From patchwork Mon Oct 23 21:40:38 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Biggers <ebiggers3@gmail.com>
X-Patchwork-Id: 10023247
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	BC44F603D7 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Mon, 23 Oct 2017 21:44:24 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AC6AC20416
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Mon, 23 Oct 2017 21:44:24 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id A1422204FF; Mon, 23 Oct 2017 21:44:24 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.5 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI,
	RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4A35320416
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Mon, 23 Oct 2017 21:44:24 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932381AbdJWVoT (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Mon, 23 Oct 2017 17:44:19 -0400
Received: from mail-io0-f193.google.com ([209.85.223.193]:47155 "EHLO
	mail-io0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751552AbdJWVmR (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Mon, 23 Oct 2017 17:42:17 -0400
Received: by mail-io0-f193.google.com with SMTP id h70so21696165ioi.4;
	Mon, 23 Oct 2017 14:42:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=ZXxOc7bqPylR64/IGbno9751CRE5IjhvJXc3eyHiJr4=;
	b=cImZbeoAXAqKDPzwkRlrnhnpZeSCmY7sRHXfilOoPudPirEzMXQF5wM/z48MAloIbz
	uR/a7KLJNq10czGWuwmHEorwezS62vcqSwUowyqZBXg7/lFllzsS1xYSGMIFmVvs8awn
	cSpIOmiteL9Uf6FSL24ip2hIZQwcAHpuzZdBkO+p5davhu9Wu108A7YvJK5tAlX8QqgC
	vcLqDRODWqGSHUNKx3BzYS7ozFIt1QzmauLQA8ksuvstnxOYRAdNbGFfWs6itKQTbZOc
	z1FeuA42qmvx0YYKmcDep77HfuikYi2M/8UGbDgya2FZX6Jgoqn+SZKU0LAMteiWqAK6
	3vtA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=ZXxOc7bqPylR64/IGbno9751CRE5IjhvJXc3eyHiJr4=;
	b=ozQPNo3M/Hf6gQsWw/fBT71+Yioh98kmhQYwSFn/iQw/Oe3y85+Pbi7DLqHL3AHFbM
	AZu9dUUaGBcbRrT5uT6c9bc7wV1ba1XYjlqEiFZm6nMYjgzWOqciAFOOvEqcYx2hGtFw
	a0Dk+9apYVzmHmxYRpx59CSTPMIgP/ZH/zz/ZRwR6J2BbywEE0dDJ4HFEbhj/jwqZ0PD
	9Og75xePMnKx2vwmzZRPeyrylYsLUfx+Tq5xTPmzX9DI/OtvtNB8KUmDo5xe3FNhGH4l
	WwGu0BiNjvjCfVXA3ugagdT0j2NsaNE9St9T1EHrniCNVxvVKcbyEak7iGETDL9VXKQu
	Spdg==
X-Gm-Message-State: AMCzsaUwpTIUz/38eT+Bw1AK5S7WtHPXBcAdnfF6EVMZC07nfnyfSKXR
	ZwFTgxGSGPnznmp9VW2CDSqbycKA
X-Google-Smtp-Source: 
 ABhQp+TwQzJyNtN5jhj0ZqvqV/Vw+qAuFsdMtc+iLIIC/LN26T6ql8elWydDLgrxUzs95v9InBGKag==
X-Received: by 10.107.137.23 with SMTP id l23mr18083039iod.138.1508794936035;
	Mon, 23 Oct 2017 14:42:16 -0700 (PDT)
Received: from ebiggers-linuxstation.kir.corp.google.com ([100.66.175.88])
	by smtp.gmail.com with ESMTPSA id
	i63sm3558482ioi.68.2017.10.23.14.42.14
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Mon, 23 Oct 2017 14:42:15 -0700 (PDT)
From: Eric Biggers <ebiggers3@gmail.com>
To: linux-fscrypt@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
	linux-f2fs-devel@lists.sourceforge.net,
	linux-mtd@lists.infradead.org, linux-api@vger.kernel.org,
	keyrings@vger.kernel.org, "Theodore Y . Ts'o" <tytso@mit.edu>,
	Jaegeuk Kim <jaegeuk@kernel.org>, Gwendal Grignou <gwendal@chromium.org>,
	Ryo Hashimoto <hashimoto@chromium.org>,
	Sarthak Kukreti <sarthakkukreti@chromium.org>,
	Nick Desaulniers <ndesaulniers@google.com>,
	Michael Halcrow <mhalcrow@google.com>, Eric Biggers <ebiggers@google.com>
Subject: [RFC PATCH 05/25] fs: add ->s_master_keys to struct super_block
Date: Mon, 23 Oct 2017 14:40:38 -0700
Message-Id: <20171023214058.128121-6-ebiggers3@gmail.com>
X-Mailer: git-send-email 2.15.0.rc0.271.g36b669edcc-goog
In-Reply-To: <20171023214058.128121-1-ebiggers3@gmail.com>
References: <20171023214058.128121-1-ebiggers3@gmail.com>
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Eric Biggers <ebiggers@google.com>

Add an ->s_master_keys keyring to 'struct super_block' for holding
encryption keys which have been added to the filesystem.  This keyring
will be populated using a new fscrypt ioctl.

This is needed for several reasons, including:

- To solve the visibility problems of having filesystem encryption keys
  stored in process-subscribed keyrings, while the VFS state of the
  filesystem is actually global.

- To implement a proper API for removing keys, which among other things
  will require maintaining the list of inodes that are using each master
  key so that we can evict the inodes when the key is removed.

- To allow caching a crypto transform for each master key so that we
  don't have to repeatedly allocate one over and over.

See later patches for full details, including why it wouldn't be enough
to add the concept of a "global keyring" to the keyrings API instead.

->s_master_keys will only be allocated when someone tries to add a key
for the first time.  Otherwise it will stay NULL.

Note that this could go in the filesystem-specific superblocks instead.
However, we already have three filesystems using fs/crypto/, so it's
useful to have it in the VFS.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Michael Halcrow <mhalcrow@google.com>
---
 fs/super.c         | 3 +++
 include/linux/fs.h | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/fs/super.c b/fs/super.c
index 166c4ee0d0ed..161a9d05aa9f 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -168,6 +168,9 @@ static void destroy_super(struct super_block *s)
 	WARN_ON(!list_empty(&s->s_mounts));
 	put_user_ns(s->s_user_ns);
 	kfree(s->s_subtype);
+#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
+	key_put(s->s_master_keys);
+#endif
 	call_rcu(&s->rcu, destroy_super_rcu);
 }
 
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 3efd5ded21c9..8cfb0877d32c 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1440,6 +1440,10 @@ struct super_block {
 
 	spinlock_t		s_inode_wblist_lock;
 	struct list_head	s_inodes_wb;	/* writeback inodes */
+
+#if IS_ENABLED(CONFIG_FS_ENCRYPTION)
+	struct key		*s_master_keys; /* master crypto keys in use */
+#endif
 } __randomize_layout;
 
 /* Helper functions so that in most cases filesystems will