gc.c 5.2 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
/* Key garbage collector
 *
 * Copyright (C) 2009 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public Licence
 * as published by the Free Software Foundation; either version
 * 2 of the Licence, or (at your option) any later version.
 */

#include <linux/module.h>
#include <keys/keyring-type.h>
#include "internal.h"

/*
 * Delay between key revocation/expiry in seconds
 */
unsigned key_gc_delay = 5 * 60;

/*
 * Reaper
 */
static void key_gc_timer_func(unsigned long);
static void key_garbage_collector(struct work_struct *);
static DEFINE_TIMER(key_gc_timer, key_gc_timer_func, 0, 0);
static DECLARE_WORK(key_gc_work, key_garbage_collector);
static key_serial_t key_gc_cursor; /* the last key the gc considered */
D
David Howells 已提交
29
static bool key_gc_again;
30 31
static unsigned long key_gc_executing;
static time_t key_gc_next_run = LONG_MAX;
D
David Howells 已提交
32
static time_t key_gc_new_timer;
33 34

/*
35 36
 * Schedule a garbage collection run.
 * - time precision isn't particularly important
37 38 39 40 41 42 43 44
 */
void key_schedule_gc(time_t gc_at)
{
	unsigned long expires;
	time_t now = current_kernel_time().tv_sec;

	kenter("%ld", gc_at - now);

D
David Howells 已提交
45
	if (gc_at <= now) {
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
		schedule_work(&key_gc_work);
	} else if (gc_at < key_gc_next_run) {
		expires = jiffies + (gc_at - now) * HZ;
		mod_timer(&key_gc_timer, expires);
	}
}

/*
 * The garbage collector timer kicked off
 */
static void key_gc_timer_func(unsigned long data)
{
	kenter("");
	key_gc_next_run = LONG_MAX;
	schedule_work(&key_gc_work);
}

/*
64 65 66
 * Garbage collect pointers from a keyring.
 *
 * Return true if we altered the keyring.
67 68
 */
static bool key_gc_keyring(struct key *keyring, time_t limit)
69
	__releases(key_serial_lock)
70 71 72 73 74 75 76 77 78 79 80
{
	struct keyring_list *klist;
	struct key *key;
	int loop;

	kenter("%x", key_serial(keyring));

	if (test_bit(KEY_FLAG_REVOKED, &keyring->flags))
		goto dont_gc;

	/* scan the keyring looking for dead keys */
81 82
	rcu_read_lock();
	klist = rcu_dereference(keyring->payload.subscriptions);
83
	if (!klist)
84
		goto unlock_dont_gc;
85 86 87 88 89 90 91 92

	for (loop = klist->nkeys - 1; loop >= 0; loop--) {
		key = klist->keys[loop];
		if (test_bit(KEY_FLAG_DEAD, &key->flags) ||
		    (key->expiry > 0 && key->expiry <= limit))
			goto do_gc;
	}

93 94
unlock_dont_gc:
	rcu_read_unlock();
95 96 97 98 99
dont_gc:
	kleave(" = false");
	return false;

do_gc:
100
	rcu_read_unlock();
101 102 103 104 105 106 107 108 109 110
	key_gc_cursor = keyring->serial;
	key_get(keyring);
	spin_unlock(&key_serial_lock);
	keyring_gc(keyring, limit);
	key_put(keyring);
	kleave(" = true");
	return true;
}

/*
111 112
 * Garbage collector for keys.  This involves scanning the keyrings for dead,
 * expired and revoked keys that have overstayed their welcome
113 114 115 116 117 118
 */
static void key_garbage_collector(struct work_struct *work)
{
	struct rb_node *rb;
	key_serial_t cursor;
	struct key *key, *xkey;
D
David Howells 已提交
119
	time_t new_timer = LONG_MAX, limit, now;
120

D
David Howells 已提交
121 122
	now = current_kernel_time().tv_sec;
	kenter("[%x,%ld]", key_gc_cursor, key_gc_new_timer - now);
123 124

	if (test_and_set_bit(0, &key_gc_executing)) {
D
David Howells 已提交
125 126
		key_schedule_gc(current_kernel_time().tv_sec + 1);
		kleave(" [busy; deferring]");
127 128 129
		return;
	}

D
David Howells 已提交
130
	limit = now;
131 132 133 134 135 136 137
	if (limit > key_gc_delay)
		limit -= key_gc_delay;
	else
		limit = key_gc_delay;

	spin_lock(&key_serial_lock);

D
David Howells 已提交
138 139 140 141 142
	if (unlikely(RB_EMPTY_ROOT(&key_serial_tree))) {
		spin_unlock(&key_serial_lock);
		clear_bit(0, &key_gc_executing);
		return;
	}
143 144 145 146

	cursor = key_gc_cursor;
	if (cursor < 0)
		cursor = 0;
D
David Howells 已提交
147 148 149 150
	if (cursor > 0)
		new_timer = key_gc_new_timer;
	else
		key_gc_again = false;
151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175

	/* find the first key above the cursor */
	key = NULL;
	rb = key_serial_tree.rb_node;
	while (rb) {
		xkey = rb_entry(rb, struct key, serial_node);
		if (cursor < xkey->serial) {
			key = xkey;
			rb = rb->rb_left;
		} else if (cursor > xkey->serial) {
			rb = rb->rb_right;
		} else {
			rb = rb_next(rb);
			if (!rb)
				goto reached_the_end;
			key = rb_entry(rb, struct key, serial_node);
			break;
		}
	}

	if (!key)
		goto reached_the_end;

	/* trawl through the keys looking for keyrings */
	for (;;) {
176
		if (key->expiry > limit && key->expiry < new_timer) {
D
David Howells 已提交
177
			kdebug("will expire %x in %ld",
178
			       key_serial(key), key->expiry - limit);
179
			new_timer = key->expiry;
D
David Howells 已提交
180
		}
181 182

		if (key->type == &key_type_keyring &&
D
David Howells 已提交
183 184 185 186
		    key_gc_keyring(key, limit))
			/* the gc had to release our lock so that the keyring
			 * could be modified, so we have to get it again */
			goto gc_released_our_lock;
187 188

		rb = rb_next(&key->serial_node);
D
David Howells 已提交
189 190
		if (!rb)
			goto reached_the_end;
191 192 193
		key = rb_entry(rb, struct key, serial_node);
	}

D
David Howells 已提交
194 195 196 197
gc_released_our_lock:
	kdebug("gc_released_our_lock");
	key_gc_new_timer = new_timer;
	key_gc_again = true;
198
	clear_bit(0, &key_gc_executing);
D
David Howells 已提交
199 200
	schedule_work(&key_gc_work);
	kleave(" [continue]");
201 202
	return;

D
David Howells 已提交
203
	/* when we reach the end of the run, we set the timer for the next one */
204
reached_the_end:
D
David Howells 已提交
205 206 207
	kdebug("reached_the_end");
	spin_unlock(&key_serial_lock);
	key_gc_new_timer = new_timer;
208
	key_gc_cursor = 0;
D
David Howells 已提交
209 210 211 212 213 214 215 216 217 218 219 220 221
	clear_bit(0, &key_gc_executing);

	if (key_gc_again) {
		/* there may have been a key that expired whilst we were
		 * scanning, so if we discarded any links we should do another
		 * scan */
		new_timer = now + 1;
		key_schedule_gc(new_timer);
	} else if (new_timer < LONG_MAX) {
		new_timer += key_gc_delay;
		key_schedule_gc(new_timer);
	}
	kleave(" [end]");
222
}