security/keys/keyring.c
Source file repositories/reference/linux-study-clean/security/keys/keyring.c
File Facts
- System
- Linux kernel
- Corpus path
security/keys/keyring.c- Extension
.c- Size
- 48918 bytes
- Lines
- 1799
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: exported/initcall integration point
- Status
- integration implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Exports symbols or registers init work; inspect boot/module ordering and who consumes the exported contract.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/export.hlinux/init.hlinux/sched.hlinux/slab.hlinux/security.hlinux/seq_file.hlinux/err.hlinux/user_namespace.hlinux/nsproxy.hkeys/keyring-type.hkeys/user-type.hlinux/assoc_array_priv.hlinux/uaccess.hnet/net_namespace.hinternal.h
Detected Declarations
struct keyring_read_iterator_contextfunction Copyrightfunction key_free_user_nsfunction namefunction keyring_preparsefunction keyring_free_preparsefunction mult_64x32_and_foldfunction hash_key_type_and_descfunction key_set_index_keyfunction key_put_tagfunction key_remove_domainfunction keyring_get_key_chunkfunction keyring_get_object_key_chunkfunction keyring_compare_objectfunction keyring_diff_objectsfunction keyring_free_objectfunction key_putfunction keyring_describefunction keyring_read_iteratorfunction keyring_readfunction key_instantiate_and_linkfunction key_default_cmpfunction keyring_search_iteratorfunction key_task_permissionfunction search_keyringfunction search_nested_keyringsfunction keyring_compare_objectfunction keyring_search_rcufunction keyring_search_rcufunction keyring_detect_restriction_cyclefunction keyring_restrictfunction find_key_to_updatefunction keyring_detect_cycle_iteratorfunction levelfunction __key_link_lockfunction movefunction __key_link_beginfunction __key_link_beginfunction __key_link_beginfunction __key_link_beginfunction __key_link_check_restrictionfunction madefunction __key_unlink_lockfunction __key_unlink_beginfunction __key_unlinkfunction __key_unlink_endfunction key_unlinkfunction made
Annotated Snippet
struct keyring_read_iterator_context {
size_t buflen;
size_t count;
key_serial_t *buffer;
};
static int keyring_read_iterator(const void *object, void *data)
{
struct keyring_read_iterator_context *ctx = data;
const struct key *key = keyring_ptr_to_key(object);
kenter("{%s,%d},,{%zu/%zu}",
key->type->name, key->serial, ctx->count, ctx->buflen);
if (ctx->count >= ctx->buflen)
return 1;
*ctx->buffer++ = key->serial;
ctx->count += sizeof(key->serial);
return 0;
}
/*
* Read a list of key IDs from the keyring's contents in binary form
*
* The keyring's semaphore is read-locked by the caller. This prevents someone
* from modifying it under us - which could cause us to read key IDs multiple
* times.
*/
static long keyring_read(const struct key *keyring,
char *buffer, size_t buflen)
{
struct keyring_read_iterator_context ctx;
long ret;
kenter("{%d},,%zu", key_serial(keyring), buflen);
if (buflen & (sizeof(key_serial_t) - 1))
return -EINVAL;
/* Copy as many key IDs as fit into the buffer */
if (buffer && buflen) {
ctx.buffer = (key_serial_t *)buffer;
ctx.buflen = buflen;
ctx.count = 0;
ret = assoc_array_iterate(&keyring->keys,
keyring_read_iterator, &ctx);
if (ret < 0) {
kleave(" = %ld [iterate]", ret);
return ret;
}
}
/* Return the size of the buffer needed */
ret = keyring->keys.nr_leaves_on_tree * sizeof(key_serial_t);
if (ret <= buflen)
kleave("= %ld [ok]", ret);
else
kleave("= %ld [buffer too small]", ret);
return ret;
}
/*
* Allocate a keyring and link into the destination keyring.
*/
struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
const struct cred *cred, key_perm_t perm,
unsigned long flags,
struct key_restriction *restrict_link,
struct key *dest)
{
struct key *keyring;
int ret;
keyring = key_alloc(&key_type_keyring, description,
uid, gid, cred, perm, flags, restrict_link);
if (!IS_ERR(keyring)) {
ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);
if (ret < 0) {
key_put(keyring);
keyring = ERR_PTR(ret);
}
}
return keyring;
}
EXPORT_SYMBOL(keyring_alloc);
/**
* restrict_link_reject - Give -EPERM to restrict link
Annotation
- Immediate include surface: `linux/export.h`, `linux/init.h`, `linux/sched.h`, `linux/slab.h`, `linux/security.h`, `linux/seq_file.h`, `linux/err.h`, `linux/user_namespace.h`.
- Detected declarations: `struct keyring_read_iterator_context`, `function Copyright`, `function key_free_user_ns`, `function name`, `function keyring_preparse`, `function keyring_free_preparse`, `function mult_64x32_and_fold`, `function hash_key_type_and_desc`, `function key_set_index_key`, `function key_put_tag`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: integration implementation candidate.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.