xref: /openbmc/linux/fs/crypto/keyring.c (revision f8e17c17)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Filesystem-level keyring for fscrypt
4  *
5  * Copyright 2019 Google LLC
6  */
7 
8 /*
9  * This file implements management of fscrypt master keys in the
10  * filesystem-level keyring, including the ioctls:
11  *
12  * - FS_IOC_ADD_ENCRYPTION_KEY
13  * - FS_IOC_REMOVE_ENCRYPTION_KEY
14  * - FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS
15  * - FS_IOC_GET_ENCRYPTION_KEY_STATUS
16  *
17  * See the "User API" section of Documentation/filesystems/fscrypt.rst for more
18  * information about these ioctls.
19  */
20 
21 #include <crypto/skcipher.h>
22 #include <linux/key-type.h>
23 #include <linux/seq_file.h>
24 
25 #include "fscrypt_private.h"
26 
27 static void wipe_master_key_secret(struct fscrypt_master_key_secret *secret)
28 {
29 	fscrypt_destroy_hkdf(&secret->hkdf);
30 	memzero_explicit(secret, sizeof(*secret));
31 }
32 
33 static void move_master_key_secret(struct fscrypt_master_key_secret *dst,
34 				   struct fscrypt_master_key_secret *src)
35 {
36 	memcpy(dst, src, sizeof(*dst));
37 	memzero_explicit(src, sizeof(*src));
38 }
39 
40 static void free_master_key(struct fscrypt_master_key *mk)
41 {
42 	size_t i;
43 
44 	wipe_master_key_secret(&mk->mk_secret);
45 
46 	for (i = 0; i <= __FSCRYPT_MODE_MAX; i++) {
47 		crypto_free_skcipher(mk->mk_direct_tfms[i]);
48 		crypto_free_skcipher(mk->mk_iv_ino_lblk_64_tfms[i]);
49 	}
50 
51 	key_put(mk->mk_users);
52 	kzfree(mk);
53 }
54 
55 static inline bool valid_key_spec(const struct fscrypt_key_specifier *spec)
56 {
57 	if (spec->__reserved)
58 		return false;
59 	return master_key_spec_len(spec) != 0;
60 }
61 
62 static int fscrypt_key_instantiate(struct key *key,
63 				   struct key_preparsed_payload *prep)
64 {
65 	key->payload.data[0] = (struct fscrypt_master_key *)prep->data;
66 	return 0;
67 }
68 
69 static void fscrypt_key_destroy(struct key *key)
70 {
71 	free_master_key(key->payload.data[0]);
72 }
73 
74 static void fscrypt_key_describe(const struct key *key, struct seq_file *m)
75 {
76 	seq_puts(m, key->description);
77 
78 	if (key_is_positive(key)) {
79 		const struct fscrypt_master_key *mk = key->payload.data[0];
80 
81 		if (!is_master_key_secret_present(&mk->mk_secret))
82 			seq_puts(m, ": secret removed");
83 	}
84 }
85 
86 /*
87  * Type of key in ->s_master_keys.  Each key of this type represents a master
88  * key which has been added to the filesystem.  Its payload is a
89  * 'struct fscrypt_master_key'.  The "." prefix in the key type name prevents
90  * users from adding keys of this type via the keyrings syscalls rather than via
91  * the intended method of FS_IOC_ADD_ENCRYPTION_KEY.
92  */
93 static struct key_type key_type_fscrypt = {
94 	.name			= "._fscrypt",
95 	.instantiate		= fscrypt_key_instantiate,
96 	.destroy		= fscrypt_key_destroy,
97 	.describe		= fscrypt_key_describe,
98 };
99 
100 static int fscrypt_user_key_instantiate(struct key *key,
101 					struct key_preparsed_payload *prep)
102 {
103 	/*
104 	 * We just charge FSCRYPT_MAX_KEY_SIZE bytes to the user's key quota for
105 	 * each key, regardless of the exact key size.  The amount of memory
106 	 * actually used is greater than the size of the raw key anyway.
107 	 */
108 	return key_payload_reserve(key, FSCRYPT_MAX_KEY_SIZE);
109 }
110 
111 static void fscrypt_user_key_describe(const struct key *key, struct seq_file *m)
112 {
113 	seq_puts(m, key->description);
114 }
115 
116 /*
117  * Type of key in ->mk_users.  Each key of this type represents a particular
118  * user who has added a particular master key.
119  *
120  * Note that the name of this key type really should be something like
121  * ".fscrypt-user" instead of simply ".fscrypt".  But the shorter name is chosen
122  * mainly for simplicity of presentation in /proc/keys when read by a non-root
123  * user.  And it is expected to be rare that a key is actually added by multiple
124  * users, since users should keep their encryption keys confidential.
125  */
126 static struct key_type key_type_fscrypt_user = {
127 	.name			= ".fscrypt",
128 	.instantiate		= fscrypt_user_key_instantiate,
129 	.describe		= fscrypt_user_key_describe,
130 };
131 
132 /* Search ->s_master_keys or ->mk_users */
133 static struct key *search_fscrypt_keyring(struct key *keyring,
134 					  struct key_type *type,
135 					  const char *description)
136 {
137 	/*
138 	 * We need to mark the keyring reference as "possessed" so that we
139 	 * acquire permission to search it, via the KEY_POS_SEARCH permission.
140 	 */
141 	key_ref_t keyref = make_key_ref(keyring, true /* possessed */);
142 
143 	keyref = keyring_search(keyref, type, description, false);
144 	if (IS_ERR(keyref)) {
145 		if (PTR_ERR(keyref) == -EAGAIN || /* not found */
146 		    PTR_ERR(keyref) == -EKEYREVOKED) /* recently invalidated */
147 			keyref = ERR_PTR(-ENOKEY);
148 		return ERR_CAST(keyref);
149 	}
150 	return key_ref_to_ptr(keyref);
151 }
152 
153 #define FSCRYPT_FS_KEYRING_DESCRIPTION_SIZE	\
154 	(CONST_STRLEN("fscrypt-") + sizeof_field(struct super_block, s_id))
155 
156 #define FSCRYPT_MK_DESCRIPTION_SIZE	(2 * FSCRYPT_KEY_IDENTIFIER_SIZE + 1)
157 
158 #define FSCRYPT_MK_USERS_DESCRIPTION_SIZE	\
159 	(CONST_STRLEN("fscrypt-") + 2 * FSCRYPT_KEY_IDENTIFIER_SIZE + \
160 	 CONST_STRLEN("-users") + 1)
161 
162 #define FSCRYPT_MK_USER_DESCRIPTION_SIZE	\
163 	(2 * FSCRYPT_KEY_IDENTIFIER_SIZE + CONST_STRLEN(".uid.") + 10 + 1)
164 
165 static void format_fs_keyring_description(
166 			char description[FSCRYPT_FS_KEYRING_DESCRIPTION_SIZE],
167 			const struct super_block *sb)
168 {
169 	sprintf(description, "fscrypt-%s", sb->s_id);
170 }
171 
172 static void format_mk_description(
173 			char description[FSCRYPT_MK_DESCRIPTION_SIZE],
174 			const struct fscrypt_key_specifier *mk_spec)
175 {
176 	sprintf(description, "%*phN",
177 		master_key_spec_len(mk_spec), (u8 *)&mk_spec->u);
178 }
179 
180 static void format_mk_users_keyring_description(
181 			char description[FSCRYPT_MK_USERS_DESCRIPTION_SIZE],
182 			const u8 mk_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE])
183 {
184 	sprintf(description, "fscrypt-%*phN-users",
185 		FSCRYPT_KEY_IDENTIFIER_SIZE, mk_identifier);
186 }
187 
188 static void format_mk_user_description(
189 			char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE],
190 			const u8 mk_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE])
191 {
192 
193 	sprintf(description, "%*phN.uid.%u", FSCRYPT_KEY_IDENTIFIER_SIZE,
194 		mk_identifier, __kuid_val(current_fsuid()));
195 }
196 
197 /* Create ->s_master_keys if needed.  Synchronized by fscrypt_add_key_mutex. */
198 static int allocate_filesystem_keyring(struct super_block *sb)
199 {
200 	char description[FSCRYPT_FS_KEYRING_DESCRIPTION_SIZE];
201 	struct key *keyring;
202 
203 	if (sb->s_master_keys)
204 		return 0;
205 
206 	format_fs_keyring_description(description, sb);
207 	keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
208 				current_cred(), KEY_POS_SEARCH |
209 				  KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW,
210 				KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
211 	if (IS_ERR(keyring))
212 		return PTR_ERR(keyring);
213 
214 	/* Pairs with READ_ONCE() in fscrypt_find_master_key() */
215 	smp_store_release(&sb->s_master_keys, keyring);
216 	return 0;
217 }
218 
219 void fscrypt_sb_free(struct super_block *sb)
220 {
221 	key_put(sb->s_master_keys);
222 	sb->s_master_keys = NULL;
223 }
224 
225 /*
226  * Find the specified master key in ->s_master_keys.
227  * Returns ERR_PTR(-ENOKEY) if not found.
228  */
229 struct key *fscrypt_find_master_key(struct super_block *sb,
230 				    const struct fscrypt_key_specifier *mk_spec)
231 {
232 	struct key *keyring;
233 	char description[FSCRYPT_MK_DESCRIPTION_SIZE];
234 
235 	/* pairs with smp_store_release() in allocate_filesystem_keyring() */
236 	keyring = READ_ONCE(sb->s_master_keys);
237 	if (keyring == NULL)
238 		return ERR_PTR(-ENOKEY); /* No keyring yet, so no keys yet. */
239 
240 	format_mk_description(description, mk_spec);
241 	return search_fscrypt_keyring(keyring, &key_type_fscrypt, description);
242 }
243 
244 static int allocate_master_key_users_keyring(struct fscrypt_master_key *mk)
245 {
246 	char description[FSCRYPT_MK_USERS_DESCRIPTION_SIZE];
247 	struct key *keyring;
248 
249 	format_mk_users_keyring_description(description,
250 					    mk->mk_spec.u.identifier);
251 	keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
252 				current_cred(), KEY_POS_SEARCH |
253 				  KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW,
254 				KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
255 	if (IS_ERR(keyring))
256 		return PTR_ERR(keyring);
257 
258 	mk->mk_users = keyring;
259 	return 0;
260 }
261 
262 /*
263  * Find the current user's "key" in the master key's ->mk_users.
264  * Returns ERR_PTR(-ENOKEY) if not found.
265  */
266 static struct key *find_master_key_user(struct fscrypt_master_key *mk)
267 {
268 	char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE];
269 
270 	format_mk_user_description(description, mk->mk_spec.u.identifier);
271 	return search_fscrypt_keyring(mk->mk_users, &key_type_fscrypt_user,
272 				      description);
273 }
274 
275 /*
276  * Give the current user a "key" in ->mk_users.  This charges the user's quota
277  * and marks the master key as added by the current user, so that it cannot be
278  * removed by another user with the key.  Either the master key's key->sem must
279  * be held for write, or the master key must be still undergoing initialization.
280  */
281 static int add_master_key_user(struct fscrypt_master_key *mk)
282 {
283 	char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE];
284 	struct key *mk_user;
285 	int err;
286 
287 	format_mk_user_description(description, mk->mk_spec.u.identifier);
288 	mk_user = key_alloc(&key_type_fscrypt_user, description,
289 			    current_fsuid(), current_gid(), current_cred(),
290 			    KEY_POS_SEARCH | KEY_USR_VIEW, 0, NULL);
291 	if (IS_ERR(mk_user))
292 		return PTR_ERR(mk_user);
293 
294 	err = key_instantiate_and_link(mk_user, NULL, 0, mk->mk_users, NULL);
295 	key_put(mk_user);
296 	return err;
297 }
298 
299 /*
300  * Remove the current user's "key" from ->mk_users.
301  * The master key's key->sem must be held for write.
302  *
303  * Returns 0 if removed, -ENOKEY if not found, or another -errno code.
304  */
305 static int remove_master_key_user(struct fscrypt_master_key *mk)
306 {
307 	struct key *mk_user;
308 	int err;
309 
310 	mk_user = find_master_key_user(mk);
311 	if (IS_ERR(mk_user))
312 		return PTR_ERR(mk_user);
313 	err = key_unlink(mk->mk_users, mk_user);
314 	key_put(mk_user);
315 	return err;
316 }
317 
318 /*
319  * Allocate a new fscrypt_master_key which contains the given secret, set it as
320  * the payload of a new 'struct key' of type fscrypt, and link the 'struct key'
321  * into the given keyring.  Synchronized by fscrypt_add_key_mutex.
322  */
323 static int add_new_master_key(struct fscrypt_master_key_secret *secret,
324 			      const struct fscrypt_key_specifier *mk_spec,
325 			      struct key *keyring)
326 {
327 	struct fscrypt_master_key *mk;
328 	char description[FSCRYPT_MK_DESCRIPTION_SIZE];
329 	struct key *key;
330 	int err;
331 
332 	mk = kzalloc(sizeof(*mk), GFP_KERNEL);
333 	if (!mk)
334 		return -ENOMEM;
335 
336 	mk->mk_spec = *mk_spec;
337 
338 	move_master_key_secret(&mk->mk_secret, secret);
339 	init_rwsem(&mk->mk_secret_sem);
340 
341 	refcount_set(&mk->mk_refcount, 1); /* secret is present */
342 	INIT_LIST_HEAD(&mk->mk_decrypted_inodes);
343 	spin_lock_init(&mk->mk_decrypted_inodes_lock);
344 
345 	if (mk_spec->type == FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER) {
346 		err = allocate_master_key_users_keyring(mk);
347 		if (err)
348 			goto out_free_mk;
349 		err = add_master_key_user(mk);
350 		if (err)
351 			goto out_free_mk;
352 	}
353 
354 	/*
355 	 * Note that we don't charge this key to anyone's quota, since when
356 	 * ->mk_users is in use those keys are charged instead, and otherwise
357 	 * (when ->mk_users isn't in use) only root can add these keys.
358 	 */
359 	format_mk_description(description, mk_spec);
360 	key = key_alloc(&key_type_fscrypt, description,
361 			GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
362 			KEY_POS_SEARCH | KEY_USR_SEARCH | KEY_USR_VIEW,
363 			KEY_ALLOC_NOT_IN_QUOTA, NULL);
364 	if (IS_ERR(key)) {
365 		err = PTR_ERR(key);
366 		goto out_free_mk;
367 	}
368 	err = key_instantiate_and_link(key, mk, sizeof(*mk), keyring, NULL);
369 	key_put(key);
370 	if (err)
371 		goto out_free_mk;
372 
373 	return 0;
374 
375 out_free_mk:
376 	free_master_key(mk);
377 	return err;
378 }
379 
380 #define KEY_DEAD	1
381 
382 static int add_existing_master_key(struct fscrypt_master_key *mk,
383 				   struct fscrypt_master_key_secret *secret)
384 {
385 	struct key *mk_user;
386 	bool rekey;
387 	int err;
388 
389 	/*
390 	 * If the current user is already in ->mk_users, then there's nothing to
391 	 * do.  (Not applicable for v1 policy keys, which have NULL ->mk_users.)
392 	 */
393 	if (mk->mk_users) {
394 		mk_user = find_master_key_user(mk);
395 		if (mk_user != ERR_PTR(-ENOKEY)) {
396 			if (IS_ERR(mk_user))
397 				return PTR_ERR(mk_user);
398 			key_put(mk_user);
399 			return 0;
400 		}
401 	}
402 
403 	/* If we'll be re-adding ->mk_secret, try to take the reference. */
404 	rekey = !is_master_key_secret_present(&mk->mk_secret);
405 	if (rekey && !refcount_inc_not_zero(&mk->mk_refcount))
406 		return KEY_DEAD;
407 
408 	/* Add the current user to ->mk_users, if applicable. */
409 	if (mk->mk_users) {
410 		err = add_master_key_user(mk);
411 		if (err) {
412 			if (rekey && refcount_dec_and_test(&mk->mk_refcount))
413 				return KEY_DEAD;
414 			return err;
415 		}
416 	}
417 
418 	/* Re-add the secret if needed. */
419 	if (rekey) {
420 		down_write(&mk->mk_secret_sem);
421 		move_master_key_secret(&mk->mk_secret, secret);
422 		up_write(&mk->mk_secret_sem);
423 	}
424 	return 0;
425 }
426 
427 static int add_master_key(struct super_block *sb,
428 			  struct fscrypt_master_key_secret *secret,
429 			  const struct fscrypt_key_specifier *mk_spec)
430 {
431 	static DEFINE_MUTEX(fscrypt_add_key_mutex);
432 	struct key *key;
433 	int err;
434 
435 	mutex_lock(&fscrypt_add_key_mutex); /* serialize find + link */
436 retry:
437 	key = fscrypt_find_master_key(sb, mk_spec);
438 	if (IS_ERR(key)) {
439 		err = PTR_ERR(key);
440 		if (err != -ENOKEY)
441 			goto out_unlock;
442 		/* Didn't find the key in ->s_master_keys.  Add it. */
443 		err = allocate_filesystem_keyring(sb);
444 		if (err)
445 			goto out_unlock;
446 		err = add_new_master_key(secret, mk_spec, sb->s_master_keys);
447 	} else {
448 		/*
449 		 * Found the key in ->s_master_keys.  Re-add the secret if
450 		 * needed, and add the user to ->mk_users if needed.
451 		 */
452 		down_write(&key->sem);
453 		err = add_existing_master_key(key->payload.data[0], secret);
454 		up_write(&key->sem);
455 		if (err == KEY_DEAD) {
456 			/* Key being removed or needs to be removed */
457 			key_invalidate(key);
458 			key_put(key);
459 			goto retry;
460 		}
461 		key_put(key);
462 	}
463 out_unlock:
464 	mutex_unlock(&fscrypt_add_key_mutex);
465 	return err;
466 }
467 
468 static int fscrypt_provisioning_key_preparse(struct key_preparsed_payload *prep)
469 {
470 	const struct fscrypt_provisioning_key_payload *payload = prep->data;
471 
472 	if (prep->datalen < sizeof(*payload) + FSCRYPT_MIN_KEY_SIZE ||
473 	    prep->datalen > sizeof(*payload) + FSCRYPT_MAX_KEY_SIZE)
474 		return -EINVAL;
475 
476 	if (payload->type != FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR &&
477 	    payload->type != FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER)
478 		return -EINVAL;
479 
480 	if (payload->__reserved)
481 		return -EINVAL;
482 
483 	prep->payload.data[0] = kmemdup(payload, prep->datalen, GFP_KERNEL);
484 	if (!prep->payload.data[0])
485 		return -ENOMEM;
486 
487 	prep->quotalen = prep->datalen;
488 	return 0;
489 }
490 
491 static void fscrypt_provisioning_key_free_preparse(
492 					struct key_preparsed_payload *prep)
493 {
494 	kzfree(prep->payload.data[0]);
495 }
496 
497 static void fscrypt_provisioning_key_describe(const struct key *key,
498 					      struct seq_file *m)
499 {
500 	seq_puts(m, key->description);
501 	if (key_is_positive(key)) {
502 		const struct fscrypt_provisioning_key_payload *payload =
503 			key->payload.data[0];
504 
505 		seq_printf(m, ": %u [%u]", key->datalen, payload->type);
506 	}
507 }
508 
509 static void fscrypt_provisioning_key_destroy(struct key *key)
510 {
511 	kzfree(key->payload.data[0]);
512 }
513 
514 static struct key_type key_type_fscrypt_provisioning = {
515 	.name			= "fscrypt-provisioning",
516 	.preparse		= fscrypt_provisioning_key_preparse,
517 	.free_preparse		= fscrypt_provisioning_key_free_preparse,
518 	.instantiate		= generic_key_instantiate,
519 	.describe		= fscrypt_provisioning_key_describe,
520 	.destroy		= fscrypt_provisioning_key_destroy,
521 };
522 
523 /*
524  * Retrieve the raw key from the Linux keyring key specified by 'key_id', and
525  * store it into 'secret'.
526  *
527  * The key must be of type "fscrypt-provisioning" and must have the field
528  * fscrypt_provisioning_key_payload::type set to 'type', indicating that it's
529  * only usable with fscrypt with the particular KDF version identified by
530  * 'type'.  We don't use the "logon" key type because there's no way to
531  * completely restrict the use of such keys; they can be used by any kernel API
532  * that accepts "logon" keys and doesn't require a specific service prefix.
533  *
534  * The ability to specify the key via Linux keyring key is intended for cases
535  * where userspace needs to re-add keys after the filesystem is unmounted and
536  * re-mounted.  Most users should just provide the raw key directly instead.
537  */
538 static int get_keyring_key(u32 key_id, u32 type,
539 			   struct fscrypt_master_key_secret *secret)
540 {
541 	key_ref_t ref;
542 	struct key *key;
543 	const struct fscrypt_provisioning_key_payload *payload;
544 	int err;
545 
546 	ref = lookup_user_key(key_id, 0, KEY_NEED_SEARCH);
547 	if (IS_ERR(ref))
548 		return PTR_ERR(ref);
549 	key = key_ref_to_ptr(ref);
550 
551 	if (key->type != &key_type_fscrypt_provisioning)
552 		goto bad_key;
553 	payload = key->payload.data[0];
554 
555 	/* Don't allow fscrypt v1 keys to be used as v2 keys and vice versa. */
556 	if (payload->type != type)
557 		goto bad_key;
558 
559 	secret->size = key->datalen - sizeof(*payload);
560 	memcpy(secret->raw, payload->raw, secret->size);
561 	err = 0;
562 	goto out_put;
563 
564 bad_key:
565 	err = -EKEYREJECTED;
566 out_put:
567 	key_ref_put(ref);
568 	return err;
569 }
570 
571 /*
572  * Add a master encryption key to the filesystem, causing all files which were
573  * encrypted with it to appear "unlocked" (decrypted) when accessed.
574  *
575  * When adding a key for use by v1 encryption policies, this ioctl is
576  * privileged, and userspace must provide the 'key_descriptor'.
577  *
578  * When adding a key for use by v2+ encryption policies, this ioctl is
579  * unprivileged.  This is needed, in general, to allow non-root users to use
580  * encryption without encountering the visibility problems of process-subscribed
581  * keyrings and the inability to properly remove keys.  This works by having
582  * each key identified by its cryptographically secure hash --- the
583  * 'key_identifier'.  The cryptographic hash ensures that a malicious user
584  * cannot add the wrong key for a given identifier.  Furthermore, each added key
585  * is charged to the appropriate user's quota for the keyrings service, which
586  * prevents a malicious user from adding too many keys.  Finally, we forbid a
587  * user from removing a key while other users have added it too, which prevents
588  * a user who knows another user's key from causing a denial-of-service by
589  * removing it at an inopportune time.  (We tolerate that a user who knows a key
590  * can prevent other users from removing it.)
591  *
592  * For more details, see the "FS_IOC_ADD_ENCRYPTION_KEY" section of
593  * Documentation/filesystems/fscrypt.rst.
594  */
595 int fscrypt_ioctl_add_key(struct file *filp, void __user *_uarg)
596 {
597 	struct super_block *sb = file_inode(filp)->i_sb;
598 	struct fscrypt_add_key_arg __user *uarg = _uarg;
599 	struct fscrypt_add_key_arg arg;
600 	struct fscrypt_master_key_secret secret;
601 	int err;
602 
603 	if (copy_from_user(&arg, uarg, sizeof(arg)))
604 		return -EFAULT;
605 
606 	if (!valid_key_spec(&arg.key_spec))
607 		return -EINVAL;
608 
609 	if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved)))
610 		return -EINVAL;
611 
612 	memset(&secret, 0, sizeof(secret));
613 	if (arg.key_id) {
614 		if (arg.raw_size != 0)
615 			return -EINVAL;
616 		err = get_keyring_key(arg.key_id, arg.key_spec.type, &secret);
617 		if (err)
618 			goto out_wipe_secret;
619 	} else {
620 		if (arg.raw_size < FSCRYPT_MIN_KEY_SIZE ||
621 		    arg.raw_size > FSCRYPT_MAX_KEY_SIZE)
622 			return -EINVAL;
623 		secret.size = arg.raw_size;
624 		err = -EFAULT;
625 		if (copy_from_user(secret.raw, uarg->raw, secret.size))
626 			goto out_wipe_secret;
627 	}
628 
629 	switch (arg.key_spec.type) {
630 	case FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR:
631 		/*
632 		 * Only root can add keys that are identified by an arbitrary
633 		 * descriptor rather than by a cryptographic hash --- since
634 		 * otherwise a malicious user could add the wrong key.
635 		 */
636 		err = -EACCES;
637 		if (!capable(CAP_SYS_ADMIN))
638 			goto out_wipe_secret;
639 		break;
640 	case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER:
641 		err = fscrypt_init_hkdf(&secret.hkdf, secret.raw, secret.size);
642 		if (err)
643 			goto out_wipe_secret;
644 
645 		/*
646 		 * Now that the HKDF context is initialized, the raw key is no
647 		 * longer needed.
648 		 */
649 		memzero_explicit(secret.raw, secret.size);
650 
651 		/* Calculate the key identifier and return it to userspace. */
652 		err = fscrypt_hkdf_expand(&secret.hkdf,
653 					  HKDF_CONTEXT_KEY_IDENTIFIER,
654 					  NULL, 0, arg.key_spec.u.identifier,
655 					  FSCRYPT_KEY_IDENTIFIER_SIZE);
656 		if (err)
657 			goto out_wipe_secret;
658 		err = -EFAULT;
659 		if (copy_to_user(uarg->key_spec.u.identifier,
660 				 arg.key_spec.u.identifier,
661 				 FSCRYPT_KEY_IDENTIFIER_SIZE))
662 			goto out_wipe_secret;
663 		break;
664 	default:
665 		WARN_ON(1);
666 		err = -EINVAL;
667 		goto out_wipe_secret;
668 	}
669 
670 	err = add_master_key(sb, &secret, &arg.key_spec);
671 out_wipe_secret:
672 	wipe_master_key_secret(&secret);
673 	return err;
674 }
675 EXPORT_SYMBOL_GPL(fscrypt_ioctl_add_key);
676 
677 /*
678  * Verify that the current user has added a master key with the given identifier
679  * (returns -ENOKEY if not).  This is needed to prevent a user from encrypting
680  * their files using some other user's key which they don't actually know.
681  * Cryptographically this isn't much of a problem, but the semantics of this
682  * would be a bit weird, so it's best to just forbid it.
683  *
684  * The system administrator (CAP_FOWNER) can override this, which should be
685  * enough for any use cases where encryption policies are being set using keys
686  * that were chosen ahead of time but aren't available at the moment.
687  *
688  * Note that the key may have already removed by the time this returns, but
689  * that's okay; we just care whether the key was there at some point.
690  *
691  * Return: 0 if the key is added, -ENOKEY if it isn't, or another -errno code
692  */
693 int fscrypt_verify_key_added(struct super_block *sb,
694 			     const u8 identifier[FSCRYPT_KEY_IDENTIFIER_SIZE])
695 {
696 	struct fscrypt_key_specifier mk_spec;
697 	struct key *key, *mk_user;
698 	struct fscrypt_master_key *mk;
699 	int err;
700 
701 	mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER;
702 	memcpy(mk_spec.u.identifier, identifier, FSCRYPT_KEY_IDENTIFIER_SIZE);
703 
704 	key = fscrypt_find_master_key(sb, &mk_spec);
705 	if (IS_ERR(key)) {
706 		err = PTR_ERR(key);
707 		goto out;
708 	}
709 	mk = key->payload.data[0];
710 	mk_user = find_master_key_user(mk);
711 	if (IS_ERR(mk_user)) {
712 		err = PTR_ERR(mk_user);
713 	} else {
714 		key_put(mk_user);
715 		err = 0;
716 	}
717 	key_put(key);
718 out:
719 	if (err == -ENOKEY && capable(CAP_FOWNER))
720 		err = 0;
721 	return err;
722 }
723 
724 /*
725  * Try to evict the inode's dentries from the dentry cache.  If the inode is a
726  * directory, then it can have at most one dentry; however, that dentry may be
727  * pinned by child dentries, so first try to evict the children too.
728  */
729 static void shrink_dcache_inode(struct inode *inode)
730 {
731 	struct dentry *dentry;
732 
733 	if (S_ISDIR(inode->i_mode)) {
734 		dentry = d_find_any_alias(inode);
735 		if (dentry) {
736 			shrink_dcache_parent(dentry);
737 			dput(dentry);
738 		}
739 	}
740 	d_prune_aliases(inode);
741 }
742 
743 static void evict_dentries_for_decrypted_inodes(struct fscrypt_master_key *mk)
744 {
745 	struct fscrypt_info *ci;
746 	struct inode *inode;
747 	struct inode *toput_inode = NULL;
748 
749 	spin_lock(&mk->mk_decrypted_inodes_lock);
750 
751 	list_for_each_entry(ci, &mk->mk_decrypted_inodes, ci_master_key_link) {
752 		inode = ci->ci_inode;
753 		spin_lock(&inode->i_lock);
754 		if (inode->i_state & (I_FREEING | I_WILL_FREE | I_NEW)) {
755 			spin_unlock(&inode->i_lock);
756 			continue;
757 		}
758 		__iget(inode);
759 		spin_unlock(&inode->i_lock);
760 		spin_unlock(&mk->mk_decrypted_inodes_lock);
761 
762 		shrink_dcache_inode(inode);
763 		iput(toput_inode);
764 		toput_inode = inode;
765 
766 		spin_lock(&mk->mk_decrypted_inodes_lock);
767 	}
768 
769 	spin_unlock(&mk->mk_decrypted_inodes_lock);
770 	iput(toput_inode);
771 }
772 
773 static int check_for_busy_inodes(struct super_block *sb,
774 				 struct fscrypt_master_key *mk)
775 {
776 	struct list_head *pos;
777 	size_t busy_count = 0;
778 	unsigned long ino;
779 
780 	spin_lock(&mk->mk_decrypted_inodes_lock);
781 
782 	list_for_each(pos, &mk->mk_decrypted_inodes)
783 		busy_count++;
784 
785 	if (busy_count == 0) {
786 		spin_unlock(&mk->mk_decrypted_inodes_lock);
787 		return 0;
788 	}
789 
790 	{
791 		/* select an example file to show for debugging purposes */
792 		struct inode *inode =
793 			list_first_entry(&mk->mk_decrypted_inodes,
794 					 struct fscrypt_info,
795 					 ci_master_key_link)->ci_inode;
796 		ino = inode->i_ino;
797 	}
798 	spin_unlock(&mk->mk_decrypted_inodes_lock);
799 
800 	fscrypt_warn(NULL,
801 		     "%s: %zu inode(s) still busy after removing key with %s %*phN, including ino %lu",
802 		     sb->s_id, busy_count, master_key_spec_type(&mk->mk_spec),
803 		     master_key_spec_len(&mk->mk_spec), (u8 *)&mk->mk_spec.u,
804 		     ino);
805 	return -EBUSY;
806 }
807 
808 static int try_to_lock_encrypted_files(struct super_block *sb,
809 				       struct fscrypt_master_key *mk)
810 {
811 	int err1;
812 	int err2;
813 
814 	/*
815 	 * An inode can't be evicted while it is dirty or has dirty pages.
816 	 * Thus, we first have to clean the inodes in ->mk_decrypted_inodes.
817 	 *
818 	 * Just do it the easy way: call sync_filesystem().  It's overkill, but
819 	 * it works, and it's more important to minimize the amount of caches we
820 	 * drop than the amount of data we sync.  Also, unprivileged users can
821 	 * already call sync_filesystem() via sys_syncfs() or sys_sync().
822 	 */
823 	down_read(&sb->s_umount);
824 	err1 = sync_filesystem(sb);
825 	up_read(&sb->s_umount);
826 	/* If a sync error occurs, still try to evict as much as possible. */
827 
828 	/*
829 	 * Inodes are pinned by their dentries, so we have to evict their
830 	 * dentries.  shrink_dcache_sb() would suffice, but would be overkill
831 	 * and inappropriate for use by unprivileged users.  So instead go
832 	 * through the inodes' alias lists and try to evict each dentry.
833 	 */
834 	evict_dentries_for_decrypted_inodes(mk);
835 
836 	/*
837 	 * evict_dentries_for_decrypted_inodes() already iput() each inode in
838 	 * the list; any inodes for which that dropped the last reference will
839 	 * have been evicted due to fscrypt_drop_inode() detecting the key
840 	 * removal and telling the VFS to evict the inode.  So to finish, we
841 	 * just need to check whether any inodes couldn't be evicted.
842 	 */
843 	err2 = check_for_busy_inodes(sb, mk);
844 
845 	return err1 ?: err2;
846 }
847 
848 /*
849  * Try to remove an fscrypt master encryption key.
850  *
851  * FS_IOC_REMOVE_ENCRYPTION_KEY (all_users=false) removes the current user's
852  * claim to the key, then removes the key itself if no other users have claims.
853  * FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS (all_users=true) always removes the
854  * key itself.
855  *
856  * To "remove the key itself", first we wipe the actual master key secret, so
857  * that no more inodes can be unlocked with it.  Then we try to evict all cached
858  * inodes that had been unlocked with the key.
859  *
860  * If all inodes were evicted, then we unlink the fscrypt_master_key from the
861  * keyring.  Otherwise it remains in the keyring in the "incompletely removed"
862  * state (without the actual secret key) where it tracks the list of remaining
863  * inodes.  Userspace can execute the ioctl again later to retry eviction, or
864  * alternatively can re-add the secret key again.
865  *
866  * For more details, see the "Removing keys" section of
867  * Documentation/filesystems/fscrypt.rst.
868  */
869 static int do_remove_key(struct file *filp, void __user *_uarg, bool all_users)
870 {
871 	struct super_block *sb = file_inode(filp)->i_sb;
872 	struct fscrypt_remove_key_arg __user *uarg = _uarg;
873 	struct fscrypt_remove_key_arg arg;
874 	struct key *key;
875 	struct fscrypt_master_key *mk;
876 	u32 status_flags = 0;
877 	int err;
878 	bool dead;
879 
880 	if (copy_from_user(&arg, uarg, sizeof(arg)))
881 		return -EFAULT;
882 
883 	if (!valid_key_spec(&arg.key_spec))
884 		return -EINVAL;
885 
886 	if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved)))
887 		return -EINVAL;
888 
889 	/*
890 	 * Only root can add and remove keys that are identified by an arbitrary
891 	 * descriptor rather than by a cryptographic hash.
892 	 */
893 	if (arg.key_spec.type == FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR &&
894 	    !capable(CAP_SYS_ADMIN))
895 		return -EACCES;
896 
897 	/* Find the key being removed. */
898 	key = fscrypt_find_master_key(sb, &arg.key_spec);
899 	if (IS_ERR(key))
900 		return PTR_ERR(key);
901 	mk = key->payload.data[0];
902 
903 	down_write(&key->sem);
904 
905 	/* If relevant, remove current user's (or all users) claim to the key */
906 	if (mk->mk_users && mk->mk_users->keys.nr_leaves_on_tree != 0) {
907 		if (all_users)
908 			err = keyring_clear(mk->mk_users);
909 		else
910 			err = remove_master_key_user(mk);
911 		if (err) {
912 			up_write(&key->sem);
913 			goto out_put_key;
914 		}
915 		if (mk->mk_users->keys.nr_leaves_on_tree != 0) {
916 			/*
917 			 * Other users have still added the key too.  We removed
918 			 * the current user's claim to the key, but we still
919 			 * can't remove the key itself.
920 			 */
921 			status_flags |=
922 				FSCRYPT_KEY_REMOVAL_STATUS_FLAG_OTHER_USERS;
923 			err = 0;
924 			up_write(&key->sem);
925 			goto out_put_key;
926 		}
927 	}
928 
929 	/* No user claims remaining.  Go ahead and wipe the secret. */
930 	dead = false;
931 	if (is_master_key_secret_present(&mk->mk_secret)) {
932 		down_write(&mk->mk_secret_sem);
933 		wipe_master_key_secret(&mk->mk_secret);
934 		dead = refcount_dec_and_test(&mk->mk_refcount);
935 		up_write(&mk->mk_secret_sem);
936 	}
937 	up_write(&key->sem);
938 	if (dead) {
939 		/*
940 		 * No inodes reference the key, and we wiped the secret, so the
941 		 * key object is free to be removed from the keyring.
942 		 */
943 		key_invalidate(key);
944 		err = 0;
945 	} else {
946 		/* Some inodes still reference this key; try to evict them. */
947 		err = try_to_lock_encrypted_files(sb, mk);
948 		if (err == -EBUSY) {
949 			status_flags |=
950 				FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY;
951 			err = 0;
952 		}
953 	}
954 	/*
955 	 * We return 0 if we successfully did something: removed a claim to the
956 	 * key, wiped the secret, or tried locking the files again.  Users need
957 	 * to check the informational status flags if they care whether the key
958 	 * has been fully removed including all files locked.
959 	 */
960 out_put_key:
961 	key_put(key);
962 	if (err == 0)
963 		err = put_user(status_flags, &uarg->removal_status_flags);
964 	return err;
965 }
966 
967 int fscrypt_ioctl_remove_key(struct file *filp, void __user *uarg)
968 {
969 	return do_remove_key(filp, uarg, false);
970 }
971 EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key);
972 
973 int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *uarg)
974 {
975 	if (!capable(CAP_SYS_ADMIN))
976 		return -EACCES;
977 	return do_remove_key(filp, uarg, true);
978 }
979 EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key_all_users);
980 
981 /*
982  * Retrieve the status of an fscrypt master encryption key.
983  *
984  * We set ->status to indicate whether the key is absent, present, or
985  * incompletely removed.  "Incompletely removed" means that the master key
986  * secret has been removed, but some files which had been unlocked with it are
987  * still in use.  This field allows applications to easily determine the state
988  * of an encrypted directory without using a hack such as trying to open a
989  * regular file in it (which can confuse the "incompletely removed" state with
990  * absent or present).
991  *
992  * In addition, for v2 policy keys we allow applications to determine, via
993  * ->status_flags and ->user_count, whether the key has been added by the
994  * current user, by other users, or by both.  Most applications should not need
995  * this, since ordinarily only one user should know a given key.  However, if a
996  * secret key is shared by multiple users, applications may wish to add an
997  * already-present key to prevent other users from removing it.  This ioctl can
998  * be used to check whether that really is the case before the work is done to
999  * add the key --- which might e.g. require prompting the user for a passphrase.
1000  *
1001  * For more details, see the "FS_IOC_GET_ENCRYPTION_KEY_STATUS" section of
1002  * Documentation/filesystems/fscrypt.rst.
1003  */
1004 int fscrypt_ioctl_get_key_status(struct file *filp, void __user *uarg)
1005 {
1006 	struct super_block *sb = file_inode(filp)->i_sb;
1007 	struct fscrypt_get_key_status_arg arg;
1008 	struct key *key;
1009 	struct fscrypt_master_key *mk;
1010 	int err;
1011 
1012 	if (copy_from_user(&arg, uarg, sizeof(arg)))
1013 		return -EFAULT;
1014 
1015 	if (!valid_key_spec(&arg.key_spec))
1016 		return -EINVAL;
1017 
1018 	if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved)))
1019 		return -EINVAL;
1020 
1021 	arg.status_flags = 0;
1022 	arg.user_count = 0;
1023 	memset(arg.__out_reserved, 0, sizeof(arg.__out_reserved));
1024 
1025 	key = fscrypt_find_master_key(sb, &arg.key_spec);
1026 	if (IS_ERR(key)) {
1027 		if (key != ERR_PTR(-ENOKEY))
1028 			return PTR_ERR(key);
1029 		arg.status = FSCRYPT_KEY_STATUS_ABSENT;
1030 		err = 0;
1031 		goto out;
1032 	}
1033 	mk = key->payload.data[0];
1034 	down_read(&key->sem);
1035 
1036 	if (!is_master_key_secret_present(&mk->mk_secret)) {
1037 		arg.status = FSCRYPT_KEY_STATUS_INCOMPLETELY_REMOVED;
1038 		err = 0;
1039 		goto out_release_key;
1040 	}
1041 
1042 	arg.status = FSCRYPT_KEY_STATUS_PRESENT;
1043 	if (mk->mk_users) {
1044 		struct key *mk_user;
1045 
1046 		arg.user_count = mk->mk_users->keys.nr_leaves_on_tree;
1047 		mk_user = find_master_key_user(mk);
1048 		if (!IS_ERR(mk_user)) {
1049 			arg.status_flags |=
1050 				FSCRYPT_KEY_STATUS_FLAG_ADDED_BY_SELF;
1051 			key_put(mk_user);
1052 		} else if (mk_user != ERR_PTR(-ENOKEY)) {
1053 			err = PTR_ERR(mk_user);
1054 			goto out_release_key;
1055 		}
1056 	}
1057 	err = 0;
1058 out_release_key:
1059 	up_read(&key->sem);
1060 	key_put(key);
1061 out:
1062 	if (!err && copy_to_user(uarg, &arg, sizeof(arg)))
1063 		err = -EFAULT;
1064 	return err;
1065 }
1066 EXPORT_SYMBOL_GPL(fscrypt_ioctl_get_key_status);
1067 
1068 int __init fscrypt_init_keyring(void)
1069 {
1070 	int err;
1071 
1072 	err = register_key_type(&key_type_fscrypt);
1073 	if (err)
1074 		return err;
1075 
1076 	err = register_key_type(&key_type_fscrypt_user);
1077 	if (err)
1078 		goto err_unregister_fscrypt;
1079 
1080 	err = register_key_type(&key_type_fscrypt_provisioning);
1081 	if (err)
1082 		goto err_unregister_fscrypt_user;
1083 
1084 	return 0;
1085 
1086 err_unregister_fscrypt_user:
1087 	unregister_key_type(&key_type_fscrypt_user);
1088 err_unregister_fscrypt:
1089 	unregister_key_type(&key_type_fscrypt);
1090 	return err;
1091 }
1092