fscrypt: add FS_IOC_GET_ENCRYPTION_KEY_STATUS ioctl

 *

 * - FS_IOC_ADD_ENCRYPTION_KEY

 * - FS_IOC_REMOVE_ENCRYPTION_KEY

 * - FS_IOC_GET_ENCRYPTION_KEY_STATUS

 *

 * See the "User API" section of Documentation/filesystems/fscrypt.rst for more

 * information about these ioctls.

}

EXPORT_SYMBOL_GPL(fscrypt_ioctl_remove_key);

/*

 * Retrieve the status of an fscrypt master encryption key.

 *

 * We set ->status to indicate whether the key is absent, present, or

 * incompletely removed.  "Incompletely removed" means that the master key

 * secret has been removed, but some files which had been unlocked with it are

 * still in use.  This field allows applications to easily determine the state

 * of an encrypted directory without using a hack such as trying to open a

 * regular file in it (which can confuse the "incompletely removed" state with

 * absent or present).

 *

 * For more details, see the "FS_IOC_GET_ENCRYPTION_KEY_STATUS" section of

 * Documentation/filesystems/fscrypt.rst.

 */

int fscrypt_ioctl_get_key_status(struct file *filp, void __user *uarg)

{

	struct super_block *sb = file_inode(filp)->i_sb;

	struct fscrypt_get_key_status_arg arg;

	struct key *key;

	struct fscrypt_master_key *mk;

	int err;

	if (copy_from_user(&arg, uarg, sizeof(arg)))

		return -EFAULT;

	if (!valid_key_spec(&arg.key_spec))

		return -EINVAL;

	if (memchr_inv(arg.__reserved, 0, sizeof(arg.__reserved)))

		return -EINVAL;

	memset(arg.__out_reserved, 0, sizeof(arg.__out_reserved));

	key = fscrypt_find_master_key(sb, &arg.key_spec);

	if (IS_ERR(key)) {

		if (key != ERR_PTR(-ENOKEY))

			return PTR_ERR(key);

		arg.status = FSCRYPT_KEY_STATUS_ABSENT;

		err = 0;

		goto out;

	}

	mk = key->payload.data[0];

	down_read(&key->sem);

	if (!is_master_key_secret_present(&mk->mk_secret)) {

		arg.status = FSCRYPT_KEY_STATUS_INCOMPLETELY_REMOVED;

		err = 0;

		goto out_release_key;

	}

	arg.status = FSCRYPT_KEY_STATUS_PRESENT;

	err = 0;

out_release_key:

	up_read(&key->sem);

	key_put(key);

out:

	if (!err && copy_to_user(uarg, &arg, sizeof(arg)))

		err = -EFAULT;

	return err;

}

EXPORT_SYMBOL_GPL(fscrypt_ioctl_get_key_status);

int __init fscrypt_init_keyring(void)

{

	return register_key_type(&key_type_fscrypt);

extern void fscrypt_sb_free(struct super_block *sb);

extern int fscrypt_ioctl_add_key(struct file *filp, void __user *arg);

extern int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg);

extern int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg);

/* keysetup.c */

extern int fscrypt_get_encryption_info(struct inode *);

	return -EOPNOTSUPP;

}

static inline int fscrypt_ioctl_get_key_status(struct file *filp,

					       void __user *arg)

{

	return -EOPNOTSUPP;

}

/* keysetup.c */

static inline int fscrypt_get_encryption_info(struct inode *inode)

{

	__u32 __reserved[5];

};

/* Struct passed to FS_IOC_GET_ENCRYPTION_KEY_STATUS */

struct fscrypt_get_key_status_arg {

	/* input */

	struct fscrypt_key_specifier key_spec;

	__u32 __reserved[6];

	/* output */

#define FSCRYPT_KEY_STATUS_ABSENT		1

#define FSCRYPT_KEY_STATUS_PRESENT		2

#define FSCRYPT_KEY_STATUS_INCOMPLETELY_REMOVED	3

	__u32 status;

	__u32 __out_reserved[15];

};

#define FS_IOC_SET_ENCRYPTION_POLICY		_IOR('f', 19, struct fscrypt_policy)

#define FS_IOC_GET_ENCRYPTION_PWSALT		_IOW('f', 20, __u8[16])

#define FS_IOC_GET_ENCRYPTION_POLICY		_IOW('f', 21, struct fscrypt_policy)

#define FS_IOC_ADD_ENCRYPTION_KEY		_IOWR('f', 23, struct fscrypt_add_key_arg)

#define FS_IOC_REMOVE_ENCRYPTION_KEY		_IOWR('f', 24, struct fscrypt_remove_key_arg)

#define FS_IOC_GET_ENCRYPTION_KEY_STATUS	_IOWR('f', 26, struct fscrypt_get_key_status_arg)

/**********************************************************************/