1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Filesystem-level keyring for fscrypt 4 * 5 * Copyright 2019 Google LLC 6 */ 7 8 /* 9 * This file implements management of fscrypt master keys in the 10 * filesystem-level keyring, including the ioctls: 11 * 12 * - FS_IOC_ADD_ENCRYPTION_KEY 13 * - FS_IOC_REMOVE_ENCRYPTION_KEY 14 * - FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS 15 * - FS_IOC_GET_ENCRYPTION_KEY_STATUS 16 * 17 * See the "User API" section of Documentation/filesystems/fscrypt.rst for more 18 * information about these ioctls. 19 */ 20 21 #include <crypto/skcipher.h> 22 #include <linux/key-type.h> 23 #include <linux/seq_file.h> 24 25 #include "fscrypt_private.h" 26 27 static void wipe_master_key_secret(struct fscrypt_master_key_secret *secret) 28 { 29 fscrypt_destroy_hkdf(&secret->hkdf); 30 memzero_explicit(secret, sizeof(*secret)); 31 } 32 33 static void move_master_key_secret(struct fscrypt_master_key_secret *dst, 34 struct fscrypt_master_key_secret *src) 35 { 36 memcpy(dst, src, sizeof(*dst)); 37 memzero_explicit(src, sizeof(*src)); 38 } 39 40 static void free_master_key(struct fscrypt_master_key *mk) 41 { 42 size_t i; 43 44 wipe_master_key_secret(&mk->mk_secret); 45 46 for (i = 0; i < ARRAY_SIZE(mk->mk_mode_keys); i++) 47 crypto_free_skcipher(mk->mk_mode_keys[i]); 48 49 key_put(mk->mk_users); 50 kzfree(mk); 51 } 52 53 static inline bool valid_key_spec(const struct fscrypt_key_specifier *spec) 54 { 55 if (spec->__reserved) 56 return false; 57 return master_key_spec_len(spec) != 0; 58 } 59 60 static int fscrypt_key_instantiate(struct key *key, 61 struct key_preparsed_payload *prep) 62 { 63 key->payload.data[0] = (struct fscrypt_master_key *)prep->data; 64 return 0; 65 } 66 67 static void fscrypt_key_destroy(struct key *key) 68 { 69 free_master_key(key->payload.data[0]); 70 } 71 72 static void fscrypt_key_describe(const struct key *key, struct seq_file *m) 73 { 74 seq_puts(m, key->description); 75 76 if (key_is_positive(key)) { 77 const struct fscrypt_master_key *mk = key->payload.data[0]; 78 79 if (!is_master_key_secret_present(&mk->mk_secret)) 80 seq_puts(m, ": secret removed"); 81 } 82 } 83 84 /* 85 * Type of key in ->s_master_keys. Each key of this type represents a master 86 * key which has been added to the filesystem. Its payload is a 87 * 'struct fscrypt_master_key'. The "." prefix in the key type name prevents 88 * users from adding keys of this type via the keyrings syscalls rather than via 89 * the intended method of FS_IOC_ADD_ENCRYPTION_KEY. 90 */ 91 static struct key_type key_type_fscrypt = { 92 .name = "._fscrypt", 93 .instantiate = fscrypt_key_instantiate, 94 .destroy = fscrypt_key_destroy, 95 .describe = fscrypt_key_describe, 96 }; 97 98 static int fscrypt_user_key_instantiate(struct key *key, 99 struct key_preparsed_payload *prep) 100 { 101 /* 102 * We just charge FSCRYPT_MAX_KEY_SIZE bytes to the user's key quota for 103 * each key, regardless of the exact key size. The amount of memory 104 * actually used is greater than the size of the raw key anyway. 105 */ 106 return key_payload_reserve(key, FSCRYPT_MAX_KEY_SIZE); 107 } 108 109 static void fscrypt_user_key_describe(const struct key *key, struct seq_file *m) 110 { 111 seq_puts(m, key->description); 112 } 113 114 /* 115 * Type of key in ->mk_users. Each key of this type represents a particular 116 * user who has added a particular master key. 117 * 118 * Note that the name of this key type really should be something like 119 * ".fscrypt-user" instead of simply ".fscrypt". But the shorter name is chosen 120 * mainly for simplicity of presentation in /proc/keys when read by a non-root 121 * user. And it is expected to be rare that a key is actually added by multiple 122 * users, since users should keep their encryption keys confidential. 123 */ 124 static struct key_type key_type_fscrypt_user = { 125 .name = ".fscrypt", 126 .instantiate = fscrypt_user_key_instantiate, 127 .describe = fscrypt_user_key_describe, 128 }; 129 130 /* Search ->s_master_keys or ->mk_users */ 131 static struct key *search_fscrypt_keyring(struct key *keyring, 132 struct key_type *type, 133 const char *description) 134 { 135 /* 136 * We need to mark the keyring reference as "possessed" so that we 137 * acquire permission to search it, via the KEY_POS_SEARCH permission. 138 */ 139 key_ref_t keyref = make_key_ref(keyring, true /* possessed */); 140 141 keyref = keyring_search(keyref, type, description, false); 142 if (IS_ERR(keyref)) { 143 if (PTR_ERR(keyref) == -EAGAIN || /* not found */ 144 PTR_ERR(keyref) == -EKEYREVOKED) /* recently invalidated */ 145 keyref = ERR_PTR(-ENOKEY); 146 return ERR_CAST(keyref); 147 } 148 return key_ref_to_ptr(keyref); 149 } 150 151 #define FSCRYPT_FS_KEYRING_DESCRIPTION_SIZE \ 152 (CONST_STRLEN("fscrypt-") + FIELD_SIZEOF(struct super_block, s_id)) 153 154 #define FSCRYPT_MK_DESCRIPTION_SIZE (2 * FSCRYPT_KEY_IDENTIFIER_SIZE + 1) 155 156 #define FSCRYPT_MK_USERS_DESCRIPTION_SIZE \ 157 (CONST_STRLEN("fscrypt-") + 2 * FSCRYPT_KEY_IDENTIFIER_SIZE + \ 158 CONST_STRLEN("-users") + 1) 159 160 #define FSCRYPT_MK_USER_DESCRIPTION_SIZE \ 161 (2 * FSCRYPT_KEY_IDENTIFIER_SIZE + CONST_STRLEN(".uid.") + 10 + 1) 162 163 static void format_fs_keyring_description( 164 char description[FSCRYPT_FS_KEYRING_DESCRIPTION_SIZE], 165 const struct super_block *sb) 166 { 167 sprintf(description, "fscrypt-%s", sb->s_id); 168 } 169 170 static void format_mk_description( 171 char description[FSCRYPT_MK_DESCRIPTION_SIZE], 172 const struct fscrypt_key_specifier *mk_spec) 173 { 174 sprintf(description, "%*phN", 175 master_key_spec_len(mk_spec), (u8 *)&mk_spec->u); 176 } 177 178 static void format_mk_users_keyring_description( 179 char description[FSCRYPT_MK_USERS_DESCRIPTION_SIZE], 180 const u8 mk_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]) 181 { 182 sprintf(description, "fscrypt-%*phN-users", 183 FSCRYPT_KEY_IDENTIFIER_SIZE, mk_identifier); 184 } 185 186 static void format_mk_user_description( 187 char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE], 188 const u8 mk_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]) 189 { 190 191 sprintf(description, "%*phN.uid.%u", FSCRYPT_KEY_IDENTIFIER_SIZE, 192 mk_identifier, __kuid_val(current_fsuid())); 193 } 194 195 /* Create ->s_master_keys if needed. Synchronized by fscrypt_add_key_mutex. */ 196 static int allocate_filesystem_keyring(struct super_block *sb) 197 { 198 char description[FSCRYPT_FS_KEYRING_DESCRIPTION_SIZE]; 199 struct key *keyring; 200 201 if (sb->s_master_keys) 202 return 0; 203 204 format_fs_keyring_description(description, sb); 205 keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, 206 current_cred(), KEY_POS_SEARCH | 207 KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW, 208 KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); 209 if (IS_ERR(keyring)) 210 return PTR_ERR(keyring); 211 212 /* Pairs with READ_ONCE() in fscrypt_find_master_key() */ 213 smp_store_release(&sb->s_master_keys, keyring); 214 return 0; 215 } 216 217 void fscrypt_sb_free(struct super_block *sb) 218 { 219 key_put(sb->s_master_keys); 220 sb->s_master_keys = NULL; 221 } 222 223 /* 224 * Find the specified master key in ->s_master_keys. 225 * Returns ERR_PTR(-ENOKEY) if not found. 226 */ 227 struct key *fscrypt_find_master_key(struct super_block *sb, 228 const struct fscrypt_key_specifier *mk_spec) 229 { 230 struct key *keyring; 231 char description[FSCRYPT_MK_DESCRIPTION_SIZE]; 232 233 /* pairs with smp_store_release() in allocate_filesystem_keyring() */ 234 keyring = READ_ONCE(sb->s_master_keys); 235 if (keyring == NULL) 236 return ERR_PTR(-ENOKEY); /* No keyring yet, so no keys yet. */ 237 238 format_mk_description(description, mk_spec); 239 return search_fscrypt_keyring(keyring, &key_type_fscrypt, description); 240 } 241 242 static int allocate_master_key_users_keyring(struct fscrypt_master_key *mk) 243 { 244 char description[FSCRYPT_MK_USERS_DESCRIPTION_SIZE]; 245 struct key *keyring; 246 247 format_mk_users_keyring_description(description, 248 mk->mk_spec.u.identifier); 249 keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, 250 current_cred(), KEY_POS_SEARCH | 251 KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW, 252 KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); 253 if (IS_ERR(keyring)) 254 return PTR_ERR(keyring); 255 256 mk->mk_users = keyring; 257 return 0; 258 } 259 260 /* 261 * Find the current user's "key" in the master key's ->mk_users. 262 * Returns ERR_PTR(-ENOKEY) if not found. 263 */ 264 static struct key *find_master_key_user(struct fscrypt_master_key *mk) 265 { 266 char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE]; 267 268 format_mk_user_description(description, mk->mk_spec.u.identifier); 269 return search_fscrypt_keyring(mk->mk_users, &key_type_fscrypt_user, 270 description); 271 } 272 273 /* 274 * Give the current user a "key" in ->mk_users. This charges the user's quota 275 * and marks the master key as added by the current user, so that it cannot be 276 * removed by another user with the key. Either the master key's key->sem must 277 * be held for write, or the master key must be still undergoing initialization. 278 */ 279 static int add_master_key_user(struct fscrypt_master_key *mk) 280 { 281 char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE]; 282 struct key *mk_user; 283 int err; 284 285 format_mk_user_description(description, mk->mk_spec.u.identifier); 286 mk_user = key_alloc(&key_type_fscrypt_user, description, 287 current_fsuid(), current_gid(), current_cred(), 288 KEY_POS_SEARCH | KEY_USR_VIEW, 0, NULL); 289 if (IS_ERR(mk_user)) 290 return PTR_ERR(mk_user); 291 292 err = key_instantiate_and_link(mk_user, NULL, 0, mk->mk_users, NULL); 293 key_put(mk_user); 294 return err; 295 } 296 297 /* 298 * Remove the current user's "key" from ->mk_users. 299 * The master key's key->sem must be held for write. 300 * 301 * Returns 0 if removed, -ENOKEY if not found, or another -errno code. 302 */ 303 static int remove_master_key_user(struct fscrypt_master_key *mk) 304 { 305 struct key *mk_user; 306 int err; 307 308 mk_user = find_master_key_user(mk); 309 if (IS_ERR(mk_user)) 310 return PTR_ERR(mk_user); 311 err = key_unlink(mk->mk_users, mk_user); 312 key_put(mk_user); 313 return err; 314 } 315 316 /* 317 * Allocate a new fscrypt_master_key which contains the given secret, set it as 318 * the payload of a new 'struct key' of type fscrypt, and link the 'struct key' 319 * into the given keyring. Synchronized by fscrypt_add_key_mutex. 320 */ 321 static int add_new_master_key(struct fscrypt_master_key_secret *secret, 322 const struct fscrypt_key_specifier *mk_spec, 323 struct key *keyring) 324 { 325 struct fscrypt_master_key *mk; 326 char description[FSCRYPT_MK_DESCRIPTION_SIZE]; 327 struct key *key; 328 int err; 329 330 mk = kzalloc(sizeof(*mk), GFP_KERNEL); 331 if (!mk) 332 return -ENOMEM; 333 334 mk->mk_spec = *mk_spec; 335 336 move_master_key_secret(&mk->mk_secret, secret); 337 init_rwsem(&mk->mk_secret_sem); 338 339 refcount_set(&mk->mk_refcount, 1); /* secret is present */ 340 INIT_LIST_HEAD(&mk->mk_decrypted_inodes); 341 spin_lock_init(&mk->mk_decrypted_inodes_lock); 342 343 if (mk_spec->type == FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER) { 344 err = allocate_master_key_users_keyring(mk); 345 if (err) 346 goto out_free_mk; 347 err = add_master_key_user(mk); 348 if (err) 349 goto out_free_mk; 350 } 351 352 /* 353 * Note that we don't charge this key to anyone's quota, since when 354 * ->mk_users is in use those keys are charged instead, and otherwise 355 * (when ->mk_users isn't in use) only root can add these keys. 356 */ 357 format_mk_description(description, mk_spec); 358 key = key_alloc(&key_type_fscrypt, description, 359 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(), 360 KEY_POS_SEARCH | KEY_USR_SEARCH | KEY_USR_VIEW, 361 KEY_ALLOC_NOT_IN_QUOTA, NULL); 362 if (IS_ERR(key)) { 363 err = PTR_ERR(key); 364 goto out_free_mk; 365 } 366 err = key_instantiate_and_link(key, mk, sizeof(*mk), keyring, NULL); 367 key_put(key); 368 if (err) 369 goto out_free_mk; 370 371 return 0; 372 373 out_free_mk: 374 free_master_key(mk); 375 return err; 376 } 377 378 #define KEY_DEAD 1 379 380 static int add_existing_master_key(struct fscrypt_master_key *mk, 381 struct fscrypt_master_key_secret *secret) 382 { 383 struct key *mk_user; 384 bool rekey; 385 int err; 386 387 /* 388 * If the current user is already in ->mk_users, then there's nothing to 389 * do. (Not applicable for v1 policy keys, which have NULL ->mk_users.) 390 */ 391 if (mk->mk_users) { 392 mk_user = find_master_key_user(mk); 393 if (mk_user != ERR_PTR(-ENOKEY)) { 394 if (IS_ERR(mk_user)) 395 return PTR_ERR(mk_user); 396 key_put(mk_user); 397 return 0; 398 } 399 } 400 401 /* If we'll be re-adding ->mk_secret, try to take the reference. */ 402 rekey = !is_master_key_secret_present(&mk->mk_secret); 403 if (rekey && !refcount_inc_not_zero(&mk->mk_refcount)) 404 return KEY_DEAD; 405 406 /* Add the current user to ->mk_users, if applicable. */ 407 if (mk->mk_users) { 408 err = add_master_key_user(mk); 409 if (err) { 410 if (rekey && refcount_dec_and_test(&mk->mk_refcount)) 411 return KEY_DEAD; 412 return err; 413 } 414 } 415 416 /* Re-add the secret if needed. */ 417 if (rekey) { 418 down_write(&mk->mk_secret_sem); 419 move_master_key_secret(&mk->mk_secret, secret); 420 up_write(&mk->mk_secret_sem); 421 } 422 return 0; 423 } 424 425 static int add_master_key(struct super_block *sb, 426 struct fscrypt_master_key_secret *secret, 427 const struct fscrypt_key_specifier *mk_spec) 428 { 429 static DEFINE_MUTEX(fscrypt_add_key_mutex); 430 struct key *key; 431 int err; 432 433 mutex_lock(&fscrypt_add_key_mutex); /* serialize find + link */ 434 retry: 435 key = fscrypt_find_master_key(sb, mk_spec); 436 if (IS_ERR(key)) { 437 err = PTR_ERR(key); 438 if (err != -ENOKEY) 439 goto out_unlock; 440 /* Didn't find the key in ->s_master_keys. Add it. */ 441 err = allocate_filesystem_keyring(sb); 442 if (err) 443 goto out_unlock; 444 err = add_new_master_key(secret, mk_spec, sb->s_master_keys); 445 } else { 446 /* 447 * Found the key in ->s_master_keys. Re-add the secret if 448 * needed, and add the user to ->mk_users if needed. 449 */ 450 down_write(&key->sem); 451 err = add_existing_master_key(key->payload.data[0], secret); 452 up_write(&key->sem); 453 if (err == KEY_DEAD) { 454 /* Key being removed or needs to be removed */ 455 key_invalidate(key); 456 key_put(key); 457 goto retry; 458 } 459 key_put(key); 460 } 461 out_unlock: 462 mutex_unlock(&fscrypt_add_key_mutex); 463 return err; 464 } 465 466 /* 467 * Add a master encryption key to the filesystem, causing all files which were 468 * encrypted with it to appear "unlocked" (decrypted) when accessed. 469 * 470 * When adding a key for use by v1 encryption policies, this ioctl is 471 * privileged, and userspace must provide the 'key_descriptor'. 472 * 473 * When adding a key for use by v2+ encryption policies, this ioctl is 474 * unprivileged. This is needed, in general, to allow non-root users to use 475 * encryption without encountering the visibility problems of process-subscribed 476 * keyrings and the inability to properly remove keys. This works by having 477 * each key identified by its cryptographically secure hash --- the 478 * 'key_identifier'. The cryptographic hash ensures that a malicious user 479 * cannot add the wrong key for a given identifier. Furthermore, each added key 480 * is charged to the appropriate user's quota for the keyrings service, which 481 * prevents a malicious user from adding too many keys. Finally, we forbid a 482 * user from removing a key while other users have added it too, which prevents 483 * a user who knows another user's key from causing a denial-of-service by 484 * removing it at an inopportune time. (We tolerate that a user who knows a key 485 * can prevent other users from removing it.) 486 * 487 * For more details, see the "FS_IOC_ADD_ENCRYPTION_KEY" section of 488 * Documentation/filesystems/fscrypt.rst. 489 */ 490 int fscrypt_ioctl_add_key(struct file *filp, void __user *_uarg) 491 { 492 struct super_block *sb = file_inode(filp)->i_sb; 493 struct fscrypt_add_key_arg __user *uarg = _uarg; 494 struct fscrypt_add_key_arg arg; 495 struct fscrypt_master_key_secret secret; 496 int err; 497 498 if (copy_from_user(&arg, uarg, sizeof(arg))) 499 return -EFAULT; 500 501 if (!valid_key_spec(&arg.key_spec)) 502 return -EINVAL; 503 504 if (arg.raw_size < FSCRYPT_MIN_KEY_SIZE || 505 arg.raw_size > FSCRYPT_MAX_KEY_SIZE) 506 return -EINVAL; 507 508 if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved))) 509 return -EINVAL; 510 511 memset(&secret, 0, sizeof(secret)); 512 secret.size = arg.raw_size; 513 err = -EFAULT; 514 if (copy_from_user(secret.raw, uarg->raw, secret.size)) 515 goto out_wipe_secret; 516 517 switch (arg.key_spec.type) { 518 case FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR: 519 /* 520 * Only root can add keys that are identified by an arbitrary 521 * descriptor rather than by a cryptographic hash --- since 522 * otherwise a malicious user could add the wrong key. 523 */ 524 err = -EACCES; 525 if (!capable(CAP_SYS_ADMIN)) 526 goto out_wipe_secret; 527 break; 528 case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER: 529 err = fscrypt_init_hkdf(&secret.hkdf, secret.raw, secret.size); 530 if (err) 531 goto out_wipe_secret; 532 533 /* 534 * Now that the HKDF context is initialized, the raw key is no 535 * longer needed. 536 */ 537 memzero_explicit(secret.raw, secret.size); 538 539 /* Calculate the key identifier and return it to userspace. */ 540 err = fscrypt_hkdf_expand(&secret.hkdf, 541 HKDF_CONTEXT_KEY_IDENTIFIER, 542 NULL, 0, arg.key_spec.u.identifier, 543 FSCRYPT_KEY_IDENTIFIER_SIZE); 544 if (err) 545 goto out_wipe_secret; 546 err = -EFAULT; 547 if (copy_to_user(uarg->key_spec.u.identifier, 548 arg.key_spec.u.identifier, 549 FSCRYPT_KEY_IDENTIFIER_SIZE)) 550 goto out_wipe_secret; 551 break; 552 default: 553 WARN_ON(1); 554 err = -EINVAL; 555 goto out_wipe_secret; 556 } 557 558 err = add_master_key(sb, &secret, &arg.key_spec); 559 out_wipe_secret: 560 wipe_master_key_secret(&secret); 561 return err; 562 } 563 EXPORT_SYMBOL_GPL(fscrypt_ioctl_add_key); 564 565 /* 566 * Verify that the current user has added a master key with the given identifier 567 * (returns -ENOKEY if not). This is needed to prevent a user from encrypting 568 * their files using some other user's key which they don't actually know. 569 * Cryptographically this isn't much of a problem, but the semantics of this 570 * would be a bit weird, so it's best to just forbid it. 571 * 572 * The system administrator (CAP_FOWNER) can override this, which should be 573 * enough for any use cases where encryption policies are being set using keys 574 * that were chosen ahead of time but aren't available at the moment. 575 * 576 * Note that the key may have already removed by the time this returns, but 577 * that's okay; we just care whether the key was there at some point. 578 * 579 * Return: 0 if the key is added, -ENOKEY if it isn't, or another -errno code 580 */ 581 int fscrypt_verify_key_added(struct super_block *sb, 582 const u8 identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]) 583 { 584 struct fscrypt_key_specifier mk_spec; 585 struct key *key, *mk_user; 586 struct fscrypt_master_key *mk; 587 int err; 588 589 mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER; 590 memcpy(mk_spec.u.identifier, identifier, FSCRYPT_KEY_IDENTIFIER_SIZE); 591 592 key = fscrypt_find_master_key(sb, &mk_spec); 593 if (IS_ERR(key)) { 594 err = PTR_ERR(key); 595 goto out; 596 } 597 mk = key->payload.data[0]; 598 mk_user = find_master_key_user(mk); 599 if (IS_ERR(mk_user)) { 600 err = PTR_ERR(mk_user); 601 } else { 602 key_put(mk_user); 603 err = 0; 604 } 605 key_put(key); 606 out: 607 if (err == -ENOKEY && capable(CAP_FOWNER)) 608 err = 0; 609 return err; 610 } 611 612 /* 613 * Try to evict the inode's dentries from the dentry cache. If the inode is a 614 * directory, then it can have at most one dentry; however, that dentry may be 615 * pinned by child dentries, so first try to evict the children too. 616 */ 617 static void shrink_dcache_inode(struct inode *inode) 618 { 619 struct dentry *dentry; 620 621 if (S_ISDIR(inode->i_mode)) { 622 dentry = d_find_any_alias(inode); 623 if (dentry) { 624 shrink_dcache_parent(dentry); 625 dput(dentry); 626 } 627 } 628 d_prune_aliases(inode); 629 } 630 631 static void evict_dentries_for_decrypted_inodes(struct fscrypt_master_key *mk) 632 { 633 struct fscrypt_info *ci; 634 struct inode *inode; 635 struct inode *toput_inode = NULL; 636 637 spin_lock(&mk->mk_decrypted_inodes_lock); 638 639 list_for_each_entry(ci, &mk->mk_decrypted_inodes, ci_master_key_link) { 640 inode = ci->ci_inode; 641 spin_lock(&inode->i_lock); 642 if (inode->i_state & (I_FREEING | I_WILL_FREE | I_NEW)) { 643 spin_unlock(&inode->i_lock); 644 continue; 645 } 646 __iget(inode); 647 spin_unlock(&inode->i_lock); 648 spin_unlock(&mk->mk_decrypted_inodes_lock); 649 650 shrink_dcache_inode(inode); 651 iput(toput_inode); 652 toput_inode = inode; 653 654 spin_lock(&mk->mk_decrypted_inodes_lock); 655 } 656 657 spin_unlock(&mk->mk_decrypted_inodes_lock); 658 iput(toput_inode); 659 } 660 661 static int check_for_busy_inodes(struct super_block *sb, 662 struct fscrypt_master_key *mk) 663 { 664 struct list_head *pos; 665 size_t busy_count = 0; 666 unsigned long ino; 667 struct dentry *dentry; 668 char _path[256]; 669 char *path = NULL; 670 671 spin_lock(&mk->mk_decrypted_inodes_lock); 672 673 list_for_each(pos, &mk->mk_decrypted_inodes) 674 busy_count++; 675 676 if (busy_count == 0) { 677 spin_unlock(&mk->mk_decrypted_inodes_lock); 678 return 0; 679 } 680 681 { 682 /* select an example file to show for debugging purposes */ 683 struct inode *inode = 684 list_first_entry(&mk->mk_decrypted_inodes, 685 struct fscrypt_info, 686 ci_master_key_link)->ci_inode; 687 ino = inode->i_ino; 688 dentry = d_find_alias(inode); 689 } 690 spin_unlock(&mk->mk_decrypted_inodes_lock); 691 692 if (dentry) { 693 path = dentry_path(dentry, _path, sizeof(_path)); 694 dput(dentry); 695 } 696 if (IS_ERR_OR_NULL(path)) 697 path = "(unknown)"; 698 699 fscrypt_warn(NULL, 700 "%s: %zu inode(s) still busy after removing key with %s %*phN, including ino %lu (%s)", 701 sb->s_id, busy_count, master_key_spec_type(&mk->mk_spec), 702 master_key_spec_len(&mk->mk_spec), (u8 *)&mk->mk_spec.u, 703 ino, path); 704 return -EBUSY; 705 } 706 707 static int try_to_lock_encrypted_files(struct super_block *sb, 708 struct fscrypt_master_key *mk) 709 { 710 int err1; 711 int err2; 712 713 /* 714 * An inode can't be evicted while it is dirty or has dirty pages. 715 * Thus, we first have to clean the inodes in ->mk_decrypted_inodes. 716 * 717 * Just do it the easy way: call sync_filesystem(). It's overkill, but 718 * it works, and it's more important to minimize the amount of caches we 719 * drop than the amount of data we sync. Also, unprivileged users can 720 * already call sync_filesystem() via sys_syncfs() or sys_sync(). 721 */ 722 down_read(&sb->s_umount); 723 err1 = sync_filesystem(sb); 724 up_read(&sb->s_umount); 725 /* If a sync error occurs, still try to evict as much as possible. */ 726 727 /* 728 * Inodes are pinned by their dentries, so we have to evict their 729 * dentries. shrink_dcache_sb() would suffice, but would be overkill 730 * and inappropriate for use by unprivileged users. So instead go 731 * through the inodes' alias lists and try to evict each dentry. 732 */ 733 evict_dentries_for_decrypted_inodes(mk); 734 735 /* 736 * evict_dentries_for_decrypted_inodes() already iput() each inode in 737 * the list; any inodes for which that dropped the last reference will 738 * have been evicted due to fscrypt_drop_inode() detecting the key 739 * removal and telling the VFS to evict the inode. So to finish, we 740 * just need to check whether any inodes couldn't be evicted. 741 */ 742 err2 = check_for_busy_inodes(sb, mk); 743 744 return err1 ?: err2; 745 } 746 747 /* 748 * Try to remove an fscrypt master encryption key. 749 * 750 * FS_IOC_REMOVE_ENCRYPTION_KEY (all_users=false) removes the current user's 751 * claim to the key, then removes the key itself if no other users have claims. 752 * FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS (all_users=true) always removes the 753 * key itself. 754 * 755 * To "remove the key itself", first we wipe the actual master key secret, so 756 * that no more inodes can be unlocked with it. Then we try to evict all cached 757 * inodes that had been unlocked with the key. 758 * 759 * If all inodes were evicted, then we unlink the fscrypt_master_key from the 760 * keyring. Otherwise it remains in the keyring in the "incompletely removed" 761 * state (without the actual secret key) where it tracks the list of remaining 762 * inodes. Userspace can execute the ioctl again later to retry eviction, or 763 * alternatively can re-add the secret key again. 764 * 765 * For more details, see the "Removing keys" section of 766 * Documentation/filesystems/fscrypt.rst. 767 */ 768 static int do_remove_key(struct file *filp, void __user *_uarg, bool all_users) 769 { 770 struct super_block *sb = file_inode(filp)->i_sb; 771 struct fscrypt_remove_key_arg __user *uarg = _uarg; 772 struct fscrypt_remove_key_arg arg; 773 struct key *key; 774 struct fscrypt_master_key *mk; 775 u32 status_flags = 0; 776 int err; 777 bool dead; 778 779 if (copy_from_user(&arg, uarg, sizeof(arg))) 780 return -EFAULT; 781 782 if (!valid_key_spec(&arg.key_spec)) 783 return -EINVAL; 784 785 if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved))) 786 return -EINVAL; 787 788 /* 789 * Only root can add and remove keys that are identified by an arbitrary 790 * descriptor rather than by a cryptographic hash. 791 */ 792 if (arg.key_spec.type == FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR && 793 !capable(CAP_SYS_ADMIN)) 794 return -EACCES; 795 796 /* Find the key being removed. */ 797 key = fscrypt_find_master_key(sb, &arg.key_spec); 798 if (IS_ERR(key)) 799 return PTR_ERR(key); 800 mk = key->payload.data[0]; 801 802 down_write(&key->sem); 803 804 /* If relevant, remove current user's (or all users) claim to the key */ 805 if (mk->mk_users && mk->mk_users->keys.nr_leaves_on_tree != 0) { 806 if (all_users) 807 err = keyring_clear(mk->mk_users); 808 else 809 err = remove_master_key_user(mk); 810 if (err) { 811 up_write(&key->sem); 812 goto out_put_key; 813 } 814 if (mk->mk_users->keys.nr_leaves_on_tree != 0) { 815 /* 816 * Other users have still added the key too. We removed 817 * the current user's claim to the key, but we still 818 * can't remove the key itself. 819 */ 820 status_flags |= 821 FSCRYPT_KEY_REMOVAL_STATUS_FLAG_OTHER_USERS; 822 err = 0; 823 up_write(&key->sem); 824 goto out_put_key; 825 } 826 } 827 828 /* No user claims remaining. Go ahead and wipe the secret. */ 829 dead = false; 830 if (is_master_key_secret_present(&mk->mk_secret)) { 831 down_write(&mk->mk_secret_sem); 832 wipe_master_key_secret(&mk->mk_secret); 833 dead = refcount_dec_and_test(&mk->mk_refcount); 834 up_write(&mk->mk_secret_sem); 835 } 836 up_write(&key->sem); 837 if (dead) { 838 /* 839 * No inodes reference the key, and we wiped the secret, so the 840 * key object is free to be removed from the keyring. 841 */ 842 key_invalidate(key); 843 err = 0; 844 } else { 845 /* Some inodes still reference this key; try to evict them. */ 846 err = try_to_lock_encrypted_files(sb, mk); 847 if (err == -EBUSY) { 848 status_flags |= 849 FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY; 850 err = 0; 851 } 852 } 853 /* 854 * We return 0 if we successfully did something: removed a claim to the 855 * key, wiped the secret, or tried locking the files again. Users need 856 * to check the informational status flags if they care whether the key 857 * has been fully removed including all files locked. 858 */ 859 out_put_key: 860 key_put(key); 861 if (err == 0) 862 err = put_user(status_flags, &uarg->removal_status_flags); 863 return err; 864 } 865 866 int fscrypt_ioctl_remove_key(struct file *filp, void __user *uarg) 867 { 868 return do_remove_key(filp, uarg, false); 869 } 870 EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key); 871 872 int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *uarg) 873 { 874 if (!capable(CAP_SYS_ADMIN)) 875 return -EACCES; 876 return do_remove_key(filp, uarg, true); 877 } 878 EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key_all_users); 879 880 /* 881 * Retrieve the status of an fscrypt master encryption key. 882 * 883 * We set ->status to indicate whether the key is absent, present, or 884 * incompletely removed. "Incompletely removed" means that the master key 885 * secret has been removed, but some files which had been unlocked with it are 886 * still in use. This field allows applications to easily determine the state 887 * of an encrypted directory without using a hack such as trying to open a 888 * regular file in it (which can confuse the "incompletely removed" state with 889 * absent or present). 890 * 891 * In addition, for v2 policy keys we allow applications to determine, via 892 * ->status_flags and ->user_count, whether the key has been added by the 893 * current user, by other users, or by both. Most applications should not need 894 * this, since ordinarily only one user should know a given key. However, if a 895 * secret key is shared by multiple users, applications may wish to add an 896 * already-present key to prevent other users from removing it. This ioctl can 897 * be used to check whether that really is the case before the work is done to 898 * add the key --- which might e.g. require prompting the user for a passphrase. 899 * 900 * For more details, see the "FS_IOC_GET_ENCRYPTION_KEY_STATUS" section of 901 * Documentation/filesystems/fscrypt.rst. 902 */ 903 int fscrypt_ioctl_get_key_status(struct file *filp, void __user *uarg) 904 { 905 struct super_block *sb = file_inode(filp)->i_sb; 906 struct fscrypt_get_key_status_arg arg; 907 struct key *key; 908 struct fscrypt_master_key *mk; 909 int err; 910 911 if (copy_from_user(&arg, uarg, sizeof(arg))) 912 return -EFAULT; 913 914 if (!valid_key_spec(&arg.key_spec)) 915 return -EINVAL; 916 917 if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved))) 918 return -EINVAL; 919 920 arg.status_flags = 0; 921 arg.user_count = 0; 922 memset(arg.__out_reserved, 0, sizeof(arg.__out_reserved)); 923 924 key = fscrypt_find_master_key(sb, &arg.key_spec); 925 if (IS_ERR(key)) { 926 if (key != ERR_PTR(-ENOKEY)) 927 return PTR_ERR(key); 928 arg.status = FSCRYPT_KEY_STATUS_ABSENT; 929 err = 0; 930 goto out; 931 } 932 mk = key->payload.data[0]; 933 down_read(&key->sem); 934 935 if (!is_master_key_secret_present(&mk->mk_secret)) { 936 arg.status = FSCRYPT_KEY_STATUS_INCOMPLETELY_REMOVED; 937 err = 0; 938 goto out_release_key; 939 } 940 941 arg.status = FSCRYPT_KEY_STATUS_PRESENT; 942 if (mk->mk_users) { 943 struct key *mk_user; 944 945 arg.user_count = mk->mk_users->keys.nr_leaves_on_tree; 946 mk_user = find_master_key_user(mk); 947 if (!IS_ERR(mk_user)) { 948 arg.status_flags |= 949 FSCRYPT_KEY_STATUS_FLAG_ADDED_BY_SELF; 950 key_put(mk_user); 951 } else if (mk_user != ERR_PTR(-ENOKEY)) { 952 err = PTR_ERR(mk_user); 953 goto out_release_key; 954 } 955 } 956 err = 0; 957 out_release_key: 958 up_read(&key->sem); 959 key_put(key); 960 out: 961 if (!err && copy_to_user(uarg, &arg, sizeof(arg))) 962 err = -EFAULT; 963 return err; 964 } 965 EXPORT_SYMBOL_GPL(fscrypt_ioctl_get_key_status); 966 967 int __init fscrypt_init_keyring(void) 968 { 969 int err; 970 971 err = register_key_type(&key_type_fscrypt); 972 if (err) 973 return err; 974 975 err = register_key_type(&key_type_fscrypt_user); 976 if (err) 977 goto err_unregister_fscrypt; 978 979 return 0; 980 981 err_unregister_fscrypt: 982 unregister_key_type(&key_type_fscrypt); 983 return err; 984 } 985