3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
15 #include <linux/slab.h>
16 #include <linux/security.h>
17 #include <linux/seq_file.h>
18 #include <linux/err.h>
19 #include <keys/keyring-type.h>
20 #include <linux/uaccess.h>
23 #define rcu_dereference_locked_keyring(keyring) \
24 (rcu_dereference_protected( \
25 (keyring)->payload.subscriptions, \
26 rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))
29 * when plumbing the depths of the key tree, this sets a hard limit set on how
30 * deep we're willing to go
32 #define KEYRING_SEARCH_MAX_DEPTH 6
35 * we keep all named keyrings in a hash to speed looking them up
37 #define KEYRING_NAME_HASH_SIZE (1 << 5)
39 static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE];
40 static DEFINE_RWLOCK(keyring_name_lock);
42 static inline unsigned keyring_hash(const char *desc)
47 bucket += (unsigned char)*desc;
49 return bucket & (KEYRING_NAME_HASH_SIZE - 1);
53 * the keyring type definition
55 static int keyring_instantiate(struct key *keyring,
56 const void *data, size_t datalen);
57 static int keyring_match(const struct key *keyring, const void *criterion);
58 static void keyring_revoke(struct key *keyring);
59 static void keyring_destroy(struct key *keyring);
60 static void keyring_describe(const struct key *keyring, struct seq_file *m);
61 static long keyring_read(const struct key *keyring,
62 char __user *buffer, size_t buflen);
64 struct key_type key_type_keyring = {
66 .def_datalen = sizeof(struct keyring_list),
67 .instantiate = keyring_instantiate,
68 .match = keyring_match,
69 .revoke = keyring_revoke,
70 .destroy = keyring_destroy,
71 .describe = keyring_describe,
75 EXPORT_SYMBOL(key_type_keyring);
78 * semaphore to serialise link/link calls to prevent two link calls in parallel
81 static DECLARE_RWSEM(keyring_serialise_link_sem);
83 /*****************************************************************************/
85 * publish the name of a keyring so that it can be found by name (if it has
88 static void keyring_publish_name(struct key *keyring)
92 if (keyring->description) {
93 bucket = keyring_hash(keyring->description);
95 write_lock(&keyring_name_lock);
97 if (!keyring_name_hash[bucket].next)
98 INIT_LIST_HEAD(&keyring_name_hash[bucket]);
100 list_add_tail(&keyring->type_data.link,
101 &keyring_name_hash[bucket]);
103 write_unlock(&keyring_name_lock);
106 } /* end keyring_publish_name() */
108 /*****************************************************************************/
110 * initialise a keyring
111 * - we object if we were given any data
113 static int keyring_instantiate(struct key *keyring,
114 const void *data, size_t datalen)
120 /* make the keyring available by name if it has one */
121 keyring_publish_name(keyring);
127 } /* end keyring_instantiate() */
129 /*****************************************************************************/
131 * match keyrings on their name
133 static int keyring_match(const struct key *keyring, const void *description)
135 return keyring->description &&
136 strcmp(keyring->description, description) == 0;
138 } /* end keyring_match() */
140 /*****************************************************************************/
142 * dispose of the data dangling from the corpse of a keyring
144 static void keyring_destroy(struct key *keyring)
146 struct keyring_list *klist;
149 if (keyring->description) {
150 write_lock(&keyring_name_lock);
152 if (keyring->type_data.link.next != NULL &&
153 !list_empty(&keyring->type_data.link))
154 list_del(&keyring->type_data.link);
156 write_unlock(&keyring_name_lock);
159 klist = rcu_dereference_check(keyring->payload.subscriptions,
160 rcu_read_lock_held() ||
161 atomic_read(&keyring->usage) == 0);
163 for (loop = klist->nkeys - 1; loop >= 0; loop--)
164 key_put(klist->keys[loop]);
168 } /* end keyring_destroy() */
170 /*****************************************************************************/
172 * describe the keyring
174 static void keyring_describe(const struct key *keyring, struct seq_file *m)
176 struct keyring_list *klist;
178 if (keyring->description)
179 seq_puts(m, keyring->description);
181 seq_puts(m, "[anon]");
184 klist = rcu_dereference(keyring->payload.subscriptions);
186 seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys);
188 seq_puts(m, ": empty");
191 } /* end keyring_describe() */
193 /*****************************************************************************/
195 * read a list of key IDs from the keyring's contents
196 * - the keyring's semaphore is read-locked
198 static long keyring_read(const struct key *keyring,
199 char __user *buffer, size_t buflen)
201 struct keyring_list *klist;
207 klist = rcu_dereference_locked_keyring(keyring);
209 /* calculate how much data we could return */
210 qty = klist->nkeys * sizeof(key_serial_t);
212 if (buffer && buflen > 0) {
216 /* copy the IDs of the subscribed keys into the
220 for (loop = 0; loop < klist->nkeys; loop++) {
221 key = klist->keys[loop];
223 tmp = sizeof(key_serial_t);
227 if (copy_to_user(buffer,
245 } /* end keyring_read() */
247 /*****************************************************************************/
249 * allocate a keyring and link into the destination keyring
251 struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
252 const struct cred *cred, unsigned long flags,
258 keyring = key_alloc(&key_type_keyring, description,
260 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL,
263 if (!IS_ERR(keyring)) {
264 ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);
267 keyring = ERR_PTR(ret);
273 } /* end keyring_alloc() */
275 /*****************************************************************************/
277 * search the supplied keyring tree for a key that matches the criterion
278 * - perform a breadth-then-depth search up to the prescribed limit
279 * - we only find keys on which we have search permission
280 * - we use the supplied match function to see if the description (or other
281 * feature of interest) matches
282 * - we rely on RCU to prevent the keyring lists from disappearing on us
283 * - we return -EAGAIN if we didn't find any matching key
284 * - we return -ENOKEY if we only found negative matching keys
285 * - we propagate the possession attribute from the keyring ref to the key ref
287 key_ref_t keyring_search_aux(key_ref_t keyring_ref,
288 const struct cred *cred,
289 struct key_type *type,
290 const void *description,
291 key_match_func_t match)
294 struct keyring_list *keylist;
296 } stack[KEYRING_SEARCH_MAX_DEPTH];
298 struct keyring_list *keylist;
300 unsigned long possessed, kflags;
301 struct key *keyring, *key;
306 keyring = key_ref_to_ptr(keyring_ref);
307 possessed = is_key_possessed(keyring_ref);
310 /* top keyring must have search permission to begin the search */
311 err = key_task_permission(keyring_ref, cred, KEY_SEARCH);
313 key_ref = ERR_PTR(err);
317 key_ref = ERR_PTR(-ENOTDIR);
318 if (keyring->type != &key_type_keyring)
323 now = current_kernel_time();
327 /* firstly we should check to see if this top-level keyring is what we
329 key_ref = ERR_PTR(-EAGAIN);
330 kflags = keyring->flags;
331 if (keyring->type == type && match(keyring, description)) {
334 /* check it isn't negative and hasn't expired or been
336 if (kflags & (1 << KEY_FLAG_REVOKED))
338 if (key->expiry && now.tv_sec >= key->expiry)
340 key_ref = ERR_PTR(-ENOKEY);
341 if (kflags & (1 << KEY_FLAG_NEGATIVE))
346 /* otherwise, the top keyring must not be revoked, expired, or
347 * negatively instantiated if we are to search it */
348 key_ref = ERR_PTR(-EAGAIN);
349 if (kflags & ((1 << KEY_FLAG_REVOKED) | (1 << KEY_FLAG_NEGATIVE)) ||
350 (keyring->expiry && now.tv_sec >= keyring->expiry))
353 /* start processing a new keyring */
355 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
356 goto not_this_keyring;
358 keylist = rcu_dereference(keyring->payload.subscriptions);
360 goto not_this_keyring;
362 /* iterate through the keys in this keyring first */
363 for (kix = 0; kix < keylist->nkeys; kix++) {
364 key = keylist->keys[kix];
367 /* ignore keys not of this type */
368 if (key->type != type)
371 /* skip revoked keys and expired keys */
372 if (kflags & (1 << KEY_FLAG_REVOKED))
375 if (key->expiry && now.tv_sec >= key->expiry)
378 /* keys that don't match */
379 if (!match(key, description))
382 /* key must have search permissions */
383 if (key_task_permission(make_key_ref(key, possessed),
384 cred, KEY_SEARCH) < 0)
387 /* we set a different error code if we pass a negative key */
388 if (kflags & (1 << KEY_FLAG_NEGATIVE)) {
396 /* search through the keyrings nested in this one */
399 for (; kix < keylist->nkeys; kix++) {
400 key = keylist->keys[kix];
401 if (key->type != &key_type_keyring)
404 /* recursively search nested keyrings
405 * - only search keyrings for which we have search permission
407 if (sp >= KEYRING_SEARCH_MAX_DEPTH)
410 if (key_task_permission(make_key_ref(key, possessed),
411 cred, KEY_SEARCH) < 0)
414 /* stack the current position */
415 stack[sp].keylist = keylist;
419 /* begin again with the new keyring */
424 /* the keyring we're looking at was disqualified or didn't contain a
428 /* resume the processing of a keyring higher up in the tree */
430 keylist = stack[sp].keylist;
431 kix = stack[sp].kix + 1;
435 key_ref = ERR_PTR(err);
438 /* we found a viable match */
440 atomic_inc(&key->usage);
442 key_ref = make_key_ref(key, possessed);
448 } /* end keyring_search_aux() */
450 /*****************************************************************************/
452 * search the supplied keyring tree for a key that matches the criterion
453 * - perform a breadth-then-depth search up to the prescribed limit
454 * - we only find keys on which we have search permission
455 * - we readlock the keyrings as we search down the tree
456 * - we return -EAGAIN if we didn't find any matching key
457 * - we return -ENOKEY if we only found negative matching keys
459 key_ref_t keyring_search(key_ref_t keyring,
460 struct key_type *type,
461 const char *description)
464 return ERR_PTR(-ENOKEY);
466 return keyring_search_aux(keyring, current->cred,
467 type, description, type->match);
469 } /* end keyring_search() */
471 EXPORT_SYMBOL(keyring_search);
473 /*****************************************************************************/
475 * search the given keyring only (no recursion)
476 * - keyring must be locked by caller
477 * - caller must guarantee that the keyring is a keyring
479 key_ref_t __keyring_search_one(key_ref_t keyring_ref,
480 const struct key_type *ktype,
481 const char *description,
484 struct keyring_list *klist;
485 unsigned long possessed;
486 struct key *keyring, *key;
489 keyring = key_ref_to_ptr(keyring_ref);
490 possessed = is_key_possessed(keyring_ref);
494 klist = rcu_dereference(keyring->payload.subscriptions);
496 for (loop = 0; loop < klist->nkeys; loop++) {
497 key = klist->keys[loop];
499 if (key->type == ktype &&
500 (!key->type->match ||
501 key->type->match(key, description)) &&
502 key_permission(make_key_ref(key, possessed),
504 !test_bit(KEY_FLAG_REVOKED, &key->flags)
511 return ERR_PTR(-ENOKEY);
514 atomic_inc(&key->usage);
516 return make_key_ref(key, possessed);
518 } /* end __keyring_search_one() */
520 /*****************************************************************************/
522 * find a keyring with the specified name
523 * - all named keyrings are searched
524 * - normally only finds keyrings with search permission for the current process
526 struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
532 return ERR_PTR(-EINVAL);
534 bucket = keyring_hash(name);
536 read_lock(&keyring_name_lock);
538 if (keyring_name_hash[bucket].next) {
539 /* search this hash bucket for a keyring with a matching name
540 * that's readable and that hasn't been revoked */
541 list_for_each_entry(keyring,
542 &keyring_name_hash[bucket],
545 if (keyring->user->user_ns != current_user_ns())
548 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
551 if (strcmp(keyring->description, name) != 0)
554 if (!skip_perm_check &&
555 key_permission(make_key_ref(keyring, 0),
559 /* we've got a match but we might end up racing with
560 * key_cleanup() if the keyring is currently 'dead'
561 * (ie. it has a zero usage count) */
562 if (!atomic_inc_not_zero(&keyring->usage))
568 keyring = ERR_PTR(-ENOKEY);
570 read_unlock(&keyring_name_lock);
573 } /* end find_keyring_by_name() */
575 /*****************************************************************************/
577 * see if a cycle will will be created by inserting acyclic tree B in acyclic
578 * tree A at the topmost level (ie: as a direct child of A)
579 * - since we are adding B to A at the top level, checking for cycles should
580 * just be a matter of seeing if node A is somewhere in tree B
582 static int keyring_detect_cycle(struct key *A, struct key *B)
585 struct keyring_list *keylist;
587 } stack[KEYRING_SEARCH_MAX_DEPTH];
589 struct keyring_list *keylist;
590 struct key *subtree, *key;
602 /* start processing a new keyring */
604 if (test_bit(KEY_FLAG_REVOKED, &subtree->flags))
605 goto not_this_keyring;
607 keylist = rcu_dereference(subtree->payload.subscriptions);
609 goto not_this_keyring;
613 /* iterate through the remaining keys in this keyring */
614 for (; kix < keylist->nkeys; kix++) {
615 key = keylist->keys[kix];
620 /* recursively check nested keyrings */
621 if (key->type == &key_type_keyring) {
622 if (sp >= KEYRING_SEARCH_MAX_DEPTH)
625 /* stack the current position */
626 stack[sp].keylist = keylist;
630 /* begin again with the new keyring */
636 /* the keyring we're looking at was disqualified or didn't contain a
640 /* resume the checking of a keyring higher up in the tree */
642 keylist = stack[sp].keylist;
643 kix = stack[sp].kix + 1;
647 ret = 0; /* no cycles detected */
661 } /* end keyring_detect_cycle() */
664 * dispose of a keyring list after the RCU grace period, freeing the unlinked
667 static void keyring_unlink_rcu_disposal(struct rcu_head *rcu)
669 struct keyring_list *klist =
670 container_of(rcu, struct keyring_list, rcu);
672 if (klist->delkey != USHRT_MAX)
673 key_put(klist->keys[klist->delkey]);
678 * preallocate memory so that a key can be linked into to a keyring
680 int __key_link_begin(struct key *keyring, const struct key_type *type,
681 const char *description,
682 struct keyring_list **_prealloc)
683 __acquires(&keyring->sem)
685 struct keyring_list *klist, *nklist;
690 kenter("%d,%s,%s,", key_serial(keyring), type->name, description);
692 if (keyring->type != &key_type_keyring)
695 down_write(&keyring->sem);
698 if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
701 /* serialise link/link calls to prevent parallel calls causing a cycle
702 * when linking two keyring in opposite orders */
703 if (type == &key_type_keyring)
704 down_write(&keyring_serialise_link_sem);
706 klist = rcu_dereference_locked_keyring(keyring);
708 /* see if there's a matching key we can displace */
709 if (klist && klist->nkeys > 0) {
710 for (loop = klist->nkeys - 1; loop >= 0; loop--) {
711 if (klist->keys[loop]->type == type &&
712 strcmp(klist->keys[loop]->description,
715 /* found a match - we'll replace this one with
717 size = sizeof(struct key *) * klist->maxkeys;
718 size += sizeof(*klist);
719 BUG_ON(size > PAGE_SIZE);
722 nklist = kmemdup(klist, size, GFP_KERNEL);
726 /* note replacement slot */
727 klist->delkey = nklist->delkey = loop;
733 /* check that we aren't going to overrun the user's quota */
734 ret = key_payload_reserve(keyring,
735 keyring->datalen + KEYQUOTA_LINK_BYTES);
739 if (klist && klist->nkeys < klist->maxkeys) {
740 /* there's sufficient slack space to append directly */
743 /* grow the key list */
746 max += klist->maxkeys;
749 if (max > USHRT_MAX - 1)
751 size = sizeof(*klist) + sizeof(struct key *) * max;
752 if (size > PAGE_SIZE)
756 nklist = kmalloc(size, GFP_KERNEL);
760 nklist->maxkeys = max;
762 memcpy(nklist->keys, klist->keys,
763 sizeof(struct key *) * klist->nkeys);
764 nklist->delkey = klist->nkeys;
765 nklist->nkeys = klist->nkeys + 1;
766 klist->delkey = USHRT_MAX;
772 /* add the key into the new space */
773 nklist->keys[nklist->delkey] = NULL;
782 /* undo the quota changes */
783 key_payload_reserve(keyring,
784 keyring->datalen - KEYQUOTA_LINK_BYTES);
786 if (type == &key_type_keyring)
787 up_write(&keyring_serialise_link_sem);
789 up_write(&keyring->sem);
790 kleave(" = %d", ret);
795 * check already instantiated keys aren't going to be a problem
796 * - the caller must have called __key_link_begin()
797 * - don't need to call this for keys that were created since __key_link_begin()
800 int __key_link_check_live_key(struct key *keyring, struct key *key)
802 if (key->type == &key_type_keyring)
803 /* check that we aren't going to create a cycle by linking one
804 * keyring to another */
805 return keyring_detect_cycle(keyring, key);
810 * link a key into to a keyring
811 * - must be called with __key_link_begin() having being called
812 * - discard already extant link to matching key if there is one
814 void __key_link(struct key *keyring, struct key *key,
815 struct keyring_list **_prealloc)
817 struct keyring_list *klist, *nklist;
822 kenter("%d,%d,%p", keyring->serial, key->serial, nklist);
824 klist = rcu_dereference_protected(keyring->payload.subscriptions,
825 rwsem_is_locked(&keyring->sem));
827 atomic_inc(&key->usage);
829 /* there's a matching key we can displace or an empty slot in a newly
830 * allocated list we can fill */
832 kdebug("replace %hu/%hu/%hu",
833 nklist->delkey, nklist->nkeys, nklist->maxkeys);
835 nklist->keys[nklist->delkey] = key;
837 rcu_assign_pointer(keyring->payload.subscriptions, nklist);
839 /* dispose of the old keyring list and, if there was one, the
842 kdebug("dispose %hu/%hu/%hu",
843 klist->delkey, klist->nkeys, klist->maxkeys);
844 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
847 /* there's sufficient slack space to append directly */
848 klist->keys[klist->nkeys] = key;
855 * finish linking a key into to a keyring
856 * - must be called with __key_link_begin() having being called
858 void __key_link_end(struct key *keyring, struct key_type *type,
859 struct keyring_list *prealloc)
860 __releases(&keyring->sem)
862 BUG_ON(type == NULL);
863 BUG_ON(type->name == NULL);
864 kenter("%d,%s,%p", keyring->serial, type->name, prealloc);
866 if (type == &key_type_keyring)
867 up_write(&keyring_serialise_link_sem);
871 key_payload_reserve(keyring,
872 keyring->datalen - KEYQUOTA_LINK_BYTES);
874 up_write(&keyring->sem);
878 * link a key to a keyring
880 int key_link(struct key *keyring, struct key *key)
882 struct keyring_list *prealloc;
888 ret = __key_link_begin(keyring, key->type, key->description, &prealloc);
890 ret = __key_link_check_live_key(keyring, key);
892 __key_link(keyring, key, &prealloc);
893 __key_link_end(keyring, key->type, prealloc);
899 EXPORT_SYMBOL(key_link);
901 /*****************************************************************************/
903 * unlink the first link to a key from a keyring
905 int key_unlink(struct key *keyring, struct key *key)
907 struct keyring_list *klist, *nklist;
914 if (keyring->type != &key_type_keyring)
917 down_write(&keyring->sem);
919 klist = rcu_dereference_locked_keyring(keyring);
921 /* search the keyring for the key */
922 for (loop = 0; loop < klist->nkeys; loop++)
923 if (klist->keys[loop] == key)
927 up_write(&keyring->sem);
932 /* we need to copy the key list for RCU purposes */
933 nklist = kmalloc(sizeof(*klist) +
934 sizeof(struct key *) * klist->maxkeys,
938 nklist->maxkeys = klist->maxkeys;
939 nklist->nkeys = klist->nkeys - 1;
942 memcpy(&nklist->keys[0],
944 loop * sizeof(struct key *));
946 if (loop < nklist->nkeys)
947 memcpy(&nklist->keys[loop],
948 &klist->keys[loop + 1],
949 (nklist->nkeys - loop) * sizeof(struct key *));
951 /* adjust the user's quota */
952 key_payload_reserve(keyring,
953 keyring->datalen - KEYQUOTA_LINK_BYTES);
955 rcu_assign_pointer(keyring->payload.subscriptions, nklist);
957 up_write(&keyring->sem);
959 /* schedule for later cleanup */
960 klist->delkey = loop;
961 call_rcu(&klist->rcu, keyring_unlink_rcu_disposal);
969 up_write(&keyring->sem);
972 } /* end key_unlink() */
974 EXPORT_SYMBOL(key_unlink);
976 /*****************************************************************************/
978 * dispose of a keyring list after the RCU grace period, releasing the keys it
981 static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
983 struct keyring_list *klist;
986 klist = container_of(rcu, struct keyring_list, rcu);
988 for (loop = klist->nkeys - 1; loop >= 0; loop--)
989 key_put(klist->keys[loop]);
993 } /* end keyring_clear_rcu_disposal() */
995 /*****************************************************************************/
997 * clear the specified process keyring
998 * - implements keyctl(KEYCTL_CLEAR)
1000 int keyring_clear(struct key *keyring)
1002 struct keyring_list *klist;
1006 if (keyring->type == &key_type_keyring) {
1007 /* detach the pointer block with the locks held */
1008 down_write(&keyring->sem);
1010 klist = rcu_dereference_locked_keyring(keyring);
1012 /* adjust the quota */
1013 key_payload_reserve(keyring,
1014 sizeof(struct keyring_list));
1016 rcu_assign_pointer(keyring->payload.subscriptions,
1020 up_write(&keyring->sem);
1022 /* free the keys after the locks have been dropped */
1024 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1031 } /* end keyring_clear() */
1033 EXPORT_SYMBOL(keyring_clear);
1035 /*****************************************************************************/
1037 * dispose of the links from a revoked keyring
1038 * - called with the key sem write-locked
1040 static void keyring_revoke(struct key *keyring)
1042 struct keyring_list *klist;
1044 klist = rcu_dereference_locked_keyring(keyring);
1046 /* adjust the quota */
1047 key_payload_reserve(keyring, 0);
1050 rcu_assign_pointer(keyring->payload.subscriptions, NULL);
1051 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1054 } /* end keyring_revoke() */
1057 * Determine whether a key is dead
1059 static bool key_is_dead(struct key *key, time_t limit)
1061 return test_bit(KEY_FLAG_DEAD, &key->flags) ||
1062 (key->expiry > 0 && key->expiry <= limit);
1066 * Collect garbage from the contents of a keyring
1068 void keyring_gc(struct key *keyring, time_t limit)
1070 struct keyring_list *klist, *new;
1072 int loop, keep, max;
1074 kenter("{%x,%s}", key_serial(keyring), keyring->description);
1076 down_write(&keyring->sem);
1078 klist = rcu_dereference_locked_keyring(keyring);
1082 /* work out how many subscriptions we're keeping */
1084 for (loop = klist->nkeys - 1; loop >= 0; loop--)
1085 if (!key_is_dead(klist->keys[loop], limit))
1088 if (keep == klist->nkeys)
1091 /* allocate a new keyring payload */
1092 max = roundup(keep, 4);
1093 new = kmalloc(sizeof(struct keyring_list) + max * sizeof(struct key *),
1101 /* install the live keys
1102 * - must take care as expired keys may be updated back to life
1105 for (loop = klist->nkeys - 1; loop >= 0; loop--) {
1106 key = klist->keys[loop];
1107 if (!key_is_dead(key, limit)) {
1110 new->keys[keep++] = key_get(key);
1115 /* adjust the quota */
1116 key_payload_reserve(keyring,
1117 sizeof(struct keyring_list) +
1118 KEYQUOTA_LINK_BYTES * keep);
1121 rcu_assign_pointer(keyring->payload.subscriptions, NULL);
1124 rcu_assign_pointer(keyring->payload.subscriptions, new);
1127 up_write(&keyring->sem);
1129 call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
1135 keyring_clear_rcu_disposal(&new->rcu);
1136 up_write(&keyring->sem);
1137 kleave(" [discard]");
1141 up_write(&keyring->sem);
1142 kleave(" [no dead]");
1146 up_write(&keyring->sem);
1147 kleave(" [no_klist]");
1151 up_write(&keyring->sem);
git.openpandora.org / pandora-kernel.git / blob