1 /** 2 * eCryptfs: Linux filesystem encryption layer 3 * 4 * Copyright (C) 1997-2004 Erez Zadok 5 * Copyright (C) 2001-2004 Stony Brook University 6 * Copyright (C) 2004-2007 International Business Machines Corp. 7 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> 8 * Michael C. Thompsion <mcthomps@us.ibm.com> 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License as 12 * published by the Free Software Foundation; either version 2 of the 13 * License, or (at your option) any later version. 14 * 15 * This program is distributed in the hope that it will be useful, but 16 * WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 * General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program; if not, write to the Free Software 22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 23 * 02111-1307, USA. 24 */ 25 26 #include <linux/file.h> 27 #include <linux/vmalloc.h> 28 #include <linux/pagemap.h> 29 #include <linux/dcache.h> 30 #include <linux/namei.h> 31 #include <linux/mount.h> 32 #include <linux/crypto.h> 33 #include <linux/fs_stack.h> 34 #include "ecryptfs_kernel.h" 35 36 static struct dentry *lock_parent(struct dentry *dentry) 37 { 38 struct dentry *dir; 39 40 dir = dget(dentry->d_parent); 41 mutex_lock_nested(&(dir->d_inode->i_mutex), I_MUTEX_PARENT); 42 return dir; 43 } 44 45 static void unlock_parent(struct dentry *dentry) 46 { 47 mutex_unlock(&(dentry->d_parent->d_inode->i_mutex)); 48 dput(dentry->d_parent); 49 } 50 51 static void unlock_dir(struct dentry *dir) 52 { 53 mutex_unlock(&dir->d_inode->i_mutex); 54 dput(dir); 55 } 56 57 /** 58 * ecryptfs_create_underlying_file 59 * @lower_dir_inode: inode of the parent in the lower fs of the new file 60 * @lower_dentry: New file's dentry in the lower fs 61 * @ecryptfs_dentry: New file's dentry in ecryptfs 62 * @mode: The mode of the new file 63 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount 64 * 65 * Creates the file in the lower file system. 66 * 67 * Returns zero on success; non-zero on error condition 68 */ 69 static int 70 ecryptfs_create_underlying_file(struct inode *lower_dir_inode, 71 struct dentry *dentry, int mode, 72 struct nameidata *nd) 73 { 74 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry); 75 struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); 76 struct dentry *dentry_save; 77 struct vfsmount *vfsmount_save; 78 int rc; 79 80 dentry_save = nd->dentry; 81 vfsmount_save = nd->mnt; 82 nd->dentry = lower_dentry; 83 nd->mnt = lower_mnt; 84 rc = vfs_create(lower_dir_inode, lower_dentry, mode, nd); 85 nd->dentry = dentry_save; 86 nd->mnt = vfsmount_save; 87 return rc; 88 } 89 90 /** 91 * ecryptfs_do_create 92 * @directory_inode: inode of the new file's dentry's parent in ecryptfs 93 * @ecryptfs_dentry: New file's dentry in ecryptfs 94 * @mode: The mode of the new file 95 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount 96 * 97 * Creates the underlying file and the eCryptfs inode which will link to 98 * it. It will also update the eCryptfs directory inode to mimic the 99 * stat of the lower directory inode. 100 * 101 * Returns zero on success; non-zero on error condition 102 */ 103 static int 104 ecryptfs_do_create(struct inode *directory_inode, 105 struct dentry *ecryptfs_dentry, int mode, 106 struct nameidata *nd) 107 { 108 int rc; 109 struct dentry *lower_dentry; 110 struct dentry *lower_dir_dentry; 111 112 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); 113 lower_dir_dentry = lock_parent(lower_dentry); 114 if (unlikely(IS_ERR(lower_dir_dentry))) { 115 ecryptfs_printk(KERN_ERR, "Error locking directory of " 116 "dentry\n"); 117 rc = PTR_ERR(lower_dir_dentry); 118 goto out; 119 } 120 rc = ecryptfs_create_underlying_file(lower_dir_dentry->d_inode, 121 ecryptfs_dentry, mode, nd); 122 if (unlikely(rc)) { 123 ecryptfs_printk(KERN_ERR, 124 "Failure to create underlying file\n"); 125 goto out_lock; 126 } 127 rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry, 128 directory_inode->i_sb, 0); 129 if (rc) { 130 ecryptfs_printk(KERN_ERR, "Failure in ecryptfs_interpose\n"); 131 goto out_lock; 132 } 133 fsstack_copy_attr_times(directory_inode, lower_dir_dentry->d_inode); 134 fsstack_copy_inode_size(directory_inode, lower_dir_dentry->d_inode); 135 out_lock: 136 unlock_dir(lower_dir_dentry); 137 out: 138 return rc; 139 } 140 141 /** 142 * grow_file 143 * @ecryptfs_dentry: the ecryptfs dentry 144 * @lower_file: The lower file 145 * @inode: The ecryptfs inode 146 * @lower_inode: The lower inode 147 * 148 * This is the code which will grow the file to its correct size. 149 */ 150 static int grow_file(struct dentry *ecryptfs_dentry, struct file *lower_file, 151 struct inode *inode, struct inode *lower_inode) 152 { 153 int rc = 0; 154 struct file fake_file; 155 struct ecryptfs_file_info tmp_file_info; 156 157 memset(&fake_file, 0, sizeof(fake_file)); 158 fake_file.f_path.dentry = ecryptfs_dentry; 159 memset(&tmp_file_info, 0, sizeof(tmp_file_info)); 160 ecryptfs_set_file_private(&fake_file, &tmp_file_info); 161 ecryptfs_set_file_lower(&fake_file, lower_file); 162 rc = ecryptfs_fill_zeros(&fake_file, 1); 163 if (rc) { 164 ecryptfs_inode_to_private(inode)->crypt_stat.flags |= 165 ECRYPTFS_SECURITY_WARNING; 166 ecryptfs_printk(KERN_WARNING, "Error attempting to fill zeros " 167 "in file; rc = [%d]\n", rc); 168 goto out; 169 } 170 i_size_write(inode, 0); 171 rc = ecryptfs_write_inode_size_to_metadata(lower_file, lower_inode, 172 inode, ecryptfs_dentry, 173 ECRYPTFS_LOWER_I_MUTEX_NOT_HELD); 174 ecryptfs_inode_to_private(inode)->crypt_stat.flags |= ECRYPTFS_NEW_FILE; 175 out: 176 return rc; 177 } 178 179 /** 180 * ecryptfs_initialize_file 181 * 182 * Cause the file to be changed from a basic empty file to an ecryptfs 183 * file with a header and first data page. 184 * 185 * Returns zero on success 186 */ 187 static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry) 188 { 189 int rc = 0; 190 int lower_flags; 191 struct ecryptfs_crypt_stat *crypt_stat; 192 struct dentry *lower_dentry; 193 struct file *lower_file; 194 struct inode *inode, *lower_inode; 195 struct vfsmount *lower_mnt; 196 197 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); 198 ecryptfs_printk(KERN_DEBUG, "lower_dentry->d_name.name = [%s]\n", 199 lower_dentry->d_name.name); 200 inode = ecryptfs_dentry->d_inode; 201 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; 202 lower_flags = ((O_CREAT | O_TRUNC) & O_ACCMODE) | O_RDWR; 203 lower_mnt = ecryptfs_dentry_to_lower_mnt(ecryptfs_dentry); 204 /* Corresponding fput() at end of this function */ 205 if ((rc = ecryptfs_open_lower_file(&lower_file, lower_dentry, lower_mnt, 206 lower_flags))) { 207 ecryptfs_printk(KERN_ERR, 208 "Error opening dentry; rc = [%i]\n", rc); 209 goto out; 210 } 211 lower_inode = lower_dentry->d_inode; 212 if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) { 213 ecryptfs_printk(KERN_DEBUG, "This is a directory\n"); 214 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED); 215 goto out_fput; 216 } 217 crypt_stat->flags |= ECRYPTFS_NEW_FILE; 218 ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n"); 219 rc = ecryptfs_new_file_context(ecryptfs_dentry); 220 if (rc) { 221 ecryptfs_printk(KERN_DEBUG, "Error creating new file " 222 "context\n"); 223 goto out_fput; 224 } 225 rc = ecryptfs_write_metadata(ecryptfs_dentry, lower_file); 226 if (rc) { 227 ecryptfs_printk(KERN_DEBUG, "Error writing headers\n"); 228 goto out_fput; 229 } 230 rc = grow_file(ecryptfs_dentry, lower_file, inode, lower_inode); 231 out_fput: 232 if ((rc = ecryptfs_close_lower_file(lower_file))) 233 printk(KERN_ERR "Error closing lower_file\n"); 234 out: 235 return rc; 236 } 237 238 /** 239 * ecryptfs_create 240 * @dir: The inode of the directory in which to create the file. 241 * @dentry: The eCryptfs dentry 242 * @mode: The mode of the new file. 243 * @nd: nameidata 244 * 245 * Creates a new file. 246 * 247 * Returns zero on success; non-zero on error condition 248 */ 249 static int 250 ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry, 251 int mode, struct nameidata *nd) 252 { 253 int rc; 254 255 rc = ecryptfs_do_create(directory_inode, ecryptfs_dentry, mode, nd); 256 if (unlikely(rc)) { 257 ecryptfs_printk(KERN_WARNING, "Failed to create file in" 258 "lower filesystem\n"); 259 goto out; 260 } 261 /* At this point, a file exists on "disk"; we need to make sure 262 * that this on disk file is prepared to be an ecryptfs file */ 263 rc = ecryptfs_initialize_file(ecryptfs_dentry); 264 out: 265 return rc; 266 } 267 268 /** 269 * ecryptfs_lookup 270 * @dir: inode 271 * @dentry: The dentry 272 * @nd: nameidata, may be NULL 273 * 274 * Find a file on disk. If the file does not exist, then we'll add it to the 275 * dentry cache and continue on to read it from the disk. 276 */ 277 static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry, 278 struct nameidata *nd) 279 { 280 int rc = 0; 281 struct dentry *lower_dir_dentry; 282 struct dentry *lower_dentry; 283 struct vfsmount *lower_mnt; 284 char *encoded_name; 285 int encoded_namelen; 286 struct ecryptfs_crypt_stat *crypt_stat = NULL; 287 struct ecryptfs_mount_crypt_stat *mount_crypt_stat; 288 char *page_virt = NULL; 289 struct inode *lower_inode; 290 u64 file_size; 291 292 lower_dir_dentry = ecryptfs_dentry_to_lower(dentry->d_parent); 293 dentry->d_op = &ecryptfs_dops; 294 if ((dentry->d_name.len == 1 && !strcmp(dentry->d_name.name, ".")) 295 || (dentry->d_name.len == 2 296 && !strcmp(dentry->d_name.name, ".."))) { 297 d_drop(dentry); 298 goto out; 299 } 300 encoded_namelen = ecryptfs_encode_filename(crypt_stat, 301 dentry->d_name.name, 302 dentry->d_name.len, 303 &encoded_name); 304 if (encoded_namelen < 0) { 305 rc = encoded_namelen; 306 d_drop(dentry); 307 goto out; 308 } 309 ecryptfs_printk(KERN_DEBUG, "encoded_name = [%s]; encoded_namelen " 310 "= [%d]\n", encoded_name, encoded_namelen); 311 lower_dentry = lookup_one_len(encoded_name, lower_dir_dentry, 312 encoded_namelen - 1); 313 kfree(encoded_name); 314 if (IS_ERR(lower_dentry)) { 315 ecryptfs_printk(KERN_ERR, "ERR from lower_dentry\n"); 316 rc = PTR_ERR(lower_dentry); 317 d_drop(dentry); 318 goto out; 319 } 320 lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent)); 321 ecryptfs_printk(KERN_DEBUG, "lower_dentry = [%p]; lower_dentry->" 322 "d_name.name = [%s]\n", lower_dentry, 323 lower_dentry->d_name.name); 324 lower_inode = lower_dentry->d_inode; 325 fsstack_copy_attr_atime(dir, lower_dir_dentry->d_inode); 326 BUG_ON(!atomic_read(&lower_dentry->d_count)); 327 ecryptfs_set_dentry_private(dentry, 328 kmem_cache_alloc(ecryptfs_dentry_info_cache, 329 GFP_KERNEL)); 330 if (!ecryptfs_dentry_to_private(dentry)) { 331 rc = -ENOMEM; 332 ecryptfs_printk(KERN_ERR, "Out of memory whilst attempting " 333 "to allocate ecryptfs_dentry_info struct\n"); 334 goto out_dput; 335 } 336 ecryptfs_set_dentry_lower(dentry, lower_dentry); 337 ecryptfs_set_dentry_lower_mnt(dentry, lower_mnt); 338 if (!lower_dentry->d_inode) { 339 /* We want to add because we couldn't find in lower */ 340 d_add(dentry, NULL); 341 goto out; 342 } 343 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 1); 344 if (rc) { 345 ecryptfs_printk(KERN_ERR, "Error interposing\n"); 346 goto out_dput; 347 } 348 if (S_ISDIR(lower_inode->i_mode)) { 349 ecryptfs_printk(KERN_DEBUG, "Is a directory; returning\n"); 350 goto out; 351 } 352 if (S_ISLNK(lower_inode->i_mode)) { 353 ecryptfs_printk(KERN_DEBUG, "Is a symlink; returning\n"); 354 goto out; 355 } 356 if (!nd) { 357 ecryptfs_printk(KERN_DEBUG, "We have a NULL nd, just leave" 358 "as we *think* we are about to unlink\n"); 359 goto out; 360 } 361 /* Released in this function */ 362 page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2, 363 GFP_USER); 364 if (!page_virt) { 365 rc = -ENOMEM; 366 ecryptfs_printk(KERN_ERR, 367 "Cannot ecryptfs_kmalloc a page\n"); 368 goto out_dput; 369 } 370 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; 371 if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) 372 ecryptfs_set_default_sizes(crypt_stat); 373 rc = ecryptfs_read_and_validate_header_region(page_virt, lower_dentry, 374 nd->mnt); 375 if (rc) { 376 rc = ecryptfs_read_and_validate_xattr_region(page_virt, dentry); 377 if (rc) { 378 printk(KERN_DEBUG "Valid metadata not found in header " 379 "region or xattr region; treating file as " 380 "unencrypted\n"); 381 rc = 0; 382 kmem_cache_free(ecryptfs_header_cache_2, page_virt); 383 goto out; 384 } 385 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; 386 } 387 mount_crypt_stat = &ecryptfs_superblock_to_private( 388 dentry->d_sb)->mount_crypt_stat; 389 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) { 390 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 391 file_size = (crypt_stat->header_extent_size 392 + i_size_read(lower_dentry->d_inode)); 393 else 394 file_size = i_size_read(lower_dentry->d_inode); 395 } else { 396 memcpy(&file_size, page_virt, sizeof(file_size)); 397 file_size = be64_to_cpu(file_size); 398 } 399 i_size_write(dentry->d_inode, (loff_t)file_size); 400 kmem_cache_free(ecryptfs_header_cache_2, page_virt); 401 goto out; 402 403 out_dput: 404 dput(lower_dentry); 405 d_drop(dentry); 406 out: 407 return ERR_PTR(rc); 408 } 409 410 static int ecryptfs_link(struct dentry *old_dentry, struct inode *dir, 411 struct dentry *new_dentry) 412 { 413 struct dentry *lower_old_dentry; 414 struct dentry *lower_new_dentry; 415 struct dentry *lower_dir_dentry; 416 u64 file_size_save; 417 int rc; 418 419 file_size_save = i_size_read(old_dentry->d_inode); 420 lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry); 421 lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry); 422 dget(lower_old_dentry); 423 dget(lower_new_dentry); 424 lower_dir_dentry = lock_parent(lower_new_dentry); 425 rc = vfs_link(lower_old_dentry, lower_dir_dentry->d_inode, 426 lower_new_dentry); 427 if (rc || !lower_new_dentry->d_inode) 428 goto out_lock; 429 rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb, 0); 430 if (rc) 431 goto out_lock; 432 fsstack_copy_attr_times(dir, lower_new_dentry->d_inode); 433 fsstack_copy_inode_size(dir, lower_new_dentry->d_inode); 434 old_dentry->d_inode->i_nlink = 435 ecryptfs_inode_to_lower(old_dentry->d_inode)->i_nlink; 436 i_size_write(new_dentry->d_inode, file_size_save); 437 out_lock: 438 unlock_dir(lower_dir_dentry); 439 dput(lower_new_dentry); 440 dput(lower_old_dentry); 441 d_drop(lower_old_dentry); 442 d_drop(new_dentry); 443 d_drop(old_dentry); 444 return rc; 445 } 446 447 static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry) 448 { 449 int rc = 0; 450 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry); 451 struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir); 452 453 lock_parent(lower_dentry); 454 rc = vfs_unlink(lower_dir_inode, lower_dentry); 455 if (rc) { 456 printk(KERN_ERR "Error in vfs_unlink; rc = [%d]\n", rc); 457 goto out_unlock; 458 } 459 fsstack_copy_attr_times(dir, lower_dir_inode); 460 dentry->d_inode->i_nlink = 461 ecryptfs_inode_to_lower(dentry->d_inode)->i_nlink; 462 dentry->d_inode->i_ctime = dir->i_ctime; 463 out_unlock: 464 unlock_parent(lower_dentry); 465 return rc; 466 } 467 468 static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry, 469 const char *symname) 470 { 471 int rc; 472 struct dentry *lower_dentry; 473 struct dentry *lower_dir_dentry; 474 umode_t mode; 475 char *encoded_symname; 476 int encoded_symlen; 477 struct ecryptfs_crypt_stat *crypt_stat = NULL; 478 479 lower_dentry = ecryptfs_dentry_to_lower(dentry); 480 dget(lower_dentry); 481 lower_dir_dentry = lock_parent(lower_dentry); 482 mode = S_IALLUGO; 483 encoded_symlen = ecryptfs_encode_filename(crypt_stat, symname, 484 strlen(symname), 485 &encoded_symname); 486 if (encoded_symlen < 0) { 487 rc = encoded_symlen; 488 goto out_lock; 489 } 490 rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry, 491 encoded_symname, mode); 492 kfree(encoded_symname); 493 if (rc || !lower_dentry->d_inode) 494 goto out_lock; 495 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0); 496 if (rc) 497 goto out_lock; 498 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode); 499 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode); 500 out_lock: 501 unlock_dir(lower_dir_dentry); 502 dput(lower_dentry); 503 if (!dentry->d_inode) 504 d_drop(dentry); 505 return rc; 506 } 507 508 static int ecryptfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) 509 { 510 int rc; 511 struct dentry *lower_dentry; 512 struct dentry *lower_dir_dentry; 513 514 lower_dentry = ecryptfs_dentry_to_lower(dentry); 515 lower_dir_dentry = lock_parent(lower_dentry); 516 rc = vfs_mkdir(lower_dir_dentry->d_inode, lower_dentry, mode); 517 if (rc || !lower_dentry->d_inode) 518 goto out; 519 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0); 520 if (rc) 521 goto out; 522 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode); 523 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode); 524 dir->i_nlink = lower_dir_dentry->d_inode->i_nlink; 525 out: 526 unlock_dir(lower_dir_dentry); 527 if (!dentry->d_inode) 528 d_drop(dentry); 529 return rc; 530 } 531 532 static int ecryptfs_rmdir(struct inode *dir, struct dentry *dentry) 533 { 534 struct dentry *lower_dentry; 535 struct dentry *lower_dir_dentry; 536 int rc; 537 538 lower_dentry = ecryptfs_dentry_to_lower(dentry); 539 dget(dentry); 540 lower_dir_dentry = lock_parent(lower_dentry); 541 dget(lower_dentry); 542 rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry); 543 dput(lower_dentry); 544 if (!rc) 545 d_delete(lower_dentry); 546 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode); 547 dir->i_nlink = lower_dir_dentry->d_inode->i_nlink; 548 unlock_dir(lower_dir_dentry); 549 if (!rc) 550 d_drop(dentry); 551 dput(dentry); 552 return rc; 553 } 554 555 static int 556 ecryptfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) 557 { 558 int rc; 559 struct dentry *lower_dentry; 560 struct dentry *lower_dir_dentry; 561 562 lower_dentry = ecryptfs_dentry_to_lower(dentry); 563 lower_dir_dentry = lock_parent(lower_dentry); 564 rc = vfs_mknod(lower_dir_dentry->d_inode, lower_dentry, mode, dev); 565 if (rc || !lower_dentry->d_inode) 566 goto out; 567 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0); 568 if (rc) 569 goto out; 570 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode); 571 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode); 572 out: 573 unlock_dir(lower_dir_dentry); 574 if (!dentry->d_inode) 575 d_drop(dentry); 576 return rc; 577 } 578 579 static int 580 ecryptfs_rename(struct inode *old_dir, struct dentry *old_dentry, 581 struct inode *new_dir, struct dentry *new_dentry) 582 { 583 int rc; 584 struct dentry *lower_old_dentry; 585 struct dentry *lower_new_dentry; 586 struct dentry *lower_old_dir_dentry; 587 struct dentry *lower_new_dir_dentry; 588 589 lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry); 590 lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry); 591 dget(lower_old_dentry); 592 dget(lower_new_dentry); 593 lower_old_dir_dentry = dget_parent(lower_old_dentry); 594 lower_new_dir_dentry = dget_parent(lower_new_dentry); 595 lock_rename(lower_old_dir_dentry, lower_new_dir_dentry); 596 rc = vfs_rename(lower_old_dir_dentry->d_inode, lower_old_dentry, 597 lower_new_dir_dentry->d_inode, lower_new_dentry); 598 if (rc) 599 goto out_lock; 600 fsstack_copy_attr_all(new_dir, lower_new_dir_dentry->d_inode, NULL); 601 if (new_dir != old_dir) 602 fsstack_copy_attr_all(old_dir, lower_old_dir_dentry->d_inode, NULL); 603 out_lock: 604 unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry); 605 dput(lower_new_dentry->d_parent); 606 dput(lower_old_dentry->d_parent); 607 dput(lower_new_dentry); 608 dput(lower_old_dentry); 609 return rc; 610 } 611 612 static int 613 ecryptfs_readlink(struct dentry *dentry, char __user * buf, int bufsiz) 614 { 615 int rc; 616 struct dentry *lower_dentry; 617 char *decoded_name; 618 char *lower_buf; 619 mm_segment_t old_fs; 620 struct ecryptfs_crypt_stat *crypt_stat; 621 622 lower_dentry = ecryptfs_dentry_to_lower(dentry); 623 if (!lower_dentry->d_inode->i_op || 624 !lower_dentry->d_inode->i_op->readlink) { 625 rc = -EINVAL; 626 goto out; 627 } 628 /* Released in this function */ 629 lower_buf = kmalloc(bufsiz, GFP_KERNEL); 630 if (lower_buf == NULL) { 631 ecryptfs_printk(KERN_ERR, "Out of memory\n"); 632 rc = -ENOMEM; 633 goto out; 634 } 635 old_fs = get_fs(); 636 set_fs(get_ds()); 637 ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ " 638 "lower_dentry->d_name.name = [%s]\n", 639 lower_dentry->d_name.name); 640 rc = lower_dentry->d_inode->i_op->readlink(lower_dentry, 641 (char __user *)lower_buf, 642 bufsiz); 643 set_fs(old_fs); 644 if (rc >= 0) { 645 crypt_stat = NULL; 646 rc = ecryptfs_decode_filename(crypt_stat, lower_buf, rc, 647 &decoded_name); 648 if (rc == -ENOMEM) 649 goto out_free_lower_buf; 650 if (rc > 0) { 651 ecryptfs_printk(KERN_DEBUG, "Copying [%d] bytes " 652 "to userspace: [%*s]\n", rc, 653 decoded_name); 654 if (copy_to_user(buf, decoded_name, rc)) 655 rc = -EFAULT; 656 } 657 kfree(decoded_name); 658 fsstack_copy_attr_atime(dentry->d_inode, 659 lower_dentry->d_inode); 660 } 661 out_free_lower_buf: 662 kfree(lower_buf); 663 out: 664 return rc; 665 } 666 667 static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd) 668 { 669 char *buf; 670 int len = PAGE_SIZE, rc; 671 mm_segment_t old_fs; 672 673 /* Released in ecryptfs_put_link(); only release here on error */ 674 buf = kmalloc(len, GFP_KERNEL); 675 if (!buf) { 676 rc = -ENOMEM; 677 goto out; 678 } 679 old_fs = get_fs(); 680 set_fs(get_ds()); 681 ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ " 682 "dentry->d_name.name = [%s]\n", dentry->d_name.name); 683 rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len); 684 buf[rc] = '\0'; 685 set_fs(old_fs); 686 if (rc < 0) 687 goto out_free; 688 rc = 0; 689 nd_set_link(nd, buf); 690 goto out; 691 out_free: 692 kfree(buf); 693 out: 694 return ERR_PTR(rc); 695 } 696 697 static void 698 ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr) 699 { 700 /* Free the char* */ 701 kfree(nd_get_link(nd)); 702 } 703 704 /** 705 * upper_size_to_lower_size 706 * @crypt_stat: Crypt_stat associated with file 707 * @upper_size: Size of the upper file 708 * 709 * Calculate the requried size of the lower file based on the 710 * specified size of the upper file. This calculation is based on the 711 * number of headers in the underlying file and the extent size. 712 * 713 * Returns Calculated size of the lower file. 714 */ 715 static loff_t 716 upper_size_to_lower_size(struct ecryptfs_crypt_stat *crypt_stat, 717 loff_t upper_size) 718 { 719 loff_t lower_size; 720 721 lower_size = ( crypt_stat->header_extent_size 722 * crypt_stat->num_header_extents_at_front ); 723 if (upper_size != 0) { 724 loff_t num_extents; 725 726 num_extents = upper_size >> crypt_stat->extent_shift; 727 if (upper_size & ~crypt_stat->extent_mask) 728 num_extents++; 729 lower_size += (num_extents * crypt_stat->extent_size); 730 } 731 return lower_size; 732 } 733 734 /** 735 * ecryptfs_truncate 736 * @dentry: The ecryptfs layer dentry 737 * @new_length: The length to expand the file to 738 * 739 * Function to handle truncations modifying the size of the file. Note 740 * that the file sizes are interpolated. When expanding, we are simply 741 * writing strings of 0's out. When truncating, we need to modify the 742 * underlying file size according to the page index interpolations. 743 * 744 * Returns zero on success; non-zero otherwise 745 */ 746 int ecryptfs_truncate(struct dentry *dentry, loff_t new_length) 747 { 748 int rc = 0; 749 struct inode *inode = dentry->d_inode; 750 struct dentry *lower_dentry; 751 struct vfsmount *lower_mnt; 752 struct file fake_ecryptfs_file, *lower_file = NULL; 753 struct ecryptfs_crypt_stat *crypt_stat; 754 loff_t i_size = i_size_read(inode); 755 loff_t lower_size_before_truncate; 756 loff_t lower_size_after_truncate; 757 758 if (unlikely((new_length == i_size))) 759 goto out; 760 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; 761 /* Set up a fake ecryptfs file, this is used to interface with 762 * the file in the underlying filesystem so that the 763 * truncation has an effect there as well. */ 764 memset(&fake_ecryptfs_file, 0, sizeof(fake_ecryptfs_file)); 765 fake_ecryptfs_file.f_path.dentry = dentry; 766 /* Released at out_free: label */ 767 ecryptfs_set_file_private(&fake_ecryptfs_file, 768 kmem_cache_alloc(ecryptfs_file_info_cache, 769 GFP_KERNEL)); 770 if (unlikely(!ecryptfs_file_to_private(&fake_ecryptfs_file))) { 771 rc = -ENOMEM; 772 goto out; 773 } 774 lower_dentry = ecryptfs_dentry_to_lower(dentry); 775 /* This dget & mntget is released through fput at out_fput: */ 776 lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); 777 if ((rc = ecryptfs_open_lower_file(&lower_file, lower_dentry, lower_mnt, 778 O_RDWR))) { 779 ecryptfs_printk(KERN_ERR, 780 "Error opening dentry; rc = [%i]\n", rc); 781 goto out_free; 782 } 783 ecryptfs_set_file_lower(&fake_ecryptfs_file, lower_file); 784 /* Switch on growing or shrinking file */ 785 if (new_length > i_size) { 786 rc = ecryptfs_fill_zeros(&fake_ecryptfs_file, new_length); 787 if (rc) { 788 ecryptfs_printk(KERN_ERR, 789 "Problem with fill_zeros\n"); 790 goto out_fput; 791 } 792 i_size_write(inode, new_length); 793 rc = ecryptfs_write_inode_size_to_metadata( 794 lower_file, lower_dentry->d_inode, inode, dentry, 795 ECRYPTFS_LOWER_I_MUTEX_NOT_HELD); 796 if (rc) { 797 printk(KERN_ERR "Problem with " 798 "ecryptfs_write_inode_size_to_metadata; " 799 "rc = [%d]\n", rc); 800 goto out_fput; 801 } 802 } else { /* new_length < i_size_read(inode) */ 803 pgoff_t index = 0; 804 int end_pos_in_page = -1; 805 806 if (new_length != 0) { 807 index = ((new_length - 1) >> PAGE_CACHE_SHIFT); 808 end_pos_in_page = ((new_length - 1) & ~PAGE_CACHE_MASK); 809 } 810 if (end_pos_in_page != (PAGE_CACHE_SIZE - 1)) { 811 if ((rc = ecryptfs_write_zeros(&fake_ecryptfs_file, 812 index, 813 (end_pos_in_page + 1), 814 ((PAGE_CACHE_SIZE - 1) 815 - end_pos_in_page)))) { 816 printk(KERN_ERR "Error attempting to zero out " 817 "the remainder of the end page on " 818 "reducing truncate; rc = [%d]\n", rc); 819 goto out_fput; 820 } 821 } 822 vmtruncate(inode, new_length); 823 rc = ecryptfs_write_inode_size_to_metadata( 824 lower_file, lower_dentry->d_inode, inode, dentry, 825 ECRYPTFS_LOWER_I_MUTEX_NOT_HELD); 826 if (rc) { 827 printk(KERN_ERR "Problem with " 828 "ecryptfs_write_inode_size_to_metadata; " 829 "rc = [%d]\n", rc); 830 goto out_fput; 831 } 832 /* We are reducing the size of the ecryptfs file, and need to 833 * know if we need to reduce the size of the lower file. */ 834 lower_size_before_truncate = 835 upper_size_to_lower_size(crypt_stat, i_size); 836 lower_size_after_truncate = 837 upper_size_to_lower_size(crypt_stat, new_length); 838 if (lower_size_after_truncate < lower_size_before_truncate) 839 vmtruncate(lower_dentry->d_inode, 840 lower_size_after_truncate); 841 } 842 /* Update the access times */ 843 lower_dentry->d_inode->i_mtime = lower_dentry->d_inode->i_ctime 844 = CURRENT_TIME; 845 mark_inode_dirty_sync(inode); 846 out_fput: 847 if ((rc = ecryptfs_close_lower_file(lower_file))) 848 printk(KERN_ERR "Error closing lower_file\n"); 849 out_free: 850 if (ecryptfs_file_to_private(&fake_ecryptfs_file)) 851 kmem_cache_free(ecryptfs_file_info_cache, 852 ecryptfs_file_to_private(&fake_ecryptfs_file)); 853 out: 854 return rc; 855 } 856 857 static int 858 ecryptfs_permission(struct inode *inode, int mask, struct nameidata *nd) 859 { 860 int rc; 861 862 if (nd) { 863 struct vfsmount *vfsmnt_save = nd->mnt; 864 struct dentry *dentry_save = nd->dentry; 865 866 nd->mnt = ecryptfs_dentry_to_lower_mnt(nd->dentry); 867 nd->dentry = ecryptfs_dentry_to_lower(nd->dentry); 868 rc = permission(ecryptfs_inode_to_lower(inode), mask, nd); 869 nd->mnt = vfsmnt_save; 870 nd->dentry = dentry_save; 871 } else 872 rc = permission(ecryptfs_inode_to_lower(inode), mask, NULL); 873 return rc; 874 } 875 876 /** 877 * ecryptfs_setattr 878 * @dentry: dentry handle to the inode to modify 879 * @ia: Structure with flags of what to change and values 880 * 881 * Updates the metadata of an inode. If the update is to the size 882 * i.e. truncation, then ecryptfs_truncate will handle the size modification 883 * of both the ecryptfs inode and the lower inode. 884 * 885 * All other metadata changes will be passed right to the lower filesystem, 886 * and we will just update our inode to look like the lower. 887 */ 888 static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia) 889 { 890 int rc = 0; 891 struct dentry *lower_dentry; 892 struct inode *inode; 893 struct inode *lower_inode; 894 struct ecryptfs_crypt_stat *crypt_stat; 895 896 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; 897 if (!(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED)) 898 ecryptfs_init_crypt_stat(crypt_stat); 899 inode = dentry->d_inode; 900 lower_inode = ecryptfs_inode_to_lower(inode); 901 lower_dentry = ecryptfs_dentry_to_lower(dentry); 902 mutex_lock(&crypt_stat->cs_mutex); 903 if (S_ISDIR(dentry->d_inode->i_mode)) 904 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED); 905 else if (S_ISREG(dentry->d_inode->i_mode) 906 && (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED) 907 || !(crypt_stat->flags & ECRYPTFS_KEY_VALID))) { 908 struct vfsmount *lower_mnt; 909 struct file *lower_file = NULL; 910 struct ecryptfs_mount_crypt_stat *mount_crypt_stat; 911 int lower_flags; 912 913 lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); 914 lower_flags = O_RDONLY; 915 if ((rc = ecryptfs_open_lower_file(&lower_file, lower_dentry, 916 lower_mnt, lower_flags))) { 917 printk(KERN_ERR 918 "Error opening lower file; rc = [%d]\n", rc); 919 mutex_unlock(&crypt_stat->cs_mutex); 920 goto out; 921 } 922 mount_crypt_stat = &ecryptfs_superblock_to_private( 923 dentry->d_sb)->mount_crypt_stat; 924 if ((rc = ecryptfs_read_metadata(dentry, lower_file))) { 925 if (!(mount_crypt_stat->flags 926 & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) { 927 rc = -EIO; 928 printk(KERN_WARNING "Attempt to read file that " 929 "is not in a valid eCryptfs format, " 930 "and plaintext passthrough mode is not " 931 "enabled; returning -EIO\n"); 932 933 mutex_unlock(&crypt_stat->cs_mutex); 934 fput(lower_file); 935 goto out; 936 } 937 rc = 0; 938 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED); 939 mutex_unlock(&crypt_stat->cs_mutex); 940 fput(lower_file); 941 goto out; 942 } 943 fput(lower_file); 944 } 945 mutex_unlock(&crypt_stat->cs_mutex); 946 if (ia->ia_valid & ATTR_SIZE) { 947 ecryptfs_printk(KERN_DEBUG, 948 "ia->ia_valid = [0x%x] ATTR_SIZE" " = [0x%x]\n", 949 ia->ia_valid, ATTR_SIZE); 950 rc = ecryptfs_truncate(dentry, ia->ia_size); 951 /* ecryptfs_truncate handles resizing of the lower file */ 952 ia->ia_valid &= ~ATTR_SIZE; 953 ecryptfs_printk(KERN_DEBUG, "ia->ia_valid = [%x]\n", 954 ia->ia_valid); 955 if (rc < 0) 956 goto out; 957 } 958 rc = notify_change(lower_dentry, ia); 959 out: 960 fsstack_copy_attr_all(inode, lower_inode, NULL); 961 return rc; 962 } 963 964 int 965 ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value, 966 size_t size, int flags) 967 { 968 int rc = 0; 969 struct dentry *lower_dentry; 970 971 lower_dentry = ecryptfs_dentry_to_lower(dentry); 972 if (!lower_dentry->d_inode->i_op->setxattr) { 973 rc = -ENOSYS; 974 goto out; 975 } 976 mutex_lock(&lower_dentry->d_inode->i_mutex); 977 rc = lower_dentry->d_inode->i_op->setxattr(lower_dentry, name, value, 978 size, flags); 979 mutex_unlock(&lower_dentry->d_inode->i_mutex); 980 out: 981 return rc; 982 } 983 984 ssize_t 985 ecryptfs_getxattr(struct dentry *dentry, const char *name, void *value, 986 size_t size) 987 { 988 int rc = 0; 989 struct dentry *lower_dentry; 990 991 lower_dentry = ecryptfs_dentry_to_lower(dentry); 992 if (!lower_dentry->d_inode->i_op->getxattr) { 993 rc = -ENOSYS; 994 goto out; 995 } 996 mutex_lock(&lower_dentry->d_inode->i_mutex); 997 rc = lower_dentry->d_inode->i_op->getxattr(lower_dentry, name, value, 998 size); 999 mutex_unlock(&lower_dentry->d_inode->i_mutex); 1000 out: 1001 return rc; 1002 } 1003 1004 static ssize_t 1005 ecryptfs_listxattr(struct dentry *dentry, char *list, size_t size) 1006 { 1007 int rc = 0; 1008 struct dentry *lower_dentry; 1009 1010 lower_dentry = ecryptfs_dentry_to_lower(dentry); 1011 if (!lower_dentry->d_inode->i_op->listxattr) { 1012 rc = -ENOSYS; 1013 goto out; 1014 } 1015 mutex_lock(&lower_dentry->d_inode->i_mutex); 1016 rc = lower_dentry->d_inode->i_op->listxattr(lower_dentry, list, size); 1017 mutex_unlock(&lower_dentry->d_inode->i_mutex); 1018 out: 1019 return rc; 1020 } 1021 1022 static int ecryptfs_removexattr(struct dentry *dentry, const char *name) 1023 { 1024 int rc = 0; 1025 struct dentry *lower_dentry; 1026 1027 lower_dentry = ecryptfs_dentry_to_lower(dentry); 1028 if (!lower_dentry->d_inode->i_op->removexattr) { 1029 rc = -ENOSYS; 1030 goto out; 1031 } 1032 mutex_lock(&lower_dentry->d_inode->i_mutex); 1033 rc = lower_dentry->d_inode->i_op->removexattr(lower_dentry, name); 1034 mutex_unlock(&lower_dentry->d_inode->i_mutex); 1035 out: 1036 return rc; 1037 } 1038 1039 int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode) 1040 { 1041 if ((ecryptfs_inode_to_lower(inode) 1042 == (struct inode *)candidate_lower_inode)) 1043 return 1; 1044 else 1045 return 0; 1046 } 1047 1048 int ecryptfs_inode_set(struct inode *inode, void *lower_inode) 1049 { 1050 ecryptfs_init_inode(inode, (struct inode *)lower_inode); 1051 return 0; 1052 } 1053 1054 const struct inode_operations ecryptfs_symlink_iops = { 1055 .readlink = ecryptfs_readlink, 1056 .follow_link = ecryptfs_follow_link, 1057 .put_link = ecryptfs_put_link, 1058 .permission = ecryptfs_permission, 1059 .setattr = ecryptfs_setattr, 1060 .setxattr = ecryptfs_setxattr, 1061 .getxattr = ecryptfs_getxattr, 1062 .listxattr = ecryptfs_listxattr, 1063 .removexattr = ecryptfs_removexattr 1064 }; 1065 1066 const struct inode_operations ecryptfs_dir_iops = { 1067 .create = ecryptfs_create, 1068 .lookup = ecryptfs_lookup, 1069 .link = ecryptfs_link, 1070 .unlink = ecryptfs_unlink, 1071 .symlink = ecryptfs_symlink, 1072 .mkdir = ecryptfs_mkdir, 1073 .rmdir = ecryptfs_rmdir, 1074 .mknod = ecryptfs_mknod, 1075 .rename = ecryptfs_rename, 1076 .permission = ecryptfs_permission, 1077 .setattr = ecryptfs_setattr, 1078 .setxattr = ecryptfs_setxattr, 1079 .getxattr = ecryptfs_getxattr, 1080 .listxattr = ecryptfs_listxattr, 1081 .removexattr = ecryptfs_removexattr 1082 }; 1083 1084 const struct inode_operations ecryptfs_main_iops = { 1085 .permission = ecryptfs_permission, 1086 .setattr = ecryptfs_setattr, 1087 .setxattr = ecryptfs_setxattr, 1088 .getxattr = ecryptfs_getxattr, 1089 .listxattr = ecryptfs_listxattr, 1090 .removexattr = ecryptfs_removexattr 1091 }; 1092