From: "Serge E. Hallyn" <serue@us.ibm.com>
To: David Howells <dhowells@redhat.com>
Cc: torvalds@osdl.org, akpm@linux-foundation.org, jmorris@namei.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH 4/6] KEYS: Add garbage collection for dead, revoked and expired keys.
Date: Tue, 4 Aug 2009 13:43:34 -0500 [thread overview]
Message-ID: <20090804184334.GC8442@us.ibm.com> (raw)
In-Reply-To: <20090804145546.17676.98776.stgit@warthog.procyon.org.uk>
Quoting David Howells (dhowells@redhat.com):
> Add garbage collection for dead, revoked and expired keys. This involved
> erasing all links to such keys from keyrings that point to them. At that
> point, the key will be deleted in the normal manner.
>
> Keyrings from which garbage collection occurs are shrunk and their quota
> consumption reduced as appropriate.
>
> Dead keys (for which the key type has been removed) will be garbage collected
> immediately.
>
> Revoked and expired keys will hang around for a number of seconds, as set in
> /proc/sys/kernel/keys/gc_delay before being automatically removed. The default
> is 5 minutes.
>
> Signed-off-by: David Howells <dhowells@redhat.com>
> ---
...
> diff --git a/security/keys/keyring.c b/security/keys/keyring.c
> index 3dba81c..acbe0d5 100644
> --- a/security/keys/keyring.c
> +++ b/security/keys/keyring.c
> @@ -1000,3 +1000,81 @@ static void keyring_revoke(struct key *keyring)
> }
>
> } /* end keyring_revoke() */
> +
> +/*
> + * Collect garbage from the contents of a keyring
> + */
> +void keyring_gc(struct key *keyring, time_t limit)
> +{
> + struct keyring_list *klist, *new;
> + struct key *key;
> + int loop, keep, max;
> +
> + kenter("%x", key_serial(keyring));
> +
> + down_write(&keyring->sem);
> +
> + klist = keyring->payload.subscriptions;
> + if (!klist)
> + goto just_return;
> +
> + /* work out how many subscriptions we're keeping */
> + keep = 0;
> + for (loop = klist->nkeys - 1; loop >= 0; loop--) {
> + key = klist->keys[loop];
> + if (!test_bit(KEY_FLAG_DEAD, &key->flags) &&
> + !(key->expiry > 0 && key->expiry <= limit))
These two lines (repeated below) beg for a helper?
> + for (loop = klist->nkeys - 1; loop >= 0; loop--) {
> + key = klist->keys[loop];
> + if (!test_bit(KEY_FLAG_DEAD, &key->flags) &&
> + !(key->expiry > 0 && key->expiry <= limit)) {
> + if (keep >= max)
> + goto discard_new;
Can this happen? This implies that the number of live keys
went up, but we're under keyring->sem?
> + new->keys[keep++] = key_get(key);
> + }
> + }
> + new->nkeys = keep;
> +
> + /* adjust the quota */
> + key_payload_reserve(keyring,
> + sizeof(struct keyring_list) +
> + KEYQUOTA_LINK_BYTES * keep);
> +
> + if (keep == 0) {
> + rcu_assign_pointer(keyring->payload.subscriptions, NULL);
> + kfree(new);
> + } else {
> + rcu_assign_pointer(keyring->payload.subscriptions, new);
> + }
> +
> + up_write(&keyring->sem);
> +
> + call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
> + kleave(" [yes]");
> + return;
> +
> +discard_new:
> + new->nkeys = keep;
> + keyring_clear_rcu_disposal(&new->rcu);
> +just_return:
> + up_write(&keyring->sem);
> + kleave(" [no]");
> +}
> diff --git a/security/keys/sysctl.c b/security/keys/sysctl.c
> index b611d49..5e05dc0 100644
> --- a/security/keys/sysctl.c
> +++ b/security/keys/sysctl.c
> @@ -13,6 +13,8 @@
> #include <linux/sysctl.h>
> #include "internal.h"
>
> +static const int zero, one = 1, max = INT_MAX;
> +
> ctl_table key_sysctls[] = {
> {
> .ctl_name = CTL_UNNUMBERED,
> @@ -20,7 +22,9 @@ ctl_table key_sysctls[] = {
> .data = &key_quota_maxkeys,
> .maxlen = sizeof(unsigned),
> .mode = 0644,
> - .proc_handler = &proc_dointvec,
> + .proc_handler = &proc_dointvec_minmax,
> + .extra1 = (void *) &one,
> + .extra2 = (void *) &max,
> },
> {
> .ctl_name = CTL_UNNUMBERED,
> @@ -28,7 +32,9 @@ ctl_table key_sysctls[] = {
> .data = &key_quota_maxbytes,
> .maxlen = sizeof(unsigned),
> .mode = 0644,
> - .proc_handler = &proc_dointvec,
> + .proc_handler = &proc_dointvec_minmax,
> + .extra1 = (void *) &one,
> + .extra2 = (void *) &max,
> },
> {
> .ctl_name = CTL_UNNUMBERED,
> @@ -36,7 +42,9 @@ ctl_table key_sysctls[] = {
> .data = &key_quota_root_maxkeys,
> .maxlen = sizeof(unsigned),
> .mode = 0644,
> - .proc_handler = &proc_dointvec,
> + .proc_handler = &proc_dointvec_minmax,
> + .extra1 = (void *) &one,
> + .extra2 = (void *) &max,
> },
> {
> .ctl_name = CTL_UNNUMBERED,
> @@ -44,7 +52,19 @@ ctl_table key_sysctls[] = {
> .data = &key_quota_root_maxbytes,
> .maxlen = sizeof(unsigned),
> .mode = 0644,
> - .proc_handler = &proc_dointvec,
> + .proc_handler = &proc_dointvec_minmax,
> + .extra1 = (void *) &one,
> + .extra2 = (void *) &max,
> + },
> + {
> + .ctl_name = CTL_UNNUMBERED,
> + .procname = "gc_delay",
> + .data = &key_gc_delay,
I see where this variable is defined at top of the patch, but
I don't see where it is actually used?
> + .maxlen = sizeof(unsigned),
> + .mode = 0644,
> + .proc_handler = &proc_dointvec_minmax,
> + .extra1 = (void *) &zero,
> + .extra2 = (void *) &max,
> },
> { .ctl_name = 0 }
> };
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2009-08-04 18:43 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-04 14:55 [PATCH 1/6] KEYS: Deal with dead-type keys appropriately David Howells
2009-08-04 14:55 ` [PATCH 2/6] KEYS: Allow keyctl_revoke() on keys that have SETATTR but not WRITE perm David Howells
2009-08-04 15:17 ` Serge E. Hallyn
2009-08-04 15:38 ` David Howells
2009-08-04 15:43 ` David Howells
2009-08-04 14:55 ` [PATCH 3/6] KEYS: Flag dead keys to induce EKEYREVOKED David Howells
2009-08-04 18:22 ` Serge E. Hallyn
2009-08-04 14:55 ` [PATCH 4/6] KEYS: Add garbage collection for dead, revoked and expired keys David Howells
2009-08-04 18:43 ` Serge E. Hallyn [this message]
2009-08-04 20:30 ` David Howells
2009-08-04 21:01 ` Serge E. Hallyn
2009-08-04 22:00 ` David Howells
2009-08-04 22:33 ` Serge E. Hallyn
2009-08-04 14:55 ` [PATCH 5/6] KEYS: Make /proc/keys use keyid not numread as file position David Howells
2009-08-04 14:55 ` [PATCH 6/6] KEYS: Do some whitespace cleanups David Howells
2009-08-04 18:46 ` Serge E. Hallyn
2009-08-04 18:16 ` [PATCH 1/6] KEYS: Deal with dead-type keys appropriately Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090804184334.GC8442@us.ibm.com \
--to=serue@us.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=dhowells@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.