18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 28c2ecf20Sopenharmony_ci/* Key garbage collector 38c2ecf20Sopenharmony_ci * 48c2ecf20Sopenharmony_ci * Copyright (C) 2009-2011 Red Hat, Inc. All Rights Reserved. 58c2ecf20Sopenharmony_ci * Written by David Howells (dhowells@redhat.com) 68c2ecf20Sopenharmony_ci */ 78c2ecf20Sopenharmony_ci 88c2ecf20Sopenharmony_ci#include <linux/slab.h> 98c2ecf20Sopenharmony_ci#include <linux/security.h> 108c2ecf20Sopenharmony_ci#include <keys/keyring-type.h> 118c2ecf20Sopenharmony_ci#include "internal.h" 128c2ecf20Sopenharmony_ci 138c2ecf20Sopenharmony_ci/* 148c2ecf20Sopenharmony_ci * Delay between key revocation/expiry in seconds 158c2ecf20Sopenharmony_ci */ 168c2ecf20Sopenharmony_ciunsigned key_gc_delay = 5 * 60; 178c2ecf20Sopenharmony_ci 188c2ecf20Sopenharmony_ci/* 198c2ecf20Sopenharmony_ci * Reaper for unused keys. 208c2ecf20Sopenharmony_ci */ 218c2ecf20Sopenharmony_cistatic void key_garbage_collector(struct work_struct *work); 228c2ecf20Sopenharmony_ciDECLARE_WORK(key_gc_work, key_garbage_collector); 238c2ecf20Sopenharmony_ci 248c2ecf20Sopenharmony_ci/* 258c2ecf20Sopenharmony_ci * Reaper for links from keyrings to dead keys. 268c2ecf20Sopenharmony_ci */ 278c2ecf20Sopenharmony_cistatic void key_gc_timer_func(struct timer_list *); 288c2ecf20Sopenharmony_cistatic DEFINE_TIMER(key_gc_timer, key_gc_timer_func); 298c2ecf20Sopenharmony_ci 308c2ecf20Sopenharmony_cistatic time64_t key_gc_next_run = TIME64_MAX; 318c2ecf20Sopenharmony_cistatic struct key_type *key_gc_dead_keytype; 328c2ecf20Sopenharmony_ci 338c2ecf20Sopenharmony_cistatic unsigned long key_gc_flags; 348c2ecf20Sopenharmony_ci#define KEY_GC_KEY_EXPIRED 0 /* A key expired and needs unlinking */ 358c2ecf20Sopenharmony_ci#define KEY_GC_REAP_KEYTYPE 1 /* A keytype is being unregistered */ 368c2ecf20Sopenharmony_ci#define KEY_GC_REAPING_KEYTYPE 2 /* Cleared when keytype reaped */ 378c2ecf20Sopenharmony_ci 388c2ecf20Sopenharmony_ci 398c2ecf20Sopenharmony_ci/* 408c2ecf20Sopenharmony_ci * Any key whose type gets unregistered will be re-typed to this if it can't be 418c2ecf20Sopenharmony_ci * immediately unlinked. 428c2ecf20Sopenharmony_ci */ 438c2ecf20Sopenharmony_cistruct key_type key_type_dead = { 448c2ecf20Sopenharmony_ci .name = ".dead", 458c2ecf20Sopenharmony_ci}; 468c2ecf20Sopenharmony_ci 478c2ecf20Sopenharmony_ci/* 488c2ecf20Sopenharmony_ci * Schedule a garbage collection run. 498c2ecf20Sopenharmony_ci * - time precision isn't particularly important 508c2ecf20Sopenharmony_ci */ 518c2ecf20Sopenharmony_civoid key_schedule_gc(time64_t gc_at) 528c2ecf20Sopenharmony_ci{ 538c2ecf20Sopenharmony_ci unsigned long expires; 548c2ecf20Sopenharmony_ci time64_t now = ktime_get_real_seconds(); 558c2ecf20Sopenharmony_ci 568c2ecf20Sopenharmony_ci kenter("%lld", gc_at - now); 578c2ecf20Sopenharmony_ci 588c2ecf20Sopenharmony_ci if (gc_at <= now || test_bit(KEY_GC_REAP_KEYTYPE, &key_gc_flags)) { 598c2ecf20Sopenharmony_ci kdebug("IMMEDIATE"); 608c2ecf20Sopenharmony_ci schedule_work(&key_gc_work); 618c2ecf20Sopenharmony_ci } else if (gc_at < key_gc_next_run) { 628c2ecf20Sopenharmony_ci kdebug("DEFERRED"); 638c2ecf20Sopenharmony_ci key_gc_next_run = gc_at; 648c2ecf20Sopenharmony_ci expires = jiffies + (gc_at - now) * HZ; 658c2ecf20Sopenharmony_ci mod_timer(&key_gc_timer, expires); 668c2ecf20Sopenharmony_ci } 678c2ecf20Sopenharmony_ci} 688c2ecf20Sopenharmony_ci 698c2ecf20Sopenharmony_ci/* 708c2ecf20Sopenharmony_ci * Set the expiration time on a key. 718c2ecf20Sopenharmony_ci */ 728c2ecf20Sopenharmony_civoid key_set_expiry(struct key *key, time64_t expiry) 738c2ecf20Sopenharmony_ci{ 748c2ecf20Sopenharmony_ci key->expiry = expiry; 758c2ecf20Sopenharmony_ci if (expiry != TIME64_MAX) { 768c2ecf20Sopenharmony_ci if (!(key->type->flags & KEY_TYPE_INSTANT_REAP)) 778c2ecf20Sopenharmony_ci expiry += key_gc_delay; 788c2ecf20Sopenharmony_ci key_schedule_gc(expiry); 798c2ecf20Sopenharmony_ci } 808c2ecf20Sopenharmony_ci} 818c2ecf20Sopenharmony_ci 828c2ecf20Sopenharmony_ci/* 838c2ecf20Sopenharmony_ci * Schedule a dead links collection run. 848c2ecf20Sopenharmony_ci */ 858c2ecf20Sopenharmony_civoid key_schedule_gc_links(void) 868c2ecf20Sopenharmony_ci{ 878c2ecf20Sopenharmony_ci set_bit(KEY_GC_KEY_EXPIRED, &key_gc_flags); 888c2ecf20Sopenharmony_ci schedule_work(&key_gc_work); 898c2ecf20Sopenharmony_ci} 908c2ecf20Sopenharmony_ci 918c2ecf20Sopenharmony_ci/* 928c2ecf20Sopenharmony_ci * Some key's cleanup time was met after it expired, so we need to get the 938c2ecf20Sopenharmony_ci * reaper to go through a cycle finding expired keys. 948c2ecf20Sopenharmony_ci */ 958c2ecf20Sopenharmony_cistatic void key_gc_timer_func(struct timer_list *unused) 968c2ecf20Sopenharmony_ci{ 978c2ecf20Sopenharmony_ci kenter(""); 988c2ecf20Sopenharmony_ci key_gc_next_run = TIME64_MAX; 998c2ecf20Sopenharmony_ci key_schedule_gc_links(); 1008c2ecf20Sopenharmony_ci} 1018c2ecf20Sopenharmony_ci 1028c2ecf20Sopenharmony_ci/* 1038c2ecf20Sopenharmony_ci * Reap keys of dead type. 1048c2ecf20Sopenharmony_ci * 1058c2ecf20Sopenharmony_ci * We use three flags to make sure we see three complete cycles of the garbage 1068c2ecf20Sopenharmony_ci * collector: the first to mark keys of that type as being dead, the second to 1078c2ecf20Sopenharmony_ci * collect dead links and the third to clean up the dead keys. We have to be 1088c2ecf20Sopenharmony_ci * careful as there may already be a cycle in progress. 1098c2ecf20Sopenharmony_ci * 1108c2ecf20Sopenharmony_ci * The caller must be holding key_types_sem. 1118c2ecf20Sopenharmony_ci */ 1128c2ecf20Sopenharmony_civoid key_gc_keytype(struct key_type *ktype) 1138c2ecf20Sopenharmony_ci{ 1148c2ecf20Sopenharmony_ci kenter("%s", ktype->name); 1158c2ecf20Sopenharmony_ci 1168c2ecf20Sopenharmony_ci key_gc_dead_keytype = ktype; 1178c2ecf20Sopenharmony_ci set_bit(KEY_GC_REAPING_KEYTYPE, &key_gc_flags); 1188c2ecf20Sopenharmony_ci smp_mb(); 1198c2ecf20Sopenharmony_ci set_bit(KEY_GC_REAP_KEYTYPE, &key_gc_flags); 1208c2ecf20Sopenharmony_ci 1218c2ecf20Sopenharmony_ci kdebug("schedule"); 1228c2ecf20Sopenharmony_ci schedule_work(&key_gc_work); 1238c2ecf20Sopenharmony_ci 1248c2ecf20Sopenharmony_ci kdebug("sleep"); 1258c2ecf20Sopenharmony_ci wait_on_bit(&key_gc_flags, KEY_GC_REAPING_KEYTYPE, 1268c2ecf20Sopenharmony_ci TASK_UNINTERRUPTIBLE); 1278c2ecf20Sopenharmony_ci 1288c2ecf20Sopenharmony_ci key_gc_dead_keytype = NULL; 1298c2ecf20Sopenharmony_ci kleave(""); 1308c2ecf20Sopenharmony_ci} 1318c2ecf20Sopenharmony_ci 1328c2ecf20Sopenharmony_ci/* 1338c2ecf20Sopenharmony_ci * Garbage collect a list of unreferenced, detached keys 1348c2ecf20Sopenharmony_ci */ 1358c2ecf20Sopenharmony_cistatic noinline void key_gc_unused_keys(struct list_head *keys) 1368c2ecf20Sopenharmony_ci{ 1378c2ecf20Sopenharmony_ci while (!list_empty(keys)) { 1388c2ecf20Sopenharmony_ci struct key *key = 1398c2ecf20Sopenharmony_ci list_entry(keys->next, struct key, graveyard_link); 1408c2ecf20Sopenharmony_ci short state = key->state; 1418c2ecf20Sopenharmony_ci 1428c2ecf20Sopenharmony_ci list_del(&key->graveyard_link); 1438c2ecf20Sopenharmony_ci 1448c2ecf20Sopenharmony_ci kdebug("- %u", key->serial); 1458c2ecf20Sopenharmony_ci key_check(key); 1468c2ecf20Sopenharmony_ci 1478c2ecf20Sopenharmony_ci#ifdef CONFIG_KEY_NOTIFICATIONS 1488c2ecf20Sopenharmony_ci remove_watch_list(key->watchers, key->serial); 1498c2ecf20Sopenharmony_ci key->watchers = NULL; 1508c2ecf20Sopenharmony_ci#endif 1518c2ecf20Sopenharmony_ci 1528c2ecf20Sopenharmony_ci /* Throw away the key data if the key is instantiated */ 1538c2ecf20Sopenharmony_ci if (state == KEY_IS_POSITIVE && key->type->destroy) 1548c2ecf20Sopenharmony_ci key->type->destroy(key); 1558c2ecf20Sopenharmony_ci 1568c2ecf20Sopenharmony_ci security_key_free(key); 1578c2ecf20Sopenharmony_ci 1588c2ecf20Sopenharmony_ci /* deal with the user's key tracking and quota */ 1598c2ecf20Sopenharmony_ci if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { 1608c2ecf20Sopenharmony_ci spin_lock(&key->user->lock); 1618c2ecf20Sopenharmony_ci key->user->qnkeys--; 1628c2ecf20Sopenharmony_ci key->user->qnbytes -= key->quotalen; 1638c2ecf20Sopenharmony_ci spin_unlock(&key->user->lock); 1648c2ecf20Sopenharmony_ci } 1658c2ecf20Sopenharmony_ci 1668c2ecf20Sopenharmony_ci atomic_dec(&key->user->nkeys); 1678c2ecf20Sopenharmony_ci if (state != KEY_IS_UNINSTANTIATED) 1688c2ecf20Sopenharmony_ci atomic_dec(&key->user->nikeys); 1698c2ecf20Sopenharmony_ci 1708c2ecf20Sopenharmony_ci key_user_put(key->user); 1718c2ecf20Sopenharmony_ci key_put_tag(key->domain_tag); 1728c2ecf20Sopenharmony_ci kfree(key->description); 1738c2ecf20Sopenharmony_ci 1748c2ecf20Sopenharmony_ci memzero_explicit(key, sizeof(*key)); 1758c2ecf20Sopenharmony_ci kmem_cache_free(key_jar, key); 1768c2ecf20Sopenharmony_ci } 1778c2ecf20Sopenharmony_ci} 1788c2ecf20Sopenharmony_ci 1798c2ecf20Sopenharmony_ci/* 1808c2ecf20Sopenharmony_ci * Garbage collector for unused keys. 1818c2ecf20Sopenharmony_ci * 1828c2ecf20Sopenharmony_ci * This is done in process context so that we don't have to disable interrupts 1838c2ecf20Sopenharmony_ci * all over the place. key_put() schedules this rather than trying to do the 1848c2ecf20Sopenharmony_ci * cleanup itself, which means key_put() doesn't have to sleep. 1858c2ecf20Sopenharmony_ci */ 1868c2ecf20Sopenharmony_cistatic void key_garbage_collector(struct work_struct *work) 1878c2ecf20Sopenharmony_ci{ 1888c2ecf20Sopenharmony_ci static LIST_HEAD(graveyard); 1898c2ecf20Sopenharmony_ci static u8 gc_state; /* Internal persistent state */ 1908c2ecf20Sopenharmony_ci#define KEY_GC_REAP_AGAIN 0x01 /* - Need another cycle */ 1918c2ecf20Sopenharmony_ci#define KEY_GC_REAPING_LINKS 0x02 /* - We need to reap links */ 1928c2ecf20Sopenharmony_ci#define KEY_GC_REAPING_DEAD_1 0x10 /* - We need to mark dead keys */ 1938c2ecf20Sopenharmony_ci#define KEY_GC_REAPING_DEAD_2 0x20 /* - We need to reap dead key links */ 1948c2ecf20Sopenharmony_ci#define KEY_GC_REAPING_DEAD_3 0x40 /* - We need to reap dead keys */ 1958c2ecf20Sopenharmony_ci#define KEY_GC_FOUND_DEAD_KEY 0x80 /* - We found at least one dead key */ 1968c2ecf20Sopenharmony_ci 1978c2ecf20Sopenharmony_ci struct rb_node *cursor; 1988c2ecf20Sopenharmony_ci struct key *key; 1998c2ecf20Sopenharmony_ci time64_t new_timer, limit, expiry; 2008c2ecf20Sopenharmony_ci 2018c2ecf20Sopenharmony_ci kenter("[%lx,%x]", key_gc_flags, gc_state); 2028c2ecf20Sopenharmony_ci 2038c2ecf20Sopenharmony_ci limit = ktime_get_real_seconds(); 2048c2ecf20Sopenharmony_ci 2058c2ecf20Sopenharmony_ci /* Work out what we're going to be doing in this pass */ 2068c2ecf20Sopenharmony_ci gc_state &= KEY_GC_REAPING_DEAD_1 | KEY_GC_REAPING_DEAD_2; 2078c2ecf20Sopenharmony_ci gc_state <<= 1; 2088c2ecf20Sopenharmony_ci if (test_and_clear_bit(KEY_GC_KEY_EXPIRED, &key_gc_flags)) 2098c2ecf20Sopenharmony_ci gc_state |= KEY_GC_REAPING_LINKS; 2108c2ecf20Sopenharmony_ci 2118c2ecf20Sopenharmony_ci if (test_and_clear_bit(KEY_GC_REAP_KEYTYPE, &key_gc_flags)) 2128c2ecf20Sopenharmony_ci gc_state |= KEY_GC_REAPING_DEAD_1; 2138c2ecf20Sopenharmony_ci kdebug("new pass %x", gc_state); 2148c2ecf20Sopenharmony_ci 2158c2ecf20Sopenharmony_ci new_timer = TIME64_MAX; 2168c2ecf20Sopenharmony_ci 2178c2ecf20Sopenharmony_ci /* As only this function is permitted to remove things from the key 2188c2ecf20Sopenharmony_ci * serial tree, if cursor is non-NULL then it will always point to a 2198c2ecf20Sopenharmony_ci * valid node in the tree - even if lock got dropped. 2208c2ecf20Sopenharmony_ci */ 2218c2ecf20Sopenharmony_ci spin_lock(&key_serial_lock); 2228c2ecf20Sopenharmony_ci cursor = rb_first(&key_serial_tree); 2238c2ecf20Sopenharmony_ci 2248c2ecf20Sopenharmony_cicontinue_scanning: 2258c2ecf20Sopenharmony_ci while (cursor) { 2268c2ecf20Sopenharmony_ci key = rb_entry(cursor, struct key, serial_node); 2278c2ecf20Sopenharmony_ci cursor = rb_next(cursor); 2288c2ecf20Sopenharmony_ci 2298c2ecf20Sopenharmony_ci if (refcount_read(&key->usage) == 0) 2308c2ecf20Sopenharmony_ci goto found_unreferenced_key; 2318c2ecf20Sopenharmony_ci 2328c2ecf20Sopenharmony_ci if (unlikely(gc_state & KEY_GC_REAPING_DEAD_1)) { 2338c2ecf20Sopenharmony_ci if (key->type == key_gc_dead_keytype) { 2348c2ecf20Sopenharmony_ci gc_state |= KEY_GC_FOUND_DEAD_KEY; 2358c2ecf20Sopenharmony_ci set_bit(KEY_FLAG_DEAD, &key->flags); 2368c2ecf20Sopenharmony_ci key->perm = 0; 2378c2ecf20Sopenharmony_ci goto skip_dead_key; 2388c2ecf20Sopenharmony_ci } else if (key->type == &key_type_keyring && 2398c2ecf20Sopenharmony_ci key->restrict_link) { 2408c2ecf20Sopenharmony_ci goto found_restricted_keyring; 2418c2ecf20Sopenharmony_ci } 2428c2ecf20Sopenharmony_ci } 2438c2ecf20Sopenharmony_ci 2448c2ecf20Sopenharmony_ci expiry = key->expiry; 2458c2ecf20Sopenharmony_ci if (expiry != TIME64_MAX) { 2468c2ecf20Sopenharmony_ci if (!(key->type->flags & KEY_TYPE_INSTANT_REAP)) 2478c2ecf20Sopenharmony_ci expiry += key_gc_delay; 2488c2ecf20Sopenharmony_ci if (expiry > limit && expiry < new_timer) { 2498c2ecf20Sopenharmony_ci kdebug("will expire %x in %lld", 2508c2ecf20Sopenharmony_ci key_serial(key), key->expiry - limit); 2518c2ecf20Sopenharmony_ci new_timer = key->expiry; 2528c2ecf20Sopenharmony_ci } 2538c2ecf20Sopenharmony_ci } 2548c2ecf20Sopenharmony_ci 2558c2ecf20Sopenharmony_ci if (unlikely(gc_state & KEY_GC_REAPING_DEAD_2)) 2568c2ecf20Sopenharmony_ci if (key->type == key_gc_dead_keytype) 2578c2ecf20Sopenharmony_ci gc_state |= KEY_GC_FOUND_DEAD_KEY; 2588c2ecf20Sopenharmony_ci 2598c2ecf20Sopenharmony_ci if ((gc_state & KEY_GC_REAPING_LINKS) || 2608c2ecf20Sopenharmony_ci unlikely(gc_state & KEY_GC_REAPING_DEAD_2)) { 2618c2ecf20Sopenharmony_ci if (key->type == &key_type_keyring) 2628c2ecf20Sopenharmony_ci goto found_keyring; 2638c2ecf20Sopenharmony_ci } 2648c2ecf20Sopenharmony_ci 2658c2ecf20Sopenharmony_ci if (unlikely(gc_state & KEY_GC_REAPING_DEAD_3)) 2668c2ecf20Sopenharmony_ci if (key->type == key_gc_dead_keytype) 2678c2ecf20Sopenharmony_ci goto destroy_dead_key; 2688c2ecf20Sopenharmony_ci 2698c2ecf20Sopenharmony_ci skip_dead_key: 2708c2ecf20Sopenharmony_ci if (spin_is_contended(&key_serial_lock) || need_resched()) 2718c2ecf20Sopenharmony_ci goto contended; 2728c2ecf20Sopenharmony_ci } 2738c2ecf20Sopenharmony_ci 2748c2ecf20Sopenharmony_cicontended: 2758c2ecf20Sopenharmony_ci spin_unlock(&key_serial_lock); 2768c2ecf20Sopenharmony_ci 2778c2ecf20Sopenharmony_cimaybe_resched: 2788c2ecf20Sopenharmony_ci if (cursor) { 2798c2ecf20Sopenharmony_ci cond_resched(); 2808c2ecf20Sopenharmony_ci spin_lock(&key_serial_lock); 2818c2ecf20Sopenharmony_ci goto continue_scanning; 2828c2ecf20Sopenharmony_ci } 2838c2ecf20Sopenharmony_ci 2848c2ecf20Sopenharmony_ci /* We've completed the pass. Set the timer if we need to and queue a 2858c2ecf20Sopenharmony_ci * new cycle if necessary. We keep executing cycles until we find one 2868c2ecf20Sopenharmony_ci * where we didn't reap any keys. 2878c2ecf20Sopenharmony_ci */ 2888c2ecf20Sopenharmony_ci kdebug("pass complete"); 2898c2ecf20Sopenharmony_ci 2908c2ecf20Sopenharmony_ci if (new_timer != TIME64_MAX) { 2918c2ecf20Sopenharmony_ci new_timer += key_gc_delay; 2928c2ecf20Sopenharmony_ci key_schedule_gc(new_timer); 2938c2ecf20Sopenharmony_ci } 2948c2ecf20Sopenharmony_ci 2958c2ecf20Sopenharmony_ci if (unlikely(gc_state & KEY_GC_REAPING_DEAD_2) || 2968c2ecf20Sopenharmony_ci !list_empty(&graveyard)) { 2978c2ecf20Sopenharmony_ci /* Make sure that all pending keyring payload destructions are 2988c2ecf20Sopenharmony_ci * fulfilled and that people aren't now looking at dead or 2998c2ecf20Sopenharmony_ci * dying keys that they don't have a reference upon or a link 3008c2ecf20Sopenharmony_ci * to. 3018c2ecf20Sopenharmony_ci */ 3028c2ecf20Sopenharmony_ci kdebug("gc sync"); 3038c2ecf20Sopenharmony_ci synchronize_rcu(); 3048c2ecf20Sopenharmony_ci } 3058c2ecf20Sopenharmony_ci 3068c2ecf20Sopenharmony_ci if (!list_empty(&graveyard)) { 3078c2ecf20Sopenharmony_ci kdebug("gc keys"); 3088c2ecf20Sopenharmony_ci key_gc_unused_keys(&graveyard); 3098c2ecf20Sopenharmony_ci } 3108c2ecf20Sopenharmony_ci 3118c2ecf20Sopenharmony_ci if (unlikely(gc_state & (KEY_GC_REAPING_DEAD_1 | 3128c2ecf20Sopenharmony_ci KEY_GC_REAPING_DEAD_2))) { 3138c2ecf20Sopenharmony_ci if (!(gc_state & KEY_GC_FOUND_DEAD_KEY)) { 3148c2ecf20Sopenharmony_ci /* No remaining dead keys: short circuit the remaining 3158c2ecf20Sopenharmony_ci * keytype reap cycles. 3168c2ecf20Sopenharmony_ci */ 3178c2ecf20Sopenharmony_ci kdebug("dead short"); 3188c2ecf20Sopenharmony_ci gc_state &= ~(KEY_GC_REAPING_DEAD_1 | KEY_GC_REAPING_DEAD_2); 3198c2ecf20Sopenharmony_ci gc_state |= KEY_GC_REAPING_DEAD_3; 3208c2ecf20Sopenharmony_ci } else { 3218c2ecf20Sopenharmony_ci gc_state |= KEY_GC_REAP_AGAIN; 3228c2ecf20Sopenharmony_ci } 3238c2ecf20Sopenharmony_ci } 3248c2ecf20Sopenharmony_ci 3258c2ecf20Sopenharmony_ci if (unlikely(gc_state & KEY_GC_REAPING_DEAD_3)) { 3268c2ecf20Sopenharmony_ci kdebug("dead wake"); 3278c2ecf20Sopenharmony_ci smp_mb(); 3288c2ecf20Sopenharmony_ci clear_bit(KEY_GC_REAPING_KEYTYPE, &key_gc_flags); 3298c2ecf20Sopenharmony_ci wake_up_bit(&key_gc_flags, KEY_GC_REAPING_KEYTYPE); 3308c2ecf20Sopenharmony_ci } 3318c2ecf20Sopenharmony_ci 3328c2ecf20Sopenharmony_ci if (gc_state & KEY_GC_REAP_AGAIN) 3338c2ecf20Sopenharmony_ci schedule_work(&key_gc_work); 3348c2ecf20Sopenharmony_ci kleave(" [end %x]", gc_state); 3358c2ecf20Sopenharmony_ci return; 3368c2ecf20Sopenharmony_ci 3378c2ecf20Sopenharmony_ci /* We found an unreferenced key - once we've removed it from the tree, 3388c2ecf20Sopenharmony_ci * we can safely drop the lock. 3398c2ecf20Sopenharmony_ci */ 3408c2ecf20Sopenharmony_cifound_unreferenced_key: 3418c2ecf20Sopenharmony_ci kdebug("unrefd key %d", key->serial); 3428c2ecf20Sopenharmony_ci rb_erase(&key->serial_node, &key_serial_tree); 3438c2ecf20Sopenharmony_ci spin_unlock(&key_serial_lock); 3448c2ecf20Sopenharmony_ci 3458c2ecf20Sopenharmony_ci list_add_tail(&key->graveyard_link, &graveyard); 3468c2ecf20Sopenharmony_ci gc_state |= KEY_GC_REAP_AGAIN; 3478c2ecf20Sopenharmony_ci goto maybe_resched; 3488c2ecf20Sopenharmony_ci 3498c2ecf20Sopenharmony_ci /* We found a restricted keyring and need to update the restriction if 3508c2ecf20Sopenharmony_ci * it is associated with the dead key type. 3518c2ecf20Sopenharmony_ci */ 3528c2ecf20Sopenharmony_cifound_restricted_keyring: 3538c2ecf20Sopenharmony_ci spin_unlock(&key_serial_lock); 3548c2ecf20Sopenharmony_ci keyring_restriction_gc(key, key_gc_dead_keytype); 3558c2ecf20Sopenharmony_ci goto maybe_resched; 3568c2ecf20Sopenharmony_ci 3578c2ecf20Sopenharmony_ci /* We found a keyring and we need to check the payload for links to 3588c2ecf20Sopenharmony_ci * dead or expired keys. We don't flag another reap immediately as we 3598c2ecf20Sopenharmony_ci * have to wait for the old payload to be destroyed by RCU before we 3608c2ecf20Sopenharmony_ci * can reap the keys to which it refers. 3618c2ecf20Sopenharmony_ci */ 3628c2ecf20Sopenharmony_cifound_keyring: 3638c2ecf20Sopenharmony_ci spin_unlock(&key_serial_lock); 3648c2ecf20Sopenharmony_ci keyring_gc(key, limit); 3658c2ecf20Sopenharmony_ci goto maybe_resched; 3668c2ecf20Sopenharmony_ci 3678c2ecf20Sopenharmony_ci /* We found a dead key that is still referenced. Reset its type and 3688c2ecf20Sopenharmony_ci * destroy its payload with its semaphore held. 3698c2ecf20Sopenharmony_ci */ 3708c2ecf20Sopenharmony_cidestroy_dead_key: 3718c2ecf20Sopenharmony_ci spin_unlock(&key_serial_lock); 3728c2ecf20Sopenharmony_ci kdebug("destroy key %d", key->serial); 3738c2ecf20Sopenharmony_ci down_write(&key->sem); 3748c2ecf20Sopenharmony_ci key->type = &key_type_dead; 3758c2ecf20Sopenharmony_ci if (key_gc_dead_keytype->destroy) 3768c2ecf20Sopenharmony_ci key_gc_dead_keytype->destroy(key); 3778c2ecf20Sopenharmony_ci memset(&key->payload, KEY_DESTROY, sizeof(key->payload)); 3788c2ecf20Sopenharmony_ci up_write(&key->sem); 3798c2ecf20Sopenharmony_ci goto maybe_resched; 3808c2ecf20Sopenharmony_ci} 381