56 	struct fscrypt_master_key *mk =  in fscrypt_free_master_key()  local
64 	kfree_sensitive(mk);  in fscrypt_free_master_key()
67 void fscrypt_put_master_key(struct fscrypt_master_key *mk)  in fscrypt_put_master_key()  argument
69 	if (!refcount_dec_and_test(&mk->mk_struct_refs))  in fscrypt_put_master_key()
76 	WARN_ON(refcount_read(&mk->mk_active_refs) != 0);  in fscrypt_put_master_key()
77 	key_put(mk->mk_users);  in fscrypt_put_master_key()
78 	mk->mk_users = NULL;  in fscrypt_put_master_key()
79 	call_rcu(&mk->mk_rcu_head, fscrypt_free_master_key);  in fscrypt_put_master_key()
82 void fscrypt_put_master_key_activeref(struct fscrypt_master_key *mk)  in fscrypt_put_master_key_activeref()  argument
84 	struct super_block *sb = mk->mk_sb;  in fscrypt_put_master_key_activeref()
88 	if (!refcount_dec_and_test(&mk->mk_active_refs))  in fscrypt_put_master_key_activeref()
97 	hlist_del_rcu(&mk->mk_node);  in fscrypt_put_master_key_activeref()
104 	WARN_ON(is_master_key_secret_present(&mk->mk_secret));  in fscrypt_put_master_key_activeref()
105 	WARN_ON(!list_empty(&mk->mk_decrypted_inodes));  in fscrypt_put_master_key_activeref()
109 				sb, &mk->mk_direct_keys[i]);  in fscrypt_put_master_key_activeref()
111 				sb, &mk->mk_iv_ino_lblk_64_keys[i]);  in fscrypt_put_master_key_activeref()
113 				sb, &mk->mk_iv_ino_lblk_32_keys[i]);  in fscrypt_put_master_key_activeref()
115 	memzero_explicit(&mk->mk_ino_hash_key,  in fscrypt_put_master_key_activeref()
116 			 sizeof(mk->mk_ino_hash_key));  in fscrypt_put_master_key_activeref()
117 	mk->mk_ino_hash_key_initialized = false;  in fscrypt_put_master_key_activeref()
120 	fscrypt_put_master_key(mk);  in fscrypt_put_master_key_activeref()
230 		struct fscrypt_master_key *mk;  in fscrypt_destroy_keyring()  local
233 		hlist_for_each_entry_safe(mk, tmp, bucket, mk_node) {  in fscrypt_destroy_keyring()
242 			WARN_ON(refcount_read(&mk->mk_active_refs) != 1);  in fscrypt_destroy_keyring()
243 			WARN_ON(refcount_read(&mk->mk_struct_refs) != 1);  in fscrypt_destroy_keyring()
244 			WARN_ON(!is_master_key_secret_present(&mk->mk_secret));  in fscrypt_destroy_keyring()
245 			wipe_master_key_secret(&mk->mk_secret);  in fscrypt_destroy_keyring()
246 			fscrypt_put_master_key_activeref(mk);  in fscrypt_destroy_keyring()
280 	struct fscrypt_master_key *mk;  in fscrypt_find_master_key()  local
296 		hlist_for_each_entry_rcu(mk, bucket, mk_node) {  in fscrypt_find_master_key()
297 			if (mk->mk_spec.type ==  in fscrypt_find_master_key()
299 			    memcmp(mk->mk_spec.u.descriptor,  in fscrypt_find_master_key()
302 			    refcount_inc_not_zero(&mk->mk_struct_refs))  in fscrypt_find_master_key()
307 		hlist_for_each_entry_rcu(mk, bucket, mk_node) {  in fscrypt_find_master_key()
308 			if (mk->mk_spec.type ==  in fscrypt_find_master_key()
310 			    memcmp(mk->mk_spec.u.identifier,  in fscrypt_find_master_key()
313 			    refcount_inc_not_zero(&mk->mk_struct_refs))  in fscrypt_find_master_key()
318 	mk = NULL;  in fscrypt_find_master_key()
321 	return mk;  in fscrypt_find_master_key()
324 static int allocate_master_key_users_keyring(struct fscrypt_master_key *mk)  in allocate_master_key_users_keyring()  argument
330 					    mk->mk_spec.u.identifier);  in allocate_master_key_users_keyring()
338 	mk->mk_users = keyring;  in allocate_master_key_users_keyring()
346 static struct key *find_master_key_user(struct fscrypt_master_key *mk)  in find_master_key_user()  argument
351 	format_mk_user_description(description, mk->mk_spec.u.identifier);  in find_master_key_user()
357 	keyref = keyring_search(make_key_ref(mk->mk_users, true /*possessed*/),  in find_master_key_user()
374 static int add_master_key_user(struct fscrypt_master_key *mk)  in add_master_key_user()  argument
380 	format_mk_user_description(description, mk->mk_spec.u.identifier);  in add_master_key_user()
387 	err = key_instantiate_and_link(mk_user, NULL, 0, mk->mk_users, NULL);  in add_master_key_user()
398 static int remove_master_key_user(struct fscrypt_master_key *mk)  in remove_master_key_user()  argument
403 	mk_user = find_master_key_user(mk);  in remove_master_key_user()
406 	err = key_unlink(mk->mk_users, mk_user);  in remove_master_key_user()
420 	struct fscrypt_master_key *mk;  in add_new_master_key()  local
423 	mk = kzalloc(sizeof(*mk), GFP_KERNEL);  in add_new_master_key()
424 	if (!mk)  in add_new_master_key()
427 	mk->mk_sb = sb;  in add_new_master_key()
428 	init_rwsem(&mk->mk_sem);  in add_new_master_key()
429 	refcount_set(&mk->mk_struct_refs, 1);  in add_new_master_key()
430 	mk->mk_spec = *mk_spec;  in add_new_master_key()
432 	INIT_LIST_HEAD(&mk->mk_decrypted_inodes);  in add_new_master_key()
433 	spin_lock_init(&mk->mk_decrypted_inodes_lock);  in add_new_master_key()
436 		err = allocate_master_key_users_keyring(mk);  in add_new_master_key()
439 		err = add_master_key_user(mk);  in add_new_master_key()
444 	move_master_key_secret(&mk->mk_secret, secret);  in add_new_master_key()
445 	refcount_set(&mk->mk_active_refs, 1); /* ->mk_secret is present */  in add_new_master_key()
448 	hlist_add_head_rcu(&mk->mk_node,  in add_new_master_key()
454 	fscrypt_put_master_key(mk);  in add_new_master_key()
460 static int add_existing_master_key(struct fscrypt_master_key *mk,  in add_existing_master_key()  argument
470 	if (mk->mk_users) {  in add_existing_master_key()
471 		struct key *mk_user = find_master_key_user(mk);  in add_existing_master_key()
479 		err = add_master_key_user(mk);  in add_existing_master_key()
485 	if (!is_master_key_secret_present(&mk->mk_secret)) {  in add_existing_master_key()
486 		if (!refcount_inc_not_zero(&mk->mk_active_refs))  in add_existing_master_key()
488 		move_master_key_secret(&mk->mk_secret, secret);  in add_existing_master_key()
499 	struct fscrypt_master_key *mk;  in do_add_master_key()  local
504 	mk = fscrypt_find_master_key(sb, mk_spec);  in do_add_master_key()
505 	if (!mk) {  in do_add_master_key()
515 		down_write(&mk->mk_sem);  in do_add_master_key()
516 		err = add_existing_master_key(mk, secret);  in do_add_master_key()
517 		up_write(&mk->mk_sem);  in do_add_master_key()
527 		fscrypt_put_master_key(mk);  in do_add_master_key()
832 	struct fscrypt_master_key *mk;  in fscrypt_verify_key_added()  local
839 	mk = fscrypt_find_master_key(sb, &mk_spec);  in fscrypt_verify_key_added()
840 	if (!mk) {  in fscrypt_verify_key_added()
844 	down_read(&mk->mk_sem);  in fscrypt_verify_key_added()
845 	mk_user = find_master_key_user(mk);  in fscrypt_verify_key_added()
852 	up_read(&mk->mk_sem);  in fscrypt_verify_key_added()
853 	fscrypt_put_master_key(mk);  in fscrypt_verify_key_added()
879 static void evict_dentries_for_decrypted_inodes(struct fscrypt_master_key *mk)  in evict_dentries_for_decrypted_inodes()  argument
885 	spin_lock(&mk->mk_decrypted_inodes_lock);  in evict_dentries_for_decrypted_inodes()
887 	list_for_each_entry(ci, &mk->mk_decrypted_inodes, ci_master_key_link) {  in evict_dentries_for_decrypted_inodes()
896 		spin_unlock(&mk->mk_decrypted_inodes_lock);  in evict_dentries_for_decrypted_inodes()
902 		spin_lock(&mk->mk_decrypted_inodes_lock);  in evict_dentries_for_decrypted_inodes()
905 	spin_unlock(&mk->mk_decrypted_inodes_lock);  in evict_dentries_for_decrypted_inodes()
910 				 struct fscrypt_master_key *mk)  in check_for_busy_inodes()  argument
917 	spin_lock(&mk->mk_decrypted_inodes_lock);  in check_for_busy_inodes()
919 	list_for_each(pos, &mk->mk_decrypted_inodes)  in check_for_busy_inodes()
923 		spin_unlock(&mk->mk_decrypted_inodes_lock);  in check_for_busy_inodes()
930 			list_first_entry(&mk->mk_decrypted_inodes,  in check_for_busy_inodes()
935 	spin_unlock(&mk->mk_decrypted_inodes_lock);  in check_for_busy_inodes()
943 		     sb->s_id, busy_count, master_key_spec_type(&mk->mk_spec),  in check_for_busy_inodes()
944 		     master_key_spec_len(&mk->mk_spec), (u8 *)&mk->mk_spec.u,  in check_for_busy_inodes()
950 				       struct fscrypt_master_key *mk)  in try_to_lock_encrypted_files()  argument
975 	evict_dentries_for_decrypted_inodes(mk);  in try_to_lock_encrypted_files()
984 	err2 = check_for_busy_inodes(sb, mk);  in try_to_lock_encrypted_files()
1015 	struct fscrypt_master_key *mk;  in do_remove_key()  local
1038 	mk = fscrypt_find_master_key(sb, &arg.key_spec);  in do_remove_key()
1039 	if (!mk)  in do_remove_key()
1041 	down_write(&mk->mk_sem);  in do_remove_key()
1044 	if (mk->mk_users && mk->mk_users->keys.nr_leaves_on_tree != 0) {  in do_remove_key()
1046 			err = keyring_clear(mk->mk_users);  in do_remove_key()
1048 			err = remove_master_key_user(mk);  in do_remove_key()
1050 			up_write(&mk->mk_sem);  in do_remove_key()
1053 		if (mk->mk_users->keys.nr_leaves_on_tree != 0) {  in do_remove_key()
1062 			up_write(&mk->mk_sem);  in do_remove_key()
1069 	if (is_master_key_secret_present(&mk->mk_secret)) {  in do_remove_key()
1070 		wipe_master_key_secret(&mk->mk_secret);  in do_remove_key()
1071 		fscrypt_put_master_key_activeref(mk);  in do_remove_key()
1074 	inodes_remain = refcount_read(&mk->mk_active_refs) > 0;  in do_remove_key()
1075 	up_write(&mk->mk_sem);  in do_remove_key()
1079 		err = try_to_lock_encrypted_files(sb, mk);  in do_remove_key()
1093 	fscrypt_put_master_key(mk);  in do_remove_key()
1140 	struct fscrypt_master_key *mk;  in fscrypt_ioctl_get_key_status()  local
1156 	mk = fscrypt_find_master_key(sb, &arg.key_spec);  in fscrypt_ioctl_get_key_status()
1157 	if (!mk) {  in fscrypt_ioctl_get_key_status()
1162 	down_read(&mk->mk_sem);  in fscrypt_ioctl_get_key_status()
1164 	if (!is_master_key_secret_present(&mk->mk_secret)) {  in fscrypt_ioctl_get_key_status()
1165 		arg.status = refcount_read(&mk->mk_active_refs) > 0 ?  in fscrypt_ioctl_get_key_status()
1173 	if (mk->mk_users) {  in fscrypt_ioctl_get_key_status()
1176 		arg.user_count = mk->mk_users->keys.nr_leaves_on_tree;  in fscrypt_ioctl_get_key_status()
1177 		mk_user = find_master_key_user(mk);  in fscrypt_ioctl_get_key_status()
1189 	up_read(&mk->mk_sem);  in fscrypt_ioctl_get_key_status()
1190 	fscrypt_put_master_key(mk);  in fscrypt_ioctl_get_key_status()