xref: /openbmc/linux/include/linux/fscrypt.h (revision 8f762fe5)
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * fscrypt.h: declarations for per-file encryption
4  *
5  * Filesystems that implement per-file encryption must include this header
6  * file.
7  *
8  * Copyright (C) 2015, Google, Inc.
9  *
10  * Written by Michael Halcrow, 2015.
11  * Modified by Jaegeuk Kim, 2015.
12  */
13 #ifndef _LINUX_FSCRYPT_H
14 #define _LINUX_FSCRYPT_H
15 
16 #include <linux/fs.h>
17 #include <linux/mm.h>
18 #include <linux/slab.h>
19 
20 #define FS_CRYPTO_BLOCK_SIZE		16
21 
22 struct fscrypt_ctx;
23 struct fscrypt_info;
24 
25 struct fscrypt_str {
26 	unsigned char *name;
27 	u32 len;
28 };
29 
30 struct fscrypt_name {
31 	const struct qstr *usr_fname;
32 	struct fscrypt_str disk_name;
33 	u32 hash;
34 	u32 minor_hash;
35 	struct fscrypt_str crypto_buf;
36 	bool is_ciphertext_name;
37 };
38 
39 #define FSTR_INIT(n, l)		{ .name = n, .len = l }
40 #define FSTR_TO_QSTR(f)		QSTR_INIT((f)->name, (f)->len)
41 #define fname_name(p)		((p)->disk_name.name)
42 #define fname_len(p)		((p)->disk_name.len)
43 
44 /* Maximum value for the third parameter of fscrypt_operations.set_context(). */
45 #define FSCRYPT_SET_CONTEXT_MAX_SIZE	28
46 
47 #ifdef CONFIG_FS_ENCRYPTION
48 /*
49  * fscrypt superblock flags
50  */
51 #define FS_CFLG_OWN_PAGES (1U << 1)
52 
53 /*
54  * crypto operations for filesystems
55  */
56 struct fscrypt_operations {
57 	unsigned int flags;
58 	const char *key_prefix;
59 	int (*get_context)(struct inode *, void *, size_t);
60 	int (*set_context)(struct inode *, const void *, size_t, void *);
61 	bool (*dummy_context)(struct inode *);
62 	bool (*empty_dir)(struct inode *);
63 	unsigned int max_namelen;
64 };
65 
66 struct fscrypt_ctx {
67 	union {
68 		struct {
69 			struct page *bounce_page;	/* Ciphertext page */
70 			struct page *control_page;	/* Original page  */
71 		} w;
72 		struct {
73 			struct bio *bio;
74 			struct work_struct work;
75 		} r;
76 		struct list_head free_list;	/* Free list */
77 	};
78 	u8 flags;				/* Flags */
79 };
80 
81 static inline bool fscrypt_has_encryption_key(const struct inode *inode)
82 {
83 	/* pairs with cmpxchg_release() in fscrypt_get_encryption_info() */
84 	return READ_ONCE(inode->i_crypt_info) != NULL;
85 }
86 
87 static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
88 {
89 	return inode->i_sb->s_cop->dummy_context &&
90 		inode->i_sb->s_cop->dummy_context(inode);
91 }
92 
93 /*
94  * When d_splice_alias() moves a directory's encrypted alias to its decrypted
95  * alias as a result of the encryption key being added, DCACHE_ENCRYPTED_NAME
96  * must be cleared.  Note that we don't have to support arbitrary moves of this
97  * flag because fscrypt doesn't allow encrypted aliases to be the source or
98  * target of a rename().
99  */
100 static inline void fscrypt_handle_d_move(struct dentry *dentry)
101 {
102 	dentry->d_flags &= ~DCACHE_ENCRYPTED_NAME;
103 }
104 
105 /* crypto.c */
106 extern void fscrypt_enqueue_decrypt_work(struct work_struct *);
107 extern struct fscrypt_ctx *fscrypt_get_ctx(gfp_t);
108 extern void fscrypt_release_ctx(struct fscrypt_ctx *);
109 extern struct page *fscrypt_encrypt_page(const struct inode *, struct page *,
110 						unsigned int, unsigned int,
111 						u64, gfp_t);
112 extern int fscrypt_decrypt_page(const struct inode *, struct page *, unsigned int,
113 				unsigned int, u64);
114 
115 static inline struct page *fscrypt_control_page(struct page *page)
116 {
117 	return ((struct fscrypt_ctx *)page_private(page))->w.control_page;
118 }
119 
120 extern void fscrypt_restore_control_page(struct page *);
121 
122 /* policy.c */
123 extern int fscrypt_ioctl_set_policy(struct file *, const void __user *);
124 extern int fscrypt_ioctl_get_policy(struct file *, void __user *);
125 extern int fscrypt_has_permitted_context(struct inode *, struct inode *);
126 extern int fscrypt_inherit_context(struct inode *, struct inode *,
127 					void *, bool);
128 /* keyinfo.c */
129 extern int fscrypt_get_encryption_info(struct inode *);
130 extern void fscrypt_put_encryption_info(struct inode *);
131 extern void fscrypt_free_inode(struct inode *);
132 
133 /* fname.c */
134 extern int fscrypt_setup_filename(struct inode *, const struct qstr *,
135 				int lookup, struct fscrypt_name *);
136 
137 static inline void fscrypt_free_filename(struct fscrypt_name *fname)
138 {
139 	kfree(fname->crypto_buf.name);
140 }
141 
142 extern int fscrypt_fname_alloc_buffer(const struct inode *, u32,
143 				struct fscrypt_str *);
144 extern void fscrypt_fname_free_buffer(struct fscrypt_str *);
145 extern int fscrypt_fname_disk_to_usr(struct inode *, u32, u32,
146 			const struct fscrypt_str *, struct fscrypt_str *);
147 
148 #define FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE	32
149 
150 /* Extracts the second-to-last ciphertext block; see explanation below */
151 #define FSCRYPT_FNAME_DIGEST(name, len)	\
152 	((name) + round_down((len) - FS_CRYPTO_BLOCK_SIZE - 1, \
153 			     FS_CRYPTO_BLOCK_SIZE))
154 
155 #define FSCRYPT_FNAME_DIGEST_SIZE	FS_CRYPTO_BLOCK_SIZE
156 
157 /**
158  * fscrypt_digested_name - alternate identifier for an on-disk filename
159  *
160  * When userspace lists an encrypted directory without access to the key,
161  * filenames whose ciphertext is longer than FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE
162  * bytes are shown in this abbreviated form (base64-encoded) rather than as the
163  * full ciphertext (base64-encoded).  This is necessary to allow supporting
164  * filenames up to NAME_MAX bytes, since base64 encoding expands the length.
165  *
166  * To make it possible for filesystems to still find the correct directory entry
167  * despite not knowing the full on-disk name, we encode any filesystem-specific
168  * 'hash' and/or 'minor_hash' which the filesystem may need for its lookups,
169  * followed by the second-to-last ciphertext block of the filename.  Due to the
170  * use of the CBC-CTS encryption mode, the second-to-last ciphertext block
171  * depends on the full plaintext.  (Note that ciphertext stealing causes the
172  * last two blocks to appear "flipped".)  This makes accidental collisions very
173  * unlikely: just a 1 in 2^128 chance for two filenames to collide even if they
174  * share the same filesystem-specific hashes.
175  *
176  * However, this scheme isn't immune to intentional collisions, which can be
177  * created by anyone able to create arbitrary plaintext filenames and view them
178  * without the key.  Making the "digest" be a real cryptographic hash like
179  * SHA-256 over the full ciphertext would prevent this, although it would be
180  * less efficient and harder to implement, especially since the filesystem would
181  * need to calculate it for each directory entry examined during a search.
182  */
183 struct fscrypt_digested_name {
184 	u32 hash;
185 	u32 minor_hash;
186 	u8 digest[FSCRYPT_FNAME_DIGEST_SIZE];
187 };
188 
189 /**
190  * fscrypt_match_name() - test whether the given name matches a directory entry
191  * @fname: the name being searched for
192  * @de_name: the name from the directory entry
193  * @de_name_len: the length of @de_name in bytes
194  *
195  * Normally @fname->disk_name will be set, and in that case we simply compare
196  * that to the name stored in the directory entry.  The only exception is that
197  * if we don't have the key for an encrypted directory and a filename in it is
198  * very long, then we won't have the full disk_name and we'll instead need to
199  * match against the fscrypt_digested_name.
200  *
201  * Return: %true if the name matches, otherwise %false.
202  */
203 static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
204 				      const u8 *de_name, u32 de_name_len)
205 {
206 	if (unlikely(!fname->disk_name.name)) {
207 		const struct fscrypt_digested_name *n =
208 			(const void *)fname->crypto_buf.name;
209 		if (WARN_ON_ONCE(fname->usr_fname->name[0] != '_'))
210 			return false;
211 		if (de_name_len <= FSCRYPT_FNAME_MAX_UNDIGESTED_SIZE)
212 			return false;
213 		return !memcmp(FSCRYPT_FNAME_DIGEST(de_name, de_name_len),
214 			       n->digest, FSCRYPT_FNAME_DIGEST_SIZE);
215 	}
216 
217 	if (de_name_len != fname->disk_name.len)
218 		return false;
219 	return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
220 }
221 
222 /* bio.c */
223 extern void fscrypt_decrypt_bio(struct bio *);
224 extern void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx,
225 					struct bio *bio);
226 extern void fscrypt_pullback_bio_page(struct page **, bool);
227 extern int fscrypt_zeroout_range(const struct inode *, pgoff_t, sector_t,
228 				 unsigned int);
229 
230 /* hooks.c */
231 extern int fscrypt_file_open(struct inode *inode, struct file *filp);
232 extern int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
233 				  struct dentry *dentry);
234 extern int __fscrypt_prepare_rename(struct inode *old_dir,
235 				    struct dentry *old_dentry,
236 				    struct inode *new_dir,
237 				    struct dentry *new_dentry,
238 				    unsigned int flags);
239 extern int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry,
240 				    struct fscrypt_name *fname);
241 extern int __fscrypt_prepare_symlink(struct inode *dir, unsigned int len,
242 				     unsigned int max_len,
243 				     struct fscrypt_str *disk_link);
244 extern int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
245 				     unsigned int len,
246 				     struct fscrypt_str *disk_link);
247 extern const char *fscrypt_get_symlink(struct inode *inode, const void *caddr,
248 				       unsigned int max_size,
249 				       struct delayed_call *done);
250 static inline void fscrypt_set_ops(struct super_block *sb,
251 				   const struct fscrypt_operations *s_cop)
252 {
253 	sb->s_cop = s_cop;
254 }
255 #else  /* !CONFIG_FS_ENCRYPTION */
256 
257 static inline bool fscrypt_has_encryption_key(const struct inode *inode)
258 {
259 	return false;
260 }
261 
262 static inline bool fscrypt_dummy_context_enabled(struct inode *inode)
263 {
264 	return false;
265 }
266 
267 static inline void fscrypt_handle_d_move(struct dentry *dentry)
268 {
269 }
270 
271 /* crypto.c */
272 static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work)
273 {
274 }
275 
276 static inline struct fscrypt_ctx *fscrypt_get_ctx(gfp_t gfp_flags)
277 {
278 	return ERR_PTR(-EOPNOTSUPP);
279 }
280 
281 static inline void fscrypt_release_ctx(struct fscrypt_ctx *ctx)
282 {
283 	return;
284 }
285 
286 static inline struct page *fscrypt_encrypt_page(const struct inode *inode,
287 						struct page *page,
288 						unsigned int len,
289 						unsigned int offs,
290 						u64 lblk_num, gfp_t gfp_flags)
291 {
292 	return ERR_PTR(-EOPNOTSUPP);
293 }
294 
295 static inline int fscrypt_decrypt_page(const struct inode *inode,
296 				       struct page *page,
297 				       unsigned int len, unsigned int offs,
298 				       u64 lblk_num)
299 {
300 	return -EOPNOTSUPP;
301 }
302 
303 static inline struct page *fscrypt_control_page(struct page *page)
304 {
305 	WARN_ON_ONCE(1);
306 	return ERR_PTR(-EINVAL);
307 }
308 
309 static inline void fscrypt_restore_control_page(struct page *page)
310 {
311 	return;
312 }
313 
314 /* policy.c */
315 static inline int fscrypt_ioctl_set_policy(struct file *filp,
316 					   const void __user *arg)
317 {
318 	return -EOPNOTSUPP;
319 }
320 
321 static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg)
322 {
323 	return -EOPNOTSUPP;
324 }
325 
326 static inline int fscrypt_has_permitted_context(struct inode *parent,
327 						struct inode *child)
328 {
329 	return 0;
330 }
331 
332 static inline int fscrypt_inherit_context(struct inode *parent,
333 					  struct inode *child,
334 					  void *fs_data, bool preload)
335 {
336 	return -EOPNOTSUPP;
337 }
338 
339 /* keyinfo.c */
340 static inline int fscrypt_get_encryption_info(struct inode *inode)
341 {
342 	return -EOPNOTSUPP;
343 }
344 
345 static inline void fscrypt_put_encryption_info(struct inode *inode)
346 {
347 	return;
348 }
349 
350 static inline void fscrypt_free_inode(struct inode *inode)
351 {
352 }
353 
354  /* fname.c */
355 static inline int fscrypt_setup_filename(struct inode *dir,
356 					 const struct qstr *iname,
357 					 int lookup, struct fscrypt_name *fname)
358 {
359 	if (IS_ENCRYPTED(dir))
360 		return -EOPNOTSUPP;
361 
362 	memset(fname, 0, sizeof(*fname));
363 	fname->usr_fname = iname;
364 	fname->disk_name.name = (unsigned char *)iname->name;
365 	fname->disk_name.len = iname->len;
366 	return 0;
367 }
368 
369 static inline void fscrypt_free_filename(struct fscrypt_name *fname)
370 {
371 	return;
372 }
373 
374 static inline int fscrypt_fname_alloc_buffer(const struct inode *inode,
375 					     u32 max_encrypted_len,
376 					     struct fscrypt_str *crypto_str)
377 {
378 	return -EOPNOTSUPP;
379 }
380 
381 static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
382 {
383 	return;
384 }
385 
386 static inline int fscrypt_fname_disk_to_usr(struct inode *inode,
387 					    u32 hash, u32 minor_hash,
388 					    const struct fscrypt_str *iname,
389 					    struct fscrypt_str *oname)
390 {
391 	return -EOPNOTSUPP;
392 }
393 
394 static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
395 				      const u8 *de_name, u32 de_name_len)
396 {
397 	/* Encryption support disabled; use standard comparison */
398 	if (de_name_len != fname->disk_name.len)
399 		return false;
400 	return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
401 }
402 
403 /* bio.c */
404 static inline void fscrypt_decrypt_bio(struct bio *bio)
405 {
406 }
407 
408 static inline void fscrypt_enqueue_decrypt_bio(struct fscrypt_ctx *ctx,
409 					       struct bio *bio)
410 {
411 }
412 
413 static inline void fscrypt_pullback_bio_page(struct page **page, bool restore)
414 {
415 	return;
416 }
417 
418 static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
419 					sector_t pblk, unsigned int len)
420 {
421 	return -EOPNOTSUPP;
422 }
423 
424 /* hooks.c */
425 
426 static inline int fscrypt_file_open(struct inode *inode, struct file *filp)
427 {
428 	if (IS_ENCRYPTED(inode))
429 		return -EOPNOTSUPP;
430 	return 0;
431 }
432 
433 static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
434 					 struct dentry *dentry)
435 {
436 	return -EOPNOTSUPP;
437 }
438 
439 static inline int __fscrypt_prepare_rename(struct inode *old_dir,
440 					   struct dentry *old_dentry,
441 					   struct inode *new_dir,
442 					   struct dentry *new_dentry,
443 					   unsigned int flags)
444 {
445 	return -EOPNOTSUPP;
446 }
447 
448 static inline int __fscrypt_prepare_lookup(struct inode *dir,
449 					   struct dentry *dentry,
450 					   struct fscrypt_name *fname)
451 {
452 	return -EOPNOTSUPP;
453 }
454 
455 static inline int __fscrypt_prepare_symlink(struct inode *dir,
456 					    unsigned int len,
457 					    unsigned int max_len,
458 					    struct fscrypt_str *disk_link)
459 {
460 	return -EOPNOTSUPP;
461 }
462 
463 
464 static inline int __fscrypt_encrypt_symlink(struct inode *inode,
465 					    const char *target,
466 					    unsigned int len,
467 					    struct fscrypt_str *disk_link)
468 {
469 	return -EOPNOTSUPP;
470 }
471 
472 static inline const char *fscrypt_get_symlink(struct inode *inode,
473 					      const void *caddr,
474 					      unsigned int max_size,
475 					      struct delayed_call *done)
476 {
477 	return ERR_PTR(-EOPNOTSUPP);
478 }
479 
480 static inline void fscrypt_set_ops(struct super_block *sb,
481 				   const struct fscrypt_operations *s_cop)
482 {
483 }
484 
485 #endif	/* !CONFIG_FS_ENCRYPTION */
486 
487 /**
488  * fscrypt_require_key - require an inode's encryption key
489  * @inode: the inode we need the key for
490  *
491  * If the inode is encrypted, set up its encryption key if not already done.
492  * Then require that the key be present and return -ENOKEY otherwise.
493  *
494  * No locks are needed, and the key will live as long as the struct inode --- so
495  * it won't go away from under you.
496  *
497  * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
498  * if a problem occurred while setting up the encryption key.
499  */
500 static inline int fscrypt_require_key(struct inode *inode)
501 {
502 	if (IS_ENCRYPTED(inode)) {
503 		int err = fscrypt_get_encryption_info(inode);
504 
505 		if (err)
506 			return err;
507 		if (!fscrypt_has_encryption_key(inode))
508 			return -ENOKEY;
509 	}
510 	return 0;
511 }
512 
513 /**
514  * fscrypt_prepare_link - prepare to link an inode into a possibly-encrypted directory
515  * @old_dentry: an existing dentry for the inode being linked
516  * @dir: the target directory
517  * @dentry: negative dentry for the target filename
518  *
519  * A new link can only be added to an encrypted directory if the directory's
520  * encryption key is available --- since otherwise we'd have no way to encrypt
521  * the filename.  Therefore, we first set up the directory's encryption key (if
522  * not already done) and return an error if it's unavailable.
523  *
524  * We also verify that the link will not violate the constraint that all files
525  * in an encrypted directory tree use the same encryption policy.
526  *
527  * Return: 0 on success, -ENOKEY if the directory's encryption key is missing,
528  * -EXDEV if the link would result in an inconsistent encryption policy, or
529  * another -errno code.
530  */
531 static inline int fscrypt_prepare_link(struct dentry *old_dentry,
532 				       struct inode *dir,
533 				       struct dentry *dentry)
534 {
535 	if (IS_ENCRYPTED(dir))
536 		return __fscrypt_prepare_link(d_inode(old_dentry), dir, dentry);
537 	return 0;
538 }
539 
540 /**
541  * fscrypt_prepare_rename - prepare for a rename between possibly-encrypted directories
542  * @old_dir: source directory
543  * @old_dentry: dentry for source file
544  * @new_dir: target directory
545  * @new_dentry: dentry for target location (may be negative unless exchanging)
546  * @flags: rename flags (we care at least about %RENAME_EXCHANGE)
547  *
548  * Prepare for ->rename() where the source and/or target directories may be
549  * encrypted.  A new link can only be added to an encrypted directory if the
550  * directory's encryption key is available --- since otherwise we'd have no way
551  * to encrypt the filename.  A rename to an existing name, on the other hand,
552  * *is* cryptographically possible without the key.  However, we take the more
553  * conservative approach and just forbid all no-key renames.
554  *
555  * We also verify that the rename will not violate the constraint that all files
556  * in an encrypted directory tree use the same encryption policy.
557  *
558  * Return: 0 on success, -ENOKEY if an encryption key is missing, -EXDEV if the
559  * rename would cause inconsistent encryption policies, or another -errno code.
560  */
561 static inline int fscrypt_prepare_rename(struct inode *old_dir,
562 					 struct dentry *old_dentry,
563 					 struct inode *new_dir,
564 					 struct dentry *new_dentry,
565 					 unsigned int flags)
566 {
567 	if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir))
568 		return __fscrypt_prepare_rename(old_dir, old_dentry,
569 						new_dir, new_dentry, flags);
570 	return 0;
571 }
572 
573 /**
574  * fscrypt_prepare_lookup - prepare to lookup a name in a possibly-encrypted directory
575  * @dir: directory being searched
576  * @dentry: filename being looked up
577  * @fname: (output) the name to use to search the on-disk directory
578  *
579  * Prepare for ->lookup() in a directory which may be encrypted by determining
580  * the name that will actually be used to search the directory on-disk.  Lookups
581  * can be done with or without the directory's encryption key; without the key,
582  * filenames are presented in encrypted form.  Therefore, we'll try to set up
583  * the directory's encryption key, but even without it the lookup can continue.
584  *
585  * This also installs a custom ->d_revalidate() method which will invalidate the
586  * dentry if it was created without the key and the key is later added.
587  *
588  * Return: 0 on success; -ENOENT if key is unavailable but the filename isn't a
589  * correctly formed encoded ciphertext name, so a negative dentry should be
590  * created; or another -errno code.
591  */
592 static inline int fscrypt_prepare_lookup(struct inode *dir,
593 					 struct dentry *dentry,
594 					 struct fscrypt_name *fname)
595 {
596 	if (IS_ENCRYPTED(dir))
597 		return __fscrypt_prepare_lookup(dir, dentry, fname);
598 
599 	memset(fname, 0, sizeof(*fname));
600 	fname->usr_fname = &dentry->d_name;
601 	fname->disk_name.name = (unsigned char *)dentry->d_name.name;
602 	fname->disk_name.len = dentry->d_name.len;
603 	return 0;
604 }
605 
606 /**
607  * fscrypt_prepare_setattr - prepare to change a possibly-encrypted inode's attributes
608  * @dentry: dentry through which the inode is being changed
609  * @attr: attributes to change
610  *
611  * Prepare for ->setattr() on a possibly-encrypted inode.  On an encrypted file,
612  * most attribute changes are allowed even without the encryption key.  However,
613  * without the encryption key we do have to forbid truncates.  This is needed
614  * because the size being truncated to may not be a multiple of the filesystem
615  * block size, and in that case we'd have to decrypt the final block, zero the
616  * portion past i_size, and re-encrypt it.  (We *could* allow truncating to a
617  * filesystem block boundary, but it's simpler to just forbid all truncates ---
618  * and we already forbid all other contents modifications without the key.)
619  *
620  * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
621  * if a problem occurred while setting up the encryption key.
622  */
623 static inline int fscrypt_prepare_setattr(struct dentry *dentry,
624 					  struct iattr *attr)
625 {
626 	if (attr->ia_valid & ATTR_SIZE)
627 		return fscrypt_require_key(d_inode(dentry));
628 	return 0;
629 }
630 
631 /**
632  * fscrypt_prepare_symlink - prepare to create a possibly-encrypted symlink
633  * @dir: directory in which the symlink is being created
634  * @target: plaintext symlink target
635  * @len: length of @target excluding null terminator
636  * @max_len: space the filesystem has available to store the symlink target
637  * @disk_link: (out) the on-disk symlink target being prepared
638  *
639  * This function computes the size the symlink target will require on-disk,
640  * stores it in @disk_link->len, and validates it against @max_len.  An
641  * encrypted symlink may be longer than the original.
642  *
643  * Additionally, @disk_link->name is set to @target if the symlink will be
644  * unencrypted, but left NULL if the symlink will be encrypted.  For encrypted
645  * symlinks, the filesystem must call fscrypt_encrypt_symlink() to create the
646  * on-disk target later.  (The reason for the two-step process is that some
647  * filesystems need to know the size of the symlink target before creating the
648  * inode, e.g. to determine whether it will be a "fast" or "slow" symlink.)
649  *
650  * Return: 0 on success, -ENAMETOOLONG if the symlink target is too long,
651  * -ENOKEY if the encryption key is missing, or another -errno code if a problem
652  * occurred while setting up the encryption key.
653  */
654 static inline int fscrypt_prepare_symlink(struct inode *dir,
655 					  const char *target,
656 					  unsigned int len,
657 					  unsigned int max_len,
658 					  struct fscrypt_str *disk_link)
659 {
660 	if (IS_ENCRYPTED(dir) || fscrypt_dummy_context_enabled(dir))
661 		return __fscrypt_prepare_symlink(dir, len, max_len, disk_link);
662 
663 	disk_link->name = (unsigned char *)target;
664 	disk_link->len = len + 1;
665 	if (disk_link->len > max_len)
666 		return -ENAMETOOLONG;
667 	return 0;
668 }
669 
670 /**
671  * fscrypt_encrypt_symlink - encrypt the symlink target if needed
672  * @inode: symlink inode
673  * @target: plaintext symlink target
674  * @len: length of @target excluding null terminator
675  * @disk_link: (in/out) the on-disk symlink target being prepared
676  *
677  * If the symlink target needs to be encrypted, then this function encrypts it
678  * into @disk_link->name.  fscrypt_prepare_symlink() must have been called
679  * previously to compute @disk_link->len.  If the filesystem did not allocate a
680  * buffer for @disk_link->name after calling fscrypt_prepare_link(), then one
681  * will be kmalloc()'ed and the filesystem will be responsible for freeing it.
682  *
683  * Return: 0 on success, -errno on failure
684  */
685 static inline int fscrypt_encrypt_symlink(struct inode *inode,
686 					  const char *target,
687 					  unsigned int len,
688 					  struct fscrypt_str *disk_link)
689 {
690 	if (IS_ENCRYPTED(inode))
691 		return __fscrypt_encrypt_symlink(inode, target, len, disk_link);
692 	return 0;
693 }
694 
695 #endif	/* _LINUX_FSCRYPT_H */
696