From: "Serge E. Hallyn" <serue@us.ibm.com>
To: David Howells <dhowells@redhat.com>
Cc: torvalds@osdl.org, akpm@linux-foundation.org, jmorris@namei.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH 4/6] KEYS: Add garbage collection for dead, revoked and expired keys.
Date: Tue, 4 Aug 2009 13:43:34 -0500 [thread overview]
Message-ID: <20090804184334.GC8442@us.ibm.com> (raw)
In-Reply-To: <20090804145546.17676.98776.stgit@warthog.procyon.org.uk>
Quoting David Howells (dhowells@redhat.com):
> Add garbage collection for dead, revoked and expired keys. This involved
> erasing all links to such keys from keyrings that point to them. At that
> point, the key will be deleted in the normal manner.
>
> Keyrings from which garbage collection occurs are shrunk and their quota
> consumption reduced as appropriate.
>
> Dead keys (for which the key type has been removed) will be garbage collected
> immediately.
>
> Revoked and expired keys will hang around for a number of seconds, as set in
> /proc/sys/kernel/keys/gc_delay before being automatically removed. The default
> is 5 minutes.
>
> Signed-off-by: David Howells <dhowells@redhat.com>
> ---
...
> diff --git a/security/keys/keyring.c b/security/keys/keyring.c
> index 3dba81c..acbe0d5 100644
> --- a/security/keys/keyring.c
> +++ b/security/keys/keyring.c
> @@ -1000,3 +1000,81 @@ static void keyring_revoke(struct key *keyring)
> }
>
> } /* end keyring_revoke() */
> +
> +/*
> + * Collect garbage from the contents of a keyring
> + */
> +void keyring_gc(struct key *keyring, time_t limit)
> +{
> + struct keyring_list *klist, *new;
> + struct key *key;
> + int loop, keep, max;
> +
> + kenter("%x", key_serial(keyring));
> +
> + down_write(&keyring->sem);
> +
> + klist = keyring->payload.subscriptions;
> + if (!klist)
> + goto just_return;
> +
> + /* work out how many subscriptions we're keeping */
> + keep = 0;
> + for (loop = klist->nkeys - 1; loop >= 0; loop--) {
> + key = klist->keys[loop];
> + if (!test_bit(KEY_FLAG_DEAD, &key->flags) &&
> + !(key->expiry > 0 && key->expiry <= limit))
These two lines (repeated below) beg for a helper?
> + for (loop = klist->nkeys - 1; loop >= 0; loop--) {
> + key = klist->keys[loop];
> + if (!test_bit(KEY_FLAG_DEAD, &key->flags) &&
> + !(key->expiry > 0 && key->expiry <= limit)) {
> + if (keep >= max)
> + goto discard_new;
Can this happen? This implies that the number of live keys
went up, but we're under keyring->sem?
> + new->keys[keep++] = key_get(key);
> + }
> + }
> + new->nkeys = keep;
> +
> + /* adjust the quota */
> + key_payload_reserve(keyring,
> + sizeof(struct keyring_list) +
> + KEYQUOTA_LINK_BYTES * keep);
> +
> + if (keep == 0) {
> + rcu_assign_pointer(keyring->payload.subscriptions, NULL);
> + kfree(new);
> + } else {
> + rcu_assign_pointer(keyring->payload.subscriptions, new);
> + }
> +
> + up_write(&keyring->sem);
> +
> + call_rcu(&klist->rcu, keyring_clear_rcu_disposal);
> + kleave(" [yes]");
> + return;
> +
> +discard_new:
> + new->nkeys = keep;
> + keyring_clear_rcu_disposal(&new->rcu);
> +just_return:
> + up_write(&keyring->sem);
> + kleave(" [no]");
> +}
> diff --git a/security/keys/sysctl.c b/security/keys/sysctl.c
> index b611d49..5e05dc0 100644
> --- a/security/keys/sysctl.c
> +++ b/security/keys/sysctl.c
> @@ -13,6 +13,8 @@
> #include <linux/sysctl.h>
> #include "internal.h"
>
> +static const int zero, one = 1, max = INT_MAX;
> +
> ctl_table key_sysctls[] = {
> {
> .ctl_name = CTL_UNNUMBERED,
> @@ -20,7 +22,9 @@ ctl_table key_sysctls[] = {
> .data = &key_quota_maxkeys,
> .maxlen = sizeof(unsigned),
> .mode = 0644,
> - .proc_handler = &proc_dointvec,
> + .proc_handler = &proc_dointvec_minmax,
> + .extra1 = (void *) &one,
> + .extra2 = (void *) &max,
> },
> {
> .ctl_name = CTL_UNNUMBERED,
> @@ -28,7 +32,9 @@ ctl_table key_sysctls[] = {
> .data = &key_quota_maxbytes,
> .maxlen = sizeof(unsigned),
> .mode = 0644,
> - .proc_handler = &proc_dointvec,
> + .proc_handler = &proc_dointvec_minmax,
> + .extra1 = (void *) &one,
> + .extra2 = (void *) &max,
> },
> {
> .ctl_name = CTL_UNNUMBERED,
> @@ -36,7 +42,9 @@ ctl_table key_sysctls[] = {
> .data = &key_quota_root_maxkeys,
> .maxlen = sizeof(unsigned),
> .mode = 0644,
> - .proc_handler = &proc_dointvec,
> + .proc_handler = &proc_dointvec_minmax,
> + .extra1 = (void *) &one,
> + .extra2 = (void *) &max,
> },
> {
> .ctl_name = CTL_UNNUMBERED,
> @@ -44,7 +52,19 @@ ctl_table key_sysctls[] = {
> .data = &key_quota_root_maxbytes,
> .maxlen = sizeof(unsigned),
> .mode = 0644,
> - .proc_handler = &proc_dointvec,
> + .proc_handler = &proc_dointvec_minmax,
> + .extra1 = (void *) &one,
> + .extra2 = (void *) &max,
> + },
> + {
> + .ctl_name = CTL_UNNUMBERED,
> + .procname = "gc_delay",
> + .data = &key_gc_delay,
I see where this variable is defined at top of the patch, but
I don't see where it is actually used?
> + .maxlen = sizeof(unsigned),
> + .mode = 0644,
> + .proc_handler = &proc_dointvec_minmax,
> + .extra1 = (void *) &zero,
> + .extra2 = (void *) &max,
> },
> { .ctl_name = 0 }
> };
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2009-08-04 18:43 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-04 14:55 [PATCH 1/6] KEYS: Deal with dead-type keys appropriately David Howells
2009-08-04 14:55 ` [PATCH 2/6] KEYS: Allow keyctl_revoke() on keys that have SETATTR but not WRITE perm David Howells
2009-08-04 15:17 ` Serge E. Hallyn
2009-08-04 15:38 ` David Howells
2009-08-04 15:43 ` David Howells
2009-08-04 14:55 ` [PATCH 3/6] KEYS: Flag dead keys to induce EKEYREVOKED David Howells
2009-08-04 18:22 ` Serge E. Hallyn
2009-08-04 14:55 ` [PATCH 4/6] KEYS: Add garbage collection for dead, revoked and expired keys David Howells
2009-08-04 18:43 ` Serge E. Hallyn [this message]
2009-08-04 20:30 ` David Howells
2009-08-04 21:01 ` Serge E. Hallyn
2009-08-04 22:00 ` David Howells
2009-08-04 22:33 ` Serge E. Hallyn
2009-08-04 14:55 ` [PATCH 5/6] KEYS: Make /proc/keys use keyid not numread as file position David Howells
2009-08-04 14:55 ` [PATCH 6/6] KEYS: Do some whitespace cleanups David Howells
2009-08-04 18:46 ` Serge E. Hallyn
2009-08-04 18:16 ` [PATCH 1/6] KEYS: Deal with dead-type keys appropriately Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090804184334.GC8442@us.ibm.com \
--to=serue@us.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=dhowells@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox