Commit | Line | Data |
---|---|---|
22d94f49 EB |
1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* | |
3 | * Filesystem-level keyring for fscrypt | |
4 | * | |
5 | * Copyright 2019 Google LLC | |
6 | */ | |
7 | ||
8 | /* | |
9 | * This file implements management of fscrypt master keys in the | |
10 | * filesystem-level keyring, including the ioctls: | |
11 | * | |
12 | * - FS_IOC_ADD_ENCRYPTION_KEY | |
b1c0ec35 | 13 | * - FS_IOC_REMOVE_ENCRYPTION_KEY |
78a1b96b | 14 | * - FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS |
5a7e2992 | 15 | * - FS_IOC_GET_ENCRYPTION_KEY_STATUS |
22d94f49 EB |
16 | * |
17 | * See the "User API" section of Documentation/filesystems/fscrypt.rst for more | |
18 | * information about these ioctls. | |
19 | */ | |
20 | ||
d7e7b9af | 21 | #include <asm/unaligned.h> |
5dae460c | 22 | #include <crypto/skcipher.h> |
22d94f49 | 23 | #include <linux/key-type.h> |
cdeb21da | 24 | #include <linux/random.h> |
22d94f49 EB |
25 | #include <linux/seq_file.h> |
26 | ||
27 | #include "fscrypt_private.h" | |
28 | ||
d7e7b9af EB |
29 | /* The master encryption keys for a filesystem (->s_master_keys) */ |
30 | struct fscrypt_keyring { | |
31 | /* | |
32 | * Lock that protects ->key_hashtable. It does *not* protect the | |
33 | * fscrypt_master_key structs themselves. | |
34 | */ | |
35 | spinlock_t lock; | |
36 | ||
37 | /* Hash table that maps fscrypt_key_specifier to fscrypt_master_key */ | |
38 | struct hlist_head key_hashtable[128]; | |
39 | }; | |
40 | ||
22d94f49 EB |
41 | static void wipe_master_key_secret(struct fscrypt_master_key_secret *secret) |
42 | { | |
5dae460c | 43 | fscrypt_destroy_hkdf(&secret->hkdf); |
22d94f49 EB |
44 | memzero_explicit(secret, sizeof(*secret)); |
45 | } | |
46 | ||
47 | static void move_master_key_secret(struct fscrypt_master_key_secret *dst, | |
48 | struct fscrypt_master_key_secret *src) | |
49 | { | |
50 | memcpy(dst, src, sizeof(*dst)); | |
51 | memzero_explicit(src, sizeof(*src)); | |
52 | } | |
53 | ||
d7e7b9af EB |
54 | static void fscrypt_free_master_key(struct rcu_head *head) |
55 | { | |
56 | struct fscrypt_master_key *mk = | |
57 | container_of(head, struct fscrypt_master_key, mk_rcu_head); | |
58 | /* | |
59 | * The master key secret and any embedded subkeys should have already | |
60 | * been wiped when the last active reference to the fscrypt_master_key | |
61 | * struct was dropped; doing it here would be unnecessarily late. | |
62 | * Nevertheless, use kfree_sensitive() in case anything was missed. | |
63 | */ | |
64 | kfree_sensitive(mk); | |
65 | } | |
66 | ||
67 | void fscrypt_put_master_key(struct fscrypt_master_key *mk) | |
68 | { | |
69 | if (!refcount_dec_and_test(&mk->mk_struct_refs)) | |
70 | return; | |
71 | /* | |
72 | * No structural references left, so free ->mk_users, and also free the | |
73 | * fscrypt_master_key struct itself after an RCU grace period ensures | |
74 | * that concurrent keyring lookups can no longer find it. | |
75 | */ | |
41b2ad80 | 76 | WARN_ON_ONCE(refcount_read(&mk->mk_active_refs) != 0); |
d7e7b9af EB |
77 | key_put(mk->mk_users); |
78 | mk->mk_users = NULL; | |
79 | call_rcu(&mk->mk_rcu_head, fscrypt_free_master_key); | |
80 | } | |
81 | ||
02aef422 EB |
82 | void fscrypt_put_master_key_activeref(struct super_block *sb, |
83 | struct fscrypt_master_key *mk) | |
22d94f49 | 84 | { |
5dae460c EB |
85 | size_t i; |
86 | ||
d7e7b9af EB |
87 | if (!refcount_dec_and_test(&mk->mk_active_refs)) |
88 | return; | |
89 | /* | |
90 | * No active references left, so complete the full removal of this | |
91 | * fscrypt_master_key struct by removing it from the keyring and | |
92 | * destroying any subkeys embedded in it. | |
93 | */ | |
94 | ||
41b2ad80 | 95 | if (WARN_ON_ONCE(!sb->s_master_keys)) |
4bcf6f82 | 96 | return; |
02aef422 | 97 | spin_lock(&sb->s_master_keys->lock); |
d7e7b9af | 98 | hlist_del_rcu(&mk->mk_node); |
02aef422 | 99 | spin_unlock(&sb->s_master_keys->lock); |
d7e7b9af EB |
100 | |
101 | /* | |
15baf554 EB |
102 | * ->mk_active_refs == 0 implies that ->mk_present is false and |
103 | * ->mk_decrypted_inodes is empty. | |
d7e7b9af | 104 | */ |
15baf554 | 105 | WARN_ON_ONCE(mk->mk_present); |
41b2ad80 | 106 | WARN_ON_ONCE(!list_empty(&mk->mk_decrypted_inodes)); |
5dae460c | 107 | |
3ceb6543 | 108 | for (i = 0; i <= FSCRYPT_MODE_MAX; i++) { |
22e9947a EB |
109 | fscrypt_destroy_prepared_key( |
110 | sb, &mk->mk_direct_keys[i]); | |
111 | fscrypt_destroy_prepared_key( | |
112 | sb, &mk->mk_iv_ino_lblk_64_keys[i]); | |
113 | fscrypt_destroy_prepared_key( | |
114 | sb, &mk->mk_iv_ino_lblk_32_keys[i]); | |
b103fb76 | 115 | } |
d7e7b9af EB |
116 | memzero_explicit(&mk->mk_ino_hash_key, |
117 | sizeof(mk->mk_ino_hash_key)); | |
118 | mk->mk_ino_hash_key_initialized = false; | |
5dae460c | 119 | |
d7e7b9af EB |
120 | /* Drop the structural ref associated with the active refs. */ |
121 | fscrypt_put_master_key(mk); | |
22d94f49 EB |
122 | } |
123 | ||
15baf554 EB |
124 | /* |
125 | * This transitions the key state from present to incompletely removed, and then | |
126 | * potentially to absent (depending on whether inodes remain). | |
127 | */ | |
128 | static void fscrypt_initiate_key_removal(struct super_block *sb, | |
129 | struct fscrypt_master_key *mk) | |
130 | { | |
131 | WRITE_ONCE(mk->mk_present, false); | |
132 | wipe_master_key_secret(&mk->mk_secret); | |
133 | fscrypt_put_master_key_activeref(sb, mk); | |
134 | } | |
135 | ||
22d94f49 EB |
136 | static inline bool valid_key_spec(const struct fscrypt_key_specifier *spec) |
137 | { | |
138 | if (spec->__reserved) | |
139 | return false; | |
140 | return master_key_spec_len(spec) != 0; | |
141 | } | |
142 | ||
23c688b5 EB |
143 | static int fscrypt_user_key_instantiate(struct key *key, |
144 | struct key_preparsed_payload *prep) | |
145 | { | |
146 | /* | |
147 | * We just charge FSCRYPT_MAX_KEY_SIZE bytes to the user's key quota for | |
148 | * each key, regardless of the exact key size. The amount of memory | |
149 | * actually used is greater than the size of the raw key anyway. | |
150 | */ | |
151 | return key_payload_reserve(key, FSCRYPT_MAX_KEY_SIZE); | |
152 | } | |
153 | ||
154 | static void fscrypt_user_key_describe(const struct key *key, struct seq_file *m) | |
155 | { | |
156 | seq_puts(m, key->description); | |
157 | } | |
158 | ||
159 | /* | |
160 | * Type of key in ->mk_users. Each key of this type represents a particular | |
161 | * user who has added a particular master key. | |
162 | * | |
163 | * Note that the name of this key type really should be something like | |
164 | * ".fscrypt-user" instead of simply ".fscrypt". But the shorter name is chosen | |
165 | * mainly for simplicity of presentation in /proc/keys when read by a non-root | |
166 | * user. And it is expected to be rare that a key is actually added by multiple | |
167 | * users, since users should keep their encryption keys confidential. | |
168 | */ | |
169 | static struct key_type key_type_fscrypt_user = { | |
170 | .name = ".fscrypt", | |
171 | .instantiate = fscrypt_user_key_instantiate, | |
172 | .describe = fscrypt_user_key_describe, | |
173 | }; | |
174 | ||
23c688b5 EB |
175 | #define FSCRYPT_MK_USERS_DESCRIPTION_SIZE \ |
176 | (CONST_STRLEN("fscrypt-") + 2 * FSCRYPT_KEY_IDENTIFIER_SIZE + \ | |
177 | CONST_STRLEN("-users") + 1) | |
178 | ||
179 | #define FSCRYPT_MK_USER_DESCRIPTION_SIZE \ | |
180 | (2 * FSCRYPT_KEY_IDENTIFIER_SIZE + CONST_STRLEN(".uid.") + 10 + 1) | |
181 | ||
23c688b5 EB |
182 | static void format_mk_users_keyring_description( |
183 | char description[FSCRYPT_MK_USERS_DESCRIPTION_SIZE], | |
184 | const u8 mk_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]) | |
185 | { | |
186 | sprintf(description, "fscrypt-%*phN-users", | |
187 | FSCRYPT_KEY_IDENTIFIER_SIZE, mk_identifier); | |
188 | } | |
189 | ||
190 | static void format_mk_user_description( | |
191 | char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE], | |
192 | const u8 mk_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]) | |
193 | { | |
194 | ||
195 | sprintf(description, "%*phN.uid.%u", FSCRYPT_KEY_IDENTIFIER_SIZE, | |
196 | mk_identifier, __kuid_val(current_fsuid())); | |
197 | } | |
198 | ||
22d94f49 EB |
199 | /* Create ->s_master_keys if needed. Synchronized by fscrypt_add_key_mutex. */ |
200 | static int allocate_filesystem_keyring(struct super_block *sb) | |
201 | { | |
d7e7b9af | 202 | struct fscrypt_keyring *keyring; |
22d94f49 EB |
203 | |
204 | if (sb->s_master_keys) | |
205 | return 0; | |
206 | ||
d7e7b9af EB |
207 | keyring = kzalloc(sizeof(*keyring), GFP_KERNEL); |
208 | if (!keyring) | |
209 | return -ENOMEM; | |
210 | spin_lock_init(&keyring->lock); | |
777afe4e EB |
211 | /* |
212 | * Pairs with the smp_load_acquire() in fscrypt_find_master_key(). | |
213 | * I.e., here we publish ->s_master_keys with a RELEASE barrier so that | |
214 | * concurrent tasks can ACQUIRE it. | |
215 | */ | |
22d94f49 EB |
216 | smp_store_release(&sb->s_master_keys, keyring); |
217 | return 0; | |
218 | } | |
219 | ||
d7e7b9af | 220 | /* |
ccd30a47 EB |
221 | * Release all encryption keys that have been added to the filesystem, along |
222 | * with the keyring that contains them. | |
d7e7b9af | 223 | * |
43e5f1d5 EB |
224 | * This is called at unmount time, after all potentially-encrypted inodes have |
225 | * been evicted. The filesystem's underlying block device(s) are still | |
226 | * available at this time; this is important because after user file accesses | |
227 | * have been allowed, this function may need to evict keys from the keyslots of | |
228 | * an inline crypto engine, which requires the block device(s). | |
d7e7b9af | 229 | */ |
ccd30a47 | 230 | void fscrypt_destroy_keyring(struct super_block *sb) |
22d94f49 | 231 | { |
d7e7b9af EB |
232 | struct fscrypt_keyring *keyring = sb->s_master_keys; |
233 | size_t i; | |
234 | ||
235 | if (!keyring) | |
236 | return; | |
237 | ||
238 | for (i = 0; i < ARRAY_SIZE(keyring->key_hashtable); i++) { | |
239 | struct hlist_head *bucket = &keyring->key_hashtable[i]; | |
240 | struct fscrypt_master_key *mk; | |
241 | struct hlist_node *tmp; | |
242 | ||
243 | hlist_for_each_entry_safe(mk, tmp, bucket, mk_node) { | |
244 | /* | |
43e5f1d5 EB |
245 | * Since all potentially-encrypted inodes were already |
246 | * evicted, every key remaining in the keyring should | |
247 | * have an empty inode list, and should only still be in | |
248 | * the keyring due to the single active ref associated | |
15baf554 EB |
249 | * with ->mk_present. There should be no structural |
250 | * refs beyond the one associated with the active ref. | |
d7e7b9af | 251 | */ |
41b2ad80 EB |
252 | WARN_ON_ONCE(refcount_read(&mk->mk_active_refs) != 1); |
253 | WARN_ON_ONCE(refcount_read(&mk->mk_struct_refs) != 1); | |
15baf554 EB |
254 | WARN_ON_ONCE(!mk->mk_present); |
255 | fscrypt_initiate_key_removal(sb, mk); | |
d7e7b9af EB |
256 | } |
257 | } | |
258 | kfree_sensitive(keyring); | |
22d94f49 EB |
259 | sb->s_master_keys = NULL; |
260 | } | |
261 | ||
d7e7b9af EB |
262 | static struct hlist_head * |
263 | fscrypt_mk_hash_bucket(struct fscrypt_keyring *keyring, | |
264 | const struct fscrypt_key_specifier *mk_spec) | |
265 | { | |
266 | /* | |
267 | * Since key specifiers should be "random" values, it is sufficient to | |
268 | * use a trivial hash function that just takes the first several bits of | |
269 | * the key specifier. | |
270 | */ | |
271 | unsigned long i = get_unaligned((unsigned long *)&mk_spec->u); | |
272 | ||
273 | return &keyring->key_hashtable[i % ARRAY_SIZE(keyring->key_hashtable)]; | |
274 | } | |
275 | ||
22d94f49 | 276 | /* |
d7e7b9af EB |
277 | * Find the specified master key struct in ->s_master_keys and take a structural |
278 | * ref to it. The structural ref guarantees that the key struct continues to | |
279 | * exist, but it does *not* guarantee that ->s_master_keys continues to contain | |
280 | * the key struct. The structural ref needs to be dropped by | |
281 | * fscrypt_put_master_key(). Returns NULL if the key struct is not found. | |
22d94f49 | 282 | */ |
d7e7b9af EB |
283 | struct fscrypt_master_key * |
284 | fscrypt_find_master_key(struct super_block *sb, | |
285 | const struct fscrypt_key_specifier *mk_spec) | |
22d94f49 | 286 | { |
d7e7b9af EB |
287 | struct fscrypt_keyring *keyring; |
288 | struct hlist_head *bucket; | |
289 | struct fscrypt_master_key *mk; | |
22d94f49 | 290 | |
777afe4e EB |
291 | /* |
292 | * Pairs with the smp_store_release() in allocate_filesystem_keyring(). | |
293 | * I.e., another task can publish ->s_master_keys concurrently, | |
294 | * executing a RELEASE barrier. We need to use smp_load_acquire() here | |
295 | * to safely ACQUIRE the memory the other task published. | |
296 | */ | |
297 | keyring = smp_load_acquire(&sb->s_master_keys); | |
22d94f49 | 298 | if (keyring == NULL) |
d7e7b9af EB |
299 | return NULL; /* No keyring yet, so no keys yet. */ |
300 | ||
301 | bucket = fscrypt_mk_hash_bucket(keyring, mk_spec); | |
302 | rcu_read_lock(); | |
303 | switch (mk_spec->type) { | |
304 | case FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR: | |
305 | hlist_for_each_entry_rcu(mk, bucket, mk_node) { | |
306 | if (mk->mk_spec.type == | |
307 | FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR && | |
308 | memcmp(mk->mk_spec.u.descriptor, | |
309 | mk_spec->u.descriptor, | |
310 | FSCRYPT_KEY_DESCRIPTOR_SIZE) == 0 && | |
311 | refcount_inc_not_zero(&mk->mk_struct_refs)) | |
312 | goto out; | |
313 | } | |
314 | break; | |
315 | case FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER: | |
316 | hlist_for_each_entry_rcu(mk, bucket, mk_node) { | |
317 | if (mk->mk_spec.type == | |
318 | FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER && | |
319 | memcmp(mk->mk_spec.u.identifier, | |
320 | mk_spec->u.identifier, | |
321 | FSCRYPT_KEY_IDENTIFIER_SIZE) == 0 && | |
322 | refcount_inc_not_zero(&mk->mk_struct_refs)) | |
323 | goto out; | |
324 | } | |
325 | break; | |
326 | } | |
327 | mk = NULL; | |
328 | out: | |
329 | rcu_read_unlock(); | |
330 | return mk; | |
22d94f49 EB |
331 | } |
332 | ||
23c688b5 EB |
333 | static int allocate_master_key_users_keyring(struct fscrypt_master_key *mk) |
334 | { | |
335 | char description[FSCRYPT_MK_USERS_DESCRIPTION_SIZE]; | |
336 | struct key *keyring; | |
337 | ||
338 | format_mk_users_keyring_description(description, | |
339 | mk->mk_spec.u.identifier); | |
340 | keyring = keyring_alloc(description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, | |
341 | current_cred(), KEY_POS_SEARCH | | |
342 | KEY_USR_SEARCH | KEY_USR_READ | KEY_USR_VIEW, | |
343 | KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); | |
344 | if (IS_ERR(keyring)) | |
345 | return PTR_ERR(keyring); | |
346 | ||
347 | mk->mk_users = keyring; | |
348 | return 0; | |
349 | } | |
350 | ||
351 | /* | |
352 | * Find the current user's "key" in the master key's ->mk_users. | |
353 | * Returns ERR_PTR(-ENOKEY) if not found. | |
354 | */ | |
355 | static struct key *find_master_key_user(struct fscrypt_master_key *mk) | |
356 | { | |
357 | char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE]; | |
d7e7b9af | 358 | key_ref_t keyref; |
23c688b5 EB |
359 | |
360 | format_mk_user_description(description, mk->mk_spec.u.identifier); | |
d7e7b9af EB |
361 | |
362 | /* | |
363 | * We need to mark the keyring reference as "possessed" so that we | |
364 | * acquire permission to search it, via the KEY_POS_SEARCH permission. | |
365 | */ | |
366 | keyref = keyring_search(make_key_ref(mk->mk_users, true /*possessed*/), | |
367 | &key_type_fscrypt_user, description, false); | |
368 | if (IS_ERR(keyref)) { | |
369 | if (PTR_ERR(keyref) == -EAGAIN || /* not found */ | |
370 | PTR_ERR(keyref) == -EKEYREVOKED) /* recently invalidated */ | |
371 | keyref = ERR_PTR(-ENOKEY); | |
372 | return ERR_CAST(keyref); | |
373 | } | |
374 | return key_ref_to_ptr(keyref); | |
23c688b5 EB |
375 | } |
376 | ||
377 | /* | |
378 | * Give the current user a "key" in ->mk_users. This charges the user's quota | |
379 | * and marks the master key as added by the current user, so that it cannot be | |
d7e7b9af EB |
380 | * removed by another user with the key. Either ->mk_sem must be held for |
381 | * write, or the master key must be still undergoing initialization. | |
23c688b5 EB |
382 | */ |
383 | static int add_master_key_user(struct fscrypt_master_key *mk) | |
384 | { | |
385 | char description[FSCRYPT_MK_USER_DESCRIPTION_SIZE]; | |
386 | struct key *mk_user; | |
387 | int err; | |
388 | ||
389 | format_mk_user_description(description, mk->mk_spec.u.identifier); | |
390 | mk_user = key_alloc(&key_type_fscrypt_user, description, | |
391 | current_fsuid(), current_gid(), current_cred(), | |
392 | KEY_POS_SEARCH | KEY_USR_VIEW, 0, NULL); | |
393 | if (IS_ERR(mk_user)) | |
394 | return PTR_ERR(mk_user); | |
395 | ||
396 | err = key_instantiate_and_link(mk_user, NULL, 0, mk->mk_users, NULL); | |
397 | key_put(mk_user); | |
398 | return err; | |
399 | } | |
400 | ||
401 | /* | |
402 | * Remove the current user's "key" from ->mk_users. | |
d7e7b9af | 403 | * ->mk_sem must be held for write. |
23c688b5 EB |
404 | * |
405 | * Returns 0 if removed, -ENOKEY if not found, or another -errno code. | |
406 | */ | |
407 | static int remove_master_key_user(struct fscrypt_master_key *mk) | |
408 | { | |
409 | struct key *mk_user; | |
410 | int err; | |
411 | ||
412 | mk_user = find_master_key_user(mk); | |
413 | if (IS_ERR(mk_user)) | |
414 | return PTR_ERR(mk_user); | |
415 | err = key_unlink(mk->mk_users, mk_user); | |
416 | key_put(mk_user); | |
417 | return err; | |
418 | } | |
419 | ||
22d94f49 | 420 | /* |
d7e7b9af EB |
421 | * Allocate a new fscrypt_master_key, transfer the given secret over to it, and |
422 | * insert it into sb->s_master_keys. | |
22d94f49 | 423 | */ |
d7e7b9af EB |
424 | static int add_new_master_key(struct super_block *sb, |
425 | struct fscrypt_master_key_secret *secret, | |
426 | const struct fscrypt_key_specifier *mk_spec) | |
22d94f49 | 427 | { |
d7e7b9af | 428 | struct fscrypt_keyring *keyring = sb->s_master_keys; |
22d94f49 | 429 | struct fscrypt_master_key *mk; |
22d94f49 EB |
430 | int err; |
431 | ||
432 | mk = kzalloc(sizeof(*mk), GFP_KERNEL); | |
433 | if (!mk) | |
434 | return -ENOMEM; | |
435 | ||
d7e7b9af EB |
436 | init_rwsem(&mk->mk_sem); |
437 | refcount_set(&mk->mk_struct_refs, 1); | |
22d94f49 EB |
438 | mk->mk_spec = *mk_spec; |
439 | ||
b1c0ec35 EB |
440 | INIT_LIST_HEAD(&mk->mk_decrypted_inodes); |
441 | spin_lock_init(&mk->mk_decrypted_inodes_lock); | |
442 | ||
23c688b5 EB |
443 | if (mk_spec->type == FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER) { |
444 | err = allocate_master_key_users_keyring(mk); | |
445 | if (err) | |
d7e7b9af | 446 | goto out_put; |
23c688b5 EB |
447 | err = add_master_key_user(mk); |
448 | if (err) | |
d7e7b9af | 449 | goto out_put; |
23c688b5 EB |
450 | } |
451 | ||
d7e7b9af | 452 | move_master_key_secret(&mk->mk_secret, secret); |
15baf554 EB |
453 | mk->mk_present = true; |
454 | refcount_set(&mk->mk_active_refs, 1); /* ->mk_present is true */ | |
22d94f49 | 455 | |
d7e7b9af EB |
456 | spin_lock(&keyring->lock); |
457 | hlist_add_head_rcu(&mk->mk_node, | |
458 | fscrypt_mk_hash_bucket(keyring, mk_spec)); | |
459 | spin_unlock(&keyring->lock); | |
22d94f49 EB |
460 | return 0; |
461 | ||
d7e7b9af EB |
462 | out_put: |
463 | fscrypt_put_master_key(mk); | |
22d94f49 EB |
464 | return err; |
465 | } | |
466 | ||
b1c0ec35 EB |
467 | #define KEY_DEAD 1 |
468 | ||
469 | static int add_existing_master_key(struct fscrypt_master_key *mk, | |
470 | struct fscrypt_master_key_secret *secret) | |
471 | { | |
23c688b5 | 472 | int err; |
b1c0ec35 | 473 | |
23c688b5 EB |
474 | /* |
475 | * If the current user is already in ->mk_users, then there's nothing to | |
d7e7b9af EB |
476 | * do. Otherwise, we need to add the user to ->mk_users. (Neither is |
477 | * applicable for v1 policy keys, which have NULL ->mk_users.) | |
23c688b5 EB |
478 | */ |
479 | if (mk->mk_users) { | |
d7e7b9af EB |
480 | struct key *mk_user = find_master_key_user(mk); |
481 | ||
23c688b5 EB |
482 | if (mk_user != ERR_PTR(-ENOKEY)) { |
483 | if (IS_ERR(mk_user)) | |
484 | return PTR_ERR(mk_user); | |
485 | key_put(mk_user); | |
486 | return 0; | |
487 | } | |
23c688b5 | 488 | err = add_master_key_user(mk); |
d7e7b9af | 489 | if (err) |
23c688b5 | 490 | return err; |
23c688b5 EB |
491 | } |
492 | ||
15baf554 EB |
493 | /* If the key is incompletely removed, make it present again. */ |
494 | if (!mk->mk_present) { | |
495 | if (!refcount_inc_not_zero(&mk->mk_active_refs)) { | |
496 | /* | |
497 | * Raced with the last active ref being dropped, so the | |
498 | * key has become, or is about to become, "absent". | |
499 | * Therefore, we need to allocate a new key struct. | |
500 | */ | |
d7e7b9af | 501 | return KEY_DEAD; |
15baf554 | 502 | } |
23c688b5 | 503 | move_master_key_secret(&mk->mk_secret, secret); |
15baf554 | 504 | WRITE_ONCE(mk->mk_present, true); |
d7e7b9af EB |
505 | } |
506 | ||
b1c0ec35 EB |
507 | return 0; |
508 | } | |
509 | ||
cdeb21da EB |
510 | static int do_add_master_key(struct super_block *sb, |
511 | struct fscrypt_master_key_secret *secret, | |
512 | const struct fscrypt_key_specifier *mk_spec) | |
22d94f49 EB |
513 | { |
514 | static DEFINE_MUTEX(fscrypt_add_key_mutex); | |
d7e7b9af | 515 | struct fscrypt_master_key *mk; |
22d94f49 EB |
516 | int err; |
517 | ||
518 | mutex_lock(&fscrypt_add_key_mutex); /* serialize find + link */ | |
d7e7b9af EB |
519 | |
520 | mk = fscrypt_find_master_key(sb, mk_spec); | |
521 | if (!mk) { | |
22d94f49 EB |
522 | /* Didn't find the key in ->s_master_keys. Add it. */ |
523 | err = allocate_filesystem_keyring(sb); | |
d7e7b9af EB |
524 | if (!err) |
525 | err = add_new_master_key(sb, secret, mk_spec); | |
22d94f49 | 526 | } else { |
b1c0ec35 | 527 | /* |
15baf554 EB |
528 | * Found the key in ->s_master_keys. Add the user to ->mk_users |
529 | * if needed, and make the key "present" again if possible. | |
b1c0ec35 | 530 | */ |
d7e7b9af EB |
531 | down_write(&mk->mk_sem); |
532 | err = add_existing_master_key(mk, secret); | |
533 | up_write(&mk->mk_sem); | |
b1c0ec35 | 534 | if (err == KEY_DEAD) { |
d7e7b9af EB |
535 | /* |
536 | * We found a key struct, but it's already been fully | |
537 | * removed. Ignore the old struct and add a new one. | |
538 | * fscrypt_add_key_mutex means we don't need to worry | |
539 | * about concurrent adds. | |
540 | */ | |
541 | err = add_new_master_key(sb, secret, mk_spec); | |
b1c0ec35 | 542 | } |
d7e7b9af | 543 | fscrypt_put_master_key(mk); |
22d94f49 | 544 | } |
22d94f49 EB |
545 | mutex_unlock(&fscrypt_add_key_mutex); |
546 | return err; | |
547 | } | |
548 | ||
cdeb21da EB |
549 | static int add_master_key(struct super_block *sb, |
550 | struct fscrypt_master_key_secret *secret, | |
551 | struct fscrypt_key_specifier *key_spec) | |
552 | { | |
553 | int err; | |
554 | ||
555 | if (key_spec->type == FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER) { | |
556 | err = fscrypt_init_hkdf(&secret->hkdf, secret->raw, | |
557 | secret->size); | |
558 | if (err) | |
559 | return err; | |
560 | ||
561 | /* | |
562 | * Now that the HKDF context is initialized, the raw key is no | |
563 | * longer needed. | |
564 | */ | |
565 | memzero_explicit(secret->raw, secret->size); | |
566 | ||
567 | /* Calculate the key identifier */ | |
568 | err = fscrypt_hkdf_expand(&secret->hkdf, | |
569 | HKDF_CONTEXT_KEY_IDENTIFIER, NULL, 0, | |
570 | key_spec->u.identifier, | |
571 | FSCRYPT_KEY_IDENTIFIER_SIZE); | |
572 | if (err) | |
573 | return err; | |
574 | } | |
575 | return do_add_master_key(sb, secret, key_spec); | |
576 | } | |
577 | ||
93edd392 EB |
578 | static int fscrypt_provisioning_key_preparse(struct key_preparsed_payload *prep) |
579 | { | |
580 | const struct fscrypt_provisioning_key_payload *payload = prep->data; | |
581 | ||
582 | if (prep->datalen < sizeof(*payload) + FSCRYPT_MIN_KEY_SIZE || | |
583 | prep->datalen > sizeof(*payload) + FSCRYPT_MAX_KEY_SIZE) | |
584 | return -EINVAL; | |
585 | ||
586 | if (payload->type != FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR && | |
587 | payload->type != FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER) | |
588 | return -EINVAL; | |
589 | ||
590 | if (payload->__reserved) | |
591 | return -EINVAL; | |
592 | ||
593 | prep->payload.data[0] = kmemdup(payload, prep->datalen, GFP_KERNEL); | |
594 | if (!prep->payload.data[0]) | |
595 | return -ENOMEM; | |
596 | ||
597 | prep->quotalen = prep->datalen; | |
598 | return 0; | |
599 | } | |
600 | ||
601 | static void fscrypt_provisioning_key_free_preparse( | |
602 | struct key_preparsed_payload *prep) | |
603 | { | |
453431a5 | 604 | kfree_sensitive(prep->payload.data[0]); |
93edd392 EB |
605 | } |
606 | ||
607 | static void fscrypt_provisioning_key_describe(const struct key *key, | |
608 | struct seq_file *m) | |
609 | { | |
610 | seq_puts(m, key->description); | |
611 | if (key_is_positive(key)) { | |
612 | const struct fscrypt_provisioning_key_payload *payload = | |
613 | key->payload.data[0]; | |
614 | ||
615 | seq_printf(m, ": %u [%u]", key->datalen, payload->type); | |
616 | } | |
617 | } | |
618 | ||
619 | static void fscrypt_provisioning_key_destroy(struct key *key) | |
620 | { | |
453431a5 | 621 | kfree_sensitive(key->payload.data[0]); |
93edd392 EB |
622 | } |
623 | ||
624 | static struct key_type key_type_fscrypt_provisioning = { | |
625 | .name = "fscrypt-provisioning", | |
626 | .preparse = fscrypt_provisioning_key_preparse, | |
627 | .free_preparse = fscrypt_provisioning_key_free_preparse, | |
628 | .instantiate = generic_key_instantiate, | |
629 | .describe = fscrypt_provisioning_key_describe, | |
630 | .destroy = fscrypt_provisioning_key_destroy, | |
631 | }; | |
632 | ||
633 | /* | |
634 | * Retrieve the raw key from the Linux keyring key specified by 'key_id', and | |
635 | * store it into 'secret'. | |
636 | * | |
637 | * The key must be of type "fscrypt-provisioning" and must have the field | |
638 | * fscrypt_provisioning_key_payload::type set to 'type', indicating that it's | |
639 | * only usable with fscrypt with the particular KDF version identified by | |
640 | * 'type'. We don't use the "logon" key type because there's no way to | |
641 | * completely restrict the use of such keys; they can be used by any kernel API | |
642 | * that accepts "logon" keys and doesn't require a specific service prefix. | |
643 | * | |
644 | * The ability to specify the key via Linux keyring key is intended for cases | |
645 | * where userspace needs to re-add keys after the filesystem is unmounted and | |
646 | * re-mounted. Most users should just provide the raw key directly instead. | |
647 | */ | |
648 | static int get_keyring_key(u32 key_id, u32 type, | |
649 | struct fscrypt_master_key_secret *secret) | |
650 | { | |
651 | key_ref_t ref; | |
652 | struct key *key; | |
653 | const struct fscrypt_provisioning_key_payload *payload; | |
654 | int err; | |
655 | ||
656 | ref = lookup_user_key(key_id, 0, KEY_NEED_SEARCH); | |
657 | if (IS_ERR(ref)) | |
658 | return PTR_ERR(ref); | |
659 | key = key_ref_to_ptr(ref); | |
660 | ||
661 | if (key->type != &key_type_fscrypt_provisioning) | |
662 | goto bad_key; | |
663 | payload = key->payload.data[0]; | |
664 | ||
665 | /* Don't allow fscrypt v1 keys to be used as v2 keys and vice versa. */ | |
666 | if (payload->type != type) | |
667 | goto bad_key; | |
668 | ||
669 | secret->size = key->datalen - sizeof(*payload); | |
670 | memcpy(secret->raw, payload->raw, secret->size); | |
671 | err = 0; | |
672 | goto out_put; | |
673 | ||
674 | bad_key: | |
675 | err = -EKEYREJECTED; | |
676 | out_put: | |
677 | key_ref_put(ref); | |
678 | return err; | |
679 | } | |
680 | ||
22d94f49 EB |
681 | /* |
682 | * Add a master encryption key to the filesystem, causing all files which were | |
683 | * encrypted with it to appear "unlocked" (decrypted) when accessed. | |
684 | * | |
23c688b5 EB |
685 | * When adding a key for use by v1 encryption policies, this ioctl is |
686 | * privileged, and userspace must provide the 'key_descriptor'. | |
687 | * | |
688 | * When adding a key for use by v2+ encryption policies, this ioctl is | |
689 | * unprivileged. This is needed, in general, to allow non-root users to use | |
690 | * encryption without encountering the visibility problems of process-subscribed | |
691 | * keyrings and the inability to properly remove keys. This works by having | |
692 | * each key identified by its cryptographically secure hash --- the | |
693 | * 'key_identifier'. The cryptographic hash ensures that a malicious user | |
694 | * cannot add the wrong key for a given identifier. Furthermore, each added key | |
695 | * is charged to the appropriate user's quota for the keyrings service, which | |
696 | * prevents a malicious user from adding too many keys. Finally, we forbid a | |
697 | * user from removing a key while other users have added it too, which prevents | |
698 | * a user who knows another user's key from causing a denial-of-service by | |
699 | * removing it at an inopportune time. (We tolerate that a user who knows a key | |
700 | * can prevent other users from removing it.) | |
701 | * | |
22d94f49 EB |
702 | * For more details, see the "FS_IOC_ADD_ENCRYPTION_KEY" section of |
703 | * Documentation/filesystems/fscrypt.rst. | |
704 | */ | |
705 | int fscrypt_ioctl_add_key(struct file *filp, void __user *_uarg) | |
706 | { | |
707 | struct super_block *sb = file_inode(filp)->i_sb; | |
708 | struct fscrypt_add_key_arg __user *uarg = _uarg; | |
709 | struct fscrypt_add_key_arg arg; | |
710 | struct fscrypt_master_key_secret secret; | |
711 | int err; | |
712 | ||
713 | if (copy_from_user(&arg, uarg, sizeof(arg))) | |
714 | return -EFAULT; | |
715 | ||
716 | if (!valid_key_spec(&arg.key_spec)) | |
717 | return -EINVAL; | |
718 | ||
22d94f49 EB |
719 | if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved))) |
720 | return -EINVAL; | |
721 | ||
cdeb21da EB |
722 | /* |
723 | * Only root can add keys that are identified by an arbitrary descriptor | |
724 | * rather than by a cryptographic hash --- since otherwise a malicious | |
725 | * user could add the wrong key. | |
726 | */ | |
727 | if (arg.key_spec.type == FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR && | |
728 | !capable(CAP_SYS_ADMIN)) | |
729 | return -EACCES; | |
730 | ||
22d94f49 | 731 | memset(&secret, 0, sizeof(secret)); |
93edd392 EB |
732 | if (arg.key_id) { |
733 | if (arg.raw_size != 0) | |
734 | return -EINVAL; | |
735 | err = get_keyring_key(arg.key_id, arg.key_spec.type, &secret); | |
736 | if (err) | |
737 | goto out_wipe_secret; | |
738 | } else { | |
739 | if (arg.raw_size < FSCRYPT_MIN_KEY_SIZE || | |
740 | arg.raw_size > FSCRYPT_MAX_KEY_SIZE) | |
741 | return -EINVAL; | |
742 | secret.size = arg.raw_size; | |
743 | err = -EFAULT; | |
744 | if (copy_from_user(secret.raw, uarg->raw, secret.size)) | |
745 | goto out_wipe_secret; | |
746 | } | |
22d94f49 | 747 | |
cdeb21da EB |
748 | err = add_master_key(sb, &secret, &arg.key_spec); |
749 | if (err) | |
23c688b5 | 750 | goto out_wipe_secret; |
5dae460c | 751 | |
cdeb21da EB |
752 | /* Return the key identifier to userspace, if applicable */ |
753 | err = -EFAULT; | |
754 | if (arg.key_spec.type == FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER && | |
755 | copy_to_user(uarg->key_spec.u.identifier, arg.key_spec.u.identifier, | |
756 | FSCRYPT_KEY_IDENTIFIER_SIZE)) | |
757 | goto out_wipe_secret; | |
758 | err = 0; | |
22d94f49 EB |
759 | out_wipe_secret: |
760 | wipe_master_key_secret(&secret); | |
761 | return err; | |
762 | } | |
763 | EXPORT_SYMBOL_GPL(fscrypt_ioctl_add_key); | |
764 | ||
218d921b EB |
765 | static void |
766 | fscrypt_get_test_dummy_secret(struct fscrypt_master_key_secret *secret) | |
cdeb21da EB |
767 | { |
768 | static u8 test_key[FSCRYPT_MAX_KEY_SIZE]; | |
218d921b EB |
769 | |
770 | get_random_once(test_key, FSCRYPT_MAX_KEY_SIZE); | |
771 | ||
772 | memset(secret, 0, sizeof(*secret)); | |
773 | secret->size = FSCRYPT_MAX_KEY_SIZE; | |
774 | memcpy(secret->raw, test_key, FSCRYPT_MAX_KEY_SIZE); | |
775 | } | |
776 | ||
777 | int fscrypt_get_test_dummy_key_identifier( | |
778 | u8 key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]) | |
779 | { | |
cdeb21da EB |
780 | struct fscrypt_master_key_secret secret; |
781 | int err; | |
782 | ||
218d921b | 783 | fscrypt_get_test_dummy_secret(&secret); |
cdeb21da | 784 | |
218d921b EB |
785 | err = fscrypt_init_hkdf(&secret.hkdf, secret.raw, secret.size); |
786 | if (err) | |
787 | goto out; | |
788 | err = fscrypt_hkdf_expand(&secret.hkdf, HKDF_CONTEXT_KEY_IDENTIFIER, | |
789 | NULL, 0, key_identifier, | |
790 | FSCRYPT_KEY_IDENTIFIER_SIZE); | |
791 | out: | |
792 | wipe_master_key_secret(&secret); | |
793 | return err; | |
794 | } | |
cdeb21da | 795 | |
218d921b EB |
796 | /** |
797 | * fscrypt_add_test_dummy_key() - add the test dummy encryption key | |
798 | * @sb: the filesystem instance to add the key to | |
097d7c1f | 799 | * @key_spec: the key specifier of the test dummy encryption key |
218d921b | 800 | * |
097d7c1f EB |
801 | * Add the key for the test_dummy_encryption mount option to the filesystem. To |
802 | * prevent misuse of this mount option, a per-boot random key is used instead of | |
803 | * a hardcoded one. This makes it so that any encrypted files created using | |
804 | * this option won't be accessible after a reboot. | |
218d921b EB |
805 | * |
806 | * Return: 0 on success, -errno on failure | |
807 | */ | |
808 | int fscrypt_add_test_dummy_key(struct super_block *sb, | |
097d7c1f | 809 | struct fscrypt_key_specifier *key_spec) |
218d921b | 810 | { |
218d921b EB |
811 | struct fscrypt_master_key_secret secret; |
812 | int err; | |
813 | ||
218d921b | 814 | fscrypt_get_test_dummy_secret(&secret); |
097d7c1f | 815 | err = add_master_key(sb, &secret, key_spec); |
cdeb21da EB |
816 | wipe_master_key_secret(&secret); |
817 | return err; | |
818 | } | |
819 | ||
5ab7189a EB |
820 | /* |
821 | * Verify that the current user has added a master key with the given identifier | |
822 | * (returns -ENOKEY if not). This is needed to prevent a user from encrypting | |
823 | * their files using some other user's key which they don't actually know. | |
824 | * Cryptographically this isn't much of a problem, but the semantics of this | |
825 | * would be a bit weird, so it's best to just forbid it. | |
826 | * | |
827 | * The system administrator (CAP_FOWNER) can override this, which should be | |
828 | * enough for any use cases where encryption policies are being set using keys | |
829 | * that were chosen ahead of time but aren't available at the moment. | |
830 | * | |
831 | * Note that the key may have already removed by the time this returns, but | |
832 | * that's okay; we just care whether the key was there at some point. | |
833 | * | |
834 | * Return: 0 if the key is added, -ENOKEY if it isn't, or another -errno code | |
835 | */ | |
836 | int fscrypt_verify_key_added(struct super_block *sb, | |
837 | const u8 identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]) | |
838 | { | |
839 | struct fscrypt_key_specifier mk_spec; | |
5ab7189a | 840 | struct fscrypt_master_key *mk; |
d7e7b9af | 841 | struct key *mk_user; |
5ab7189a EB |
842 | int err; |
843 | ||
844 | mk_spec.type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER; | |
845 | memcpy(mk_spec.u.identifier, identifier, FSCRYPT_KEY_IDENTIFIER_SIZE); | |
846 | ||
d7e7b9af EB |
847 | mk = fscrypt_find_master_key(sb, &mk_spec); |
848 | if (!mk) { | |
849 | err = -ENOKEY; | |
5ab7189a EB |
850 | goto out; |
851 | } | |
d7e7b9af | 852 | down_read(&mk->mk_sem); |
5ab7189a EB |
853 | mk_user = find_master_key_user(mk); |
854 | if (IS_ERR(mk_user)) { | |
855 | err = PTR_ERR(mk_user); | |
856 | } else { | |
857 | key_put(mk_user); | |
858 | err = 0; | |
859 | } | |
d7e7b9af EB |
860 | up_read(&mk->mk_sem); |
861 | fscrypt_put_master_key(mk); | |
5ab7189a EB |
862 | out: |
863 | if (err == -ENOKEY && capable(CAP_FOWNER)) | |
864 | err = 0; | |
865 | return err; | |
866 | } | |
867 | ||
b1c0ec35 EB |
868 | /* |
869 | * Try to evict the inode's dentries from the dentry cache. If the inode is a | |
870 | * directory, then it can have at most one dentry; however, that dentry may be | |
871 | * pinned by child dentries, so first try to evict the children too. | |
872 | */ | |
873 | static void shrink_dcache_inode(struct inode *inode) | |
874 | { | |
875 | struct dentry *dentry; | |
876 | ||
877 | if (S_ISDIR(inode->i_mode)) { | |
878 | dentry = d_find_any_alias(inode); | |
879 | if (dentry) { | |
880 | shrink_dcache_parent(dentry); | |
881 | dput(dentry); | |
882 | } | |
883 | } | |
884 | d_prune_aliases(inode); | |
885 | } | |
886 | ||
887 | static void evict_dentries_for_decrypted_inodes(struct fscrypt_master_key *mk) | |
888 | { | |
3e7807d5 | 889 | struct fscrypt_inode_info *ci; |
b1c0ec35 EB |
890 | struct inode *inode; |
891 | struct inode *toput_inode = NULL; | |
892 | ||
893 | spin_lock(&mk->mk_decrypted_inodes_lock); | |
894 | ||
895 | list_for_each_entry(ci, &mk->mk_decrypted_inodes, ci_master_key_link) { | |
896 | inode = ci->ci_inode; | |
897 | spin_lock(&inode->i_lock); | |
898 | if (inode->i_state & (I_FREEING | I_WILL_FREE | I_NEW)) { | |
899 | spin_unlock(&inode->i_lock); | |
900 | continue; | |
901 | } | |
902 | __iget(inode); | |
903 | spin_unlock(&inode->i_lock); | |
904 | spin_unlock(&mk->mk_decrypted_inodes_lock); | |
905 | ||
906 | shrink_dcache_inode(inode); | |
907 | iput(toput_inode); | |
908 | toput_inode = inode; | |
909 | ||
910 | spin_lock(&mk->mk_decrypted_inodes_lock); | |
911 | } | |
912 | ||
913 | spin_unlock(&mk->mk_decrypted_inodes_lock); | |
914 | iput(toput_inode); | |
915 | } | |
916 | ||
917 | static int check_for_busy_inodes(struct super_block *sb, | |
918 | struct fscrypt_master_key *mk) | |
919 | { | |
920 | struct list_head *pos; | |
921 | size_t busy_count = 0; | |
922 | unsigned long ino; | |
ae9ff8ad | 923 | char ino_str[50] = ""; |
b1c0ec35 EB |
924 | |
925 | spin_lock(&mk->mk_decrypted_inodes_lock); | |
926 | ||
927 | list_for_each(pos, &mk->mk_decrypted_inodes) | |
928 | busy_count++; | |
929 | ||
930 | if (busy_count == 0) { | |
931 | spin_unlock(&mk->mk_decrypted_inodes_lock); | |
932 | return 0; | |
933 | } | |
934 | ||
935 | { | |
936 | /* select an example file to show for debugging purposes */ | |
937 | struct inode *inode = | |
938 | list_first_entry(&mk->mk_decrypted_inodes, | |
3e7807d5 | 939 | struct fscrypt_inode_info, |
b1c0ec35 EB |
940 | ci_master_key_link)->ci_inode; |
941 | ino = inode->i_ino; | |
b1c0ec35 EB |
942 | } |
943 | spin_unlock(&mk->mk_decrypted_inodes_lock); | |
944 | ||
ae9ff8ad EB |
945 | /* If the inode is currently being created, ino may still be 0. */ |
946 | if (ino) | |
947 | snprintf(ino_str, sizeof(ino_str), ", including ino %lu", ino); | |
948 | ||
b1c0ec35 | 949 | fscrypt_warn(NULL, |
ae9ff8ad | 950 | "%s: %zu inode(s) still busy after removing key with %s %*phN%s", |
b1c0ec35 EB |
951 | sb->s_id, busy_count, master_key_spec_type(&mk->mk_spec), |
952 | master_key_spec_len(&mk->mk_spec), (u8 *)&mk->mk_spec.u, | |
ae9ff8ad | 953 | ino_str); |
b1c0ec35 EB |
954 | return -EBUSY; |
955 | } | |
956 | ||
957 | static int try_to_lock_encrypted_files(struct super_block *sb, | |
958 | struct fscrypt_master_key *mk) | |
959 | { | |
960 | int err1; | |
961 | int err2; | |
962 | ||
963 | /* | |
964 | * An inode can't be evicted while it is dirty or has dirty pages. | |
965 | * Thus, we first have to clean the inodes in ->mk_decrypted_inodes. | |
966 | * | |
967 | * Just do it the easy way: call sync_filesystem(). It's overkill, but | |
968 | * it works, and it's more important to minimize the amount of caches we | |
969 | * drop than the amount of data we sync. Also, unprivileged users can | |
970 | * already call sync_filesystem() via sys_syncfs() or sys_sync(). | |
971 | */ | |
972 | down_read(&sb->s_umount); | |
973 | err1 = sync_filesystem(sb); | |
974 | up_read(&sb->s_umount); | |
975 | /* If a sync error occurs, still try to evict as much as possible. */ | |
976 | ||
977 | /* | |
978 | * Inodes are pinned by their dentries, so we have to evict their | |
979 | * dentries. shrink_dcache_sb() would suffice, but would be overkill | |
980 | * and inappropriate for use by unprivileged users. So instead go | |
981 | * through the inodes' alias lists and try to evict each dentry. | |
982 | */ | |
983 | evict_dentries_for_decrypted_inodes(mk); | |
984 | ||
985 | /* | |
986 | * evict_dentries_for_decrypted_inodes() already iput() each inode in | |
987 | * the list; any inodes for which that dropped the last reference will | |
988 | * have been evicted due to fscrypt_drop_inode() detecting the key | |
989 | * removal and telling the VFS to evict the inode. So to finish, we | |
990 | * just need to check whether any inodes couldn't be evicted. | |
991 | */ | |
992 | err2 = check_for_busy_inodes(sb, mk); | |
993 | ||
994 | return err1 ?: err2; | |
995 | } | |
996 | ||
997 | /* | |
998 | * Try to remove an fscrypt master encryption key. | |
999 | * | |
78a1b96b EB |
1000 | * FS_IOC_REMOVE_ENCRYPTION_KEY (all_users=false) removes the current user's |
1001 | * claim to the key, then removes the key itself if no other users have claims. | |
1002 | * FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS (all_users=true) always removes the | |
1003 | * key itself. | |
23c688b5 | 1004 | * |
0fc24a65 EB |
1005 | * To "remove the key itself", first we transition the key to the "incompletely |
1006 | * removed" state, so that no more inodes can be unlocked with it. Then we try | |
1007 | * to evict all cached inodes that had been unlocked with the key. | |
b1c0ec35 EB |
1008 | * |
1009 | * If all inodes were evicted, then we unlink the fscrypt_master_key from the | |
1010 | * keyring. Otherwise it remains in the keyring in the "incompletely removed" | |
15baf554 EB |
1011 | * state where it tracks the list of remaining inodes. Userspace can execute |
1012 | * the ioctl again later to retry eviction, or alternatively can re-add the key. | |
b1c0ec35 EB |
1013 | * |
1014 | * For more details, see the "Removing keys" section of | |
1015 | * Documentation/filesystems/fscrypt.rst. | |
1016 | */ | |
78a1b96b | 1017 | static int do_remove_key(struct file *filp, void __user *_uarg, bool all_users) |
b1c0ec35 EB |
1018 | { |
1019 | struct super_block *sb = file_inode(filp)->i_sb; | |
1020 | struct fscrypt_remove_key_arg __user *uarg = _uarg; | |
1021 | struct fscrypt_remove_key_arg arg; | |
b1c0ec35 EB |
1022 | struct fscrypt_master_key *mk; |
1023 | u32 status_flags = 0; | |
1024 | int err; | |
d7e7b9af | 1025 | bool inodes_remain; |
b1c0ec35 EB |
1026 | |
1027 | if (copy_from_user(&arg, uarg, sizeof(arg))) | |
1028 | return -EFAULT; | |
1029 | ||
1030 | if (!valid_key_spec(&arg.key_spec)) | |
1031 | return -EINVAL; | |
1032 | ||
1033 | if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved))) | |
1034 | return -EINVAL; | |
1035 | ||
23c688b5 EB |
1036 | /* |
1037 | * Only root can add and remove keys that are identified by an arbitrary | |
1038 | * descriptor rather than by a cryptographic hash. | |
1039 | */ | |
1040 | if (arg.key_spec.type == FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR && | |
1041 | !capable(CAP_SYS_ADMIN)) | |
b1c0ec35 EB |
1042 | return -EACCES; |
1043 | ||
1044 | /* Find the key being removed. */ | |
d7e7b9af EB |
1045 | mk = fscrypt_find_master_key(sb, &arg.key_spec); |
1046 | if (!mk) | |
1047 | return -ENOKEY; | |
1048 | down_write(&mk->mk_sem); | |
b1c0ec35 | 1049 | |
78a1b96b | 1050 | /* If relevant, remove current user's (or all users) claim to the key */ |
23c688b5 | 1051 | if (mk->mk_users && mk->mk_users->keys.nr_leaves_on_tree != 0) { |
78a1b96b EB |
1052 | if (all_users) |
1053 | err = keyring_clear(mk->mk_users); | |
1054 | else | |
1055 | err = remove_master_key_user(mk); | |
23c688b5 | 1056 | if (err) { |
d7e7b9af | 1057 | up_write(&mk->mk_sem); |
23c688b5 EB |
1058 | goto out_put_key; |
1059 | } | |
1060 | if (mk->mk_users->keys.nr_leaves_on_tree != 0) { | |
1061 | /* | |
1062 | * Other users have still added the key too. We removed | |
1063 | * the current user's claim to the key, but we still | |
1064 | * can't remove the key itself. | |
1065 | */ | |
1066 | status_flags |= | |
1067 | FSCRYPT_KEY_REMOVAL_STATUS_FLAG_OTHER_USERS; | |
1068 | err = 0; | |
d7e7b9af | 1069 | up_write(&mk->mk_sem); |
23c688b5 EB |
1070 | goto out_put_key; |
1071 | } | |
1072 | } | |
1073 | ||
15baf554 | 1074 | /* No user claims remaining. Initiate removal of the key. */ |
d7e7b9af | 1075 | err = -ENOKEY; |
15baf554 EB |
1076 | if (mk->mk_present) { |
1077 | fscrypt_initiate_key_removal(sb, mk); | |
b1c0ec35 | 1078 | err = 0; |
d7e7b9af EB |
1079 | } |
1080 | inodes_remain = refcount_read(&mk->mk_active_refs) > 0; | |
1081 | up_write(&mk->mk_sem); | |
1082 | ||
1083 | if (inodes_remain) { | |
b1c0ec35 EB |
1084 | /* Some inodes still reference this key; try to evict them. */ |
1085 | err = try_to_lock_encrypted_files(sb, mk); | |
1086 | if (err == -EBUSY) { | |
1087 | status_flags |= | |
1088 | FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY; | |
1089 | err = 0; | |
1090 | } | |
1091 | } | |
1092 | /* | |
23c688b5 | 1093 | * We return 0 if we successfully did something: removed a claim to the |
15baf554 EB |
1094 | * key, initiated removal of the key, or tried locking the files again. |
1095 | * Users need to check the informational status flags if they care | |
1096 | * whether the key has been fully removed including all files locked. | |
b1c0ec35 | 1097 | */ |
23c688b5 | 1098 | out_put_key: |
d7e7b9af | 1099 | fscrypt_put_master_key(mk); |
b1c0ec35 EB |
1100 | if (err == 0) |
1101 | err = put_user(status_flags, &uarg->removal_status_flags); | |
1102 | return err; | |
1103 | } | |
78a1b96b EB |
1104 | |
1105 | int fscrypt_ioctl_remove_key(struct file *filp, void __user *uarg) | |
1106 | { | |
1107 | return do_remove_key(filp, uarg, false); | |
1108 | } | |
b1c0ec35 EB |
1109 | EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key); |
1110 | ||
78a1b96b EB |
1111 | int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *uarg) |
1112 | { | |
1113 | if (!capable(CAP_SYS_ADMIN)) | |
1114 | return -EACCES; | |
1115 | return do_remove_key(filp, uarg, true); | |
1116 | } | |
1117 | EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key_all_users); | |
1118 | ||
5a7e2992 EB |
1119 | /* |
1120 | * Retrieve the status of an fscrypt master encryption key. | |
1121 | * | |
1122 | * We set ->status to indicate whether the key is absent, present, or | |
15baf554 EB |
1123 | * incompletely removed. (For an explanation of what these statuses mean and |
1124 | * how they are represented internally, see struct fscrypt_master_key.) This | |
1125 | * field allows applications to easily determine the status of an encrypted | |
1126 | * directory without using a hack such as trying to open a regular file in it | |
1127 | * (which can confuse the "incompletely removed" status with absent or present). | |
5a7e2992 | 1128 | * |
23c688b5 EB |
1129 | * In addition, for v2 policy keys we allow applications to determine, via |
1130 | * ->status_flags and ->user_count, whether the key has been added by the | |
1131 | * current user, by other users, or by both. Most applications should not need | |
1132 | * this, since ordinarily only one user should know a given key. However, if a | |
1133 | * secret key is shared by multiple users, applications may wish to add an | |
1134 | * already-present key to prevent other users from removing it. This ioctl can | |
1135 | * be used to check whether that really is the case before the work is done to | |
1136 | * add the key --- which might e.g. require prompting the user for a passphrase. | |
1137 | * | |
5a7e2992 EB |
1138 | * For more details, see the "FS_IOC_GET_ENCRYPTION_KEY_STATUS" section of |
1139 | * Documentation/filesystems/fscrypt.rst. | |
1140 | */ | |
1141 | int fscrypt_ioctl_get_key_status(struct file *filp, void __user *uarg) | |
1142 | { | |
1143 | struct super_block *sb = file_inode(filp)->i_sb; | |
1144 | struct fscrypt_get_key_status_arg arg; | |
5a7e2992 EB |
1145 | struct fscrypt_master_key *mk; |
1146 | int err; | |
1147 | ||
1148 | if (copy_from_user(&arg, uarg, sizeof(arg))) | |
1149 | return -EFAULT; | |
1150 | ||
1151 | if (!valid_key_spec(&arg.key_spec)) | |
1152 | return -EINVAL; | |
1153 | ||
1154 | if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved))) | |
1155 | return -EINVAL; | |
1156 | ||
23c688b5 EB |
1157 | arg.status_flags = 0; |
1158 | arg.user_count = 0; | |
5a7e2992 EB |
1159 | memset(arg.__out_reserved, 0, sizeof(arg.__out_reserved)); |
1160 | ||
d7e7b9af EB |
1161 | mk = fscrypt_find_master_key(sb, &arg.key_spec); |
1162 | if (!mk) { | |
5a7e2992 EB |
1163 | arg.status = FSCRYPT_KEY_STATUS_ABSENT; |
1164 | err = 0; | |
1165 | goto out; | |
1166 | } | |
d7e7b9af | 1167 | down_read(&mk->mk_sem); |
5a7e2992 | 1168 | |
15baf554 | 1169 | if (!mk->mk_present) { |
d7e7b9af EB |
1170 | arg.status = refcount_read(&mk->mk_active_refs) > 0 ? |
1171 | FSCRYPT_KEY_STATUS_INCOMPLETELY_REMOVED : | |
1172 | FSCRYPT_KEY_STATUS_ABSENT /* raced with full removal */; | |
5a7e2992 EB |
1173 | err = 0; |
1174 | goto out_release_key; | |
1175 | } | |
1176 | ||
1177 | arg.status = FSCRYPT_KEY_STATUS_PRESENT; | |
23c688b5 EB |
1178 | if (mk->mk_users) { |
1179 | struct key *mk_user; | |
1180 | ||
1181 | arg.user_count = mk->mk_users->keys.nr_leaves_on_tree; | |
1182 | mk_user = find_master_key_user(mk); | |
1183 | if (!IS_ERR(mk_user)) { | |
1184 | arg.status_flags |= | |
1185 | FSCRYPT_KEY_STATUS_FLAG_ADDED_BY_SELF; | |
1186 | key_put(mk_user); | |
1187 | } else if (mk_user != ERR_PTR(-ENOKEY)) { | |
1188 | err = PTR_ERR(mk_user); | |
1189 | goto out_release_key; | |
1190 | } | |
1191 | } | |
5a7e2992 EB |
1192 | err = 0; |
1193 | out_release_key: | |
d7e7b9af EB |
1194 | up_read(&mk->mk_sem); |
1195 | fscrypt_put_master_key(mk); | |
5a7e2992 EB |
1196 | out: |
1197 | if (!err && copy_to_user(uarg, &arg, sizeof(arg))) | |
1198 | err = -EFAULT; | |
1199 | return err; | |
1200 | } | |
1201 | EXPORT_SYMBOL_GPL(fscrypt_ioctl_get_key_status); | |
1202 | ||
22d94f49 EB |
1203 | int __init fscrypt_init_keyring(void) |
1204 | { | |
23c688b5 EB |
1205 | int err; |
1206 | ||
23c688b5 EB |
1207 | err = register_key_type(&key_type_fscrypt_user); |
1208 | if (err) | |
d7e7b9af | 1209 | return err; |
23c688b5 | 1210 | |
93edd392 EB |
1211 | err = register_key_type(&key_type_fscrypt_provisioning); |
1212 | if (err) | |
1213 | goto err_unregister_fscrypt_user; | |
1214 | ||
23c688b5 EB |
1215 | return 0; |
1216 | ||
93edd392 EB |
1217 | err_unregister_fscrypt_user: |
1218 | unregister_key_type(&key_type_fscrypt_user); | |
23c688b5 | 1219 | return err; |
22d94f49 | 1220 | } |