xref: /openbmc/linux/fs/crypto/keyring.c (revision 9b2433a9)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Filesystem-level keyring for fscrypt
4  *
5  * Copyright 2019 Google LLC
6  */
7 
8 /*
9  * This file implements management of fscrypt master keys in the
10  * filesystem-level keyring, including the ioctls:
11  *
12  * - FS_IOC_ADD_ENCRYPTION_KEY
13  * - FS_IOC_REMOVE_ENCRYPTION_KEY
14  * - FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS
15  * - FS_IOC_GET_ENCRYPTION_KEY_STATUS
16  *
17  * See the "User API" section of Documentation/filesystems/fscrypt.rst for more
18  * information about these ioctls.
19  */
20 
21 #include <crypto/skcipher.h>
22 #include <linux/key-type.h>
23 #include <linux/seq_file.h>
24 
25 #include "fscrypt_private.h"
26 
27 static void wipe_master_key_secret(struct fscrypt_master_key_secret *secret)
28 {
29 	fscrypt_destroy_hkdf(&secret->hkdf);
30 	memzero_explicit(secret, sizeof(*secret));
31 }
32 
33 static void move_master_key_secret(struct fscrypt_master_key_secret *dst,
34 				   struct fscrypt_master_key_secret *src)
35 {
36 	memcpy(dst, src, sizeof(*dst));
37 	memzero_explicit(src, sizeof(*src));
38 }
39 
40 static void free_master_key(struct fscrypt_master_key *mk)
41 {
42 	size_t i;
43 
44 	wipe_master_key_secret(&mk->mk_secret);
45 
46 	for (i = 0; i <= __FSCRYPT_MODE_MAX; i++) {
47 		crypto_free_skcipher(mk->mk_direct_tfms[i]);
48 		crypto_free_skcipher(mk->mk_iv_ino_lblk_64_tfms[i]);
49 	}
50 
51 	key_put(mk->mk_users);
52 	kzfree(mk);
53 }
54 
55 static inline bool valid_key_spec(const struct fscrypt_key_specifier *spec)
56 {
57 	if (spec->__reserved)
58 		return false;
59 	return master_key_spec_len(spec) != 0;
60 }
61 
62 static int fscrypt_key_instantiate(struct key *key,
63 				   struct key_preparsed_payload *prep)
64 {
65 	key->payload.data[0] = (struct fscrypt_master_key *)prep->data;
66 	return 0;
67 }
68 
69 static void fscrypt_key_destroy(struct key *key)
70 {
71 	free_master_key(key->payload.data[0]);
72 }
73 
74 static void fscrypt_key_describe(const struct key *key, struct seq_file *m)
75 {
76 	seq_puts(m, key->description);
77 
78 	if (key_is_positive(key)) {
79 		const struct fscrypt_master_key *mk = key->payload.data[0];
80 
81 		if (!is_master_key_secret_present(&mk->mk_secret))
82 			seq_puts(m, ": secret removed");
83 	}
84 }
85 
86 /*
87  * Type of key in ->s_master_keys.  Each key of this type represents a master
88  * key which has been added to the filesystem.  Its payload is a
89  * 'struct fscrypt_master_key'.  The "." prefix in the key type name prevents
90  * users from adding keys of this type via the keyrings syscalls rather than via
91  * the intended method of FS_IOC_ADD_ENCRYPTION_KEY.
92  */
93 static struct key_type key_type_fscrypt = {
94 	.name			= "._fscrypt",
95 	.instantiate		= fscrypt_key_instantiate,
96 	.destroy		= fscrypt_key_destroy,
97 	.describe		= fscrypt_key_describe,
98 };
99 
100 static int fscrypt_user_key_instantiate(struct key *key,
101 					struct key_preparsed_payload *prep)
102 {
103 	/*
104 	 * We just charge FSCRYPT_MAX_KEY_SIZE bytes to the user's key quota for
105 	 * each key, regardless of the exact key size.  The amount of memory
106 	 * actually used is greater than the size of the raw key anyway.
107 	 */
108 	return key_payload_reserve(key, FSCRYPT_MAX_KEY_SIZE);
109 }
110 
111 static void fscrypt_user_key_describe(const struct key *key, struct seq_file *m)
112 {
113 	seq_puts(m, key->description);
114 }
115 
116 /*
117  * Type of key in ->mk_users.  Each key of this type represents a particular
118  * user who has added a particular master key.
119  *
120  * Note that the name of this key type really should be something like
121  * ".fscrypt-user" instead of simply ".fscrypt".  But the shorter name is chosen
122  * mainly for simplicity of presentation in /proc/keys when read by a non-root
123  * user.  And it is expected to be rare that a key is actually added by multiple
124  * users, since users should keep their encryption keys confidential.
125  */
126 static struct key_type key_type_fscrypt_user = {
127 	.name			= ".fscrypt",
128 	.instantiate		= fscrypt_user_key_instantiate,
129 	.describe		= fscrypt_user_key_describe,
130 };
131 
132 /* Search ->s_master_keys or ->mk_users */
133 static struct key *search_fscrypt_keyring(struct key *keyring,
134 					  struct key_type *type,
135 					  const char *description)
136 {
137 	/*
138 	 * We need to mark the keyring reference as "possessed" so that we
139 	 * acquire permission to search it, via the KEY_POS_SEARCH permission.
140 	 */
141 	key_ref_t keyref = make_key_ref(keyring, true /* possessed */);
142 
143 	keyref = keyring_search(keyref, type, description, false);
144 	if (IS_ERR(keyref)) {
145 		if (PTR_ERR(keyref) == -EAGAIN || /* not found */
146 		    PTR_ERR(keyref) == -EKEYREVOKED) /* recently invalidated */
147 			keyref = ERR_PTR(-ENOKEY);
148 		return ERR_CAST(keyref);
149 	}
150 	return key_ref_to_ptr(keyref);
151 }
152 
153 #define FSCRYPT_FS_KEYRING_DESCRIPTION_SIZE	\
154 	(CONST_STRLEN("fscrypt-") + FIELD_SIZEOF(struct super_block, s_id))
155 
156 #define FSCRYPT_MK_DESCRIPTION_SIZE	(2 * FSCRYPT_KEY_IDENTIFIER_SIZE + 1)
157 
158 #define FSCRYPT_MK_USERS_DESCRIPTION_SIZE	\
159 	(CONST_STRLEN("fscrypt-") + 2 * FSCRYPT_KEY_IDENTIFIER_SIZE + \
160 	 CONST_STRLEN("-users") + 1)
161 
162 #define FSCRYPT_MK_USER_DESCRIPTION_SIZE	\
163 	(2 * FSCRYPT_KEY_IDENTIFIER_SIZE + CONST_STRLEN(".uid.") + 10 + 1)
164 
165 static void format_fs_keyring_description(
166 			char description[FSCRYPT_FS_KEYRING_DESCRIPTION_SIZE],
167 			const struct super_block *sb)
168 {
169 	sprintf(description, "fscrypt-%s", sb->s_id);
170 }
171 
172 static void format_mk_description(
173 			char description[FSCRYPT_MK_DESCRIPTION_SIZE],
174 			const struct fscrypt_key_specifier *mk_spec)
175 {
176 	sprintf(description, "%*phN",
177 		master_key_spec_len(mk_spec), (u8 *)&mk_spec->u);
178 }
179 
180 static void format_mk_users_keyring_description(
181 			char description[FSCRYPT_MK_USERS_DESCRIPTION_SIZE],
182 			const u8 mk_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE])
183 {
184 	sprintf(description, "fscrypt-%*phN-users",
185 		FSCRYPT_KEY_IDENTIFIER_SIZE, mk_identifier);
186 }
187 
188 static void format_mk_user_description(
189 			char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE],
190 			const u8 mk_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE])
191 {
192 
193 	sprintf(description, "%*phN.uid.%u", FSCRYPT_KEY_IDENTIFIER_SIZE,
194 		mk_identifier, __kuid_val(current_fsuid()));
195 }
196 
197 /* Create ->s_master_keys if needed.  Synchronized by fscrypt_add_key_mutex. */
198 static int allocate_filesystem_keyring(struct super_block *sb)
199 {
200 	char description[FSCRYPT_FS_KEYRING_DESCRIPTION_SIZE];
201 	struct key *keyring;
202 
203 	if (sb->s_master_keys)
204 		return 0;
205 
206 	format_fs_keyring_description(description, sb);
207 	keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
208 				current_cred(), KEY_POS_SEARCH |
209 				  KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW,
210 				KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
211 	if (IS_ERR(keyring))
212 		return PTR_ERR(keyring);
213 
214 	/* Pairs with READ_ONCE() in fscrypt_find_master_key() */
215 	smp_store_release(&sb->s_master_keys, keyring);
216 	return 0;
217 }
218 
219 void fscrypt_sb_free(struct super_block *sb)
220 {
221 	key_put(sb->s_master_keys);
222 	sb->s_master_keys = NULL;
223 }
224 
225 /*
226  * Find the specified master key in ->s_master_keys.
227  * Returns ERR_PTR(-ENOKEY) if not found.
228  */
229 struct key *fscrypt_find_master_key(struct super_block *sb,
230 				    const struct fscrypt_key_specifier *mk_spec)
231 {
232 	struct key *keyring;
233 	char description[FSCRYPT_MK_DESCRIPTION_SIZE];
234 
235 	/* pairs with smp_store_release() in allocate_filesystem_keyring() */
236 	keyring = READ_ONCE(sb->s_master_keys);
237 	if (keyring == NULL)
238 		return ERR_PTR(-ENOKEY); /* No keyring yet, so no keys yet. */
239 
240 	format_mk_description(description, mk_spec);
241 	return search_fscrypt_keyring(keyring, &key_type_fscrypt, description);
242 }
243 
244 static int allocate_master_key_users_keyring(struct fscrypt_master_key *mk)
245 {
246 	char description[FSCRYPT_MK_USERS_DESCRIPTION_SIZE];
247 	struct key *keyring;
248 
249 	format_mk_users_keyring_description(description,
250 					    mk->mk_spec.u.identifier);
251 	keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
252 				current_cred(), KEY_POS_SEARCH |
253 				  KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW,
254 				KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
255 	if (IS_ERR(keyring))
256 		return PTR_ERR(keyring);
257 
258 	mk->mk_users = keyring;
259 	return 0;
260 }
261 
262 /*
263  * Find the current user's "key" in the master key's ->mk_users.
264  * Returns ERR_PTR(-ENOKEY) if not found.
265  */
266 static struct key *find_master_key_user(struct fscrypt_master_key *mk)
267 {
268 	char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE];
269 
270 	format_mk_user_description(description, mk->mk_spec.u.identifier);
271 	return search_fscrypt_keyring(mk->mk_users, &key_type_fscrypt_user,
272 				      description);
273 }
274 
275 /*
276  * Give the current user a "key" in ->mk_users.  This charges the user's quota
277  * and marks the master key as added by the current user, so that it cannot be
278  * removed by another user with the key.  Either the master key's key->sem must
279  * be held for write, or the master key must be still undergoing initialization.
280  */
281 static int add_master_key_user(struct fscrypt_master_key *mk)
282 {
283 	char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE];
284 	struct key *mk_user;
285 	int err;
286 
287 	format_mk_user_description(description, mk->mk_spec.u.identifier);
288 	mk_user = key_alloc(&key_type_fscrypt_user, description,
289 			    current_fsuid(), current_gid(), current_cred(),
290 			    KEY_POS_SEARCH | KEY_USR_VIEW, 0, NULL);
291 	if (IS_ERR(mk_user))
292 		return PTR_ERR(mk_user);
293 
294 	err = key_instantiate_and_link(mk_user, NULL, 0, mk->mk_users, NULL);
295 	key_put(mk_user);
296 	return err;
297 }
298 
299 /*
300  * Remove the current user's "key" from ->mk_users.
301  * The master key's key->sem must be held for write.
302  *
303  * Returns 0 if removed, -ENOKEY if not found, or another -errno code.
304  */
305 static int remove_master_key_user(struct fscrypt_master_key *mk)
306 {
307 	struct key *mk_user;
308 	int err;
309 
310 	mk_user = find_master_key_user(mk);
311 	if (IS_ERR(mk_user))
312 		return PTR_ERR(mk_user);
313 	err = key_unlink(mk->mk_users, mk_user);
314 	key_put(mk_user);
315 	return err;
316 }
317 
318 /*
319  * Allocate a new fscrypt_master_key which contains the given secret, set it as
320  * the payload of a new 'struct key' of type fscrypt, and link the 'struct key'
321  * into the given keyring.  Synchronized by fscrypt_add_key_mutex.
322  */
323 static int add_new_master_key(struct fscrypt_master_key_secret *secret,
324 			      const struct fscrypt_key_specifier *mk_spec,
325 			      struct key *keyring)
326 {
327 	struct fscrypt_master_key *mk;
328 	char description[FSCRYPT_MK_DESCRIPTION_SIZE];
329 	struct key *key;
330 	int err;
331 
332 	mk = kzalloc(sizeof(*mk), GFP_KERNEL);
333 	if (!mk)
334 		return -ENOMEM;
335 
336 	mk->mk_spec = *mk_spec;
337 
338 	move_master_key_secret(&mk->mk_secret, secret);
339 	init_rwsem(&mk->mk_secret_sem);
340 
341 	refcount_set(&mk->mk_refcount, 1); /* secret is present */
342 	INIT_LIST_HEAD(&mk->mk_decrypted_inodes);
343 	spin_lock_init(&mk->mk_decrypted_inodes_lock);
344 
345 	if (mk_spec->type == FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER) {
346 		err = allocate_master_key_users_keyring(mk);
347 		if (err)
348 			goto out_free_mk;
349 		err = add_master_key_user(mk);
350 		if (err)
351 			goto out_free_mk;
352 	}
353 
354 	/*
355 	 * Note that we don't charge this key to anyone's quota, since when
356 	 * ->mk_users is in use those keys are charged instead, and otherwise
357 	 * (when ->mk_users isn't in use) only root can add these keys.
358 	 */
359 	format_mk_description(description, mk_spec);
360 	key = key_alloc(&key_type_fscrypt, description,
361 			GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
362 			KEY_POS_SEARCH | KEY_USR_SEARCH | KEY_USR_VIEW,
363 			KEY_ALLOC_NOT_IN_QUOTA, NULL);
364 	if (IS_ERR(key)) {
365 		err = PTR_ERR(key);
366 		goto out_free_mk;
367 	}
368 	err = key_instantiate_and_link(key, mk, sizeof(*mk), keyring, NULL);
369 	key_put(key);
370 	if (err)
371 		goto out_free_mk;
372 
373 	return 0;
374 
375 out_free_mk:
376 	free_master_key(mk);
377 	return err;
378 }
379 
380 #define KEY_DEAD	1
381 
382 static int add_existing_master_key(struct fscrypt_master_key *mk,
383 				   struct fscrypt_master_key_secret *secret)
384 {
385 	struct key *mk_user;
386 	bool rekey;
387 	int err;
388 
389 	/*
390 	 * If the current user is already in ->mk_users, then there's nothing to
391 	 * do.  (Not applicable for v1 policy keys, which have NULL ->mk_users.)
392 	 */
393 	if (mk->mk_users) {
394 		mk_user = find_master_key_user(mk);
395 		if (mk_user != ERR_PTR(-ENOKEY)) {
396 			if (IS_ERR(mk_user))
397 				return PTR_ERR(mk_user);
398 			key_put(mk_user);
399 			return 0;
400 		}
401 	}
402 
403 	/* If we'll be re-adding ->mk_secret, try to take the reference. */
404 	rekey = !is_master_key_secret_present(&mk->mk_secret);
405 	if (rekey && !refcount_inc_not_zero(&mk->mk_refcount))
406 		return KEY_DEAD;
407 
408 	/* Add the current user to ->mk_users, if applicable. */
409 	if (mk->mk_users) {
410 		err = add_master_key_user(mk);
411 		if (err) {
412 			if (rekey && refcount_dec_and_test(&mk->mk_refcount))
413 				return KEY_DEAD;
414 			return err;
415 		}
416 	}
417 
418 	/* Re-add the secret if needed. */
419 	if (rekey) {
420 		down_write(&mk->mk_secret_sem);
421 		move_master_key_secret(&mk->mk_secret, secret);
422 		up_write(&mk->mk_secret_sem);
423 	}
424 	return 0;
425 }
426 
427 static int add_master_key(struct super_block *sb,
428 			  struct fscrypt_master_key_secret *secret,
429 			  const struct fscrypt_key_specifier *mk_spec)
430 {
431 	static DEFINE_MUTEX(fscrypt_add_key_mutex);
432 	struct key *key;
433 	int err;
434 
435 	mutex_lock(&fscrypt_add_key_mutex); /* serialize find + link */
436 retry:
437 	key = fscrypt_find_master_key(sb, mk_spec);
438 	if (IS_ERR(key)) {
439 		err = PTR_ERR(key);
440 		if (err != -ENOKEY)
441 			goto out_unlock;
442 		/* Didn't find the key in ->s_master_keys.  Add it. */
443 		err = allocate_filesystem_keyring(sb);
444 		if (err)
445 			goto out_unlock;
446 		err = add_new_master_key(secret, mk_spec, sb->s_master_keys);
447 	} else {
448 		/*
449 		 * Found the key in ->s_master_keys.  Re-add the secret if
450 		 * needed, and add the user to ->mk_users if needed.
451 		 */
452 		down_write(&key->sem);
453 		err = add_existing_master_key(key->payload.data[0], secret);
454 		up_write(&key->sem);
455 		if (err == KEY_DEAD) {
456 			/* Key being removed or needs to be removed */
457 			key_invalidate(key);
458 			key_put(key);
459 			goto retry;
460 		}
461 		key_put(key);
462 	}
463 out_unlock:
464 	mutex_unlock(&fscrypt_add_key_mutex);
465 	return err;
466 }
467 
468 /*
469  * Add a master encryption key to the filesystem, causing all files which were
470  * encrypted with it to appear "unlocked" (decrypted) when accessed.
471  *
472  * When adding a key for use by v1 encryption policies, this ioctl is
473  * privileged, and userspace must provide the 'key_descriptor'.
474  *
475  * When adding a key for use by v2+ encryption policies, this ioctl is
476  * unprivileged.  This is needed, in general, to allow non-root users to use
477  * encryption without encountering the visibility problems of process-subscribed
478  * keyrings and the inability to properly remove keys.  This works by having
479  * each key identified by its cryptographically secure hash --- the
480  * 'key_identifier'.  The cryptographic hash ensures that a malicious user
481  * cannot add the wrong key for a given identifier.  Furthermore, each added key
482  * is charged to the appropriate user's quota for the keyrings service, which
483  * prevents a malicious user from adding too many keys.  Finally, we forbid a
484  * user from removing a key while other users have added it too, which prevents
485  * a user who knows another user's key from causing a denial-of-service by
486  * removing it at an inopportune time.  (We tolerate that a user who knows a key
487  * can prevent other users from removing it.)
488  *
489  * For more details, see the "FS_IOC_ADD_ENCRYPTION_KEY" section of
490  * Documentation/filesystems/fscrypt.rst.
491  */
492 int fscrypt_ioctl_add_key(struct file *filp, void __user *_uarg)
493 {
494 	struct super_block *sb = file_inode(filp)->i_sb;
495 	struct fscrypt_add_key_arg __user *uarg = _uarg;
496 	struct fscrypt_add_key_arg arg;
497 	struct fscrypt_master_key_secret secret;
498 	int err;
499 
500 	if (copy_from_user(&arg, uarg, sizeof(arg)))
501 		return -EFAULT;
502 
503 	if (!valid_key_spec(&arg.key_spec))
504 		return -EINVAL;
505 
506 	if (arg.raw_size < FSCRYPT_MIN_KEY_SIZE ||
507 	    arg.raw_size > FSCRYPT_MAX_KEY_SIZE)
508 		return -EINVAL;
509 
510 	if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved)))
511 		return -EINVAL;
512 
513 	memset(&secret, 0, sizeof(secret));
514 	secret.size = arg.raw_size;
515 	err = -EFAULT;
516 	if (copy_from_user(secret.raw, uarg->raw, secret.size))
517 		goto out_wipe_secret;
518 
519 	switch (arg.key_spec.type) {
520 	case FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR:
521 		/*
522 		 * Only root can add keys that are identified by an arbitrary
523 		 * descriptor rather than by a cryptographic hash --- since
524 		 * otherwise a malicious user could add the wrong key.
525 		 */
526 		err = -EACCES;
527 		if (!capable(CAP_SYS_ADMIN))
528 			goto out_wipe_secret;
529 		break;
530 	case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER:
531 		err = fscrypt_init_hkdf(&secret.hkdf, secret.raw, secret.size);
532 		if (err)
533 			goto out_wipe_secret;
534 
535 		/*
536 		 * Now that the HKDF context is initialized, the raw key is no
537 		 * longer needed.
538 		 */
539 		memzero_explicit(secret.raw, secret.size);
540 
541 		/* Calculate the key identifier and return it to userspace. */
542 		err = fscrypt_hkdf_expand(&secret.hkdf,
543 					  HKDF_CONTEXT_KEY_IDENTIFIER,
544 					  NULL, 0, arg.key_spec.u.identifier,
545 					  FSCRYPT_KEY_IDENTIFIER_SIZE);
546 		if (err)
547 			goto out_wipe_secret;
548 		err = -EFAULT;
549 		if (copy_to_user(uarg->key_spec.u.identifier,
550 				 arg.key_spec.u.identifier,
551 				 FSCRYPT_KEY_IDENTIFIER_SIZE))
552 			goto out_wipe_secret;
553 		break;
554 	default:
555 		WARN_ON(1);
556 		err = -EINVAL;
557 		goto out_wipe_secret;
558 	}
559 
560 	err = add_master_key(sb, &secret, &arg.key_spec);
561 out_wipe_secret:
562 	wipe_master_key_secret(&secret);
563 	return err;
564 }
565 EXPORT_SYMBOL_GPL(fscrypt_ioctl_add_key);
566 
567 /*
568  * Verify that the current user has added a master key with the given identifier
569  * (returns -ENOKEY if not).  This is needed to prevent a user from encrypting
570  * their files using some other user's key which they don't actually know.
571  * Cryptographically this isn't much of a problem, but the semantics of this
572  * would be a bit weird, so it's best to just forbid it.
573  *
574  * The system administrator (CAP_FOWNER) can override this, which should be
575  * enough for any use cases where encryption policies are being set using keys
576  * that were chosen ahead of time but aren't available at the moment.
577  *
578  * Note that the key may have already removed by the time this returns, but
579  * that's okay; we just care whether the key was there at some point.
580  *
581  * Return: 0 if the key is added, -ENOKEY if it isn't, or another -errno code
582  */
583 int fscrypt_verify_key_added(struct super_block *sb,
584 			     const u8 identifier[FSCRYPT_KEY_IDENTIFIER_SIZE])
585 {
586 	struct fscrypt_key_specifier mk_spec;
587 	struct key *key, *mk_user;
588 	struct fscrypt_master_key *mk;
589 	int err;
590 
591 	mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER;
592 	memcpy(mk_spec.u.identifier, identifier, FSCRYPT_KEY_IDENTIFIER_SIZE);
593 
594 	key = fscrypt_find_master_key(sb, &mk_spec);
595 	if (IS_ERR(key)) {
596 		err = PTR_ERR(key);
597 		goto out;
598 	}
599 	mk = key->payload.data[0];
600 	mk_user = find_master_key_user(mk);
601 	if (IS_ERR(mk_user)) {
602 		err = PTR_ERR(mk_user);
603 	} else {
604 		key_put(mk_user);
605 		err = 0;
606 	}
607 	key_put(key);
608 out:
609 	if (err == -ENOKEY && capable(CAP_FOWNER))
610 		err = 0;
611 	return err;
612 }
613 
614 /*
615  * Try to evict the inode's dentries from the dentry cache.  If the inode is a
616  * directory, then it can have at most one dentry; however, that dentry may be
617  * pinned by child dentries, so first try to evict the children too.
618  */
619 static void shrink_dcache_inode(struct inode *inode)
620 {
621 	struct dentry *dentry;
622 
623 	if (S_ISDIR(inode->i_mode)) {
624 		dentry = d_find_any_alias(inode);
625 		if (dentry) {
626 			shrink_dcache_parent(dentry);
627 			dput(dentry);
628 		}
629 	}
630 	d_prune_aliases(inode);
631 }
632 
633 static void evict_dentries_for_decrypted_inodes(struct fscrypt_master_key *mk)
634 {
635 	struct fscrypt_info *ci;
636 	struct inode *inode;
637 	struct inode *toput_inode = NULL;
638 
639 	spin_lock(&mk->mk_decrypted_inodes_lock);
640 
641 	list_for_each_entry(ci, &mk->mk_decrypted_inodes, ci_master_key_link) {
642 		inode = ci->ci_inode;
643 		spin_lock(&inode->i_lock);
644 		if (inode->i_state & (I_FREEING | I_WILL_FREE | I_NEW)) {
645 			spin_unlock(&inode->i_lock);
646 			continue;
647 		}
648 		__iget(inode);
649 		spin_unlock(&inode->i_lock);
650 		spin_unlock(&mk->mk_decrypted_inodes_lock);
651 
652 		shrink_dcache_inode(inode);
653 		iput(toput_inode);
654 		toput_inode = inode;
655 
656 		spin_lock(&mk->mk_decrypted_inodes_lock);
657 	}
658 
659 	spin_unlock(&mk->mk_decrypted_inodes_lock);
660 	iput(toput_inode);
661 }
662 
663 static int check_for_busy_inodes(struct super_block *sb,
664 				 struct fscrypt_master_key *mk)
665 {
666 	struct list_head *pos;
667 	size_t busy_count = 0;
668 	unsigned long ino;
669 	struct dentry *dentry;
670 	char _path[256];
671 	char *path = NULL;
672 
673 	spin_lock(&mk->mk_decrypted_inodes_lock);
674 
675 	list_for_each(pos, &mk->mk_decrypted_inodes)
676 		busy_count++;
677 
678 	if (busy_count == 0) {
679 		spin_unlock(&mk->mk_decrypted_inodes_lock);
680 		return 0;
681 	}
682 
683 	{
684 		/* select an example file to show for debugging purposes */
685 		struct inode *inode =
686 			list_first_entry(&mk->mk_decrypted_inodes,
687 					 struct fscrypt_info,
688 					 ci_master_key_link)->ci_inode;
689 		ino = inode->i_ino;
690 		dentry = d_find_alias(inode);
691 	}
692 	spin_unlock(&mk->mk_decrypted_inodes_lock);
693 
694 	if (dentry) {
695 		path = dentry_path(dentry, _path, sizeof(_path));
696 		dput(dentry);
697 	}
698 	if (IS_ERR_OR_NULL(path))
699 		path = "(unknown)";
700 
701 	fscrypt_warn(NULL,
702 		     "%s: %zu inode(s) still busy after removing key with %s %*phN, including ino %lu (%s)",
703 		     sb->s_id, busy_count, master_key_spec_type(&mk->mk_spec),
704 		     master_key_spec_len(&mk->mk_spec), (u8 *)&mk->mk_spec.u,
705 		     ino, path);
706 	return -EBUSY;
707 }
708 
709 static int try_to_lock_encrypted_files(struct super_block *sb,
710 				       struct fscrypt_master_key *mk)
711 {
712 	int err1;
713 	int err2;
714 
715 	/*
716 	 * An inode can't be evicted while it is dirty or has dirty pages.
717 	 * Thus, we first have to clean the inodes in ->mk_decrypted_inodes.
718 	 *
719 	 * Just do it the easy way: call sync_filesystem().  It's overkill, but
720 	 * it works, and it's more important to minimize the amount of caches we
721 	 * drop than the amount of data we sync.  Also, unprivileged users can
722 	 * already call sync_filesystem() via sys_syncfs() or sys_sync().
723 	 */
724 	down_read(&sb->s_umount);
725 	err1 = sync_filesystem(sb);
726 	up_read(&sb->s_umount);
727 	/* If a sync error occurs, still try to evict as much as possible. */
728 
729 	/*
730 	 * Inodes are pinned by their dentries, so we have to evict their
731 	 * dentries.  shrink_dcache_sb() would suffice, but would be overkill
732 	 * and inappropriate for use by unprivileged users.  So instead go
733 	 * through the inodes' alias lists and try to evict each dentry.
734 	 */
735 	evict_dentries_for_decrypted_inodes(mk);
736 
737 	/*
738 	 * evict_dentries_for_decrypted_inodes() already iput() each inode in
739 	 * the list; any inodes for which that dropped the last reference will
740 	 * have been evicted due to fscrypt_drop_inode() detecting the key
741 	 * removal and telling the VFS to evict the inode.  So to finish, we
742 	 * just need to check whether any inodes couldn't be evicted.
743 	 */
744 	err2 = check_for_busy_inodes(sb, mk);
745 
746 	return err1 ?: err2;
747 }
748 
749 /*
750  * Try to remove an fscrypt master encryption key.
751  *
752  * FS_IOC_REMOVE_ENCRYPTION_KEY (all_users=false) removes the current user's
753  * claim to the key, then removes the key itself if no other users have claims.
754  * FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS (all_users=true) always removes the
755  * key itself.
756  *
757  * To "remove the key itself", first we wipe the actual master key secret, so
758  * that no more inodes can be unlocked with it.  Then we try to evict all cached
759  * inodes that had been unlocked with the key.
760  *
761  * If all inodes were evicted, then we unlink the fscrypt_master_key from the
762  * keyring.  Otherwise it remains in the keyring in the "incompletely removed"
763  * state (without the actual secret key) where it tracks the list of remaining
764  * inodes.  Userspace can execute the ioctl again later to retry eviction, or
765  * alternatively can re-add the secret key again.
766  *
767  * For more details, see the "Removing keys" section of
768  * Documentation/filesystems/fscrypt.rst.
769  */
770 static int do_remove_key(struct file *filp, void __user *_uarg, bool all_users)
771 {
772 	struct super_block *sb = file_inode(filp)->i_sb;
773 	struct fscrypt_remove_key_arg __user *uarg = _uarg;
774 	struct fscrypt_remove_key_arg arg;
775 	struct key *key;
776 	struct fscrypt_master_key *mk;
777 	u32 status_flags = 0;
778 	int err;
779 	bool dead;
780 
781 	if (copy_from_user(&arg, uarg, sizeof(arg)))
782 		return -EFAULT;
783 
784 	if (!valid_key_spec(&arg.key_spec))
785 		return -EINVAL;
786 
787 	if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved)))
788 		return -EINVAL;
789 
790 	/*
791 	 * Only root can add and remove keys that are identified by an arbitrary
792 	 * descriptor rather than by a cryptographic hash.
793 	 */
794 	if (arg.key_spec.type == FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR &&
795 	    !capable(CAP_SYS_ADMIN))
796 		return -EACCES;
797 
798 	/* Find the key being removed. */
799 	key = fscrypt_find_master_key(sb, &arg.key_spec);
800 	if (IS_ERR(key))
801 		return PTR_ERR(key);
802 	mk = key->payload.data[0];
803 
804 	down_write(&key->sem);
805 
806 	/* If relevant, remove current user's (or all users) claim to the key */
807 	if (mk->mk_users && mk->mk_users->keys.nr_leaves_on_tree != 0) {
808 		if (all_users)
809 			err = keyring_clear(mk->mk_users);
810 		else
811 			err = remove_master_key_user(mk);
812 		if (err) {
813 			up_write(&key->sem);
814 			goto out_put_key;
815 		}
816 		if (mk->mk_users->keys.nr_leaves_on_tree != 0) {
817 			/*
818 			 * Other users have still added the key too.  We removed
819 			 * the current user's claim to the key, but we still
820 			 * can't remove the key itself.
821 			 */
822 			status_flags |=
823 				FSCRYPT_KEY_REMOVAL_STATUS_FLAG_OTHER_USERS;
824 			err = 0;
825 			up_write(&key->sem);
826 			goto out_put_key;
827 		}
828 	}
829 
830 	/* No user claims remaining.  Go ahead and wipe the secret. */
831 	dead = false;
832 	if (is_master_key_secret_present(&mk->mk_secret)) {
833 		down_write(&mk->mk_secret_sem);
834 		wipe_master_key_secret(&mk->mk_secret);
835 		dead = refcount_dec_and_test(&mk->mk_refcount);
836 		up_write(&mk->mk_secret_sem);
837 	}
838 	up_write(&key->sem);
839 	if (dead) {
840 		/*
841 		 * No inodes reference the key, and we wiped the secret, so the
842 		 * key object is free to be removed from the keyring.
843 		 */
844 		key_invalidate(key);
845 		err = 0;
846 	} else {
847 		/* Some inodes still reference this key; try to evict them. */
848 		err = try_to_lock_encrypted_files(sb, mk);
849 		if (err == -EBUSY) {
850 			status_flags |=
851 				FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY;
852 			err = 0;
853 		}
854 	}
855 	/*
856 	 * We return 0 if we successfully did something: removed a claim to the
857 	 * key, wiped the secret, or tried locking the files again.  Users need
858 	 * to check the informational status flags if they care whether the key
859 	 * has been fully removed including all files locked.
860 	 */
861 out_put_key:
862 	key_put(key);
863 	if (err == 0)
864 		err = put_user(status_flags, &uarg->removal_status_flags);
865 	return err;
866 }
867 
868 int fscrypt_ioctl_remove_key(struct file *filp, void __user *uarg)
869 {
870 	return do_remove_key(filp, uarg, false);
871 }
872 EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key);
873 
874 int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *uarg)
875 {
876 	if (!capable(CAP_SYS_ADMIN))
877 		return -EACCES;
878 	return do_remove_key(filp, uarg, true);
879 }
880 EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key_all_users);
881 
882 /*
883  * Retrieve the status of an fscrypt master encryption key.
884  *
885  * We set ->status to indicate whether the key is absent, present, or
886  * incompletely removed.  "Incompletely removed" means that the master key
887  * secret has been removed, but some files which had been unlocked with it are
888  * still in use.  This field allows applications to easily determine the state
889  * of an encrypted directory without using a hack such as trying to open a
890  * regular file in it (which can confuse the "incompletely removed" state with
891  * absent or present).
892  *
893  * In addition, for v2 policy keys we allow applications to determine, via
894  * ->status_flags and ->user_count, whether the key has been added by the
895  * current user, by other users, or by both.  Most applications should not need
896  * this, since ordinarily only one user should know a given key.  However, if a
897  * secret key is shared by multiple users, applications may wish to add an
898  * already-present key to prevent other users from removing it.  This ioctl can
899  * be used to check whether that really is the case before the work is done to
900  * add the key --- which might e.g. require prompting the user for a passphrase.
901  *
902  * For more details, see the "FS_IOC_GET_ENCRYPTION_KEY_STATUS" section of
903  * Documentation/filesystems/fscrypt.rst.
904  */
905 int fscrypt_ioctl_get_key_status(struct file *filp, void __user *uarg)
906 {
907 	struct super_block *sb = file_inode(filp)->i_sb;
908 	struct fscrypt_get_key_status_arg arg;
909 	struct key *key;
910 	struct fscrypt_master_key *mk;
911 	int err;
912 
913 	if (copy_from_user(&arg, uarg, sizeof(arg)))
914 		return -EFAULT;
915 
916 	if (!valid_key_spec(&arg.key_spec))
917 		return -EINVAL;
918 
919 	if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved)))
920 		return -EINVAL;
921 
922 	arg.status_flags = 0;
923 	arg.user_count = 0;
924 	memset(arg.__out_reserved, 0, sizeof(arg.__out_reserved));
925 
926 	key = fscrypt_find_master_key(sb, &arg.key_spec);
927 	if (IS_ERR(key)) {
928 		if (key != ERR_PTR(-ENOKEY))
929 			return PTR_ERR(key);
930 		arg.status = FSCRYPT_KEY_STATUS_ABSENT;
931 		err = 0;
932 		goto out;
933 	}
934 	mk = key->payload.data[0];
935 	down_read(&key->sem);
936 
937 	if (!is_master_key_secret_present(&mk->mk_secret)) {
938 		arg.status = FSCRYPT_KEY_STATUS_INCOMPLETELY_REMOVED;
939 		err = 0;
940 		goto out_release_key;
941 	}
942 
943 	arg.status = FSCRYPT_KEY_STATUS_PRESENT;
944 	if (mk->mk_users) {
945 		struct key *mk_user;
946 
947 		arg.user_count = mk->mk_users->keys.nr_leaves_on_tree;
948 		mk_user = find_master_key_user(mk);
949 		if (!IS_ERR(mk_user)) {
950 			arg.status_flags |=
951 				FSCRYPT_KEY_STATUS_FLAG_ADDED_BY_SELF;
952 			key_put(mk_user);
953 		} else if (mk_user != ERR_PTR(-ENOKEY)) {
954 			err = PTR_ERR(mk_user);
955 			goto out_release_key;
956 		}
957 	}
958 	err = 0;
959 out_release_key:
960 	up_read(&key->sem);
961 	key_put(key);
962 out:
963 	if (!err && copy_to_user(uarg, &arg, sizeof(arg)))
964 		err = -EFAULT;
965 	return err;
966 }
967 EXPORT_SYMBOL_GPL(fscrypt_ioctl_get_key_status);
968 
969 int __init fscrypt_init_keyring(void)
970 {
971 	int err;
972 
973 	err = register_key_type(&key_type_fscrypt);
974 	if (err)
975 		return err;
976 
977 	err = register_key_type(&key_type_fscrypt_user);
978 	if (err)
979 		goto err_unregister_fscrypt;
980 
981 	return 0;
982 
983 err_unregister_fscrypt:
984 	unregister_key_type(&key_type_fscrypt);
985 	return err;
986 }
987