1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * fscrypt.h: declarations for per-file encryption 4 * 5 * Filesystems that implement per-file encryption must include this header 6 * file. 7 * 8 * Copyright (C) 2015, Google, Inc. 9 * 10 * Written by Michael Halcrow, 2015. 11 * Modified by Jaegeuk Kim, 2015. 12 */ 13 #ifndef _LINUX_FSCRYPT_H 14 #define _LINUX_FSCRYPT_H 15 16 #include <linux/fs.h> 17 #include <linux/mm.h> 18 #include <linux/slab.h> 19 20 #define FS_CRYPTO_BLOCK_SIZE 16 21 22 struct fscrypt_ctx; 23 struct fscrypt_info; 24 25 struct fscrypt_str { 26 unsigned char *name; 27 u32 len; 28 }; 29 30 struct fscrypt_name { 31 const struct qstr *usr_fname; 32 struct fscrypt_str disk_name; 33 u32 hash; 34 u32 minor_hash; 35 struct fscrypt_str crypto_buf; 36 bool is_ciphertext_name; 37 }; 38 39 #define FSTR_INIT(n, l) { .name = n, .len = l } 40 #define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len) 41 #define fname_name(p) ((p)->disk_name.name) 42 #define fname_len(p) ((p)->disk_name.len) 43 44 /* Maximum value for the third parameter of fscrypt_operations.set_context(). */ 45 #define FSCRYPT_SET_CONTEXT_MAX_SIZE 28 46 47 #ifdef CONFIG_FS_ENCRYPTION 48 /* 49 * fscrypt superblock flags 50 */ 51 #define FS_CFLG_OWN_PAGES (1U << 1) 52 53 /* 54 * crypto operations for filesystems 55 */ 56 struct fscrypt_operations { 57 unsigned int flags; 58 const char *key_prefix; 59 int (*get_context)(struct inode *, void *, size_t); 60 int (*set_context)(struct inode *, const void *, size_t, void *); 61 bool (*dummy_context)(struct inode *); 62 bool (*empty_dir)(struct inode *); 63 unsigned int max_namelen; 64 }; 65 66 /* Decryption work */ 67 struct fscrypt_ctx { 68 union { 69 struct { 70 struct bio *bio; 71 struct work_struct work; 72 }; 73 struct list_head free_list; /* Free list */ 74 }; 75 u8 flags; /* Flags */ 76 }; 77 78 static inline bool fscrypt_has_encryption_key(const struct inode *inode) 79 { 80 /* pairs with cmpxchg_release() in fscrypt_get_encryption_info() */ 81 return READ_ONCE(inode->i_crypt_info) != NULL; 82 } 83 84 static inline bool fscrypt_dummy_context_enabled(struct inode *inode) 85 { 86 return inode->i_sb->s_cop->dummy_context && 87 inode->i_sb->s_cop->dummy_context(inode); 88 } 89 90 /* 91 * When d_splice_alias() moves a directory's encrypted alias to its decrypted 92 * alias as a result of the encryption key being added, DCACHE_ENCRYPTED_NAME 93 * must be cleared. Note that we don't have to support arbitrary moves of this 94 * flag because fscrypt doesn't allow encrypted aliases to be the source or 95 * target of a rename(). 96 */ 97 static inline void fscrypt_handle_d_move(struct dentry *dentry) 98 { 99 dentry->d_flags &= ~DCACHE_ENCRYPTED_NAME; 100 } 101 102 /* crypto.c */ 103 extern void fscrypt_enqueue_decrypt_work(struct work_struct *); 104 extern struct fscrypt_ctx *fscrypt_get_ctx(gfp_t); 105 extern void fscrypt_release_ctx(struct fscrypt_ctx *); 106 107 extern struct page *fscrypt_encrypt_pagecache_blocks(struct page *page, 108 unsigned int len, 109 unsigned int offs, 110 gfp_t gfp_flags); 111 extern int fscrypt_encrypt_block_inplace(const struct inode *inode, 112 struct page *page, unsigned int len, 113 unsigned int offs, u64 lblk_num, 114 gfp_t gfp_flags); 115 116 extern int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len, 117 unsigned int offs); 118 extern int fscrypt_decrypt_block_inplace(const struct inode *inode, 119 struct page *page, unsigned int len, 120 unsigned int offs, u64 lblk_num); 121 122 static inline bool fscrypt_is_bounce_page(struct page *page) 123 { 124 return page->mapping == NULL; 125 } 126 127 static inline struct page *fscrypt_pagecache_page(struct page *bounce_page) 128 { 129 return (struct page *)page_private(bounce_page); 130 } 131 132 extern void fscrypt_free_bounce_page(struct page *bounce_page); 133 134 /* policy.c */ 135 extern int fscrypt_ioctl_set_policy(struct file *, const void __user *); 136 extern int fscrypt_ioctl_get_policy(struct file *, void __user *); 137 extern int fscrypt_has_permitted_context(struct inode *, struct inode *); 138 extern int fscrypt_inherit_context(struct inode *, struct inode *, 139 void *, bool); 140 /* keyinfo.c */ 141 extern int fscrypt_get_encryption_info(struct inode *); 142 extern void fscrypt_put_encryption_info(struct inode *); 143 extern void fscrypt_free_inode(struct inode *); 144 145 /* fname.c */ 146 extern int fscrypt_setup_filename(struct inode *, const struct qstr *, 147 int lookup, struct fscrypt_name *); 148 149 static inline void fscrypt_free_filename(struct fscrypt_name *fname) 150 { 151 kfree(fname->crypto_buf.name); 152 } 153 154 extern int fscrypt_fname_alloc_buffer(const struct inode *, u32, 155 struct fscrypt_str *); 156 extern void fscrypt_fname_free_buffer(struct fscrypt_str *); 157 extern int fscrypt_fname_disk_to_usr(struct inode *, u32, u32, 158 const struct fscrypt_str *, struct fscrypt_str *); 159 160 #define FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE 32 161 162 /* Extracts the second-to-last ciphertext block; see explanation below */ 163 #define FSCRYPT_FNAME_DIGEST(name, len) \ 164 ((name) + round_down((len) - FS_CRYPTO_BLOCK_SIZE - 1, \ 165 FS_CRYPTO_BLOCK_SIZE)) 166 167 #define FSCRYPT_FNAME_DIGEST_SIZE FS_CRYPTO_BLOCK_SIZE 168 169 /** 170 * fscrypt_digested_name - alternate identifier for an on-disk filename 171 * 172 * When userspace lists an encrypted directory without access to the key, 173 * filenames whose ciphertext is longer than FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE 174 * bytes are shown in this abbreviated form (base64-encoded) rather than as the 175 * full ciphertext (base64-encoded). This is necessary to allow supporting 176 * filenames up to NAME_MAX bytes, since base64 encoding expands the length. 177 * 178 * To make it possible for filesystems to still find the correct directory entry 179 * despite not knowing the full on-disk name, we encode any filesystem-specific 180 * 'hash' and/or 'minor_hash' which the filesystem may need for its lookups, 181 * followed by the second-to-last ciphertext block of the filename. Due to the 182 * use of the CBC-CTS encryption mode, the second-to-last ciphertext block 183 * depends on the full plaintext. (Note that ciphertext stealing causes the 184 * last two blocks to appear "flipped".) This makes accidental collisions very 185 * unlikely: just a 1 in 2^128 chance for two filenames to collide even if they 186 * share the same filesystem-specific hashes. 187 * 188 * However, this scheme isn't immune to intentional collisions, which can be 189 * created by anyone able to create arbitrary plaintext filenames and view them 190 * without the key. Making the "digest" be a real cryptographic hash like 191 * SHA-256 over the full ciphertext would prevent this, although it would be 192 * less efficient and harder to implement, especially since the filesystem would 193 * need to calculate it for each directory entry examined during a search. 194 */ 195 struct fscrypt_digested_name { 196 u32 hash; 197 u32 minor_hash; 198 u8 digest[FSCRYPT_FNAME_DIGEST_SIZE]; 199 }; 200 201 /** 202 * fscrypt_match_name() - test whether the given name matches a directory entry 203 * @fname: the name being searched for 204 * @de_name: the name from the directory entry 205 * @de_name_len: the length of @de_name in bytes 206 * 207 * Normally @fname->disk_name will be set, and in that case we simply compare 208 * that to the name stored in the directory entry. The only exception is that 209 * if we don't have the key for an encrypted directory and a filename in it is 210 * very long, then we won't have the full disk_name and we'll instead need to 211 * match against the fscrypt_digested_name. 212 * 213 * Return: %true if the name matches, otherwise %false. 214 */ 215 static inline bool fscrypt_match_name(const struct fscrypt_name *fname, 216 const u8 *de_name, u32 de_name_len) 217 { 218 if (unlikely(!fname->disk_name.name)) { 219 const struct fscrypt_digested_name *n = 220 (const void *)fname->crypto_buf.name; 221 if (WARN_ON_ONCE(fname->usr_fname->name[0] != '_')) 222 return false; 223 if (de_name_len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE) 224 return false; 225 return !memcmp(FSCRYPT_FNAME_DIGEST(de_name, de_name_len), 226 n->digest, FSCRYPT_FNAME_DIGEST_SIZE); 227 } 228 229 if (de_name_len != fname->disk_name.len) 230 return false; 231 return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len); 232 } 233 234 /* bio.c */ 235 extern void fscrypt_decrypt_bio(struct bio *); 236 extern void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx, 237 struct bio *bio); 238 extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t, 239 unsigned int); 240 241 /* hooks.c */ 242 extern int fscrypt_file_open(struct inode *inode, struct file *filp); 243 extern int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, 244 struct dentry *dentry); 245 extern int __fscrypt_prepare_rename(struct inode *old_dir, 246 struct dentry *old_dentry, 247 struct inode *new_dir, 248 struct dentry *new_dentry, 249 unsigned int flags); 250 extern int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry, 251 struct fscrypt_name *fname); 252 extern int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len, 253 unsigned int max_len, 254 struct fscrypt_str *disk_link); 255 extern int __fscrypt_encrypt_symlink(struct inode *inode, const char *target, 256 unsigned int len, 257 struct fscrypt_str *disk_link); 258 extern const char *fscrypt_get_symlink(struct inode *inode, const void *caddr, 259 unsigned int max_size, 260 struct delayed_call *done); 261 static inline void fscrypt_set_ops(struct super_block *sb, 262 const struct fscrypt_operations *s_cop) 263 { 264 sb->s_cop = s_cop; 265 } 266 #else /* !CONFIG_FS_ENCRYPTION */ 267 268 static inline bool fscrypt_has_encryption_key(const struct inode *inode) 269 { 270 return false; 271 } 272 273 static inline bool fscrypt_dummy_context_enabled(struct inode *inode) 274 { 275 return false; 276 } 277 278 static inline void fscrypt_handle_d_move(struct dentry *dentry) 279 { 280 } 281 282 /* crypto.c */ 283 static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work) 284 { 285 } 286 287 static inline struct fscrypt_ctx *fscrypt_get_ctx(gfp_t gfp_flags) 288 { 289 return ERR_PTR(-EOPNOTSUPP); 290 } 291 292 static inline void fscrypt_release_ctx(struct fscrypt_ctx *ctx) 293 { 294 return; 295 } 296 297 static inline struct page *fscrypt_encrypt_pagecache_blocks(struct page *page, 298 unsigned int len, 299 unsigned int offs, 300 gfp_t gfp_flags) 301 { 302 return ERR_PTR(-EOPNOTSUPP); 303 } 304 305 static inline int fscrypt_encrypt_block_inplace(const struct inode *inode, 306 struct page *page, 307 unsigned int len, 308 unsigned int offs, u64 lblk_num, 309 gfp_t gfp_flags) 310 { 311 return -EOPNOTSUPP; 312 } 313 314 static inline int fscrypt_decrypt_pagecache_blocks(struct page *page, 315 unsigned int len, 316 unsigned int offs) 317 { 318 return -EOPNOTSUPP; 319 } 320 321 static inline int fscrypt_decrypt_block_inplace(const struct inode *inode, 322 struct page *page, 323 unsigned int len, 324 unsigned int offs, u64 lblk_num) 325 { 326 return -EOPNOTSUPP; 327 } 328 329 static inline bool fscrypt_is_bounce_page(struct page *page) 330 { 331 return false; 332 } 333 334 static inline struct page *fscrypt_pagecache_page(struct page *bounce_page) 335 { 336 WARN_ON_ONCE(1); 337 return ERR_PTR(-EINVAL); 338 } 339 340 static inline void fscrypt_free_bounce_page(struct page *bounce_page) 341 { 342 } 343 344 /* policy.c */ 345 static inline int fscrypt_ioctl_set_policy(struct file *filp, 346 const void __user *arg) 347 { 348 return -EOPNOTSUPP; 349 } 350 351 static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg) 352 { 353 return -EOPNOTSUPP; 354 } 355 356 static inline int fscrypt_has_permitted_context(struct inode *parent, 357 struct inode *child) 358 { 359 return 0; 360 } 361 362 static inline int fscrypt_inherit_context(struct inode *parent, 363 struct inode *child, 364 void *fs_data, bool preload) 365 { 366 return -EOPNOTSUPP; 367 } 368 369 /* keyinfo.c */ 370 static inline int fscrypt_get_encryption_info(struct inode *inode) 371 { 372 return -EOPNOTSUPP; 373 } 374 375 static inline void fscrypt_put_encryption_info(struct inode *inode) 376 { 377 return; 378 } 379 380 static inline void fscrypt_free_inode(struct inode *inode) 381 { 382 } 383 384 /* fname.c */ 385 static inline int fscrypt_setup_filename(struct inode *dir, 386 const struct qstr *iname, 387 int lookup, struct fscrypt_name *fname) 388 { 389 if (IS_ENCRYPTED(dir)) 390 return -EOPNOTSUPP; 391 392 memset(fname, 0, sizeof(*fname)); 393 fname->usr_fname = iname; 394 fname->disk_name.name = (unsigned char *)iname->name; 395 fname->disk_name.len = iname->len; 396 return 0; 397 } 398 399 static inline void fscrypt_free_filename(struct fscrypt_name *fname) 400 { 401 return; 402 } 403 404 static inline int fscrypt_fname_alloc_buffer(const struct inode *inode, 405 u32 max_encrypted_len, 406 struct fscrypt_str *crypto_str) 407 { 408 return -EOPNOTSUPP; 409 } 410 411 static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str) 412 { 413 return; 414 } 415 416 static inline int fscrypt_fname_disk_to_usr(struct inode *inode, 417 u32 hash, u32 minor_hash, 418 const struct fscrypt_str *iname, 419 struct fscrypt_str *oname) 420 { 421 return -EOPNOTSUPP; 422 } 423 424 static inline bool fscrypt_match_name(const struct fscrypt_name *fname, 425 const u8 *de_name, u32 de_name_len) 426 { 427 /* Encryption support disabled; use standard comparison */ 428 if (de_name_len != fname->disk_name.len) 429 return false; 430 return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len); 431 } 432 433 /* bio.c */ 434 static inline void fscrypt_decrypt_bio(struct bio *bio) 435 { 436 } 437 438 static inline void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx, 439 struct bio *bio) 440 { 441 } 442 443 static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, 444 sector_t pblk, unsigned int len) 445 { 446 return -EOPNOTSUPP; 447 } 448 449 /* hooks.c */ 450 451 static inline int fscrypt_file_open(struct inode *inode, struct file *filp) 452 { 453 if (IS_ENCRYPTED(inode)) 454 return -EOPNOTSUPP; 455 return 0; 456 } 457 458 static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, 459 struct dentry *dentry) 460 { 461 return -EOPNOTSUPP; 462 } 463 464 static inline int __fscrypt_prepare_rename(struct inode *old_dir, 465 struct dentry *old_dentry, 466 struct inode *new_dir, 467 struct dentry *new_dentry, 468 unsigned int flags) 469 { 470 return -EOPNOTSUPP; 471 } 472 473 static inline int __fscrypt_prepare_lookup(struct inode *dir, 474 struct dentry *dentry, 475 struct fscrypt_name *fname) 476 { 477 return -EOPNOTSUPP; 478 } 479 480 static inline int __fscrypt_prepare_symlink(struct inode *dir, 481 unsigned int len, 482 unsigned int max_len, 483 struct fscrypt_str *disk_link) 484 { 485 return -EOPNOTSUPP; 486 } 487 488 489 static inline int __fscrypt_encrypt_symlink(struct inode *inode, 490 const char *target, 491 unsigned int len, 492 struct fscrypt_str *disk_link) 493 { 494 return -EOPNOTSUPP; 495 } 496 497 static inline const char *fscrypt_get_symlink(struct inode *inode, 498 const void *caddr, 499 unsigned int max_size, 500 struct delayed_call *done) 501 { 502 return ERR_PTR(-EOPNOTSUPP); 503 } 504 505 static inline void fscrypt_set_ops(struct super_block *sb, 506 const struct fscrypt_operations *s_cop) 507 { 508 } 509 510 #endif /* !CONFIG_FS_ENCRYPTION */ 511 512 /** 513 * fscrypt_require_key - require an inode's encryption key 514 * @inode: the inode we need the key for 515 * 516 * If the inode is encrypted, set up its encryption key if not already done. 517 * Then require that the key be present and return -ENOKEY otherwise. 518 * 519 * No locks are needed, and the key will live as long as the struct inode --- so 520 * it won't go away from under you. 521 * 522 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code 523 * if a problem occurred while setting up the encryption key. 524 */ 525 static inline int fscrypt_require_key(struct inode *inode) 526 { 527 if (IS_ENCRYPTED(inode)) { 528 int err = fscrypt_get_encryption_info(inode); 529 530 if (err) 531 return err; 532 if (!fscrypt_has_encryption_key(inode)) 533 return -ENOKEY; 534 } 535 return 0; 536 } 537 538 /** 539 * fscrypt_prepare_link - prepare to link an inode into a possibly-encrypted directory 540 * @old_dentry: an existing dentry for the inode being linked 541 * @dir: the target directory 542 * @dentry: negative dentry for the target filename 543 * 544 * A new link can only be added to an encrypted directory if the directory's 545 * encryption key is available --- since otherwise we'd have no way to encrypt 546 * the filename. Therefore, we first set up the directory's encryption key (if 547 * not already done) and return an error if it's unavailable. 548 * 549 * We also verify that the link will not violate the constraint that all files 550 * in an encrypted directory tree use the same encryption policy. 551 * 552 * Return: 0 on success, -ENOKEY if the directory's encryption key is missing, 553 * -EXDEV if the link would result in an inconsistent encryption policy, or 554 * another -errno code. 555 */ 556 static inline int fscrypt_prepare_link(struct dentry *old_dentry, 557 struct inode *dir, 558 struct dentry *dentry) 559 { 560 if (IS_ENCRYPTED(dir)) 561 return __fscrypt_prepare_link(d_inode(old_dentry), dir, dentry); 562 return 0; 563 } 564 565 /** 566 * fscrypt_prepare_rename - prepare for a rename between possibly-encrypted directories 567 * @old_dir: source directory 568 * @old_dentry: dentry for source file 569 * @new_dir: target directory 570 * @new_dentry: dentry for target location (may be negative unless exchanging) 571 * @flags: rename flags (we care at least about %RENAME_EXCHANGE) 572 * 573 * Prepare for ->rename() where the source and/or target directories may be 574 * encrypted. A new link can only be added to an encrypted directory if the 575 * directory's encryption key is available --- since otherwise we'd have no way 576 * to encrypt the filename. A rename to an existing name, on the other hand, 577 * *is* cryptographically possible without the key. However, we take the more 578 * conservative approach and just forbid all no-key renames. 579 * 580 * We also verify that the rename will not violate the constraint that all files 581 * in an encrypted directory tree use the same encryption policy. 582 * 583 * Return: 0 on success, -ENOKEY if an encryption key is missing, -EXDEV if the 584 * rename would cause inconsistent encryption policies, or another -errno code. 585 */ 586 static inline int fscrypt_prepare_rename(struct inode *old_dir, 587 struct dentry *old_dentry, 588 struct inode *new_dir, 589 struct dentry *new_dentry, 590 unsigned int flags) 591 { 592 if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir)) 593 return __fscrypt_prepare_rename(old_dir, old_dentry, 594 new_dir, new_dentry, flags); 595 return 0; 596 } 597 598 /** 599 * fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory 600 * @dir: directory being searched 601 * @dentry: filename being looked up 602 * @fname: (output) the name to use to search the on-disk directory 603 * 604 * Prepare for ->lookup() in a directory which may be encrypted by determining 605 * the name that will actually be used to search the directory on-disk. Lookups 606 * can be done with or without the directory's encryption key; without the key, 607 * filenames are presented in encrypted form. Therefore, we'll try to set up 608 * the directory's encryption key, but even without it the lookup can continue. 609 * 610 * This also installs a custom ->d_revalidate() method which will invalidate the 611 * dentry if it was created without the key and the key is later added. 612 * 613 * Return: 0 on success; -ENOENT if key is unavailable but the filename isn't a 614 * correctly formed encoded ciphertext name, so a negative dentry should be 615 * created; or another -errno code. 616 */ 617 static inline int fscrypt_prepare_lookup(struct inode *dir, 618 struct dentry *dentry, 619 struct fscrypt_name *fname) 620 { 621 if (IS_ENCRYPTED(dir)) 622 return __fscrypt_prepare_lookup(dir, dentry, fname); 623 624 memset(fname, 0, sizeof(*fname)); 625 fname->usr_fname = &dentry->d_name; 626 fname->disk_name.name = (unsigned char *)dentry->d_name.name; 627 fname->disk_name.len = dentry->d_name.len; 628 return 0; 629 } 630 631 /** 632 * fscrypt_prepare_setattr - prepare to change a possibly-encrypted inode's attributes 633 * @dentry: dentry through which the inode is being changed 634 * @attr: attributes to change 635 * 636 * Prepare for ->setattr() on a possibly-encrypted inode. On an encrypted file, 637 * most attribute changes are allowed even without the encryption key. However, 638 * without the encryption key we do have to forbid truncates. This is needed 639 * because the size being truncated to may not be a multiple of the filesystem 640 * block size, and in that case we'd have to decrypt the final block, zero the 641 * portion past i_size, and re-encrypt it. (We *could* allow truncating to a 642 * filesystem block boundary, but it's simpler to just forbid all truncates --- 643 * and we already forbid all other contents modifications without the key.) 644 * 645 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code 646 * if a problem occurred while setting up the encryption key. 647 */ 648 static inline int fscrypt_prepare_setattr(struct dentry *dentry, 649 struct iattr *attr) 650 { 651 if (attr->ia_valid & ATTR_SIZE) 652 return fscrypt_require_key(d_inode(dentry)); 653 return 0; 654 } 655 656 /** 657 * fscrypt_prepare_symlink - prepare to create a possibly-encrypted symlink 658 * @dir: directory in which the symlink is being created 659 * @target: plaintext symlink target 660 * @len: length of @target excluding null terminator 661 * @max_len: space the filesystem has available to store the symlink target 662 * @disk_link: (out) the on-disk symlink target being prepared 663 * 664 * This function computes the size the symlink target will require on-disk, 665 * stores it in @disk_link->len, and validates it against @max_len. An 666 * encrypted symlink may be longer than the original. 667 * 668 * Additionally, @disk_link->name is set to @target if the symlink will be 669 * unencrypted, but left NULL if the symlink will be encrypted. For encrypted 670 * symlinks, the filesystem must call fscrypt_encrypt_symlink() to create the 671 * on-disk target later. (The reason for the two-step process is that some 672 * filesystems need to know the size of the symlink target before creating the 673 * inode, e.g. to determine whether it will be a "fast" or "slow" symlink.) 674 * 675 * Return: 0 on success, -ENAMETOOLONG if the symlink target is too long, 676 * -ENOKEY if the encryption key is missing, or another -errno code if a problem 677 * occurred while setting up the encryption key. 678 */ 679 static inline int fscrypt_prepare_symlink(struct inode *dir, 680 const char *target, 681 unsigned int len, 682 unsigned int max_len, 683 struct fscrypt_str *disk_link) 684 { 685 if (IS_ENCRYPTED(dir) || fscrypt_dummy_context_enabled(dir)) 686 return __fscrypt_prepare_symlink(dir, len, max_len, disk_link); 687 688 disk_link->name = (unsigned char *)target; 689 disk_link->len = len + 1; 690 if (disk_link->len > max_len) 691 return -ENAMETOOLONG; 692 return 0; 693 } 694 695 /** 696 * fscrypt_encrypt_symlink - encrypt the symlink target if needed 697 * @inode: symlink inode 698 * @target: plaintext symlink target 699 * @len: length of @target excluding null terminator 700 * @disk_link: (in/out) the on-disk symlink target being prepared 701 * 702 * If the symlink target needs to be encrypted, then this function encrypts it 703 * into @disk_link->name. fscrypt_prepare_symlink() must have been called 704 * previously to compute @disk_link->len. If the filesystem did not allocate a 705 * buffer for @disk_link->name after calling fscrypt_prepare_link(), then one 706 * will be kmalloc()'ed and the filesystem will be responsible for freeing it. 707 * 708 * Return: 0 on success, -errno on failure 709 */ 710 static inline int fscrypt_encrypt_symlink(struct inode *inode, 711 const char *target, 712 unsigned int len, 713 struct fscrypt_str *disk_link) 714 { 715 if (IS_ENCRYPTED(inode)) 716 return __fscrypt_encrypt_symlink(inode, target, len, disk_link); 717 return 0; 718 } 719 720 /* If *pagep is a bounce page, free it and set *pagep to the pagecache page */ 721 static inline void fscrypt_finalize_bounce_page(struct page **pagep) 722 { 723 struct page *page = *pagep; 724 725 if (fscrypt_is_bounce_page(page)) { 726 *pagep = fscrypt_pagecache_page(page); 727 fscrypt_free_bounce_page(page); 728 } 729 } 730 731 #endif /* _LINUX_FSCRYPT_H */ 732