1 | /* SPDX-License-Identifier: GPL-2.0 */ |
2 | /* |
3 | * fscrypt.h: declarations for per-file encryption |
4 | * |
5 | * Filesystems that implement per-file encryption must include this header |
6 | * file. |
7 | * |
8 | * Copyright (C) 2015, Google, Inc. |
9 | * |
10 | * Written by Michael Halcrow, 2015. |
11 | * Modified by Jaegeuk Kim, 2015. |
12 | */ |
13 | #ifndef _LINUX_FSCRYPT_H |
14 | #define _LINUX_FSCRYPT_H |
15 | |
16 | #include <linux/fs.h> |
17 | #include <linux/mm.h> |
18 | #include <linux/slab.h> |
19 | #include <uapi/linux/fscrypt.h> |
20 | |
21 | /* |
22 | * The lengths of all file contents blocks must be divisible by this value. |
23 | * This is needed to ensure that all contents encryption modes will work, as |
24 | * some of the supported modes don't support arbitrarily byte-aligned messages. |
25 | * |
26 | * Since the needed alignment is 16 bytes, most filesystems will meet this |
27 | * requirement naturally, as typical block sizes are powers of 2. However, if a |
28 | * filesystem can generate arbitrarily byte-aligned block lengths (e.g., via |
29 | * compression), then it will need to pad to this alignment before encryption. |
30 | */ |
31 | #define FSCRYPT_CONTENTS_ALIGNMENT 16 |
32 | |
33 | union fscrypt_policy; |
34 | struct fscrypt_inode_info; |
35 | struct fs_parameter; |
36 | struct seq_file; |
37 | |
38 | struct fscrypt_str { |
39 | unsigned char *name; |
40 | u32 len; |
41 | }; |
42 | |
43 | struct fscrypt_name { |
44 | const struct qstr *usr_fname; |
45 | struct fscrypt_str disk_name; |
46 | u32 hash; |
47 | u32 minor_hash; |
48 | struct fscrypt_str crypto_buf; |
49 | bool is_nokey_name; |
50 | }; |
51 | |
52 | #define FSTR_INIT(n, l) { .name = n, .len = l } |
53 | #define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len) |
54 | #define fname_name(p) ((p)->disk_name.name) |
55 | #define fname_len(p) ((p)->disk_name.len) |
56 | |
57 | /* Maximum value for the third parameter of fscrypt_operations.set_context(). */ |
58 | #define FSCRYPT_SET_CONTEXT_MAX_SIZE 40 |
59 | |
60 | #ifdef CONFIG_FS_ENCRYPTION |
61 | |
62 | /* Crypto operations for filesystems */ |
63 | struct fscrypt_operations { |
64 | |
65 | /* |
66 | * If set, then fs/crypto/ will allocate a global bounce page pool the |
67 | * first time an encryption key is set up for a file. The bounce page |
68 | * pool is required by the following functions: |
69 | * |
70 | * - fscrypt_encrypt_pagecache_blocks() |
71 | * - fscrypt_zeroout_range() for files not using inline crypto |
72 | * |
73 | * If the filesystem doesn't use those, it doesn't need to set this. |
74 | */ |
75 | unsigned int needs_bounce_pages : 1; |
76 | |
77 | /* |
78 | * If set, then fs/crypto/ will allow the use of encryption settings |
79 | * that assume inode numbers fit in 32 bits (i.e. |
80 | * FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64}), provided that the other |
81 | * prerequisites for these settings are also met. This is only useful |
82 | * if the filesystem wants to support inline encryption hardware that is |
83 | * limited to 32-bit or 64-bit data unit numbers and where programming |
84 | * keyslots is very slow. |
85 | */ |
86 | unsigned int has_32bit_inodes : 1; |
87 | |
88 | /* |
89 | * If set, then fs/crypto/ will allow users to select a crypto data unit |
90 | * size that is less than the filesystem block size. This is done via |
91 | * the log2_data_unit_size field of the fscrypt policy. This flag is |
92 | * not compatible with filesystems that encrypt variable-length blocks |
93 | * (i.e. blocks that aren't all equal to filesystem's block size), for |
94 | * example as a result of compression. It's also not compatible with |
95 | * the fscrypt_encrypt_block_inplace() and |
96 | * fscrypt_decrypt_block_inplace() functions. |
97 | */ |
98 | unsigned int supports_subblock_data_units : 1; |
99 | |
100 | /* |
101 | * This field exists only for backwards compatibility reasons and should |
102 | * only be set by the filesystems that are setting it already. It |
103 | * contains the filesystem-specific key description prefix that is |
104 | * accepted for "logon" keys for v1 fscrypt policies. This |
105 | * functionality is deprecated in favor of the generic prefix |
106 | * "fscrypt:", which itself is deprecated in favor of the filesystem |
107 | * keyring ioctls such as FS_IOC_ADD_ENCRYPTION_KEY. Filesystems that |
108 | * are newly adding fscrypt support should not set this field. |
109 | */ |
110 | const char *legacy_key_prefix; |
111 | |
112 | /* |
113 | * Get the fscrypt context of the given inode. |
114 | * |
115 | * @inode: the inode whose context to get |
116 | * @ctx: the buffer into which to get the context |
117 | * @len: length of the @ctx buffer in bytes |
118 | * |
119 | * Return: On success, returns the length of the context in bytes; this |
120 | * may be less than @len. On failure, returns -ENODATA if the |
121 | * inode doesn't have a context, -ERANGE if the context is |
122 | * longer than @len, or another -errno code. |
123 | */ |
124 | int (*get_context)(struct inode *inode, void *ctx, size_t len); |
125 | |
126 | /* |
127 | * Set an fscrypt context on the given inode. |
128 | * |
129 | * @inode: the inode whose context to set. The inode won't already have |
130 | * an fscrypt context. |
131 | * @ctx: the context to set |
132 | * @len: length of @ctx in bytes (at most FSCRYPT_SET_CONTEXT_MAX_SIZE) |
133 | * @fs_data: If called from fscrypt_set_context(), this will be the |
134 | * value the filesystem passed to fscrypt_set_context(). |
135 | * Otherwise (i.e. when called from |
136 | * FS_IOC_SET_ENCRYPTION_POLICY) this will be NULL. |
137 | * |
138 | * i_rwsem will be held for write. |
139 | * |
140 | * Return: 0 on success, -errno on failure. |
141 | */ |
142 | int (*set_context)(struct inode *inode, const void *ctx, size_t len, |
143 | void *fs_data); |
144 | |
145 | /* |
146 | * Get the dummy fscrypt policy in use on the filesystem (if any). |
147 | * |
148 | * Filesystems only need to implement this function if they support the |
149 | * test_dummy_encryption mount option. |
150 | * |
151 | * Return: A pointer to the dummy fscrypt policy, if the filesystem is |
152 | * mounted with test_dummy_encryption; otherwise NULL. |
153 | */ |
154 | const union fscrypt_policy *(*get_dummy_policy)(struct super_block *sb); |
155 | |
156 | /* |
157 | * Check whether a directory is empty. i_rwsem will be held for write. |
158 | */ |
159 | bool (*empty_dir)(struct inode *inode); |
160 | |
161 | /* |
162 | * Check whether the filesystem's inode numbers and UUID are stable, |
163 | * meaning that they will never be changed even by offline operations |
164 | * such as filesystem shrinking and therefore can be used in the |
165 | * encryption without the possibility of files becoming unreadable. |
166 | * |
167 | * Filesystems only need to implement this function if they want to |
168 | * support the FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64} flags. These |
169 | * flags are designed to work around the limitations of UFS and eMMC |
170 | * inline crypto hardware, and they shouldn't be used in scenarios where |
171 | * such hardware isn't being used. |
172 | * |
173 | * Leaving this NULL is equivalent to always returning false. |
174 | */ |
175 | bool (*has_stable_inodes)(struct super_block *sb); |
176 | |
177 | /* |
178 | * Return an array of pointers to the block devices to which the |
179 | * filesystem may write encrypted file contents, NULL if the filesystem |
180 | * only has a single such block device, or an ERR_PTR() on error. |
181 | * |
182 | * On successful non-NULL return, *num_devs is set to the number of |
183 | * devices in the returned array. The caller must free the returned |
184 | * array using kfree(). |
185 | * |
186 | * If the filesystem can use multiple block devices (other than block |
187 | * devices that aren't used for encrypted file contents, such as |
188 | * external journal devices), and wants to support inline encryption, |
189 | * then it must implement this function. Otherwise it's not needed. |
190 | */ |
191 | struct block_device **(*get_devices)(struct super_block *sb, |
192 | unsigned int *num_devs); |
193 | }; |
194 | |
195 | int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags); |
196 | |
197 | static inline struct fscrypt_inode_info * |
198 | fscrypt_get_inode_info(const struct inode *inode) |
199 | { |
200 | /* |
201 | * Pairs with the cmpxchg_release() in fscrypt_setup_encryption_info(). |
202 | * I.e., another task may publish ->i_crypt_info concurrently, executing |
203 | * a RELEASE barrier. We need to use smp_load_acquire() here to safely |
204 | * ACQUIRE the memory the other task published. |
205 | */ |
206 | return smp_load_acquire(&inode->i_crypt_info); |
207 | } |
208 | |
209 | /** |
210 | * fscrypt_needs_contents_encryption() - check whether an inode needs |
211 | * contents encryption |
212 | * @inode: the inode to check |
213 | * |
214 | * Return: %true iff the inode is an encrypted regular file and the kernel was |
215 | * built with fscrypt support. |
216 | * |
217 | * If you need to know whether the encrypt bit is set even when the kernel was |
218 | * built without fscrypt support, you must use IS_ENCRYPTED() directly instead. |
219 | */ |
220 | static inline bool fscrypt_needs_contents_encryption(const struct inode *inode) |
221 | { |
222 | return IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode); |
223 | } |
224 | |
225 | /* |
226 | * When d_splice_alias() moves a directory's no-key alias to its |
227 | * plaintext alias as a result of the encryption key being added, |
228 | * DCACHE_NOKEY_NAME must be cleared and there might be an opportunity |
229 | * to disable d_revalidate. Note that we don't have to support the |
230 | * inverse operation because fscrypt doesn't allow no-key names to be |
231 | * the source or target of a rename(). |
232 | */ |
233 | static inline void fscrypt_handle_d_move(struct dentry *dentry) |
234 | { |
235 | /* |
236 | * VFS calls fscrypt_handle_d_move even for non-fscrypt |
237 | * filesystems. |
238 | */ |
239 | if (dentry->d_flags & DCACHE_NOKEY_NAME) { |
240 | dentry->d_flags &= ~DCACHE_NOKEY_NAME; |
241 | |
242 | /* |
243 | * Other filesystem features might be handling dentry |
244 | * revalidation, in which case it cannot be disabled. |
245 | */ |
246 | if (dentry->d_op->d_revalidate == fscrypt_d_revalidate) |
247 | dentry->d_flags &= ~DCACHE_OP_REVALIDATE; |
248 | } |
249 | } |
250 | |
251 | /** |
252 | * fscrypt_is_nokey_name() - test whether a dentry is a no-key name |
253 | * @dentry: the dentry to check |
254 | * |
255 | * This returns true if the dentry is a no-key dentry. A no-key dentry is a |
256 | * dentry that was created in an encrypted directory that hasn't had its |
257 | * encryption key added yet. Such dentries may be either positive or negative. |
258 | * |
259 | * When a filesystem is asked to create a new filename in an encrypted directory |
260 | * and the new filename's dentry is a no-key dentry, it must fail the operation |
261 | * with ENOKEY. This includes ->create(), ->mkdir(), ->mknod(), ->symlink(), |
262 | * ->rename(), and ->link(). (However, ->rename() and ->link() are already |
263 | * handled by fscrypt_prepare_rename() and fscrypt_prepare_link().) |
264 | * |
265 | * This is necessary because creating a filename requires the directory's |
266 | * encryption key, but just checking for the key on the directory inode during |
267 | * the final filesystem operation doesn't guarantee that the key was available |
268 | * during the preceding dentry lookup. And the key must have already been |
269 | * available during the dentry lookup in order for it to have been checked |
270 | * whether the filename already exists in the directory and for the new file's |
271 | * dentry not to be invalidated due to it incorrectly having the no-key flag. |
272 | * |
273 | * Return: %true if the dentry is a no-key name |
274 | */ |
275 | static inline bool fscrypt_is_nokey_name(const struct dentry *dentry) |
276 | { |
277 | return dentry->d_flags & DCACHE_NOKEY_NAME; |
278 | } |
279 | |
280 | static inline void fscrypt_prepare_dentry(struct dentry *dentry, |
281 | bool is_nokey_name) |
282 | { |
283 | /* |
284 | * This code tries to only take ->d_lock when necessary to write |
285 | * to ->d_flags. We shouldn't be peeking on d_flags for |
286 | * DCACHE_OP_REVALIDATE unlocked, but in the unlikely case |
287 | * there is a race, the worst it can happen is that we fail to |
288 | * unset DCACHE_OP_REVALIDATE and pay the cost of an extra |
289 | * d_revalidate. |
290 | */ |
291 | if (is_nokey_name) { |
292 | spin_lock(lock: &dentry->d_lock); |
293 | dentry->d_flags |= DCACHE_NOKEY_NAME; |
294 | spin_unlock(lock: &dentry->d_lock); |
295 | } else if (dentry->d_flags & DCACHE_OP_REVALIDATE && |
296 | dentry->d_op->d_revalidate == fscrypt_d_revalidate) { |
297 | /* |
298 | * Unencrypted dentries and encrypted dentries where the |
299 | * key is available are always valid from fscrypt |
300 | * perspective. Avoid the cost of calling |
301 | * fscrypt_d_revalidate unnecessarily. |
302 | */ |
303 | spin_lock(lock: &dentry->d_lock); |
304 | dentry->d_flags &= ~DCACHE_OP_REVALIDATE; |
305 | spin_unlock(lock: &dentry->d_lock); |
306 | } |
307 | } |
308 | |
309 | /* crypto.c */ |
310 | void fscrypt_enqueue_decrypt_work(struct work_struct *); |
311 | |
312 | struct page *fscrypt_encrypt_pagecache_blocks(struct page *page, |
313 | unsigned int len, |
314 | unsigned int offs, |
315 | gfp_t gfp_flags); |
316 | int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page, |
317 | unsigned int len, unsigned int offs, |
318 | u64 lblk_num, gfp_t gfp_flags); |
319 | |
320 | int fscrypt_decrypt_pagecache_blocks(struct folio *folio, size_t len, |
321 | size_t offs); |
322 | int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page, |
323 | unsigned int len, unsigned int offs, |
324 | u64 lblk_num); |
325 | |
326 | static inline bool fscrypt_is_bounce_page(struct page *page) |
327 | { |
328 | return page->mapping == NULL; |
329 | } |
330 | |
331 | static inline struct page *fscrypt_pagecache_page(struct page *bounce_page) |
332 | { |
333 | return (struct page *)page_private(bounce_page); |
334 | } |
335 | |
336 | static inline bool fscrypt_is_bounce_folio(struct folio *folio) |
337 | { |
338 | return folio->mapping == NULL; |
339 | } |
340 | |
341 | static inline struct folio *fscrypt_pagecache_folio(struct folio *bounce_folio) |
342 | { |
343 | return bounce_folio->private; |
344 | } |
345 | |
346 | void fscrypt_free_bounce_page(struct page *bounce_page); |
347 | |
348 | /* policy.c */ |
349 | int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg); |
350 | int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg); |
351 | int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *arg); |
352 | int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg); |
353 | int fscrypt_has_permitted_context(struct inode *parent, struct inode *child); |
354 | int fscrypt_context_for_new_inode(void *ctx, struct inode *inode); |
355 | int fscrypt_set_context(struct inode *inode, void *fs_data); |
356 | |
357 | struct fscrypt_dummy_policy { |
358 | const union fscrypt_policy *policy; |
359 | }; |
360 | |
361 | int fscrypt_parse_test_dummy_encryption(const struct fs_parameter *param, |
362 | struct fscrypt_dummy_policy *dummy_policy); |
363 | bool fscrypt_dummy_policies_equal(const struct fscrypt_dummy_policy *p1, |
364 | const struct fscrypt_dummy_policy *p2); |
365 | void fscrypt_show_test_dummy_encryption(struct seq_file *seq, char sep, |
366 | struct super_block *sb); |
367 | static inline bool |
368 | fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy *dummy_policy) |
369 | { |
370 | return dummy_policy->policy != NULL; |
371 | } |
372 | static inline void |
373 | fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy) |
374 | { |
375 | kfree(objp: dummy_policy->policy); |
376 | dummy_policy->policy = NULL; |
377 | } |
378 | |
379 | /* keyring.c */ |
380 | void fscrypt_destroy_keyring(struct super_block *sb); |
381 | int fscrypt_ioctl_add_key(struct file *filp, void __user *arg); |
382 | int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg); |
383 | int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *arg); |
384 | int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg); |
385 | |
386 | /* keysetup.c */ |
387 | int fscrypt_prepare_new_inode(struct inode *dir, struct inode *inode, |
388 | bool *encrypt_ret); |
389 | void fscrypt_put_encryption_info(struct inode *inode); |
390 | void fscrypt_free_inode(struct inode *inode); |
391 | int fscrypt_drop_inode(struct inode *inode); |
392 | |
393 | /* fname.c */ |
394 | int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname, |
395 | u8 *out, unsigned int olen); |
396 | bool fscrypt_fname_encrypted_size(const struct inode *inode, u32 orig_len, |
397 | u32 max_len, u32 *encrypted_len_ret); |
398 | int fscrypt_setup_filename(struct inode *inode, const struct qstr *iname, |
399 | int lookup, struct fscrypt_name *fname); |
400 | |
401 | static inline void fscrypt_free_filename(struct fscrypt_name *fname) |
402 | { |
403 | kfree(objp: fname->crypto_buf.name); |
404 | } |
405 | |
406 | int fscrypt_fname_alloc_buffer(u32 max_encrypted_len, |
407 | struct fscrypt_str *crypto_str); |
408 | void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str); |
409 | int fscrypt_fname_disk_to_usr(const struct inode *inode, |
410 | u32 hash, u32 minor_hash, |
411 | const struct fscrypt_str *iname, |
412 | struct fscrypt_str *oname); |
413 | bool fscrypt_match_name(const struct fscrypt_name *fname, |
414 | const u8 *de_name, u32 de_name_len); |
415 | u64 fscrypt_fname_siphash(const struct inode *dir, const struct qstr *name); |
416 | |
417 | /* bio.c */ |
418 | bool fscrypt_decrypt_bio(struct bio *bio); |
419 | int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, |
420 | sector_t pblk, unsigned int len); |
421 | |
422 | /* hooks.c */ |
423 | int fscrypt_file_open(struct inode *inode, struct file *filp); |
424 | int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, |
425 | struct dentry *dentry); |
426 | int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry, |
427 | struct inode *new_dir, struct dentry *new_dentry, |
428 | unsigned int flags); |
429 | int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry, |
430 | struct fscrypt_name *fname); |
431 | int fscrypt_prepare_lookup_partial(struct inode *dir, struct dentry *dentry); |
432 | int __fscrypt_prepare_readdir(struct inode *dir); |
433 | int __fscrypt_prepare_setattr(struct dentry *dentry, struct iattr *attr); |
434 | int fscrypt_prepare_setflags(struct inode *inode, |
435 | unsigned int oldflags, unsigned int flags); |
436 | int fscrypt_prepare_symlink(struct inode *dir, const char *target, |
437 | unsigned int len, unsigned int max_len, |
438 | struct fscrypt_str *disk_link); |
439 | int __fscrypt_encrypt_symlink(struct inode *inode, const char *target, |
440 | unsigned int len, struct fscrypt_str *disk_link); |
441 | const char *fscrypt_get_symlink(struct inode *inode, const void *caddr, |
442 | unsigned int max_size, |
443 | struct delayed_call *done); |
444 | int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat); |
445 | static inline void fscrypt_set_ops(struct super_block *sb, |
446 | const struct fscrypt_operations *s_cop) |
447 | { |
448 | sb->s_cop = s_cop; |
449 | } |
450 | #else /* !CONFIG_FS_ENCRYPTION */ |
451 | |
452 | static inline struct fscrypt_inode_info * |
453 | fscrypt_get_inode_info(const struct inode *inode) |
454 | { |
455 | return NULL; |
456 | } |
457 | |
458 | static inline bool fscrypt_needs_contents_encryption(const struct inode *inode) |
459 | { |
460 | return false; |
461 | } |
462 | |
463 | static inline void fscrypt_handle_d_move(struct dentry *dentry) |
464 | { |
465 | } |
466 | |
467 | static inline bool fscrypt_is_nokey_name(const struct dentry *dentry) |
468 | { |
469 | return false; |
470 | } |
471 | |
472 | static inline void fscrypt_prepare_dentry(struct dentry *dentry, |
473 | bool is_nokey_name) |
474 | { |
475 | } |
476 | |
477 | /* crypto.c */ |
478 | static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work) |
479 | { |
480 | } |
481 | |
482 | static inline struct page *fscrypt_encrypt_pagecache_blocks(struct page *page, |
483 | unsigned int len, |
484 | unsigned int offs, |
485 | gfp_t gfp_flags) |
486 | { |
487 | return ERR_PTR(-EOPNOTSUPP); |
488 | } |
489 | |
490 | static inline int fscrypt_encrypt_block_inplace(const struct inode *inode, |
491 | struct page *page, |
492 | unsigned int len, |
493 | unsigned int offs, u64 lblk_num, |
494 | gfp_t gfp_flags) |
495 | { |
496 | return -EOPNOTSUPP; |
497 | } |
498 | |
499 | static inline int fscrypt_decrypt_pagecache_blocks(struct folio *folio, |
500 | size_t len, size_t offs) |
501 | { |
502 | return -EOPNOTSUPP; |
503 | } |
504 | |
505 | static inline int fscrypt_decrypt_block_inplace(const struct inode *inode, |
506 | struct page *page, |
507 | unsigned int len, |
508 | unsigned int offs, u64 lblk_num) |
509 | { |
510 | return -EOPNOTSUPP; |
511 | } |
512 | |
513 | static inline bool fscrypt_is_bounce_page(struct page *page) |
514 | { |
515 | return false; |
516 | } |
517 | |
518 | static inline struct page *fscrypt_pagecache_page(struct page *bounce_page) |
519 | { |
520 | WARN_ON_ONCE(1); |
521 | return ERR_PTR(-EINVAL); |
522 | } |
523 | |
524 | static inline bool fscrypt_is_bounce_folio(struct folio *folio) |
525 | { |
526 | return false; |
527 | } |
528 | |
529 | static inline struct folio *fscrypt_pagecache_folio(struct folio *bounce_folio) |
530 | { |
531 | WARN_ON_ONCE(1); |
532 | return ERR_PTR(-EINVAL); |
533 | } |
534 | |
535 | static inline void fscrypt_free_bounce_page(struct page *bounce_page) |
536 | { |
537 | } |
538 | |
539 | /* policy.c */ |
540 | static inline int fscrypt_ioctl_set_policy(struct file *filp, |
541 | const void __user *arg) |
542 | { |
543 | return -EOPNOTSUPP; |
544 | } |
545 | |
546 | static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg) |
547 | { |
548 | return -EOPNOTSUPP; |
549 | } |
550 | |
551 | static inline int fscrypt_ioctl_get_policy_ex(struct file *filp, |
552 | void __user *arg) |
553 | { |
554 | return -EOPNOTSUPP; |
555 | } |
556 | |
557 | static inline int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg) |
558 | { |
559 | return -EOPNOTSUPP; |
560 | } |
561 | |
562 | static inline int fscrypt_has_permitted_context(struct inode *parent, |
563 | struct inode *child) |
564 | { |
565 | return 0; |
566 | } |
567 | |
568 | static inline int fscrypt_set_context(struct inode *inode, void *fs_data) |
569 | { |
570 | return -EOPNOTSUPP; |
571 | } |
572 | |
573 | struct fscrypt_dummy_policy { |
574 | }; |
575 | |
576 | static inline int |
577 | fscrypt_parse_test_dummy_encryption(const struct fs_parameter *param, |
578 | struct fscrypt_dummy_policy *dummy_policy) |
579 | { |
580 | return -EINVAL; |
581 | } |
582 | |
583 | static inline bool |
584 | fscrypt_dummy_policies_equal(const struct fscrypt_dummy_policy *p1, |
585 | const struct fscrypt_dummy_policy *p2) |
586 | { |
587 | return true; |
588 | } |
589 | |
590 | static inline void fscrypt_show_test_dummy_encryption(struct seq_file *seq, |
591 | char sep, |
592 | struct super_block *sb) |
593 | { |
594 | } |
595 | |
596 | static inline bool |
597 | fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy *dummy_policy) |
598 | { |
599 | return false; |
600 | } |
601 | |
602 | static inline void |
603 | fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy) |
604 | { |
605 | } |
606 | |
607 | /* keyring.c */ |
608 | static inline void fscrypt_destroy_keyring(struct super_block *sb) |
609 | { |
610 | } |
611 | |
612 | static inline int fscrypt_ioctl_add_key(struct file *filp, void __user *arg) |
613 | { |
614 | return -EOPNOTSUPP; |
615 | } |
616 | |
617 | static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg) |
618 | { |
619 | return -EOPNOTSUPP; |
620 | } |
621 | |
622 | static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp, |
623 | void __user *arg) |
624 | { |
625 | return -EOPNOTSUPP; |
626 | } |
627 | |
628 | static inline int fscrypt_ioctl_get_key_status(struct file *filp, |
629 | void __user *arg) |
630 | { |
631 | return -EOPNOTSUPP; |
632 | } |
633 | |
634 | /* keysetup.c */ |
635 | |
636 | static inline int fscrypt_prepare_new_inode(struct inode *dir, |
637 | struct inode *inode, |
638 | bool *encrypt_ret) |
639 | { |
640 | if (IS_ENCRYPTED(dir)) |
641 | return -EOPNOTSUPP; |
642 | return 0; |
643 | } |
644 | |
645 | static inline void fscrypt_put_encryption_info(struct inode *inode) |
646 | { |
647 | return; |
648 | } |
649 | |
650 | static inline void fscrypt_free_inode(struct inode *inode) |
651 | { |
652 | } |
653 | |
654 | static inline int fscrypt_drop_inode(struct inode *inode) |
655 | { |
656 | return 0; |
657 | } |
658 | |
659 | /* fname.c */ |
660 | static inline int fscrypt_setup_filename(struct inode *dir, |
661 | const struct qstr *iname, |
662 | int lookup, struct fscrypt_name *fname) |
663 | { |
664 | if (IS_ENCRYPTED(dir)) |
665 | return -EOPNOTSUPP; |
666 | |
667 | memset(fname, 0, sizeof(*fname)); |
668 | fname->usr_fname = iname; |
669 | fname->disk_name.name = (unsigned char *)iname->name; |
670 | fname->disk_name.len = iname->len; |
671 | return 0; |
672 | } |
673 | |
674 | static inline void fscrypt_free_filename(struct fscrypt_name *fname) |
675 | { |
676 | return; |
677 | } |
678 | |
679 | static inline int fscrypt_fname_alloc_buffer(u32 max_encrypted_len, |
680 | struct fscrypt_str *crypto_str) |
681 | { |
682 | return -EOPNOTSUPP; |
683 | } |
684 | |
685 | static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str) |
686 | { |
687 | return; |
688 | } |
689 | |
690 | static inline int fscrypt_fname_disk_to_usr(const struct inode *inode, |
691 | u32 hash, u32 minor_hash, |
692 | const struct fscrypt_str *iname, |
693 | struct fscrypt_str *oname) |
694 | { |
695 | return -EOPNOTSUPP; |
696 | } |
697 | |
698 | static inline bool fscrypt_match_name(const struct fscrypt_name *fname, |
699 | const u8 *de_name, u32 de_name_len) |
700 | { |
701 | /* Encryption support disabled; use standard comparison */ |
702 | if (de_name_len != fname->disk_name.len) |
703 | return false; |
704 | return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len); |
705 | } |
706 | |
707 | static inline u64 fscrypt_fname_siphash(const struct inode *dir, |
708 | const struct qstr *name) |
709 | { |
710 | WARN_ON_ONCE(1); |
711 | return 0; |
712 | } |
713 | |
714 | static inline int fscrypt_d_revalidate(struct dentry *dentry, |
715 | unsigned int flags) |
716 | { |
717 | return 1; |
718 | } |
719 | |
720 | /* bio.c */ |
721 | static inline bool fscrypt_decrypt_bio(struct bio *bio) |
722 | { |
723 | return true; |
724 | } |
725 | |
726 | static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk, |
727 | sector_t pblk, unsigned int len) |
728 | { |
729 | return -EOPNOTSUPP; |
730 | } |
731 | |
732 | /* hooks.c */ |
733 | |
734 | static inline int fscrypt_file_open(struct inode *inode, struct file *filp) |
735 | { |
736 | if (IS_ENCRYPTED(inode)) |
737 | return -EOPNOTSUPP; |
738 | return 0; |
739 | } |
740 | |
741 | static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir, |
742 | struct dentry *dentry) |
743 | { |
744 | return -EOPNOTSUPP; |
745 | } |
746 | |
747 | static inline int __fscrypt_prepare_rename(struct inode *old_dir, |
748 | struct dentry *old_dentry, |
749 | struct inode *new_dir, |
750 | struct dentry *new_dentry, |
751 | unsigned int flags) |
752 | { |
753 | return -EOPNOTSUPP; |
754 | } |
755 | |
756 | static inline int __fscrypt_prepare_lookup(struct inode *dir, |
757 | struct dentry *dentry, |
758 | struct fscrypt_name *fname) |
759 | { |
760 | return -EOPNOTSUPP; |
761 | } |
762 | |
763 | static inline int fscrypt_prepare_lookup_partial(struct inode *dir, |
764 | struct dentry *dentry) |
765 | { |
766 | return -EOPNOTSUPP; |
767 | } |
768 | |
769 | static inline int __fscrypt_prepare_readdir(struct inode *dir) |
770 | { |
771 | return -EOPNOTSUPP; |
772 | } |
773 | |
774 | static inline int __fscrypt_prepare_setattr(struct dentry *dentry, |
775 | struct iattr *attr) |
776 | { |
777 | return -EOPNOTSUPP; |
778 | } |
779 | |
780 | static inline int fscrypt_prepare_setflags(struct inode *inode, |
781 | unsigned int oldflags, |
782 | unsigned int flags) |
783 | { |
784 | return 0; |
785 | } |
786 | |
787 | static inline int fscrypt_prepare_symlink(struct inode *dir, |
788 | const char *target, |
789 | unsigned int len, |
790 | unsigned int max_len, |
791 | struct fscrypt_str *disk_link) |
792 | { |
793 | if (IS_ENCRYPTED(dir)) |
794 | return -EOPNOTSUPP; |
795 | disk_link->name = (unsigned char *)target; |
796 | disk_link->len = len + 1; |
797 | if (disk_link->len > max_len) |
798 | return -ENAMETOOLONG; |
799 | return 0; |
800 | } |
801 | |
802 | static inline int __fscrypt_encrypt_symlink(struct inode *inode, |
803 | const char *target, |
804 | unsigned int len, |
805 | struct fscrypt_str *disk_link) |
806 | { |
807 | return -EOPNOTSUPP; |
808 | } |
809 | |
810 | static inline const char *fscrypt_get_symlink(struct inode *inode, |
811 | const void *caddr, |
812 | unsigned int max_size, |
813 | struct delayed_call *done) |
814 | { |
815 | return ERR_PTR(-EOPNOTSUPP); |
816 | } |
817 | |
818 | static inline int fscrypt_symlink_getattr(const struct path *path, |
819 | struct kstat *stat) |
820 | { |
821 | return -EOPNOTSUPP; |
822 | } |
823 | |
824 | static inline void fscrypt_set_ops(struct super_block *sb, |
825 | const struct fscrypt_operations *s_cop) |
826 | { |
827 | } |
828 | |
829 | #endif /* !CONFIG_FS_ENCRYPTION */ |
830 | |
831 | /* inline_crypt.c */ |
832 | #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT |
833 | |
834 | bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode); |
835 | |
836 | void fscrypt_set_bio_crypt_ctx(struct bio *bio, |
837 | const struct inode *inode, u64 first_lblk, |
838 | gfp_t gfp_mask); |
839 | |
840 | void fscrypt_set_bio_crypt_ctx_bh(struct bio *bio, |
841 | const struct buffer_head *first_bh, |
842 | gfp_t gfp_mask); |
843 | |
844 | bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode, |
845 | u64 next_lblk); |
846 | |
847 | bool fscrypt_mergeable_bio_bh(struct bio *bio, |
848 | const struct buffer_head *next_bh); |
849 | |
850 | bool fscrypt_dio_supported(struct inode *inode); |
851 | |
852 | u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, u64 nr_blocks); |
853 | |
854 | #else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ |
855 | |
856 | static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode) |
857 | { |
858 | return false; |
859 | } |
860 | |
861 | static inline void fscrypt_set_bio_crypt_ctx(struct bio *bio, |
862 | const struct inode *inode, |
863 | u64 first_lblk, gfp_t gfp_mask) { } |
864 | |
865 | static inline void fscrypt_set_bio_crypt_ctx_bh( |
866 | struct bio *bio, |
867 | const struct buffer_head *first_bh, |
868 | gfp_t gfp_mask) { } |
869 | |
870 | static inline bool fscrypt_mergeable_bio(struct bio *bio, |
871 | const struct inode *inode, |
872 | u64 next_lblk) |
873 | { |
874 | return true; |
875 | } |
876 | |
877 | static inline bool fscrypt_mergeable_bio_bh(struct bio *bio, |
878 | const struct buffer_head *next_bh) |
879 | { |
880 | return true; |
881 | } |
882 | |
883 | static inline bool fscrypt_dio_supported(struct inode *inode) |
884 | { |
885 | return !fscrypt_needs_contents_encryption(inode); |
886 | } |
887 | |
888 | static inline u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, |
889 | u64 nr_blocks) |
890 | { |
891 | return nr_blocks; |
892 | } |
893 | #endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */ |
894 | |
895 | /** |
896 | * fscrypt_inode_uses_inline_crypto() - test whether an inode uses inline |
897 | * encryption |
898 | * @inode: an inode. If encrypted, its key must be set up. |
899 | * |
900 | * Return: true if the inode requires file contents encryption and if the |
901 | * encryption should be done in the block layer via blk-crypto rather |
902 | * than in the filesystem layer. |
903 | */ |
904 | static inline bool fscrypt_inode_uses_inline_crypto(const struct inode *inode) |
905 | { |
906 | return fscrypt_needs_contents_encryption(inode) && |
907 | __fscrypt_inode_uses_inline_crypto(inode); |
908 | } |
909 | |
910 | /** |
911 | * fscrypt_inode_uses_fs_layer_crypto() - test whether an inode uses fs-layer |
912 | * encryption |
913 | * @inode: an inode. If encrypted, its key must be set up. |
914 | * |
915 | * Return: true if the inode requires file contents encryption and if the |
916 | * encryption should be done in the filesystem layer rather than in the |
917 | * block layer via blk-crypto. |
918 | */ |
919 | static inline bool fscrypt_inode_uses_fs_layer_crypto(const struct inode *inode) |
920 | { |
921 | return fscrypt_needs_contents_encryption(inode) && |
922 | !__fscrypt_inode_uses_inline_crypto(inode); |
923 | } |
924 | |
925 | /** |
926 | * fscrypt_has_encryption_key() - check whether an inode has had its key set up |
927 | * @inode: the inode to check |
928 | * |
929 | * Return: %true if the inode has had its encryption key set up, else %false. |
930 | * |
931 | * Usually this should be preceded by fscrypt_get_encryption_info() to try to |
932 | * set up the key first. |
933 | */ |
934 | static inline bool fscrypt_has_encryption_key(const struct inode *inode) |
935 | { |
936 | return fscrypt_get_inode_info(inode) != NULL; |
937 | } |
938 | |
939 | /** |
940 | * fscrypt_prepare_link() - prepare to link an inode into a possibly-encrypted |
941 | * directory |
942 | * @old_dentry: an existing dentry for the inode being linked |
943 | * @dir: the target directory |
944 | * @dentry: negative dentry for the target filename |
945 | * |
946 | * A new link can only be added to an encrypted directory if the directory's |
947 | * encryption key is available --- since otherwise we'd have no way to encrypt |
948 | * the filename. |
949 | * |
950 | * We also verify that the link will not violate the constraint that all files |
951 | * in an encrypted directory tree use the same encryption policy. |
952 | * |
953 | * Return: 0 on success, -ENOKEY if the directory's encryption key is missing, |
954 | * -EXDEV if the link would result in an inconsistent encryption policy, or |
955 | * another -errno code. |
956 | */ |
957 | static inline int fscrypt_prepare_link(struct dentry *old_dentry, |
958 | struct inode *dir, |
959 | struct dentry *dentry) |
960 | { |
961 | if (IS_ENCRYPTED(dir)) |
962 | return __fscrypt_prepare_link(inode: d_inode(dentry: old_dentry), dir, dentry); |
963 | return 0; |
964 | } |
965 | |
966 | /** |
967 | * fscrypt_prepare_rename() - prepare for a rename between possibly-encrypted |
968 | * directories |
969 | * @old_dir: source directory |
970 | * @old_dentry: dentry for source file |
971 | * @new_dir: target directory |
972 | * @new_dentry: dentry for target location (may be negative unless exchanging) |
973 | * @flags: rename flags (we care at least about %RENAME_EXCHANGE) |
974 | * |
975 | * Prepare for ->rename() where the source and/or target directories may be |
976 | * encrypted. A new link can only be added to an encrypted directory if the |
977 | * directory's encryption key is available --- since otherwise we'd have no way |
978 | * to encrypt the filename. A rename to an existing name, on the other hand, |
979 | * *is* cryptographically possible without the key. However, we take the more |
980 | * conservative approach and just forbid all no-key renames. |
981 | * |
982 | * We also verify that the rename will not violate the constraint that all files |
983 | * in an encrypted directory tree use the same encryption policy. |
984 | * |
985 | * Return: 0 on success, -ENOKEY if an encryption key is missing, -EXDEV if the |
986 | * rename would cause inconsistent encryption policies, or another -errno code. |
987 | */ |
988 | static inline int fscrypt_prepare_rename(struct inode *old_dir, |
989 | struct dentry *old_dentry, |
990 | struct inode *new_dir, |
991 | struct dentry *new_dentry, |
992 | unsigned int flags) |
993 | { |
994 | if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir)) |
995 | return __fscrypt_prepare_rename(old_dir, old_dentry, |
996 | new_dir, new_dentry, flags); |
997 | return 0; |
998 | } |
999 | |
1000 | /** |
1001 | * fscrypt_prepare_lookup() - prepare to lookup a name in a possibly-encrypted |
1002 | * directory |
1003 | * @dir: directory being searched |
1004 | * @dentry: filename being looked up |
1005 | * @fname: (output) the name to use to search the on-disk directory |
1006 | * |
1007 | * Prepare for ->lookup() in a directory which may be encrypted by determining |
1008 | * the name that will actually be used to search the directory on-disk. If the |
1009 | * directory's encryption policy is supported by this kernel and its encryption |
1010 | * key is available, then the lookup is assumed to be by plaintext name; |
1011 | * otherwise, it is assumed to be by no-key name. |
1012 | * |
1013 | * This will set DCACHE_NOKEY_NAME on the dentry if the lookup is by no-key |
1014 | * name. In this case the filesystem must assign the dentry a dentry_operations |
1015 | * which contains fscrypt_d_revalidate (or contains a d_revalidate method that |
1016 | * calls fscrypt_d_revalidate), so that the dentry will be invalidated if the |
1017 | * directory's encryption key is later added. |
1018 | * |
1019 | * Return: 0 on success; -ENOENT if the directory's key is unavailable but the |
1020 | * filename isn't a valid no-key name, so a negative dentry should be created; |
1021 | * or another -errno code. |
1022 | */ |
1023 | static inline int fscrypt_prepare_lookup(struct inode *dir, |
1024 | struct dentry *dentry, |
1025 | struct fscrypt_name *fname) |
1026 | { |
1027 | if (IS_ENCRYPTED(dir)) |
1028 | return __fscrypt_prepare_lookup(dir, dentry, fname); |
1029 | |
1030 | memset(fname, 0, sizeof(*fname)); |
1031 | fname->usr_fname = &dentry->d_name; |
1032 | fname->disk_name.name = (unsigned char *)dentry->d_name.name; |
1033 | fname->disk_name.len = dentry->d_name.len; |
1034 | |
1035 | fscrypt_prepare_dentry(dentry, is_nokey_name: false); |
1036 | |
1037 | return 0; |
1038 | } |
1039 | |
1040 | /** |
1041 | * fscrypt_prepare_readdir() - prepare to read a possibly-encrypted directory |
1042 | * @dir: the directory inode |
1043 | * |
1044 | * If the directory is encrypted and it doesn't already have its encryption key |
1045 | * set up, try to set it up so that the filenames will be listed in plaintext |
1046 | * form rather than in no-key form. |
1047 | * |
1048 | * Return: 0 on success; -errno on error. Note that the encryption key being |
1049 | * unavailable is not considered an error. It is also not an error if |
1050 | * the encryption policy is unsupported by this kernel; that is treated |
1051 | * like the key being unavailable, so that files can still be deleted. |
1052 | */ |
1053 | static inline int fscrypt_prepare_readdir(struct inode *dir) |
1054 | { |
1055 | if (IS_ENCRYPTED(dir)) |
1056 | return __fscrypt_prepare_readdir(dir); |
1057 | return 0; |
1058 | } |
1059 | |
1060 | /** |
1061 | * fscrypt_prepare_setattr() - prepare to change a possibly-encrypted inode's |
1062 | * attributes |
1063 | * @dentry: dentry through which the inode is being changed |
1064 | * @attr: attributes to change |
1065 | * |
1066 | * Prepare for ->setattr() on a possibly-encrypted inode. On an encrypted file, |
1067 | * most attribute changes are allowed even without the encryption key. However, |
1068 | * without the encryption key we do have to forbid truncates. This is needed |
1069 | * because the size being truncated to may not be a multiple of the filesystem |
1070 | * block size, and in that case we'd have to decrypt the final block, zero the |
1071 | * portion past i_size, and re-encrypt it. (We *could* allow truncating to a |
1072 | * filesystem block boundary, but it's simpler to just forbid all truncates --- |
1073 | * and we already forbid all other contents modifications without the key.) |
1074 | * |
1075 | * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code |
1076 | * if a problem occurred while setting up the encryption key. |
1077 | */ |
1078 | static inline int fscrypt_prepare_setattr(struct dentry *dentry, |
1079 | struct iattr *attr) |
1080 | { |
1081 | if (IS_ENCRYPTED(d_inode(dentry))) |
1082 | return __fscrypt_prepare_setattr(dentry, attr); |
1083 | return 0; |
1084 | } |
1085 | |
1086 | /** |
1087 | * fscrypt_encrypt_symlink() - encrypt the symlink target if needed |
1088 | * @inode: symlink inode |
1089 | * @target: plaintext symlink target |
1090 | * @len: length of @target excluding null terminator |
1091 | * @disk_link: (in/out) the on-disk symlink target being prepared |
1092 | * |
1093 | * If the symlink target needs to be encrypted, then this function encrypts it |
1094 | * into @disk_link->name. fscrypt_prepare_symlink() must have been called |
1095 | * previously to compute @disk_link->len. If the filesystem did not allocate a |
1096 | * buffer for @disk_link->name after calling fscrypt_prepare_link(), then one |
1097 | * will be kmalloc()'ed and the filesystem will be responsible for freeing it. |
1098 | * |
1099 | * Return: 0 on success, -errno on failure |
1100 | */ |
1101 | static inline int fscrypt_encrypt_symlink(struct inode *inode, |
1102 | const char *target, |
1103 | unsigned int len, |
1104 | struct fscrypt_str *disk_link) |
1105 | { |
1106 | if (IS_ENCRYPTED(inode)) |
1107 | return __fscrypt_encrypt_symlink(inode, target, len, disk_link); |
1108 | return 0; |
1109 | } |
1110 | |
1111 | /* If *pagep is a bounce page, free it and set *pagep to the pagecache page */ |
1112 | static inline void fscrypt_finalize_bounce_page(struct page **pagep) |
1113 | { |
1114 | struct page *page = *pagep; |
1115 | |
1116 | if (fscrypt_is_bounce_page(page)) { |
1117 | *pagep = fscrypt_pagecache_page(bounce_page: page); |
1118 | fscrypt_free_bounce_page(bounce_page: page); |
1119 | } |
1120 | } |
1121 | |
1122 | #endif /* _LINUX_FSCRYPT_H */ |
1123 | |