From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Biggers Date: Mon, 05 Aug 2019 16:25:16 +0000 Subject: [PATCH v8 15/20] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS ioctl Message-Id: <20190805162521.90882-16-ebiggers@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: base64 List-Id: References: <20190805162521.90882-1-ebiggers@kernel.org> In-Reply-To: <20190805162521.90882-1-ebiggers@kernel.org> To: linux-fscrypt@vger.kernel.org Cc: Satya Tangirala , Theodore Ts'o , linux-api@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, keyrings@vger.kernel.org, linux-mtd@lists.infradead.org, linux-crypto@vger.kernel.org, linux-fsdevel@vger.kernel.org, Jaegeuk Kim , linux-ext4@vger.kernel.org, Paul Crowley RnJvbTogRXJpYyBCaWdnZXJzIDxlYmlnZ2Vyc0Bnb29nbGUuY29tPgoKQWRkIGEgcm9vdC1vbmx5 IHZhcmlhbnQgb2YgdGhlIEZTX0lPQ19SRU1PVkVfRU5DUllQVElPTl9LRVkgaW9jdGwgd2hpY2gK cmVtb3ZlcyBhbGwgdXNlcnMnIGNsYWltcyBvZiB0aGUga2V5LCBub3QganVzdCB0aGUgY3VycmVu dCB1c2VyJ3MgY2xhaW0uCkkuZS4sIGl0IGFsd2F5cyByZW1vdmVzIHRoZSBrZXkgaXRzZWxmLCBu byBtYXR0ZXIgaG93IG1hbnkgdXNlcnMgaGF2ZQphZGRlZCBpdC4KClRoaXMgaXMgdXNlZnVsIGZv ciBmb3JjaW5nIGEgZGlyZWN0b3J5IHRvIGJlIGxvY2tlZCwgd2l0aG91dCBoYXZpbmcgdG8KZmln dXJlIG91dCB3aGljaCB1c2VyIElEKHMpIHRoZSBrZXkgd2FzIGFkZGVkIHVuZGVyLiAgVGhpcyBp cyBwbGFubmVkIHRvCmJlIHVzZWQgYnkgYSBjb21tYW5kIGxpa2UgJ3N1ZG8gZnNjcnlwdCBsb2Nr IERJUiAtLWFsbC11c2VycycgaW4gdGhlCmZzY3J5cHQgdXNlcnNwYWNlIHRvb2wgKGh0dHA6Ly9n aXRodWIuY29tL2dvb2dsZS9mc2NyeXB0KS4KClNpZ25lZC1vZmYtYnk6IEVyaWMgQmlnZ2VycyA8 ZWJpZ2dlcnNAZ29vZ2xlLmNvbT4KLS0tCiBmcy9jcnlwdG8va2V5cmluZy5jICAgICAgICAgIHwg MjkgKysrKysrKysrKysrKysrKysrKysrKysrLS0tLS0KIGluY2x1ZGUvbGludXgvZnNjcnlwdC5o ICAgICAgfCAgOCArKysrKysrKwogaW5jbHVkZS91YXBpL2xpbnV4L2ZzY3J5cHQuaCB8ICAxICsK IDMgZmlsZXMgY2hhbmdlZCwgMzMgaW5zZXJ0aW9ucygrKSwgNSBkZWxldGlvbnMoLSkKCmRpZmYg LS1naXQgYS9mcy9jcnlwdG8va2V5cmluZy5jIGIvZnMvY3J5cHRvL2tleXJpbmcuYwppbmRleCAy ZjQ3NDY0ZjhjZjYwMy4uODZiZmNjMDJiMzFmY2YgMTAwNjQ0Ci0tLSBhL2ZzL2NyeXB0by9rZXly aW5nLmMKKysrIGIvZnMvY3J5cHRvL2tleXJpbmcuYwpAQCAtMTEsNiArMTEsNyBAQAogICoKICAq IC0gRlNfSU9DX0FERF9FTkNSWVBUSU9OX0tFWQogICogLSBGU19JT0NfUkVNT1ZFX0VOQ1JZUFRJ T05fS0VZCisgKiAtIEZTX0lPQ19SRU1PVkVfRU5DUllQVElPTl9LRVlfQUxMX1VTRVJTCiAgKiAt IEZTX0lPQ19HRVRfRU5DUllQVElPTl9LRVlfU1RBVFVTCiAgKgogICogU2VlIHRoZSAiVXNlciBB UEkiIHNlY3Rpb24gb2YgRG9jdW1lbnRhdGlvbi9maWxlc3lzdGVtcy9mc2NyeXB0LnJzdCBmb3Ig bW9yZQpAQCAtNjk5LDggKzcwMCwxMCBAQCBzdGF0aWMgaW50IHRyeV90b19sb2NrX2VuY3J5cHRl ZF9maWxlcyhzdHJ1Y3Qgc3VwZXJfYmxvY2sgKnNiLAogLyoKICAqIFRyeSB0byByZW1vdmUgYW4g ZnNjcnlwdCBtYXN0ZXIgZW5jcnlwdGlvbiBrZXkuCiAgKgotICogVGhpcyByZW1vdmVzIHRoZSBj dXJyZW50IHVzZXIncyBjbGFpbSB0byB0aGUga2V5LCB0aGVuIHJlbW92ZXMgdGhlIGtleSBpdHNl bGYKLSAqIGlmIG5vIG90aGVyIHVzZXJzIGhhdmUgY2xhaW1zLgorICogRlNfSU9DX1JFTU9WRV9F TkNSWVBUSU9OX0tFWSAoYWxsX3VzZXJz+mxzZSkgcmVtb3ZlcyB0aGUgY3VycmVudCB1c2VyJ3MK KyAqIGNsYWltIHRvIHRoZSBrZXksIHRoZW4gcmVtb3ZlcyB0aGUga2V5IGl0c2VsZiBpZiBubyBv dGhlciB1c2VycyBoYXZlIGNsYWltcy4KKyAqIEZTX0lPQ19SRU1PVkVfRU5DUllQVElPTl9LRVlf QUxMX1VTRVJTIChhbGxfdXNlcnM9dHJ1ZSkgYWx3YXlzIHJlbW92ZXMgdGhlCisgKiBrZXkgaXRz ZWxmLgogICoKICAqIFRvICJyZW1vdmUgdGhlIGtleSBpdHNlbGYiLCBmaXJzdCB3ZSB3aXBlIHRo ZSBhY3R1YWwgbWFzdGVyIGtleSBzZWNyZXQsIHNvCiAgKiB0aGF0IG5vIG1vcmUgaW5vZGVzIGNh biBiZSB1bmxvY2tlZCB3aXRoIGl0LiAgVGhlbiB3ZSB0cnkgdG8gZXZpY3QgYWxsIGNhY2hlZApA QCAtNzE1LDcgKzcxOCw3IEBAIHN0YXRpYyBpbnQgdHJ5X3RvX2xvY2tfZW5jcnlwdGVkX2ZpbGVz KHN0cnVjdCBzdXBlcl9ibG9jayAqc2IsCiAgKiBGb3IgbW9yZSBkZXRhaWxzLCBzZWUgdGhlICJS ZW1vdmluZyBrZXlzIiBzZWN0aW9uIG9mCiAgKiBEb2N1bWVudGF0aW9uL2ZpbGVzeXN0ZW1zL2Zz Y3J5cHQucnN0LgogICovCi1pbnQgZnNjcnlwdF9pb2N0bF9yZW1vdmVfa2V5KHN0cnVjdCBmaWxl ICpmaWxwLCB2b2lkIF9fdXNlciAqX3VhcmcpCitzdGF0aWMgaW50IGRvX3JlbW92ZV9rZXkoc3Ry dWN0IGZpbGUgKmZpbHAsIHZvaWQgX191c2VyICpfdWFyZywgYm9vbCBhbGxfdXNlcnMpCiB7CiAJ c3RydWN0IHN1cGVyX2Jsb2NrICpzYiA9IGZpbGVfaW5vZGUoZmlscCktPmlfc2I7CiAJc3RydWN0 IGZzY3J5cHRfcmVtb3ZlX2tleV9hcmcgX191c2VyICp1YXJnID0gX3Vhcmc7CkBAIC03NTEsOSAr NzU0LDEyIEBAIGludCBmc2NyeXB0X2lvY3RsX3JlbW92ZV9rZXkoc3RydWN0IGZpbGUgKmZpbHAs IHZvaWQgX191c2VyICpfdWFyZykKIAogCWRvd25fd3JpdGUoJmtleS0+c2VtKTsKIAotCS8qIElm IHJlbGV2YW50LCByZW1vdmUgY3VycmVudCB1c2VyJ3MgY2xhaW0gdG8gdGhlIGtleSAqLworCS8q IElmIHJlbGV2YW50LCByZW1vdmUgY3VycmVudCB1c2VyJ3MgKG9yIGFsbCB1c2VycykgY2xhaW0g dG8gdGhlIGtleSAqLwogCWlmIChtay0+bWtfdXNlcnMgJiYgbWstPm1rX3VzZXJzLT5rZXlzLm5y X2xlYXZlc19vbl90cmVlICE9IDApIHsKLQkJZXJyID0gcmVtb3ZlX21hc3Rlcl9rZXlfdXNlciht ayk7CisJCWlmIChhbGxfdXNlcnMpCisJCQllcnIgPSBrZXlyaW5nX2NsZWFyKG1rLT5ta191c2Vy cyk7CisJCWVsc2UKKwkJCWVyciA9IHJlbW92ZV9tYXN0ZXJfa2V5X3VzZXIobWspOwogCQlpZiAo ZXJyKSB7CiAJCQl1cF93cml0ZSgma2V5LT5zZW0pOwogCQkJZ290byBvdXRfcHV0X2tleTsKQEAg LTgwNiw4ICs4MTIsMjEgQEAgaW50IGZzY3J5cHRfaW9jdGxfcmVtb3ZlX2tleShzdHJ1Y3QgZmls ZSAqZmlscCwgdm9pZCBfX3VzZXIgKl91YXJnKQogCQllcnIgPSBwdXRfdXNlcihzdGF0dXNfZmxh Z3MsICZ1YXJnLT5yZW1vdmFsX3N0YXR1c19mbGFncyk7CiAJcmV0dXJuIGVycjsKIH0KKworaW50 IGZzY3J5cHRfaW9jdGxfcmVtb3ZlX2tleShzdHJ1Y3QgZmlsZSAqZmlscCwgdm9pZCBfX3VzZXIg KnVhcmcpCit7CisJcmV0dXJuIGRvX3JlbW92ZV9rZXkoZmlscCwgdWFyZywgZmFsc2UpOworfQog RVhQT1JUX1NZTUJPTF9HUEwoZnNjcnlwdF9pb2N0bF9yZW1vdmVfa2V5KTsKIAoraW50IGZzY3J5 cHRfaW9jdGxfcmVtb3ZlX2tleV9hbGxfdXNlcnMoc3RydWN0IGZpbGUgKmZpbHAsIHZvaWQgX191 c2VyICp1YXJnKQoreworCWlmICghY2FwYWJsZShDQVBfU1lTX0FETUlOKSkKKwkJcmV0dXJuIC1F QUNDRVM7CisJcmV0dXJuIGRvX3JlbW92ZV9rZXkoZmlscCwgdWFyZywgdHJ1ZSk7Cit9CitFWFBP UlRfU1lNQk9MX0dQTChmc2NyeXB0X2lvY3RsX3JlbW92ZV9rZXlfYWxsX3VzZXJzKTsKKwogLyoK ICAqIFJldHJpZXZlIHRoZSBzdGF0dXMgb2YgYW4gZnNjcnlwdCBtYXN0ZXIgZW5jcnlwdGlvbiBr ZXkuCiAgKgpkaWZmIC0tZ2l0IGEvaW5jbHVkZS9saW51eC9mc2NyeXB0LmggYi9pbmNsdWRlL2xp bnV4L2ZzY3J5cHQuaAppbmRleCA4YjhmZjA0ODQwNDI5Ny4uZjYyMmY3NDYwZWQ4YzYgMTAwNjQ0 Ci0tLSBhL2luY2x1ZGUvbGludXgvZnNjcnlwdC5oCisrKyBiL2luY2x1ZGUvbGludXgvZnNjcnlw dC5oCkBAIC0xNDMsNiArMTQzLDggQEAgZXh0ZXJuIGludCBmc2NyeXB0X2luaGVyaXRfY29udGV4 dChzdHJ1Y3QgaW5vZGUgKiwgc3RydWN0IGlub2RlICosCiBleHRlcm4gdm9pZCBmc2NyeXB0X3Ni X2ZyZWUoc3RydWN0IHN1cGVyX2Jsb2NrICpzYik7CiBleHRlcm4gaW50IGZzY3J5cHRfaW9jdGxf YWRkX2tleShzdHJ1Y3QgZmlsZSAqZmlscCwgdm9pZCBfX3VzZXIgKmFyZyk7CiBleHRlcm4gaW50 IGZzY3J5cHRfaW9jdGxfcmVtb3ZlX2tleShzdHJ1Y3QgZmlsZSAqZmlscCwgdm9pZCBfX3VzZXIg KmFyZyk7CitleHRlcm4gaW50IGZzY3J5cHRfaW9jdGxfcmVtb3ZlX2tleV9hbGxfdXNlcnMoc3Ry dWN0IGZpbGUgKmZpbHAsCisJCQkJCSAgICAgIHZvaWQgX191c2VyICphcmcpOwogZXh0ZXJuIGlu dCBmc2NyeXB0X2lvY3RsX2dldF9rZXlfc3RhdHVzKHN0cnVjdCBmaWxlICpmaWxwLCB2b2lkIF9f dXNlciAqYXJnKTsKIAogLyoga2V5c2V0dXAuYyAqLwpAQCAtMzk2LDYgKzM5OCwxMiBAQCBzdGF0 aWMgaW5saW5lIGludCBmc2NyeXB0X2lvY3RsX3JlbW92ZV9rZXkoc3RydWN0IGZpbGUgKmZpbHAs IHZvaWQgX191c2VyICphcmcpCiAJcmV0dXJuIC1FT1BOT1RTVVBQOwogfQogCitzdGF0aWMgaW5s aW5lIGludCBmc2NyeXB0X2lvY3RsX3JlbW92ZV9rZXlfYWxsX3VzZXJzKHN0cnVjdCBmaWxlICpm aWxwLAorCQkJCQkJICAgICB2b2lkIF9fdXNlciAqYXJnKQoreworCXJldHVybiAtRU9QTk9UU1VQ UDsKK30KKwogc3RhdGljIGlubGluZSBpbnQgZnNjcnlwdF9pb2N0bF9nZXRfa2V5X3N0YXR1cyhz dHJ1Y3QgZmlsZSAqZmlscCwKIAkJCQkJICAgICAgIHZvaWQgX191c2VyICphcmcpCiB7CmRpZmYg LS1naXQgYS9pbmNsdWRlL3VhcGkvbGludXgvZnNjcnlwdC5oIGIvaW5jbHVkZS91YXBpL2xpbnV4 L2ZzY3J5cHQuaAppbmRleCBiOWZiNzc1ZTNkYjhlNC4uMzljY2ZlOTMxMWMzODcgMTAwNjQ0Ci0t LSBhL2luY2x1ZGUvdWFwaS9saW51eC9mc2NyeXB0LmgKKysrIGIvaW5jbHVkZS91YXBpL2xpbnV4 L2ZzY3J5cHQuaApAQCAtMTQ4LDYgKzE0OCw3IEBAIHN0cnVjdCBmc2NyeXB0X2dldF9rZXlfc3Rh dHVzX2FyZyB7CiAjZGVmaW5lIEZTX0lPQ19HRVRfRU5DUllQVElPTl9QT0xJQ1lfRVgJCV9JT1dS KCdmJywgMjIsIF9fdThbOV0pIC8qIHNpemUgKyB2ZXJzaW9uICovCiAjZGVmaW5lIEZTX0lPQ19B RERfRU5DUllQVElPTl9LRVkJCV9JT1dSKCdmJywgMjMsIHN0cnVjdCBmc2NyeXB0X2FkZF9rZXlf YXJnKQogI2RlZmluZSBGU19JT0NfUkVNT1ZFX0VOQ1JZUFRJT05fS0VZCQlfSU9XUignZicsIDI0 LCBzdHJ1Y3QgZnNjcnlwdF9yZW1vdmVfa2V5X2FyZykKKyNkZWZpbmUgRlNfSU9DX1JFTU9WRV9F TkNSWVBUSU9OX0tFWV9BTExfVVNFUlMJX0lPV1IoJ2YnLCAyNSwgc3RydWN0IGZzY3J5cHRfcmVt b3ZlX2tleV9hcmcpCiAjZGVmaW5lIEZTX0lPQ19HRVRfRU5DUllQVElPTl9LRVlfU1RBVFVTCV9J T1dSKCdmJywgMjYsIHN0cnVjdCBmc2NyeXB0X2dldF9rZXlfc3RhdHVzX2FyZykKIAogLyoqKioq KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKiovCi0tIAoyLjIyLjAuNzcwLmcwZjJjNGEzN2ZkLWdvb2cK From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Biggers Subject: [PATCH v8 15/20] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS ioctl Date: Mon, 5 Aug 2019 09:25:16 -0700 Message-ID: <20190805162521.90882-16-ebiggers@kernel.org> References: <20190805162521.90882-1-ebiggers@kernel.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20190805162521.90882-1-ebiggers@kernel.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net To: linux-fscrypt@vger.kernel.org Cc: Satya Tangirala , Theodore Ts'o , linux-api@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, keyrings@vger.kernel.org, linux-mtd@lists.infradead.org, linux-crypto@vger.kernel.org, linux-fsdevel@vger.kernel.org, Jaegeuk Kim , linux-ext4@vger.kernel.org, Paul Crowley List-Id: linux-api@vger.kernel.org From: Eric Biggers Add a root-only variant of the FS_IOC_REMOVE_ENCRYPTION_KEY ioctl which removes all users' claims of the key, not just the current user's claim. I.e., it always removes the key itself, no matter how many users have added it. This is useful for forcing a directory to be locked, without having to figure out which user ID(s) the key was added under. This is planned to be used by a command like 'sudo fscrypt lock DIR --all-users' in the fscrypt userspace tool (http://github.com/google/fscrypt). Signed-off-by: Eric Biggers --- fs/crypto/keyring.c | 29 ++++++++++++++++++++++++----- include/linux/fscrypt.h | 8 ++++++++ include/uapi/linux/fscrypt.h | 1 + 3 files changed, 33 insertions(+), 5 deletions(-) diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c index 2f47464f8cf603..86bfcc02b31fcf 100644 --- a/fs/crypto/keyring.c +++ b/fs/crypto/keyring.c @@ -11,6 +11,7 @@ * * - FS_IOC_ADD_ENCRYPTION_KEY * - FS_IOC_REMOVE_ENCRYPTION_KEY + * - FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS * - FS_IOC_GET_ENCRYPTION_KEY_STATUS * * See the "User API" section of Documentation/filesystems/fscrypt.rst for more @@ -699,8 +700,10 @@ static int try_to_lock_encrypted_files(struct super_block *sb, /* * Try to remove an fscrypt master encryption key. * - * This removes the current user's claim to the key, then removes the key itself - * if no other users have claims. + * FS_IOC_REMOVE_ENCRYPTION_KEY (all_users=false) removes the current user's + * claim to the key, then removes the key itself if no other users have claims. + * FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS (all_users=true) always removes the + * key itself. * * To "remove the key itself", first we wipe the actual master key secret, so * that no more inodes can be unlocked with it. Then we try to evict all cached @@ -715,7 +718,7 @@ static int try_to_lock_encrypted_files(struct super_block *sb, * For more details, see the "Removing keys" section of * Documentation/filesystems/fscrypt.rst. */ -int fscrypt_ioctl_remove_key(struct file *filp, void __user *_uarg) +static int do_remove_key(struct file *filp, void __user *_uarg, bool all_users) { struct super_block *sb = file_inode(filp)->i_sb; struct fscrypt_remove_key_arg __user *uarg = _uarg; @@ -751,9 +754,12 @@ int fscrypt_ioctl_remove_key(struct file *filp, void __user *_uarg) down_write(&key->sem); - /* If relevant, remove current user's claim to the key */ + /* If relevant, remove current user's (or all users) claim to the key */ if (mk->mk_users && mk->mk_users->keys.nr_leaves_on_tree != 0) { - err = remove_master_key_user(mk); + if (all_users) + err = keyring_clear(mk->mk_users); + else + err = remove_master_key_user(mk); if (err) { up_write(&key->sem); goto out_put_key; @@ -806,8 +812,21 @@ int fscrypt_ioctl_remove_key(struct file *filp, void __user *_uarg) err = put_user(status_flags, &uarg->removal_status_flags); return err; } + +int fscrypt_ioctl_remove_key(struct file *filp, void __user *uarg) +{ + return do_remove_key(filp, uarg, false); +} EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key); +int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *uarg) +{ + if (!capable(CAP_SYS_ADMIN)) + return -EACCES; + return do_remove_key(filp, uarg, true); +} +EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key_all_users); + /* * Retrieve the status of an fscrypt master encryption key. * diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 8b8ff048404297..f622f7460ed8c6 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -143,6 +143,8 @@ extern int fscrypt_inherit_context(struct inode *, struct inode *, extern void fscrypt_sb_free(struct super_block *sb); extern int fscrypt_ioctl_add_key(struct file *filp, void __user *arg); extern int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg); +extern int fscrypt_ioctl_remove_key_all_users(struct file *filp, + void __user *arg); extern int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg); /* keysetup.c */ @@ -396,6 +398,12 @@ static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg) return -EOPNOTSUPP; } +static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp, + void __user *arg) +{ + return -EOPNOTSUPP; +} + static inline int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg) { diff --git a/include/uapi/linux/fscrypt.h b/include/uapi/linux/fscrypt.h index b9fb775e3db8e4..39ccfe9311c387 100644 --- a/include/uapi/linux/fscrypt.h +++ b/include/uapi/linux/fscrypt.h @@ -148,6 +148,7 @@ struct fscrypt_get_key_status_arg { #define FS_IOC_GET_ENCRYPTION_POLICY_EX _IOWR('f', 22, __u8[9]) /* size + version */ #define FS_IOC_ADD_ENCRYPTION_KEY _IOWR('f', 23, struct fscrypt_add_key_arg) #define FS_IOC_REMOVE_ENCRYPTION_KEY _IOWR('f', 24, struct fscrypt_remove_key_arg) +#define FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS _IOWR('f', 25, struct fscrypt_remove_key_arg) #define FS_IOC_GET_ENCRYPTION_KEY_STATUS _IOWR('f', 26, struct fscrypt_get_key_status_arg) /**********************************************************************/ -- 2.22.0.770.g0f2c4a37fd-goog From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 98764C433FF for ; Mon, 5 Aug 2019 16:28:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 6A15F2086D for ; Mon, 5 Aug 2019 16:28:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1565022536; bh=VjAaNT/bB/mmrNPRrRj2ZZRW/GYtz3hszPigcawoqzI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=xzq0pvGau+yRLlLCjGYwRtOF/rDVvqvNBRkfKGM8hn7mxk+wYvZSulnl0mzNexl7i k2E4VzB7qU/GvEbjaJgm1loyDJ60YQEKuaft7JloGpN0udzBX7tqBs4y6yqaHeNGED QIqCVsbkAOa4xCHSIFHT/cUmLBESbX8orLXt0ad0= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729985AbfHEQ2j (ORCPT ); Mon, 5 Aug 2019 12:28:39 -0400 Received: from mail.kernel.org ([198.145.29.99]:60458 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729957AbfHEQ2i (ORCPT ); Mon, 5 Aug 2019 12:28:38 -0400 Received: from ebiggers-linuxstation.mtv.corp.google.com (unknown [104.132.1.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8ABEF21882; Mon, 5 Aug 2019 16:28:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1565022517; bh=VjAaNT/bB/mmrNPRrRj2ZZRW/GYtz3hszPigcawoqzI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Z/Z2qEREoFm/mmXKw0i8w5vAqkR/mAb7ptX3C3G4hUGzHmRT1I+2nh4hBecUKx7qP qBhsWoKbVZ1N1GU379pIrI8rEbMfoI9deXoMQu2LigEP21H3iI02xzcwQUzPrjanzh kdeLKNiBRCc55d1D1wuKOC8WZUtDl/AbFtSL7UFA= From: Eric Biggers To: linux-fscrypt@vger.kernel.org Cc: linux-ext4@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org, linux-crypto@vger.kernel.org, keyrings@vger.kernel.org, linux-api@vger.kernel.org, Satya Tangirala , Paul Crowley , Theodore Ts'o , Jaegeuk Kim Subject: [PATCH v8 15/20] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS ioctl Date: Mon, 5 Aug 2019 09:25:16 -0700 Message-Id: <20190805162521.90882-16-ebiggers@kernel.org> X-Mailer: git-send-email 2.22.0.770.g0f2c4a37fd-goog In-Reply-To: <20190805162521.90882-1-ebiggers@kernel.org> References: <20190805162521.90882-1-ebiggers@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org From: Eric Biggers Add a root-only variant of the FS_IOC_REMOVE_ENCRYPTION_KEY ioctl which removes all users' claims of the key, not just the current user's claim. I.e., it always removes the key itself, no matter how many users have added it. This is useful for forcing a directory to be locked, without having to figure out which user ID(s) the key was added under. This is planned to be used by a command like 'sudo fscrypt lock DIR --all-users' in the fscrypt userspace tool (http://github.com/google/fscrypt). Signed-off-by: Eric Biggers --- fs/crypto/keyring.c | 29 ++++++++++++++++++++++++----- include/linux/fscrypt.h | 8 ++++++++ include/uapi/linux/fscrypt.h | 1 + 3 files changed, 33 insertions(+), 5 deletions(-) diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c index 2f47464f8cf603..86bfcc02b31fcf 100644 --- a/fs/crypto/keyring.c +++ b/fs/crypto/keyring.c @@ -11,6 +11,7 @@ * * - FS_IOC_ADD_ENCRYPTION_KEY * - FS_IOC_REMOVE_ENCRYPTION_KEY + * - FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS * - FS_IOC_GET_ENCRYPTION_KEY_STATUS * * See the "User API" section of Documentation/filesystems/fscrypt.rst for more @@ -699,8 +700,10 @@ static int try_to_lock_encrypted_files(struct super_block *sb, /* * Try to remove an fscrypt master encryption key. * - * This removes the current user's claim to the key, then removes the key itself - * if no other users have claims. + * FS_IOC_REMOVE_ENCRYPTION_KEY (all_users=false) removes the current user's + * claim to the key, then removes the key itself if no other users have claims. + * FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS (all_users=true) always removes the + * key itself. * * To "remove the key itself", first we wipe the actual master key secret, so * that no more inodes can be unlocked with it. Then we try to evict all cached @@ -715,7 +718,7 @@ static int try_to_lock_encrypted_files(struct super_block *sb, * For more details, see the "Removing keys" section of * Documentation/filesystems/fscrypt.rst. */ -int fscrypt_ioctl_remove_key(struct file *filp, void __user *_uarg) +static int do_remove_key(struct file *filp, void __user *_uarg, bool all_users) { struct super_block *sb = file_inode(filp)->i_sb; struct fscrypt_remove_key_arg __user *uarg = _uarg; @@ -751,9 +754,12 @@ int fscrypt_ioctl_remove_key(struct file *filp, void __user *_uarg) down_write(&key->sem); - /* If relevant, remove current user's claim to the key */ + /* If relevant, remove current user's (or all users) claim to the key */ if (mk->mk_users && mk->mk_users->keys.nr_leaves_on_tree != 0) { - err = remove_master_key_user(mk); + if (all_users) + err = keyring_clear(mk->mk_users); + else + err = remove_master_key_user(mk); if (err) { up_write(&key->sem); goto out_put_key; @@ -806,8 +812,21 @@ int fscrypt_ioctl_remove_key(struct file *filp, void __user *_uarg) err = put_user(status_flags, &uarg->removal_status_flags); return err; } + +int fscrypt_ioctl_remove_key(struct file *filp, void __user *uarg) +{ + return do_remove_key(filp, uarg, false); +} EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key); +int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *uarg) +{ + if (!capable(CAP_SYS_ADMIN)) + return -EACCES; + return do_remove_key(filp, uarg, true); +} +EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key_all_users); + /* * Retrieve the status of an fscrypt master encryption key. * diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 8b8ff048404297..f622f7460ed8c6 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -143,6 +143,8 @@ extern int fscrypt_inherit_context(struct inode *, struct inode *, extern void fscrypt_sb_free(struct super_block *sb); extern int fscrypt_ioctl_add_key(struct file *filp, void __user *arg); extern int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg); +extern int fscrypt_ioctl_remove_key_all_users(struct file *filp, + void __user *arg); extern int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg); /* keysetup.c */ @@ -396,6 +398,12 @@ static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg) return -EOPNOTSUPP; } +static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp, + void __user *arg) +{ + return -EOPNOTSUPP; +} + static inline int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg) { diff --git a/include/uapi/linux/fscrypt.h b/include/uapi/linux/fscrypt.h index b9fb775e3db8e4..39ccfe9311c387 100644 --- a/include/uapi/linux/fscrypt.h +++ b/include/uapi/linux/fscrypt.h @@ -148,6 +148,7 @@ struct fscrypt_get_key_status_arg { #define FS_IOC_GET_ENCRYPTION_POLICY_EX _IOWR('f', 22, __u8[9]) /* size + version */ #define FS_IOC_ADD_ENCRYPTION_KEY _IOWR('f', 23, struct fscrypt_add_key_arg) #define FS_IOC_REMOVE_ENCRYPTION_KEY _IOWR('f', 24, struct fscrypt_remove_key_arg) +#define FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS _IOWR('f', 25, struct fscrypt_remove_key_arg) #define FS_IOC_GET_ENCRYPTION_KEY_STATUS _IOWR('f', 26, struct fscrypt_get_key_status_arg) /**********************************************************************/ -- 2.22.0.770.g0f2c4a37fd-goog From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.8 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, INCLUDES_PATCH,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8A8D3C32751 for ; Mon, 5 Aug 2019 16:29:00 +0000 (UTC) Received: from lists.sourceforge.net (lists.sourceforge.net [216.105.38.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5EDC42173B; Mon, 5 Aug 2019 16:29:00 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=sourceforge.net header.i=@sourceforge.net header.b="ZwTOOgvQ"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=sf.net header.i=@sf.net header.b="lqT/R1Sg"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="Z/Z2qERE" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5EDC42173B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-f2fs-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1hufr2-0004ik-3N; Mon, 05 Aug 2019 16:29:00 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1hufqv-0004ga-Im for linux-f2fs-devel@lists.sourceforge.net; Mon, 05 Aug 2019 16:28:53 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=C7aA00JtGnttKKrxNjSl1CRvQB6AK7OCIyIlVC7CI38=; b=ZwTOOgvQAMOM6Llg8XYBauv8wn KRQJ1sBeNgUjUIJ3TTZ7THXpPgoHHv8w0PweV6/J49HCWO0Kp0BeB8x4s4dXVszVTRJtQlR5orDBI 6mwWE7RqIEv97PgYch6DyvgMN9zICwYpojOtdvsElS58WR9+o27Zmj8qCRDj1ch7ehGg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=C7aA00JtGnttKKrxNjSl1CRvQB6AK7OCIyIlVC7CI38=; b=lqT/R1SgneAp4xB3b9HakZNa0c HrF1DaJ973uXaebgWHqy4uQzkhMPpP/lUL7SUOqPFt6YVxUTFv8WMuoAuvkkkmG54+aLEXGajEOHo U0kiaGmYldFIRC6KXtk1kgD05K+2IW1wCJgbQtnzlOsC/RntYnsGINC+O9EtvwF7whl4=; Received: from mail.kernel.org ([198.145.29.99]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1hufqs-00BnL4-Vd for linux-f2fs-devel@lists.sourceforge.net; Mon, 05 Aug 2019 16:28:52 +0000 Received: from ebiggers-linuxstation.mtv.corp.google.com (unknown [104.132.1.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8ABEF21882; Mon, 5 Aug 2019 16:28:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1565022517; bh=VjAaNT/bB/mmrNPRrRj2ZZRW/GYtz3hszPigcawoqzI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Z/Z2qEREoFm/mmXKw0i8w5vAqkR/mAb7ptX3C3G4hUGzHmRT1I+2nh4hBecUKx7qP qBhsWoKbVZ1N1GU379pIrI8rEbMfoI9deXoMQu2LigEP21H3iI02xzcwQUzPrjanzh kdeLKNiBRCc55d1D1wuKOC8WZUtDl/AbFtSL7UFA= From: Eric Biggers To: linux-fscrypt@vger.kernel.org Date: Mon, 5 Aug 2019 09:25:16 -0700 Message-Id: <20190805162521.90882-16-ebiggers@kernel.org> X-Mailer: git-send-email 2.22.0.770.g0f2c4a37fd-goog In-Reply-To: <20190805162521.90882-1-ebiggers@kernel.org> References: <20190805162521.90882-1-ebiggers@kernel.org> MIME-Version: 1.0 X-Headers-End: 1hufqs-00BnL4-Vd Subject: [f2fs-dev] [PATCH v8 15/20] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS ioctl X-BeenThere: linux-f2fs-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Satya Tangirala , Theodore Ts'o , linux-api@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, keyrings@vger.kernel.org, linux-mtd@lists.infradead.org, linux-crypto@vger.kernel.org, linux-fsdevel@vger.kernel.org, Jaegeuk Kim , linux-ext4@vger.kernel.org, Paul Crowley Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net From: Eric Biggers Add a root-only variant of the FS_IOC_REMOVE_ENCRYPTION_KEY ioctl which removes all users' claims of the key, not just the current user's claim. I.e., it always removes the key itself, no matter how many users have added it. This is useful for forcing a directory to be locked, without having to figure out which user ID(s) the key was added under. This is planned to be used by a command like 'sudo fscrypt lock DIR --all-users' in the fscrypt userspace tool (http://github.com/google/fscrypt). Signed-off-by: Eric Biggers --- fs/crypto/keyring.c | 29 ++++++++++++++++++++++++----- include/linux/fscrypt.h | 8 ++++++++ include/uapi/linux/fscrypt.h | 1 + 3 files changed, 33 insertions(+), 5 deletions(-) diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c index 2f47464f8cf603..86bfcc02b31fcf 100644 --- a/fs/crypto/keyring.c +++ b/fs/crypto/keyring.c @@ -11,6 +11,7 @@ * * - FS_IOC_ADD_ENCRYPTION_KEY * - FS_IOC_REMOVE_ENCRYPTION_KEY + * - FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS * - FS_IOC_GET_ENCRYPTION_KEY_STATUS * * See the "User API" section of Documentation/filesystems/fscrypt.rst for more @@ -699,8 +700,10 @@ static int try_to_lock_encrypted_files(struct super_block *sb, /* * Try to remove an fscrypt master encryption key. * - * This removes the current user's claim to the key, then removes the key itself - * if no other users have claims. + * FS_IOC_REMOVE_ENCRYPTION_KEY (all_users=false) removes the current user's + * claim to the key, then removes the key itself if no other users have claims. + * FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS (all_users=true) always removes the + * key itself. * * To "remove the key itself", first we wipe the actual master key secret, so * that no more inodes can be unlocked with it. Then we try to evict all cached @@ -715,7 +718,7 @@ static int try_to_lock_encrypted_files(struct super_block *sb, * For more details, see the "Removing keys" section of * Documentation/filesystems/fscrypt.rst. */ -int fscrypt_ioctl_remove_key(struct file *filp, void __user *_uarg) +static int do_remove_key(struct file *filp, void __user *_uarg, bool all_users) { struct super_block *sb = file_inode(filp)->i_sb; struct fscrypt_remove_key_arg __user *uarg = _uarg; @@ -751,9 +754,12 @@ int fscrypt_ioctl_remove_key(struct file *filp, void __user *_uarg) down_write(&key->sem); - /* If relevant, remove current user's claim to the key */ + /* If relevant, remove current user's (or all users) claim to the key */ if (mk->mk_users && mk->mk_users->keys.nr_leaves_on_tree != 0) { - err = remove_master_key_user(mk); + if (all_users) + err = keyring_clear(mk->mk_users); + else + err = remove_master_key_user(mk); if (err) { up_write(&key->sem); goto out_put_key; @@ -806,8 +812,21 @@ int fscrypt_ioctl_remove_key(struct file *filp, void __user *_uarg) err = put_user(status_flags, &uarg->removal_status_flags); return err; } + +int fscrypt_ioctl_remove_key(struct file *filp, void __user *uarg) +{ + return do_remove_key(filp, uarg, false); +} EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key); +int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *uarg) +{ + if (!capable(CAP_SYS_ADMIN)) + return -EACCES; + return do_remove_key(filp, uarg, true); +} +EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key_all_users); + /* * Retrieve the status of an fscrypt master encryption key. * diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 8b8ff048404297..f622f7460ed8c6 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -143,6 +143,8 @@ extern int fscrypt_inherit_context(struct inode *, struct inode *, extern void fscrypt_sb_free(struct super_block *sb); extern int fscrypt_ioctl_add_key(struct file *filp, void __user *arg); extern int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg); +extern int fscrypt_ioctl_remove_key_all_users(struct file *filp, + void __user *arg); extern int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg); /* keysetup.c */ @@ -396,6 +398,12 @@ static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg) return -EOPNOTSUPP; } +static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp, + void __user *arg) +{ + return -EOPNOTSUPP; +} + static inline int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg) { diff --git a/include/uapi/linux/fscrypt.h b/include/uapi/linux/fscrypt.h index b9fb775e3db8e4..39ccfe9311c387 100644 --- a/include/uapi/linux/fscrypt.h +++ b/include/uapi/linux/fscrypt.h @@ -148,6 +148,7 @@ struct fscrypt_get_key_status_arg { #define FS_IOC_GET_ENCRYPTION_POLICY_EX _IOWR('f', 22, __u8[9]) /* size + version */ #define FS_IOC_ADD_ENCRYPTION_KEY _IOWR('f', 23, struct fscrypt_add_key_arg) #define FS_IOC_REMOVE_ENCRYPTION_KEY _IOWR('f', 24, struct fscrypt_remove_key_arg) +#define FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS _IOWR('f', 25, struct fscrypt_remove_key_arg) #define FS_IOC_GET_ENCRYPTION_KEY_STATUS _IOWR('f', 26, struct fscrypt_get_key_status_arg) /**********************************************************************/ -- 2.22.0.770.g0f2c4a37fd-goog _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,INCLUDES_PATCH,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5BFD6C433FF for ; Mon, 5 Aug 2019 16:34:27 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 27F8D2086D for ; Mon, 5 Aug 2019 16:34:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Pf4+xkfx"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="Z/Z2qERE" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 27F8D2086D Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-mtd-bounces+linux-mtd=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=o2KP4Xmw/VQCjAD+6DEqRAzuCJb85nBmb71vGTB52us=; b=Pf4+xkfxq24SzN dKvUCHI70BlTE2g9jgEYeY3EZzg/bs34fpHWB6LbuZVdVLAvOkLeyG1W4IGb7uBERJz+QCkuQ33um mwlxQy4ww7EwqFXxu3taYwz8QICsG5cMC7EysXnAE+2lrSlxuvDSgb3tlp5lBw0qJ9f7wWKgnrMLK nuRoQgUWTa5idUP2UY9Y+4aMUeCEVMvr2Msyhf11OIYe5lSoUej/41Ix+Ow0yuLVojZpu8oMd26hE ++HOPUkZpQGZxTP/5j4bn8gHUXljNDHvuwNZcyXnkM+smCaogz7GTI1Y7gj1wJEju3KI625Xn8OkA 92QPCZk4lPeAmUfa9koA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hufw5-00057o-O5; Mon, 05 Aug 2019 16:34:13 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1hufql-0008UP-11 for linux-mtd@lists.infradead.org; Mon, 05 Aug 2019 16:28:49 +0000 Received: from ebiggers-linuxstation.mtv.corp.google.com (unknown [104.132.1.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8ABEF21882; Mon, 5 Aug 2019 16:28:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1565022517; bh=VjAaNT/bB/mmrNPRrRj2ZZRW/GYtz3hszPigcawoqzI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Z/Z2qEREoFm/mmXKw0i8w5vAqkR/mAb7ptX3C3G4hUGzHmRT1I+2nh4hBecUKx7qP qBhsWoKbVZ1N1GU379pIrI8rEbMfoI9deXoMQu2LigEP21H3iI02xzcwQUzPrjanzh kdeLKNiBRCc55d1D1wuKOC8WZUtDl/AbFtSL7UFA= From: Eric Biggers To: linux-fscrypt@vger.kernel.org Subject: [PATCH v8 15/20] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS ioctl Date: Mon, 5 Aug 2019 09:25:16 -0700 Message-Id: <20190805162521.90882-16-ebiggers@kernel.org> X-Mailer: git-send-email 2.22.0.770.g0f2c4a37fd-goog In-Reply-To: <20190805162521.90882-1-ebiggers@kernel.org> References: <20190805162521.90882-1-ebiggers@kernel.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190805_092843_675175_8350B50F X-CRM114-Status: GOOD ( 19.16 ) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Satya Tangirala , Theodore Ts'o , linux-api@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net, keyrings@vger.kernel.org, linux-mtd@lists.infradead.org, linux-crypto@vger.kernel.org, linux-fsdevel@vger.kernel.org, Jaegeuk Kim , linux-ext4@vger.kernel.org, Paul Crowley Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-mtd" Errors-To: linux-mtd-bounces+linux-mtd=archiver.kernel.org@lists.infradead.org From: Eric Biggers Add a root-only variant of the FS_IOC_REMOVE_ENCRYPTION_KEY ioctl which removes all users' claims of the key, not just the current user's claim. I.e., it always removes the key itself, no matter how many users have added it. This is useful for forcing a directory to be locked, without having to figure out which user ID(s) the key was added under. This is planned to be used by a command like 'sudo fscrypt lock DIR --all-users' in the fscrypt userspace tool (http://github.com/google/fscrypt). Signed-off-by: Eric Biggers --- fs/crypto/keyring.c | 29 ++++++++++++++++++++++++----- include/linux/fscrypt.h | 8 ++++++++ include/uapi/linux/fscrypt.h | 1 + 3 files changed, 33 insertions(+), 5 deletions(-) diff --git a/fs/crypto/keyring.c b/fs/crypto/keyring.c index 2f47464f8cf603..86bfcc02b31fcf 100644 --- a/fs/crypto/keyring.c +++ b/fs/crypto/keyring.c @@ -11,6 +11,7 @@ * * - FS_IOC_ADD_ENCRYPTION_KEY * - FS_IOC_REMOVE_ENCRYPTION_KEY + * - FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS * - FS_IOC_GET_ENCRYPTION_KEY_STATUS * * See the "User API" section of Documentation/filesystems/fscrypt.rst for more @@ -699,8 +700,10 @@ static int try_to_lock_encrypted_files(struct super_block *sb, /* * Try to remove an fscrypt master encryption key. * - * This removes the current user's claim to the key, then removes the key itself - * if no other users have claims. + * FS_IOC_REMOVE_ENCRYPTION_KEY (all_users=false) removes the current user's + * claim to the key, then removes the key itself if no other users have claims. + * FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS (all_users=true) always removes the + * key itself. * * To "remove the key itself", first we wipe the actual master key secret, so * that no more inodes can be unlocked with it. Then we try to evict all cached @@ -715,7 +718,7 @@ static int try_to_lock_encrypted_files(struct super_block *sb, * For more details, see the "Removing keys" section of * Documentation/filesystems/fscrypt.rst. */ -int fscrypt_ioctl_remove_key(struct file *filp, void __user *_uarg) +static int do_remove_key(struct file *filp, void __user *_uarg, bool all_users) { struct super_block *sb = file_inode(filp)->i_sb; struct fscrypt_remove_key_arg __user *uarg = _uarg; @@ -751,9 +754,12 @@ int fscrypt_ioctl_remove_key(struct file *filp, void __user *_uarg) down_write(&key->sem); - /* If relevant, remove current user's claim to the key */ + /* If relevant, remove current user's (or all users) claim to the key */ if (mk->mk_users && mk->mk_users->keys.nr_leaves_on_tree != 0) { - err = remove_master_key_user(mk); + if (all_users) + err = keyring_clear(mk->mk_users); + else + err = remove_master_key_user(mk); if (err) { up_write(&key->sem); goto out_put_key; @@ -806,8 +812,21 @@ int fscrypt_ioctl_remove_key(struct file *filp, void __user *_uarg) err = put_user(status_flags, &uarg->removal_status_flags); return err; } + +int fscrypt_ioctl_remove_key(struct file *filp, void __user *uarg) +{ + return do_remove_key(filp, uarg, false); +} EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key); +int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *uarg) +{ + if (!capable(CAP_SYS_ADMIN)) + return -EACCES; + return do_remove_key(filp, uarg, true); +} +EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key_all_users); + /* * Retrieve the status of an fscrypt master encryption key. * diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h index 8b8ff048404297..f622f7460ed8c6 100644 --- a/include/linux/fscrypt.h +++ b/include/linux/fscrypt.h @@ -143,6 +143,8 @@ extern int fscrypt_inherit_context(struct inode *, struct inode *, extern void fscrypt_sb_free(struct super_block *sb); extern int fscrypt_ioctl_add_key(struct file *filp, void __user *arg); extern int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg); +extern int fscrypt_ioctl_remove_key_all_users(struct file *filp, + void __user *arg); extern int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg); /* keysetup.c */ @@ -396,6 +398,12 @@ static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg) return -EOPNOTSUPP; } +static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp, + void __user *arg) +{ + return -EOPNOTSUPP; +} + static inline int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg) { diff --git a/include/uapi/linux/fscrypt.h b/include/uapi/linux/fscrypt.h index b9fb775e3db8e4..39ccfe9311c387 100644 --- a/include/uapi/linux/fscrypt.h +++ b/include/uapi/linux/fscrypt.h @@ -148,6 +148,7 @@ struct fscrypt_get_key_status_arg { #define FS_IOC_GET_ENCRYPTION_POLICY_EX _IOWR('f', 22, __u8[9]) /* size + version */ #define FS_IOC_ADD_ENCRYPTION_KEY _IOWR('f', 23, struct fscrypt_add_key_arg) #define FS_IOC_REMOVE_ENCRYPTION_KEY _IOWR('f', 24, struct fscrypt_remove_key_arg) +#define FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS _IOWR('f', 25, struct fscrypt_remove_key_arg) #define FS_IOC_GET_ENCRYPTION_KEY_STATUS _IOWR('f', 26, struct fscrypt_get_key_status_arg) /**********************************************************************/ -- 2.22.0.770.g0f2c4a37fd-goog ______________________________________________________ Linux MTD discussion mailing list http://lists.infradead.org/mailman/listinfo/linux-mtd/