keyring.c 38 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * Filesystem-level keyring for fscrypt
  4. *
  5. * Copyright 2019 Google LLC
  6. */
  7. /*
  8. * This file implements management of fscrypt master keys in the
  9. * filesystem-level keyring, including the ioctls:
  10. *
  11. * - FS_IOC_ADD_ENCRYPTION_KEY
  12. * - FS_IOC_REMOVE_ENCRYPTION_KEY
  13. * - FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS
  14. * - FS_IOC_GET_ENCRYPTION_KEY_STATUS
  15. *
  16. * See the "User API" section of Documentation/filesystems/fscrypt.rst for more
  17. * information about these ioctls.
  18. */
  19. #include <crypto/skcipher.h>
  20. #include <linux/export.h>
  21. #include <linux/key-type.h>
  22. #include <linux/once.h>
  23. #include <linux/random.h>
  24. #include <linux/seq_file.h>
  25. #include <linux/unaligned.h>
  26. #include "fscrypt_private.h"
  27. /* The master encryption keys for a filesystem (->s_master_keys) */
  28. struct fscrypt_keyring {
  29. /*
  30. * Lock that protects ->key_hashtable. It does *not* protect the
  31. * fscrypt_master_key structs themselves.
  32. */
  33. spinlock_t lock;
  34. /* Hash table that maps fscrypt_key_specifier to fscrypt_master_key */
  35. struct hlist_head key_hashtable[128];
  36. };
  37. static void wipe_master_key_secret(struct fscrypt_master_key_secret *secret)
  38. {
  39. memzero_explicit(secret, sizeof(*secret));
  40. }
  41. static void move_master_key_secret(struct fscrypt_master_key_secret *dst,
  42. struct fscrypt_master_key_secret *src)
  43. {
  44. memcpy(dst, src, sizeof(*dst));
  45. memzero_explicit(src, sizeof(*src));
  46. }
  47. static void fscrypt_free_master_key(struct rcu_head *head)
  48. {
  49. struct fscrypt_master_key *mk =
  50. container_of(head, struct fscrypt_master_key, mk_rcu_head);
  51. /*
  52. * The master key secret and any embedded subkeys should have already
  53. * been wiped when the last active reference to the fscrypt_master_key
  54. * struct was dropped; doing it here would be unnecessarily late.
  55. * Nevertheless, use kfree_sensitive() in case anything was missed.
  56. */
  57. kfree_sensitive(mk);
  58. }
  59. void fscrypt_put_master_key(struct fscrypt_master_key *mk)
  60. {
  61. if (!refcount_dec_and_test(&mk->mk_struct_refs))
  62. return;
  63. /*
  64. * No structural references left, so free ->mk_users, and also free the
  65. * fscrypt_master_key struct itself after an RCU grace period ensures
  66. * that concurrent keyring lookups can no longer find it.
  67. */
  68. WARN_ON_ONCE(refcount_read(&mk->mk_active_refs) != 0);
  69. if (mk->mk_users) {
  70. /* Clear the keyring so the quota gets released right away. */
  71. keyring_clear(mk->mk_users);
  72. key_put(mk->mk_users);
  73. mk->mk_users = NULL;
  74. }
  75. call_rcu(&mk->mk_rcu_head, fscrypt_free_master_key);
  76. }
  77. void fscrypt_put_master_key_activeref(struct super_block *sb,
  78. struct fscrypt_master_key *mk)
  79. {
  80. size_t i;
  81. if (!refcount_dec_and_test(&mk->mk_active_refs))
  82. return;
  83. /*
  84. * No active references left, so complete the full removal of this
  85. * fscrypt_master_key struct by removing it from the keyring and
  86. * destroying any subkeys embedded in it.
  87. */
  88. if (WARN_ON_ONCE(!sb->s_master_keys))
  89. return;
  90. spin_lock(&sb->s_master_keys->lock);
  91. hlist_del_rcu(&mk->mk_node);
  92. spin_unlock(&sb->s_master_keys->lock);
  93. /*
  94. * ->mk_active_refs == 0 implies that ->mk_present is false and
  95. * ->mk_decrypted_inodes is empty.
  96. */
  97. WARN_ON_ONCE(mk->mk_present);
  98. WARN_ON_ONCE(!list_empty(&mk->mk_decrypted_inodes));
  99. for (i = 0; i <= FSCRYPT_MODE_MAX; i++) {
  100. fscrypt_destroy_prepared_key(
  101. sb, &mk->mk_direct_keys[i]);
  102. fscrypt_destroy_prepared_key(
  103. sb, &mk->mk_iv_ino_lblk_64_keys[i]);
  104. fscrypt_destroy_prepared_key(
  105. sb, &mk->mk_iv_ino_lblk_32_keys[i]);
  106. }
  107. memzero_explicit(&mk->mk_ino_hash_key,
  108. sizeof(mk->mk_ino_hash_key));
  109. mk->mk_ino_hash_key_initialized = false;
  110. /* Drop the structural ref associated with the active refs. */
  111. fscrypt_put_master_key(mk);
  112. }
  113. /*
  114. * This transitions the key state from present to incompletely removed, and then
  115. * potentially to absent (depending on whether inodes remain).
  116. */
  117. static void fscrypt_initiate_key_removal(struct super_block *sb,
  118. struct fscrypt_master_key *mk)
  119. {
  120. WRITE_ONCE(mk->mk_present, false);
  121. wipe_master_key_secret(&mk->mk_secret);
  122. fscrypt_put_master_key_activeref(sb, mk);
  123. }
  124. static inline bool valid_key_spec(const struct fscrypt_key_specifier *spec)
  125. {
  126. if (spec->__reserved)
  127. return false;
  128. return master_key_spec_len(spec) != 0;
  129. }
  130. static int fscrypt_user_key_instantiate(struct key *key,
  131. struct key_preparsed_payload *prep)
  132. {
  133. /*
  134. * We just charge FSCRYPT_MAX_RAW_KEY_SIZE bytes to the user's key quota
  135. * for each key, regardless of the exact key size. The amount of memory
  136. * actually used is greater than the size of the raw key anyway.
  137. */
  138. return key_payload_reserve(key, FSCRYPT_MAX_RAW_KEY_SIZE);
  139. }
  140. static void fscrypt_user_key_describe(const struct key *key, struct seq_file *m)
  141. {
  142. seq_puts(m, key->description);
  143. }
  144. /*
  145. * Type of key in ->mk_users. Each key of this type represents a particular
  146. * user who has added a particular master key.
  147. *
  148. * Note that the name of this key type really should be something like
  149. * ".fscrypt-user" instead of simply ".fscrypt". But the shorter name is chosen
  150. * mainly for simplicity of presentation in /proc/keys when read by a non-root
  151. * user. And it is expected to be rare that a key is actually added by multiple
  152. * users, since users should keep their encryption keys confidential.
  153. */
  154. static struct key_type key_type_fscrypt_user = {
  155. .name = ".fscrypt",
  156. .instantiate = fscrypt_user_key_instantiate,
  157. .describe = fscrypt_user_key_describe,
  158. };
  159. #define FSCRYPT_MK_USERS_DESCRIPTION_SIZE \
  160. (CONST_STRLEN("fscrypt-") + 2 * FSCRYPT_KEY_IDENTIFIER_SIZE + \
  161. CONST_STRLEN("-users") + 1)
  162. #define FSCRYPT_MK_USER_DESCRIPTION_SIZE \
  163. (2 * FSCRYPT_KEY_IDENTIFIER_SIZE + CONST_STRLEN(".uid.") + 10 + 1)
  164. static void format_mk_users_keyring_description(
  165. char description[FSCRYPT_MK_USERS_DESCRIPTION_SIZE],
  166. const u8 mk_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE])
  167. {
  168. sprintf(description, "fscrypt-%*phN-users",
  169. FSCRYPT_KEY_IDENTIFIER_SIZE, mk_identifier);
  170. }
  171. static void format_mk_user_description(
  172. char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE],
  173. const u8 mk_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE])
  174. {
  175. sprintf(description, "%*phN.uid.%u", FSCRYPT_KEY_IDENTIFIER_SIZE,
  176. mk_identifier, __kuid_val(current_fsuid()));
  177. }
  178. /* Create ->s_master_keys if needed. Synchronized by fscrypt_add_key_mutex. */
  179. static int allocate_filesystem_keyring(struct super_block *sb)
  180. {
  181. struct fscrypt_keyring *keyring;
  182. if (sb->s_master_keys)
  183. return 0;
  184. keyring = kzalloc_obj(*keyring);
  185. if (!keyring)
  186. return -ENOMEM;
  187. spin_lock_init(&keyring->lock);
  188. /*
  189. * Pairs with the smp_load_acquire() in fscrypt_find_master_key().
  190. * I.e., here we publish ->s_master_keys with a RELEASE barrier so that
  191. * concurrent tasks can ACQUIRE it.
  192. */
  193. smp_store_release(&sb->s_master_keys, keyring);
  194. return 0;
  195. }
  196. /*
  197. * Release all encryption keys that have been added to the filesystem, along
  198. * with the keyring that contains them.
  199. *
  200. * This is called at unmount time, after all potentially-encrypted inodes have
  201. * been evicted. The filesystem's underlying block device(s) are still
  202. * available at this time; this is important because after user file accesses
  203. * have been allowed, this function may need to evict keys from the keyslots of
  204. * an inline crypto engine, which requires the block device(s).
  205. */
  206. void fscrypt_destroy_keyring(struct super_block *sb)
  207. {
  208. struct fscrypt_keyring *keyring = sb->s_master_keys;
  209. size_t i;
  210. if (!keyring)
  211. return;
  212. for (i = 0; i < ARRAY_SIZE(keyring->key_hashtable); i++) {
  213. struct hlist_head *bucket = &keyring->key_hashtable[i];
  214. struct fscrypt_master_key *mk;
  215. struct hlist_node *tmp;
  216. hlist_for_each_entry_safe(mk, tmp, bucket, mk_node) {
  217. /*
  218. * Since all potentially-encrypted inodes were already
  219. * evicted, every key remaining in the keyring should
  220. * have an empty inode list, and should only still be in
  221. * the keyring due to the single active ref associated
  222. * with ->mk_present. There should be no structural
  223. * refs beyond the one associated with the active ref.
  224. */
  225. WARN_ON_ONCE(refcount_read(&mk->mk_active_refs) != 1);
  226. WARN_ON_ONCE(refcount_read(&mk->mk_struct_refs) != 1);
  227. WARN_ON_ONCE(!mk->mk_present);
  228. fscrypt_initiate_key_removal(sb, mk);
  229. }
  230. }
  231. kfree_sensitive(keyring);
  232. sb->s_master_keys = NULL;
  233. }
  234. static struct hlist_head *
  235. fscrypt_mk_hash_bucket(struct fscrypt_keyring *keyring,
  236. const struct fscrypt_key_specifier *mk_spec)
  237. {
  238. /*
  239. * Since key specifiers should be "random" values, it is sufficient to
  240. * use a trivial hash function that just takes the first several bits of
  241. * the key specifier.
  242. */
  243. unsigned long i = get_unaligned((unsigned long *)&mk_spec->u);
  244. return &keyring->key_hashtable[i % ARRAY_SIZE(keyring->key_hashtable)];
  245. }
  246. /*
  247. * Find the specified master key struct in ->s_master_keys and take a structural
  248. * ref to it. The structural ref guarantees that the key struct continues to
  249. * exist, but it does *not* guarantee that ->s_master_keys continues to contain
  250. * the key struct. The structural ref needs to be dropped by
  251. * fscrypt_put_master_key(). Returns NULL if the key struct is not found.
  252. */
  253. struct fscrypt_master_key *
  254. fscrypt_find_master_key(struct super_block *sb,
  255. const struct fscrypt_key_specifier *mk_spec)
  256. {
  257. struct fscrypt_keyring *keyring;
  258. struct hlist_head *bucket;
  259. struct fscrypt_master_key *mk;
  260. /*
  261. * Pairs with the smp_store_release() in allocate_filesystem_keyring().
  262. * I.e., another task can publish ->s_master_keys concurrently,
  263. * executing a RELEASE barrier. We need to use smp_load_acquire() here
  264. * to safely ACQUIRE the memory the other task published.
  265. */
  266. keyring = smp_load_acquire(&sb->s_master_keys);
  267. if (keyring == NULL)
  268. return NULL; /* No keyring yet, so no keys yet. */
  269. bucket = fscrypt_mk_hash_bucket(keyring, mk_spec);
  270. rcu_read_lock();
  271. switch (mk_spec->type) {
  272. case FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR:
  273. hlist_for_each_entry_rcu(mk, bucket, mk_node) {
  274. if (mk->mk_spec.type ==
  275. FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR &&
  276. memcmp(mk->mk_spec.u.descriptor,
  277. mk_spec->u.descriptor,
  278. FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 &&
  279. refcount_inc_not_zero(&mk->mk_struct_refs))
  280. goto out;
  281. }
  282. break;
  283. case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER:
  284. hlist_for_each_entry_rcu(mk, bucket, mk_node) {
  285. if (mk->mk_spec.type ==
  286. FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER &&
  287. memcmp(mk->mk_spec.u.identifier,
  288. mk_spec->u.identifier,
  289. FSCRYPT_KEY_IDENTIFIER_SIZE) == 0 &&
  290. refcount_inc_not_zero(&mk->mk_struct_refs))
  291. goto out;
  292. }
  293. break;
  294. }
  295. mk = NULL;
  296. out:
  297. rcu_read_unlock();
  298. return mk;
  299. }
  300. static int allocate_master_key_users_keyring(struct fscrypt_master_key *mk)
  301. {
  302. char description[FSCRYPT_MK_USERS_DESCRIPTION_SIZE];
  303. struct key *keyring;
  304. format_mk_users_keyring_description(description,
  305. mk->mk_spec.u.identifier);
  306. keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
  307. current_cred(), KEY_POS_SEARCH |
  308. KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW,
  309. KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
  310. if (IS_ERR(keyring))
  311. return PTR_ERR(keyring);
  312. mk->mk_users = keyring;
  313. return 0;
  314. }
  315. /*
  316. * Find the current user's "key" in the master key's ->mk_users.
  317. * Returns ERR_PTR(-ENOKEY) if not found.
  318. */
  319. static struct key *find_master_key_user(struct fscrypt_master_key *mk)
  320. {
  321. char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE];
  322. key_ref_t keyref;
  323. format_mk_user_description(description, mk->mk_spec.u.identifier);
  324. /*
  325. * We need to mark the keyring reference as "possessed" so that we
  326. * acquire permission to search it, via the KEY_POS_SEARCH permission.
  327. */
  328. keyref = keyring_search(make_key_ref(mk->mk_users, true /*possessed*/),
  329. &key_type_fscrypt_user, description, false);
  330. if (IS_ERR(keyref)) {
  331. if (PTR_ERR(keyref) == -EAGAIN || /* not found */
  332. PTR_ERR(keyref) == -EKEYREVOKED) /* recently invalidated */
  333. keyref = ERR_PTR(-ENOKEY);
  334. return ERR_CAST(keyref);
  335. }
  336. return key_ref_to_ptr(keyref);
  337. }
  338. /*
  339. * Give the current user a "key" in ->mk_users. This charges the user's quota
  340. * and marks the master key as added by the current user, so that it cannot be
  341. * removed by another user with the key. Either ->mk_sem must be held for
  342. * write, or the master key must be still undergoing initialization.
  343. */
  344. static int add_master_key_user(struct fscrypt_master_key *mk)
  345. {
  346. char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE];
  347. struct key *mk_user;
  348. int err;
  349. format_mk_user_description(description, mk->mk_spec.u.identifier);
  350. mk_user = key_alloc(&key_type_fscrypt_user, description,
  351. current_fsuid(), current_gid(), current_cred(),
  352. KEY_POS_SEARCH | KEY_USR_VIEW, 0, NULL);
  353. if (IS_ERR(mk_user))
  354. return PTR_ERR(mk_user);
  355. err = key_instantiate_and_link(mk_user, NULL, 0, mk->mk_users, NULL);
  356. key_put(mk_user);
  357. return err;
  358. }
  359. /*
  360. * Remove the current user's "key" from ->mk_users.
  361. * ->mk_sem must be held for write.
  362. *
  363. * Returns 0 if removed, -ENOKEY if not found, or another -errno code.
  364. */
  365. static int remove_master_key_user(struct fscrypt_master_key *mk)
  366. {
  367. struct key *mk_user;
  368. int err;
  369. mk_user = find_master_key_user(mk);
  370. if (IS_ERR(mk_user))
  371. return PTR_ERR(mk_user);
  372. err = key_unlink(mk->mk_users, mk_user);
  373. key_put(mk_user);
  374. return err;
  375. }
  376. /*
  377. * Allocate a new fscrypt_master_key, transfer the given secret over to it, and
  378. * insert it into sb->s_master_keys.
  379. */
  380. static int add_new_master_key(struct super_block *sb,
  381. struct fscrypt_master_key_secret *secret,
  382. const struct fscrypt_key_specifier *mk_spec)
  383. {
  384. struct fscrypt_keyring *keyring = sb->s_master_keys;
  385. struct fscrypt_master_key *mk;
  386. int err;
  387. mk = kzalloc_obj(*mk);
  388. if (!mk)
  389. return -ENOMEM;
  390. init_rwsem(&mk->mk_sem);
  391. refcount_set(&mk->mk_struct_refs, 1);
  392. mk->mk_spec = *mk_spec;
  393. INIT_LIST_HEAD(&mk->mk_decrypted_inodes);
  394. spin_lock_init(&mk->mk_decrypted_inodes_lock);
  395. if (mk_spec->type == FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER) {
  396. err = allocate_master_key_users_keyring(mk);
  397. if (err)
  398. goto out_put;
  399. err = add_master_key_user(mk);
  400. if (err)
  401. goto out_put;
  402. }
  403. move_master_key_secret(&mk->mk_secret, secret);
  404. mk->mk_present = true;
  405. refcount_set(&mk->mk_active_refs, 1); /* ->mk_present is true */
  406. spin_lock(&keyring->lock);
  407. hlist_add_head_rcu(&mk->mk_node,
  408. fscrypt_mk_hash_bucket(keyring, mk_spec));
  409. spin_unlock(&keyring->lock);
  410. return 0;
  411. out_put:
  412. fscrypt_put_master_key(mk);
  413. return err;
  414. }
  415. #define KEY_DEAD 1
  416. static int add_existing_master_key(struct fscrypt_master_key *mk,
  417. struct fscrypt_master_key_secret *secret)
  418. {
  419. int err;
  420. /*
  421. * If the current user is already in ->mk_users, then there's nothing to
  422. * do. Otherwise, we need to add the user to ->mk_users. (Neither is
  423. * applicable for v1 policy keys, which have NULL ->mk_users.)
  424. */
  425. if (mk->mk_users) {
  426. struct key *mk_user = find_master_key_user(mk);
  427. if (mk_user != ERR_PTR(-ENOKEY)) {
  428. if (IS_ERR(mk_user))
  429. return PTR_ERR(mk_user);
  430. key_put(mk_user);
  431. return 0;
  432. }
  433. err = add_master_key_user(mk);
  434. if (err)
  435. return err;
  436. }
  437. /* If the key is incompletely removed, make it present again. */
  438. if (!mk->mk_present) {
  439. if (!refcount_inc_not_zero(&mk->mk_active_refs)) {
  440. /*
  441. * Raced with the last active ref being dropped, so the
  442. * key has become, or is about to become, "absent".
  443. * Therefore, we need to allocate a new key struct.
  444. */
  445. return KEY_DEAD;
  446. }
  447. move_master_key_secret(&mk->mk_secret, secret);
  448. WRITE_ONCE(mk->mk_present, true);
  449. }
  450. return 0;
  451. }
  452. static int do_add_master_key(struct super_block *sb,
  453. struct fscrypt_master_key_secret *secret,
  454. const struct fscrypt_key_specifier *mk_spec)
  455. {
  456. static DEFINE_MUTEX(fscrypt_add_key_mutex);
  457. struct fscrypt_master_key *mk;
  458. int err;
  459. mutex_lock(&fscrypt_add_key_mutex); /* serialize find + link */
  460. mk = fscrypt_find_master_key(sb, mk_spec);
  461. if (!mk) {
  462. /* Didn't find the key in ->s_master_keys. Add it. */
  463. err = allocate_filesystem_keyring(sb);
  464. if (!err)
  465. err = add_new_master_key(sb, secret, mk_spec);
  466. } else {
  467. /*
  468. * Found the key in ->s_master_keys. Add the user to ->mk_users
  469. * if needed, and make the key "present" again if possible.
  470. */
  471. down_write(&mk->mk_sem);
  472. err = add_existing_master_key(mk, secret);
  473. up_write(&mk->mk_sem);
  474. if (err == KEY_DEAD) {
  475. /*
  476. * We found a key struct, but it's already been fully
  477. * removed. Ignore the old struct and add a new one.
  478. * fscrypt_add_key_mutex means we don't need to worry
  479. * about concurrent adds.
  480. */
  481. err = add_new_master_key(sb, secret, mk_spec);
  482. }
  483. fscrypt_put_master_key(mk);
  484. }
  485. mutex_unlock(&fscrypt_add_key_mutex);
  486. return err;
  487. }
  488. static int add_master_key(struct super_block *sb,
  489. struct fscrypt_master_key_secret *secret,
  490. struct fscrypt_key_specifier *key_spec)
  491. {
  492. int err;
  493. if (key_spec->type == FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER) {
  494. u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE];
  495. u8 *kdf_key = secret->bytes;
  496. unsigned int kdf_key_size = secret->size;
  497. u8 keyid_kdf_ctx = HKDF_CONTEXT_KEY_IDENTIFIER_FOR_RAW_KEY;
  498. /*
  499. * For raw keys, the fscrypt master key is used directly as the
  500. * fscrypt KDF key. For hardware-wrapped keys, we have to pass
  501. * the master key to the hardware to derive the KDF key, which
  502. * is then only used to derive non-file-contents subkeys.
  503. */
  504. if (secret->is_hw_wrapped) {
  505. err = fscrypt_derive_sw_secret(sb, secret->bytes,
  506. secret->size, sw_secret);
  507. if (err)
  508. return err;
  509. kdf_key = sw_secret;
  510. kdf_key_size = sizeof(sw_secret);
  511. /*
  512. * To avoid weird behavior if someone manages to
  513. * determine sw_secret and add it as a raw key, ensure
  514. * that hardware-wrapped keys and raw keys will have
  515. * different key identifiers by deriving their key
  516. * identifiers using different KDF contexts.
  517. */
  518. keyid_kdf_ctx =
  519. HKDF_CONTEXT_KEY_IDENTIFIER_FOR_HW_WRAPPED_KEY;
  520. }
  521. fscrypt_init_hkdf(&secret->hkdf, kdf_key, kdf_key_size);
  522. /*
  523. * Now that the KDF context is initialized, the raw KDF key is
  524. * no longer needed.
  525. */
  526. memzero_explicit(kdf_key, kdf_key_size);
  527. /* Calculate the key identifier */
  528. fscrypt_hkdf_expand(&secret->hkdf, keyid_kdf_ctx, NULL, 0,
  529. key_spec->u.identifier,
  530. FSCRYPT_KEY_IDENTIFIER_SIZE);
  531. }
  532. return do_add_master_key(sb, secret, key_spec);
  533. }
  534. /*
  535. * Validate the size of an fscrypt master key being added. Note that this is
  536. * just an initial check, as we don't know which ciphers will be used yet.
  537. * There is a stricter size check later when the key is actually used by a file.
  538. */
  539. static inline bool fscrypt_valid_key_size(size_t size, u32 add_key_flags)
  540. {
  541. u32 max_size = (add_key_flags & FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED) ?
  542. FSCRYPT_MAX_HW_WRAPPED_KEY_SIZE :
  543. FSCRYPT_MAX_RAW_KEY_SIZE;
  544. return size >= FSCRYPT_MIN_KEY_SIZE && size <= max_size;
  545. }
  546. static int fscrypt_provisioning_key_preparse(struct key_preparsed_payload *prep)
  547. {
  548. const struct fscrypt_provisioning_key_payload *payload = prep->data;
  549. if (prep->datalen < sizeof(*payload))
  550. return -EINVAL;
  551. if (!fscrypt_valid_key_size(prep->datalen - sizeof(*payload),
  552. payload->flags))
  553. return -EINVAL;
  554. if (payload->type != FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR &&
  555. payload->type != FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER)
  556. return -EINVAL;
  557. if (payload->flags & ~FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED)
  558. return -EINVAL;
  559. prep->payload.data[0] = kmemdup(payload, prep->datalen, GFP_KERNEL);
  560. if (!prep->payload.data[0])
  561. return -ENOMEM;
  562. prep->quotalen = prep->datalen;
  563. return 0;
  564. }
  565. static void fscrypt_provisioning_key_free_preparse(
  566. struct key_preparsed_payload *prep)
  567. {
  568. kfree_sensitive(prep->payload.data[0]);
  569. }
  570. static void fscrypt_provisioning_key_describe(const struct key *key,
  571. struct seq_file *m)
  572. {
  573. seq_puts(m, key->description);
  574. if (key_is_positive(key)) {
  575. const struct fscrypt_provisioning_key_payload *payload =
  576. key->payload.data[0];
  577. seq_printf(m, ": %u [%u]", key->datalen, payload->type);
  578. }
  579. }
  580. static void fscrypt_provisioning_key_destroy(struct key *key)
  581. {
  582. kfree_sensitive(key->payload.data[0]);
  583. }
  584. static struct key_type key_type_fscrypt_provisioning = {
  585. .name = "fscrypt-provisioning",
  586. .preparse = fscrypt_provisioning_key_preparse,
  587. .free_preparse = fscrypt_provisioning_key_free_preparse,
  588. .instantiate = generic_key_instantiate,
  589. .describe = fscrypt_provisioning_key_describe,
  590. .destroy = fscrypt_provisioning_key_destroy,
  591. };
  592. /*
  593. * Retrieve the key from the Linux keyring key specified by 'key_id', and store
  594. * it into 'secret'.
  595. *
  596. * The key must be of type "fscrypt-provisioning" and must have the 'type' and
  597. * 'flags' field of the payload set to the given values, indicating that the key
  598. * is intended for use for the specified purpose. We don't use the "logon" key
  599. * type because there's no way to completely restrict the use of such keys; they
  600. * can be used by any kernel API that accepts "logon" keys and doesn't require a
  601. * specific service prefix.
  602. *
  603. * The ability to specify the key via Linux keyring key is intended for cases
  604. * where userspace needs to re-add keys after the filesystem is unmounted and
  605. * re-mounted. Most users should just provide the key directly instead.
  606. */
  607. static int get_keyring_key(u32 key_id, u32 type, u32 flags,
  608. struct fscrypt_master_key_secret *secret)
  609. {
  610. key_ref_t ref;
  611. struct key *key;
  612. const struct fscrypt_provisioning_key_payload *payload;
  613. int err;
  614. ref = lookup_user_key(key_id, 0, KEY_NEED_SEARCH);
  615. if (IS_ERR(ref))
  616. return PTR_ERR(ref);
  617. key = key_ref_to_ptr(ref);
  618. if (key->type != &key_type_fscrypt_provisioning)
  619. goto bad_key;
  620. payload = key->payload.data[0];
  621. /*
  622. * Don't allow fscrypt v1 keys to be used as v2 keys and vice versa.
  623. * Similarly, don't allow hardware-wrapped keys to be used as
  624. * non-hardware-wrapped keys and vice versa.
  625. */
  626. if (payload->type != type || payload->flags != flags)
  627. goto bad_key;
  628. secret->size = key->datalen - sizeof(*payload);
  629. memcpy(secret->bytes, payload->raw, secret->size);
  630. err = 0;
  631. goto out_put;
  632. bad_key:
  633. err = -EKEYREJECTED;
  634. out_put:
  635. key_ref_put(ref);
  636. return err;
  637. }
  638. /*
  639. * Add a master encryption key to the filesystem, causing all files which were
  640. * encrypted with it to appear "unlocked" (decrypted) when accessed.
  641. *
  642. * When adding a key for use by v1 encryption policies, this ioctl is
  643. * privileged, and userspace must provide the 'key_descriptor'.
  644. *
  645. * When adding a key for use by v2+ encryption policies, this ioctl is
  646. * unprivileged. This is needed, in general, to allow non-root users to use
  647. * encryption without encountering the visibility problems of process-subscribed
  648. * keyrings and the inability to properly remove keys. This works by having
  649. * each key identified by its cryptographically secure hash --- the
  650. * 'key_identifier'. The cryptographic hash ensures that a malicious user
  651. * cannot add the wrong key for a given identifier. Furthermore, each added key
  652. * is charged to the appropriate user's quota for the keyrings service, which
  653. * prevents a malicious user from adding too many keys. Finally, we forbid a
  654. * user from removing a key while other users have added it too, which prevents
  655. * a user who knows another user's key from causing a denial-of-service by
  656. * removing it at an inopportune time. (We tolerate that a user who knows a key
  657. * can prevent other users from removing it.)
  658. *
  659. * For more details, see the "FS_IOC_ADD_ENCRYPTION_KEY" section of
  660. * Documentation/filesystems/fscrypt.rst.
  661. */
  662. int fscrypt_ioctl_add_key(struct file *filp, void __user *_uarg)
  663. {
  664. struct super_block *sb = file_inode(filp)->i_sb;
  665. struct fscrypt_add_key_arg __user *uarg = _uarg;
  666. struct fscrypt_add_key_arg arg;
  667. struct fscrypt_master_key_secret secret;
  668. int err;
  669. if (copy_from_user(&arg, uarg, sizeof(arg)))
  670. return -EFAULT;
  671. if (!valid_key_spec(&arg.key_spec))
  672. return -EINVAL;
  673. if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved)))
  674. return -EINVAL;
  675. /*
  676. * Only root can add keys that are identified by an arbitrary descriptor
  677. * rather than by a cryptographic hash --- since otherwise a malicious
  678. * user could add the wrong key.
  679. */
  680. if (arg.key_spec.type == FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR &&
  681. !capable(CAP_SYS_ADMIN))
  682. return -EACCES;
  683. memset(&secret, 0, sizeof(secret));
  684. if (arg.flags) {
  685. if (arg.flags & ~FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED)
  686. return -EINVAL;
  687. if (arg.key_spec.type != FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER)
  688. return -EINVAL;
  689. secret.is_hw_wrapped = true;
  690. }
  691. if (arg.key_id) {
  692. if (arg.raw_size != 0)
  693. return -EINVAL;
  694. err = get_keyring_key(arg.key_id, arg.key_spec.type, arg.flags,
  695. &secret);
  696. if (err)
  697. goto out_wipe_secret;
  698. } else {
  699. if (!fscrypt_valid_key_size(arg.raw_size, arg.flags))
  700. return -EINVAL;
  701. secret.size = arg.raw_size;
  702. err = -EFAULT;
  703. if (copy_from_user(secret.bytes, uarg->raw, secret.size))
  704. goto out_wipe_secret;
  705. }
  706. err = add_master_key(sb, &secret, &arg.key_spec);
  707. if (err)
  708. goto out_wipe_secret;
  709. /* Return the key identifier to userspace, if applicable */
  710. err = -EFAULT;
  711. if (arg.key_spec.type == FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER &&
  712. copy_to_user(uarg->key_spec.u.identifier, arg.key_spec.u.identifier,
  713. FSCRYPT_KEY_IDENTIFIER_SIZE))
  714. goto out_wipe_secret;
  715. err = 0;
  716. out_wipe_secret:
  717. wipe_master_key_secret(&secret);
  718. return err;
  719. }
  720. EXPORT_SYMBOL_GPL(fscrypt_ioctl_add_key);
  721. static void
  722. fscrypt_get_test_dummy_secret(struct fscrypt_master_key_secret *secret)
  723. {
  724. static u8 test_key[FSCRYPT_MAX_RAW_KEY_SIZE];
  725. get_random_once(test_key, sizeof(test_key));
  726. memset(secret, 0, sizeof(*secret));
  727. secret->size = sizeof(test_key);
  728. memcpy(secret->bytes, test_key, sizeof(test_key));
  729. }
  730. void fscrypt_get_test_dummy_key_identifier(
  731. u8 key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE])
  732. {
  733. struct fscrypt_master_key_secret secret;
  734. fscrypt_get_test_dummy_secret(&secret);
  735. fscrypt_init_hkdf(&secret.hkdf, secret.bytes, secret.size);
  736. fscrypt_hkdf_expand(&secret.hkdf,
  737. HKDF_CONTEXT_KEY_IDENTIFIER_FOR_RAW_KEY, NULL, 0,
  738. key_identifier, FSCRYPT_KEY_IDENTIFIER_SIZE);
  739. wipe_master_key_secret(&secret);
  740. }
  741. /**
  742. * fscrypt_add_test_dummy_key() - add the test dummy encryption key
  743. * @sb: the filesystem instance to add the key to
  744. * @key_spec: the key specifier of the test dummy encryption key
  745. *
  746. * Add the key for the test_dummy_encryption mount option to the filesystem. To
  747. * prevent misuse of this mount option, a per-boot random key is used instead of
  748. * a hardcoded one. This makes it so that any encrypted files created using
  749. * this option won't be accessible after a reboot.
  750. *
  751. * Return: 0 on success, -errno on failure
  752. */
  753. int fscrypt_add_test_dummy_key(struct super_block *sb,
  754. struct fscrypt_key_specifier *key_spec)
  755. {
  756. struct fscrypt_master_key_secret secret;
  757. int err;
  758. fscrypt_get_test_dummy_secret(&secret);
  759. err = add_master_key(sb, &secret, key_spec);
  760. wipe_master_key_secret(&secret);
  761. return err;
  762. }
  763. /*
  764. * Verify that the current user has added a master key with the given identifier
  765. * (returns -ENOKEY if not). This is needed to prevent a user from encrypting
  766. * their files using some other user's key which they don't actually know.
  767. * Cryptographically this isn't much of a problem, but the semantics of this
  768. * would be a bit weird, so it's best to just forbid it.
  769. *
  770. * The system administrator (CAP_FOWNER) can override this, which should be
  771. * enough for any use cases where encryption policies are being set using keys
  772. * that were chosen ahead of time but aren't available at the moment.
  773. *
  774. * Note that the key may have already removed by the time this returns, but
  775. * that's okay; we just care whether the key was there at some point.
  776. *
  777. * Return: 0 if the key is added, -ENOKEY if it isn't, or another -errno code
  778. */
  779. int fscrypt_verify_key_added(struct super_block *sb,
  780. const u8 identifier[FSCRYPT_KEY_IDENTIFIER_SIZE])
  781. {
  782. struct fscrypt_key_specifier mk_spec;
  783. struct fscrypt_master_key *mk;
  784. struct key *mk_user;
  785. int err;
  786. mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER;
  787. memcpy(mk_spec.u.identifier, identifier, FSCRYPT_KEY_IDENTIFIER_SIZE);
  788. mk = fscrypt_find_master_key(sb, &mk_spec);
  789. if (!mk) {
  790. err = -ENOKEY;
  791. goto out;
  792. }
  793. down_read(&mk->mk_sem);
  794. mk_user = find_master_key_user(mk);
  795. if (IS_ERR(mk_user)) {
  796. err = PTR_ERR(mk_user);
  797. } else {
  798. key_put(mk_user);
  799. err = 0;
  800. }
  801. up_read(&mk->mk_sem);
  802. fscrypt_put_master_key(mk);
  803. out:
  804. if (err == -ENOKEY && capable(CAP_FOWNER))
  805. err = 0;
  806. return err;
  807. }
  808. /*
  809. * Try to evict the inode's dentries from the dentry cache. If the inode is a
  810. * directory, then it can have at most one dentry; however, that dentry may be
  811. * pinned by child dentries, so first try to evict the children too.
  812. */
  813. static void shrink_dcache_inode(struct inode *inode)
  814. {
  815. struct dentry *dentry;
  816. if (S_ISDIR(inode->i_mode)) {
  817. dentry = d_find_any_alias(inode);
  818. if (dentry) {
  819. shrink_dcache_parent(dentry);
  820. dput(dentry);
  821. }
  822. }
  823. d_prune_aliases(inode);
  824. }
  825. static void evict_dentries_for_decrypted_inodes(struct fscrypt_master_key *mk)
  826. {
  827. struct fscrypt_inode_info *ci;
  828. struct inode *inode;
  829. struct inode *toput_inode = NULL;
  830. spin_lock(&mk->mk_decrypted_inodes_lock);
  831. list_for_each_entry(ci, &mk->mk_decrypted_inodes, ci_master_key_link) {
  832. inode = ci->ci_inode;
  833. spin_lock(&inode->i_lock);
  834. if (inode_state_read(inode) & (I_FREEING | I_WILL_FREE | I_NEW)) {
  835. spin_unlock(&inode->i_lock);
  836. continue;
  837. }
  838. __iget(inode);
  839. spin_unlock(&inode->i_lock);
  840. spin_unlock(&mk->mk_decrypted_inodes_lock);
  841. shrink_dcache_inode(inode);
  842. iput(toput_inode);
  843. toput_inode = inode;
  844. spin_lock(&mk->mk_decrypted_inodes_lock);
  845. }
  846. spin_unlock(&mk->mk_decrypted_inodes_lock);
  847. iput(toput_inode);
  848. }
  849. static int check_for_busy_inodes(struct super_block *sb,
  850. struct fscrypt_master_key *mk)
  851. {
  852. struct list_head *pos;
  853. size_t busy_count = 0;
  854. unsigned long ino;
  855. char ino_str[50] = "";
  856. spin_lock(&mk->mk_decrypted_inodes_lock);
  857. list_for_each(pos, &mk->mk_decrypted_inodes)
  858. busy_count++;
  859. if (busy_count == 0) {
  860. spin_unlock(&mk->mk_decrypted_inodes_lock);
  861. return 0;
  862. }
  863. {
  864. /* select an example file to show for debugging purposes */
  865. struct inode *inode =
  866. list_first_entry(&mk->mk_decrypted_inodes,
  867. struct fscrypt_inode_info,
  868. ci_master_key_link)->ci_inode;
  869. ino = inode->i_ino;
  870. }
  871. spin_unlock(&mk->mk_decrypted_inodes_lock);
  872. /* If the inode is currently being created, ino may still be 0. */
  873. if (ino)
  874. snprintf(ino_str, sizeof(ino_str), ", including ino %lu", ino);
  875. fscrypt_warn(NULL,
  876. "%s: %zu inode(s) still busy after removing key with %s %*phN%s",
  877. sb->s_id, busy_count, master_key_spec_type(&mk->mk_spec),
  878. master_key_spec_len(&mk->mk_spec), (u8 *)&mk->mk_spec.u,
  879. ino_str);
  880. return -EBUSY;
  881. }
  882. static int try_to_lock_encrypted_files(struct super_block *sb,
  883. struct fscrypt_master_key *mk)
  884. {
  885. int err1;
  886. int err2;
  887. /*
  888. * An inode can't be evicted while it is dirty or has dirty pages.
  889. * Thus, we first have to clean the inodes in ->mk_decrypted_inodes.
  890. *
  891. * Just do it the easy way: call sync_filesystem(). It's overkill, but
  892. * it works, and it's more important to minimize the amount of caches we
  893. * drop than the amount of data we sync. Also, unprivileged users can
  894. * already call sync_filesystem() via sys_syncfs() or sys_sync().
  895. */
  896. down_read(&sb->s_umount);
  897. err1 = sync_filesystem(sb);
  898. up_read(&sb->s_umount);
  899. /* If a sync error occurs, still try to evict as much as possible. */
  900. /*
  901. * Inodes are pinned by their dentries, so we have to evict their
  902. * dentries. shrink_dcache_sb() would suffice, but would be overkill
  903. * and inappropriate for use by unprivileged users. So instead go
  904. * through the inodes' alias lists and try to evict each dentry.
  905. */
  906. evict_dentries_for_decrypted_inodes(mk);
  907. /*
  908. * evict_dentries_for_decrypted_inodes() already iput() each inode in
  909. * the list; any inodes for which that dropped the last reference will
  910. * have been evicted due to fscrypt_drop_inode() detecting the key
  911. * removal and telling the VFS to evict the inode. So to finish, we
  912. * just need to check whether any inodes couldn't be evicted.
  913. */
  914. err2 = check_for_busy_inodes(sb, mk);
  915. return err1 ?: err2;
  916. }
  917. /*
  918. * Try to remove an fscrypt master encryption key.
  919. *
  920. * FS_IOC_REMOVE_ENCRYPTION_KEY (all_users=false) removes the current user's
  921. * claim to the key, then removes the key itself if no other users have claims.
  922. * FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS (all_users=true) always removes the
  923. * key itself.
  924. *
  925. * To "remove the key itself", first we transition the key to the "incompletely
  926. * removed" state, so that no more inodes can be unlocked with it. Then we try
  927. * to evict all cached inodes that had been unlocked with the key.
  928. *
  929. * If all inodes were evicted, then we unlink the fscrypt_master_key from the
  930. * keyring. Otherwise it remains in the keyring in the "incompletely removed"
  931. * state where it tracks the list of remaining inodes. Userspace can execute
  932. * the ioctl again later to retry eviction, or alternatively can re-add the key.
  933. *
  934. * For more details, see the "Removing keys" section of
  935. * Documentation/filesystems/fscrypt.rst.
  936. */
  937. static int do_remove_key(struct file *filp, void __user *_uarg, bool all_users)
  938. {
  939. struct super_block *sb = file_inode(filp)->i_sb;
  940. struct fscrypt_remove_key_arg __user *uarg = _uarg;
  941. struct fscrypt_remove_key_arg arg;
  942. struct fscrypt_master_key *mk;
  943. u32 status_flags = 0;
  944. int err;
  945. bool inodes_remain;
  946. if (copy_from_user(&arg, uarg, sizeof(arg)))
  947. return -EFAULT;
  948. if (!valid_key_spec(&arg.key_spec))
  949. return -EINVAL;
  950. if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved)))
  951. return -EINVAL;
  952. /*
  953. * Only root can add and remove keys that are identified by an arbitrary
  954. * descriptor rather than by a cryptographic hash.
  955. */
  956. if (arg.key_spec.type == FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR &&
  957. !capable(CAP_SYS_ADMIN))
  958. return -EACCES;
  959. /* Find the key being removed. */
  960. mk = fscrypt_find_master_key(sb, &arg.key_spec);
  961. if (!mk)
  962. return -ENOKEY;
  963. down_write(&mk->mk_sem);
  964. /* If relevant, remove current user's (or all users) claim to the key */
  965. if (mk->mk_users && mk->mk_users->keys.nr_leaves_on_tree != 0) {
  966. if (all_users)
  967. err = keyring_clear(mk->mk_users);
  968. else
  969. err = remove_master_key_user(mk);
  970. if (err) {
  971. up_write(&mk->mk_sem);
  972. goto out_put_key;
  973. }
  974. if (mk->mk_users->keys.nr_leaves_on_tree != 0) {
  975. /*
  976. * Other users have still added the key too. We removed
  977. * the current user's claim to the key, but we still
  978. * can't remove the key itself.
  979. */
  980. status_flags |=
  981. FSCRYPT_KEY_REMOVAL_STATUS_FLAG_OTHER_USERS;
  982. err = 0;
  983. up_write(&mk->mk_sem);
  984. goto out_put_key;
  985. }
  986. }
  987. /* No user claims remaining. Initiate removal of the key. */
  988. err = -ENOKEY;
  989. if (mk->mk_present) {
  990. fscrypt_initiate_key_removal(sb, mk);
  991. err = 0;
  992. }
  993. inodes_remain = refcount_read(&mk->mk_active_refs) > 0;
  994. up_write(&mk->mk_sem);
  995. if (inodes_remain) {
  996. /* Some inodes still reference this key; try to evict them. */
  997. err = try_to_lock_encrypted_files(sb, mk);
  998. if (err == -EBUSY) {
  999. status_flags |=
  1000. FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY;
  1001. err = 0;
  1002. }
  1003. }
  1004. /*
  1005. * We return 0 if we successfully did something: removed a claim to the
  1006. * key, initiated removal of the key, or tried locking the files again.
  1007. * Users need to check the informational status flags if they care
  1008. * whether the key has been fully removed including all files locked.
  1009. */
  1010. out_put_key:
  1011. fscrypt_put_master_key(mk);
  1012. if (err == 0)
  1013. err = put_user(status_flags, &uarg->removal_status_flags);
  1014. return err;
  1015. }
  1016. int fscrypt_ioctl_remove_key(struct file *filp, void __user *uarg)
  1017. {
  1018. return do_remove_key(filp, uarg, false);
  1019. }
  1020. EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key);
  1021. int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *uarg)
  1022. {
  1023. if (!capable(CAP_SYS_ADMIN))
  1024. return -EACCES;
  1025. return do_remove_key(filp, uarg, true);
  1026. }
  1027. EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key_all_users);
  1028. /*
  1029. * Retrieve the status of an fscrypt master encryption key.
  1030. *
  1031. * We set ->status to indicate whether the key is absent, present, or
  1032. * incompletely removed. (For an explanation of what these statuses mean and
  1033. * how they are represented internally, see struct fscrypt_master_key.) This
  1034. * field allows applications to easily determine the status of an encrypted
  1035. * directory without using a hack such as trying to open a regular file in it
  1036. * (which can confuse the "incompletely removed" status with absent or present).
  1037. *
  1038. * In addition, for v2 policy keys we allow applications to determine, via
  1039. * ->status_flags and ->user_count, whether the key has been added by the
  1040. * current user, by other users, or by both. Most applications should not need
  1041. * this, since ordinarily only one user should know a given key. However, if a
  1042. * secret key is shared by multiple users, applications may wish to add an
  1043. * already-present key to prevent other users from removing it. This ioctl can
  1044. * be used to check whether that really is the case before the work is done to
  1045. * add the key --- which might e.g. require prompting the user for a passphrase.
  1046. *
  1047. * For more details, see the "FS_IOC_GET_ENCRYPTION_KEY_STATUS" section of
  1048. * Documentation/filesystems/fscrypt.rst.
  1049. */
  1050. int fscrypt_ioctl_get_key_status(struct file *filp, void __user *uarg)
  1051. {
  1052. struct super_block *sb = file_inode(filp)->i_sb;
  1053. struct fscrypt_get_key_status_arg arg;
  1054. struct fscrypt_master_key *mk;
  1055. int err;
  1056. if (copy_from_user(&arg, uarg, sizeof(arg)))
  1057. return -EFAULT;
  1058. if (!valid_key_spec(&arg.key_spec))
  1059. return -EINVAL;
  1060. if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved)))
  1061. return -EINVAL;
  1062. arg.status_flags = 0;
  1063. arg.user_count = 0;
  1064. memset(arg.__out_reserved, 0, sizeof(arg.__out_reserved));
  1065. mk = fscrypt_find_master_key(sb, &arg.key_spec);
  1066. if (!mk) {
  1067. arg.status = FSCRYPT_KEY_STATUS_ABSENT;
  1068. err = 0;
  1069. goto out;
  1070. }
  1071. down_read(&mk->mk_sem);
  1072. if (!mk->mk_present) {
  1073. arg.status = refcount_read(&mk->mk_active_refs) > 0 ?
  1074. FSCRYPT_KEY_STATUS_INCOMPLETELY_REMOVED :
  1075. FSCRYPT_KEY_STATUS_ABSENT /* raced with full removal */;
  1076. err = 0;
  1077. goto out_release_key;
  1078. }
  1079. arg.status = FSCRYPT_KEY_STATUS_PRESENT;
  1080. if (mk->mk_users) {
  1081. struct key *mk_user;
  1082. arg.user_count = mk->mk_users->keys.nr_leaves_on_tree;
  1083. mk_user = find_master_key_user(mk);
  1084. if (!IS_ERR(mk_user)) {
  1085. arg.status_flags |=
  1086. FSCRYPT_KEY_STATUS_FLAG_ADDED_BY_SELF;
  1087. key_put(mk_user);
  1088. } else if (mk_user != ERR_PTR(-ENOKEY)) {
  1089. err = PTR_ERR(mk_user);
  1090. goto out_release_key;
  1091. }
  1092. }
  1093. err = 0;
  1094. out_release_key:
  1095. up_read(&mk->mk_sem);
  1096. fscrypt_put_master_key(mk);
  1097. out:
  1098. if (!err && copy_to_user(uarg, &arg, sizeof(arg)))
  1099. err = -EFAULT;
  1100. return err;
  1101. }
  1102. EXPORT_SYMBOL_GPL(fscrypt_ioctl_get_key_status);
  1103. int __init fscrypt_init_keyring(void)
  1104. {
  1105. int err;
  1106. err = register_key_type(&key_type_fscrypt_user);
  1107. if (err)
  1108. return err;
  1109. err = register_key_type(&key_type_fscrypt_provisioning);
  1110. if (err)
  1111. goto err_unregister_fscrypt_user;
  1112. return 0;
  1113. err_unregister_fscrypt_user:
  1114. unregister_key_type(&key_type_fscrypt_user);
  1115. return err;
  1116. }