1 /** 2 * eCryptfs: Linux filesystem encryption layer 3 * 4 * Copyright (C) 1997-2004 Erez Zadok 5 * Copyright (C) 2001-2004 Stony Brook University 6 * Copyright (C) 2004-2006 International Business Machines Corp. 7 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> 8 * Michael C. Thompsion <mcthomps@us.ibm.com> 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License as 12 * published by the Free Software Foundation; either version 2 of the 13 * License, or (at your option) any later version. 14 * 15 * This program is distributed in the hope that it will be useful, but 16 * WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 * General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program; if not, write to the Free Software 22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 23 * 02111-1307, USA. 24 */ 25 26 #include <linux/file.h> 27 #include <linux/vmalloc.h> 28 #include <linux/pagemap.h> 29 #include <linux/dcache.h> 30 #include <linux/namei.h> 31 #include <linux/mount.h> 32 #include <linux/crypto.h> 33 #include "ecryptfs_kernel.h" 34 35 static struct dentry *lock_parent(struct dentry *dentry) 36 { 37 struct dentry *dir; 38 39 dir = dget(dentry->d_parent); 40 mutex_lock(&(dir->d_inode->i_mutex)); 41 return dir; 42 } 43 44 static void unlock_parent(struct dentry *dentry) 45 { 46 mutex_unlock(&(dentry->d_parent->d_inode->i_mutex)); 47 dput(dentry->d_parent); 48 } 49 50 static void unlock_dir(struct dentry *dir) 51 { 52 mutex_unlock(&dir->d_inode->i_mutex); 53 dput(dir); 54 } 55 56 void ecryptfs_copy_inode_size(struct inode *dst, const struct inode *src) 57 { 58 i_size_write(dst, i_size_read((struct inode *)src)); 59 dst->i_blocks = src->i_blocks; 60 } 61 62 void ecryptfs_copy_attr_atime(struct inode *dest, const struct inode *src) 63 { 64 dest->i_atime = src->i_atime; 65 } 66 67 static void ecryptfs_copy_attr_times(struct inode *dest, 68 const struct inode *src) 69 { 70 dest->i_atime = src->i_atime; 71 dest->i_mtime = src->i_mtime; 72 dest->i_ctime = src->i_ctime; 73 } 74 75 static void ecryptfs_copy_attr_timesizes(struct inode *dest, 76 const struct inode *src) 77 { 78 dest->i_atime = src->i_atime; 79 dest->i_mtime = src->i_mtime; 80 dest->i_ctime = src->i_ctime; 81 ecryptfs_copy_inode_size(dest, src); 82 } 83 84 void ecryptfs_copy_attr_all(struct inode *dest, const struct inode *src) 85 { 86 dest->i_mode = src->i_mode; 87 dest->i_nlink = src->i_nlink; 88 dest->i_uid = src->i_uid; 89 dest->i_gid = src->i_gid; 90 dest->i_rdev = src->i_rdev; 91 dest->i_atime = src->i_atime; 92 dest->i_mtime = src->i_mtime; 93 dest->i_ctime = src->i_ctime; 94 dest->i_blkbits = src->i_blkbits; 95 dest->i_flags = src->i_flags; 96 } 97 98 /** 99 * ecryptfs_create_underlying_file 100 * @lower_dir_inode: inode of the parent in the lower fs of the new file 101 * @lower_dentry: New file's dentry in the lower fs 102 * @ecryptfs_dentry: New file's dentry in ecryptfs 103 * @mode: The mode of the new file 104 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount 105 * 106 * Creates the file in the lower file system. 107 * 108 * Returns zero on success; non-zero on error condition 109 */ 110 static int 111 ecryptfs_create_underlying_file(struct inode *lower_dir_inode, 112 struct dentry *dentry, int mode, 113 struct nameidata *nd) 114 { 115 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry); 116 struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); 117 struct dentry *dentry_save; 118 struct vfsmount *vfsmount_save; 119 int rc; 120 121 dentry_save = nd->dentry; 122 vfsmount_save = nd->mnt; 123 nd->dentry = lower_dentry; 124 nd->mnt = lower_mnt; 125 rc = vfs_create(lower_dir_inode, lower_dentry, mode, nd); 126 nd->dentry = dentry_save; 127 nd->mnt = vfsmount_save; 128 return rc; 129 } 130 131 /** 132 * ecryptfs_do_create 133 * @directory_inode: inode of the new file's dentry's parent in ecryptfs 134 * @ecryptfs_dentry: New file's dentry in ecryptfs 135 * @mode: The mode of the new file 136 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount 137 * 138 * Creates the underlying file and the eCryptfs inode which will link to 139 * it. It will also update the eCryptfs directory inode to mimic the 140 * stat of the lower directory inode. 141 * 142 * Returns zero on success; non-zero on error condition 143 */ 144 static int 145 ecryptfs_do_create(struct inode *directory_inode, 146 struct dentry *ecryptfs_dentry, int mode, 147 struct nameidata *nd) 148 { 149 int rc; 150 struct dentry *lower_dentry; 151 struct dentry *lower_dir_dentry; 152 153 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); 154 lower_dir_dentry = lock_parent(lower_dentry); 155 if (unlikely(IS_ERR(lower_dir_dentry))) { 156 ecryptfs_printk(KERN_ERR, "Error locking directory of " 157 "dentry\n"); 158 rc = PTR_ERR(lower_dir_dentry); 159 goto out; 160 } 161 rc = ecryptfs_create_underlying_file(lower_dir_dentry->d_inode, 162 ecryptfs_dentry, mode, nd); 163 if (unlikely(rc)) { 164 ecryptfs_printk(KERN_ERR, 165 "Failure to create underlying file\n"); 166 goto out_lock; 167 } 168 rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry, 169 directory_inode->i_sb, 0); 170 if (rc) { 171 ecryptfs_printk(KERN_ERR, "Failure in ecryptfs_interpose\n"); 172 goto out_lock; 173 } 174 ecryptfs_copy_attr_timesizes(directory_inode, 175 lower_dir_dentry->d_inode); 176 out_lock: 177 unlock_dir(lower_dir_dentry); 178 out: 179 return rc; 180 } 181 182 /** 183 * grow_file 184 * @ecryptfs_dentry: the ecryptfs dentry 185 * @lower_file: The lower file 186 * @inode: The ecryptfs inode 187 * @lower_inode: The lower inode 188 * 189 * This is the code which will grow the file to its correct size. 190 */ 191 static int grow_file(struct dentry *ecryptfs_dentry, struct file *lower_file, 192 struct inode *inode, struct inode *lower_inode) 193 { 194 int rc = 0; 195 struct file fake_file; 196 struct ecryptfs_file_info tmp_file_info; 197 198 memset(&fake_file, 0, sizeof(fake_file)); 199 fake_file.f_dentry = ecryptfs_dentry; 200 memset(&tmp_file_info, 0, sizeof(tmp_file_info)); 201 ecryptfs_set_file_private(&fake_file, &tmp_file_info); 202 ecryptfs_set_file_lower(&fake_file, lower_file); 203 rc = ecryptfs_fill_zeros(&fake_file, 1); 204 if (rc) { 205 ECRYPTFS_SET_FLAG( 206 ecryptfs_inode_to_private(inode)->crypt_stat.flags, 207 ECRYPTFS_SECURITY_WARNING); 208 ecryptfs_printk(KERN_WARNING, "Error attempting to fill zeros " 209 "in file; rc = [%d]\n", rc); 210 goto out; 211 } 212 i_size_write(inode, 0); 213 ecryptfs_write_inode_size_to_header(lower_file, lower_inode, inode); 214 ECRYPTFS_SET_FLAG(ecryptfs_inode_to_private(inode)->crypt_stat.flags, 215 ECRYPTFS_NEW_FILE); 216 out: 217 return rc; 218 } 219 220 /** 221 * ecryptfs_initialize_file 222 * 223 * Cause the file to be changed from a basic empty file to an ecryptfs 224 * file with a header and first data page. 225 * 226 * Returns zero on success 227 */ 228 static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry) 229 { 230 int rc = 0; 231 int lower_flags; 232 struct ecryptfs_crypt_stat *crypt_stat; 233 struct dentry *lower_dentry; 234 struct file *lower_file; 235 struct inode *inode, *lower_inode; 236 struct vfsmount *lower_mnt; 237 238 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); 239 ecryptfs_printk(KERN_DEBUG, "lower_dentry->d_name.name = [%s]\n", 240 lower_dentry->d_name.name); 241 inode = ecryptfs_dentry->d_inode; 242 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; 243 lower_flags = ((O_CREAT | O_WRONLY | O_TRUNC) & O_ACCMODE) | O_RDWR; 244 #if BITS_PER_LONG != 32 245 lower_flags |= O_LARGEFILE; 246 #endif 247 lower_mnt = ecryptfs_dentry_to_lower_mnt(ecryptfs_dentry); 248 /* Corresponding fput() at end of this function */ 249 if ((rc = ecryptfs_open_lower_file(&lower_file, lower_dentry, lower_mnt, 250 lower_flags))) { 251 ecryptfs_printk(KERN_ERR, 252 "Error opening dentry; rc = [%i]\n", rc); 253 goto out; 254 } 255 lower_inode = lower_dentry->d_inode; 256 if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) { 257 ecryptfs_printk(KERN_DEBUG, "This is a directory\n"); 258 ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED); 259 goto out_fput; 260 } 261 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE); 262 ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n"); 263 rc = ecryptfs_new_file_context(ecryptfs_dentry); 264 if (rc) { 265 ecryptfs_printk(KERN_DEBUG, "Error creating new file " 266 "context\n"); 267 goto out_fput; 268 } 269 rc = ecryptfs_write_headers(ecryptfs_dentry, lower_file); 270 if (rc) { 271 ecryptfs_printk(KERN_DEBUG, "Error writing headers\n"); 272 goto out_fput; 273 } 274 rc = grow_file(ecryptfs_dentry, lower_file, inode, lower_inode); 275 out_fput: 276 if ((rc = ecryptfs_close_lower_file(lower_file))) 277 printk(KERN_ERR "Error closing lower_file\n"); 278 out: 279 return rc; 280 } 281 282 /** 283 * ecryptfs_create 284 * @dir: The inode of the directory in which to create the file. 285 * @dentry: The eCryptfs dentry 286 * @mode: The mode of the new file. 287 * @nd: nameidata 288 * 289 * Creates a new file. 290 * 291 * Returns zero on success; non-zero on error condition 292 */ 293 static int 294 ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry, 295 int mode, struct nameidata *nd) 296 { 297 int rc; 298 299 rc = ecryptfs_do_create(directory_inode, ecryptfs_dentry, mode, nd); 300 if (unlikely(rc)) { 301 ecryptfs_printk(KERN_WARNING, "Failed to create file in" 302 "lower filesystem\n"); 303 goto out; 304 } 305 /* At this point, a file exists on "disk"; we need to make sure 306 * that this on disk file is prepared to be an ecryptfs file */ 307 rc = ecryptfs_initialize_file(ecryptfs_dentry); 308 out: 309 return rc; 310 } 311 312 /** 313 * ecryptfs_lookup 314 * @dir: inode 315 * @dentry: The dentry 316 * @nd: nameidata, may be NULL 317 * 318 * Find a file on disk. If the file does not exist, then we'll add it to the 319 * dentry cache and continue on to read it from the disk. 320 */ 321 static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry, 322 struct nameidata *nd) 323 { 324 int rc = 0; 325 struct dentry *lower_dir_dentry; 326 struct dentry *lower_dentry; 327 struct vfsmount *lower_mnt; 328 struct dentry *tlower_dentry = NULL; 329 char *encoded_name; 330 unsigned int encoded_namelen; 331 struct ecryptfs_crypt_stat *crypt_stat = NULL; 332 char *page_virt = NULL; 333 struct inode *lower_inode; 334 u64 file_size; 335 336 lower_dir_dentry = ecryptfs_dentry_to_lower(dentry->d_parent); 337 dentry->d_op = &ecryptfs_dops; 338 if ((dentry->d_name.len == 1 && !strcmp(dentry->d_name.name, ".")) 339 || (dentry->d_name.len == 2 && !strcmp(dentry->d_name.name, ".."))) 340 goto out_drop; 341 encoded_namelen = ecryptfs_encode_filename(crypt_stat, 342 dentry->d_name.name, 343 dentry->d_name.len, 344 &encoded_name); 345 if (encoded_namelen < 0) { 346 rc = encoded_namelen; 347 goto out_drop; 348 } 349 ecryptfs_printk(KERN_DEBUG, "encoded_name = [%s]; encoded_namelen " 350 "= [%d]\n", encoded_name, encoded_namelen); 351 lower_dentry = lookup_one_len(encoded_name, lower_dir_dentry, 352 encoded_namelen - 1); 353 kfree(encoded_name); 354 lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent)); 355 if (IS_ERR(lower_dentry)) { 356 ecryptfs_printk(KERN_ERR, "ERR from lower_dentry\n"); 357 rc = PTR_ERR(lower_dentry); 358 goto out_drop; 359 } 360 ecryptfs_printk(KERN_DEBUG, "lower_dentry = [%p]; lower_dentry->" 361 "d_name.name = [%s]\n", lower_dentry, 362 lower_dentry->d_name.name); 363 lower_inode = lower_dentry->d_inode; 364 ecryptfs_copy_attr_atime(dir, lower_dir_dentry->d_inode); 365 BUG_ON(!atomic_read(&lower_dentry->d_count)); 366 ecryptfs_set_dentry_private(dentry, 367 kmem_cache_alloc(ecryptfs_dentry_info_cache, 368 SLAB_KERNEL)); 369 if (!ecryptfs_dentry_to_private(dentry)) { 370 rc = -ENOMEM; 371 ecryptfs_printk(KERN_ERR, "Out of memory whilst attempting " 372 "to allocate ecryptfs_dentry_info struct\n"); 373 goto out_dput; 374 } 375 ecryptfs_set_dentry_lower(dentry, lower_dentry); 376 ecryptfs_set_dentry_lower_mnt(dentry, lower_mnt); 377 if (!lower_dentry->d_inode) { 378 /* We want to add because we couldn't find in lower */ 379 d_add(dentry, NULL); 380 goto out; 381 } 382 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 1); 383 if (rc) { 384 ecryptfs_printk(KERN_ERR, "Error interposing\n"); 385 goto out_dput; 386 } 387 if (S_ISDIR(lower_inode->i_mode)) { 388 ecryptfs_printk(KERN_DEBUG, "Is a directory; returning\n"); 389 goto out; 390 } 391 if (S_ISLNK(lower_inode->i_mode)) { 392 ecryptfs_printk(KERN_DEBUG, "Is a symlink; returning\n"); 393 goto out; 394 } 395 if (!nd) { 396 ecryptfs_printk(KERN_DEBUG, "We have a NULL nd, just leave" 397 "as we *think* we are about to unlink\n"); 398 goto out; 399 } 400 tlower_dentry = dget(lower_dentry); 401 if (!tlower_dentry || IS_ERR(tlower_dentry)) { 402 rc = -ENOMEM; 403 ecryptfs_printk(KERN_ERR, "Cannot dget lower_dentry\n"); 404 goto out_dput; 405 } 406 /* Released in this function */ 407 page_virt = 408 (char *)kmem_cache_alloc(ecryptfs_header_cache_2, 409 SLAB_USER); 410 if (!page_virt) { 411 rc = -ENOMEM; 412 ecryptfs_printk(KERN_ERR, 413 "Cannot ecryptfs_kmalloc a page\n"); 414 goto out_dput; 415 } 416 memset(page_virt, 0, PAGE_CACHE_SIZE); 417 rc = ecryptfs_read_header_region(page_virt, tlower_dentry, nd->mnt); 418 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; 419 if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED)) 420 ecryptfs_set_default_sizes(crypt_stat); 421 if (rc) { 422 rc = 0; 423 ecryptfs_printk(KERN_WARNING, "Error reading header region;" 424 " assuming unencrypted\n"); 425 } else { 426 if (!contains_ecryptfs_marker(page_virt 427 + ECRYPTFS_FILE_SIZE_BYTES)) { 428 kmem_cache_free(ecryptfs_header_cache_2, page_virt); 429 goto out; 430 } 431 memcpy(&file_size, page_virt, sizeof(file_size)); 432 file_size = be64_to_cpu(file_size); 433 i_size_write(dentry->d_inode, (loff_t)file_size); 434 } 435 kmem_cache_free(ecryptfs_header_cache_2, page_virt); 436 goto out; 437 438 out_dput: 439 dput(lower_dentry); 440 if (tlower_dentry) 441 dput(tlower_dentry); 442 out_drop: 443 d_drop(dentry); 444 out: 445 return ERR_PTR(rc); 446 } 447 448 static int ecryptfs_link(struct dentry *old_dentry, struct inode *dir, 449 struct dentry *new_dentry) 450 { 451 struct dentry *lower_old_dentry; 452 struct dentry *lower_new_dentry; 453 struct dentry *lower_dir_dentry; 454 u64 file_size_save; 455 int rc; 456 457 file_size_save = i_size_read(old_dentry->d_inode); 458 lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry); 459 lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry); 460 dget(lower_old_dentry); 461 dget(lower_new_dentry); 462 lower_dir_dentry = lock_parent(lower_new_dentry); 463 rc = vfs_link(lower_old_dentry, lower_dir_dentry->d_inode, 464 lower_new_dentry); 465 if (rc || !lower_new_dentry->d_inode) 466 goto out_lock; 467 rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb, 0); 468 if (rc) 469 goto out_lock; 470 ecryptfs_copy_attr_timesizes(dir, lower_new_dentry->d_inode); 471 old_dentry->d_inode->i_nlink = 472 ecryptfs_inode_to_lower(old_dentry->d_inode)->i_nlink; 473 i_size_write(new_dentry->d_inode, file_size_save); 474 out_lock: 475 unlock_dir(lower_dir_dentry); 476 dput(lower_new_dentry); 477 dput(lower_old_dentry); 478 if (!new_dentry->d_inode) 479 d_drop(new_dentry); 480 return rc; 481 } 482 483 static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry) 484 { 485 int rc = 0; 486 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry); 487 struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir); 488 489 lock_parent(lower_dentry); 490 rc = vfs_unlink(lower_dir_inode, lower_dentry); 491 if (rc) { 492 ecryptfs_printk(KERN_ERR, "Error in vfs_unlink\n"); 493 goto out_unlock; 494 } 495 ecryptfs_copy_attr_times(dir, lower_dir_inode); 496 dentry->d_inode->i_nlink = 497 ecryptfs_inode_to_lower(dentry->d_inode)->i_nlink; 498 dentry->d_inode->i_ctime = dir->i_ctime; 499 out_unlock: 500 unlock_parent(lower_dentry); 501 return rc; 502 } 503 504 static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry, 505 const char *symname) 506 { 507 int rc; 508 struct dentry *lower_dentry; 509 struct dentry *lower_dir_dentry; 510 umode_t mode; 511 char *encoded_symname; 512 unsigned int encoded_symlen; 513 struct ecryptfs_crypt_stat *crypt_stat = NULL; 514 515 lower_dentry = ecryptfs_dentry_to_lower(dentry); 516 dget(lower_dentry); 517 lower_dir_dentry = lock_parent(lower_dentry); 518 mode = S_IALLUGO; 519 encoded_symlen = ecryptfs_encode_filename(crypt_stat, symname, 520 strlen(symname), 521 &encoded_symname); 522 if (encoded_symlen < 0) { 523 rc = encoded_symlen; 524 goto out_lock; 525 } 526 rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry, 527 encoded_symname, mode); 528 kfree(encoded_symname); 529 if (rc || !lower_dentry->d_inode) 530 goto out_lock; 531 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0); 532 if (rc) 533 goto out_lock; 534 ecryptfs_copy_attr_timesizes(dir, lower_dir_dentry->d_inode); 535 out_lock: 536 unlock_dir(lower_dir_dentry); 537 dput(lower_dentry); 538 if (!dentry->d_inode) 539 d_drop(dentry); 540 return rc; 541 } 542 543 static int ecryptfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) 544 { 545 int rc; 546 struct dentry *lower_dentry; 547 struct dentry *lower_dir_dentry; 548 549 lower_dentry = ecryptfs_dentry_to_lower(dentry); 550 lower_dir_dentry = lock_parent(lower_dentry); 551 rc = vfs_mkdir(lower_dir_dentry->d_inode, lower_dentry, mode); 552 if (rc || !lower_dentry->d_inode) 553 goto out; 554 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0); 555 if (rc) 556 goto out; 557 ecryptfs_copy_attr_timesizes(dir, lower_dir_dentry->d_inode); 558 dir->i_nlink = lower_dir_dentry->d_inode->i_nlink; 559 out: 560 unlock_dir(lower_dir_dentry); 561 if (!dentry->d_inode) 562 d_drop(dentry); 563 return rc; 564 } 565 566 static int ecryptfs_rmdir(struct inode *dir, struct dentry *dentry) 567 { 568 int rc = 0; 569 struct dentry *tdentry = NULL; 570 struct dentry *lower_dentry; 571 struct dentry *tlower_dentry = NULL; 572 struct dentry *lower_dir_dentry; 573 574 lower_dentry = ecryptfs_dentry_to_lower(dentry); 575 if (!(tdentry = dget(dentry))) { 576 rc = -EINVAL; 577 ecryptfs_printk(KERN_ERR, "Error dget'ing dentry [%p]\n", 578 dentry); 579 goto out; 580 } 581 lower_dir_dentry = lock_parent(lower_dentry); 582 if (!(tlower_dentry = dget(lower_dentry))) { 583 rc = -EINVAL; 584 ecryptfs_printk(KERN_ERR, "Error dget'ing lower_dentry " 585 "[%p]\n", lower_dentry); 586 goto out; 587 } 588 rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry); 589 if (!rc) { 590 d_delete(tlower_dentry); 591 tlower_dentry = NULL; 592 } 593 ecryptfs_copy_attr_times(dir, lower_dir_dentry->d_inode); 594 dir->i_nlink = lower_dir_dentry->d_inode->i_nlink; 595 unlock_dir(lower_dir_dentry); 596 if (!rc) 597 d_drop(dentry); 598 out: 599 if (tdentry) 600 dput(tdentry); 601 if (tlower_dentry) 602 dput(tlower_dentry); 603 return rc; 604 } 605 606 static int 607 ecryptfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) 608 { 609 int rc; 610 struct dentry *lower_dentry; 611 struct dentry *lower_dir_dentry; 612 613 lower_dentry = ecryptfs_dentry_to_lower(dentry); 614 lower_dir_dentry = lock_parent(lower_dentry); 615 rc = vfs_mknod(lower_dir_dentry->d_inode, lower_dentry, mode, dev); 616 if (rc || !lower_dentry->d_inode) 617 goto out; 618 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0); 619 if (rc) 620 goto out; 621 ecryptfs_copy_attr_timesizes(dir, lower_dir_dentry->d_inode); 622 out: 623 unlock_dir(lower_dir_dentry); 624 if (!dentry->d_inode) 625 d_drop(dentry); 626 return rc; 627 } 628 629 static int 630 ecryptfs_rename(struct inode *old_dir, struct dentry *old_dentry, 631 struct inode *new_dir, struct dentry *new_dentry) 632 { 633 int rc; 634 struct dentry *lower_old_dentry; 635 struct dentry *lower_new_dentry; 636 struct dentry *lower_old_dir_dentry; 637 struct dentry *lower_new_dir_dentry; 638 639 lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry); 640 lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry); 641 dget(lower_old_dentry); 642 dget(lower_new_dentry); 643 lower_old_dir_dentry = dget_parent(lower_old_dentry); 644 lower_new_dir_dentry = dget_parent(lower_new_dentry); 645 lock_rename(lower_old_dir_dentry, lower_new_dir_dentry); 646 rc = vfs_rename(lower_old_dir_dentry->d_inode, lower_old_dentry, 647 lower_new_dir_dentry->d_inode, lower_new_dentry); 648 if (rc) 649 goto out_lock; 650 ecryptfs_copy_attr_all(new_dir, lower_new_dir_dentry->d_inode); 651 if (new_dir != old_dir) 652 ecryptfs_copy_attr_all(old_dir, lower_old_dir_dentry->d_inode); 653 out_lock: 654 unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry); 655 dput(lower_new_dentry); 656 dput(lower_old_dentry); 657 return rc; 658 } 659 660 static int 661 ecryptfs_readlink(struct dentry *dentry, char __user * buf, int bufsiz) 662 { 663 int rc; 664 struct dentry *lower_dentry; 665 char *decoded_name; 666 char *lower_buf; 667 mm_segment_t old_fs; 668 struct ecryptfs_crypt_stat *crypt_stat; 669 670 lower_dentry = ecryptfs_dentry_to_lower(dentry); 671 if (!lower_dentry->d_inode->i_op || 672 !lower_dentry->d_inode->i_op->readlink) { 673 rc = -EINVAL; 674 goto out; 675 } 676 /* Released in this function */ 677 lower_buf = kmalloc(bufsiz, GFP_KERNEL); 678 if (lower_buf == NULL) { 679 ecryptfs_printk(KERN_ERR, "Out of memory\n"); 680 rc = -ENOMEM; 681 goto out; 682 } 683 old_fs = get_fs(); 684 set_fs(get_ds()); 685 ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ " 686 "lower_dentry->d_name.name = [%s]\n", 687 lower_dentry->d_name.name); 688 rc = lower_dentry->d_inode->i_op->readlink(lower_dentry, 689 (char __user *)lower_buf, 690 bufsiz); 691 set_fs(old_fs); 692 if (rc >= 0) { 693 crypt_stat = NULL; 694 rc = ecryptfs_decode_filename(crypt_stat, lower_buf, rc, 695 &decoded_name); 696 if (rc == -ENOMEM) 697 goto out_free_lower_buf; 698 if (rc > 0) { 699 ecryptfs_printk(KERN_DEBUG, "Copying [%d] bytes " 700 "to userspace: [%*s]\n", rc, 701 decoded_name); 702 if (copy_to_user(buf, decoded_name, rc)) 703 rc = -EFAULT; 704 } 705 kfree(decoded_name); 706 ecryptfs_copy_attr_atime(dentry->d_inode, 707 lower_dentry->d_inode); 708 } 709 out_free_lower_buf: 710 kfree(lower_buf); 711 out: 712 return rc; 713 } 714 715 static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd) 716 { 717 char *buf; 718 int len = PAGE_SIZE, rc; 719 mm_segment_t old_fs; 720 721 /* Released in ecryptfs_put_link(); only release here on error */ 722 buf = kmalloc(len, GFP_KERNEL); 723 if (!buf) { 724 rc = -ENOMEM; 725 goto out; 726 } 727 old_fs = get_fs(); 728 set_fs(get_ds()); 729 ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ " 730 "dentry->d_name.name = [%s]\n", dentry->d_name.name); 731 rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len); 732 buf[rc] = '\0'; 733 set_fs(old_fs); 734 if (rc < 0) 735 goto out_free; 736 rc = 0; 737 nd_set_link(nd, buf); 738 goto out; 739 out_free: 740 kfree(buf); 741 out: 742 return ERR_PTR(rc); 743 } 744 745 static void 746 ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr) 747 { 748 /* Free the char* */ 749 kfree(nd_get_link(nd)); 750 } 751 752 /** 753 * upper_size_to_lower_size 754 * @crypt_stat: Crypt_stat associated with file 755 * @upper_size: Size of the upper file 756 * 757 * Calculate the requried size of the lower file based on the 758 * specified size of the upper file. This calculation is based on the 759 * number of headers in the underlying file and the extent size. 760 * 761 * Returns Calculated size of the lower file. 762 */ 763 static loff_t 764 upper_size_to_lower_size(struct ecryptfs_crypt_stat *crypt_stat, 765 loff_t upper_size) 766 { 767 loff_t lower_size; 768 769 lower_size = ( crypt_stat->header_extent_size 770 * crypt_stat->num_header_extents_at_front ); 771 if (upper_size != 0) { 772 loff_t num_extents; 773 774 num_extents = upper_size >> crypt_stat->extent_shift; 775 if (upper_size & ~crypt_stat->extent_mask) 776 num_extents++; 777 lower_size += (num_extents * crypt_stat->extent_size); 778 } 779 return lower_size; 780 } 781 782 /** 783 * ecryptfs_truncate 784 * @dentry: The ecryptfs layer dentry 785 * @new_length: The length to expand the file to 786 * 787 * Function to handle truncations modifying the size of the file. Note 788 * that the file sizes are interpolated. When expanding, we are simply 789 * writing strings of 0's out. When truncating, we need to modify the 790 * underlying file size according to the page index interpolations. 791 * 792 * Returns zero on success; non-zero otherwise 793 */ 794 int ecryptfs_truncate(struct dentry *dentry, loff_t new_length) 795 { 796 int rc = 0; 797 struct inode *inode = dentry->d_inode; 798 struct dentry *lower_dentry; 799 struct vfsmount *lower_mnt; 800 struct file fake_ecryptfs_file, *lower_file = NULL; 801 struct ecryptfs_crypt_stat *crypt_stat; 802 loff_t i_size = i_size_read(inode); 803 loff_t lower_size_before_truncate; 804 loff_t lower_size_after_truncate; 805 806 if (unlikely((new_length == i_size))) 807 goto out; 808 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; 809 /* Set up a fake ecryptfs file, this is used to interface with 810 * the file in the underlying filesystem so that the 811 * truncation has an effect there as well. */ 812 memset(&fake_ecryptfs_file, 0, sizeof(fake_ecryptfs_file)); 813 fake_ecryptfs_file.f_dentry = dentry; 814 /* Released at out_free: label */ 815 ecryptfs_set_file_private(&fake_ecryptfs_file, 816 kmem_cache_alloc(ecryptfs_file_info_cache, 817 SLAB_KERNEL)); 818 if (unlikely(!ecryptfs_file_to_private(&fake_ecryptfs_file))) { 819 rc = -ENOMEM; 820 goto out; 821 } 822 lower_dentry = ecryptfs_dentry_to_lower(dentry); 823 /* This dget & mntget is released through fput at out_fput: */ 824 lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); 825 if ((rc = ecryptfs_open_lower_file(&lower_file, lower_dentry, lower_mnt, 826 O_RDWR))) { 827 ecryptfs_printk(KERN_ERR, 828 "Error opening dentry; rc = [%i]\n", rc); 829 goto out_free; 830 } 831 ecryptfs_set_file_lower(&fake_ecryptfs_file, lower_file); 832 /* Switch on growing or shrinking file */ 833 if (new_length > i_size) { 834 rc = ecryptfs_fill_zeros(&fake_ecryptfs_file, new_length); 835 if (rc) { 836 ecryptfs_printk(KERN_ERR, 837 "Problem with fill_zeros\n"); 838 goto out_fput; 839 } 840 i_size_write(inode, new_length); 841 rc = ecryptfs_write_inode_size_to_header(lower_file, 842 lower_dentry->d_inode, 843 inode); 844 if (rc) { 845 ecryptfs_printk(KERN_ERR, 846 "Problem with ecryptfs_write" 847 "_inode_size\n"); 848 goto out_fput; 849 } 850 } else { /* new_length < i_size_read(inode) */ 851 vmtruncate(inode, new_length); 852 ecryptfs_write_inode_size_to_header(lower_file, 853 lower_dentry->d_inode, 854 inode); 855 /* We are reducing the size of the ecryptfs file, and need to 856 * know if we need to reduce the size of the lower file. */ 857 lower_size_before_truncate = 858 upper_size_to_lower_size(crypt_stat, i_size); 859 lower_size_after_truncate = 860 upper_size_to_lower_size(crypt_stat, new_length); 861 if (lower_size_after_truncate < lower_size_before_truncate) 862 vmtruncate(lower_dentry->d_inode, 863 lower_size_after_truncate); 864 } 865 /* Update the access times */ 866 lower_dentry->d_inode->i_mtime = lower_dentry->d_inode->i_ctime 867 = CURRENT_TIME; 868 mark_inode_dirty_sync(inode); 869 out_fput: 870 if ((rc = ecryptfs_close_lower_file(lower_file))) 871 printk(KERN_ERR "Error closing lower_file\n"); 872 out_free: 873 if (ecryptfs_file_to_private(&fake_ecryptfs_file)) 874 kmem_cache_free(ecryptfs_file_info_cache, 875 ecryptfs_file_to_private(&fake_ecryptfs_file)); 876 out: 877 return rc; 878 } 879 880 static int 881 ecryptfs_permission(struct inode *inode, int mask, struct nameidata *nd) 882 { 883 int rc; 884 885 if (nd) { 886 struct vfsmount *vfsmnt_save = nd->mnt; 887 struct dentry *dentry_save = nd->dentry; 888 889 nd->mnt = ecryptfs_dentry_to_lower_mnt(nd->dentry); 890 nd->dentry = ecryptfs_dentry_to_lower(nd->dentry); 891 rc = permission(ecryptfs_inode_to_lower(inode), mask, nd); 892 nd->mnt = vfsmnt_save; 893 nd->dentry = dentry_save; 894 } else 895 rc = permission(ecryptfs_inode_to_lower(inode), mask, NULL); 896 return rc; 897 } 898 899 /** 900 * ecryptfs_setattr 901 * @dentry: dentry handle to the inode to modify 902 * @ia: Structure with flags of what to change and values 903 * 904 * Updates the metadata of an inode. If the update is to the size 905 * i.e. truncation, then ecryptfs_truncate will handle the size modification 906 * of both the ecryptfs inode and the lower inode. 907 * 908 * All other metadata changes will be passed right to the lower filesystem, 909 * and we will just update our inode to look like the lower. 910 */ 911 static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia) 912 { 913 int rc = 0; 914 struct dentry *lower_dentry; 915 struct inode *inode; 916 struct inode *lower_inode; 917 struct ecryptfs_crypt_stat *crypt_stat; 918 919 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; 920 lower_dentry = ecryptfs_dentry_to_lower(dentry); 921 inode = dentry->d_inode; 922 lower_inode = ecryptfs_inode_to_lower(inode); 923 if (ia->ia_valid & ATTR_SIZE) { 924 ecryptfs_printk(KERN_DEBUG, 925 "ia->ia_valid = [0x%x] ATTR_SIZE" " = [0x%x]\n", 926 ia->ia_valid, ATTR_SIZE); 927 rc = ecryptfs_truncate(dentry, ia->ia_size); 928 /* ecryptfs_truncate handles resizing of the lower file */ 929 ia->ia_valid &= ~ATTR_SIZE; 930 ecryptfs_printk(KERN_DEBUG, "ia->ia_valid = [%x]\n", 931 ia->ia_valid); 932 if (rc < 0) 933 goto out; 934 } 935 rc = notify_change(lower_dentry, ia); 936 out: 937 ecryptfs_copy_attr_all(inode, lower_inode); 938 return rc; 939 } 940 941 static int 942 ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value, 943 size_t size, int flags) 944 { 945 int rc = 0; 946 struct dentry *lower_dentry; 947 948 lower_dentry = ecryptfs_dentry_to_lower(dentry); 949 if (!lower_dentry->d_inode->i_op->setxattr) { 950 rc = -ENOSYS; 951 goto out; 952 } 953 mutex_lock(&lower_dentry->d_inode->i_mutex); 954 rc = lower_dentry->d_inode->i_op->setxattr(lower_dentry, name, value, 955 size, flags); 956 mutex_unlock(&lower_dentry->d_inode->i_mutex); 957 out: 958 return rc; 959 } 960 961 static ssize_t 962 ecryptfs_getxattr(struct dentry *dentry, const char *name, void *value, 963 size_t size) 964 { 965 int rc = 0; 966 struct dentry *lower_dentry; 967 968 lower_dentry = ecryptfs_dentry_to_lower(dentry); 969 if (!lower_dentry->d_inode->i_op->getxattr) { 970 rc = -ENOSYS; 971 goto out; 972 } 973 mutex_lock(&lower_dentry->d_inode->i_mutex); 974 rc = lower_dentry->d_inode->i_op->getxattr(lower_dentry, name, value, 975 size); 976 mutex_unlock(&lower_dentry->d_inode->i_mutex); 977 out: 978 return rc; 979 } 980 981 static ssize_t 982 ecryptfs_listxattr(struct dentry *dentry, char *list, size_t size) 983 { 984 int rc = 0; 985 struct dentry *lower_dentry; 986 987 lower_dentry = ecryptfs_dentry_to_lower(dentry); 988 if (!lower_dentry->d_inode->i_op->listxattr) { 989 rc = -ENOSYS; 990 goto out; 991 } 992 mutex_lock(&lower_dentry->d_inode->i_mutex); 993 rc = lower_dentry->d_inode->i_op->listxattr(lower_dentry, list, size); 994 mutex_unlock(&lower_dentry->d_inode->i_mutex); 995 out: 996 return rc; 997 } 998 999 static int ecryptfs_removexattr(struct dentry *dentry, const char *name) 1000 { 1001 int rc = 0; 1002 struct dentry *lower_dentry; 1003 1004 lower_dentry = ecryptfs_dentry_to_lower(dentry); 1005 if (!lower_dentry->d_inode->i_op->removexattr) { 1006 rc = -ENOSYS; 1007 goto out; 1008 } 1009 mutex_lock(&lower_dentry->d_inode->i_mutex); 1010 rc = lower_dentry->d_inode->i_op->removexattr(lower_dentry, name); 1011 mutex_unlock(&lower_dentry->d_inode->i_mutex); 1012 out: 1013 return rc; 1014 } 1015 1016 int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode) 1017 { 1018 if ((ecryptfs_inode_to_lower(inode) 1019 == (struct inode *)candidate_lower_inode)) 1020 return 1; 1021 else 1022 return 0; 1023 } 1024 1025 int ecryptfs_inode_set(struct inode *inode, void *lower_inode) 1026 { 1027 ecryptfs_init_inode(inode, (struct inode *)lower_inode); 1028 return 0; 1029 } 1030 1031 struct inode_operations ecryptfs_symlink_iops = { 1032 .readlink = ecryptfs_readlink, 1033 .follow_link = ecryptfs_follow_link, 1034 .put_link = ecryptfs_put_link, 1035 .permission = ecryptfs_permission, 1036 .setattr = ecryptfs_setattr, 1037 .setxattr = ecryptfs_setxattr, 1038 .getxattr = ecryptfs_getxattr, 1039 .listxattr = ecryptfs_listxattr, 1040 .removexattr = ecryptfs_removexattr 1041 }; 1042 1043 struct inode_operations ecryptfs_dir_iops = { 1044 .create = ecryptfs_create, 1045 .lookup = ecryptfs_lookup, 1046 .link = ecryptfs_link, 1047 .unlink = ecryptfs_unlink, 1048 .symlink = ecryptfs_symlink, 1049 .mkdir = ecryptfs_mkdir, 1050 .rmdir = ecryptfs_rmdir, 1051 .mknod = ecryptfs_mknod, 1052 .rename = ecryptfs_rename, 1053 .permission = ecryptfs_permission, 1054 .setattr = ecryptfs_setattr, 1055 .setxattr = ecryptfs_setxattr, 1056 .getxattr = ecryptfs_getxattr, 1057 .listxattr = ecryptfs_listxattr, 1058 .removexattr = ecryptfs_removexattr 1059 }; 1060 1061 struct inode_operations ecryptfs_main_iops = { 1062 .permission = ecryptfs_permission, 1063 .setattr = ecryptfs_setattr, 1064 .setxattr = ecryptfs_setxattr, 1065 .getxattr = ecryptfs_getxattr, 1066 .listxattr = ecryptfs_listxattr, 1067 .removexattr = ecryptfs_removexattr 1068 }; 1069