2 * eCryptfs: Linux filesystem encryption layer
4 * Copyright (C) 1997-2004 Erez Zadok
5 * Copyright (C) 2001-2004 Stony Brook University
6 * Copyright (C) 2004-2007 International Business Machines Corp.
7 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com>
8 * Michael C. Thompsion <mcthomps@us.ibm.com>
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License as
12 * published by the Free Software Foundation; either version 2 of the
13 * License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
26 #include <linux/file.h>
27 #include <linux/vmalloc.h>
28 #include <linux/pagemap.h>
29 #include <linux/dcache.h>
30 #include <linux/namei.h>
31 #include <linux/mount.h>
32 #include <linux/crypto.h>
33 #include <linux/fs_stack.h>
34 #include <linux/slab.h>
35 #include <linux/xattr.h>
36 #include <asm/unaligned.h>
37 #include "ecryptfs_kernel.h"
39 static struct dentry *lock_parent(struct dentry *dentry)
43 dir = dget_parent(dentry);
44 mutex_lock_nested(&(dir->d_inode->i_mutex), I_MUTEX_PARENT);
48 static void unlock_dir(struct dentry *dir)
50 mutex_unlock(&dir->d_inode->i_mutex);
54 static int ecryptfs_inode_test(struct inode *inode, void *lower_inode)
56 if (ecryptfs_inode_to_lower(inode) == (struct inode *)lower_inode)
61 static int ecryptfs_inode_set(struct inode *inode, void *opaque)
63 struct inode *lower_inode = opaque;
65 ecryptfs_set_inode_lower(inode, lower_inode);
66 fsstack_copy_attr_all(inode, lower_inode);
67 /* i_size will be overwritten for encrypted regular files */
68 fsstack_copy_inode_size(inode, lower_inode);
69 inode->i_ino = lower_inode->i_ino;
71 inode->i_mapping->a_ops = &ecryptfs_aops;
73 if (S_ISLNK(inode->i_mode))
74 inode->i_op = &ecryptfs_symlink_iops;
75 else if (S_ISDIR(inode->i_mode))
76 inode->i_op = &ecryptfs_dir_iops;
78 inode->i_op = &ecryptfs_main_iops;
80 if (S_ISDIR(inode->i_mode))
81 inode->i_fop = &ecryptfs_dir_fops;
82 else if (special_file(inode->i_mode))
83 init_special_inode(inode, inode->i_mode, inode->i_rdev);
85 inode->i_fop = &ecryptfs_main_fops;
90 static struct inode *__ecryptfs_get_inode(struct inode *lower_inode,
91 struct super_block *sb)
95 if (lower_inode->i_sb != ecryptfs_superblock_to_lower(sb))
96 return ERR_PTR(-EXDEV);
97 if (!igrab(lower_inode))
98 return ERR_PTR(-ESTALE);
99 inode = iget5_locked(sb, (unsigned long)lower_inode,
100 ecryptfs_inode_test, ecryptfs_inode_set,
104 return ERR_PTR(-EACCES);
106 if (!(inode->i_state & I_NEW))
112 struct inode *ecryptfs_get_inode(struct inode *lower_inode,
113 struct super_block *sb)
115 struct inode *inode = __ecryptfs_get_inode(lower_inode, sb);
117 if (!IS_ERR(inode) && (inode->i_state & I_NEW))
118 unlock_new_inode(inode);
125 * @lower_dentry: Existing dentry in the lower filesystem
126 * @dentry: ecryptfs' dentry
127 * @sb: ecryptfs's super_block
129 * Interposes upper and lower dentries.
131 * Returns zero on success; non-zero otherwise
133 static int ecryptfs_interpose(struct dentry *lower_dentry,
134 struct dentry *dentry, struct super_block *sb)
136 struct inode *inode = ecryptfs_get_inode(lower_dentry->d_inode, sb);
139 return PTR_ERR(inode);
140 d_instantiate(dentry, inode);
146 * ecryptfs_create_underlying_file
147 * @lower_dir_inode: inode of the parent in the lower fs of the new file
148 * @dentry: New file's dentry
149 * @mode: The mode of the new file
150 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount
152 * Creates the file in the lower file system.
154 * Returns zero on success; non-zero on error condition
157 ecryptfs_create_underlying_file(struct inode *lower_dir_inode,
158 struct dentry *dentry, int mode,
159 struct nameidata *nd)
161 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
162 struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry);
163 struct dentry *dentry_save;
164 struct vfsmount *vfsmount_save;
165 unsigned int flags_save;
169 dentry_save = nd->path.dentry;
170 vfsmount_save = nd->path.mnt;
171 flags_save = nd->flags;
172 nd->path.dentry = lower_dentry;
173 nd->path.mnt = lower_mnt;
174 nd->flags &= ~LOOKUP_OPEN;
176 rc = vfs_create(lower_dir_inode, lower_dentry, mode, nd);
178 nd->path.dentry = dentry_save;
179 nd->path.mnt = vfsmount_save;
180 nd->flags = flags_save;
187 * @directory_inode: inode of the new file's dentry's parent in ecryptfs
188 * @ecryptfs_dentry: New file's dentry in ecryptfs
189 * @mode: The mode of the new file
190 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount
192 * Creates the underlying file and the eCryptfs inode which will link to
193 * it. It will also update the eCryptfs directory inode to mimic the
194 * stat of the lower directory inode.
196 * Returns zero on success; non-zero on error condition
199 ecryptfs_do_create(struct inode *directory_inode,
200 struct dentry *ecryptfs_dentry, int mode,
201 struct nameidata *nd)
204 struct dentry *lower_dentry;
205 struct dentry *lower_dir_dentry;
207 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
208 lower_dir_dentry = lock_parent(lower_dentry);
209 if (IS_ERR(lower_dir_dentry)) {
210 ecryptfs_printk(KERN_ERR, "Error locking directory of "
212 rc = PTR_ERR(lower_dir_dentry);
215 rc = ecryptfs_create_underlying_file(lower_dir_dentry->d_inode,
216 ecryptfs_dentry, mode, nd);
218 printk(KERN_ERR "%s: Failure to create dentry in lower fs; "
219 "rc = [%d]\n", __func__, rc);
222 rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry,
223 directory_inode->i_sb);
225 ecryptfs_printk(KERN_ERR, "Failure in ecryptfs_interpose\n");
228 fsstack_copy_attr_times(directory_inode, lower_dir_dentry->d_inode);
229 fsstack_copy_inode_size(directory_inode, lower_dir_dentry->d_inode);
231 unlock_dir(lower_dir_dentry);
237 * ecryptfs_initialize_file
239 * Cause the file to be changed from a basic empty file to an ecryptfs
240 * file with a header and first data page.
242 * Returns zero on success
244 static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
246 struct ecryptfs_crypt_stat *crypt_stat =
247 &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
250 if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
251 ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
252 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
255 ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
256 rc = ecryptfs_new_file_context(ecryptfs_dentry);
258 ecryptfs_printk(KERN_ERR, "Error creating new file "
259 "context; rc = [%d]\n", rc);
262 rc = ecryptfs_get_lower_file(ecryptfs_dentry,
263 ecryptfs_dentry->d_inode);
265 printk(KERN_ERR "%s: Error attempting to initialize "
266 "the lower file for the dentry with name "
267 "[%s]; rc = [%d]\n", __func__,
268 ecryptfs_dentry->d_name.name, rc);
271 rc = ecryptfs_write_metadata(ecryptfs_dentry);
273 printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
274 ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
281 * @dir: The inode of the directory in which to create the file.
282 * @dentry: The eCryptfs dentry
283 * @mode: The mode of the new file.
286 * Creates a new file.
288 * Returns zero on success; non-zero on error condition
291 ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry,
292 int mode, struct nameidata *nd)
296 /* ecryptfs_do_create() calls ecryptfs_interpose() */
297 rc = ecryptfs_do_create(directory_inode, ecryptfs_dentry, mode, nd);
299 ecryptfs_printk(KERN_WARNING, "Failed to create file in"
300 "lower filesystem\n");
303 /* At this point, a file exists on "disk"; we need to make sure
304 * that this on disk file is prepared to be an ecryptfs file */
305 rc = ecryptfs_initialize_file(ecryptfs_dentry);
310 static int ecryptfs_i_size_read(struct dentry *dentry, struct inode *inode)
312 struct ecryptfs_crypt_stat *crypt_stat;
315 rc = ecryptfs_get_lower_file(dentry, inode);
317 printk(KERN_ERR "%s: Error attempting to initialize "
318 "the lower file for the dentry with name "
319 "[%s]; rc = [%d]\n", __func__,
320 dentry->d_name.name, rc);
324 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
325 /* TODO: lock for crypt_stat comparison */
326 if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
327 ecryptfs_set_default_sizes(crypt_stat);
329 rc = ecryptfs_read_and_validate_header_region(inode);
330 ecryptfs_put_lower_file(inode);
332 rc = ecryptfs_read_and_validate_xattr_region(dentry, inode);
334 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
337 /* Must return 0 to allow non-eCryptfs files to be looked up, too */
342 * ecryptfs_lookup_interpose - Dentry interposition for a lookup
344 static int ecryptfs_lookup_interpose(struct dentry *dentry,
345 struct dentry *lower_dentry,
346 struct inode *dir_inode)
348 struct inode *inode, *lower_inode = lower_dentry->d_inode;
349 struct ecryptfs_dentry_info *dentry_info;
350 struct vfsmount *lower_mnt;
353 lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent));
354 fsstack_copy_attr_atime(dir_inode, lower_dentry->d_parent->d_inode);
355 BUG_ON(!lower_dentry->d_count);
357 dentry_info = kmem_cache_alloc(ecryptfs_dentry_info_cache, GFP_KERNEL);
358 ecryptfs_set_dentry_private(dentry, dentry_info);
360 printk(KERN_ERR "%s: Out of memory whilst attempting "
361 "to allocate ecryptfs_dentry_info struct\n",
368 ecryptfs_set_dentry_lower(dentry, lower_dentry);
369 ecryptfs_set_dentry_lower_mnt(dentry, lower_mnt);
371 if (!lower_dentry->d_inode) {
372 /* We want to add because we couldn't find in lower */
376 inode = __ecryptfs_get_inode(lower_inode, dir_inode->i_sb);
378 printk(KERN_ERR "%s: Error interposing; rc = [%ld]\n",
379 __func__, PTR_ERR(inode));
380 return PTR_ERR(inode);
382 if (S_ISREG(inode->i_mode)) {
383 rc = ecryptfs_i_size_read(dentry, inode);
385 make_bad_inode(inode);
390 if (inode->i_state & I_NEW)
391 unlock_new_inode(inode);
392 d_add(dentry, inode);
399 * @ecryptfs_dir_inode: The eCryptfs directory inode
400 * @ecryptfs_dentry: The eCryptfs dentry that we are looking up
401 * @ecryptfs_nd: nameidata; may be NULL
403 * Find a file on disk. If the file does not exist, then we'll add it to the
404 * dentry cache and continue on to read it from the disk.
406 static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
407 struct dentry *ecryptfs_dentry,
408 struct nameidata *ecryptfs_nd)
410 char *encrypted_and_encoded_name = NULL;
411 size_t encrypted_and_encoded_name_size;
412 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
413 struct dentry *lower_dir_dentry, *lower_dentry;
416 if ((ecryptfs_dentry->d_name.len == 1
417 && !strcmp(ecryptfs_dentry->d_name.name, "."))
418 || (ecryptfs_dentry->d_name.len == 2
419 && !strcmp(ecryptfs_dentry->d_name.name, ".."))) {
422 lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent);
423 mutex_lock(&lower_dir_dentry->d_inode->i_mutex);
424 lower_dentry = lookup_one_len(ecryptfs_dentry->d_name.name,
426 ecryptfs_dentry->d_name.len);
427 mutex_unlock(&lower_dir_dentry->d_inode->i_mutex);
428 if (IS_ERR(lower_dentry)) {
429 rc = PTR_ERR(lower_dentry);
430 ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
431 "[%d] on lower_dentry = [%s]\n", __func__, rc,
432 encrypted_and_encoded_name);
435 if (lower_dentry->d_inode)
437 mount_crypt_stat = &ecryptfs_superblock_to_private(
438 ecryptfs_dentry->d_sb)->mount_crypt_stat;
439 if (!(mount_crypt_stat
440 && (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)))
443 rc = ecryptfs_encrypt_and_encode_filename(
444 &encrypted_and_encoded_name, &encrypted_and_encoded_name_size,
445 NULL, mount_crypt_stat, ecryptfs_dentry->d_name.name,
446 ecryptfs_dentry->d_name.len);
448 printk(KERN_ERR "%s: Error attempting to encrypt and encode "
449 "filename; rc = [%d]\n", __func__, rc);
452 mutex_lock(&lower_dir_dentry->d_inode->i_mutex);
453 lower_dentry = lookup_one_len(encrypted_and_encoded_name,
455 encrypted_and_encoded_name_size);
456 mutex_unlock(&lower_dir_dentry->d_inode->i_mutex);
457 if (IS_ERR(lower_dentry)) {
458 rc = PTR_ERR(lower_dentry);
459 ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
460 "[%d] on lower_dentry = [%s]\n", __func__, rc,
461 encrypted_and_encoded_name);
465 rc = ecryptfs_lookup_interpose(ecryptfs_dentry, lower_dentry,
469 d_drop(ecryptfs_dentry);
471 kfree(encrypted_and_encoded_name);
475 static int ecryptfs_link(struct dentry *old_dentry, struct inode *dir,
476 struct dentry *new_dentry)
478 struct dentry *lower_old_dentry;
479 struct dentry *lower_new_dentry;
480 struct dentry *lower_dir_dentry;
484 file_size_save = i_size_read(old_dentry->d_inode);
485 lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
486 lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry);
487 dget(lower_old_dentry);
488 dget(lower_new_dentry);
489 lower_dir_dentry = lock_parent(lower_new_dentry);
490 rc = vfs_link(lower_old_dentry, lower_dir_dentry->d_inode,
492 if (rc || !lower_new_dentry->d_inode)
494 rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb);
497 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
498 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
499 old_dentry->d_inode->i_nlink =
500 ecryptfs_inode_to_lower(old_dentry->d_inode)->i_nlink;
501 i_size_write(new_dentry->d_inode, file_size_save);
503 unlock_dir(lower_dir_dentry);
504 dput(lower_new_dentry);
505 dput(lower_old_dentry);
509 static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry)
512 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
513 struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir);
514 struct dentry *lower_dir_dentry;
517 lower_dir_dentry = lock_parent(lower_dentry);
518 rc = vfs_unlink(lower_dir_inode, lower_dentry);
520 printk(KERN_ERR "Error in vfs_unlink; rc = [%d]\n", rc);
523 fsstack_copy_attr_times(dir, lower_dir_inode);
524 dentry->d_inode->i_nlink =
525 ecryptfs_inode_to_lower(dentry->d_inode)->i_nlink;
526 dentry->d_inode->i_ctime = dir->i_ctime;
529 unlock_dir(lower_dir_dentry);
534 static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry,
538 struct dentry *lower_dentry;
539 struct dentry *lower_dir_dentry;
540 char *encoded_symname;
541 size_t encoded_symlen;
542 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
544 lower_dentry = ecryptfs_dentry_to_lower(dentry);
546 lower_dir_dentry = lock_parent(lower_dentry);
547 mount_crypt_stat = &ecryptfs_superblock_to_private(
548 dir->i_sb)->mount_crypt_stat;
549 rc = ecryptfs_encrypt_and_encode_filename(&encoded_symname,
552 mount_crypt_stat, symname,
556 rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry,
558 kfree(encoded_symname);
559 if (rc || !lower_dentry->d_inode)
561 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
564 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
565 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
567 unlock_dir(lower_dir_dentry);
569 if (!dentry->d_inode)
574 static int ecryptfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
577 struct dentry *lower_dentry;
578 struct dentry *lower_dir_dentry;
580 lower_dentry = ecryptfs_dentry_to_lower(dentry);
581 lower_dir_dentry = lock_parent(lower_dentry);
582 rc = vfs_mkdir(lower_dir_dentry->d_inode, lower_dentry, mode);
583 if (rc || !lower_dentry->d_inode)
585 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
588 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
589 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
590 dir->i_nlink = lower_dir_dentry->d_inode->i_nlink;
592 unlock_dir(lower_dir_dentry);
593 if (!dentry->d_inode)
598 static int ecryptfs_rmdir(struct inode *dir, struct dentry *dentry)
600 struct dentry *lower_dentry;
601 struct dentry *lower_dir_dentry;
604 lower_dentry = ecryptfs_dentry_to_lower(dentry);
606 lower_dir_dentry = lock_parent(lower_dentry);
608 rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry);
610 if (!rc && dentry->d_inode)
611 clear_nlink(dentry->d_inode);
612 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
613 dir->i_nlink = lower_dir_dentry->d_inode->i_nlink;
614 unlock_dir(lower_dir_dentry);
622 ecryptfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
625 struct dentry *lower_dentry;
626 struct dentry *lower_dir_dentry;
628 lower_dentry = ecryptfs_dentry_to_lower(dentry);
629 lower_dir_dentry = lock_parent(lower_dentry);
630 rc = vfs_mknod(lower_dir_dentry->d_inode, lower_dentry, mode, dev);
631 if (rc || !lower_dentry->d_inode)
633 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
636 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
637 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
639 unlock_dir(lower_dir_dentry);
640 if (!dentry->d_inode)
646 ecryptfs_rename(struct inode *old_dir, struct dentry *old_dentry,
647 struct inode *new_dir, struct dentry *new_dentry)
650 struct dentry *lower_old_dentry;
651 struct dentry *lower_new_dentry;
652 struct dentry *lower_old_dir_dentry;
653 struct dentry *lower_new_dir_dentry;
654 struct dentry *trap = NULL;
656 lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry);
657 lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry);
658 dget(lower_old_dentry);
659 dget(lower_new_dentry);
660 lower_old_dir_dentry = dget_parent(lower_old_dentry);
661 lower_new_dir_dentry = dget_parent(lower_new_dentry);
662 trap = lock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
663 /* source should not be ancestor of target */
664 if (trap == lower_old_dentry) {
668 /* target should not be ancestor of source */
669 if (trap == lower_new_dentry) {
673 rc = vfs_rename(lower_old_dir_dentry->d_inode, lower_old_dentry,
674 lower_new_dir_dentry->d_inode, lower_new_dentry);
677 fsstack_copy_attr_all(new_dir, lower_new_dir_dentry->d_inode);
678 if (new_dir != old_dir)
679 fsstack_copy_attr_all(old_dir, lower_old_dir_dentry->d_inode);
681 unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
682 dput(lower_new_dir_dentry);
683 dput(lower_old_dir_dentry);
684 dput(lower_new_dentry);
685 dput(lower_old_dentry);
689 static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf,
692 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
694 size_t lower_bufsiz = PATH_MAX;
698 lower_buf = kmalloc(lower_bufsiz, GFP_KERNEL);
705 rc = lower_dentry->d_inode->i_op->readlink(lower_dentry,
706 (char __user *)lower_buf,
712 rc = ecryptfs_decode_and_decrypt_filename(buf, bufsiz, dentry,
713 lower_buf, lower_bufsiz);
720 ecryptfs_readlink(struct dentry *dentry, char __user *buf, int bufsiz)
723 size_t kbufsiz, copied;
726 rc = ecryptfs_readlink_lower(dentry, &kbuf, &kbufsiz);
729 copied = min_t(size_t, bufsiz, kbufsiz);
730 rc = copy_to_user(buf, kbuf, copied) ? -EFAULT : copied;
732 fsstack_copy_attr_atime(dentry->d_inode,
733 ecryptfs_dentry_to_lower(dentry)->d_inode);
738 static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd)
741 int len = PAGE_SIZE, rc;
744 /* Released in ecryptfs_put_link(); only release here on error */
745 buf = kmalloc(len, GFP_KERNEL);
747 buf = ERR_PTR(-ENOMEM);
752 rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len);
760 nd_set_link(nd, buf);
765 ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr)
767 char *buf = nd_get_link(nd);
775 * upper_size_to_lower_size
776 * @crypt_stat: Crypt_stat associated with file
777 * @upper_size: Size of the upper file
779 * Calculate the required size of the lower file based on the
780 * specified size of the upper file. This calculation is based on the
781 * number of headers in the underlying file and the extent size.
783 * Returns Calculated size of the lower file.
786 upper_size_to_lower_size(struct ecryptfs_crypt_stat *crypt_stat,
791 lower_size = ecryptfs_lower_header_size(crypt_stat);
792 if (upper_size != 0) {
795 num_extents = upper_size >> crypt_stat->extent_shift;
796 if (upper_size & ~crypt_stat->extent_mask)
798 lower_size += (num_extents * crypt_stat->extent_size);
805 * @dentry: The ecryptfs layer dentry
806 * @ia: Address of the ecryptfs inode's attributes
807 * @lower_ia: Address of the lower inode's attributes
809 * Function to handle truncations modifying the size of the file. Note
810 * that the file sizes are interpolated. When expanding, we are simply
811 * writing strings of 0's out. When truncating, we truncate the upper
812 * inode and update the lower_ia according to the page index
813 * interpolations. If ATTR_SIZE is set in lower_ia->ia_valid upon return,
814 * the caller must use lower_ia in a call to notify_change() to perform
815 * the truncation of the lower inode.
817 * Returns zero on success; non-zero otherwise
819 static int truncate_upper(struct dentry *dentry, struct iattr *ia,
820 struct iattr *lower_ia)
823 struct inode *inode = dentry->d_inode;
824 struct ecryptfs_crypt_stat *crypt_stat;
825 loff_t i_size = i_size_read(inode);
826 loff_t lower_size_before_truncate;
827 loff_t lower_size_after_truncate;
829 if (unlikely((ia->ia_size == i_size))) {
830 lower_ia->ia_valid &= ~ATTR_SIZE;
833 rc = ecryptfs_get_lower_file(dentry, inode);
836 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
837 /* Switch on growing or shrinking file */
838 if (ia->ia_size > i_size) {
839 char zero[] = { 0x00 };
841 lower_ia->ia_valid &= ~ATTR_SIZE;
842 /* Write a single 0 at the last position of the file;
843 * this triggers code that will fill in 0's throughout
844 * the intermediate portion of the previous end of the
845 * file and the new and of the file */
846 rc = ecryptfs_write(inode, zero,
847 (ia->ia_size - 1), 1);
848 } else { /* ia->ia_size < i_size_read(inode) */
849 /* We're chopping off all the pages down to the page
850 * in which ia->ia_size is located. Fill in the end of
851 * that page from (ia->ia_size & ~PAGE_CACHE_MASK) to
852 * PAGE_CACHE_SIZE with zeros. */
853 size_t num_zeros = (PAGE_CACHE_SIZE
854 - (ia->ia_size & ~PAGE_CACHE_MASK));
858 * XXX(truncate) this should really happen at the begginning
859 * of ->setattr. But the code is too messy to that as part
860 * of a larger patch. ecryptfs is also totally missing out
861 * on the inode_change_ok check at the beginning of
862 * ->setattr while would include this.
864 rc = inode_newsize_ok(inode, ia->ia_size);
868 if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
869 truncate_setsize(inode, ia->ia_size);
870 lower_ia->ia_size = ia->ia_size;
871 lower_ia->ia_valid |= ATTR_SIZE;
877 zeros_virt = kzalloc(num_zeros, GFP_KERNEL);
882 rc = ecryptfs_write(inode, zeros_virt,
883 ia->ia_size, num_zeros);
886 printk(KERN_ERR "Error attempting to zero out "
887 "the remainder of the end page on "
888 "reducing truncate; rc = [%d]\n", rc);
892 truncate_setsize(inode, ia->ia_size);
893 rc = ecryptfs_write_inode_size_to_metadata(inode);
895 printk(KERN_ERR "Problem with "
896 "ecryptfs_write_inode_size_to_metadata; "
900 /* We are reducing the size of the ecryptfs file, and need to
901 * know if we need to reduce the size of the lower file. */
902 lower_size_before_truncate =
903 upper_size_to_lower_size(crypt_stat, i_size);
904 lower_size_after_truncate =
905 upper_size_to_lower_size(crypt_stat, ia->ia_size);
906 if (lower_size_after_truncate < lower_size_before_truncate) {
907 lower_ia->ia_size = lower_size_after_truncate;
908 lower_ia->ia_valid |= ATTR_SIZE;
910 lower_ia->ia_valid &= ~ATTR_SIZE;
913 ecryptfs_put_lower_file(inode);
919 * @dentry: The ecryptfs layer dentry
920 * @new_length: The length to expand the file to
922 * Simple function that handles the truncation of an eCryptfs inode and
923 * its corresponding lower inode.
925 * Returns zero on success; non-zero otherwise
927 int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
929 struct iattr ia = { .ia_valid = ATTR_SIZE, .ia_size = new_length };
930 struct iattr lower_ia = { .ia_valid = 0 };
933 rc = truncate_upper(dentry, &ia, &lower_ia);
934 if (!rc && lower_ia.ia_valid & ATTR_SIZE) {
935 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
937 mutex_lock(&lower_dentry->d_inode->i_mutex);
938 rc = notify_change(lower_dentry, &lower_ia);
939 mutex_unlock(&lower_dentry->d_inode->i_mutex);
945 ecryptfs_permission(struct inode *inode, int mask, unsigned int flags)
947 if (flags & IPERM_FLAG_RCU)
949 return inode_permission(ecryptfs_inode_to_lower(inode), mask);
954 * @dentry: dentry handle to the inode to modify
955 * @ia: Structure with flags of what to change and values
957 * Updates the metadata of an inode. If the update is to the size
958 * i.e. truncation, then ecryptfs_truncate will handle the size modification
959 * of both the ecryptfs inode and the lower inode.
961 * All other metadata changes will be passed right to the lower filesystem,
962 * and we will just update our inode to look like the lower.
964 static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
967 struct dentry *lower_dentry;
968 struct iattr lower_ia;
970 struct inode *lower_inode;
971 struct ecryptfs_crypt_stat *crypt_stat;
973 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
974 if (!(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED))
975 ecryptfs_init_crypt_stat(crypt_stat);
976 inode = dentry->d_inode;
977 lower_inode = ecryptfs_inode_to_lower(inode);
978 lower_dentry = ecryptfs_dentry_to_lower(dentry);
979 mutex_lock(&crypt_stat->cs_mutex);
980 if (S_ISDIR(dentry->d_inode->i_mode))
981 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
982 else if (S_ISREG(dentry->d_inode->i_mode)
983 && (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
984 || !(crypt_stat->flags & ECRYPTFS_KEY_VALID))) {
985 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
987 mount_crypt_stat = &ecryptfs_superblock_to_private(
988 dentry->d_sb)->mount_crypt_stat;
989 rc = ecryptfs_get_lower_file(dentry, inode);
991 mutex_unlock(&crypt_stat->cs_mutex);
994 rc = ecryptfs_read_metadata(dentry);
995 ecryptfs_put_lower_file(inode);
997 if (!(mount_crypt_stat->flags
998 & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
1000 printk(KERN_WARNING "Either the lower file "
1001 "is not in a valid eCryptfs format, "
1002 "or the key could not be retrieved. "
1003 "Plaintext passthrough mode is not "
1004 "enabled; returning -EIO\n");
1005 mutex_unlock(&crypt_stat->cs_mutex);
1009 crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
1010 | ECRYPTFS_ENCRYPTED);
1013 mutex_unlock(&crypt_stat->cs_mutex);
1014 if (S_ISREG(inode->i_mode)) {
1015 rc = filemap_write_and_wait(inode->i_mapping);
1018 fsstack_copy_attr_all(inode, lower_inode);
1020 memcpy(&lower_ia, ia, sizeof(lower_ia));
1021 if (ia->ia_valid & ATTR_FILE)
1022 lower_ia.ia_file = ecryptfs_file_to_lower(ia->ia_file);
1023 if (ia->ia_valid & ATTR_SIZE) {
1024 rc = truncate_upper(dentry, ia, &lower_ia);
1030 * mode change is for clearing setuid/setgid bits. Allow lower fs
1031 * to interpret this in its own way.
1033 if (lower_ia.ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID))
1034 lower_ia.ia_valid &= ~ATTR_MODE;
1036 mutex_lock(&lower_dentry->d_inode->i_mutex);
1037 rc = notify_change(lower_dentry, &lower_ia);
1038 mutex_unlock(&lower_dentry->d_inode->i_mutex);
1040 fsstack_copy_attr_all(inode, lower_inode);
1044 int ecryptfs_getattr_link(struct vfsmount *mnt, struct dentry *dentry,
1047 struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
1050 mount_crypt_stat = &ecryptfs_superblock_to_private(
1051 dentry->d_sb)->mount_crypt_stat;
1052 generic_fillattr(dentry->d_inode, stat);
1053 if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
1057 rc = ecryptfs_readlink_lower(dentry, &target, &targetsiz);
1060 stat->size = targetsiz;
1066 int ecryptfs_getattr(struct vfsmount *mnt, struct dentry *dentry,
1069 struct kstat lower_stat;
1072 rc = vfs_getattr(ecryptfs_dentry_to_lower_mnt(dentry),
1073 ecryptfs_dentry_to_lower(dentry), &lower_stat);
1075 fsstack_copy_attr_all(dentry->d_inode,
1076 ecryptfs_inode_to_lower(dentry->d_inode));
1077 generic_fillattr(dentry->d_inode, stat);
1078 stat->blocks = lower_stat.blocks;
1084 ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value,
1085 size_t size, int flags)
1088 struct dentry *lower_dentry;
1090 lower_dentry = ecryptfs_dentry_to_lower(dentry);
1091 if (!lower_dentry->d_inode->i_op->setxattr) {
1096 rc = vfs_setxattr(lower_dentry, name, value, size, flags);
1102 ecryptfs_getxattr_lower(struct dentry *lower_dentry, const char *name,
1103 void *value, size_t size)
1107 if (!lower_dentry->d_inode->i_op->getxattr) {
1111 mutex_lock(&lower_dentry->d_inode->i_mutex);
1112 rc = lower_dentry->d_inode->i_op->getxattr(lower_dentry, name, value,
1114 mutex_unlock(&lower_dentry->d_inode->i_mutex);
1120 ecryptfs_getxattr(struct dentry *dentry, const char *name, void *value,
1123 return ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry), name,
1128 ecryptfs_listxattr(struct dentry *dentry, char *list, size_t size)
1131 struct dentry *lower_dentry;
1133 lower_dentry = ecryptfs_dentry_to_lower(dentry);
1134 if (!lower_dentry->d_inode->i_op->listxattr) {
1138 mutex_lock(&lower_dentry->d_inode->i_mutex);
1139 rc = lower_dentry->d_inode->i_op->listxattr(lower_dentry, list, size);
1140 mutex_unlock(&lower_dentry->d_inode->i_mutex);
1145 static int ecryptfs_removexattr(struct dentry *dentry, const char *name)
1148 struct dentry *lower_dentry;
1150 lower_dentry = ecryptfs_dentry_to_lower(dentry);
1151 if (!lower_dentry->d_inode->i_op->removexattr) {
1155 mutex_lock(&lower_dentry->d_inode->i_mutex);
1156 rc = lower_dentry->d_inode->i_op->removexattr(lower_dentry, name);
1157 mutex_unlock(&lower_dentry->d_inode->i_mutex);
1162 const struct inode_operations ecryptfs_symlink_iops = {
1163 .readlink = ecryptfs_readlink,
1164 .follow_link = ecryptfs_follow_link,
1165 .put_link = ecryptfs_put_link,
1166 .permission = ecryptfs_permission,
1167 .setattr = ecryptfs_setattr,
1168 .getattr = ecryptfs_getattr_link,
1169 .setxattr = ecryptfs_setxattr,
1170 .getxattr = ecryptfs_getxattr,
1171 .listxattr = ecryptfs_listxattr,
1172 .removexattr = ecryptfs_removexattr
1175 const struct inode_operations ecryptfs_dir_iops = {
1176 .create = ecryptfs_create,
1177 .lookup = ecryptfs_lookup,
1178 .link = ecryptfs_link,
1179 .unlink = ecryptfs_unlink,
1180 .symlink = ecryptfs_symlink,
1181 .mkdir = ecryptfs_mkdir,
1182 .rmdir = ecryptfs_rmdir,
1183 .mknod = ecryptfs_mknod,
1184 .rename = ecryptfs_rename,
1185 .permission = ecryptfs_permission,
1186 .setattr = ecryptfs_setattr,
1187 .setxattr = ecryptfs_setxattr,
1188 .getxattr = ecryptfs_getxattr,
1189 .listxattr = ecryptfs_listxattr,
1190 .removexattr = ecryptfs_removexattr
1193 const struct inode_operations ecryptfs_main_iops = {
1194 .permission = ecryptfs_permission,
1195 .setattr = ecryptfs_setattr,
1196 .getattr = ecryptfs_getattr,
1197 .setxattr = ecryptfs_setxattr,
1198 .getxattr = ecryptfs_getxattr,
1199 .listxattr = ecryptfs_listxattr,
1200 .removexattr = ecryptfs_removexattr
git.openpandora.org / pandora-kernel.git / blob