keyring_gc()
1534 	up_write(&keyring->sem);  in keyring_gc()
1553 void keyring_restriction_gc(struct key *keyring, struct key_type *dead_type)  in keyring_restriction_gc()  argument
1557 	kenter("%x{%s}", keyring->serial, keyring->description ?: "");  in keyring_restriction_gc()
1566 	if (!dead_type || !keyring->restrict_link ||  in keyring_restriction_gc()
1567 	    keyring->restrict_link->keytype != dead_type) {  in keyring_restriction_gc()
1573 	down_write(&keyring->sem);  in keyring_restriction_gc()
1575 	keyres = keyring->restrict_link;  in keyring_restriction_gc()
1583 	up_write(&keyring->sem);  in keyring_restriction_gc()