xref: /openbmc/linux/include/linux/fscrypt.h (revision 2d68bb26)
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * fscrypt.h: declarations for per-file encryption
4  *
5  * Filesystems that implement per-file encryption must include this header
6  * file.
7  *
8  * Copyright (C) 2015, Google, Inc.
9  *
10  * Written by Michael Halcrow, 2015.
11  * Modified by Jaegeuk Kim, 2015.
12  */
13 #ifndef _LINUX_FSCRYPT_H
14 #define _LINUX_FSCRYPT_H
15 
16 #include <linux/fs.h>
17 #include <linux/mm.h>
18 #include <linux/slab.h>
19 #include <uapi/linux/fscrypt.h>
20 
21 #define FS_CRYPTO_BLOCK_SIZE		16
22 
23 struct fscrypt_info;
24 
25 struct fscrypt_str {
26 	unsigned char *name;
27 	u32 len;
28 };
29 
30 struct fscrypt_name {
31 	const struct qstr *usr_fname;
32 	struct fscrypt_str disk_name;
33 	u32 hash;
34 	u32 minor_hash;
35 	struct fscrypt_str crypto_buf;
36 	bool is_ciphertext_name;
37 };
38 
39 #define FSTR_INIT(n, l)		{ .name = n, .len = l }
40 #define FSTR_TO_QSTR(f)		QSTR_INIT((f)->name, (f)->len)
41 #define fname_name(p)		((p)->disk_name.name)
42 #define fname_len(p)		((p)->disk_name.len)
43 
44 /* Maximum value for the third parameter of fscrypt_operations.set_context(). */
45 #define FSCRYPT_SET_CONTEXT_MAX_SIZE	40
46 
47 #ifdef CONFIG_FS_ENCRYPTION
48 /*
49  * fscrypt superblock flags
50  */
51 #define FS_CFLG_OWN_PAGES (1U << 1)
52 
53 /*
54  * crypto operations for filesystems
55  */
56 struct fscrypt_operations {
57 	unsigned int flags;
58 	const char *key_prefix;
59 	int (*get_context)(struct inode *, void *, size_t);
60 	int (*set_context)(struct inode *, const void *, size_t, void *);
61 	bool (*dummy_context)(struct inode *);
62 	bool (*empty_dir)(struct inode *);
63 	unsigned int max_namelen;
64 	bool (*has_stable_inodes)(struct super_block *sb);
65 	void (*get_ino_and_lblk_bits)(struct super_block *sb,
66 				      int *ino_bits_ret, int *lblk_bits_ret);
67 };
68 
69 static inline bool fscrypt_has_encryption_key(const struct inode *inode)
70 {
71 	/* pairs with cmpxchg_release() in fscrypt_get_encryption_info() */
72 	return READ_ONCE(inode->i_crypt_info) != NULL;
73 }
74 
75 static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
76 {
77 	return inode->i_sb->s_cop->dummy_context &&
78 		inode->i_sb->s_cop->dummy_context(inode);
79 }
80 
81 /*
82  * When d_splice_alias() moves a directory's encrypted alias to its decrypted
83  * alias as a result of the encryption key being added, DCACHE_ENCRYPTED_NAME
84  * must be cleared.  Note that we don't have to support arbitrary moves of this
85  * flag because fscrypt doesn't allow encrypted aliases to be the source or
86  * target of a rename().
87  */
88 static inline void fscrypt_handle_d_move(struct dentry *dentry)
89 {
90 	dentry->d_flags &= ~DCACHE_ENCRYPTED_NAME;
91 }
92 
93 /* crypto.c */
94 extern void fscrypt_enqueue_decrypt_work(struct work_struct *);
95 
96 extern struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
97 						     unsigned int len,
98 						     unsigned int offs,
99 						     gfp_t gfp_flags);
100 extern int fscrypt_encrypt_block_inplace(const struct inode *inode,
101 					 struct page *page, unsigned int len,
102 					 unsigned int offs, u64 lblk_num,
103 					 gfp_t gfp_flags);
104 
105 extern int fscrypt_decrypt_pagecache_blocks(struct page *page, unsigned int len,
106 					    unsigned int offs);
107 extern int fscrypt_decrypt_block_inplace(const struct inode *inode,
108 					 struct page *page, unsigned int len,
109 					 unsigned int offs, u64 lblk_num);
110 
111 static inline bool fscrypt_is_bounce_page(struct page *page)
112 {
113 	return page->mapping == NULL;
114 }
115 
116 static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
117 {
118 	return (struct page *)page_private(bounce_page);
119 }
120 
121 extern void fscrypt_free_bounce_page(struct page *bounce_page);
122 
123 /* policy.c */
124 extern int fscrypt_ioctl_set_policy(struct file *, const void __user *);
125 extern int fscrypt_ioctl_get_policy(struct file *, void __user *);
126 extern int fscrypt_ioctl_get_policy_ex(struct file *, void __user *);
127 extern int fscrypt_has_permitted_context(struct inode *, struct inode *);
128 extern int fscrypt_inherit_context(struct inode *, struct inode *,
129 					void *, bool);
130 /* keyring.c */
131 extern void fscrypt_sb_free(struct super_block *sb);
132 extern int fscrypt_ioctl_add_key(struct file *filp, void __user *arg);
133 extern int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg);
134 extern int fscrypt_ioctl_remove_key_all_users(struct file *filp,
135 					      void __user *arg);
136 extern int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg);
137 
138 /* keysetup.c */
139 extern int fscrypt_get_encryption_info(struct inode *);
140 extern void fscrypt_put_encryption_info(struct inode *);
141 extern void fscrypt_free_inode(struct inode *);
142 extern int fscrypt_drop_inode(struct inode *inode);
143 
144 /* fname.c */
145 extern int fscrypt_setup_filename(struct inode *, const struct qstr *,
146 				int lookup, struct fscrypt_name *);
147 
148 static inline void fscrypt_free_filename(struct fscrypt_name *fname)
149 {
150 	kfree(fname->crypto_buf.name);
151 }
152 
153 extern int fscrypt_fname_alloc_buffer(const struct inode *, u32,
154 				struct fscrypt_str *);
155 extern void fscrypt_fname_free_buffer(struct fscrypt_str *);
156 extern int fscrypt_fname_disk_to_usr(struct inode *, u32, u32,
157 			const struct fscrypt_str *, struct fscrypt_str *);
158 
159 #define FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE	32
160 
161 /* Extracts the second-to-last ciphertext block; see explanation below */
162 #define FSCRYPT_FNAME_DIGEST(name, len)	\
163 	((name) + round_down((len) - FS_CRYPTO_BLOCK_SIZE - 1, \
164 			     FS_CRYPTO_BLOCK_SIZE))
165 
166 #define FSCRYPT_FNAME_DIGEST_SIZE	FS_CRYPTO_BLOCK_SIZE
167 
168 /**
169  * fscrypt_digested_name - alternate identifier for an on-disk filename
170  *
171  * When userspace lists an encrypted directory without access to the key,
172  * filenames whose ciphertext is longer than FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE
173  * bytes are shown in this abbreviated form (base64-encoded) rather than as the
174  * full ciphertext (base64-encoded).  This is necessary to allow supporting
175  * filenames up to NAME_MAX bytes, since base64 encoding expands the length.
176  *
177  * To make it possible for filesystems to still find the correct directory entry
178  * despite not knowing the full on-disk name, we encode any filesystem-specific
179  * 'hash' and/or 'minor_hash' which the filesystem may need for its lookups,
180  * followed by the second-to-last ciphertext block of the filename.  Due to the
181  * use of the CBC-CTS encryption mode, the second-to-last ciphertext block
182  * depends on the full plaintext.  (Note that ciphertext stealing causes the
183  * last two blocks to appear "flipped".)  This makes accidental collisions very
184  * unlikely: just a 1 in 2^128 chance for two filenames to collide even if they
185  * share the same filesystem-specific hashes.
186  *
187  * However, this scheme isn't immune to intentional collisions, which can be
188  * created by anyone able to create arbitrary plaintext filenames and view them
189  * without the key.  Making the "digest" be a real cryptographic hash like
190  * SHA-256 over the full ciphertext would prevent this, although it would be
191  * less efficient and harder to implement, especially since the filesystem would
192  * need to calculate it for each directory entry examined during a search.
193  */
194 struct fscrypt_digested_name {
195 	u32 hash;
196 	u32 minor_hash;
197 	u8 digest[FSCRYPT_FNAME_DIGEST_SIZE];
198 };
199 
200 /**
201  * fscrypt_match_name() - test whether the given name matches a directory entry
202  * @fname: the name being searched for
203  * @de_name: the name from the directory entry
204  * @de_name_len: the length of @de_name in bytes
205  *
206  * Normally @fname->disk_name will be set, and in that case we simply compare
207  * that to the name stored in the directory entry.  The only exception is that
208  * if we don't have the key for an encrypted directory and a filename in it is
209  * very long, then we won't have the full disk_name and we'll instead need to
210  * match against the fscrypt_digested_name.
211  *
212  * Return: %true if the name matches, otherwise %false.
213  */
214 static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
215 				      const u8 *de_name, u32 de_name_len)
216 {
217 	if (unlikely(!fname->disk_name.name)) {
218 		const struct fscrypt_digested_name *n =
219 			(const void *)fname->crypto_buf.name;
220 		if (WARN_ON_ONCE(fname->usr_fname->name[0] != '_'))
221 			return false;
222 		if (de_name_len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE)
223 			return false;
224 		return !memcmp(FSCRYPT_FNAME_DIGEST(de_name, de_name_len),
225 			       n->digest, FSCRYPT_FNAME_DIGEST_SIZE);
226 	}
227 
228 	if (de_name_len != fname->disk_name.len)
229 		return false;
230 	return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
231 }
232 
233 /* bio.c */
234 extern void fscrypt_decrypt_bio(struct bio *);
235 extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t,
236 				 unsigned int);
237 
238 /* hooks.c */
239 extern int fscrypt_file_open(struct inode *inode, struct file *filp);
240 extern int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
241 				  struct dentry *dentry);
242 extern int __fscrypt_prepare_rename(struct inode *old_dir,
243 				    struct dentry *old_dentry,
244 				    struct inode *new_dir,
245 				    struct dentry *new_dentry,
246 				    unsigned int flags);
247 extern int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry,
248 				    struct fscrypt_name *fname);
249 extern int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len,
250 				     unsigned int max_len,
251 				     struct fscrypt_str *disk_link);
252 extern int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
253 				     unsigned int len,
254 				     struct fscrypt_str *disk_link);
255 extern const char *fscrypt_get_symlink(struct inode *inode, const void *caddr,
256 				       unsigned int max_size,
257 				       struct delayed_call *done);
258 static inline void fscrypt_set_ops(struct super_block *sb,
259 				   const struct fscrypt_operations *s_cop)
260 {
261 	sb->s_cop = s_cop;
262 }
263 #else  /* !CONFIG_FS_ENCRYPTION */
264 
265 static inline bool fscrypt_has_encryption_key(const struct inode *inode)
266 {
267 	return false;
268 }
269 
270 static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
271 {
272 	return false;
273 }
274 
275 static inline void fscrypt_handle_d_move(struct dentry *dentry)
276 {
277 }
278 
279 /* crypto.c */
280 static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work)
281 {
282 }
283 
284 static inline struct page *fscrypt_encrypt_pagecache_blocks(struct page *page,
285 							    unsigned int len,
286 							    unsigned int offs,
287 							    gfp_t gfp_flags)
288 {
289 	return ERR_PTR(-EOPNOTSUPP);
290 }
291 
292 static inline int fscrypt_encrypt_block_inplace(const struct inode *inode,
293 						struct page *page,
294 						unsigned int len,
295 						unsigned int offs, u64 lblk_num,
296 						gfp_t gfp_flags)
297 {
298 	return -EOPNOTSUPP;
299 }
300 
301 static inline int fscrypt_decrypt_pagecache_blocks(struct page *page,
302 						   unsigned int len,
303 						   unsigned int offs)
304 {
305 	return -EOPNOTSUPP;
306 }
307 
308 static inline int fscrypt_decrypt_block_inplace(const struct inode *inode,
309 						struct page *page,
310 						unsigned int len,
311 						unsigned int offs, u64 lblk_num)
312 {
313 	return -EOPNOTSUPP;
314 }
315 
316 static inline bool fscrypt_is_bounce_page(struct page *page)
317 {
318 	return false;
319 }
320 
321 static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
322 {
323 	WARN_ON_ONCE(1);
324 	return ERR_PTR(-EINVAL);
325 }
326 
327 static inline void fscrypt_free_bounce_page(struct page *bounce_page)
328 {
329 }
330 
331 /* policy.c */
332 static inline int fscrypt_ioctl_set_policy(struct file *filp,
333 					   const void __user *arg)
334 {
335 	return -EOPNOTSUPP;
336 }
337 
338 static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg)
339 {
340 	return -EOPNOTSUPP;
341 }
342 
343 static inline int fscrypt_ioctl_get_policy_ex(struct file *filp,
344 					      void __user *arg)
345 {
346 	return -EOPNOTSUPP;
347 }
348 
349 static inline int fscrypt_has_permitted_context(struct inode *parent,
350 						struct inode *child)
351 {
352 	return 0;
353 }
354 
355 static inline int fscrypt_inherit_context(struct inode *parent,
356 					  struct inode *child,
357 					  void *fs_data, bool preload)
358 {
359 	return -EOPNOTSUPP;
360 }
361 
362 /* keyring.c */
363 static inline void fscrypt_sb_free(struct super_block *sb)
364 {
365 }
366 
367 static inline int fscrypt_ioctl_add_key(struct file *filp, void __user *arg)
368 {
369 	return -EOPNOTSUPP;
370 }
371 
372 static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg)
373 {
374 	return -EOPNOTSUPP;
375 }
376 
377 static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp,
378 						     void __user *arg)
379 {
380 	return -EOPNOTSUPP;
381 }
382 
383 static inline int fscrypt_ioctl_get_key_status(struct file *filp,
384 					       void __user *arg)
385 {
386 	return -EOPNOTSUPP;
387 }
388 
389 /* keysetup.c */
390 static inline int fscrypt_get_encryption_info(struct inode *inode)
391 {
392 	return -EOPNOTSUPP;
393 }
394 
395 static inline void fscrypt_put_encryption_info(struct inode *inode)
396 {
397 	return;
398 }
399 
400 static inline void fscrypt_free_inode(struct inode *inode)
401 {
402 }
403 
404 static inline int fscrypt_drop_inode(struct inode *inode)
405 {
406 	return 0;
407 }
408 
409  /* fname.c */
410 static inline int fscrypt_setup_filename(struct inode *dir,
411 					 const struct qstr *iname,
412 					 int lookup, struct fscrypt_name *fname)
413 {
414 	if (IS_ENCRYPTED(dir))
415 		return -EOPNOTSUPP;
416 
417 	memset(fname, 0, sizeof(*fname));
418 	fname->usr_fname = iname;
419 	fname->disk_name.name = (unsigned char *)iname->name;
420 	fname->disk_name.len = iname->len;
421 	return 0;
422 }
423 
424 static inline void fscrypt_free_filename(struct fscrypt_name *fname)
425 {
426 	return;
427 }
428 
429 static inline int fscrypt_fname_alloc_buffer(const struct inode *inode,
430 					     u32 max_encrypted_len,
431 					     struct fscrypt_str *crypto_str)
432 {
433 	return -EOPNOTSUPP;
434 }
435 
436 static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
437 {
438 	return;
439 }
440 
441 static inline int fscrypt_fname_disk_to_usr(struct inode *inode,
442 					    u32 hash, u32 minor_hash,
443 					    const struct fscrypt_str *iname,
444 					    struct fscrypt_str *oname)
445 {
446 	return -EOPNOTSUPP;
447 }
448 
449 static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
450 				      const u8 *de_name, u32 de_name_len)
451 {
452 	/* Encryption support disabled; use standard comparison */
453 	if (de_name_len != fname->disk_name.len)
454 		return false;
455 	return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
456 }
457 
458 /* bio.c */
459 static inline void fscrypt_decrypt_bio(struct bio *bio)
460 {
461 }
462 
463 static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
464 					sector_t pblk, unsigned int len)
465 {
466 	return -EOPNOTSUPP;
467 }
468 
469 /* hooks.c */
470 
471 static inline int fscrypt_file_open(struct inode *inode, struct file *filp)
472 {
473 	if (IS_ENCRYPTED(inode))
474 		return -EOPNOTSUPP;
475 	return 0;
476 }
477 
478 static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
479 					 struct dentry *dentry)
480 {
481 	return -EOPNOTSUPP;
482 }
483 
484 static inline int __fscrypt_prepare_rename(struct inode *old_dir,
485 					   struct dentry *old_dentry,
486 					   struct inode *new_dir,
487 					   struct dentry *new_dentry,
488 					   unsigned int flags)
489 {
490 	return -EOPNOTSUPP;
491 }
492 
493 static inline int __fscrypt_prepare_lookup(struct inode *dir,
494 					   struct dentry *dentry,
495 					   struct fscrypt_name *fname)
496 {
497 	return -EOPNOTSUPP;
498 }
499 
500 static inline int __fscrypt_prepare_symlink(struct inode *dir,
501 					    unsigned int len,
502 					    unsigned int max_len,
503 					    struct fscrypt_str *disk_link)
504 {
505 	return -EOPNOTSUPP;
506 }
507 
508 
509 static inline int __fscrypt_encrypt_symlink(struct inode *inode,
510 					    const char *target,
511 					    unsigned int len,
512 					    struct fscrypt_str *disk_link)
513 {
514 	return -EOPNOTSUPP;
515 }
516 
517 static inline const char *fscrypt_get_symlink(struct inode *inode,
518 					      const void *caddr,
519 					      unsigned int max_size,
520 					      struct delayed_call *done)
521 {
522 	return ERR_PTR(-EOPNOTSUPP);
523 }
524 
525 static inline void fscrypt_set_ops(struct super_block *sb,
526 				   const struct fscrypt_operations *s_cop)
527 {
528 }
529 
530 #endif	/* !CONFIG_FS_ENCRYPTION */
531 
532 /**
533  * fscrypt_require_key - require an inode's encryption key
534  * @inode: the inode we need the key for
535  *
536  * If the inode is encrypted, set up its encryption key if not already done.
537  * Then require that the key be present and return -ENOKEY otherwise.
538  *
539  * No locks are needed, and the key will live as long as the struct inode --- so
540  * it won't go away from under you.
541  *
542  * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
543  * if a problem occurred while setting up the encryption key.
544  */
545 static inline int fscrypt_require_key(struct inode *inode)
546 {
547 	if (IS_ENCRYPTED(inode)) {
548 		int err = fscrypt_get_encryption_info(inode);
549 
550 		if (err)
551 			return err;
552 		if (!fscrypt_has_encryption_key(inode))
553 			return -ENOKEY;
554 	}
555 	return 0;
556 }
557 
558 /**
559  * fscrypt_prepare_link - prepare to link an inode into a possibly-encrypted directory
560  * @old_dentry: an existing dentry for the inode being linked
561  * @dir: the target directory
562  * @dentry: negative dentry for the target filename
563  *
564  * A new link can only be added to an encrypted directory if the directory's
565  * encryption key is available --- since otherwise we'd have no way to encrypt
566  * the filename.  Therefore, we first set up the directory's encryption key (if
567  * not already done) and return an error if it's unavailable.
568  *
569  * We also verify that the link will not violate the constraint that all files
570  * in an encrypted directory tree use the same encryption policy.
571  *
572  * Return: 0 on success, -ENOKEY if the directory's encryption key is missing,
573  * -EXDEV if the link would result in an inconsistent encryption policy, or
574  * another -errno code.
575  */
576 static inline int fscrypt_prepare_link(struct dentry *old_dentry,
577 				       struct inode *dir,
578 				       struct dentry *dentry)
579 {
580 	if (IS_ENCRYPTED(dir))
581 		return __fscrypt_prepare_link(d_inode(old_dentry), dir, dentry);
582 	return 0;
583 }
584 
585 /**
586  * fscrypt_prepare_rename - prepare for a rename between possibly-encrypted directories
587  * @old_dir: source directory
588  * @old_dentry: dentry for source file
589  * @new_dir: target directory
590  * @new_dentry: dentry for target location (may be negative unless exchanging)
591  * @flags: rename flags (we care at least about %RENAME_EXCHANGE)
592  *
593  * Prepare for ->rename() where the source and/or target directories may be
594  * encrypted.  A new link can only be added to an encrypted directory if the
595  * directory's encryption key is available --- since otherwise we'd have no way
596  * to encrypt the filename.  A rename to an existing name, on the other hand,
597  * *is* cryptographically possible without the key.  However, we take the more
598  * conservative approach and just forbid all no-key renames.
599  *
600  * We also verify that the rename will not violate the constraint that all files
601  * in an encrypted directory tree use the same encryption policy.
602  *
603  * Return: 0 on success, -ENOKEY if an encryption key is missing, -EXDEV if the
604  * rename would cause inconsistent encryption policies, or another -errno code.
605  */
606 static inline int fscrypt_prepare_rename(struct inode *old_dir,
607 					 struct dentry *old_dentry,
608 					 struct inode *new_dir,
609 					 struct dentry *new_dentry,
610 					 unsigned int flags)
611 {
612 	if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir))
613 		return __fscrypt_prepare_rename(old_dir, old_dentry,
614 						new_dir, new_dentry, flags);
615 	return 0;
616 }
617 
618 /**
619  * fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory
620  * @dir: directory being searched
621  * @dentry: filename being looked up
622  * @fname: (output) the name to use to search the on-disk directory
623  *
624  * Prepare for ->lookup() in a directory which may be encrypted by determining
625  * the name that will actually be used to search the directory on-disk.  Lookups
626  * can be done with or without the directory's encryption key; without the key,
627  * filenames are presented in encrypted form.  Therefore, we'll try to set up
628  * the directory's encryption key, but even without it the lookup can continue.
629  *
630  * This also installs a custom ->d_revalidate() method which will invalidate the
631  * dentry if it was created without the key and the key is later added.
632  *
633  * Return: 0 on success; -ENOENT if key is unavailable but the filename isn't a
634  * correctly formed encoded ciphertext name, so a negative dentry should be
635  * created; or another -errno code.
636  */
637 static inline int fscrypt_prepare_lookup(struct inode *dir,
638 					 struct dentry *dentry,
639 					 struct fscrypt_name *fname)
640 {
641 	if (IS_ENCRYPTED(dir))
642 		return __fscrypt_prepare_lookup(dir, dentry, fname);
643 
644 	memset(fname, 0, sizeof(*fname));
645 	fname->usr_fname = &dentry->d_name;
646 	fname->disk_name.name = (unsigned char *)dentry->d_name.name;
647 	fname->disk_name.len = dentry->d_name.len;
648 	return 0;
649 }
650 
651 /**
652  * fscrypt_prepare_setattr - prepare to change a possibly-encrypted inode's attributes
653  * @dentry: dentry through which the inode is being changed
654  * @attr: attributes to change
655  *
656  * Prepare for ->setattr() on a possibly-encrypted inode.  On an encrypted file,
657  * most attribute changes are allowed even without the encryption key.  However,
658  * without the encryption key we do have to forbid truncates.  This is needed
659  * because the size being truncated to may not be a multiple of the filesystem
660  * block size, and in that case we'd have to decrypt the final block, zero the
661  * portion past i_size, and re-encrypt it.  (We *could* allow truncating to a
662  * filesystem block boundary, but it's simpler to just forbid all truncates ---
663  * and we already forbid all other contents modifications without the key.)
664  *
665  * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
666  * if a problem occurred while setting up the encryption key.
667  */
668 static inline int fscrypt_prepare_setattr(struct dentry *dentry,
669 					  struct iattr *attr)
670 {
671 	if (attr->ia_valid & ATTR_SIZE)
672 		return fscrypt_require_key(d_inode(dentry));
673 	return 0;
674 }
675 
676 /**
677  * fscrypt_prepare_symlink - prepare to create a possibly-encrypted symlink
678  * @dir: directory in which the symlink is being created
679  * @target: plaintext symlink target
680  * @len: length of @target excluding null terminator
681  * @max_len: space the filesystem has available to store the symlink target
682  * @disk_link: (out) the on-disk symlink target being prepared
683  *
684  * This function computes the size the symlink target will require on-disk,
685  * stores it in @disk_link->len, and validates it against @max_len.  An
686  * encrypted symlink may be longer than the original.
687  *
688  * Additionally, @disk_link->name is set to @target if the symlink will be
689  * unencrypted, but left NULL if the symlink will be encrypted.  For encrypted
690  * symlinks, the filesystem must call fscrypt_encrypt_symlink() to create the
691  * on-disk target later.  (The reason for the two-step process is that some
692  * filesystems need to know the size of the symlink target before creating the
693  * inode, e.g. to determine whether it will be a "fast" or "slow" symlink.)
694  *
695  * Return: 0 on success, -ENAMETOOLONG if the symlink target is too long,
696  * -ENOKEY if the encryption key is missing, or another -errno code if a problem
697  * occurred while setting up the encryption key.
698  */
699 static inline int fscrypt_prepare_symlink(struct inode *dir,
700 					  const char *target,
701 					  unsigned int len,
702 					  unsigned int max_len,
703 					  struct fscrypt_str *disk_link)
704 {
705 	if (IS_ENCRYPTED(dir) || fscrypt_dummy_context_enabled(dir))
706 		return __fscrypt_prepare_symlink(dir, len, max_len, disk_link);
707 
708 	disk_link->name = (unsigned char *)target;
709 	disk_link->len = len + 1;
710 	if (disk_link->len > max_len)
711 		return -ENAMETOOLONG;
712 	return 0;
713 }
714 
715 /**
716  * fscrypt_encrypt_symlink - encrypt the symlink target if needed
717  * @inode: symlink inode
718  * @target: plaintext symlink target
719  * @len: length of @target excluding null terminator
720  * @disk_link: (in/out) the on-disk symlink target being prepared
721  *
722  * If the symlink target needs to be encrypted, then this function encrypts it
723  * into @disk_link->name.  fscrypt_prepare_symlink() must have been called
724  * previously to compute @disk_link->len.  If the filesystem did not allocate a
725  * buffer for @disk_link->name after calling fscrypt_prepare_link(), then one
726  * will be kmalloc()'ed and the filesystem will be responsible for freeing it.
727  *
728  * Return: 0 on success, -errno on failure
729  */
730 static inline int fscrypt_encrypt_symlink(struct inode *inode,
731 					  const char *target,
732 					  unsigned int len,
733 					  struct fscrypt_str *disk_link)
734 {
735 	if (IS_ENCRYPTED(inode))
736 		return __fscrypt_encrypt_symlink(inode, target, len, disk_link);
737 	return 0;
738 }
739 
740 /* If *pagep is a bounce page, free it and set *pagep to the pagecache page */
741 static inline void fscrypt_finalize_bounce_page(struct page **pagep)
742 {
743 	struct page *page = *pagep;
744 
745 	if (fscrypt_is_bounce_page(page)) {
746 		*pagep = fscrypt_pagecache_page(page);
747 		fscrypt_free_bounce_page(page);
748 	}
749 }
750 
751 #endif	/* _LINUX_FSCRYPT_H */
752