1
// SPDX-License-Identifier: GPL-2.0
2
/*
3
 * Filesystem-level keyring for fscrypt
4
 *
5
 * Copyright 2019 Google LLC
6
 */
7

8
/*
9
 * This file implements management of fscrypt master keys in the
10
 * filesystem-level keyring, including the ioctls:
11
 *
12
 * - FS_IOC_ADD_ENCRYPTION_KEY
13
 * - FS_IOC_REMOVE_ENCRYPTION_KEY
14
 * - FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS
15
 * - FS_IOC_GET_ENCRYPTION_KEY_STATUS
16
 *
17
 * See the "User API" section of Documentation/filesystems/fscrypt.rst for more
18
 * information about these ioctls.
19
 */
20

21
#include <crypto/skcipher.h>
22
#include <linux/export.h>
23
#include <linux/key-type.h>
24
#include <linux/once.h>
25
#include <linux/random.h>
26
#include <linux/seq_file.h>
27
#include <linux/unaligned.h>
28

29
#include "fscrypt_private.h"
30

31
/* The master encryption keys for a filesystem (->s_master_keys) */
32
struct fscrypt_keyring {
33
	/*
34
	 * Lock that protects ->key_hashtable.  It does *not* protect the
35
	 * fscrypt_master_key structs themselves.
36
	 */
37
	spinlock_t lock;
38

39
	/* Hash table that maps fscrypt_key_specifier to fscrypt_master_key */
40
	struct hlist_head key_hashtable[128];
41
};
42

43
static void wipe_master_key_secret(struct fscrypt_master_key_secret *secret)
44
{
45
	memzero_explicit(secret, sizeof(*secret));
46
}
47

48
static void move_master_key_secret(struct fscrypt_master_key_secret *dst,
49
				   struct fscrypt_master_key_secret *src)
50
{
51
	memcpy(dst, src, sizeof(*dst));
52
	memzero_explicit(src, sizeof(*src));
53
}
54

55
static void fscrypt_free_master_key(struct rcu_head *head)
56
{
57
	struct fscrypt_master_key *mk =
58
		container_of(head, struct fscrypt_master_key, mk_rcu_head);
59
	/*
60
	 * The master key secret and any embedded subkeys should have already
61
	 * been wiped when the last active reference to the fscrypt_master_key
62
	 * struct was dropped; doing it here would be unnecessarily late.
63
	 * Nevertheless, use kfree_sensitive() in case anything was missed.
64
	 */
65
	kfree_sensitive(mk);
66
}
67

68
void fscrypt_put_master_key(struct fscrypt_master_key *mk)
69
{
70
	if (!refcount_dec_and_test(&mk->mk_struct_refs))
71
		return;
72
	/*
73
	 * No structural references left, so free ->mk_users, and also free the
74
	 * fscrypt_master_key struct itself after an RCU grace period ensures
75
	 * that concurrent keyring lookups can no longer find it.
76
	 */
77
	WARN_ON_ONCE(refcount_read(&mk->mk_active_refs) != 0);
78
	if (mk->mk_users) {
79
		/* Clear the keyring so the quota gets released right away. */
80
		keyring_clear(mk->mk_users);
81
		key_put(mk->mk_users);
82
		mk->mk_users = NULL;
83
	}
84
	call_rcu(&mk->mk_rcu_head, fscrypt_free_master_key);
85
}
86

87
void fscrypt_put_master_key_activeref(struct super_block *sb,
88
				      struct fscrypt_master_key *mk)
89
{
90
	size_t i;
91

92
	if (!refcount_dec_and_test(&mk->mk_active_refs))
93
		return;
94
	/*
95
	 * No active references left, so complete the full removal of this
96
	 * fscrypt_master_key struct by removing it from the keyring and
97
	 * destroying any subkeys embedded in it.
98
	 */
99

100
	if (WARN_ON_ONCE(!sb->s_master_keys))
101
		return;
102
	spin_lock(&sb->s_master_keys->lock);
103
	hlist_del_rcu(&mk->mk_node);
104
	spin_unlock(&sb->s_master_keys->lock);
105

106
	/*
107
	 * ->mk_active_refs == 0 implies that ->mk_present is false and
108
	 * ->mk_decrypted_inodes is empty.
109
	 */
110
	WARN_ON_ONCE(mk->mk_present);
111
	WARN_ON_ONCE(!list_empty(&mk->mk_decrypted_inodes));
112

113
	for (i = 0; i <= FSCRYPT_MODE_MAX; i++) {
114
		fscrypt_destroy_prepared_key(
115
				sb, &mk->mk_direct_keys[i]);
116
		fscrypt_destroy_prepared_key(
117
				sb, &mk->mk_iv_ino_lblk_64_keys[i]);
118
		fscrypt_destroy_prepared_key(
119
				sb, &mk->mk_iv_ino_lblk_32_keys[i]);
120
	}
121
	memzero_explicit(&mk->mk_ino_hash_key,
122
			 sizeof(mk->mk_ino_hash_key));
123
	mk->mk_ino_hash_key_initialized = false;
124

125
	/* Drop the structural ref associated with the active refs. */
126
	fscrypt_put_master_key(mk);
127
}
128

129
/*
130
 * This transitions the key state from present to incompletely removed, and then
131
 * potentially to absent (depending on whether inodes remain).
132
 */
133
static void fscrypt_initiate_key_removal(struct super_block *sb,
134
					 struct fscrypt_master_key *mk)
135
{
136
	WRITE_ONCE(mk->mk_present, false);
137
	wipe_master_key_secret(&mk->mk_secret);
138
	fscrypt_put_master_key_activeref(sb, mk);
139
}
140

141
static inline bool valid_key_spec(const struct fscrypt_key_specifier *spec)
142
{
143
	if (spec->__reserved)
144
		return false;
145
	return master_key_spec_len(spec) != 0;
146
}
147

148
static int fscrypt_user_key_instantiate(struct key *key,
149
					struct key_preparsed_payload *prep)
150
{
151
	/*
152
	 * We just charge FSCRYPT_MAX_RAW_KEY_SIZE bytes to the user's key quota
153
	 * for each key, regardless of the exact key size.  The amount of memory
154
	 * actually used is greater than the size of the raw key anyway.
155
	 */
156
	return key_payload_reserve(key, FSCRYPT_MAX_RAW_KEY_SIZE);
157
}
158

159
static void fscrypt_user_key_describe(const struct key *key, struct seq_file *m)
160
{
161
	seq_puts(m, key->description);
162
}
163

164
/*
165
 * Type of key in ->mk_users.  Each key of this type represents a particular
166
 * user who has added a particular master key.
167
 *
168
 * Note that the name of this key type really should be something like
169
 * ".fscrypt-user" instead of simply ".fscrypt".  But the shorter name is chosen
170
 * mainly for simplicity of presentation in /proc/keys when read by a non-root
171
 * user.  And it is expected to be rare that a key is actually added by multiple
172
 * users, since users should keep their encryption keys confidential.
173
 */
174
static struct key_type key_type_fscrypt_user = {
175
	.name			= ".fscrypt",
176
	.instantiate		= fscrypt_user_key_instantiate,
177
	.describe		= fscrypt_user_key_describe,
178
};
179

180
#define FSCRYPT_MK_USERS_DESCRIPTION_SIZE	\
181
	(CONST_STRLEN("fscrypt-") + 2 * FSCRYPT_KEY_IDENTIFIER_SIZE + \
182
	 CONST_STRLEN("-users") + 1)
183

184
#define FSCRYPT_MK_USER_DESCRIPTION_SIZE	\
185
	(2 * FSCRYPT_KEY_IDENTIFIER_SIZE + CONST_STRLEN(".uid.") + 10 + 1)
186

187
static void format_mk_users_keyring_description(
188
			char description[FSCRYPT_MK_USERS_DESCRIPTION_SIZE],
189
			const u8 mk_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE])
190
{
191
	sprintf(description, "fscrypt-%*phN-users",
192
		FSCRYPT_KEY_IDENTIFIER_SIZE, mk_identifier);
193
}
194

195
static void format_mk_user_description(
196
			char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE],
197
			const u8 mk_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE])
198
{
199

200
	sprintf(description, "%*phN.uid.%u", FSCRYPT_KEY_IDENTIFIER_SIZE,
201
		mk_identifier, __kuid_val(current_fsuid()));
202
}
203

204
/* Create ->s_master_keys if needed.  Synchronized by fscrypt_add_key_mutex. */
205
static int allocate_filesystem_keyring(struct super_block *sb)
206
{
207
	struct fscrypt_keyring *keyring;
208

209
	if (sb->s_master_keys)
210
		return 0;
211

212
	keyring = kzalloc(sizeof(*keyring), GFP_KERNEL);
213
	if (!keyring)
214
		return -ENOMEM;
215
	spin_lock_init(&keyring->lock);
216
	/*
217
	 * Pairs with the smp_load_acquire() in fscrypt_find_master_key().
218
	 * I.e., here we publish ->s_master_keys with a RELEASE barrier so that
219
	 * concurrent tasks can ACQUIRE it.
220
	 */
221
	smp_store_release(&sb->s_master_keys, keyring);
222
	return 0;
223
}
224

225
/*
226
 * Release all encryption keys that have been added to the filesystem, along
227
 * with the keyring that contains them.
228
 *
229
 * This is called at unmount time, after all potentially-encrypted inodes have
230
 * been evicted.  The filesystem's underlying block device(s) are still
231
 * available at this time; this is important because after user file accesses
232
 * have been allowed, this function may need to evict keys from the keyslots of
233
 * an inline crypto engine, which requires the block device(s).
234
 */
235
void fscrypt_destroy_keyring(struct super_block *sb)
236
{
237
	struct fscrypt_keyring *keyring = sb->s_master_keys;
238
	size_t i;
239

240
	if (!keyring)
241
		return;
242

243
	for (i = 0; i < ARRAY_SIZE(keyring->key_hashtable); i++) {
244
		struct hlist_head *bucket = &keyring->key_hashtable[i];
245
		struct fscrypt_master_key *mk;
246
		struct hlist_node *tmp;
247

248
		hlist_for_each_entry_safe(mk, tmp, bucket, mk_node) {
249
			/*
250
			 * Since all potentially-encrypted inodes were already
251
			 * evicted, every key remaining in the keyring should
252
			 * have an empty inode list, and should only still be in
253
			 * the keyring due to the single active ref associated
254
			 * with ->mk_present.  There should be no structural
255
			 * refs beyond the one associated with the active ref.
256
			 */
257
			WARN_ON_ONCE(refcount_read(&mk->mk_active_refs) != 1);
258
			WARN_ON_ONCE(refcount_read(&mk->mk_struct_refs) != 1);
259
			WARN_ON_ONCE(!mk->mk_present);
260
			fscrypt_initiate_key_removal(sb, mk);
261
		}
262
	}
263
	kfree_sensitive(keyring);
264
	sb->s_master_keys = NULL;
265
}
266

267
static struct hlist_head *
268
fscrypt_mk_hash_bucket(struct fscrypt_keyring *keyring,
269
		       const struct fscrypt_key_specifier *mk_spec)
270
{
271
	/*
272
	 * Since key specifiers should be "random" values, it is sufficient to
273
	 * use a trivial hash function that just takes the first several bits of
274
	 * the key specifier.
275
	 */
276
	unsigned long i = get_unaligned((unsigned long *)&mk_spec->u);
277

278
	return &keyring->key_hashtable[i % ARRAY_SIZE(keyring->key_hashtable)];
279
}
280

281
/*
282
 * Find the specified master key struct in ->s_master_keys and take a structural
283
 * ref to it.  The structural ref guarantees that the key struct continues to
284
 * exist, but it does *not* guarantee that ->s_master_keys continues to contain
285
 * the key struct.  The structural ref needs to be dropped by
286
 * fscrypt_put_master_key().  Returns NULL if the key struct is not found.
287
 */
288
struct fscrypt_master_key *
289
fscrypt_find_master_key(struct super_block *sb,
290
			const struct fscrypt_key_specifier *mk_spec)
291
{
292
	struct fscrypt_keyring *keyring;
293
	struct hlist_head *bucket;
294
	struct fscrypt_master_key *mk;
295

296
	/*
297
	 * Pairs with the smp_store_release() in allocate_filesystem_keyring().
298
	 * I.e., another task can publish ->s_master_keys concurrently,
299
	 * executing a RELEASE barrier.  We need to use smp_load_acquire() here
300
	 * to safely ACQUIRE the memory the other task published.
301
	 */
302
	keyring = smp_load_acquire(&sb->s_master_keys);
303
	if (keyring == NULL)
304
		return NULL; /* No keyring yet, so no keys yet. */
305

306
	bucket = fscrypt_mk_hash_bucket(keyring, mk_spec);
307
	rcu_read_lock();
308
	switch (mk_spec->type) {
309
	case FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR:
310
		hlist_for_each_entry_rcu(mk, bucket, mk_node) {
311
			if (mk->mk_spec.type ==
312
				FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR &&
313
			    memcmp(mk->mk_spec.u.descriptor,
314
				   mk_spec->u.descriptor,
315
				   FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&
316
			    refcount_inc_not_zero(&mk->mk_struct_refs))
317
				goto out;
318
		}
319
		break;
320
	case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER:
321
		hlist_for_each_entry_rcu(mk, bucket, mk_node) {
322
			if (mk->mk_spec.type ==
323
				FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER &&
324
			    memcmp(mk->mk_spec.u.identifier,
325
				   mk_spec->u.identifier,
326
				   FSCRYPT_KEY_IDENTIFIER_SIZE) == 0 &&
327
			    refcount_inc_not_zero(&mk->mk_struct_refs))
328
				goto out;
329
		}
330
		break;
331
	}
332
	mk = NULL;
333
out:
334
	rcu_read_unlock();
335
	return mk;
336
}
337

338
static int allocate_master_key_users_keyring(struct fscrypt_master_key *mk)
339
{
340
	char description[FSCRYPT_MK_USERS_DESCRIPTION_SIZE];
341
	struct key *keyring;
342

343
	format_mk_users_keyring_description(description,
344
					    mk->mk_spec.u.identifier);
345
	keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
346
				current_cred(), KEY_POS_SEARCH |
347
				  KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW,
348
				KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
349
	if (IS_ERR(keyring))
350
		return PTR_ERR(keyring);
351

352
	mk->mk_users = keyring;
353
	return 0;
354
}
355

356
/*
357
 * Find the current user's "key" in the master key's ->mk_users.
358
 * Returns ERR_PTR(-ENOKEY) if not found.
359
 */
360
static struct key *find_master_key_user(struct fscrypt_master_key *mk)
361
{
362
	char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE];
363
	key_ref_t keyref;
364

365
	format_mk_user_description(description, mk->mk_spec.u.identifier);
366

367
	/*
368
	 * We need to mark the keyring reference as "possessed" so that we
369
	 * acquire permission to search it, via the KEY_POS_SEARCH permission.
370
	 */
371
	keyref = keyring_search(make_key_ref(mk->mk_users, true /*possessed*/),
372
				&key_type_fscrypt_user, description, false);
373
	if (IS_ERR(keyref)) {
374
		if (PTR_ERR(keyref) == -EAGAIN || /* not found */
375
		    PTR_ERR(keyref) == -EKEYREVOKED) /* recently invalidated */
376
			keyref = ERR_PTR(-ENOKEY);
377
		return ERR_CAST(keyref);
378
	}
379
	return key_ref_to_ptr(keyref);
380
}
381

382
/*
383
 * Give the current user a "key" in ->mk_users.  This charges the user's quota
384
 * and marks the master key as added by the current user, so that it cannot be
385
 * removed by another user with the key.  Either ->mk_sem must be held for
386
 * write, or the master key must be still undergoing initialization.
387
 */
388
static int add_master_key_user(struct fscrypt_master_key *mk)
389
{
390
	char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE];
391
	struct key *mk_user;
392
	int err;
393

394
	format_mk_user_description(description, mk->mk_spec.u.identifier);
395
	mk_user = key_alloc(&key_type_fscrypt_user, description,
396
			    current_fsuid(), current_gid(), current_cred(),
397
			    KEY_POS_SEARCH | KEY_USR_VIEW, 0, NULL);
398
	if (IS_ERR(mk_user))
399
		return PTR_ERR(mk_user);
400

401
	err = key_instantiate_and_link(mk_user, NULL, 0, mk->mk_users, NULL);
402
	key_put(mk_user);
403
	return err;
404
}
405

406
/*
407
 * Remove the current user's "key" from ->mk_users.
408
 * ->mk_sem must be held for write.
409
 *
410
 * Returns 0 if removed, -ENOKEY if not found, or another -errno code.
411
 */
412
static int remove_master_key_user(struct fscrypt_master_key *mk)
413
{
414
	struct key *mk_user;
415
	int err;
416

417
	mk_user = find_master_key_user(mk);
418
	if (IS_ERR(mk_user))
419
		return PTR_ERR(mk_user);
420
	err = key_unlink(mk->mk_users, mk_user);
421
	key_put(mk_user);
422
	return err;
423
}
424

425
/*
426
 * Allocate a new fscrypt_master_key, transfer the given secret over to it, and
427
 * insert it into sb->s_master_keys.
428
 */
429
static int add_new_master_key(struct super_block *sb,
430
			      struct fscrypt_master_key_secret *secret,
431
			      const struct fscrypt_key_specifier *mk_spec)
432
{
433
	struct fscrypt_keyring *keyring = sb->s_master_keys;
434
	struct fscrypt_master_key *mk;
435
	int err;
436

437
	mk = kzalloc(sizeof(*mk), GFP_KERNEL);
438
	if (!mk)
439
		return -ENOMEM;
440

441
	init_rwsem(&mk->mk_sem);
442
	refcount_set(&mk->mk_struct_refs, 1);
443
	mk->mk_spec = *mk_spec;
444

445
	INIT_LIST_HEAD(&mk->mk_decrypted_inodes);
446
	spin_lock_init(&mk->mk_decrypted_inodes_lock);
447

448
	if (mk_spec->type == FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER) {
449
		err = allocate_master_key_users_keyring(mk);
450
		if (err)
451
			goto out_put;
452
		err = add_master_key_user(mk);
453
		if (err)
454
			goto out_put;
455
	}
456

457
	move_master_key_secret(&mk->mk_secret, secret);
458
	mk->mk_present = true;
459
	refcount_set(&mk->mk_active_refs, 1); /* ->mk_present is true */
460

461
	spin_lock(&keyring->lock);
462
	hlist_add_head_rcu(&mk->mk_node,
463
			   fscrypt_mk_hash_bucket(keyring, mk_spec));
464
	spin_unlock(&keyring->lock);
465
	return 0;
466

467
out_put:
468
	fscrypt_put_master_key(mk);
469
	return err;
470
}
471

472
#define KEY_DEAD	1
473

474
static int add_existing_master_key(struct fscrypt_master_key *mk,
475
				   struct fscrypt_master_key_secret *secret)
476
{
477
	int err;
478

479
	/*
480
	 * If the current user is already in ->mk_users, then there's nothing to
481
	 * do.  Otherwise, we need to add the user to ->mk_users.  (Neither is
482
	 * applicable for v1 policy keys, which have NULL ->mk_users.)
483
	 */
484
	if (mk->mk_users) {
485
		struct key *mk_user = find_master_key_user(mk);
486

487
		if (mk_user != ERR_PTR(-ENOKEY)) {
488
			if (IS_ERR(mk_user))
489
				return PTR_ERR(mk_user);
490
			key_put(mk_user);
491
			return 0;
492
		}
493
		err = add_master_key_user(mk);
494
		if (err)
495
			return err;
496
	}
497

498
	/* If the key is incompletely removed, make it present again. */
499
	if (!mk->mk_present) {
500
		if (!refcount_inc_not_zero(&mk->mk_active_refs)) {
501
			/*
502
			 * Raced with the last active ref being dropped, so the
503
			 * key has become, or is about to become, "absent".
504
			 * Therefore, we need to allocate a new key struct.
505
			 */
506
			return KEY_DEAD;
507
		}
508
		move_master_key_secret(&mk->mk_secret, secret);
509
		WRITE_ONCE(mk->mk_present, true);
510
	}
511

512
	return 0;
513
}
514

515
static int do_add_master_key(struct super_block *sb,
516
			     struct fscrypt_master_key_secret *secret,
517
			     const struct fscrypt_key_specifier *mk_spec)
518
{
519
	static DEFINE_MUTEX(fscrypt_add_key_mutex);
520
	struct fscrypt_master_key *mk;
521
	int err;
522

523
	mutex_lock(&fscrypt_add_key_mutex); /* serialize find + link */
524

525
	mk = fscrypt_find_master_key(sb, mk_spec);
526
	if (!mk) {
527
		/* Didn't find the key in ->s_master_keys.  Add it. */
528
		err = allocate_filesystem_keyring(sb);
529
		if (!err)
530
			err = add_new_master_key(sb, secret, mk_spec);
531
	} else {
532
		/*
533
		 * Found the key in ->s_master_keys.  Add the user to ->mk_users
534
		 * if needed, and make the key "present" again if possible.
535
		 */
536
		down_write(&mk->mk_sem);
537
		err = add_existing_master_key(mk, secret);
538
		up_write(&mk->mk_sem);
539
		if (err == KEY_DEAD) {
540
			/*
541
			 * We found a key struct, but it's already been fully
542
			 * removed.  Ignore the old struct and add a new one.
543
			 * fscrypt_add_key_mutex means we don't need to worry
544
			 * about concurrent adds.
545
			 */
546
			err = add_new_master_key(sb, secret, mk_spec);
547
		}
548
		fscrypt_put_master_key(mk);
549
	}
550
	mutex_unlock(&fscrypt_add_key_mutex);
551
	return err;
552
}
553

554
static int add_master_key(struct super_block *sb,
555
			  struct fscrypt_master_key_secret *secret,
556
			  struct fscrypt_key_specifier *key_spec)
557
{
558
	int err;
559

560
	if (key_spec->type == FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER) {
561
		u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE];
562
		u8 *kdf_key = secret->bytes;
563
		unsigned int kdf_key_size = secret->size;
564
		u8 keyid_kdf_ctx = HKDF_CONTEXT_KEY_IDENTIFIER_FOR_RAW_KEY;
565

566
		/*
567
		 * For raw keys, the fscrypt master key is used directly as the
568
		 * fscrypt KDF key.  For hardware-wrapped keys, we have to pass
569
		 * the master key to the hardware to derive the KDF key, which
570
		 * is then only used to derive non-file-contents subkeys.
571
		 */
572
		if (secret->is_hw_wrapped) {
573
			err = fscrypt_derive_sw_secret(sb, secret->bytes,
574
						       secret->size, sw_secret);
575
			if (err)
576
				return err;
577
			kdf_key = sw_secret;
578
			kdf_key_size = sizeof(sw_secret);
579
			/*
580
			 * To avoid weird behavior if someone manages to
581
			 * determine sw_secret and add it as a raw key, ensure
582
			 * that hardware-wrapped keys and raw keys will have
583
			 * different key identifiers by deriving their key
584
			 * identifiers using different KDF contexts.
585
			 */
586
			keyid_kdf_ctx =
587
				HKDF_CONTEXT_KEY_IDENTIFIER_FOR_HW_WRAPPED_KEY;
588
		}
589
		fscrypt_init_hkdf(&secret->hkdf, kdf_key, kdf_key_size);
590
		/*
591
		 * Now that the KDF context is initialized, the raw KDF key is
592
		 * no longer needed.
593
		 */
594
		memzero_explicit(kdf_key, kdf_key_size);
595

596
		/* Calculate the key identifier */
597
		fscrypt_hkdf_expand(&secret->hkdf, keyid_kdf_ctx, NULL, 0,
598
				    key_spec->u.identifier,
599
				    FSCRYPT_KEY_IDENTIFIER_SIZE);
600
	}
601
	return do_add_master_key(sb, secret, key_spec);
602
}
603

604
/*
605
 * Validate the size of an fscrypt master key being added.  Note that this is
606
 * just an initial check, as we don't know which ciphers will be used yet.
607
 * There is a stricter size check later when the key is actually used by a file.
608
 */
609
static inline bool fscrypt_valid_key_size(size_t size, u32 add_key_flags)
610
{
611
	u32 max_size = (add_key_flags & FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED) ?
612
		       FSCRYPT_MAX_HW_WRAPPED_KEY_SIZE :
613
		       FSCRYPT_MAX_RAW_KEY_SIZE;
614

615
	return size >= FSCRYPT_MIN_KEY_SIZE && size <= max_size;
616
}
617

618
static int fscrypt_provisioning_key_preparse(struct key_preparsed_payload *prep)
619
{
620
	const struct fscrypt_provisioning_key_payload *payload = prep->data;
621

622
	if (prep->datalen < sizeof(*payload))
623
		return -EINVAL;
624

625
	if (!fscrypt_valid_key_size(prep->datalen - sizeof(*payload),
626
				    payload->flags))
627
		return -EINVAL;
628

629
	if (payload->type != FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR &&
630
	    payload->type != FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER)
631
		return -EINVAL;
632

633
	if (payload->flags & ~FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED)
634
		return -EINVAL;
635

636
	prep->payload.data[0] = kmemdup(payload, prep->datalen, GFP_KERNEL);
637
	if (!prep->payload.data[0])
638
		return -ENOMEM;
639

640
	prep->quotalen = prep->datalen;
641
	return 0;
642
}
643

644
static void fscrypt_provisioning_key_free_preparse(
645
					struct key_preparsed_payload *prep)
646
{
647
	kfree_sensitive(prep->payload.data[0]);
648
}
649

650
static void fscrypt_provisioning_key_describe(const struct key *key,
651
					      struct seq_file *m)
652
{
653
	seq_puts(m, key->description);
654
	if (key_is_positive(key)) {
655
		const struct fscrypt_provisioning_key_payload *payload =
656
			key->payload.data[0];
657

658
		seq_printf(m, ": %u [%u]", key->datalen, payload->type);
659
	}
660
}
661

662
static void fscrypt_provisioning_key_destroy(struct key *key)
663
{
664
	kfree_sensitive(key->payload.data[0]);
665
}
666

667
static struct key_type key_type_fscrypt_provisioning = {
668
	.name			= "fscrypt-provisioning",
669
	.preparse		= fscrypt_provisioning_key_preparse,
670
	.free_preparse		= fscrypt_provisioning_key_free_preparse,
671
	.instantiate		= generic_key_instantiate,
672
	.describe		= fscrypt_provisioning_key_describe,
673
	.destroy		= fscrypt_provisioning_key_destroy,
674
};
675

676
/*
677
 * Retrieve the key from the Linux keyring key specified by 'key_id', and store
678
 * it into 'secret'.
679
 *
680
 * The key must be of type "fscrypt-provisioning" and must have the 'type' and
681
 * 'flags' field of the payload set to the given values, indicating that the key
682
 * is intended for use for the specified purpose.  We don't use the "logon" key
683
 * type because there's no way to completely restrict the use of such keys; they
684
 * can be used by any kernel API that accepts "logon" keys and doesn't require a
685
 * specific service prefix.
686
 *
687
 * The ability to specify the key via Linux keyring key is intended for cases
688
 * where userspace needs to re-add keys after the filesystem is unmounted and
689
 * re-mounted.  Most users should just provide the key directly instead.
690
 */
691
static int get_keyring_key(u32 key_id, u32 type, u32 flags,
692
			   struct fscrypt_master_key_secret *secret)
693
{
694
	key_ref_t ref;
695
	struct key *key;
696
	const struct fscrypt_provisioning_key_payload *payload;
697
	int err;
698

699
	ref = lookup_user_key(key_id, 0, KEY_NEED_SEARCH);
700
	if (IS_ERR(ref))
701
		return PTR_ERR(ref);
702
	key = key_ref_to_ptr(ref);
703

704
	if (key->type != &key_type_fscrypt_provisioning)
705
		goto bad_key;
706
	payload = key->payload.data[0];
707

708
	/*
709
	 * Don't allow fscrypt v1 keys to be used as v2 keys and vice versa.
710
	 * Similarly, don't allow hardware-wrapped keys to be used as
711
	 * non-hardware-wrapped keys and vice versa.
712
	 */
713
	if (payload->type != type || payload->flags != flags)
714
		goto bad_key;
715

716
	secret->size = key->datalen - sizeof(*payload);
717
	memcpy(secret->bytes, payload->raw, secret->size);
718
	err = 0;
719
	goto out_put;
720

721
bad_key:
722
	err = -EKEYREJECTED;
723
out_put:
724
	key_ref_put(ref);
725
	return err;
726
}
727

728
/*
729
 * Add a master encryption key to the filesystem, causing all files which were
730
 * encrypted with it to appear "unlocked" (decrypted) when accessed.
731
 *
732
 * When adding a key for use by v1 encryption policies, this ioctl is
733
 * privileged, and userspace must provide the 'key_descriptor'.
734
 *
735
 * When adding a key for use by v2+ encryption policies, this ioctl is
736
 * unprivileged.  This is needed, in general, to allow non-root users to use
737
 * encryption without encountering the visibility problems of process-subscribed
738
 * keyrings and the inability to properly remove keys.  This works by having
739
 * each key identified by its cryptographically secure hash --- the
740
 * 'key_identifier'.  The cryptographic hash ensures that a malicious user
741
 * cannot add the wrong key for a given identifier.  Furthermore, each added key
742
 * is charged to the appropriate user's quota for the keyrings service, which
743
 * prevents a malicious user from adding too many keys.  Finally, we forbid a
744
 * user from removing a key while other users have added it too, which prevents
745
 * a user who knows another user's key from causing a denial-of-service by
746
 * removing it at an inopportune time.  (We tolerate that a user who knows a key
747
 * can prevent other users from removing it.)
748
 *
749
 * For more details, see the "FS_IOC_ADD_ENCRYPTION_KEY" section of
750
 * Documentation/filesystems/fscrypt.rst.
751
 */
752
int fscrypt_ioctl_add_key(struct file *filp, void __user *_uarg)
753
{
754
	struct super_block *sb = file_inode(filp)->i_sb;
755
	struct fscrypt_add_key_arg __user *uarg = _uarg;
756
	struct fscrypt_add_key_arg arg;
757
	struct fscrypt_master_key_secret secret;
758
	int err;
759

760
	if (copy_from_user(&arg, uarg, sizeof(arg)))
761
		return -EFAULT;
762

763
	if (!valid_key_spec(&arg.key_spec))
764
		return -EINVAL;
765

766
	if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved)))
767
		return -EINVAL;
768

769
	/*
770
	 * Only root can add keys that are identified by an arbitrary descriptor
771
	 * rather than by a cryptographic hash --- since otherwise a malicious
772
	 * user could add the wrong key.
773
	 */
774
	if (arg.key_spec.type == FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR &&
775
	    !capable(CAP_SYS_ADMIN))
776
		return -EACCES;
777

778
	memset(&secret, 0, sizeof(secret));
779

780
	if (arg.flags) {
781
		if (arg.flags & ~FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED)
782
			return -EINVAL;
783
		if (arg.key_spec.type != FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER)
784
			return -EINVAL;
785
		secret.is_hw_wrapped = true;
786
	}
787

788
	if (arg.key_id) {
789
		if (arg.raw_size != 0)
790
			return -EINVAL;
791
		err = get_keyring_key(arg.key_id, arg.key_spec.type, arg.flags,
792
				      &secret);
793
		if (err)
794
			goto out_wipe_secret;
795
	} else {
796
		if (!fscrypt_valid_key_size(arg.raw_size, arg.flags))
797
			return -EINVAL;
798
		secret.size = arg.raw_size;
799
		err = -EFAULT;
800
		if (copy_from_user(secret.bytes, uarg->raw, secret.size))
801
			goto out_wipe_secret;
802
	}
803

804
	err = add_master_key(sb, &secret, &arg.key_spec);
805
	if (err)
806
		goto out_wipe_secret;
807

808
	/* Return the key identifier to userspace, if applicable */
809
	err = -EFAULT;
810
	if (arg.key_spec.type == FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER &&
811
	    copy_to_user(uarg->key_spec.u.identifier, arg.key_spec.u.identifier,
812
			 FSCRYPT_KEY_IDENTIFIER_SIZE))
813
		goto out_wipe_secret;
814
	err = 0;
815
out_wipe_secret:
816
	wipe_master_key_secret(&secret);
817
	return err;
818
}
819
EXPORT_SYMBOL_GPL(fscrypt_ioctl_add_key);
820

821
static void
822
fscrypt_get_test_dummy_secret(struct fscrypt_master_key_secret *secret)
823
{
824
	static u8 test_key[FSCRYPT_MAX_RAW_KEY_SIZE];
825

826
	get_random_once(test_key, sizeof(test_key));
827

828
	memset(secret, 0, sizeof(*secret));
829
	secret->size = sizeof(test_key);
830
	memcpy(secret->bytes, test_key, sizeof(test_key));
831
}
832

833
void fscrypt_get_test_dummy_key_identifier(
834
				u8 key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE])
835
{
836
	struct fscrypt_master_key_secret secret;
837

838
	fscrypt_get_test_dummy_secret(&secret);
839
	fscrypt_init_hkdf(&secret.hkdf, secret.bytes, secret.size);
840
	fscrypt_hkdf_expand(&secret.hkdf,
841
			    HKDF_CONTEXT_KEY_IDENTIFIER_FOR_RAW_KEY, NULL, 0,
842
			    key_identifier, FSCRYPT_KEY_IDENTIFIER_SIZE);
843
	wipe_master_key_secret(&secret);
844
}
845

846
/**
847
 * fscrypt_add_test_dummy_key() - add the test dummy encryption key
848
 * @sb: the filesystem instance to add the key to
849
 * @key_spec: the key specifier of the test dummy encryption key
850
 *
851
 * Add the key for the test_dummy_encryption mount option to the filesystem.  To
852
 * prevent misuse of this mount option, a per-boot random key is used instead of
853
 * a hardcoded one.  This makes it so that any encrypted files created using
854
 * this option won't be accessible after a reboot.
855
 *
856
 * Return: 0 on success, -errno on failure
857
 */
858
int fscrypt_add_test_dummy_key(struct super_block *sb,
859
			       struct fscrypt_key_specifier *key_spec)
860
{
861
	struct fscrypt_master_key_secret secret;
862
	int err;
863

864
	fscrypt_get_test_dummy_secret(&secret);
865
	err = add_master_key(sb, &secret, key_spec);
866
	wipe_master_key_secret(&secret);
867
	return err;
868
}
869

870
/*
871
 * Verify that the current user has added a master key with the given identifier
872
 * (returns -ENOKEY if not).  This is needed to prevent a user from encrypting
873
 * their files using some other user's key which they don't actually know.
874
 * Cryptographically this isn't much of a problem, but the semantics of this
875
 * would be a bit weird, so it's best to just forbid it.
876
 *
877
 * The system administrator (CAP_FOWNER) can override this, which should be
878
 * enough for any use cases where encryption policies are being set using keys
879
 * that were chosen ahead of time but aren't available at the moment.
880
 *
881
 * Note that the key may have already removed by the time this returns, but
882
 * that's okay; we just care whether the key was there at some point.
883
 *
884
 * Return: 0 if the key is added, -ENOKEY if it isn't, or another -errno code
885
 */
886
int fscrypt_verify_key_added(struct super_block *sb,
887
			     const u8 identifier[FSCRYPT_KEY_IDENTIFIER_SIZE])
888
{
889
	struct fscrypt_key_specifier mk_spec;
890
	struct fscrypt_master_key *mk;
891
	struct key *mk_user;
892
	int err;
893

894
	mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER;
895
	memcpy(mk_spec.u.identifier, identifier, FSCRYPT_KEY_IDENTIFIER_SIZE);
896

897
	mk = fscrypt_find_master_key(sb, &mk_spec);
898
	if (!mk) {
899
		err = -ENOKEY;
900
		goto out;
901
	}
902
	down_read(&mk->mk_sem);
903
	mk_user = find_master_key_user(mk);
904
	if (IS_ERR(mk_user)) {
905
		err = PTR_ERR(mk_user);
906
	} else {
907
		key_put(mk_user);
908
		err = 0;
909
	}
910
	up_read(&mk->mk_sem);
911
	fscrypt_put_master_key(mk);
912
out:
913
	if (err == -ENOKEY && capable(CAP_FOWNER))
914
		err = 0;
915
	return err;
916
}
917

918
/*
919
 * Try to evict the inode's dentries from the dentry cache.  If the inode is a
920
 * directory, then it can have at most one dentry; however, that dentry may be
921
 * pinned by child dentries, so first try to evict the children too.
922
 */
923
static void shrink_dcache_inode(struct inode *inode)
924
{
925
	struct dentry *dentry;
926

927
	if (S_ISDIR(inode->i_mode)) {
928
		dentry = d_find_any_alias(inode);
929
		if (dentry) {
930
			shrink_dcache_parent(dentry);
931
			dput(dentry);
932
		}
933
	}
934
	d_prune_aliases(inode);
935
}
936

937
static void evict_dentries_for_decrypted_inodes(struct fscrypt_master_key *mk)
938
{
939
	struct fscrypt_inode_info *ci;
940
	struct inode *inode;
941
	struct inode *toput_inode = NULL;
942

943
	spin_lock(&mk->mk_decrypted_inodes_lock);
944

945
	list_for_each_entry(ci, &mk->mk_decrypted_inodes, ci_master_key_link) {
946
		inode = ci->ci_inode;
947
		spin_lock(&inode->i_lock);
948
		if (inode->i_state & (I_FREEING | I_WILL_FREE | I_NEW)) {
949
			spin_unlock(&inode->i_lock);
950
			continue;
951
		}
952
		__iget(inode);
953
		spin_unlock(&inode->i_lock);
954
		spin_unlock(&mk->mk_decrypted_inodes_lock);
955

956
		shrink_dcache_inode(inode);
957
		iput(toput_inode);
958
		toput_inode = inode;
959

960
		spin_lock(&mk->mk_decrypted_inodes_lock);
961
	}
962

963
	spin_unlock(&mk->mk_decrypted_inodes_lock);
964
	iput(toput_inode);
965
}
966

967
static int check_for_busy_inodes(struct super_block *sb,
968
				 struct fscrypt_master_key *mk)
969
{
970
	struct list_head *pos;
971
	size_t busy_count = 0;
972
	unsigned long ino;
973
	char ino_str[50] = "";
974

975
	spin_lock(&mk->mk_decrypted_inodes_lock);
976

977
	list_for_each(pos, &mk->mk_decrypted_inodes)
978
		busy_count++;
979

980
	if (busy_count == 0) {
981
		spin_unlock(&mk->mk_decrypted_inodes_lock);
982
		return 0;
983
	}
984

985
	{
986
		/* select an example file to show for debugging purposes */
987
		struct inode *inode =
988
			list_first_entry(&mk->mk_decrypted_inodes,
989
					 struct fscrypt_inode_info,
990
					 ci_master_key_link)->ci_inode;
991
		ino = inode->i_ino;
992
	}
993
	spin_unlock(&mk->mk_decrypted_inodes_lock);
994

995
	/* If the inode is currently being created, ino may still be 0. */
996
	if (ino)
997
		snprintf(ino_str, sizeof(ino_str), ", including ino %lu", ino);
998

999
	fscrypt_warn(NULL,
1000
		     "%s: %zu inode(s) still busy after removing key with %s %*phN%s",
1001
		     sb->s_id, busy_count, master_key_spec_type(&mk->mk_spec),
1002
		     master_key_spec_len(&mk->mk_spec), (u8 *)&mk->mk_spec.u,
1003
		     ino_str);
1004
	return -EBUSY;
1005
}
1006

1007
static int try_to_lock_encrypted_files(struct super_block *sb,
1008
				       struct fscrypt_master_key *mk)
1009
{
1010
	int err1;
1011
	int err2;
1012

1013
	/*
1014
	 * An inode can't be evicted while it is dirty or has dirty pages.
1015
	 * Thus, we first have to clean the inodes in ->mk_decrypted_inodes.
1016
	 *
1017
	 * Just do it the easy way: call sync_filesystem().  It's overkill, but
1018
	 * it works, and it's more important to minimize the amount of caches we
1019
	 * drop than the amount of data we sync.  Also, unprivileged users can
1020
	 * already call sync_filesystem() via sys_syncfs() or sys_sync().
1021
	 */
1022
	down_read(&sb->s_umount);
1023
	err1 = sync_filesystem(sb);
1024
	up_read(&sb->s_umount);
1025
	/* If a sync error occurs, still try to evict as much as possible. */
1026

1027
	/*
1028
	 * Inodes are pinned by their dentries, so we have to evict their
1029
	 * dentries.  shrink_dcache_sb() would suffice, but would be overkill
1030
	 * and inappropriate for use by unprivileged users.  So instead go
1031
	 * through the inodes' alias lists and try to evict each dentry.
1032
	 */
1033
	evict_dentries_for_decrypted_inodes(mk);
1034

1035
	/*
1036
	 * evict_dentries_for_decrypted_inodes() already iput() each inode in
1037
	 * the list; any inodes for which that dropped the last reference will
1038
	 * have been evicted due to fscrypt_drop_inode() detecting the key
1039
	 * removal and telling the VFS to evict the inode.  So to finish, we
1040
	 * just need to check whether any inodes couldn't be evicted.
1041
	 */
1042
	err2 = check_for_busy_inodes(sb, mk);
1043

1044
	return err1 ?: err2;
1045
}
1046

1047
/*
1048
 * Try to remove an fscrypt master encryption key.
1049
 *
1050
 * FS_IOC_REMOVE_ENCRYPTION_KEY (all_users=false) removes the current user's
1051
 * claim to the key, then removes the key itself if no other users have claims.
1052
 * FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS (all_users=true) always removes the
1053
 * key itself.
1054
 *
1055
 * To "remove the key itself", first we transition the key to the "incompletely
1056
 * removed" state, so that no more inodes can be unlocked with it.  Then we try
1057
 * to evict all cached inodes that had been unlocked with the key.
1058
 *
1059
 * If all inodes were evicted, then we unlink the fscrypt_master_key from the
1060
 * keyring.  Otherwise it remains in the keyring in the "incompletely removed"
1061
 * state where it tracks the list of remaining inodes.  Userspace can execute
1062
 * the ioctl again later to retry eviction, or alternatively can re-add the key.
1063
 *
1064
 * For more details, see the "Removing keys" section of
1065
 * Documentation/filesystems/fscrypt.rst.
1066
 */
1067
static int do_remove_key(struct file *filp, void __user *_uarg, bool all_users)
1068
{
1069
	struct super_block *sb = file_inode(filp)->i_sb;
1070
	struct fscrypt_remove_key_arg __user *uarg = _uarg;
1071
	struct fscrypt_remove_key_arg arg;
1072
	struct fscrypt_master_key *mk;
1073
	u32 status_flags = 0;
1074
	int err;
1075
	bool inodes_remain;
1076

1077
	if (copy_from_user(&arg, uarg, sizeof(arg)))
1078
		return -EFAULT;
1079

1080
	if (!valid_key_spec(&arg.key_spec))
1081
		return -EINVAL;
1082

1083
	if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved)))
1084
		return -EINVAL;
1085

1086
	/*
1087
	 * Only root can add and remove keys that are identified by an arbitrary
1088
	 * descriptor rather than by a cryptographic hash.
1089
	 */
1090
	if (arg.key_spec.type == FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR &&
1091
	    !capable(CAP_SYS_ADMIN))
1092
		return -EACCES;
1093

1094
	/* Find the key being removed. */
1095
	mk = fscrypt_find_master_key(sb, &arg.key_spec);
1096
	if (!mk)
1097
		return -ENOKEY;
1098
	down_write(&mk->mk_sem);
1099

1100
	/* If relevant, remove current user's (or all users) claim to the key */
1101
	if (mk->mk_users && mk->mk_users->keys.nr_leaves_on_tree != 0) {
1102
		if (all_users)
1103
			err = keyring_clear(mk->mk_users);
1104
		else
1105
			err = remove_master_key_user(mk);
1106
		if (err) {
1107
			up_write(&mk->mk_sem);
1108
			goto out_put_key;
1109
		}
1110
		if (mk->mk_users->keys.nr_leaves_on_tree != 0) {
1111
			/*
1112
			 * Other users have still added the key too.  We removed
1113
			 * the current user's claim to the key, but we still
1114
			 * can't remove the key itself.
1115
			 */
1116
			status_flags |=
1117
				FSCRYPT_KEY_REMOVAL_STATUS_FLAG_OTHER_USERS;
1118
			err = 0;
1119
			up_write(&mk->mk_sem);
1120
			goto out_put_key;
1121
		}
1122
	}
1123

1124
	/* No user claims remaining.  Initiate removal of the key. */
1125
	err = -ENOKEY;
1126
	if (mk->mk_present) {
1127
		fscrypt_initiate_key_removal(sb, mk);
1128
		err = 0;
1129
	}
1130
	inodes_remain = refcount_read(&mk->mk_active_refs) > 0;
1131
	up_write(&mk->mk_sem);
1132

1133
	if (inodes_remain) {
1134
		/* Some inodes still reference this key; try to evict them. */
1135
		err = try_to_lock_encrypted_files(sb, mk);
1136
		if (err == -EBUSY) {
1137
			status_flags |=
1138
				FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY;
1139
			err = 0;
1140
		}
1141
	}
1142
	/*
1143
	 * We return 0 if we successfully did something: removed a claim to the
1144
	 * key, initiated removal of the key, or tried locking the files again.
1145
	 * Users need to check the informational status flags if they care
1146
	 * whether the key has been fully removed including all files locked.
1147
	 */
1148
out_put_key:
1149
	fscrypt_put_master_key(mk);
1150
	if (err == 0)
1151
		err = put_user(status_flags, &uarg->removal_status_flags);
1152
	return err;
1153
}
1154

1155
int fscrypt_ioctl_remove_key(struct file *filp, void __user *uarg)
1156
{
1157
	return do_remove_key(filp, uarg, false);
1158
}
1159
EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key);
1160

1161
int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *uarg)
1162
{
1163
	if (!capable(CAP_SYS_ADMIN))
1164
		return -EACCES;
1165
	return do_remove_key(filp, uarg, true);
1166
}
1167
EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key_all_users);
1168

1169
/*
1170
 * Retrieve the status of an fscrypt master encryption key.
1171
 *
1172
 * We set ->status to indicate whether the key is absent, present, or
1173
 * incompletely removed.  (For an explanation of what these statuses mean and
1174
 * how they are represented internally, see struct fscrypt_master_key.)  This
1175
 * field allows applications to easily determine the status of an encrypted
1176
 * directory without using a hack such as trying to open a regular file in it
1177
 * (which can confuse the "incompletely removed" status with absent or present).
1178
 *
1179
 * In addition, for v2 policy keys we allow applications to determine, via
1180
 * ->status_flags and ->user_count, whether the key has been added by the
1181
 * current user, by other users, or by both.  Most applications should not need
1182
 * this, since ordinarily only one user should know a given key.  However, if a
1183
 * secret key is shared by multiple users, applications may wish to add an
1184
 * already-present key to prevent other users from removing it.  This ioctl can
1185
 * be used to check whether that really is the case before the work is done to
1186
 * add the key --- which might e.g. require prompting the user for a passphrase.
1187
 *
1188
 * For more details, see the "FS_IOC_GET_ENCRYPTION_KEY_STATUS" section of
1189
 * Documentation/filesystems/fscrypt.rst.
1190
 */
1191
int fscrypt_ioctl_get_key_status(struct file *filp, void __user *uarg)
1192
{
1193
	struct super_block *sb = file_inode(filp)->i_sb;
1194
	struct fscrypt_get_key_status_arg arg;
1195
	struct fscrypt_master_key *mk;
1196
	int err;
1197

1198
	if (copy_from_user(&arg, uarg, sizeof(arg)))
1199
		return -EFAULT;
1200

1201
	if (!valid_key_spec(&arg.key_spec))
1202
		return -EINVAL;
1203

1204
	if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved)))
1205
		return -EINVAL;
1206

1207
	arg.status_flags = 0;
1208
	arg.user_count = 0;
1209
	memset(arg.__out_reserved, 0, sizeof(arg.__out_reserved));
1210

1211
	mk = fscrypt_find_master_key(sb, &arg.key_spec);
1212
	if (!mk) {
1213
		arg.status = FSCRYPT_KEY_STATUS_ABSENT;
1214
		err = 0;
1215
		goto out;
1216
	}
1217
	down_read(&mk->mk_sem);
1218

1219
	if (!mk->mk_present) {
1220
		arg.status = refcount_read(&mk->mk_active_refs) > 0 ?
1221
			FSCRYPT_KEY_STATUS_INCOMPLETELY_REMOVED :
1222
			FSCRYPT_KEY_STATUS_ABSENT /* raced with full removal */;
1223
		err = 0;
1224
		goto out_release_key;
1225
	}
1226

1227
	arg.status = FSCRYPT_KEY_STATUS_PRESENT;
1228
	if (mk->mk_users) {
1229
		struct key *mk_user;
1230

1231
		arg.user_count = mk->mk_users->keys.nr_leaves_on_tree;
1232
		mk_user = find_master_key_user(mk);
1233
		if (!IS_ERR(mk_user)) {
1234
			arg.status_flags |=
1235
				FSCRYPT_KEY_STATUS_FLAG_ADDED_BY_SELF;
1236
			key_put(mk_user);
1237
		} else if (mk_user != ERR_PTR(-ENOKEY)) {
1238
			err = PTR_ERR(mk_user);
1239
			goto out_release_key;
1240
		}
1241
	}
1242
	err = 0;
1243
out_release_key:
1244
	up_read(&mk->mk_sem);
1245
	fscrypt_put_master_key(mk);
1246
out:
1247
	if (!err && copy_to_user(uarg, &arg, sizeof(arg)))
1248
		err = -EFAULT;
1249
	return err;
1250
}
1251
EXPORT_SYMBOL_GPL(fscrypt_ioctl_get_key_status);
1252

1253
int __init fscrypt_init_keyring(void)
1254
{
1255
	int err;
1256

1257
	err = register_key_type(&key_type_fscrypt_user);
1258
	if (err)
1259
		return err;
1260

1261
	err = register_key_type(&key_type_fscrypt_provisioning);
1262
	if (err)
1263
		goto err_unregister_fscrypt_user;
1264

1265
	return 0;
1266

1267
err_unregister_fscrypt_user:
1268
	unregister_key_type(&key_type_fscrypt_user);
1269
	return err;
1270
}
1271

1272