56 	struct fscrypt_master_key *mk =  in fscrypt_free_master_key()  local
64 	kfree_sensitive(mk);  in fscrypt_free_master_key()
67 void fscrypt_put_master_key(struct fscrypt_master_key *mk)  in fscrypt_put_master_key()  argument
69 	if (!refcount_dec_and_test(&mk->mk_struct_refs))  in fscrypt_put_master_key()
76 	WARN_ON(refcount_read(&mk->mk_active_refs) != 0);  in fscrypt_put_master_key()
77 	key_put(mk->mk_users);  in fscrypt_put_master_key()
78 	mk->mk_users = NULL;  in fscrypt_put_master_key()
79 	call_rcu(&mk->mk_rcu_head, fscrypt_free_master_key);  in fscrypt_put_master_key()
82 void fscrypt_put_master_key_activeref(struct fscrypt_master_key *mk)  in fscrypt_put_master_key_activeref()  argument
84 	struct super_block *sb = mk->mk_sb;  in fscrypt_put_master_key_activeref()
88 	if (!refcount_dec_and_test(&mk->mk_active_refs))  in fscrypt_put_master_key_activeref()
97 	hlist_del_rcu(&mk->mk_node);  in fscrypt_put_master_key_activeref()
104 	WARN_ON(is_master_key_secret_present(&mk->mk_secret));  in fscrypt_put_master_key_activeref()
105 	WARN_ON(!list_empty(&mk->mk_decrypted_inodes));  in fscrypt_put_master_key_activeref()
108 		fscrypt_destroy_prepared_key(&mk->mk_direct_keys[i]);  in fscrypt_put_master_key_activeref()
109 		fscrypt_destroy_prepared_key(&mk->mk_iv_ino_lblk_64_keys[i]);  in fscrypt_put_master_key_activeref()
110 		fscrypt_destroy_prepared_key(&mk->mk_iv_ino_lblk_32_keys[i]);  in fscrypt_put_master_key_activeref()
112 	memzero_explicit(&mk->mk_ino_hash_key,  in fscrypt_put_master_key_activeref()
113 			 sizeof(mk->mk_ino_hash_key));  in fscrypt_put_master_key_activeref()
114 	mk->mk_ino_hash_key_initialized = false;  in fscrypt_put_master_key_activeref()
117 	fscrypt_put_master_key(mk);  in fscrypt_put_master_key_activeref()
227 		struct fscrypt_master_key *mk;  in fscrypt_destroy_keyring()  local
230 		hlist_for_each_entry_safe(mk, tmp, bucket, mk_node) {  in fscrypt_destroy_keyring()
239 			WARN_ON(refcount_read(&mk->mk_active_refs) != 1);  in fscrypt_destroy_keyring()
240 			WARN_ON(refcount_read(&mk->mk_struct_refs) != 1);  in fscrypt_destroy_keyring()
241 			WARN_ON(!is_master_key_secret_present(&mk->mk_secret));  in fscrypt_destroy_keyring()
242 			wipe_master_key_secret(&mk->mk_secret);  in fscrypt_destroy_keyring()
243 			fscrypt_put_master_key_activeref(mk);  in fscrypt_destroy_keyring()
277 	struct fscrypt_master_key *mk;  in fscrypt_find_master_key()  local
293 		hlist_for_each_entry_rcu(mk, bucket, mk_node) {  in fscrypt_find_master_key()
294 			if (mk->mk_spec.type ==  in fscrypt_find_master_key()
296 			    memcmp(mk->mk_spec.u.descriptor,  in fscrypt_find_master_key()
299 			    refcount_inc_not_zero(&mk->mk_struct_refs))  in fscrypt_find_master_key()
304 		hlist_for_each_entry_rcu(mk, bucket, mk_node) {  in fscrypt_find_master_key()
305 			if (mk->mk_spec.type ==  in fscrypt_find_master_key()
307 			    memcmp(mk->mk_spec.u.identifier,  in fscrypt_find_master_key()
310 			    refcount_inc_not_zero(&mk->mk_struct_refs))  in fscrypt_find_master_key()
315 	mk = NULL;  in fscrypt_find_master_key()
318 	return mk;  in fscrypt_find_master_key()
321 static int allocate_master_key_users_keyring(struct fscrypt_master_key *mk)  in allocate_master_key_users_keyring()  argument
327 					    mk->mk_spec.u.identifier);  in allocate_master_key_users_keyring()
335 	mk->mk_users = keyring;  in allocate_master_key_users_keyring()
343 static struct key *find_master_key_user(struct fscrypt_master_key *mk)  in find_master_key_user()  argument
348 	format_mk_user_description(description, mk->mk_spec.u.identifier);  in find_master_key_user()
354 	keyref = keyring_search(make_key_ref(mk->mk_users, true /*possessed*/),  in find_master_key_user()
371 static int add_master_key_user(struct fscrypt_master_key *mk)  in add_master_key_user()  argument
377 	format_mk_user_description(description, mk->mk_spec.u.identifier);  in add_master_key_user()
384 	err = key_instantiate_and_link(mk_user, NULL, 0, mk->mk_users, NULL);  in add_master_key_user()
395 static int remove_master_key_user(struct fscrypt_master_key *mk)  in remove_master_key_user()  argument
400 	mk_user = find_master_key_user(mk);  in remove_master_key_user()
403 	err = key_unlink(mk->mk_users, mk_user);  in remove_master_key_user()
417 	struct fscrypt_master_key *mk;  in add_new_master_key()  local
420 	mk = kzalloc(sizeof(*mk), GFP_KERNEL);  in add_new_master_key()
421 	if (!mk)  in add_new_master_key()
424 	mk->mk_sb = sb;  in add_new_master_key()
425 	init_rwsem(&mk->mk_sem);  in add_new_master_key()
426 	refcount_set(&mk->mk_struct_refs, 1);  in add_new_master_key()
427 	mk->mk_spec = *mk_spec;  in add_new_master_key()
429 	INIT_LIST_HEAD(&mk->mk_decrypted_inodes);  in add_new_master_key()
430 	spin_lock_init(&mk->mk_decrypted_inodes_lock);  in add_new_master_key()
433 		err = allocate_master_key_users_keyring(mk);  in add_new_master_key()
436 		err = add_master_key_user(mk);  in add_new_master_key()
441 	move_master_key_secret(&mk->mk_secret, secret);  in add_new_master_key()
442 	refcount_set(&mk->mk_active_refs, 1); /* ->mk_secret is present */  in add_new_master_key()
445 	hlist_add_head_rcu(&mk->mk_node,  in add_new_master_key()
451 	fscrypt_put_master_key(mk);  in add_new_master_key()
457 static int add_existing_master_key(struct fscrypt_master_key *mk,  in add_existing_master_key()  argument
467 	if (mk->mk_users) {  in add_existing_master_key()
468 		struct key *mk_user = find_master_key_user(mk);  in add_existing_master_key()
476 		err = add_master_key_user(mk);  in add_existing_master_key()
482 	if (!is_master_key_secret_present(&mk->mk_secret)) {  in add_existing_master_key()
483 		if (!refcount_inc_not_zero(&mk->mk_active_refs))  in add_existing_master_key()
485 		move_master_key_secret(&mk->mk_secret, secret);  in add_existing_master_key()
496 	struct fscrypt_master_key *mk;  in do_add_master_key()  local
501 	mk = fscrypt_find_master_key(sb, mk_spec);  in do_add_master_key()
502 	if (!mk) {  in do_add_master_key()
512 		down_write(&mk->mk_sem);  in do_add_master_key()
513 		err = add_existing_master_key(mk, secret);  in do_add_master_key()
514 		up_write(&mk->mk_sem);  in do_add_master_key()
524 		fscrypt_put_master_key(mk);  in do_add_master_key()
819 	struct fscrypt_master_key *mk;  in fscrypt_verify_key_added()  local
826 	mk = fscrypt_find_master_key(sb, &mk_spec);  in fscrypt_verify_key_added()
827 	if (!mk) {  in fscrypt_verify_key_added()
831 	down_read(&mk->mk_sem);  in fscrypt_verify_key_added()
832 	mk_user = find_master_key_user(mk);  in fscrypt_verify_key_added()
839 	up_read(&mk->mk_sem);  in fscrypt_verify_key_added()
840 	fscrypt_put_master_key(mk);  in fscrypt_verify_key_added()
866 static void evict_dentries_for_decrypted_inodes(struct fscrypt_master_key *mk)  in evict_dentries_for_decrypted_inodes()  argument
872 	spin_lock(&mk->mk_decrypted_inodes_lock);  in evict_dentries_for_decrypted_inodes()
874 	list_for_each_entry(ci, &mk->mk_decrypted_inodes, ci_master_key_link) {  in evict_dentries_for_decrypted_inodes()
883 		spin_unlock(&mk->mk_decrypted_inodes_lock);  in evict_dentries_for_decrypted_inodes()
889 		spin_lock(&mk->mk_decrypted_inodes_lock);  in evict_dentries_for_decrypted_inodes()
892 	spin_unlock(&mk->mk_decrypted_inodes_lock);  in evict_dentries_for_decrypted_inodes()
897 				 struct fscrypt_master_key *mk)  in check_for_busy_inodes()  argument
904 	spin_lock(&mk->mk_decrypted_inodes_lock);  in check_for_busy_inodes()
906 	list_for_each(pos, &mk->mk_decrypted_inodes)  in check_for_busy_inodes()
910 		spin_unlock(&mk->mk_decrypted_inodes_lock);  in check_for_busy_inodes()
917 			list_first_entry(&mk->mk_decrypted_inodes,  in check_for_busy_inodes()
922 	spin_unlock(&mk->mk_decrypted_inodes_lock);  in check_for_busy_inodes()
930 		     sb->s_id, busy_count, master_key_spec_type(&mk->mk_spec),  in check_for_busy_inodes()
931 		     master_key_spec_len(&mk->mk_spec), (u8 *)&mk->mk_spec.u,  in check_for_busy_inodes()
937 				       struct fscrypt_master_key *mk)  in try_to_lock_encrypted_files()  argument
962 	evict_dentries_for_decrypted_inodes(mk);  in try_to_lock_encrypted_files()
971 	err2 = check_for_busy_inodes(sb, mk);  in try_to_lock_encrypted_files()
1002 	struct fscrypt_master_key *mk;  in do_remove_key()  local
1025 	mk = fscrypt_find_master_key(sb, &arg.key_spec);  in do_remove_key()
1026 	if (!mk)  in do_remove_key()
1028 	down_write(&mk->mk_sem);  in do_remove_key()
1031 	if (mk->mk_users && mk->mk_users->keys.nr_leaves_on_tree != 0) {  in do_remove_key()
1033 			err = keyring_clear(mk->mk_users);  in do_remove_key()
1035 			err = remove_master_key_user(mk);  in do_remove_key()
1037 			up_write(&mk->mk_sem);  in do_remove_key()
1040 		if (mk->mk_users->keys.nr_leaves_on_tree != 0) {  in do_remove_key()
1049 			up_write(&mk->mk_sem);  in do_remove_key()
1056 	if (is_master_key_secret_present(&mk->mk_secret)) {  in do_remove_key()
1057 		wipe_master_key_secret(&mk->mk_secret);  in do_remove_key()
1058 		fscrypt_put_master_key_activeref(mk);  in do_remove_key()
1061 	inodes_remain = refcount_read(&mk->mk_active_refs) > 0;  in do_remove_key()
1062 	up_write(&mk->mk_sem);  in do_remove_key()
1066 		err = try_to_lock_encrypted_files(sb, mk);  in do_remove_key()
1080 	fscrypt_put_master_key(mk);  in do_remove_key()
1127 	struct fscrypt_master_key *mk;  in fscrypt_ioctl_get_key_status()  local
1143 	mk = fscrypt_find_master_key(sb, &arg.key_spec);  in fscrypt_ioctl_get_key_status()
1144 	if (!mk) {  in fscrypt_ioctl_get_key_status()
1149 	down_read(&mk->mk_sem);  in fscrypt_ioctl_get_key_status()
1151 	if (!is_master_key_secret_present(&mk->mk_secret)) {  in fscrypt_ioctl_get_key_status()
1152 		arg.status = refcount_read(&mk->mk_active_refs) > 0 ?  in fscrypt_ioctl_get_key_status()
1160 	if (mk->mk_users) {  in fscrypt_ioctl_get_key_status()
1163 		arg.user_count = mk->mk_users->keys.nr_leaves_on_tree;  in fscrypt_ioctl_get_key_status()
1164 		mk_user = find_master_key_user(mk);  in fscrypt_ioctl_get_key_status()
1176 	up_read(&mk->mk_sem);  in fscrypt_ioctl_get_key_status()
1177 	fscrypt_put_master_key(mk);  in fscrypt_ioctl_get_key_status()