security: keys: Replace time_t/timespec with time64_t

#include <linux/atomic.h>

#include <linux/assoc_array.h>

#include <linux/refcount.h>

#include <linux/time64.h>

#ifdef __KERNEL__

#include <linux/uidgid.h>

	struct key_user		*user;		/* owner of this key */

	void			*security;	/* security data for this key */

	union {

		time_t		expiry;		/* time at which key expires (or 0) */

		time_t		revoked_at;	/* time at which key was revoked */

		time64_t	expiry;		/* time at which key expires (or 0) */

		time64_t	revoked_at;	/* time at which key was revoked */

	};

	time_t			last_used_at;	/* last time used for LRU keyring discard */

	time64_t		last_used_at;	/* last time used for LRU keyring discard */

	kuid_t			uid;

	kgid_t			gid;

	key_perm_t		perm;		/* access permissions */

static void key_gc_timer_func(unsigned long);

static DEFINE_TIMER(key_gc_timer, key_gc_timer_func);

static time_t key_gc_next_run = LONG_MAX;

static time64_t key_gc_next_run = TIME64_MAX;

static struct key_type *key_gc_dead_keytype;

static unsigned long key_gc_flags;

 * Schedule a garbage collection run.

 * - time precision isn't particularly important

 */

void key_schedule_gc(time_t gc_at)

void key_schedule_gc(time64_t gc_at)

{

	unsigned long expires;

	time_t now = current_kernel_time().tv_sec;

	time64_t now = ktime_get_real_seconds();

	kenter("%ld", gc_at - now);

	kenter("%lld", gc_at - now);

	if (gc_at <= now || test_bit(KEY_GC_REAP_KEYTYPE, &key_gc_flags)) {

		kdebug("IMMEDIATE");

static void key_gc_timer_func(unsigned long data)

{

	kenter("");

	key_gc_next_run = LONG_MAX;

	key_gc_next_run = TIME64_MAX;

	key_schedule_gc_links();

}

	struct rb_node *cursor;

	struct key *key;

	time_t new_timer, limit;

	time64_t new_timer, limit;

	kenter("[%lx,%x]", key_gc_flags, gc_state);

	limit = current_kernel_time().tv_sec;

	limit = ktime_get_real_seconds();

	if (limit > key_gc_delay)

		limit -= key_gc_delay;

	else

		gc_state |= KEY_GC_REAPING_DEAD_1;

	kdebug("new pass %x", gc_state);

	new_timer = LONG_MAX;

	new_timer = TIME64_MAX;

	/* As only this function is permitted to remove things from the key

	 * serial tree, if cursor is non-NULL then it will always point to a

		if (gc_state & KEY_GC_SET_TIMER) {

			if (key->expiry > limit && key->expiry < new_timer) {

				kdebug("will expire %x in %ld",

				kdebug("will expire %x in %lld",

				       key_serial(key), key->expiry - limit);

				new_timer = key->expiry;

			}

	 */

	kdebug("pass complete");

	if (gc_state & KEY_GC_SET_TIMER && new_timer != (time_t)LONG_MAX) {

	if (gc_state & KEY_GC_SET_TIMER && new_timer != (time64_t)TIME64_MAX) {

		new_timer += key_gc_delay;

		key_schedule_gc(new_timer);

	}

	int			skipped_ret;

	bool			possessed;

	key_ref_t		result;

	struct timespec		now;

	time64_t		now;

};

extern bool key_default_cmp(const struct key *key,

extern struct work_struct key_gc_work;

extern unsigned key_gc_delay;

extern void keyring_gc(struct key *keyring, time_t limit);

extern void keyring_gc(struct key *keyring, time64_t limit);

extern void keyring_restriction_gc(struct key *keyring,

				   struct key_type *dead_type);

extern void key_schedule_gc(time_t gc_at);

extern void key_schedule_gc(time64_t gc_at);

extern void key_schedule_gc_links(void);

extern void key_gc_keytype(struct key_type *ktype);

/*

 * Determine whether a key is dead.

 */

static inline bool key_is_dead(const struct key *key, time_t limit)

static inline bool key_is_dead(const struct key *key, time64_t limit)

{

	return

		key->flags & ((1 << KEY_FLAG_DEAD) |

			struct key *authkey)

{

	struct assoc_array_edit *edit;

	struct timespec now;

	int ret, awaken, link_ret = 0;

	key_check(key);

		/* mark the key as being negatively instantiated */

		atomic_inc(&key->user->nikeys);

		mark_key_instantiated(key, -error);

		now = current_kernel_time();

		key->expiry = now.tv_sec + timeout;

		key->expiry = ktime_get_real_seconds() + timeout;

		key_schedule_gc(key->expiry + key_gc_delay);

		if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags))

void key_set_timeout(struct key *key, unsigned timeout)

{

	struct timespec now;

	time_t expiry = 0;

	time64_t expiry = 0;

	/* make the changes with the locks held to prevent races */

	down_write(&key->sem);

	if (timeout > 0) {

		now = current_kernel_time();

		expiry = now.tv_sec + timeout;

	}

	if (timeout > 0)

		expiry = ktime_get_real_seconds() + timeout;

	key->expiry = expiry;

	key_schedule_gc(key->expiry + key_gc_delay);

 */

void key_revoke(struct key *key)

{

	struct timespec now;

	time_t time;

	time64_t time;

	key_check(key);

		key->type->revoke(key);

	/* set the death time to no more than the expiry time */

	now = current_kernel_time();

	time = now.tv_sec;

	time = ktime_get_real_seconds();

	if (key->revoked_at == 0 || key->revoked_at > time) {

		key->revoked_at = time;

		key_schedule_gc(key->revoked_at + key_gc_delay);

	/* skip invalidated, revoked and expired keys */

	if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) {

		time_t expiry = READ_ONCE(key->expiry);

		time64_t expiry = READ_ONCE(key->expiry);

		if (kflags & ((1 << KEY_FLAG_INVALIDATED) |

			      (1 << KEY_FLAG_REVOKED))) {

			goto skipped;

		}

		if (expiry && ctx->now.tv_sec >= expiry) {

		if (expiry && ctx->now >= expiry) {

			if (!(ctx->flags & KEYRING_SEARCH_SKIP_EXPIRED))

				ctx->result = ERR_PTR(-EKEYEXPIRED);

			kleave(" = %d [expire]", ctx->skipped_ret);

	key = key_ref_to_ptr(ctx->result);

	key_check(key);

	if (!(ctx->flags & KEYRING_SEARCH_NO_UPDATE_TIME)) {

		key->last_used_at = ctx->now.tv_sec;

		keyring->last_used_at = ctx->now.tv_sec;

		key->last_used_at = ctx->now;

		keyring->last_used_at = ctx->now;

		while (sp > 0)

			stack[--sp].keyring->last_used_at = ctx->now.tv_sec;

			stack[--sp].keyring->last_used_at = ctx->now;

	}

	kleave(" = true");

	return true;

	}

	rcu_read_lock();

	ctx->now = current_kernel_time();

	ctx->now = ktime_get_real_seconds();

	if (search_nested_keyrings(keyring, ctx))

		__key_get(key_ref_to_ptr(ctx->result));

	rcu_read_unlock();

			 * (ie. it has a zero usage count) */

			if (!refcount_inc_not_zero(&keyring->usage))

				continue;

			keyring->last_used_at = current_kernel_time().tv_sec;

			keyring->last_used_at = ktime_get_real_seconds();

			goto out;

		}

	}

static bool keyring_gc_select_iterator(void *object, void *iterator_data)

{

	struct key *key = keyring_ptr_to_key(object);

	time_t *limit = iterator_data;

	time64_t *limit = iterator_data;

	if (key_is_dead(key, *limit))

		return false;

static int keyring_gc_check_iterator(const void *object, void *iterator_data)

{

	const struct key *key = keyring_ptr_to_key(object);

	time_t *limit = iterator_data;

	time64_t *limit = iterator_data;

	key_check(key);

	return key_is_dead(key, *limit);

 * Not called with any locks held.  The keyring's key struct will not be

 * deallocated under us as only our caller may deallocate it.

 */

void keyring_gc(struct key *keyring, time_t limit)

void keyring_gc(struct key *keyring, time64_t limit)

{

	int result;