1 /** 2 * eCryptfs: Linux filesystem encryption layer 3 * 4 * Copyright (C) 2004-2008 International Business Machines Corp. 5 * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> 6 * Tyler Hicks <tyhicks@ou.edu> 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License version 10 * 2 as published by the Free Software Foundation. 11 * 12 * This program is distributed in the hope that it will be useful, but 13 * WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 20 * 02111-1307, USA. 21 */ 22 #include <linux/sched.h> 23 #include <linux/user_namespace.h> 24 #include <linux/nsproxy.h> 25 #include "ecryptfs_kernel.h" 26 27 static LIST_HEAD(ecryptfs_msg_ctx_free_list); 28 static LIST_HEAD(ecryptfs_msg_ctx_alloc_list); 29 static struct mutex ecryptfs_msg_ctx_lists_mux; 30 31 static struct hlist_head *ecryptfs_daemon_hash; 32 struct mutex ecryptfs_daemon_hash_mux; 33 static int ecryptfs_hash_buckets; 34 #define ecryptfs_uid_hash(uid) \ 35 hash_long((unsigned long)uid, ecryptfs_hash_buckets) 36 37 static u32 ecryptfs_msg_counter; 38 static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr; 39 40 /** 41 * ecryptfs_acquire_free_msg_ctx 42 * @msg_ctx: The context that was acquired from the free list 43 * 44 * Acquires a context element from the free list and locks the mutex 45 * on the context. Sets the msg_ctx task to current. Returns zero on 46 * success; non-zero on error or upon failure to acquire a free 47 * context element. Must be called with ecryptfs_msg_ctx_lists_mux 48 * held. 49 */ 50 static int ecryptfs_acquire_free_msg_ctx(struct ecryptfs_msg_ctx **msg_ctx) 51 { 52 struct list_head *p; 53 int rc; 54 55 if (list_empty(&ecryptfs_msg_ctx_free_list)) { 56 printk(KERN_WARNING "%s: The eCryptfs free " 57 "context list is empty. It may be helpful to " 58 "specify the ecryptfs_message_buf_len " 59 "parameter to be greater than the current " 60 "value of [%d]\n", __func__, ecryptfs_message_buf_len); 61 rc = -ENOMEM; 62 goto out; 63 } 64 list_for_each(p, &ecryptfs_msg_ctx_free_list) { 65 *msg_ctx = list_entry(p, struct ecryptfs_msg_ctx, node); 66 if (mutex_trylock(&(*msg_ctx)->mux)) { 67 (*msg_ctx)->task = current; 68 rc = 0; 69 goto out; 70 } 71 } 72 rc = -ENOMEM; 73 out: 74 return rc; 75 } 76 77 /** 78 * ecryptfs_msg_ctx_free_to_alloc 79 * @msg_ctx: The context to move from the free list to the alloc list 80 * 81 * Must be called with ecryptfs_msg_ctx_lists_mux held. 82 */ 83 static void ecryptfs_msg_ctx_free_to_alloc(struct ecryptfs_msg_ctx *msg_ctx) 84 { 85 list_move(&msg_ctx->node, &ecryptfs_msg_ctx_alloc_list); 86 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_PENDING; 87 msg_ctx->counter = ++ecryptfs_msg_counter; 88 } 89 90 /** 91 * ecryptfs_msg_ctx_alloc_to_free 92 * @msg_ctx: The context to move from the alloc list to the free list 93 * 94 * Must be called with ecryptfs_msg_ctx_lists_mux held. 95 */ 96 void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx) 97 { 98 list_move(&(msg_ctx->node), &ecryptfs_msg_ctx_free_list); 99 if (msg_ctx->msg) 100 kfree(msg_ctx->msg); 101 msg_ctx->msg = NULL; 102 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_FREE; 103 } 104 105 /** 106 * ecryptfs_find_daemon_by_euid 107 * @euid: The effective user id which maps to the desired daemon id 108 * @user_ns: The namespace in which @euid applies 109 * @daemon: If return value is zero, points to the desired daemon pointer 110 * 111 * Must be called with ecryptfs_daemon_hash_mux held. 112 * 113 * Search the hash list for the given user id. 114 * 115 * Returns zero if the user id exists in the list; non-zero otherwise. 116 */ 117 int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon, uid_t euid, 118 struct user_namespace *user_ns) 119 { 120 struct hlist_node *elem; 121 int rc; 122 123 hlist_for_each_entry(*daemon, elem, 124 &ecryptfs_daemon_hash[ecryptfs_uid_hash(euid)], 125 euid_chain) { 126 if ((*daemon)->euid == euid && (*daemon)->user_ns == user_ns) { 127 rc = 0; 128 goto out; 129 } 130 } 131 rc = -EINVAL; 132 out: 133 return rc; 134 } 135 136 /** 137 * ecryptfs_spawn_daemon - Create and initialize a new daemon struct 138 * @daemon: Pointer to set to newly allocated daemon struct 139 * @euid: Effective user id for the daemon 140 * @user_ns: The namespace in which @euid applies 141 * @pid: Process id for the daemon 142 * 143 * Must be called ceremoniously while in possession of 144 * ecryptfs_sacred_daemon_hash_mux 145 * 146 * Returns zero on success; non-zero otherwise 147 */ 148 int 149 ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, uid_t euid, 150 struct user_namespace *user_ns, struct pid *pid) 151 { 152 int rc = 0; 153 154 (*daemon) = kzalloc(sizeof(**daemon), GFP_KERNEL); 155 if (!(*daemon)) { 156 rc = -ENOMEM; 157 printk(KERN_ERR "%s: Failed to allocate [%zd] bytes of " 158 "GFP_KERNEL memory\n", __func__, sizeof(**daemon)); 159 goto out; 160 } 161 (*daemon)->euid = euid; 162 (*daemon)->user_ns = get_user_ns(user_ns); 163 (*daemon)->pid = get_pid(pid); 164 (*daemon)->task = current; 165 mutex_init(&(*daemon)->mux); 166 INIT_LIST_HEAD(&(*daemon)->msg_ctx_out_queue); 167 init_waitqueue_head(&(*daemon)->wait); 168 (*daemon)->num_queued_msg_ctx = 0; 169 hlist_add_head(&(*daemon)->euid_chain, 170 &ecryptfs_daemon_hash[ecryptfs_uid_hash(euid)]); 171 out: 172 return rc; 173 } 174 175 /** 176 * ecryptfs_exorcise_daemon - Destroy the daemon struct 177 * 178 * Must be called ceremoniously while in possession of 179 * ecryptfs_daemon_hash_mux and the daemon's own mux. 180 */ 181 int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon) 182 { 183 struct ecryptfs_msg_ctx *msg_ctx, *msg_ctx_tmp; 184 int rc = 0; 185 186 mutex_lock(&daemon->mux); 187 if ((daemon->flags & ECRYPTFS_DAEMON_IN_READ) 188 || (daemon->flags & ECRYPTFS_DAEMON_IN_POLL)) { 189 rc = -EBUSY; 190 printk(KERN_WARNING "%s: Attempt to destroy daemon with pid " 191 "[0x%p], but it is in the midst of a read or a poll\n", 192 __func__, daemon->pid); 193 mutex_unlock(&daemon->mux); 194 goto out; 195 } 196 list_for_each_entry_safe(msg_ctx, msg_ctx_tmp, 197 &daemon->msg_ctx_out_queue, daemon_out_list) { 198 list_del(&msg_ctx->daemon_out_list); 199 daemon->num_queued_msg_ctx--; 200 printk(KERN_WARNING "%s: Warning: dropping message that is in " 201 "the out queue of a dying daemon\n", __func__); 202 ecryptfs_msg_ctx_alloc_to_free(msg_ctx); 203 } 204 hlist_del(&daemon->euid_chain); 205 if (daemon->task) 206 wake_up_process(daemon->task); 207 if (daemon->pid) 208 put_pid(daemon->pid); 209 if (daemon->user_ns) 210 put_user_ns(daemon->user_ns); 211 mutex_unlock(&daemon->mux); 212 kzfree(daemon); 213 out: 214 return rc; 215 } 216 217 /** 218 * ecryptfs_process_quit 219 * @euid: The user ID owner of the message 220 * @user_ns: The namespace in which @euid applies 221 * @pid: The process ID for the userspace program that sent the 222 * message 223 * 224 * Deletes the corresponding daemon for the given euid and pid, if 225 * it is the registered that is requesting the deletion. Returns zero 226 * after deleting the desired daemon; non-zero otherwise. 227 */ 228 int ecryptfs_process_quit(uid_t euid, struct user_namespace *user_ns, 229 struct pid *pid) 230 { 231 struct ecryptfs_daemon *daemon; 232 int rc; 233 234 mutex_lock(&ecryptfs_daemon_hash_mux); 235 rc = ecryptfs_find_daemon_by_euid(&daemon, euid, user_ns); 236 if (rc || !daemon) { 237 rc = -EINVAL; 238 printk(KERN_ERR "Received request from user [%d] to " 239 "unregister unrecognized daemon [0x%p]\n", euid, pid); 240 goto out_unlock; 241 } 242 rc = ecryptfs_exorcise_daemon(daemon); 243 out_unlock: 244 mutex_unlock(&ecryptfs_daemon_hash_mux); 245 return rc; 246 } 247 248 /** 249 * ecryptfs_process_reponse 250 * @msg: The ecryptfs message received; the caller should sanity check 251 * msg->data_len and free the memory 252 * @pid: The process ID of the userspace application that sent the 253 * message 254 * @seq: The sequence number of the message; must match the sequence 255 * number for the existing message context waiting for this 256 * response 257 * 258 * Processes a response message after sending an operation request to 259 * userspace. Some other process is awaiting this response. Before 260 * sending out its first communications, the other process allocated a 261 * msg_ctx from the ecryptfs_msg_ctx_arr at a particular index. The 262 * response message contains this index so that we can copy over the 263 * response message into the msg_ctx that the process holds a 264 * reference to. The other process is going to wake up, check to see 265 * that msg_ctx->state == ECRYPTFS_MSG_CTX_STATE_DONE, and then 266 * proceed to read off and process the response message. Returns zero 267 * upon delivery to desired context element; non-zero upon delivery 268 * failure or error. 269 * 270 * Returns zero on success; non-zero otherwise 271 */ 272 int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, 273 struct user_namespace *user_ns, struct pid *pid, 274 u32 seq) 275 { 276 struct ecryptfs_daemon *daemon; 277 struct ecryptfs_msg_ctx *msg_ctx; 278 size_t msg_size; 279 struct nsproxy *nsproxy; 280 struct user_namespace *tsk_user_ns; 281 uid_t ctx_euid; 282 int rc; 283 284 if (msg->index >= ecryptfs_message_buf_len) { 285 rc = -EINVAL; 286 printk(KERN_ERR "%s: Attempt to reference " 287 "context buffer at index [%d]; maximum " 288 "allowable is [%d]\n", __func__, msg->index, 289 (ecryptfs_message_buf_len - 1)); 290 goto out; 291 } 292 msg_ctx = &ecryptfs_msg_ctx_arr[msg->index]; 293 mutex_lock(&msg_ctx->mux); 294 mutex_lock(&ecryptfs_daemon_hash_mux); 295 rcu_read_lock(); 296 nsproxy = task_nsproxy(msg_ctx->task); 297 if (nsproxy == NULL) { 298 rc = -EBADMSG; 299 printk(KERN_ERR "%s: Receiving process is a zombie. Dropping " 300 "message.\n", __func__); 301 rcu_read_unlock(); 302 mutex_unlock(&ecryptfs_daemon_hash_mux); 303 goto wake_up; 304 } 305 tsk_user_ns = __task_cred(msg_ctx->task)->user->user_ns; 306 ctx_euid = task_euid(msg_ctx->task); 307 rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, tsk_user_ns); 308 rcu_read_unlock(); 309 mutex_unlock(&ecryptfs_daemon_hash_mux); 310 if (rc) { 311 rc = -EBADMSG; 312 printk(KERN_WARNING "%s: User [%d] received a " 313 "message response from process [0x%p] but does " 314 "not have a registered daemon\n", __func__, 315 ctx_euid, pid); 316 goto wake_up; 317 } 318 if (ctx_euid != euid) { 319 rc = -EBADMSG; 320 printk(KERN_WARNING "%s: Received message from user " 321 "[%d]; expected message from user [%d]\n", __func__, 322 euid, ctx_euid); 323 goto unlock; 324 } 325 if (tsk_user_ns != user_ns) { 326 rc = -EBADMSG; 327 printk(KERN_WARNING "%s: Received message from user_ns " 328 "[0x%p]; expected message from user_ns [0x%p]\n", 329 __func__, user_ns, tsk_user_ns); 330 goto unlock; 331 } 332 if (daemon->pid != pid) { 333 rc = -EBADMSG; 334 printk(KERN_ERR "%s: User [%d] sent a message response " 335 "from an unrecognized process [0x%p]\n", 336 __func__, ctx_euid, pid); 337 goto unlock; 338 } 339 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { 340 rc = -EINVAL; 341 printk(KERN_WARNING "%s: Desired context element is not " 342 "pending a response\n", __func__); 343 goto unlock; 344 } else if (msg_ctx->counter != seq) { 345 rc = -EINVAL; 346 printk(KERN_WARNING "%s: Invalid message sequence; " 347 "expected [%d]; received [%d]\n", __func__, 348 msg_ctx->counter, seq); 349 goto unlock; 350 } 351 msg_size = (sizeof(*msg) + msg->data_len); 352 msg_ctx->msg = kmalloc(msg_size, GFP_KERNEL); 353 if (!msg_ctx->msg) { 354 rc = -ENOMEM; 355 printk(KERN_ERR "%s: Failed to allocate [%zd] bytes of " 356 "GFP_KERNEL memory\n", __func__, msg_size); 357 goto unlock; 358 } 359 memcpy(msg_ctx->msg, msg, msg_size); 360 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_DONE; 361 rc = 0; 362 wake_up: 363 wake_up_process(msg_ctx->task); 364 unlock: 365 mutex_unlock(&msg_ctx->mux); 366 out: 367 return rc; 368 } 369 370 /** 371 * ecryptfs_send_message_locked 372 * @data: The data to send 373 * @data_len: The length of data 374 * @msg_ctx: The message context allocated for the send 375 * 376 * Must be called with ecryptfs_daemon_hash_mux held. 377 * 378 * Returns zero on success; non-zero otherwise 379 */ 380 static int 381 ecryptfs_send_message_locked(char *data, int data_len, u8 msg_type, 382 struct ecryptfs_msg_ctx **msg_ctx) 383 { 384 struct ecryptfs_daemon *daemon; 385 uid_t euid = current_euid(); 386 int rc; 387 388 rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); 389 if (rc || !daemon) { 390 rc = -ENOTCONN; 391 printk(KERN_ERR "%s: User [%d] does not have a daemon " 392 "registered\n", __func__, euid); 393 goto out; 394 } 395 mutex_lock(&ecryptfs_msg_ctx_lists_mux); 396 rc = ecryptfs_acquire_free_msg_ctx(msg_ctx); 397 if (rc) { 398 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 399 printk(KERN_WARNING "%s: Could not claim a free " 400 "context element\n", __func__); 401 goto out; 402 } 403 ecryptfs_msg_ctx_free_to_alloc(*msg_ctx); 404 mutex_unlock(&(*msg_ctx)->mux); 405 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 406 rc = ecryptfs_send_miscdev(data, data_len, *msg_ctx, msg_type, 0, 407 daemon); 408 if (rc) 409 printk(KERN_ERR "%s: Error attempting to send message to " 410 "userspace daemon; rc = [%d]\n", __func__, rc); 411 out: 412 return rc; 413 } 414 415 /** 416 * ecryptfs_send_message 417 * @data: The data to send 418 * @data_len: The length of data 419 * @msg_ctx: The message context allocated for the send 420 * 421 * Grabs ecryptfs_daemon_hash_mux. 422 * 423 * Returns zero on success; non-zero otherwise 424 */ 425 int ecryptfs_send_message(char *data, int data_len, 426 struct ecryptfs_msg_ctx **msg_ctx) 427 { 428 int rc; 429 430 mutex_lock(&ecryptfs_daemon_hash_mux); 431 rc = ecryptfs_send_message_locked(data, data_len, ECRYPTFS_MSG_REQUEST, 432 msg_ctx); 433 mutex_unlock(&ecryptfs_daemon_hash_mux); 434 return rc; 435 } 436 437 /** 438 * ecryptfs_wait_for_response 439 * @msg_ctx: The context that was assigned when sending a message 440 * @msg: The incoming message from userspace; not set if rc != 0 441 * 442 * Sleeps until awaken by ecryptfs_receive_message or until the amount 443 * of time exceeds ecryptfs_message_wait_timeout. If zero is 444 * returned, msg will point to a valid message from userspace; a 445 * non-zero value is returned upon failure to receive a message or an 446 * error occurs. Callee must free @msg on success. 447 */ 448 int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx, 449 struct ecryptfs_message **msg) 450 { 451 signed long timeout = ecryptfs_message_wait_timeout * HZ; 452 int rc = 0; 453 454 sleep: 455 timeout = schedule_timeout_interruptible(timeout); 456 mutex_lock(&ecryptfs_msg_ctx_lists_mux); 457 mutex_lock(&msg_ctx->mux); 458 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_DONE) { 459 if (timeout) { 460 mutex_unlock(&msg_ctx->mux); 461 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 462 goto sleep; 463 } 464 rc = -ENOMSG; 465 } else { 466 *msg = msg_ctx->msg; 467 msg_ctx->msg = NULL; 468 } 469 ecryptfs_msg_ctx_alloc_to_free(msg_ctx); 470 mutex_unlock(&msg_ctx->mux); 471 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 472 return rc; 473 } 474 475 int ecryptfs_init_messaging(void) 476 { 477 int i; 478 int rc = 0; 479 480 if (ecryptfs_number_of_users > ECRYPTFS_MAX_NUM_USERS) { 481 ecryptfs_number_of_users = ECRYPTFS_MAX_NUM_USERS; 482 printk(KERN_WARNING "%s: Specified number of users is " 483 "too large, defaulting to [%d] users\n", __func__, 484 ecryptfs_number_of_users); 485 } 486 mutex_init(&ecryptfs_daemon_hash_mux); 487 mutex_lock(&ecryptfs_daemon_hash_mux); 488 ecryptfs_hash_buckets = 1; 489 while (ecryptfs_number_of_users >> ecryptfs_hash_buckets) 490 ecryptfs_hash_buckets++; 491 ecryptfs_daemon_hash = kmalloc((sizeof(struct hlist_head) 492 * ecryptfs_hash_buckets), GFP_KERNEL); 493 if (!ecryptfs_daemon_hash) { 494 rc = -ENOMEM; 495 printk(KERN_ERR "%s: Failed to allocate memory\n", __func__); 496 mutex_unlock(&ecryptfs_daemon_hash_mux); 497 goto out; 498 } 499 for (i = 0; i < ecryptfs_hash_buckets; i++) 500 INIT_HLIST_HEAD(&ecryptfs_daemon_hash[i]); 501 mutex_unlock(&ecryptfs_daemon_hash_mux); 502 ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx) 503 * ecryptfs_message_buf_len), 504 GFP_KERNEL); 505 if (!ecryptfs_msg_ctx_arr) { 506 rc = -ENOMEM; 507 printk(KERN_ERR "%s: Failed to allocate memory\n", __func__); 508 goto out; 509 } 510 mutex_init(&ecryptfs_msg_ctx_lists_mux); 511 mutex_lock(&ecryptfs_msg_ctx_lists_mux); 512 ecryptfs_msg_counter = 0; 513 for (i = 0; i < ecryptfs_message_buf_len; i++) { 514 INIT_LIST_HEAD(&ecryptfs_msg_ctx_arr[i].node); 515 INIT_LIST_HEAD(&ecryptfs_msg_ctx_arr[i].daemon_out_list); 516 mutex_init(&ecryptfs_msg_ctx_arr[i].mux); 517 mutex_lock(&ecryptfs_msg_ctx_arr[i].mux); 518 ecryptfs_msg_ctx_arr[i].index = i; 519 ecryptfs_msg_ctx_arr[i].state = ECRYPTFS_MSG_CTX_STATE_FREE; 520 ecryptfs_msg_ctx_arr[i].counter = 0; 521 ecryptfs_msg_ctx_arr[i].task = NULL; 522 ecryptfs_msg_ctx_arr[i].msg = NULL; 523 list_add_tail(&ecryptfs_msg_ctx_arr[i].node, 524 &ecryptfs_msg_ctx_free_list); 525 mutex_unlock(&ecryptfs_msg_ctx_arr[i].mux); 526 } 527 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 528 rc = ecryptfs_init_ecryptfs_miscdev(); 529 if (rc) 530 ecryptfs_release_messaging(); 531 out: 532 return rc; 533 } 534 535 void ecryptfs_release_messaging(void) 536 { 537 if (ecryptfs_msg_ctx_arr) { 538 int i; 539 540 mutex_lock(&ecryptfs_msg_ctx_lists_mux); 541 for (i = 0; i < ecryptfs_message_buf_len; i++) { 542 mutex_lock(&ecryptfs_msg_ctx_arr[i].mux); 543 if (ecryptfs_msg_ctx_arr[i].msg) 544 kfree(ecryptfs_msg_ctx_arr[i].msg); 545 mutex_unlock(&ecryptfs_msg_ctx_arr[i].mux); 546 } 547 kfree(ecryptfs_msg_ctx_arr); 548 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 549 } 550 if (ecryptfs_daemon_hash) { 551 struct hlist_node *elem; 552 struct ecryptfs_daemon *daemon; 553 int i; 554 555 mutex_lock(&ecryptfs_daemon_hash_mux); 556 for (i = 0; i < ecryptfs_hash_buckets; i++) { 557 int rc; 558 559 hlist_for_each_entry(daemon, elem, 560 &ecryptfs_daemon_hash[i], 561 euid_chain) { 562 rc = ecryptfs_exorcise_daemon(daemon); 563 if (rc) 564 printk(KERN_ERR "%s: Error whilst " 565 "attempting to destroy daemon; " 566 "rc = [%d]. Dazed and confused, " 567 "but trying to continue.\n", 568 __func__, rc); 569 } 570 } 571 kfree(ecryptfs_daemon_hash); 572 mutex_unlock(&ecryptfs_daemon_hash_mux); 573 } 574 ecryptfs_destroy_ecryptfs_miscdev(); 575 return; 576 } 577