2 * eCryptfs: Linux filesystem encryption layer
4 * Copyright (C) 1997-2004 Erez Zadok
5 * Copyright (C) 2001-2004 Stony Brook University
6 * Copyright (C) 2004-2007 International Business Machines Corp.
7 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
8 * Michael C. Thompsion <mcthomps@us.ibm.com>
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License as
12 * published by the Free Software Foundation; either version 2 of the
13 * License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
26 #include <linux/file.h>
27 #include <linux/vmalloc.h>
28 #include <linux/pagemap.h>
29 #include <linux/dcache.h>
30 #include <linux/namei.h>
31 #include <linux/mount.h>
32 #include <linux/crypto.h>
33 #include <linux/fs_stack.h>
34 #include <linux/slab.h>
35 #include <linux/xattr.h>
36 #include <asm/unaligned.h>
37 #include "ecryptfs_kernel.h"
39 static struct dentry *lock_parent(struct dentry *dentry)
43 dir = dget_parent(dentry);
44 mutex_lock_nested(&(dir->d_inode->i_mutex), I_MUTEX_PARENT);
48 static void unlock_dir(struct dentry *dir)
50 mutex_unlock(&dir->d_inode->i_mutex);
54 static int ecryptfs_inode_test(struct inode *inode, void *lower_inode)
56 if (ecryptfs_inode_to_lower(inode) == (struct inode *)lower_inode)
61 static int ecryptfs_inode_set(struct inode *inode, void *opaque)
63 struct inode *lower_inode = opaque;
65 ecryptfs_set_inode_lower(inode, lower_inode);
66 fsstack_copy_attr_all(inode, lower_inode);
67 /* i_size will be overwritten for encrypted regular files */
68 fsstack_copy_inode_size(inode, lower_inode);
69 inode->i_ino = lower_inode->i_ino;
71 inode->i_mapping->a_ops = &ecryptfs_aops;
72 inode->i_mapping->backing_dev_info = inode->i_sb->s_bdi;
74 if (S_ISLNK(inode->i_mode))
75 inode->i_op = &ecryptfs_symlink_iops;
76 else if (S_ISDIR(inode->i_mode))
77 inode->i_op = &ecryptfs_dir_iops;
79 inode->i_op = &ecryptfs_main_iops;
81 if (S_ISDIR(inode->i_mode))
82 inode->i_fop = &ecryptfs_dir_fops;
83 else if (special_file(inode->i_mode))
84 init_special_inode(inode, inode->i_mode, inode->i_rdev);
86 inode->i_fop = &ecryptfs_main_fops;
91 static struct inode *__ecryptfs_get_inode(struct inode *lower_inode,
92 struct super_block *sb)
96 if (lower_inode->i_sb != ecryptfs_superblock_to_lower(sb))
97 return ERR_PTR(-EXDEV);
98 if (!igrab(lower_inode))
99 return ERR_PTR(-ESTALE);
100 inode = iget5_locked(sb, (unsigned long)lower_inode,
101 ecryptfs_inode_test, ecryptfs_inode_set,
105 return ERR_PTR(-EACCES);
107 if (!(inode->i_state & I_NEW))
113 struct inode *ecryptfs_get_inode(struct inode *lower_inode,
114 struct super_block *sb)
116 struct inode *inode = __ecryptfs_get_inode(lower_inode, sb);
118 if (!IS_ERR(inode) && (inode->i_state & I_NEW))
119 unlock_new_inode(inode);
126 * @lower_dentry: Existing dentry in the lower filesystem
127 * @dentry: ecryptfs' dentry
128 * @sb: ecryptfs's super_block
130 * Interposes upper and lower dentries.
132 * Returns zero on success; non-zero otherwise
134 static int ecryptfs_interpose(struct dentry *lower_dentry,
135 struct dentry *dentry, struct super_block *sb)
137 struct inode *inode = ecryptfs_get_inode(lower_dentry->d_inode, sb);
140 return PTR_ERR(inode);
141 d_instantiate(dentry, inode);
147 * ecryptfs_create_underlying_file
148 * @lower_dir_inode: inode of the parent in the lower fs of the new file
149 * @dentry: New file's dentry
150 * @mode: The mode of the new file
152 * Creates the file in the lower file system.
154 * Returns zero on success; non-zero on error condition
157 ecryptfs_create_underlying_file(struct inode *lower_dir_inode,
158 struct dentry *dentry, int mode)
160 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
161 return vfs_create(lower_dir_inode, lower_dentry, mode, NULL);
164 static int ecryptfs_do_unlink(struct inode *dir, struct dentry *dentry,
167 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
168 struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir);
169 struct dentry *lower_dir_dentry;
173 lower_dir_dentry = lock_parent(lower_dentry);
174 rc = vfs_unlink(lower_dir_inode, lower_dentry);
176 printk(KERN_ERR "Error in vfs_unlink; rc = [%d]\n", rc);
179 fsstack_copy_attr_times(dir, lower_dir_inode);
180 set_nlink(inode, ecryptfs_inode_to_lower(inode)->i_nlink);
181 inode->i_ctime = dir->i_ctime;
184 unlock_dir(lower_dir_dentry);
191 * @directory_inode: inode of the new file's dentry's parent in ecryptfs
192 * @ecryptfs_dentry: New file's dentry in ecryptfs
193 * @mode: The mode of the new file
194 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount
196 * Creates the underlying file and the eCryptfs inode which will link to
197 * it. It will also update the eCryptfs directory inode to mimic the
198 * stat of the lower directory inode.
200 * Returns the new eCryptfs inode on success; an ERR_PTR on error condition
202 static struct inode *
203 ecryptfs_do_create(struct inode *directory_inode,
204 struct dentry *ecryptfs_dentry, int mode)
207 struct dentry *lower_dentry;
208 struct dentry *lower_dir_dentry;
211 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
212 lower_dir_dentry = lock_parent(lower_dentry);
213 if (IS_ERR(lower_dir_dentry)) {
214 ecryptfs_printk(KERN_ERR, "Error locking directory of "
216 inode = ERR_CAST(lower_dir_dentry);
219 rc = ecryptfs_create_underlying_file(lower_dir_dentry->d_inode,
220 ecryptfs_dentry, mode);
222 printk(KERN_ERR "%s: Failure to create dentry in lower fs; "
223 "rc = [%d]\n", __func__, rc);
227 inode = __ecryptfs_get_inode(lower_dentry->d_inode,
228 directory_inode->i_sb);
230 vfs_unlink(lower_dir_dentry->d_inode, lower_dentry);
233 fsstack_copy_attr_times(directory_inode, lower_dir_dentry->d_inode);
234 fsstack_copy_inode_size(directory_inode, lower_dir_dentry->d_inode);
236 unlock_dir(lower_dir_dentry);
242 * ecryptfs_initialize_file
244 * Cause the file to be changed from a basic empty file to an ecryptfs
245 * file with a header and first data page.
247 * Returns zero on success
249 static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry,
250 struct inode *ecryptfs_inode)
252 struct ecryptfs_crypt_stat *crypt_stat =
253 &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
256 if (S_ISDIR(ecryptfs_inode->i_mode)) {
257 ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
258 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
261 ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
262 rc = ecryptfs_new_file_context(ecryptfs_inode);
264 ecryptfs_printk(KERN_ERR, "Error creating new file "
265 "context; rc = [%d]\n", rc);
268 rc = ecryptfs_get_lower_file(ecryptfs_dentry, ecryptfs_inode);
270 printk(KERN_ERR "%s: Error attempting to initialize "
271 "the lower file for the dentry with name "
272 "[%s]; rc = [%d]\n", __func__,
273 ecryptfs_dentry->d_name.name, rc);
276 rc = ecryptfs_write_metadata(ecryptfs_dentry, ecryptfs_inode);
278 printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
279 ecryptfs_put_lower_file(ecryptfs_inode);
286 * @dir: The inode of the directory in which to create the file.
287 * @dentry: The eCryptfs dentry
288 * @mode: The mode of the new file.
291 * Creates a new file.
293 * Returns zero on success; non-zero on error condition
296 ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry,
297 int mode, struct nameidata *nd)
299 struct inode *ecryptfs_inode;
302 ecryptfs_inode = ecryptfs_do_create(directory_inode, ecryptfs_dentry,
304 if (unlikely(IS_ERR(ecryptfs_inode))) {
305 ecryptfs_printk(KERN_WARNING, "Failed to create file in"
306 "lower filesystem\n");
307 rc = PTR_ERR(ecryptfs_inode);
310 /* At this point, a file exists on "disk"; we need to make sure
311 * that this on disk file is prepared to be an ecryptfs file */
312 rc = ecryptfs_initialize_file(ecryptfs_dentry, ecryptfs_inode);
314 ecryptfs_do_unlink(directory_inode, ecryptfs_dentry,
316 make_bad_inode(ecryptfs_inode);
317 unlock_new_inode(ecryptfs_inode);
318 iput(ecryptfs_inode);
321 d_instantiate(ecryptfs_dentry, ecryptfs_inode);
322 unlock_new_inode(ecryptfs_inode);
327 static int ecryptfs_i_size_read(struct dentry *dentry, struct inode *inode)
329 struct ecryptfs_crypt_stat *crypt_stat;
332 rc = ecryptfs_get_lower_file(dentry, inode);
334 printk(KERN_ERR "%s: Error attempting to initialize "
335 "the lower file for the dentry with name "
336 "[%s]; rc = [%d]\n", __func__,
337 dentry->d_name.name, rc);
341 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
342 /* TODO: lock for crypt_stat comparison */
343 if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
344 ecryptfs_set_default_sizes(crypt_stat);
346 rc = ecryptfs_read_and_validate_header_region(inode);
347 ecryptfs_put_lower_file(inode);
349 rc = ecryptfs_read_and_validate_xattr_region(dentry, inode);
351 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
354 /* Must return 0 to allow non-eCryptfs files to be looked up, too */
359 * ecryptfs_lookup_interpose - Dentry interposition for a lookup
361 static int ecryptfs_lookup_interpose(struct dentry *dentry,
362 struct dentry *lower_dentry,
363 struct inode *dir_inode)
365 struct inode *inode, *lower_inode = lower_dentry->d_inode;
366 struct ecryptfs_dentry_info *dentry_info;
367 struct vfsmount *lower_mnt;
370 lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent));
371 fsstack_copy_attr_atime(dir_inode, lower_dentry->d_parent->d_inode);
372 BUG_ON(!lower_dentry->d_count);
374 dentry_info = kmem_cache_alloc(ecryptfs_dentry_info_cache, GFP_KERNEL);
375 ecryptfs_set_dentry_private(dentry, dentry_info);
377 printk(KERN_ERR "%s: Out of memory whilst attempting "
378 "to allocate ecryptfs_dentry_info struct\n",
385 ecryptfs_set_dentry_lower(dentry, lower_dentry);
386 ecryptfs_set_dentry_lower_mnt(dentry, lower_mnt);
388 if (!lower_dentry->d_inode) {
389 /* We want to add because we couldn't find in lower */
393 inode = __ecryptfs_get_inode(lower_inode, dir_inode->i_sb);
395 printk(KERN_ERR "%s: Error interposing; rc = [%ld]\n",
396 __func__, PTR_ERR(inode));
397 return PTR_ERR(inode);
399 if (S_ISREG(inode->i_mode)) {
400 rc = ecryptfs_i_size_read(dentry, inode);
402 make_bad_inode(inode);
407 if (inode->i_state & I_NEW)
408 unlock_new_inode(inode);
409 d_add(dentry, inode);
416 * @ecryptfs_dir_inode: The eCryptfs directory inode
417 * @ecryptfs_dentry: The eCryptfs dentry that we are looking up
418 * @ecryptfs_nd: nameidata; may be NULL
420 * Find a file on disk. If the file does not exist, then we'll add it to the
421 * dentry cache and continue on to read it from the disk.
423 static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
424 struct dentry *ecryptfs_dentry,
425 struct nameidata *ecryptfs_nd)
427 char *encrypted_and_encoded_name = NULL;
428 size_t encrypted_and_encoded_name_size;
429 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
430 struct dentry *lower_dir_dentry, *lower_dentry;
433 if ((ecryptfs_dentry->d_name.len == 1
434 && !strcmp(ecryptfs_dentry->d_name.name, "."))
435 || (ecryptfs_dentry->d_name.len == 2
436 && !strcmp(ecryptfs_dentry->d_name.name, ".."))) {
439 lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent);
440 mutex_lock(&lower_dir_dentry->d_inode->i_mutex);
441 lower_dentry = lookup_one_len(ecryptfs_dentry->d_name.name,
443 ecryptfs_dentry->d_name.len);
444 mutex_unlock(&lower_dir_dentry->d_inode->i_mutex);
445 if (IS_ERR(lower_dentry)) {
446 rc = PTR_ERR(lower_dentry);
447 ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
448 "[%d] on lower_dentry = [%s]\n", __func__, rc,
449 encrypted_and_encoded_name);
452 if (lower_dentry->d_inode)
454 mount_crypt_stat = &ecryptfs_superblock_to_private(
455 ecryptfs_dentry->d_sb)->mount_crypt_stat;
456 if (!(mount_crypt_stat
457 && (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)))
460 rc = ecryptfs_encrypt_and_encode_filename(
461 &encrypted_and_encoded_name, &encrypted_and_encoded_name_size,
462 NULL, mount_crypt_stat, ecryptfs_dentry->d_name.name,
463 ecryptfs_dentry->d_name.len);
465 printk(KERN_ERR "%s: Error attempting to encrypt and encode "
466 "filename; rc = [%d]\n", __func__, rc);
469 mutex_lock(&lower_dir_dentry->d_inode->i_mutex);
470 lower_dentry = lookup_one_len(encrypted_and_encoded_name,
472 encrypted_and_encoded_name_size);
473 mutex_unlock(&lower_dir_dentry->d_inode->i_mutex);
474 if (IS_ERR(lower_dentry)) {
475 rc = PTR_ERR(lower_dentry);
476 ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
477 "[%d] on lower_dentry = [%s]\n", __func__, rc,
478 encrypted_and_encoded_name);
482 rc = ecryptfs_lookup_interpose(ecryptfs_dentry, lower_dentry,
486 d_drop(ecryptfs_dentry);
488 kfree(encrypted_and_encoded_name);
492 static int ecryptfs_link(struct dentry *old_dentry, struct inode *dir,
493 struct dentry *new_dentry)
495 struct dentry *lower_old_dentry;
496 struct dentry *lower_new_dentry;
497 struct dentry *lower_dir_dentry;
501 file_size_save = i_size_read(old_dentry->d_inode);
502 lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
503 lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry);
504 dget(lower_old_dentry);
505 dget(lower_new_dentry);
506 lower_dir_dentry = lock_parent(lower_new_dentry);
507 rc = vfs_link(lower_old_dentry, lower_dir_dentry->d_inode,
509 if (rc || !lower_new_dentry->d_inode)
511 rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb);
514 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
515 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
516 set_nlink(old_dentry->d_inode,
517 ecryptfs_inode_to_lower(old_dentry->d_inode)->i_nlink);
518 i_size_write(new_dentry->d_inode, file_size_save);
520 unlock_dir(lower_dir_dentry);
521 dput(lower_new_dentry);
522 dput(lower_old_dentry);
526 static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry)
528 return ecryptfs_do_unlink(dir, dentry, dentry->d_inode);
531 static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry,
535 struct dentry *lower_dentry;
536 struct dentry *lower_dir_dentry;
537 char *encoded_symname;
538 size_t encoded_symlen;
539 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
541 lower_dentry = ecryptfs_dentry_to_lower(dentry);
543 lower_dir_dentry = lock_parent(lower_dentry);
544 mount_crypt_stat = &ecryptfs_superblock_to_private(
545 dir->i_sb)->mount_crypt_stat;
546 rc = ecryptfs_encrypt_and_encode_filename(&encoded_symname,
549 mount_crypt_stat, symname,
553 rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry,
555 kfree(encoded_symname);
556 if (rc || !lower_dentry->d_inode)
558 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
561 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
562 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
564 unlock_dir(lower_dir_dentry);
566 if (!dentry->d_inode)
571 static int ecryptfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
574 struct dentry *lower_dentry;
575 struct dentry *lower_dir_dentry;
577 lower_dentry = ecryptfs_dentry_to_lower(dentry);
578 lower_dir_dentry = lock_parent(lower_dentry);
579 rc = vfs_mkdir(lower_dir_dentry->d_inode, lower_dentry, mode);
580 if (rc || !lower_dentry->d_inode)
582 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
585 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
586 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
587 set_nlink(dir, lower_dir_dentry->d_inode->i_nlink);
589 unlock_dir(lower_dir_dentry);
590 if (!dentry->d_inode)
595 static int ecryptfs_rmdir(struct inode *dir, struct dentry *dentry)
597 struct dentry *lower_dentry;
598 struct dentry *lower_dir_dentry;
601 lower_dentry = ecryptfs_dentry_to_lower(dentry);
603 lower_dir_dentry = lock_parent(lower_dentry);
605 rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry);
607 if (!rc && dentry->d_inode)
608 clear_nlink(dentry->d_inode);
609 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
610 set_nlink(dir, lower_dir_dentry->d_inode->i_nlink);
611 unlock_dir(lower_dir_dentry);
619 ecryptfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
622 struct dentry *lower_dentry;
623 struct dentry *lower_dir_dentry;
625 lower_dentry = ecryptfs_dentry_to_lower(dentry);
626 lower_dir_dentry = lock_parent(lower_dentry);
627 rc = vfs_mknod(lower_dir_dentry->d_inode, lower_dentry, mode, dev);
628 if (rc || !lower_dentry->d_inode)
630 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
633 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
634 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
636 unlock_dir(lower_dir_dentry);
637 if (!dentry->d_inode)
643 ecryptfs_rename(struct inode *old_dir, struct dentry *old_dentry,
644 struct inode *new_dir, struct dentry *new_dentry)
647 struct dentry *lower_old_dentry;
648 struct dentry *lower_new_dentry;
649 struct dentry *lower_old_dir_dentry;
650 struct dentry *lower_new_dir_dentry;
651 struct dentry *trap = NULL;
652 struct inode *target_inode;
654 lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
655 lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry);
656 dget(lower_old_dentry);
657 dget(lower_new_dentry);
658 lower_old_dir_dentry = dget_parent(lower_old_dentry);
659 lower_new_dir_dentry = dget_parent(lower_new_dentry);
660 target_inode = new_dentry->d_inode;
661 trap = lock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
662 /* source should not be ancestor of target */
663 if (trap == lower_old_dentry) {
667 /* target should not be ancestor of source */
668 if (trap == lower_new_dentry) {
672 rc = vfs_rename(lower_old_dir_dentry->d_inode, lower_old_dentry,
673 lower_new_dir_dentry->d_inode, lower_new_dentry);
677 fsstack_copy_attr_all(target_inode,
678 ecryptfs_inode_to_lower(target_inode));
679 fsstack_copy_attr_all(new_dir, lower_new_dir_dentry->d_inode);
680 if (new_dir != old_dir)
681 fsstack_copy_attr_all(old_dir, lower_old_dir_dentry->d_inode);
683 unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
684 dput(lower_new_dir_dentry);
685 dput(lower_old_dir_dentry);
686 dput(lower_new_dentry);
687 dput(lower_old_dentry);
691 static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf,
694 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
696 size_t lower_bufsiz = PATH_MAX;
700 lower_buf = kmalloc(lower_bufsiz, GFP_KERNEL);
707 rc = lower_dentry->d_inode->i_op->readlink(lower_dentry,
708 (char __user *)lower_buf,
714 rc = ecryptfs_decode_and_decrypt_filename(buf, bufsiz, dentry,
715 lower_buf, lower_bufsiz);
722 ecryptfs_readlink(struct dentry *dentry, char __user *buf, int bufsiz)
725 size_t kbufsiz, copied;
728 rc = ecryptfs_readlink_lower(dentry, &kbuf, &kbufsiz);
731 copied = min_t(size_t, bufsiz, kbufsiz);
732 rc = copy_to_user(buf, kbuf, copied) ? -EFAULT : copied;
734 fsstack_copy_attr_atime(dentry->d_inode,
735 ecryptfs_dentry_to_lower(dentry)->d_inode);
740 static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd)
743 int len = PAGE_SIZE, rc;
746 /* Released in ecryptfs_put_link(); only release here on error */
747 buf = kmalloc(len, GFP_KERNEL);
749 buf = ERR_PTR(-ENOMEM);
754 rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len);
762 nd_set_link(nd, buf);
767 ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr)
769 char *buf = nd_get_link(nd);
777 * upper_size_to_lower_size
778 * @crypt_stat: Crypt_stat associated with file
779 * @upper_size: Size of the upper file
781 * Calculate the required size of the lower file based on the
782 * specified size of the upper file. This calculation is based on the
783 * number of headers in the underlying file and the extent size.
785 * Returns Calculated size of the lower file.
788 upper_size_to_lower_size(struct ecryptfs_crypt_stat *crypt_stat,
793 lower_size = ecryptfs_lower_header_size(crypt_stat);
794 if (upper_size != 0) {
797 num_extents = upper_size >> crypt_stat->extent_shift;
798 if (upper_size & ~crypt_stat->extent_mask)
800 lower_size += (num_extents * crypt_stat->extent_size);
807 * @dentry: The ecryptfs layer dentry
808 * @ia: Address of the ecryptfs inode's attributes
809 * @lower_ia: Address of the lower inode's attributes
811 * Function to handle truncations modifying the size of the file. Note
812 * that the file sizes are interpolated. When expanding, we are simply
813 * writing strings of 0's out. When truncating, we truncate the upper
814 * inode and update the lower_ia according to the page index
815 * interpolations. If ATTR_SIZE is set in lower_ia->ia_valid upon return,
816 * the caller must use lower_ia in a call to notify_change() to perform
817 * the truncation of the lower inode.
819 * Returns zero on success; non-zero otherwise
821 static int truncate_upper(struct dentry *dentry, struct iattr *ia,
822 struct iattr *lower_ia)
825 struct inode *inode = dentry->d_inode;
826 struct ecryptfs_crypt_stat *crypt_stat;
827 loff_t i_size = i_size_read(inode);
828 loff_t lower_size_before_truncate;
829 loff_t lower_size_after_truncate;
831 if (unlikely((ia->ia_size == i_size))) {
832 lower_ia->ia_valid &= ~ATTR_SIZE;
835 rc = ecryptfs_get_lower_file(dentry, inode);
838 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
839 /* Switch on growing or shrinking file */
840 if (ia->ia_size > i_size) {
841 char zero[] = { 0x00 };
843 lower_ia->ia_valid &= ~ATTR_SIZE;
844 /* Write a single 0 at the last position of the file;
845 * this triggers code that will fill in 0's throughout
846 * the intermediate portion of the previous end of the
847 * file and the new and of the file */
848 rc = ecryptfs_write(inode, zero,
849 (ia->ia_size - 1), 1);
850 } else { /* ia->ia_size < i_size_read(inode) */
851 /* We're chopping off all the pages down to the page
852 * in which ia->ia_size is located. Fill in the end of
853 * that page from (ia->ia_size & ~PAGE_CACHE_MASK) to
854 * PAGE_CACHE_SIZE with zeros. */
855 size_t num_zeros = (PAGE_CACHE_SIZE
856 - (ia->ia_size & ~PAGE_CACHE_MASK));
858 if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
859 truncate_setsize(inode, ia->ia_size);
860 lower_ia->ia_size = ia->ia_size;
861 lower_ia->ia_valid |= ATTR_SIZE;
867 zeros_virt = kzalloc(num_zeros, GFP_KERNEL);
872 rc = ecryptfs_write(inode, zeros_virt,
873 ia->ia_size, num_zeros);
876 printk(KERN_ERR "Error attempting to zero out "
877 "the remainder of the end page on "
878 "reducing truncate; rc = [%d]\n", rc);
882 truncate_setsize(inode, ia->ia_size);
883 rc = ecryptfs_write_inode_size_to_metadata(inode);
885 printk(KERN_ERR "Problem with "
886 "ecryptfs_write_inode_size_to_metadata; "
890 /* We are reducing the size of the ecryptfs file, and need to
891 * know if we need to reduce the size of the lower file. */
892 lower_size_before_truncate =
893 upper_size_to_lower_size(crypt_stat, i_size);
894 lower_size_after_truncate =
895 upper_size_to_lower_size(crypt_stat, ia->ia_size);
896 if (lower_size_after_truncate < lower_size_before_truncate) {
897 lower_ia->ia_size = lower_size_after_truncate;
898 lower_ia->ia_valid |= ATTR_SIZE;
900 lower_ia->ia_valid &= ~ATTR_SIZE;
903 ecryptfs_put_lower_file(inode);
907 static int ecryptfs_inode_newsize_ok(struct inode *inode, loff_t offset)
909 struct ecryptfs_crypt_stat *crypt_stat;
910 loff_t lower_oldsize, lower_newsize;
912 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
913 lower_oldsize = upper_size_to_lower_size(crypt_stat,
915 lower_newsize = upper_size_to_lower_size(crypt_stat, offset);
916 if (lower_newsize > lower_oldsize) {
918 * The eCryptfs inode and the new *lower* size are mixed here
919 * because we may not have the lower i_mutex held and/or it may
920 * not be appropriate to call inode_newsize_ok() with inodes
921 * from other filesystems.
923 return inode_newsize_ok(inode, lower_newsize);
931 * @dentry: The ecryptfs layer dentry
932 * @new_length: The length to expand the file to
934 * Simple function that handles the truncation of an eCryptfs inode and
935 * its corresponding lower inode.
937 * Returns zero on success; non-zero otherwise
939 int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
941 struct iattr ia = { .ia_valid = ATTR_SIZE, .ia_size = new_length };
942 struct iattr lower_ia = { .ia_valid = 0 };
945 rc = ecryptfs_inode_newsize_ok(dentry->d_inode, new_length);
949 rc = truncate_upper(dentry, &ia, &lower_ia);
950 if (!rc && lower_ia.ia_valid & ATTR_SIZE) {
951 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
953 mutex_lock(&lower_dentry->d_inode->i_mutex);
954 rc = notify_change(lower_dentry, &lower_ia);
955 mutex_unlock(&lower_dentry->d_inode->i_mutex);
961 ecryptfs_permission(struct inode *inode, int mask)
963 return inode_permission(ecryptfs_inode_to_lower(inode), mask);
968 * @dentry: dentry handle to the inode to modify
969 * @ia: Structure with flags of what to change and values
971 * Updates the metadata of an inode. If the update is to the size
972 * i.e. truncation, then ecryptfs_truncate will handle the size modification
973 * of both the ecryptfs inode and the lower inode.
975 * All other metadata changes will be passed right to the lower filesystem,
976 * and we will just update our inode to look like the lower.
978 static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
981 struct dentry *lower_dentry;
982 struct iattr lower_ia;
984 struct inode *lower_inode;
985 struct ecryptfs_crypt_stat *crypt_stat;
987 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
988 if (!(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED))
989 ecryptfs_init_crypt_stat(crypt_stat);
990 inode = dentry->d_inode;
991 lower_inode = ecryptfs_inode_to_lower(inode);
992 lower_dentry = ecryptfs_dentry_to_lower(dentry);
993 mutex_lock(&crypt_stat->cs_mutex);
994 if (S_ISDIR(dentry->d_inode->i_mode))
995 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
996 else if (S_ISREG(dentry->d_inode->i_mode)
997 && (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
998 || !(crypt_stat->flags & ECRYPTFS_KEY_VALID))) {
999 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
1001 mount_crypt_stat = &ecryptfs_superblock_to_private(
1002 dentry->d_sb)->mount_crypt_stat;
1003 rc = ecryptfs_get_lower_file(dentry, inode);
1005 mutex_unlock(&crypt_stat->cs_mutex);
1008 rc = ecryptfs_read_metadata(dentry);
1009 ecryptfs_put_lower_file(inode);
1011 if (!(mount_crypt_stat->flags
1012 & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
1014 printk(KERN_WARNING "Either the lower file "
1015 "is not in a valid eCryptfs format, "
1016 "or the key could not be retrieved. "
1017 "Plaintext passthrough mode is not "
1018 "enabled; returning -EIO\n");
1019 mutex_unlock(&crypt_stat->cs_mutex);
1023 crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
1024 | ECRYPTFS_ENCRYPTED);
1027 mutex_unlock(&crypt_stat->cs_mutex);
1029 rc = inode_change_ok(inode, ia);
1032 if (ia->ia_valid & ATTR_SIZE) {
1033 rc = ecryptfs_inode_newsize_ok(inode, ia->ia_size);
1038 if (S_ISREG(inode->i_mode)) {
1039 rc = filemap_write_and_wait(inode->i_mapping);
1042 fsstack_copy_attr_all(inode, lower_inode);
1044 memcpy(&lower_ia, ia, sizeof(lower_ia));
1045 if (ia->ia_valid & ATTR_FILE)
1046 lower_ia.ia_file = ecryptfs_file_to_lower(ia->ia_file);
1047 if (ia->ia_valid & ATTR_SIZE) {
1048 rc = truncate_upper(dentry, ia, &lower_ia);
1054 * mode change is for clearing setuid/setgid bits. Allow lower fs
1055 * to interpret this in its own way.
1057 if (lower_ia.ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID))
1058 lower_ia.ia_valid &= ~ATTR_MODE;
1060 mutex_lock(&lower_dentry->d_inode->i_mutex);
1061 rc = notify_change(lower_dentry, &lower_ia);
1062 mutex_unlock(&lower_dentry->d_inode->i_mutex);
1064 fsstack_copy_attr_all(inode, lower_inode);
1068 int ecryptfs_getattr_link(struct vfsmount *mnt, struct dentry *dentry,
1071 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
1074 mount_crypt_stat = &ecryptfs_superblock_to_private(
1075 dentry->d_sb)->mount_crypt_stat;
1076 generic_fillattr(dentry->d_inode, stat);
1077 if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
1081 rc = ecryptfs_readlink_lower(dentry, &target, &targetsiz);
1084 stat->size = targetsiz;
1090 int ecryptfs_getattr(struct vfsmount *mnt, struct dentry *dentry,
1093 struct kstat lower_stat;
1096 rc = vfs_getattr(ecryptfs_dentry_to_lower_mnt(dentry),
1097 ecryptfs_dentry_to_lower(dentry), &lower_stat);
1099 fsstack_copy_attr_all(dentry->d_inode,
1100 ecryptfs_inode_to_lower(dentry->d_inode));
1101 generic_fillattr(dentry->d_inode, stat);
1102 stat->blocks = lower_stat.blocks;
1108 ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value,
1109 size_t size, int flags)
1112 struct dentry *lower_dentry;
1114 lower_dentry = ecryptfs_dentry_to_lower(dentry);
1115 if (!lower_dentry->d_inode->i_op->setxattr) {
1120 rc = vfs_setxattr(lower_dentry, name, value, size, flags);
1122 fsstack_copy_attr_all(dentry->d_inode, lower_dentry->d_inode);
1128 ecryptfs_getxattr_lower(struct dentry *lower_dentry, const char *name,
1129 void *value, size_t size)
1133 if (!lower_dentry->d_inode->i_op->getxattr) {
1137 mutex_lock(&lower_dentry->d_inode->i_mutex);
1138 rc = lower_dentry->d_inode->i_op->getxattr(lower_dentry, name, value,
1140 mutex_unlock(&lower_dentry->d_inode->i_mutex);
1146 ecryptfs_getxattr(struct dentry *dentry, const char *name, void *value,
1149 return ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry), name,
1154 ecryptfs_listxattr(struct dentry *dentry, char *list, size_t size)
1157 struct dentry *lower_dentry;
1159 lower_dentry = ecryptfs_dentry_to_lower(dentry);
1160 if (!lower_dentry->d_inode->i_op->listxattr) {
1164 mutex_lock(&lower_dentry->d_inode->i_mutex);
1165 rc = lower_dentry->d_inode->i_op->listxattr(lower_dentry, list, size);
1166 mutex_unlock(&lower_dentry->d_inode->i_mutex);
1171 static int ecryptfs_removexattr(struct dentry *dentry, const char *name)
1174 struct dentry *lower_dentry;
1176 lower_dentry = ecryptfs_dentry_to_lower(dentry);
1177 if (!lower_dentry->d_inode->i_op->removexattr) {
1181 mutex_lock(&lower_dentry->d_inode->i_mutex);
1182 rc = lower_dentry->d_inode->i_op->removexattr(lower_dentry, name);
1183 mutex_unlock(&lower_dentry->d_inode->i_mutex);
1188 const struct inode_operations ecryptfs_symlink_iops = {
1189 .readlink = ecryptfs_readlink,
1190 .follow_link = ecryptfs_follow_link,
1191 .put_link = ecryptfs_put_link,
1192 .permission = ecryptfs_permission,
1193 .setattr = ecryptfs_setattr,
1194 .getattr = ecryptfs_getattr_link,
1195 .setxattr = ecryptfs_setxattr,
1196 .getxattr = ecryptfs_getxattr,
1197 .listxattr = ecryptfs_listxattr,
1198 .removexattr = ecryptfs_removexattr
1201 const struct inode_operations ecryptfs_dir_iops = {
1202 .create = ecryptfs_create,
1203 .lookup = ecryptfs_lookup,
1204 .link = ecryptfs_link,
1205 .unlink = ecryptfs_unlink,
1206 .symlink = ecryptfs_symlink,
1207 .mkdir = ecryptfs_mkdir,
1208 .rmdir = ecryptfs_rmdir,
1209 .mknod = ecryptfs_mknod,
1210 .rename = ecryptfs_rename,
1211 .permission = ecryptfs_permission,
1212 .setattr = ecryptfs_setattr,
1213 .setxattr = ecryptfs_setxattr,
1214 .getxattr = ecryptfs_getxattr,
1215 .listxattr = ecryptfs_listxattr,
1216 .removexattr = ecryptfs_removexattr
1219 const struct inode_operations ecryptfs_main_iops = {
1220 .permission = ecryptfs_permission,
1221 .setattr = ecryptfs_setattr,
1222 .getattr = ecryptfs_getattr,
1223 .setxattr = ecryptfs_setxattr,
1224 .getxattr = ecryptfs_getxattr,
1225 .listxattr = ecryptfs_listxattr,
1226 .removexattr = ecryptfs_removexattr