Drop limit checking

5 files changed, 4 insertions, 282 deletions

diff --git a/Makefile b/Makefile
index 9631ebe..88921f0 100644
--- a/Makefile
+++ b/Makefile
@@ -70,8 +70,7 @@ TOMCRYPT_OBJECTS = libtomcrypt/misc/zeromem.o libtomcrypt/misc/crypt/crypt_argch
 	libtomcrypt/pk/asn1/der/x509/der_decode_subject_public_key_info.o
 
 cryptodev-objs = cryptodev_main.o cryptodev_cipher.o ncr.o \
-	ncr-key.o ncr-limits.o  ncr-sessions.o \
-	ncr-key-storage.o utils.o ncr-key-wrap.o
+	ncr-key.o ncr-sessions.o ncr-key-storage.o utils.o ncr-key-wrap.o
 
 obj-m += cryptodev.o
 
diff --git a/cryptodev_main.c b/cryptodev_main.c
index d932ea9..4b86e84 100644
--- a/cryptodev_main.c
+++ b/cryptodev_main.c
@@ -433,12 +433,11 @@ static int __init cryptodev_register(void)
 {
 	int rc;
 
-	ncr_limits_init();
 	ncr_master_key_reset();
 
 	rc = proto_register(&alg_proto, 1);
 	if (unlikely(rc != 0))
-		goto err_limits;
+		goto err;
 
 	rc = sock_register(&alg_pf);
 	if (unlikely(rc != 0))
@@ -448,8 +447,7 @@ static int __init cryptodev_register(void)
 
 err_proto:
 	proto_unregister(&alg_proto);
-err_limits:
-	ncr_limits_deinit();
+err:
 	printk(KERN_ERR PFX "registration of /dev/crypto failed\n");
 	return rc;
 }
@@ -458,7 +456,6 @@ static void __exit cryptodev_deregister(void)
 {
 	sock_unregister(PF_ALG);
 	proto_unregister(&alg_proto);
-	ncr_limits_deinit();
 }
 
 /* ====== Module init/exit ====== */
diff --git a/ncr-int.h b/ncr-int.h
index fd508d0..94ae0f9 100644
--- a/ncr-int.h
+++ b/ncr-int.h
@@ -164,16 +164,6 @@ int ncr_key_item_get_write(struct key_item_st **st,
 			   struct ncr_lists *lst, ncr_key_t desc);
 void _ncr_key_item_put(struct key_item_st *item);
 
-typedef enum {
-	LIMIT_TYPE_KEY,
-	NUM_LIMIT_TYPES
-} limits_type_t;
-
-void ncr_limits_remove(uid_t uid, pid_t pid, limits_type_t type);
-int ncr_limits_add_and_check(uid_t uid, pid_t pid, limits_type_t type);
-void ncr_limits_init(void);
-void ncr_limits_deinit(void);
-
 #ifdef CONFIG_CRYPTO_USERSPACE_ASYMMETRIC
 int ncr_key_wrap(struct ncr_lists *lst, const struct ncr_key_wrap *wrap,
 		 struct nlattr *tb[]);
diff --git a/ncr-key.c b/ncr-key.c
index 5e05eb8..37e9a29 100644
--- a/ncr-key.c
+++ b/ncr-key.c
@@ -130,7 +130,6 @@ void _ncr_key_item_put(struct key_item_st *item)
 	if (atomic_read(&item->writer) > 0)
 		atomic_dec(&item->writer);
 	if (atomic_dec_and_test(&item->refcnt)) {
-		ncr_limits_remove(item->uid, item->pid, LIMIT_TYPE_KEY);
 		ncr_key_clear(item);
 		kfree(item);
 	}
@@ -154,21 +153,11 @@ int ncr_key_init(struct ncr_lists *lst)
 {
 	ncr_key_t desc;
 	struct key_item_st *key;
-	int ret;
-
-	ret =
-	    ncr_limits_add_and_check(current_euid(), task_pid_nr(current),
-				     LIMIT_TYPE_KEY);
-	if (ret < 0) {
-		err();
-		return ret;
-	}
 
 	key = kmalloc(sizeof(*key), GFP_KERNEL);
 	if (key == NULL) {
 		err();
-		ret = -ENOMEM;
-		goto err_limits;
+		return -ENOMEM;
 	}
 
 	memset(key, 0, sizeof(*key));
@@ -192,10 +181,6 @@ int ncr_key_init(struct ncr_lists *lst)
 	mutex_unlock(&lst->key_idr_mutex);
 
 	return desc;
-
-err_limits:
-	ncr_limits_remove(current_euid(), task_pid_nr(current), LIMIT_TYPE_KEY);
-	return ret;
 }
 
 int ncr_key_deinit(struct ncr_lists *lst, ncr_key_t desc)
diff --git a/ncr-limits.c b/ncr-limits.c
deleted file mode 100644
index cd2a420..0000000
--- a/ncr-limits.c
+++ /dev/null
@@ -1,249 +0,0 @@
-/*
- * New driver for /dev/crypto device (aka CryptoDev)
-
- * Copyright (c) 2010 Katholieke Universiteit Leuven
- *
- * Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
- *
- * This file is part of linux cryptodev.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- * 
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- */
-
-#include <linux/hash.h>
-#include <linux/mutex.h>
-#include <linux/types.h>
-#include <linux/mm.h>
-#include <linux/slab.h>
-#include <linux/highmem.h>
-#include <linux/random.h>
-#include <asm/atomic.h>
-#include <linux/version.h>
-#include <linux/file.h>
-#include <linux/cred.h>
-#include "ncr.h"
-#include "ncr-int.h"
-
-/* arbitrary now */
-static unsigned int max_per_user[] = {
-	[LIMIT_TYPE_KEY] = 128,
-};
-
-static unsigned int max_per_process[] = {
-	[LIMIT_TYPE_KEY] = 64,
-};
-
-struct limit_user_item_st {
-	struct hlist_node hlist;
-	uid_t uid;
-	atomic_t cnt[NUM_LIMIT_TYPES];
-};
-
-struct limit_process_item_st {
-	struct hlist_node hlist;
-	pid_t pid;
-	atomic_t cnt[NUM_LIMIT_TYPES];
-};
-
-static struct mutex user_limit_mutex;
-#define USER_LIMIT_HASH_BITS 7
-#define USER_LIMIT_TABLE_SIZE (1 << USER_LIMIT_HASH_BITS)
-static struct hlist_head user_limit_table[USER_LIMIT_TABLE_SIZE];
-
-static struct hlist_head *user_limit_hash(uid_t uid)
-{
-	return &user_limit_table[hash_long(uid, USER_LIMIT_HASH_BITS)];
-}
-
-static struct mutex process_limit_mutex;
-#define PROCESS_LIMIT_HASH_BITS 9
-#define PROCESS_LIMIT_TABLE_SIZE (1 << PROCESS_LIMIT_HASH_BITS)
-static struct hlist_head process_limit_table[PROCESS_LIMIT_TABLE_SIZE];
-
-static struct hlist_head *process_limit_hash(pid_t pid)
-{
-	return &process_limit_table[hash_long(pid, PROCESS_LIMIT_HASH_BITS)];
-}
-
-void ncr_limits_init(void)
-{
-	size_t i;
-
-	mutex_init(&user_limit_mutex);
-	for (i = 0; i < USER_LIMIT_TABLE_SIZE; i++)
-		INIT_HLIST_HEAD(&user_limit_table[i]);
-
-	mutex_init(&process_limit_mutex);
-	for (i = 0; i < PROCESS_LIMIT_TABLE_SIZE; i++)
-		INIT_HLIST_HEAD(&process_limit_table[i]);
-}
-
-void ncr_limits_deinit(void)
-{
-	struct limit_process_item_st *pitem;
-	struct limit_user_item_st *uitem;
-	struct hlist_node *pos, *tmp;
-	size_t i;
-
-	mutex_lock(&user_limit_mutex);
-	for (i = 0; i < USER_LIMIT_TABLE_SIZE; i++) {
-		hlist_for_each_entry_safe(uitem, pos, tmp, &user_limit_table[i],
-					  hlist) {
-			hlist_del(&uitem->hlist);
-			kfree(uitem);
-		}
-	}
-	mutex_unlock(&user_limit_mutex);
-
-	mutex_lock(&process_limit_mutex);
-	for (i = 0; i < PROCESS_LIMIT_TABLE_SIZE; i++) {
-		hlist_for_each_entry_safe(pitem, pos, tmp,
-					  &process_limit_table[i], hlist) {
-			hlist_del(&pitem->hlist);
-			kfree(pitem);
-		}
-	}
-	mutex_unlock(&process_limit_mutex);
-
-}
-
-int ncr_limits_add_and_check(uid_t uid, pid_t pid, limits_type_t type)
-{
-	struct limit_process_item_st *pitem;
-	struct limit_user_item_st *uitem;
-	struct hlist_head *user_head, *process_head;
-	struct hlist_node *pos;
-	int add = 1;
-	int ret;
-	BUG_ON(type >= NUM_LIMIT_TYPES);
-
-	user_head = user_limit_hash(uid);
-	mutex_lock(&user_limit_mutex);
-	hlist_for_each_entry(uitem, pos, user_head, hlist) {
-		if (uitem->uid == uid) {
-			add = 0;
-
-			if (atomic_add_unless
-			    (&uitem->cnt[type], 1, max_per_user[type]) == 0) {
-				err();
-				mutex_unlock(&user_limit_mutex);
-				return -EPERM;
-			}
-			break;
-		}
-	}
-
-	if (add) {
-		size_t i;
-
-		uitem = kmalloc(sizeof(*uitem), GFP_KERNEL);
-		if (uitem == NULL) {
-			err();
-			mutex_unlock(&user_limit_mutex);
-			return -ENOMEM;
-		}
-		uitem->uid = uid;
-		for (i = 0; i < NUM_LIMIT_TYPES; i++)
-			atomic_set(&uitem->cnt[i], 0);
-		atomic_set(&uitem->cnt[type], 1);
-
-		hlist_add_head(&uitem->hlist, user_head);
-	}
-	mutex_unlock(&user_limit_mutex);
-
-	add = 1;
-	/* check process limits */
-	process_head = process_limit_hash(uid);
-	mutex_lock(&process_limit_mutex);
-	hlist_for_each_entry(pitem, pos, process_head, hlist) {
-		if (pitem->pid == pid) {
-			add = 0;
-			if (atomic_add_unless
-			    (&pitem->cnt[type], 1,
-			     max_per_process[type]) == 0) {
-				err();
-				mutex_unlock(&process_limit_mutex);
-
-				ret = -EPERM;
-				goto restore_user;
-			}
-			break;
-		}
-	}
-
-	if (add) {
-		size_t i;
-
-		pitem = kmalloc(sizeof(*pitem), GFP_KERNEL);
-		if (pitem == NULL) {
-			err();
-			mutex_unlock(&process_limit_mutex);
-			ret = -ENOMEM;
-			goto restore_user;
-		}
-		pitem->pid = pid;
-		for (i = 0; i < NUM_LIMIT_TYPES; i++)
-			atomic_set(&pitem->cnt[i], 0);
-		atomic_set(&pitem->cnt[type], 1);
-
-		hlist_add_head(&pitem->hlist, process_head);
-	}
-	mutex_unlock(&process_limit_mutex);
-
-	return 0;
-
-restore_user:
-	mutex_lock(&user_limit_mutex);
-	hlist_for_each_entry(uitem, pos, user_head, hlist) {
-		if (uitem->uid == uid) {
-			atomic_dec(&uitem->cnt[type]);
-			break;
-		}
-	}
-	mutex_unlock(&user_limit_mutex);
-	return ret;
-}
-
-void ncr_limits_remove(uid_t uid, pid_t pid, limits_type_t type)
-{
-	struct limit_process_item_st *pitem;
-	struct limit_user_item_st *uitem;
-	struct hlist_head *hhead;
-	struct hlist_node *pos;
-
-	BUG_ON(type >= NUM_LIMIT_TYPES);
-	hhead = user_limit_hash(uid);
-	mutex_lock(&user_limit_mutex);
-	hlist_for_each_entry(uitem, pos, hhead, hlist) {
-		if (uitem->uid == uid) {
-			atomic_dec(&uitem->cnt[type]);
-			break;
-		}
-	}
-	mutex_unlock(&user_limit_mutex);
-
-	/* check process limits */
-	hhead = process_limit_hash(uid);
-	mutex_lock(&process_limit_mutex);
-	hlist_for_each_entry(pitem, pos, hhead, hlist) {
-		if (pitem->pid == pid) {
-			atomic_dec(&pitem->cnt[type]);
-			break;
-		}
-	}
-	mutex_unlock(&process_limit_mutex);
-
-	return;
-}