1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * fscrypt.h: declarations for per-file encryption 4 * 5 * Filesystems that implement per-file encryption must include this header 6 * file. 7 * 8 * Copyright (C) 2015, Google, Inc. 9 * 10 * Written by Michael Halcrow, 2015. 11 * Modified by Jaegeuk Kim, 2015. 12 */ 13 #ifndef _LINUX_FSCRYPT_H 14 #define _LINUX_FSCRYPT_H 15 16 #include <linux/fs.h> 17 #include <linux/mm.h> 18 #include <linux/parser.h> 19 #include <linux/slab.h> 20 #include <uapi/linux/fscrypt.h> 21 22 #define FS_CRYPTO_BLOCK_SIZE 16 23 24 union fscrypt_context; 25 struct fscrypt_info; 26 struct seq_file; 27 28 struct fscrypt_str { 29 unsigned char *name; 30 u32 len; 31 }; 32 33 struct fscrypt_name { 34 const struct qstr *usr_fname; 35 struct fscrypt_str disk_name; 36 u32 hash; 37 u32 minor_hash; 38 struct fscrypt_str crypto_buf; 39 bool is_ciphertext_name; 40 }; 41 42 #define FSTR_INIT(n, l) { .name = n, .len = l } 43 #define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len) 44 #define fname_name(p) ((p)->disk_name.name) 45 #define fname_len(p) ((p)->disk_name.len) 46 47 /* Maximum value for the third parameter of fscrypt_operations.set_context(). */ 48 #define FSCRYPT_SET_CONTEXT_MAX_SIZE 40 49 50 #ifdef CONFIG_FS_ENCRYPTION 51 /* 52 * fscrypt superblock flags 53 */ 54 #define FS_CFLG_OWN_PAGES (1U << 1) 55 56 /* 57 * crypto operations for filesystems 58 */ 59 struct fscrypt_operations { 60 unsigned int flags; 61 const char *key_prefix; 62 int (*get_context)(struct inode *inode, void *ctx, size_t len); 63 int (*set_context)(struct inode *inode, const void *ctx, size_t len, 64 void *fs_data); 65 const union fscrypt_context *(*get_dummy_context)( 66 struct super_block *sb); 67 bool (*empty_dir)(struct inode *inode); 68 unsigned int max_namelen; 69 bool (*has_stable_inodes)(struct super_block *sb); 70 void (*get_ino_and_lblk_bits)(struct super_block *sb, 71 int *ino_bits_ret, int *lblk_bits_ret); 72 int (*get_num_devices)(struct super_block *sb); 73 void (*get_devices)(struct super_block *sb, 74 struct request_queue **devs); 75 }; 76 77 static inline struct fscrypt_info *fscrypt_get_info(const struct inode *inode) 78 { 79 /* 80 * Pairs with the cmpxchg_release() in fscrypt_get_encryption_info(). 81 * I.e., another task may publish ->i_crypt_info concurrently, executing 82 * a RELEASE barrier. We need to use smp_load_acquire() here to safely 83 * ACQUIRE the memory the other task published. 84 */ 85 return smp_load_acquire(&inode->i_crypt_info); 86 } 87 88 /** 89 * fscrypt_needs_contents_encryption() - check whether an inode needs 90 * contents encryption 91 * @inode: the inode to check 92 * 93 * Return: %true iff the inode is an encrypted regular file and the kernel was 94 * built with fscrypt support. 95 * 96 * If you need to know whether the encrypt bit is set even when the kernel was 97 * built without fscrypt support, you must use IS_ENCRYPTED() directly instead. 98 */ 99 static inline bool fscrypt_needs_contents_encryption(const struct inode *inode) 100 { 101 return IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode); 102 } 103 104 static inline const union fscrypt_context * 105 fscrypt_get_dummy_context(struct super_block *sb) 106 { 107 if (!sb->s_cop->get_dummy_context) 108 return NULL; 109 return sb->s_cop->get_dummy_context(sb); 110 } 111 112 /* 113 * When d_splice_alias() moves a directory's encrypted alias to its decrypted 114 * alias as a result of the encryption key being added, DCACHE_ENCRYPTED_NAME 115 * must be cleared. Note that we don't have to support arbitrary moves of this 116 * flag because fscrypt doesn't allow encrypted aliases to be the source or 117 * target of a rename(). 118 */ 119 static inline void fscrypt_handle_d_move(struct dentry *dentry) 120 { 121 dentry->d_flags &= ~DCACHE_ENCRYPTED_NAME; 122 } 123 124 /* crypto.c */ 125 void fscrypt_enqueue_decrypt_work(struct work_struct *); 126 127 struct page *fscrypt_encrypt_pagecache_blocks(struct page *page, 128 unsigned int len, 129 unsigned int offs, 130 gfp_t gfp_flags); 131 int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page, 132 unsigned int len, unsigned int offs, 133 u64 lblk_num, gfp_t gfp_flags); 134 135 int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len, 136 unsigned int offs); 137 int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page, 138 unsigned int len, unsigned int offs, 139 u64 lblk_num); 140 141 static inline bool fscrypt_is_bounce_page(struct page *page) 142 { 143 return page->mapping == NULL; 144 } 145 146 static inline struct page *fscrypt_pagecache_page(struct page *bounce_page) 147 { 148 return (struct page *)page_private(bounce_page); 149 } 150 151 void fscrypt_free_bounce_page(struct page *bounce_page); 152 153 /* policy.c */ 154 int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg); 155 int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg); 156 int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *arg); 157 int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg); 158 int fscrypt_has_permitted_context(struct inode *parent, struct inode *child); 159 int fscrypt_inherit_context(struct inode *parent, struct inode *child, 160 void *fs_data, bool preload); 161 162 struct fscrypt_dummy_context { 163 const union fscrypt_context *ctx; 164 }; 165 166 int fscrypt_set_test_dummy_encryption(struct super_block *sb, 167 const substring_t *arg, 168 struct fscrypt_dummy_context *dummy_ctx); 169 void fscrypt_show_test_dummy_encryption(struct seq_file *seq, char sep, 170 struct super_block *sb); 171 static inline void 172 fscrypt_free_dummy_context(struct fscrypt_dummy_context *dummy_ctx) 173 { 174 kfree(dummy_ctx->ctx); 175 dummy_ctx->ctx = NULL; 176 } 177 178 /* keyring.c */ 179 void fscrypt_sb_free(struct super_block *sb); 180 int fscrypt_ioctl_add_key(struct file *filp, void __user *arg); 181 int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg); 182 int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *arg); 183 int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg); 184 185 /* keysetup.c */ 186 int fscrypt_get_encryption_info(struct inode *inode); 187 void fscrypt_put_encryption_info(struct inode *inode); 188 void fscrypt_free_inode(struct inode *inode); 189 int fscrypt_drop_inode(struct inode *inode); 190 191 /* fname.c */ 192 int fscrypt_setup_filename(struct inode *inode, const struct qstr *iname, 193 int lookup, struct fscrypt_name *fname); 194 195 static inline void fscrypt_free_filename(struct fscrypt_name *fname) 196 { 197 kfree(fname->crypto_buf.name); 198 } 199 200 int fscrypt_fname_alloc_buffer(const struct inode *inode, u32 max_encrypted_len, 201 struct fscrypt_str *crypto_str); 202 void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str); 203 int fscrypt_fname_disk_to_usr(const struct inode *inode, 204 u32 hash, u32 minor_hash, 205 const struct fscrypt_str *iname, 206 struct fscrypt_str *oname); 207 bool fscrypt_match_name(const struct fscrypt_name *fname, 208 const u8 *de_name, u32 de_name_len); 209 u64 fscrypt_fname_siphash(const struct inode *dir, const struct qstr *name); 210 211 /* bio.c */ 212 void fscrypt_decrypt_bio(struct bio *bio); 213 int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, 214 sector_t pblk, unsigned int len); 215 216 /* hooks.c */ 217 int fscrypt_file_open(struct inode *inode, struct file *filp); 218 int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, 219 struct dentry *dentry); 220 int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry, 221 struct inode *new_dir, struct dentry *new_dentry, 222 unsigned int flags); 223 int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry, 224 struct fscrypt_name *fname); 225 int fscrypt_prepare_setflags(struct inode *inode, 226 unsigned int oldflags, unsigned int flags); 227 int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len, 228 unsigned int max_len, 229 struct fscrypt_str *disk_link); 230 int __fscrypt_encrypt_symlink(struct inode *inode, const char *target, 231 unsigned int len, struct fscrypt_str *disk_link); 232 const char *fscrypt_get_symlink(struct inode *inode, const void *caddr, 233 unsigned int max_size, 234 struct delayed_call *done); 235 static inline void fscrypt_set_ops(struct super_block *sb, 236 const struct fscrypt_operations *s_cop) 237 { 238 sb->s_cop = s_cop; 239 } 240 #else /* !CONFIG_FS_ENCRYPTION */ 241 242 static inline struct fscrypt_info *fscrypt_get_info(const struct inode *inode) 243 { 244 return NULL; 245 } 246 247 static inline bool fscrypt_needs_contents_encryption(const struct inode *inode) 248 { 249 return false; 250 } 251 252 static inline const union fscrypt_context * 253 fscrypt_get_dummy_context(struct super_block *sb) 254 { 255 return NULL; 256 } 257 258 static inline void fscrypt_handle_d_move(struct dentry *dentry) 259 { 260 } 261 262 /* crypto.c */ 263 static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work) 264 { 265 } 266 267 static inline struct page *fscrypt_encrypt_pagecache_blocks(struct page *page, 268 unsigned int len, 269 unsigned int offs, 270 gfp_t gfp_flags) 271 { 272 return ERR_PTR(-EOPNOTSUPP); 273 } 274 275 static inline int fscrypt_encrypt_block_inplace(const struct inode *inode, 276 struct page *page, 277 unsigned int len, 278 unsigned int offs, u64 lblk_num, 279 gfp_t gfp_flags) 280 { 281 return -EOPNOTSUPP; 282 } 283 284 static inline int fscrypt_decrypt_pagecache_blocks(struct page *page, 285 unsigned int len, 286 unsigned int offs) 287 { 288 return -EOPNOTSUPP; 289 } 290 291 static inline int fscrypt_decrypt_block_inplace(const struct inode *inode, 292 struct page *page, 293 unsigned int len, 294 unsigned int offs, u64 lblk_num) 295 { 296 return -EOPNOTSUPP; 297 } 298 299 static inline bool fscrypt_is_bounce_page(struct page *page) 300 { 301 return false; 302 } 303 304 static inline struct page *fscrypt_pagecache_page(struct page *bounce_page) 305 { 306 WARN_ON_ONCE(1); 307 return ERR_PTR(-EINVAL); 308 } 309 310 static inline void fscrypt_free_bounce_page(struct page *bounce_page) 311 { 312 } 313 314 /* policy.c */ 315 static inline int fscrypt_ioctl_set_policy(struct file *filp, 316 const void __user *arg) 317 { 318 return -EOPNOTSUPP; 319 } 320 321 static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg) 322 { 323 return -EOPNOTSUPP; 324 } 325 326 static inline int fscrypt_ioctl_get_policy_ex(struct file *filp, 327 void __user *arg) 328 { 329 return -EOPNOTSUPP; 330 } 331 332 static inline int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg) 333 { 334 return -EOPNOTSUPP; 335 } 336 337 static inline int fscrypt_has_permitted_context(struct inode *parent, 338 struct inode *child) 339 { 340 return 0; 341 } 342 343 static inline int fscrypt_inherit_context(struct inode *parent, 344 struct inode *child, 345 void *fs_data, bool preload) 346 { 347 return -EOPNOTSUPP; 348 } 349 350 struct fscrypt_dummy_context { 351 }; 352 353 static inline void fscrypt_show_test_dummy_encryption(struct seq_file *seq, 354 char sep, 355 struct super_block *sb) 356 { 357 } 358 359 static inline void 360 fscrypt_free_dummy_context(struct fscrypt_dummy_context *dummy_ctx) 361 { 362 } 363 364 /* keyring.c */ 365 static inline void fscrypt_sb_free(struct super_block *sb) 366 { 367 } 368 369 static inline int fscrypt_ioctl_add_key(struct file *filp, void __user *arg) 370 { 371 return -EOPNOTSUPP; 372 } 373 374 static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg) 375 { 376 return -EOPNOTSUPP; 377 } 378 379 static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp, 380 void __user *arg) 381 { 382 return -EOPNOTSUPP; 383 } 384 385 static inline int fscrypt_ioctl_get_key_status(struct file *filp, 386 void __user *arg) 387 { 388 return -EOPNOTSUPP; 389 } 390 391 /* keysetup.c */ 392 static inline int fscrypt_get_encryption_info(struct inode *inode) 393 { 394 return -EOPNOTSUPP; 395 } 396 397 static inline void fscrypt_put_encryption_info(struct inode *inode) 398 { 399 return; 400 } 401 402 static inline void fscrypt_free_inode(struct inode *inode) 403 { 404 } 405 406 static inline int fscrypt_drop_inode(struct inode *inode) 407 { 408 return 0; 409 } 410 411 /* fname.c */ 412 static inline int fscrypt_setup_filename(struct inode *dir, 413 const struct qstr *iname, 414 int lookup, struct fscrypt_name *fname) 415 { 416 if (IS_ENCRYPTED(dir)) 417 return -EOPNOTSUPP; 418 419 memset(fname, 0, sizeof(*fname)); 420 fname->usr_fname = iname; 421 fname->disk_name.name = (unsigned char *)iname->name; 422 fname->disk_name.len = iname->len; 423 return 0; 424 } 425 426 static inline void fscrypt_free_filename(struct fscrypt_name *fname) 427 { 428 return; 429 } 430 431 static inline int fscrypt_fname_alloc_buffer(const struct inode *inode, 432 u32 max_encrypted_len, 433 struct fscrypt_str *crypto_str) 434 { 435 return -EOPNOTSUPP; 436 } 437 438 static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str) 439 { 440 return; 441 } 442 443 static inline int fscrypt_fname_disk_to_usr(const struct inode *inode, 444 u32 hash, u32 minor_hash, 445 const struct fscrypt_str *iname, 446 struct fscrypt_str *oname) 447 { 448 return -EOPNOTSUPP; 449 } 450 451 static inline bool fscrypt_match_name(const struct fscrypt_name *fname, 452 const u8 *de_name, u32 de_name_len) 453 { 454 /* Encryption support disabled; use standard comparison */ 455 if (de_name_len != fname->disk_name.len) 456 return false; 457 return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len); 458 } 459 460 static inline u64 fscrypt_fname_siphash(const struct inode *dir, 461 const struct qstr *name) 462 { 463 WARN_ON_ONCE(1); 464 return 0; 465 } 466 467 /* bio.c */ 468 static inline void fscrypt_decrypt_bio(struct bio *bio) 469 { 470 } 471 472 static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, 473 sector_t pblk, unsigned int len) 474 { 475 return -EOPNOTSUPP; 476 } 477 478 /* hooks.c */ 479 480 static inline int fscrypt_file_open(struct inode *inode, struct file *filp) 481 { 482 if (IS_ENCRYPTED(inode)) 483 return -EOPNOTSUPP; 484 return 0; 485 } 486 487 static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, 488 struct dentry *dentry) 489 { 490 return -EOPNOTSUPP; 491 } 492 493 static inline int __fscrypt_prepare_rename(struct inode *old_dir, 494 struct dentry *old_dentry, 495 struct inode *new_dir, 496 struct dentry *new_dentry, 497 unsigned int flags) 498 { 499 return -EOPNOTSUPP; 500 } 501 502 static inline int __fscrypt_prepare_lookup(struct inode *dir, 503 struct dentry *dentry, 504 struct fscrypt_name *fname) 505 { 506 return -EOPNOTSUPP; 507 } 508 509 static inline int fscrypt_prepare_setflags(struct inode *inode, 510 unsigned int oldflags, 511 unsigned int flags) 512 { 513 return 0; 514 } 515 516 static inline int __fscrypt_prepare_symlink(struct inode *dir, 517 unsigned int len, 518 unsigned int max_len, 519 struct fscrypt_str *disk_link) 520 { 521 return -EOPNOTSUPP; 522 } 523 524 525 static inline int __fscrypt_encrypt_symlink(struct inode *inode, 526 const char *target, 527 unsigned int len, 528 struct fscrypt_str *disk_link) 529 { 530 return -EOPNOTSUPP; 531 } 532 533 static inline const char *fscrypt_get_symlink(struct inode *inode, 534 const void *caddr, 535 unsigned int max_size, 536 struct delayed_call *done) 537 { 538 return ERR_PTR(-EOPNOTSUPP); 539 } 540 541 static inline void fscrypt_set_ops(struct super_block *sb, 542 const struct fscrypt_operations *s_cop) 543 { 544 } 545 546 #endif /* !CONFIG_FS_ENCRYPTION */ 547 548 /* inline_crypt.c */ 549 #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT 550 551 bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode); 552 553 void fscrypt_set_bio_crypt_ctx(struct bio *bio, 554 const struct inode *inode, u64 first_lblk, 555 gfp_t gfp_mask); 556 557 void fscrypt_set_bio_crypt_ctx_bh(struct bio *bio, 558 const struct buffer_head *first_bh, 559 gfp_t gfp_mask); 560 561 bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode, 562 u64 next_lblk); 563 564 bool fscrypt_mergeable_bio_bh(struct bio *bio, 565 const struct buffer_head *next_bh); 566 567 #else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ 568 569 static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode) 570 { 571 return false; 572 } 573 574 static inline void fscrypt_set_bio_crypt_ctx(struct bio *bio, 575 const struct inode *inode, 576 u64 first_lblk, gfp_t gfp_mask) { } 577 578 static inline void fscrypt_set_bio_crypt_ctx_bh( 579 struct bio *bio, 580 const struct buffer_head *first_bh, 581 gfp_t gfp_mask) { } 582 583 static inline bool fscrypt_mergeable_bio(struct bio *bio, 584 const struct inode *inode, 585 u64 next_lblk) 586 { 587 return true; 588 } 589 590 static inline bool fscrypt_mergeable_bio_bh(struct bio *bio, 591 const struct buffer_head *next_bh) 592 { 593 return true; 594 } 595 #endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ 596 597 /** 598 * fscrypt_inode_uses_inline_crypto() - test whether an inode uses inline 599 * encryption 600 * @inode: an inode. If encrypted, its key must be set up. 601 * 602 * Return: true if the inode requires file contents encryption and if the 603 * encryption should be done in the block layer via blk-crypto rather 604 * than in the filesystem layer. 605 */ 606 static inline bool fscrypt_inode_uses_inline_crypto(const struct inode *inode) 607 { 608 return fscrypt_needs_contents_encryption(inode) && 609 __fscrypt_inode_uses_inline_crypto(inode); 610 } 611 612 /** 613 * fscrypt_inode_uses_fs_layer_crypto() - test whether an inode uses fs-layer 614 * encryption 615 * @inode: an inode. If encrypted, its key must be set up. 616 * 617 * Return: true if the inode requires file contents encryption and if the 618 * encryption should be done in the filesystem layer rather than in the 619 * block layer via blk-crypto. 620 */ 621 static inline bool fscrypt_inode_uses_fs_layer_crypto(const struct inode *inode) 622 { 623 return fscrypt_needs_contents_encryption(inode) && 624 !__fscrypt_inode_uses_inline_crypto(inode); 625 } 626 627 /** 628 * fscrypt_has_encryption_key() - check whether an inode has had its key set up 629 * @inode: the inode to check 630 * 631 * Return: %true if the inode has had its encryption key set up, else %false. 632 * 633 * Usually this should be preceded by fscrypt_get_encryption_info() to try to 634 * set up the key first. 635 */ 636 static inline bool fscrypt_has_encryption_key(const struct inode *inode) 637 { 638 return fscrypt_get_info(inode) != NULL; 639 } 640 641 /** 642 * fscrypt_require_key() - require an inode's encryption key 643 * @inode: the inode we need the key for 644 * 645 * If the inode is encrypted, set up its encryption key if not already done. 646 * Then require that the key be present and return -ENOKEY otherwise. 647 * 648 * No locks are needed, and the key will live as long as the struct inode --- so 649 * it won't go away from under you. 650 * 651 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code 652 * if a problem occurred while setting up the encryption key. 653 */ 654 static inline int fscrypt_require_key(struct inode *inode) 655 { 656 if (IS_ENCRYPTED(inode)) { 657 int err = fscrypt_get_encryption_info(inode); 658 659 if (err) 660 return err; 661 if (!fscrypt_has_encryption_key(inode)) 662 return -ENOKEY; 663 } 664 return 0; 665 } 666 667 /** 668 * fscrypt_prepare_link() - prepare to link an inode into a possibly-encrypted 669 * directory 670 * @old_dentry: an existing dentry for the inode being linked 671 * @dir: the target directory 672 * @dentry: negative dentry for the target filename 673 * 674 * A new link can only be added to an encrypted directory if the directory's 675 * encryption key is available --- since otherwise we'd have no way to encrypt 676 * the filename. Therefore, we first set up the directory's encryption key (if 677 * not already done) and return an error if it's unavailable. 678 * 679 * We also verify that the link will not violate the constraint that all files 680 * in an encrypted directory tree use the same encryption policy. 681 * 682 * Return: 0 on success, -ENOKEY if the directory's encryption key is missing, 683 * -EXDEV if the link would result in an inconsistent encryption policy, or 684 * another -errno code. 685 */ 686 static inline int fscrypt_prepare_link(struct dentry *old_dentry, 687 struct inode *dir, 688 struct dentry *dentry) 689 { 690 if (IS_ENCRYPTED(dir)) 691 return __fscrypt_prepare_link(d_inode(old_dentry), dir, dentry); 692 return 0; 693 } 694 695 /** 696 * fscrypt_prepare_rename() - prepare for a rename between possibly-encrypted 697 * directories 698 * @old_dir: source directory 699 * @old_dentry: dentry for source file 700 * @new_dir: target directory 701 * @new_dentry: dentry for target location (may be negative unless exchanging) 702 * @flags: rename flags (we care at least about %RENAME_EXCHANGE) 703 * 704 * Prepare for ->rename() where the source and/or target directories may be 705 * encrypted. A new link can only be added to an encrypted directory if the 706 * directory's encryption key is available --- since otherwise we'd have no way 707 * to encrypt the filename. A rename to an existing name, on the other hand, 708 * *is* cryptographically possible without the key. However, we take the more 709 * conservative approach and just forbid all no-key renames. 710 * 711 * We also verify that the rename will not violate the constraint that all files 712 * in an encrypted directory tree use the same encryption policy. 713 * 714 * Return: 0 on success, -ENOKEY if an encryption key is missing, -EXDEV if the 715 * rename would cause inconsistent encryption policies, or another -errno code. 716 */ 717 static inline int fscrypt_prepare_rename(struct inode *old_dir, 718 struct dentry *old_dentry, 719 struct inode *new_dir, 720 struct dentry *new_dentry, 721 unsigned int flags) 722 { 723 if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir)) 724 return __fscrypt_prepare_rename(old_dir, old_dentry, 725 new_dir, new_dentry, flags); 726 return 0; 727 } 728 729 /** 730 * fscrypt_prepare_lookup() - prepare to lookup a name in a possibly-encrypted 731 * directory 732 * @dir: directory being searched 733 * @dentry: filename being looked up 734 * @fname: (output) the name to use to search the on-disk directory 735 * 736 * Prepare for ->lookup() in a directory which may be encrypted by determining 737 * the name that will actually be used to search the directory on-disk. Lookups 738 * can be done with or without the directory's encryption key; without the key, 739 * filenames are presented in encrypted form. Therefore, we'll try to set up 740 * the directory's encryption key, but even without it the lookup can continue. 741 * 742 * This also installs a custom ->d_revalidate() method which will invalidate the 743 * dentry if it was created without the key and the key is later added. 744 * 745 * Return: 0 on success; -ENOENT if key is unavailable but the filename isn't a 746 * correctly formed encoded ciphertext name, so a negative dentry should be 747 * created; or another -errno code. 748 */ 749 static inline int fscrypt_prepare_lookup(struct inode *dir, 750 struct dentry *dentry, 751 struct fscrypt_name *fname) 752 { 753 if (IS_ENCRYPTED(dir)) 754 return __fscrypt_prepare_lookup(dir, dentry, fname); 755 756 memset(fname, 0, sizeof(*fname)); 757 fname->usr_fname = &dentry->d_name; 758 fname->disk_name.name = (unsigned char *)dentry->d_name.name; 759 fname->disk_name.len = dentry->d_name.len; 760 return 0; 761 } 762 763 /** 764 * fscrypt_prepare_setattr() - prepare to change a possibly-encrypted inode's 765 * attributes 766 * @dentry: dentry through which the inode is being changed 767 * @attr: attributes to change 768 * 769 * Prepare for ->setattr() on a possibly-encrypted inode. On an encrypted file, 770 * most attribute changes are allowed even without the encryption key. However, 771 * without the encryption key we do have to forbid truncates. This is needed 772 * because the size being truncated to may not be a multiple of the filesystem 773 * block size, and in that case we'd have to decrypt the final block, zero the 774 * portion past i_size, and re-encrypt it. (We *could* allow truncating to a 775 * filesystem block boundary, but it's simpler to just forbid all truncates --- 776 * and we already forbid all other contents modifications without the key.) 777 * 778 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code 779 * if a problem occurred while setting up the encryption key. 780 */ 781 static inline int fscrypt_prepare_setattr(struct dentry *dentry, 782 struct iattr *attr) 783 { 784 if (attr->ia_valid & ATTR_SIZE) 785 return fscrypt_require_key(d_inode(dentry)); 786 return 0; 787 } 788 789 /** 790 * fscrypt_prepare_symlink() - prepare to create a possibly-encrypted symlink 791 * @dir: directory in which the symlink is being created 792 * @target: plaintext symlink target 793 * @len: length of @target excluding null terminator 794 * @max_len: space the filesystem has available to store the symlink target 795 * @disk_link: (out) the on-disk symlink target being prepared 796 * 797 * This function computes the size the symlink target will require on-disk, 798 * stores it in @disk_link->len, and validates it against @max_len. An 799 * encrypted symlink may be longer than the original. 800 * 801 * Additionally, @disk_link->name is set to @target if the symlink will be 802 * unencrypted, but left NULL if the symlink will be encrypted. For encrypted 803 * symlinks, the filesystem must call fscrypt_encrypt_symlink() to create the 804 * on-disk target later. (The reason for the two-step process is that some 805 * filesystems need to know the size of the symlink target before creating the 806 * inode, e.g. to determine whether it will be a "fast" or "slow" symlink.) 807 * 808 * Return: 0 on success, -ENAMETOOLONG if the symlink target is too long, 809 * -ENOKEY if the encryption key is missing, or another -errno code if a problem 810 * occurred while setting up the encryption key. 811 */ 812 static inline int fscrypt_prepare_symlink(struct inode *dir, 813 const char *target, 814 unsigned int len, 815 unsigned int max_len, 816 struct fscrypt_str *disk_link) 817 { 818 if (IS_ENCRYPTED(dir) || fscrypt_get_dummy_context(dir->i_sb) != NULL) 819 return __fscrypt_prepare_symlink(dir, len, max_len, disk_link); 820 821 disk_link->name = (unsigned char *)target; 822 disk_link->len = len + 1; 823 if (disk_link->len > max_len) 824 return -ENAMETOOLONG; 825 return 0; 826 } 827 828 /** 829 * fscrypt_encrypt_symlink() - encrypt the symlink target if needed 830 * @inode: symlink inode 831 * @target: plaintext symlink target 832 * @len: length of @target excluding null terminator 833 * @disk_link: (in/out) the on-disk symlink target being prepared 834 * 835 * If the symlink target needs to be encrypted, then this function encrypts it 836 * into @disk_link->name. fscrypt_prepare_symlink() must have been called 837 * previously to compute @disk_link->len. If the filesystem did not allocate a 838 * buffer for @disk_link->name after calling fscrypt_prepare_link(), then one 839 * will be kmalloc()'ed and the filesystem will be responsible for freeing it. 840 * 841 * Return: 0 on success, -errno on failure 842 */ 843 static inline int fscrypt_encrypt_symlink(struct inode *inode, 844 const char *target, 845 unsigned int len, 846 struct fscrypt_str *disk_link) 847 { 848 if (IS_ENCRYPTED(inode)) 849 return __fscrypt_encrypt_symlink(inode, target, len, disk_link); 850 return 0; 851 } 852 853 /* If *pagep is a bounce page, free it and set *pagep to the pagecache page */ 854 static inline void fscrypt_finalize_bounce_page(struct page **pagep) 855 { 856 struct page *page = *pagep; 857 858 if (fscrypt_is_bounce_page(page)) { 859 *pagep = fscrypt_pagecache_page(page); 860 fscrypt_free_bounce_page(page); 861 } 862 } 863 864 #endif /* _LINUX_FSCRYPT_H */ 865