56 	struct fscrypt_master_key *mk =  in fscrypt_free_master_key()  local
64 	kfree_sensitive(mk);  in fscrypt_free_master_key()
67 void fscrypt_put_master_key(struct fscrypt_master_key *mk)  in fscrypt_put_master_key()  argument
69 	if (!refcount_dec_and_test(&mk->mk_struct_refs))  in fscrypt_put_master_key()
76 	WARN_ON_ONCE(refcount_read(&mk->mk_active_refs) != 0);  in fscrypt_put_master_key()
77 	key_put(mk->mk_users);  in fscrypt_put_master_key()
78 	mk->mk_users = NULL;  in fscrypt_put_master_key()
79 	call_rcu(&mk->mk_rcu_head, fscrypt_free_master_key);  in fscrypt_put_master_key()
83 				      struct fscrypt_master_key *mk)  in fscrypt_put_master_key_activeref()  argument
87 	if (!refcount_dec_and_test(&mk->mk_active_refs))  in fscrypt_put_master_key_activeref()
98 	hlist_del_rcu(&mk->mk_node);  in fscrypt_put_master_key_activeref()
105 	WARN_ON_ONCE(is_master_key_secret_present(&mk->mk_secret));  in fscrypt_put_master_key_activeref()
106 	WARN_ON_ONCE(!list_empty(&mk->mk_decrypted_inodes));  in fscrypt_put_master_key_activeref()
110 				sb, &mk->mk_direct_keys[i]);  in fscrypt_put_master_key_activeref()
112 				sb, &mk->mk_iv_ino_lblk_64_keys[i]);  in fscrypt_put_master_key_activeref()
114 				sb, &mk->mk_iv_ino_lblk_32_keys[i]);  in fscrypt_put_master_key_activeref()
116 	memzero_explicit(&mk->mk_ino_hash_key,  in fscrypt_put_master_key_activeref()
117 			 sizeof(mk->mk_ino_hash_key));  in fscrypt_put_master_key_activeref()
118 	mk->mk_ino_hash_key_initialized = false;  in fscrypt_put_master_key_activeref()
121 	fscrypt_put_master_key(mk);  in fscrypt_put_master_key_activeref()
228 		struct fscrypt_master_key *mk;  in fscrypt_destroy_keyring()  local
231 		hlist_for_each_entry_safe(mk, tmp, bucket, mk_node) {  in fscrypt_destroy_keyring()
240 			WARN_ON_ONCE(refcount_read(&mk->mk_active_refs) != 1);  in fscrypt_destroy_keyring()
241 			WARN_ON_ONCE(refcount_read(&mk->mk_struct_refs) != 1);  in fscrypt_destroy_keyring()
242 			WARN_ON_ONCE(!is_master_key_secret_present(&mk->mk_secret));  in fscrypt_destroy_keyring()
243 			wipe_master_key_secret(&mk->mk_secret);  in fscrypt_destroy_keyring()
244 			fscrypt_put_master_key_activeref(sb, mk);  in fscrypt_destroy_keyring()
278 	struct fscrypt_master_key *mk;  in fscrypt_find_master_key()  local
294 		hlist_for_each_entry_rcu(mk, bucket, mk_node) {  in fscrypt_find_master_key()
295 			if (mk->mk_spec.type ==  in fscrypt_find_master_key()
297 			    memcmp(mk->mk_spec.u.descriptor,  in fscrypt_find_master_key()
300 			    refcount_inc_not_zero(&mk->mk_struct_refs))  in fscrypt_find_master_key()
305 		hlist_for_each_entry_rcu(mk, bucket, mk_node) {  in fscrypt_find_master_key()
306 			if (mk->mk_spec.type ==  in fscrypt_find_master_key()
308 			    memcmp(mk->mk_spec.u.identifier,  in fscrypt_find_master_key()
311 			    refcount_inc_not_zero(&mk->mk_struct_refs))  in fscrypt_find_master_key()
316 	mk = NULL;  in fscrypt_find_master_key()
319 	return mk;  in fscrypt_find_master_key()
322 static int allocate_master_key_users_keyring(struct fscrypt_master_key *mk)  in allocate_master_key_users_keyring()  argument
328 					    mk->mk_spec.u.identifier);  in allocate_master_key_users_keyring()
336 	mk->mk_users = keyring;  in allocate_master_key_users_keyring()
344 static struct key *find_master_key_user(struct fscrypt_master_key *mk)  in find_master_key_user()  argument
349 	format_mk_user_description(description, mk->mk_spec.u.identifier);  in find_master_key_user()
355 	keyref = keyring_search(make_key_ref(mk->mk_users, true /*possessed*/),  in find_master_key_user()
372 static int add_master_key_user(struct fscrypt_master_key *mk)  in add_master_key_user()  argument
378 	format_mk_user_description(description, mk->mk_spec.u.identifier);  in add_master_key_user()
385 	err = key_instantiate_and_link(mk_user, NULL, 0, mk->mk_users, NULL);  in add_master_key_user()
396 static int remove_master_key_user(struct fscrypt_master_key *mk)  in remove_master_key_user()  argument
401 	mk_user = find_master_key_user(mk);  in remove_master_key_user()
404 	err = key_unlink(mk->mk_users, mk_user);  in remove_master_key_user()
418 	struct fscrypt_master_key *mk;  in add_new_master_key()  local
421 	mk = kzalloc(sizeof(*mk), GFP_KERNEL);  in add_new_master_key()
422 	if (!mk)  in add_new_master_key()
425 	init_rwsem(&mk->mk_sem);  in add_new_master_key()
426 	refcount_set(&mk->mk_struct_refs, 1);  in add_new_master_key()
427 	mk->mk_spec = *mk_spec;  in add_new_master_key()
429 	INIT_LIST_HEAD(&mk->mk_decrypted_inodes);  in add_new_master_key()
430 	spin_lock_init(&mk->mk_decrypted_inodes_lock);  in add_new_master_key()
433 		err = allocate_master_key_users_keyring(mk);  in add_new_master_key()
436 		err = add_master_key_user(mk);  in add_new_master_key()
441 	move_master_key_secret(&mk->mk_secret, secret);  in add_new_master_key()
442 	refcount_set(&mk->mk_active_refs, 1); /* ->mk_secret is present */  in add_new_master_key()
445 	hlist_add_head_rcu(&mk->mk_node,  in add_new_master_key()
451 	fscrypt_put_master_key(mk);  in add_new_master_key()
457 static int add_existing_master_key(struct fscrypt_master_key *mk,  in add_existing_master_key()  argument
467 	if (mk->mk_users) {  in add_existing_master_key()
468 		struct key *mk_user = find_master_key_user(mk);  in add_existing_master_key()
476 		err = add_master_key_user(mk);  in add_existing_master_key()
482 	if (!is_master_key_secret_present(&mk->mk_secret)) {  in add_existing_master_key()
483 		if (!refcount_inc_not_zero(&mk->mk_active_refs))  in add_existing_master_key()
485 		move_master_key_secret(&mk->mk_secret, secret);  in add_existing_master_key()
496 	struct fscrypt_master_key *mk;  in do_add_master_key()  local
501 	mk = fscrypt_find_master_key(sb, mk_spec);  in do_add_master_key()
502 	if (!mk) {  in do_add_master_key()
512 		down_write(&mk->mk_sem);  in do_add_master_key()
513 		err = add_existing_master_key(mk, secret);  in do_add_master_key()
514 		up_write(&mk->mk_sem);  in do_add_master_key()
524 		fscrypt_put_master_key(mk);  in do_add_master_key()
821 	struct fscrypt_master_key *mk;  in fscrypt_verify_key_added()  local
828 	mk = fscrypt_find_master_key(sb, &mk_spec);  in fscrypt_verify_key_added()
829 	if (!mk) {  in fscrypt_verify_key_added()
833 	down_read(&mk->mk_sem);  in fscrypt_verify_key_added()
834 	mk_user = find_master_key_user(mk);  in fscrypt_verify_key_added()
841 	up_read(&mk->mk_sem);  in fscrypt_verify_key_added()
842 	fscrypt_put_master_key(mk);  in fscrypt_verify_key_added()
868 static void evict_dentries_for_decrypted_inodes(struct fscrypt_master_key *mk)  in evict_dentries_for_decrypted_inodes()  argument
874 	spin_lock(&mk->mk_decrypted_inodes_lock);  in evict_dentries_for_decrypted_inodes()
876 	list_for_each_entry(ci, &mk->mk_decrypted_inodes, ci_master_key_link) {  in evict_dentries_for_decrypted_inodes()
885 		spin_unlock(&mk->mk_decrypted_inodes_lock);  in evict_dentries_for_decrypted_inodes()
891 		spin_lock(&mk->mk_decrypted_inodes_lock);  in evict_dentries_for_decrypted_inodes()
894 	spin_unlock(&mk->mk_decrypted_inodes_lock);  in evict_dentries_for_decrypted_inodes()
899 				 struct fscrypt_master_key *mk)  in check_for_busy_inodes()  argument
906 	spin_lock(&mk->mk_decrypted_inodes_lock);  in check_for_busy_inodes()
908 	list_for_each(pos, &mk->mk_decrypted_inodes)  in check_for_busy_inodes()
912 		spin_unlock(&mk->mk_decrypted_inodes_lock);  in check_for_busy_inodes()
919 			list_first_entry(&mk->mk_decrypted_inodes,  in check_for_busy_inodes()
924 	spin_unlock(&mk->mk_decrypted_inodes_lock);  in check_for_busy_inodes()
932 		     sb->s_id, busy_count, master_key_spec_type(&mk->mk_spec),  in check_for_busy_inodes()
933 		     master_key_spec_len(&mk->mk_spec), (u8 *)&mk->mk_spec.u,  in check_for_busy_inodes()
939 				       struct fscrypt_master_key *mk)  in try_to_lock_encrypted_files()  argument
964 	evict_dentries_for_decrypted_inodes(mk);  in try_to_lock_encrypted_files()
973 	err2 = check_for_busy_inodes(sb, mk);  in try_to_lock_encrypted_files()
1004 	struct fscrypt_master_key *mk;  in do_remove_key()  local
1027 	mk = fscrypt_find_master_key(sb, &arg.key_spec);  in do_remove_key()
1028 	if (!mk)  in do_remove_key()
1030 	down_write(&mk->mk_sem);  in do_remove_key()
1033 	if (mk->mk_users && mk->mk_users->keys.nr_leaves_on_tree != 0) {  in do_remove_key()
1035 			err = keyring_clear(mk->mk_users);  in do_remove_key()
1037 			err = remove_master_key_user(mk);  in do_remove_key()
1039 			up_write(&mk->mk_sem);  in do_remove_key()
1042 		if (mk->mk_users->keys.nr_leaves_on_tree != 0) {  in do_remove_key()
1051 			up_write(&mk->mk_sem);  in do_remove_key()
1058 	if (is_master_key_secret_present(&mk->mk_secret)) {  in do_remove_key()
1059 		wipe_master_key_secret(&mk->mk_secret);  in do_remove_key()
1060 		fscrypt_put_master_key_activeref(sb, mk);  in do_remove_key()
1063 	inodes_remain = refcount_read(&mk->mk_active_refs) > 0;  in do_remove_key()
1064 	up_write(&mk->mk_sem);  in do_remove_key()
1068 		err = try_to_lock_encrypted_files(sb, mk);  in do_remove_key()
1082 	fscrypt_put_master_key(mk);  in do_remove_key()
1129 	struct fscrypt_master_key *mk;  in fscrypt_ioctl_get_key_status()  local
1145 	mk = fscrypt_find_master_key(sb, &arg.key_spec);  in fscrypt_ioctl_get_key_status()
1146 	if (!mk) {  in fscrypt_ioctl_get_key_status()
1151 	down_read(&mk->mk_sem);  in fscrypt_ioctl_get_key_status()
1153 	if (!is_master_key_secret_present(&mk->mk_secret)) {  in fscrypt_ioctl_get_key_status()
1154 		arg.status = refcount_read(&mk->mk_active_refs) > 0 ?  in fscrypt_ioctl_get_key_status()
1162 	if (mk->mk_users) {  in fscrypt_ioctl_get_key_status()
1165 		arg.user_count = mk->mk_users->keys.nr_leaves_on_tree;  in fscrypt_ioctl_get_key_status()
1166 		mk_user = find_master_key_user(mk);  in fscrypt_ioctl_get_key_status()
1178 	up_read(&mk->mk_sem);  in fscrypt_ioctl_get_key_status()
1179 	fscrypt_put_master_key(mk);  in fscrypt_ioctl_get_key_status()