1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0
2*4882a593Smuzhiyun /* Use watch_queue API to watch for notifications.
3*4882a593Smuzhiyun *
4*4882a593Smuzhiyun * Copyright (C) 2020 Red Hat, Inc. All Rights Reserved.
5*4882a593Smuzhiyun * Written by David Howells (dhowells@redhat.com)
6*4882a593Smuzhiyun */
7*4882a593Smuzhiyun
8*4882a593Smuzhiyun #define _GNU_SOURCE
9*4882a593Smuzhiyun #include <stdbool.h>
10*4882a593Smuzhiyun #include <stdarg.h>
11*4882a593Smuzhiyun #include <stdio.h>
12*4882a593Smuzhiyun #include <stdlib.h>
13*4882a593Smuzhiyun #include <string.h>
14*4882a593Smuzhiyun #include <signal.h>
15*4882a593Smuzhiyun #include <unistd.h>
16*4882a593Smuzhiyun #include <errno.h>
17*4882a593Smuzhiyun #include <sys/ioctl.h>
18*4882a593Smuzhiyun #include <limits.h>
19*4882a593Smuzhiyun #include <linux/watch_queue.h>
20*4882a593Smuzhiyun #include <linux/unistd.h>
21*4882a593Smuzhiyun #include <linux/keyctl.h>
22*4882a593Smuzhiyun
23*4882a593Smuzhiyun #ifndef KEYCTL_WATCH_KEY
24*4882a593Smuzhiyun #define KEYCTL_WATCH_KEY -1
25*4882a593Smuzhiyun #endif
26*4882a593Smuzhiyun #ifndef __NR_keyctl
27*4882a593Smuzhiyun #define __NR_keyctl -1
28*4882a593Smuzhiyun #endif
29*4882a593Smuzhiyun
30*4882a593Smuzhiyun #define BUF_SIZE 256
31*4882a593Smuzhiyun
keyctl_watch_key(int key,int watch_fd,int watch_id)32*4882a593Smuzhiyun static long keyctl_watch_key(int key, int watch_fd, int watch_id)
33*4882a593Smuzhiyun {
34*4882a593Smuzhiyun return syscall(__NR_keyctl, KEYCTL_WATCH_KEY, key, watch_fd, watch_id);
35*4882a593Smuzhiyun }
36*4882a593Smuzhiyun
37*4882a593Smuzhiyun static const char *key_subtypes[256] = {
38*4882a593Smuzhiyun [NOTIFY_KEY_INSTANTIATED] = "instantiated",
39*4882a593Smuzhiyun [NOTIFY_KEY_UPDATED] = "updated",
40*4882a593Smuzhiyun [NOTIFY_KEY_LINKED] = "linked",
41*4882a593Smuzhiyun [NOTIFY_KEY_UNLINKED] = "unlinked",
42*4882a593Smuzhiyun [NOTIFY_KEY_CLEARED] = "cleared",
43*4882a593Smuzhiyun [NOTIFY_KEY_REVOKED] = "revoked",
44*4882a593Smuzhiyun [NOTIFY_KEY_INVALIDATED] = "invalidated",
45*4882a593Smuzhiyun [NOTIFY_KEY_SETATTR] = "setattr",
46*4882a593Smuzhiyun };
47*4882a593Smuzhiyun
saw_key_change(struct watch_notification * n,size_t len)48*4882a593Smuzhiyun static void saw_key_change(struct watch_notification *n, size_t len)
49*4882a593Smuzhiyun {
50*4882a593Smuzhiyun struct key_notification *k = (struct key_notification *)n;
51*4882a593Smuzhiyun
52*4882a593Smuzhiyun if (len != sizeof(struct key_notification)) {
53*4882a593Smuzhiyun fprintf(stderr, "Incorrect key message length\n");
54*4882a593Smuzhiyun return;
55*4882a593Smuzhiyun }
56*4882a593Smuzhiyun
57*4882a593Smuzhiyun printf("KEY %08x change=%u[%s] aux=%u\n",
58*4882a593Smuzhiyun k->key_id, n->subtype, key_subtypes[n->subtype], k->aux);
59*4882a593Smuzhiyun }
60*4882a593Smuzhiyun
61*4882a593Smuzhiyun /*
62*4882a593Smuzhiyun * Consume and display events.
63*4882a593Smuzhiyun */
consumer(int fd)64*4882a593Smuzhiyun static void consumer(int fd)
65*4882a593Smuzhiyun {
66*4882a593Smuzhiyun unsigned char buffer[433], *p, *end;
67*4882a593Smuzhiyun union {
68*4882a593Smuzhiyun struct watch_notification n;
69*4882a593Smuzhiyun unsigned char buf1[128];
70*4882a593Smuzhiyun } n;
71*4882a593Smuzhiyun ssize_t buf_len;
72*4882a593Smuzhiyun
73*4882a593Smuzhiyun for (;;) {
74*4882a593Smuzhiyun buf_len = read(fd, buffer, sizeof(buffer));
75*4882a593Smuzhiyun if (buf_len == -1) {
76*4882a593Smuzhiyun perror("read");
77*4882a593Smuzhiyun exit(1);
78*4882a593Smuzhiyun }
79*4882a593Smuzhiyun
80*4882a593Smuzhiyun if (buf_len == 0) {
81*4882a593Smuzhiyun printf("-- END --\n");
82*4882a593Smuzhiyun return;
83*4882a593Smuzhiyun }
84*4882a593Smuzhiyun
85*4882a593Smuzhiyun if (buf_len > sizeof(buffer)) {
86*4882a593Smuzhiyun fprintf(stderr, "Read buffer overrun: %zd\n", buf_len);
87*4882a593Smuzhiyun return;
88*4882a593Smuzhiyun }
89*4882a593Smuzhiyun
90*4882a593Smuzhiyun printf("read() = %zd\n", buf_len);
91*4882a593Smuzhiyun
92*4882a593Smuzhiyun p = buffer;
93*4882a593Smuzhiyun end = buffer + buf_len;
94*4882a593Smuzhiyun while (p < end) {
95*4882a593Smuzhiyun size_t largest, len;
96*4882a593Smuzhiyun
97*4882a593Smuzhiyun largest = end - p;
98*4882a593Smuzhiyun if (largest > 128)
99*4882a593Smuzhiyun largest = 128;
100*4882a593Smuzhiyun if (largest < sizeof(struct watch_notification)) {
101*4882a593Smuzhiyun fprintf(stderr, "Short message header: %zu\n", largest);
102*4882a593Smuzhiyun return;
103*4882a593Smuzhiyun }
104*4882a593Smuzhiyun memcpy(&n, p, largest);
105*4882a593Smuzhiyun
106*4882a593Smuzhiyun printf("NOTIFY[%03zx]: ty=%06x sy=%02x i=%08x\n",
107*4882a593Smuzhiyun p - buffer, n.n.type, n.n.subtype, n.n.info);
108*4882a593Smuzhiyun
109*4882a593Smuzhiyun len = n.n.info & WATCH_INFO_LENGTH;
110*4882a593Smuzhiyun if (len < sizeof(n.n) || len > largest) {
111*4882a593Smuzhiyun fprintf(stderr, "Bad message length: %zu/%zu\n", len, largest);
112*4882a593Smuzhiyun exit(1);
113*4882a593Smuzhiyun }
114*4882a593Smuzhiyun
115*4882a593Smuzhiyun switch (n.n.type) {
116*4882a593Smuzhiyun case WATCH_TYPE_META:
117*4882a593Smuzhiyun switch (n.n.subtype) {
118*4882a593Smuzhiyun case WATCH_META_REMOVAL_NOTIFICATION:
119*4882a593Smuzhiyun printf("REMOVAL of watchpoint %08x\n",
120*4882a593Smuzhiyun (n.n.info & WATCH_INFO_ID) >>
121*4882a593Smuzhiyun WATCH_INFO_ID__SHIFT);
122*4882a593Smuzhiyun break;
123*4882a593Smuzhiyun case WATCH_META_LOSS_NOTIFICATION:
124*4882a593Smuzhiyun printf("-- LOSS --\n");
125*4882a593Smuzhiyun break;
126*4882a593Smuzhiyun default:
127*4882a593Smuzhiyun printf("other meta record\n");
128*4882a593Smuzhiyun break;
129*4882a593Smuzhiyun }
130*4882a593Smuzhiyun break;
131*4882a593Smuzhiyun case WATCH_TYPE_KEY_NOTIFY:
132*4882a593Smuzhiyun saw_key_change(&n.n, len);
133*4882a593Smuzhiyun break;
134*4882a593Smuzhiyun default:
135*4882a593Smuzhiyun printf("other type\n");
136*4882a593Smuzhiyun break;
137*4882a593Smuzhiyun }
138*4882a593Smuzhiyun
139*4882a593Smuzhiyun p += len;
140*4882a593Smuzhiyun }
141*4882a593Smuzhiyun }
142*4882a593Smuzhiyun }
143*4882a593Smuzhiyun
144*4882a593Smuzhiyun static struct watch_notification_filter filter = {
145*4882a593Smuzhiyun .nr_filters = 1,
146*4882a593Smuzhiyun .filters = {
147*4882a593Smuzhiyun [0] = {
148*4882a593Smuzhiyun .type = WATCH_TYPE_KEY_NOTIFY,
149*4882a593Smuzhiyun .subtype_filter[0] = UINT_MAX,
150*4882a593Smuzhiyun },
151*4882a593Smuzhiyun },
152*4882a593Smuzhiyun };
153*4882a593Smuzhiyun
main(int argc,char ** argv)154*4882a593Smuzhiyun int main(int argc, char **argv)
155*4882a593Smuzhiyun {
156*4882a593Smuzhiyun int pipefd[2], fd;
157*4882a593Smuzhiyun
158*4882a593Smuzhiyun if (pipe2(pipefd, O_NOTIFICATION_PIPE) == -1) {
159*4882a593Smuzhiyun perror("pipe2");
160*4882a593Smuzhiyun exit(1);
161*4882a593Smuzhiyun }
162*4882a593Smuzhiyun fd = pipefd[0];
163*4882a593Smuzhiyun
164*4882a593Smuzhiyun if (ioctl(fd, IOC_WATCH_QUEUE_SET_SIZE, BUF_SIZE) == -1) {
165*4882a593Smuzhiyun perror("watch_queue(size)");
166*4882a593Smuzhiyun exit(1);
167*4882a593Smuzhiyun }
168*4882a593Smuzhiyun
169*4882a593Smuzhiyun if (ioctl(fd, IOC_WATCH_QUEUE_SET_FILTER, &filter) == -1) {
170*4882a593Smuzhiyun perror("watch_queue(filter)");
171*4882a593Smuzhiyun exit(1);
172*4882a593Smuzhiyun }
173*4882a593Smuzhiyun
174*4882a593Smuzhiyun if (keyctl_watch_key(KEY_SPEC_SESSION_KEYRING, fd, 0x01) == -1) {
175*4882a593Smuzhiyun perror("keyctl");
176*4882a593Smuzhiyun exit(1);
177*4882a593Smuzhiyun }
178*4882a593Smuzhiyun
179*4882a593Smuzhiyun if (keyctl_watch_key(KEY_SPEC_USER_KEYRING, fd, 0x02) == -1) {
180*4882a593Smuzhiyun perror("keyctl");
181*4882a593Smuzhiyun exit(1);
182*4882a593Smuzhiyun }
183*4882a593Smuzhiyun
184*4882a593Smuzhiyun consumer(fd);
185*4882a593Smuzhiyun exit(0);
186*4882a593Smuzhiyun }
187