1 /** 2 * eCryptfs: Linux filesystem encryption layer 3 * 4 * Copyright (C) 1997-2004 Erez Zadok 5 * Copyright (C) 2001-2004 Stony Brook University 6 * Copyright (C) 2004-2006 International Business Machines Corp. 7 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> 8 * Michael C. Thompsion <mcthomps@us.ibm.com> 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License as 12 * published by the Free Software Foundation; either version 2 of the 13 * License, or (at your option) any later version. 14 * 15 * This program is distributed in the hope that it will be useful, but 16 * WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 * General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program; if not, write to the Free Software 22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 23 * 02111-1307, USA. 24 */ 25 26 #include <linux/file.h> 27 #include <linux/vmalloc.h> 28 #include <linux/pagemap.h> 29 #include <linux/dcache.h> 30 #include <linux/namei.h> 31 #include <linux/mount.h> 32 #include <linux/crypto.h> 33 #include "ecryptfs_kernel.h" 34 35 static struct dentry *lock_parent(struct dentry *dentry) 36 { 37 struct dentry *dir; 38 39 dir = dget(dentry->d_parent); 40 mutex_lock(&(dir->d_inode->i_mutex)); 41 return dir; 42 } 43 44 static void unlock_parent(struct dentry *dentry) 45 { 46 mutex_unlock(&(dentry->d_parent->d_inode->i_mutex)); 47 dput(dentry->d_parent); 48 } 49 50 static void unlock_dir(struct dentry *dir) 51 { 52 mutex_unlock(&dir->d_inode->i_mutex); 53 dput(dir); 54 } 55 56 void ecryptfs_copy_inode_size(struct inode *dst, const struct inode *src) 57 { 58 i_size_write(dst, i_size_read((struct inode *)src)); 59 dst->i_blocks = src->i_blocks; 60 } 61 62 void ecryptfs_copy_attr_atime(struct inode *dest, const struct inode *src) 63 { 64 dest->i_atime = src->i_atime; 65 } 66 67 static void ecryptfs_copy_attr_times(struct inode *dest, 68 const struct inode *src) 69 { 70 dest->i_atime = src->i_atime; 71 dest->i_mtime = src->i_mtime; 72 dest->i_ctime = src->i_ctime; 73 } 74 75 static void ecryptfs_copy_attr_timesizes(struct inode *dest, 76 const struct inode *src) 77 { 78 dest->i_atime = src->i_atime; 79 dest->i_mtime = src->i_mtime; 80 dest->i_ctime = src->i_ctime; 81 ecryptfs_copy_inode_size(dest, src); 82 } 83 84 void ecryptfs_copy_attr_all(struct inode *dest, const struct inode *src) 85 { 86 dest->i_mode = src->i_mode; 87 dest->i_nlink = src->i_nlink; 88 dest->i_uid = src->i_uid; 89 dest->i_gid = src->i_gid; 90 dest->i_rdev = src->i_rdev; 91 dest->i_atime = src->i_atime; 92 dest->i_mtime = src->i_mtime; 93 dest->i_ctime = src->i_ctime; 94 dest->i_blkbits = src->i_blkbits; 95 dest->i_flags = src->i_flags; 96 } 97 98 /** 99 * ecryptfs_create_underlying_file 100 * @lower_dir_inode: inode of the parent in the lower fs of the new file 101 * @lower_dentry: New file's dentry in the lower fs 102 * @ecryptfs_dentry: New file's dentry in ecryptfs 103 * @mode: The mode of the new file 104 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount 105 * 106 * Creates the file in the lower file system. 107 * 108 * Returns zero on success; non-zero on error condition 109 */ 110 static int 111 ecryptfs_create_underlying_file(struct inode *lower_dir_inode, 112 struct dentry *dentry, int mode, 113 struct nameidata *nd) 114 { 115 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry); 116 struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); 117 struct dentry *dentry_save; 118 struct vfsmount *vfsmount_save; 119 int rc; 120 121 dentry_save = nd->dentry; 122 vfsmount_save = nd->mnt; 123 nd->dentry = lower_dentry; 124 nd->mnt = lower_mnt; 125 rc = vfs_create(lower_dir_inode, lower_dentry, mode, nd); 126 nd->dentry = dentry_save; 127 nd->mnt = vfsmount_save; 128 return rc; 129 } 130 131 /** 132 * ecryptfs_do_create 133 * @directory_inode: inode of the new file's dentry's parent in ecryptfs 134 * @ecryptfs_dentry: New file's dentry in ecryptfs 135 * @mode: The mode of the new file 136 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount 137 * 138 * Creates the underlying file and the eCryptfs inode which will link to 139 * it. It will also update the eCryptfs directory inode to mimic the 140 * stat of the lower directory inode. 141 * 142 * Returns zero on success; non-zero on error condition 143 */ 144 static int 145 ecryptfs_do_create(struct inode *directory_inode, 146 struct dentry *ecryptfs_dentry, int mode, 147 struct nameidata *nd) 148 { 149 int rc; 150 struct dentry *lower_dentry; 151 struct dentry *lower_dir_dentry; 152 153 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); 154 lower_dir_dentry = lock_parent(lower_dentry); 155 if (unlikely(IS_ERR(lower_dir_dentry))) { 156 ecryptfs_printk(KERN_ERR, "Error locking directory of " 157 "dentry\n"); 158 rc = PTR_ERR(lower_dir_dentry); 159 goto out; 160 } 161 rc = ecryptfs_create_underlying_file(lower_dir_dentry->d_inode, 162 ecryptfs_dentry, mode, nd); 163 if (unlikely(rc)) { 164 ecryptfs_printk(KERN_ERR, 165 "Failure to create underlying file\n"); 166 goto out_lock; 167 } 168 rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry, 169 directory_inode->i_sb, 0); 170 if (rc) { 171 ecryptfs_printk(KERN_ERR, "Failure in ecryptfs_interpose\n"); 172 goto out_lock; 173 } 174 ecryptfs_copy_attr_timesizes(directory_inode, 175 lower_dir_dentry->d_inode); 176 out_lock: 177 unlock_dir(lower_dir_dentry); 178 out: 179 return rc; 180 } 181 182 /** 183 * grow_file 184 * @ecryptfs_dentry: the ecryptfs dentry 185 * @lower_file: The lower file 186 * @inode: The ecryptfs inode 187 * @lower_inode: The lower inode 188 * 189 * This is the code which will grow the file to its correct size. 190 */ 191 static int grow_file(struct dentry *ecryptfs_dentry, struct file *lower_file, 192 struct inode *inode, struct inode *lower_inode) 193 { 194 int rc = 0; 195 struct file fake_file; 196 struct ecryptfs_file_info tmp_file_info; 197 198 memset(&fake_file, 0, sizeof(fake_file)); 199 fake_file.f_dentry = ecryptfs_dentry; 200 memset(&tmp_file_info, 0, sizeof(tmp_file_info)); 201 ecryptfs_set_file_private(&fake_file, &tmp_file_info); 202 ecryptfs_set_file_lower(&fake_file, lower_file); 203 rc = ecryptfs_fill_zeros(&fake_file, 1); 204 if (rc) { 205 ECRYPTFS_SET_FLAG( 206 ecryptfs_inode_to_private(inode)->crypt_stat.flags, 207 ECRYPTFS_SECURITY_WARNING); 208 ecryptfs_printk(KERN_WARNING, "Error attempting to fill zeros " 209 "in file; rc = [%d]\n", rc); 210 goto out; 211 } 212 i_size_write(inode, 0); 213 ecryptfs_write_inode_size_to_header(lower_file, lower_inode, inode); 214 ECRYPTFS_SET_FLAG(ecryptfs_inode_to_private(inode)->crypt_stat.flags, 215 ECRYPTFS_NEW_FILE); 216 out: 217 return rc; 218 } 219 220 /** 221 * ecryptfs_initialize_file 222 * 223 * Cause the file to be changed from a basic empty file to an ecryptfs 224 * file with a header and first data page. 225 * 226 * Returns zero on success 227 */ 228 static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry) 229 { 230 int rc = 0; 231 int lower_flags; 232 struct ecryptfs_crypt_stat *crypt_stat; 233 struct dentry *lower_dentry; 234 struct dentry *tlower_dentry = NULL; 235 struct file *lower_file; 236 struct inode *inode, *lower_inode; 237 struct vfsmount *lower_mnt; 238 239 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); 240 ecryptfs_printk(KERN_DEBUG, "lower_dentry->d_name.name = [%s]\n", 241 lower_dentry->d_name.name); 242 inode = ecryptfs_dentry->d_inode; 243 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; 244 tlower_dentry = dget(lower_dentry); 245 if (!tlower_dentry) { 246 rc = -ENOMEM; 247 ecryptfs_printk(KERN_ERR, "Error dget'ing lower_dentry\n"); 248 goto out; 249 } 250 lower_flags = ((O_CREAT | O_WRONLY | O_TRUNC) & O_ACCMODE) | O_RDWR; 251 #if BITS_PER_LONG != 32 252 lower_flags |= O_LARGEFILE; 253 #endif 254 lower_mnt = ecryptfs_dentry_to_lower_mnt(ecryptfs_dentry); 255 mntget(lower_mnt); 256 /* Corresponding fput() at end of this function */ 257 lower_file = dentry_open(tlower_dentry, lower_mnt, lower_flags); 258 if (IS_ERR(lower_file)) { 259 rc = PTR_ERR(lower_file); 260 ecryptfs_printk(KERN_ERR, 261 "Error opening dentry; rc = [%i]\n", rc); 262 goto out; 263 } 264 /* fput(lower_file) should handle the puts if we do this */ 265 lower_file->f_dentry = tlower_dentry; 266 lower_file->f_vfsmnt = lower_mnt; 267 lower_inode = tlower_dentry->d_inode; 268 if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) { 269 ecryptfs_printk(KERN_DEBUG, "This is a directory\n"); 270 ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED); 271 goto out_fput; 272 } 273 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE); 274 ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n"); 275 rc = ecryptfs_new_file_context(ecryptfs_dentry); 276 if (rc) { 277 ecryptfs_printk(KERN_DEBUG, "Error creating new file " 278 "context\n"); 279 goto out_fput; 280 } 281 rc = ecryptfs_write_headers(ecryptfs_dentry, lower_file); 282 if (rc) { 283 ecryptfs_printk(KERN_DEBUG, "Error writing headers\n"); 284 goto out_fput; 285 } 286 rc = grow_file(ecryptfs_dentry, lower_file, inode, lower_inode); 287 out_fput: 288 fput(lower_file); 289 out: 290 return rc; 291 } 292 293 /** 294 * ecryptfs_create 295 * @dir: The inode of the directory in which to create the file. 296 * @dentry: The eCryptfs dentry 297 * @mode: The mode of the new file. 298 * @nd: nameidata 299 * 300 * Creates a new file. 301 * 302 * Returns zero on success; non-zero on error condition 303 */ 304 static int 305 ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry, 306 int mode, struct nameidata *nd) 307 { 308 int rc; 309 310 rc = ecryptfs_do_create(directory_inode, ecryptfs_dentry, mode, nd); 311 if (unlikely(rc)) { 312 ecryptfs_printk(KERN_WARNING, "Failed to create file in" 313 "lower filesystem\n"); 314 goto out; 315 } 316 /* At this point, a file exists on "disk"; we need to make sure 317 * that this on disk file is prepared to be an ecryptfs file */ 318 rc = ecryptfs_initialize_file(ecryptfs_dentry); 319 out: 320 return rc; 321 } 322 323 /** 324 * ecryptfs_lookup 325 * @dir: inode 326 * @dentry: The dentry 327 * @nd: nameidata, may be NULL 328 * 329 * Find a file on disk. If the file does not exist, then we'll add it to the 330 * dentry cache and continue on to read it from the disk. 331 */ 332 static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry, 333 struct nameidata *nd) 334 { 335 int rc = 0; 336 struct dentry *lower_dir_dentry; 337 struct dentry *lower_dentry; 338 struct vfsmount *lower_mnt; 339 struct dentry *tlower_dentry = NULL; 340 char *encoded_name; 341 unsigned int encoded_namelen; 342 struct ecryptfs_crypt_stat *crypt_stat = NULL; 343 char *page_virt = NULL; 344 struct inode *lower_inode; 345 u64 file_size; 346 347 lower_dir_dentry = ecryptfs_dentry_to_lower(dentry->d_parent); 348 dentry->d_op = &ecryptfs_dops; 349 if ((dentry->d_name.len == 1 && !strcmp(dentry->d_name.name, ".")) 350 || (dentry->d_name.len == 2 && !strcmp(dentry->d_name.name, ".."))) 351 goto out_drop; 352 encoded_namelen = ecryptfs_encode_filename(crypt_stat, 353 dentry->d_name.name, 354 dentry->d_name.len, 355 &encoded_name); 356 if (encoded_namelen < 0) { 357 rc = encoded_namelen; 358 goto out_drop; 359 } 360 ecryptfs_printk(KERN_DEBUG, "encoded_name = [%s]; encoded_namelen " 361 "= [%d]\n", encoded_name, encoded_namelen); 362 lower_dentry = lookup_one_len(encoded_name, lower_dir_dentry, 363 encoded_namelen - 1); 364 kfree(encoded_name); 365 lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent)); 366 if (IS_ERR(lower_dentry)) { 367 ecryptfs_printk(KERN_ERR, "ERR from lower_dentry\n"); 368 rc = PTR_ERR(lower_dentry); 369 goto out_drop; 370 } 371 ecryptfs_printk(KERN_DEBUG, "lower_dentry = [%p]; lower_dentry->" 372 "d_name.name = [%s]\n", lower_dentry, 373 lower_dentry->d_name.name); 374 lower_inode = lower_dentry->d_inode; 375 ecryptfs_copy_attr_atime(dir, lower_dir_dentry->d_inode); 376 BUG_ON(!atomic_read(&lower_dentry->d_count)); 377 ecryptfs_set_dentry_private(dentry, 378 kmem_cache_alloc(ecryptfs_dentry_info_cache, 379 SLAB_KERNEL)); 380 if (!ecryptfs_dentry_to_private(dentry)) { 381 rc = -ENOMEM; 382 ecryptfs_printk(KERN_ERR, "Out of memory whilst attempting " 383 "to allocate ecryptfs_dentry_info struct\n"); 384 goto out_dput; 385 } 386 ecryptfs_set_dentry_lower(dentry, lower_dentry); 387 ecryptfs_set_dentry_lower_mnt(dentry, lower_mnt); 388 if (!lower_dentry->d_inode) { 389 /* We want to add because we couldn't find in lower */ 390 d_add(dentry, NULL); 391 goto out; 392 } 393 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 1); 394 if (rc) { 395 ecryptfs_printk(KERN_ERR, "Error interposing\n"); 396 goto out_dput; 397 } 398 if (S_ISDIR(lower_inode->i_mode)) { 399 ecryptfs_printk(KERN_DEBUG, "Is a directory; returning\n"); 400 goto out; 401 } 402 if (S_ISLNK(lower_inode->i_mode)) { 403 ecryptfs_printk(KERN_DEBUG, "Is a symlink; returning\n"); 404 goto out; 405 } 406 if (!nd) { 407 ecryptfs_printk(KERN_DEBUG, "We have a NULL nd, just leave" 408 "as we *think* we are about to unlink\n"); 409 goto out; 410 } 411 tlower_dentry = dget(lower_dentry); 412 if (!tlower_dentry || IS_ERR(tlower_dentry)) { 413 rc = -ENOMEM; 414 ecryptfs_printk(KERN_ERR, "Cannot dget lower_dentry\n"); 415 goto out_dput; 416 } 417 /* Released in this function */ 418 page_virt = 419 (char *)kmem_cache_alloc(ecryptfs_header_cache_2, 420 SLAB_USER); 421 if (!page_virt) { 422 rc = -ENOMEM; 423 ecryptfs_printk(KERN_ERR, 424 "Cannot ecryptfs_kmalloc a page\n"); 425 goto out_dput; 426 } 427 memset(page_virt, 0, PAGE_CACHE_SIZE); 428 rc = ecryptfs_read_header_region(page_virt, tlower_dentry, nd->mnt); 429 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; 430 if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED)) 431 ecryptfs_set_default_sizes(crypt_stat); 432 if (rc) { 433 rc = 0; 434 ecryptfs_printk(KERN_WARNING, "Error reading header region;" 435 " assuming unencrypted\n"); 436 } else { 437 if (!contains_ecryptfs_marker(page_virt 438 + ECRYPTFS_FILE_SIZE_BYTES)) { 439 kmem_cache_free(ecryptfs_header_cache_2, page_virt); 440 goto out; 441 } 442 memcpy(&file_size, page_virt, sizeof(file_size)); 443 file_size = be64_to_cpu(file_size); 444 i_size_write(dentry->d_inode, (loff_t)file_size); 445 } 446 kmem_cache_free(ecryptfs_header_cache_2, page_virt); 447 goto out; 448 449 out_dput: 450 dput(lower_dentry); 451 if (tlower_dentry) 452 dput(tlower_dentry); 453 out_drop: 454 d_drop(dentry); 455 out: 456 return ERR_PTR(rc); 457 } 458 459 static int ecryptfs_link(struct dentry *old_dentry, struct inode *dir, 460 struct dentry *new_dentry) 461 { 462 struct dentry *lower_old_dentry; 463 struct dentry *lower_new_dentry; 464 struct dentry *lower_dir_dentry; 465 u64 file_size_save; 466 int rc; 467 468 file_size_save = i_size_read(old_dentry->d_inode); 469 lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry); 470 lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry); 471 dget(lower_old_dentry); 472 dget(lower_new_dentry); 473 lower_dir_dentry = lock_parent(lower_new_dentry); 474 rc = vfs_link(lower_old_dentry, lower_dir_dentry->d_inode, 475 lower_new_dentry); 476 if (rc || !lower_new_dentry->d_inode) 477 goto out_lock; 478 rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb, 0); 479 if (rc) 480 goto out_lock; 481 ecryptfs_copy_attr_timesizes(dir, lower_new_dentry->d_inode); 482 old_dentry->d_inode->i_nlink = 483 ecryptfs_inode_to_lower(old_dentry->d_inode)->i_nlink; 484 i_size_write(new_dentry->d_inode, file_size_save); 485 out_lock: 486 unlock_dir(lower_dir_dentry); 487 dput(lower_new_dentry); 488 dput(lower_old_dentry); 489 if (!new_dentry->d_inode) 490 d_drop(new_dentry); 491 return rc; 492 } 493 494 static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry) 495 { 496 int rc = 0; 497 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry); 498 struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir); 499 500 lock_parent(lower_dentry); 501 rc = vfs_unlink(lower_dir_inode, lower_dentry); 502 if (rc) { 503 ecryptfs_printk(KERN_ERR, "Error in vfs_unlink\n"); 504 goto out_unlock; 505 } 506 ecryptfs_copy_attr_times(dir, lower_dir_inode); 507 dentry->d_inode->i_nlink = 508 ecryptfs_inode_to_lower(dentry->d_inode)->i_nlink; 509 dentry->d_inode->i_ctime = dir->i_ctime; 510 out_unlock: 511 unlock_parent(lower_dentry); 512 return rc; 513 } 514 515 static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry, 516 const char *symname) 517 { 518 int rc; 519 struct dentry *lower_dentry; 520 struct dentry *lower_dir_dentry; 521 umode_t mode; 522 char *encoded_symname; 523 unsigned int encoded_symlen; 524 struct ecryptfs_crypt_stat *crypt_stat = NULL; 525 526 lower_dentry = ecryptfs_dentry_to_lower(dentry); 527 dget(lower_dentry); 528 lower_dir_dentry = lock_parent(lower_dentry); 529 mode = S_IALLUGO; 530 encoded_symlen = ecryptfs_encode_filename(crypt_stat, symname, 531 strlen(symname), 532 &encoded_symname); 533 if (encoded_symlen < 0) { 534 rc = encoded_symlen; 535 goto out_lock; 536 } 537 rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry, 538 encoded_symname, mode); 539 kfree(encoded_symname); 540 if (rc || !lower_dentry->d_inode) 541 goto out_lock; 542 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0); 543 if (rc) 544 goto out_lock; 545 ecryptfs_copy_attr_timesizes(dir, lower_dir_dentry->d_inode); 546 out_lock: 547 unlock_dir(lower_dir_dentry); 548 dput(lower_dentry); 549 if (!dentry->d_inode) 550 d_drop(dentry); 551 return rc; 552 } 553 554 static int ecryptfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) 555 { 556 int rc; 557 struct dentry *lower_dentry; 558 struct dentry *lower_dir_dentry; 559 560 lower_dentry = ecryptfs_dentry_to_lower(dentry); 561 lower_dir_dentry = lock_parent(lower_dentry); 562 rc = vfs_mkdir(lower_dir_dentry->d_inode, lower_dentry, mode); 563 if (rc || !lower_dentry->d_inode) 564 goto out; 565 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0); 566 if (rc) 567 goto out; 568 ecryptfs_copy_attr_timesizes(dir, lower_dir_dentry->d_inode); 569 dir->i_nlink = lower_dir_dentry->d_inode->i_nlink; 570 out: 571 unlock_dir(lower_dir_dentry); 572 if (!dentry->d_inode) 573 d_drop(dentry); 574 return rc; 575 } 576 577 static int ecryptfs_rmdir(struct inode *dir, struct dentry *dentry) 578 { 579 int rc = 0; 580 struct dentry *tdentry = NULL; 581 struct dentry *lower_dentry; 582 struct dentry *tlower_dentry = NULL; 583 struct dentry *lower_dir_dentry; 584 585 lower_dentry = ecryptfs_dentry_to_lower(dentry); 586 if (!(tdentry = dget(dentry))) { 587 rc = -EINVAL; 588 ecryptfs_printk(KERN_ERR, "Error dget'ing dentry [%p]\n", 589 dentry); 590 goto out; 591 } 592 lower_dir_dentry = lock_parent(lower_dentry); 593 if (!(tlower_dentry = dget(lower_dentry))) { 594 rc = -EINVAL; 595 ecryptfs_printk(KERN_ERR, "Error dget'ing lower_dentry " 596 "[%p]\n", lower_dentry); 597 goto out; 598 } 599 rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry); 600 if (!rc) { 601 d_delete(tlower_dentry); 602 tlower_dentry = NULL; 603 } 604 ecryptfs_copy_attr_times(dir, lower_dir_dentry->d_inode); 605 dir->i_nlink = lower_dir_dentry->d_inode->i_nlink; 606 unlock_dir(lower_dir_dentry); 607 if (!rc) 608 d_drop(dentry); 609 out: 610 if (tdentry) 611 dput(tdentry); 612 if (tlower_dentry) 613 dput(tlower_dentry); 614 return rc; 615 } 616 617 static int 618 ecryptfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) 619 { 620 int rc; 621 struct dentry *lower_dentry; 622 struct dentry *lower_dir_dentry; 623 624 lower_dentry = ecryptfs_dentry_to_lower(dentry); 625 lower_dir_dentry = lock_parent(lower_dentry); 626 rc = vfs_mknod(lower_dir_dentry->d_inode, lower_dentry, mode, dev); 627 if (rc || !lower_dentry->d_inode) 628 goto out; 629 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0); 630 if (rc) 631 goto out; 632 ecryptfs_copy_attr_timesizes(dir, lower_dir_dentry->d_inode); 633 out: 634 unlock_dir(lower_dir_dentry); 635 if (!dentry->d_inode) 636 d_drop(dentry); 637 return rc; 638 } 639 640 static int 641 ecryptfs_rename(struct inode *old_dir, struct dentry *old_dentry, 642 struct inode *new_dir, struct dentry *new_dentry) 643 { 644 int rc; 645 struct dentry *lower_old_dentry; 646 struct dentry *lower_new_dentry; 647 struct dentry *lower_old_dir_dentry; 648 struct dentry *lower_new_dir_dentry; 649 650 lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry); 651 lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry); 652 dget(lower_old_dentry); 653 dget(lower_new_dentry); 654 lower_old_dir_dentry = dget_parent(lower_old_dentry); 655 lower_new_dir_dentry = dget_parent(lower_new_dentry); 656 lock_rename(lower_old_dir_dentry, lower_new_dir_dentry); 657 rc = vfs_rename(lower_old_dir_dentry->d_inode, lower_old_dentry, 658 lower_new_dir_dentry->d_inode, lower_new_dentry); 659 if (rc) 660 goto out_lock; 661 ecryptfs_copy_attr_all(new_dir, lower_new_dir_dentry->d_inode); 662 if (new_dir != old_dir) 663 ecryptfs_copy_attr_all(old_dir, lower_old_dir_dentry->d_inode); 664 out_lock: 665 unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry); 666 dput(lower_new_dentry); 667 dput(lower_old_dentry); 668 return rc; 669 } 670 671 static int 672 ecryptfs_readlink(struct dentry *dentry, char __user * buf, int bufsiz) 673 { 674 int rc; 675 struct dentry *lower_dentry; 676 char *decoded_name; 677 char *lower_buf; 678 mm_segment_t old_fs; 679 struct ecryptfs_crypt_stat *crypt_stat; 680 681 lower_dentry = ecryptfs_dentry_to_lower(dentry); 682 if (!lower_dentry->d_inode->i_op || 683 !lower_dentry->d_inode->i_op->readlink) { 684 rc = -EINVAL; 685 goto out; 686 } 687 /* Released in this function */ 688 lower_buf = kmalloc(bufsiz, GFP_KERNEL); 689 if (lower_buf == NULL) { 690 ecryptfs_printk(KERN_ERR, "Out of memory\n"); 691 rc = -ENOMEM; 692 goto out; 693 } 694 old_fs = get_fs(); 695 set_fs(get_ds()); 696 ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ " 697 "lower_dentry->d_name.name = [%s]\n", 698 lower_dentry->d_name.name); 699 rc = lower_dentry->d_inode->i_op->readlink(lower_dentry, 700 (char __user *)lower_buf, 701 bufsiz); 702 set_fs(old_fs); 703 if (rc >= 0) { 704 crypt_stat = NULL; 705 rc = ecryptfs_decode_filename(crypt_stat, lower_buf, rc, 706 &decoded_name); 707 if (rc == -ENOMEM) 708 goto out_free_lower_buf; 709 if (rc > 0) { 710 ecryptfs_printk(KERN_DEBUG, "Copying [%d] bytes " 711 "to userspace: [%*s]\n", rc, 712 decoded_name); 713 if (copy_to_user(buf, decoded_name, rc)) 714 rc = -EFAULT; 715 } 716 kfree(decoded_name); 717 ecryptfs_copy_attr_atime(dentry->d_inode, 718 lower_dentry->d_inode); 719 } 720 out_free_lower_buf: 721 kfree(lower_buf); 722 out: 723 return rc; 724 } 725 726 static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd) 727 { 728 char *buf; 729 int len = PAGE_SIZE, rc; 730 mm_segment_t old_fs; 731 732 /* Released in ecryptfs_put_link(); only release here on error */ 733 buf = kmalloc(len, GFP_KERNEL); 734 if (!buf) { 735 rc = -ENOMEM; 736 goto out; 737 } 738 old_fs = get_fs(); 739 set_fs(get_ds()); 740 ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ " 741 "dentry->d_name.name = [%s]\n", dentry->d_name.name); 742 rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len); 743 buf[rc] = '\0'; 744 set_fs(old_fs); 745 if (rc < 0) 746 goto out_free; 747 rc = 0; 748 nd_set_link(nd, buf); 749 goto out; 750 out_free: 751 kfree(buf); 752 out: 753 return ERR_PTR(rc); 754 } 755 756 static void 757 ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr) 758 { 759 /* Free the char* */ 760 kfree(nd_get_link(nd)); 761 } 762 763 /** 764 * upper_size_to_lower_size 765 * @crypt_stat: Crypt_stat associated with file 766 * @upper_size: Size of the upper file 767 * 768 * Calculate the requried size of the lower file based on the 769 * specified size of the upper file. This calculation is based on the 770 * number of headers in the underlying file and the extent size. 771 * 772 * Returns Calculated size of the lower file. 773 */ 774 static loff_t 775 upper_size_to_lower_size(struct ecryptfs_crypt_stat *crypt_stat, 776 loff_t upper_size) 777 { 778 loff_t lower_size; 779 780 lower_size = ( crypt_stat->header_extent_size 781 * crypt_stat->num_header_extents_at_front ); 782 if (upper_size != 0) { 783 loff_t num_extents; 784 785 num_extents = upper_size >> crypt_stat->extent_shift; 786 if (upper_size & ~crypt_stat->extent_mask) 787 num_extents++; 788 lower_size += (num_extents * crypt_stat->extent_size); 789 } 790 return lower_size; 791 } 792 793 /** 794 * ecryptfs_truncate 795 * @dentry: The ecryptfs layer dentry 796 * @new_length: The length to expand the file to 797 * 798 * Function to handle truncations modifying the size of the file. Note 799 * that the file sizes are interpolated. When expanding, we are simply 800 * writing strings of 0's out. When truncating, we need to modify the 801 * underlying file size according to the page index interpolations. 802 * 803 * Returns zero on success; non-zero otherwise 804 */ 805 int ecryptfs_truncate(struct dentry *dentry, loff_t new_length) 806 { 807 int rc = 0; 808 struct inode *inode = dentry->d_inode; 809 struct dentry *lower_dentry; 810 struct vfsmount *lower_mnt; 811 struct file fake_ecryptfs_file, *lower_file = NULL; 812 struct ecryptfs_crypt_stat *crypt_stat; 813 loff_t i_size = i_size_read(inode); 814 loff_t lower_size_before_truncate; 815 loff_t lower_size_after_truncate; 816 817 if (unlikely((new_length == i_size))) 818 goto out; 819 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; 820 /* Set up a fake ecryptfs file, this is used to interface with 821 * the file in the underlying filesystem so that the 822 * truncation has an effect there as well. */ 823 memset(&fake_ecryptfs_file, 0, sizeof(fake_ecryptfs_file)); 824 fake_ecryptfs_file.f_dentry = dentry; 825 /* Released at out_free: label */ 826 ecryptfs_set_file_private(&fake_ecryptfs_file, 827 kmem_cache_alloc(ecryptfs_file_info_cache, 828 SLAB_KERNEL)); 829 if (unlikely(!ecryptfs_file_to_private(&fake_ecryptfs_file))) { 830 rc = -ENOMEM; 831 goto out; 832 } 833 lower_dentry = ecryptfs_dentry_to_lower(dentry); 834 /* This dget & mntget is released through fput at out_fput: */ 835 dget(lower_dentry); 836 lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); 837 mntget(lower_mnt); 838 lower_file = dentry_open(lower_dentry, lower_mnt, O_RDWR); 839 if (unlikely(IS_ERR(lower_file))) { 840 rc = PTR_ERR(lower_file); 841 goto out_free; 842 } 843 ecryptfs_set_file_lower(&fake_ecryptfs_file, lower_file); 844 /* Switch on growing or shrinking file */ 845 if (new_length > i_size) { 846 rc = ecryptfs_fill_zeros(&fake_ecryptfs_file, new_length); 847 if (rc) { 848 ecryptfs_printk(KERN_ERR, 849 "Problem with fill_zeros\n"); 850 goto out_fput; 851 } 852 i_size_write(inode, new_length); 853 rc = ecryptfs_write_inode_size_to_header(lower_file, 854 lower_dentry->d_inode, 855 inode); 856 if (rc) { 857 ecryptfs_printk(KERN_ERR, 858 "Problem with ecryptfs_write" 859 "_inode_size\n"); 860 goto out_fput; 861 } 862 } else { /* new_length < i_size_read(inode) */ 863 vmtruncate(inode, new_length); 864 ecryptfs_write_inode_size_to_header(lower_file, 865 lower_dentry->d_inode, 866 inode); 867 /* We are reducing the size of the ecryptfs file, and need to 868 * know if we need to reduce the size of the lower file. */ 869 lower_size_before_truncate = 870 upper_size_to_lower_size(crypt_stat, i_size); 871 lower_size_after_truncate = 872 upper_size_to_lower_size(crypt_stat, new_length); 873 if (lower_size_after_truncate < lower_size_before_truncate) 874 vmtruncate(lower_dentry->d_inode, 875 lower_size_after_truncate); 876 } 877 /* Update the access times */ 878 lower_dentry->d_inode->i_mtime = lower_dentry->d_inode->i_ctime 879 = CURRENT_TIME; 880 mark_inode_dirty_sync(inode); 881 out_fput: 882 fput(lower_file); 883 out_free: 884 if (ecryptfs_file_to_private(&fake_ecryptfs_file)) 885 kmem_cache_free(ecryptfs_file_info_cache, 886 ecryptfs_file_to_private(&fake_ecryptfs_file)); 887 out: 888 return rc; 889 } 890 891 static int 892 ecryptfs_permission(struct inode *inode, int mask, struct nameidata *nd) 893 { 894 int rc; 895 896 if (nd) { 897 struct vfsmount *vfsmnt_save = nd->mnt; 898 struct dentry *dentry_save = nd->dentry; 899 900 nd->mnt = ecryptfs_dentry_to_lower_mnt(nd->dentry); 901 nd->dentry = ecryptfs_dentry_to_lower(nd->dentry); 902 rc = permission(ecryptfs_inode_to_lower(inode), mask, nd); 903 nd->mnt = vfsmnt_save; 904 nd->dentry = dentry_save; 905 } else 906 rc = permission(ecryptfs_inode_to_lower(inode), mask, NULL); 907 return rc; 908 } 909 910 /** 911 * ecryptfs_setattr 912 * @dentry: dentry handle to the inode to modify 913 * @ia: Structure with flags of what to change and values 914 * 915 * Updates the metadata of an inode. If the update is to the size 916 * i.e. truncation, then ecryptfs_truncate will handle the size modification 917 * of both the ecryptfs inode and the lower inode. 918 * 919 * All other metadata changes will be passed right to the lower filesystem, 920 * and we will just update our inode to look like the lower. 921 */ 922 static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia) 923 { 924 int rc = 0; 925 struct dentry *lower_dentry; 926 struct inode *inode; 927 struct inode *lower_inode; 928 struct ecryptfs_crypt_stat *crypt_stat; 929 930 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; 931 lower_dentry = ecryptfs_dentry_to_lower(dentry); 932 inode = dentry->d_inode; 933 lower_inode = ecryptfs_inode_to_lower(inode); 934 if (ia->ia_valid & ATTR_SIZE) { 935 ecryptfs_printk(KERN_DEBUG, 936 "ia->ia_valid = [0x%x] ATTR_SIZE" " = [0x%x]\n", 937 ia->ia_valid, ATTR_SIZE); 938 rc = ecryptfs_truncate(dentry, ia->ia_size); 939 /* ecryptfs_truncate handles resizing of the lower file */ 940 ia->ia_valid &= ~ATTR_SIZE; 941 ecryptfs_printk(KERN_DEBUG, "ia->ia_valid = [%x]\n", 942 ia->ia_valid); 943 if (rc < 0) 944 goto out; 945 } 946 rc = notify_change(lower_dentry, ia); 947 out: 948 ecryptfs_copy_attr_all(inode, lower_inode); 949 return rc; 950 } 951 952 static int 953 ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value, 954 size_t size, int flags) 955 { 956 int rc = 0; 957 struct dentry *lower_dentry; 958 959 lower_dentry = ecryptfs_dentry_to_lower(dentry); 960 if (!lower_dentry->d_inode->i_op->setxattr) { 961 rc = -ENOSYS; 962 goto out; 963 } 964 mutex_lock(&lower_dentry->d_inode->i_mutex); 965 rc = lower_dentry->d_inode->i_op->setxattr(lower_dentry, name, value, 966 size, flags); 967 mutex_unlock(&lower_dentry->d_inode->i_mutex); 968 out: 969 return rc; 970 } 971 972 static ssize_t 973 ecryptfs_getxattr(struct dentry *dentry, const char *name, void *value, 974 size_t size) 975 { 976 int rc = 0; 977 struct dentry *lower_dentry; 978 979 lower_dentry = ecryptfs_dentry_to_lower(dentry); 980 if (!lower_dentry->d_inode->i_op->getxattr) { 981 rc = -ENOSYS; 982 goto out; 983 } 984 mutex_lock(&lower_dentry->d_inode->i_mutex); 985 rc = lower_dentry->d_inode->i_op->getxattr(lower_dentry, name, value, 986 size); 987 mutex_unlock(&lower_dentry->d_inode->i_mutex); 988 out: 989 return rc; 990 } 991 992 static ssize_t 993 ecryptfs_listxattr(struct dentry *dentry, char *list, size_t size) 994 { 995 int rc = 0; 996 struct dentry *lower_dentry; 997 998 lower_dentry = ecryptfs_dentry_to_lower(dentry); 999 if (!lower_dentry->d_inode->i_op->listxattr) { 1000 rc = -ENOSYS; 1001 goto out; 1002 } 1003 mutex_lock(&lower_dentry->d_inode->i_mutex); 1004 rc = lower_dentry->d_inode->i_op->listxattr(lower_dentry, list, size); 1005 mutex_unlock(&lower_dentry->d_inode->i_mutex); 1006 out: 1007 return rc; 1008 } 1009 1010 static int ecryptfs_removexattr(struct dentry *dentry, const char *name) 1011 { 1012 int rc = 0; 1013 struct dentry *lower_dentry; 1014 1015 lower_dentry = ecryptfs_dentry_to_lower(dentry); 1016 if (!lower_dentry->d_inode->i_op->removexattr) { 1017 rc = -ENOSYS; 1018 goto out; 1019 } 1020 mutex_lock(&lower_dentry->d_inode->i_mutex); 1021 rc = lower_dentry->d_inode->i_op->removexattr(lower_dentry, name); 1022 mutex_unlock(&lower_dentry->d_inode->i_mutex); 1023 out: 1024 return rc; 1025 } 1026 1027 int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode) 1028 { 1029 if ((ecryptfs_inode_to_lower(inode) 1030 == (struct inode *)candidate_lower_inode)) 1031 return 1; 1032 else 1033 return 0; 1034 } 1035 1036 int ecryptfs_inode_set(struct inode *inode, void *lower_inode) 1037 { 1038 ecryptfs_init_inode(inode, (struct inode *)lower_inode); 1039 return 0; 1040 } 1041 1042 struct inode_operations ecryptfs_symlink_iops = { 1043 .readlink = ecryptfs_readlink, 1044 .follow_link = ecryptfs_follow_link, 1045 .put_link = ecryptfs_put_link, 1046 .permission = ecryptfs_permission, 1047 .setattr = ecryptfs_setattr, 1048 .setxattr = ecryptfs_setxattr, 1049 .getxattr = ecryptfs_getxattr, 1050 .listxattr = ecryptfs_listxattr, 1051 .removexattr = ecryptfs_removexattr 1052 }; 1053 1054 struct inode_operations ecryptfs_dir_iops = { 1055 .create = ecryptfs_create, 1056 .lookup = ecryptfs_lookup, 1057 .link = ecryptfs_link, 1058 .unlink = ecryptfs_unlink, 1059 .symlink = ecryptfs_symlink, 1060 .mkdir = ecryptfs_mkdir, 1061 .rmdir = ecryptfs_rmdir, 1062 .mknod = ecryptfs_mknod, 1063 .rename = ecryptfs_rename, 1064 .permission = ecryptfs_permission, 1065 .setattr = ecryptfs_setattr, 1066 .setxattr = ecryptfs_setxattr, 1067 .getxattr = ecryptfs_getxattr, 1068 .listxattr = ecryptfs_listxattr, 1069 .removexattr = ecryptfs_removexattr 1070 }; 1071 1072 struct inode_operations ecryptfs_main_iops = { 1073 .permission = ecryptfs_permission, 1074 .setattr = ecryptfs_setattr, 1075 .setxattr = ecryptfs_setxattr, 1076 .getxattr = ecryptfs_getxattr, 1077 .listxattr = ecryptfs_listxattr, 1078 .removexattr = ecryptfs_removexattr 1079 }; 1080