1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* |
3 | * eCryptfs: Linux filesystem encryption layer |
4 | * |
5 | * Copyright (C) 2004-2008 International Business Machines Corp. |
6 | * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> |
7 | * Tyler Hicks <code@tyhicks.com> |
8 | */ |
9 | #include <linux/sched.h> |
10 | #include <linux/slab.h> |
11 | #include <linux/user_namespace.h> |
12 | #include <linux/nsproxy.h> |
13 | #include "ecryptfs_kernel.h" |
14 | |
15 | static LIST_HEAD(ecryptfs_msg_ctx_free_list); |
16 | static LIST_HEAD(ecryptfs_msg_ctx_alloc_list); |
17 | static DEFINE_MUTEX(ecryptfs_msg_ctx_lists_mux); |
18 | |
19 | static struct hlist_head *ecryptfs_daemon_hash; |
20 | DEFINE_MUTEX(ecryptfs_daemon_hash_mux); |
21 | static int ecryptfs_hash_bits; |
22 | #define ecryptfs_current_euid_hash(uid) \ |
23 | hash_long((unsigned long)from_kuid(&init_user_ns, current_euid()), ecryptfs_hash_bits) |
24 | |
25 | static u32 ecryptfs_msg_counter; |
26 | static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr; |
27 | |
28 | /** |
29 | * ecryptfs_acquire_free_msg_ctx |
30 | * @msg_ctx: The context that was acquired from the free list |
31 | * |
32 | * Acquires a context element from the free list and locks the mutex |
33 | * on the context. Sets the msg_ctx task to current. Returns zero on |
34 | * success; non-zero on error or upon failure to acquire a free |
35 | * context element. Must be called with ecryptfs_msg_ctx_lists_mux |
36 | * held. |
37 | */ |
38 | static int ecryptfs_acquire_free_msg_ctx(struct ecryptfs_msg_ctx **msg_ctx) |
39 | { |
40 | struct list_head *p; |
41 | int rc; |
42 | |
43 | if (list_empty(head: &ecryptfs_msg_ctx_free_list)) { |
44 | printk(KERN_WARNING "%s: The eCryptfs free " |
45 | "context list is empty. It may be helpful to " |
46 | "specify the ecryptfs_message_buf_len " |
47 | "parameter to be greater than the current " |
48 | "value of [%d]\n" , __func__, ecryptfs_message_buf_len); |
49 | rc = -ENOMEM; |
50 | goto out; |
51 | } |
52 | list_for_each(p, &ecryptfs_msg_ctx_free_list) { |
53 | *msg_ctx = list_entry(p, struct ecryptfs_msg_ctx, node); |
54 | if (mutex_trylock(lock: &(*msg_ctx)->mux)) { |
55 | (*msg_ctx)->task = current; |
56 | rc = 0; |
57 | goto out; |
58 | } |
59 | } |
60 | rc = -ENOMEM; |
61 | out: |
62 | return rc; |
63 | } |
64 | |
65 | /** |
66 | * ecryptfs_msg_ctx_free_to_alloc |
67 | * @msg_ctx: The context to move from the free list to the alloc list |
68 | * |
69 | * Must be called with ecryptfs_msg_ctx_lists_mux held. |
70 | */ |
71 | static void ecryptfs_msg_ctx_free_to_alloc(struct ecryptfs_msg_ctx *msg_ctx) |
72 | { |
73 | list_move(list: &msg_ctx->node, head: &ecryptfs_msg_ctx_alloc_list); |
74 | msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_PENDING; |
75 | msg_ctx->counter = ++ecryptfs_msg_counter; |
76 | } |
77 | |
78 | /** |
79 | * ecryptfs_msg_ctx_alloc_to_free |
80 | * @msg_ctx: The context to move from the alloc list to the free list |
81 | * |
82 | * Must be called with ecryptfs_msg_ctx_lists_mux held. |
83 | */ |
84 | void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx) |
85 | { |
86 | list_move(list: &(msg_ctx->node), head: &ecryptfs_msg_ctx_free_list); |
87 | kfree(objp: msg_ctx->msg); |
88 | msg_ctx->msg = NULL; |
89 | msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_FREE; |
90 | } |
91 | |
92 | /** |
93 | * ecryptfs_find_daemon_by_euid |
94 | * @daemon: If return value is zero, points to the desired daemon pointer |
95 | * |
96 | * Must be called with ecryptfs_daemon_hash_mux held. |
97 | * |
98 | * Search the hash list for the current effective user id. |
99 | * |
100 | * Returns zero if the user id exists in the list; non-zero otherwise. |
101 | */ |
102 | int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon) |
103 | { |
104 | int rc; |
105 | |
106 | hlist_for_each_entry(*daemon, |
107 | &ecryptfs_daemon_hash[ecryptfs_current_euid_hash()], |
108 | euid_chain) { |
109 | if (uid_eq(left: (*daemon)->file->f_cred->euid, current_euid())) { |
110 | rc = 0; |
111 | goto out; |
112 | } |
113 | } |
114 | rc = -EINVAL; |
115 | out: |
116 | return rc; |
117 | } |
118 | |
119 | /** |
120 | * ecryptfs_spawn_daemon - Create and initialize a new daemon struct |
121 | * @daemon: Pointer to set to newly allocated daemon struct |
122 | * @file: File used when opening /dev/ecryptfs |
123 | * |
124 | * Must be called ceremoniously while in possession of |
125 | * ecryptfs_sacred_daemon_hash_mux |
126 | * |
127 | * Returns zero on success; non-zero otherwise |
128 | */ |
129 | int |
130 | ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, struct file *file) |
131 | { |
132 | int rc = 0; |
133 | |
134 | (*daemon) = kzalloc(size: sizeof(**daemon), GFP_KERNEL); |
135 | if (!(*daemon)) { |
136 | rc = -ENOMEM; |
137 | goto out; |
138 | } |
139 | (*daemon)->file = file; |
140 | mutex_init(&(*daemon)->mux); |
141 | INIT_LIST_HEAD(list: &(*daemon)->msg_ctx_out_queue); |
142 | init_waitqueue_head(&(*daemon)->wait); |
143 | (*daemon)->num_queued_msg_ctx = 0; |
144 | hlist_add_head(n: &(*daemon)->euid_chain, |
145 | h: &ecryptfs_daemon_hash[ecryptfs_current_euid_hash()]); |
146 | out: |
147 | return rc; |
148 | } |
149 | |
150 | /* |
151 | * ecryptfs_exorcise_daemon - Destroy the daemon struct |
152 | * |
153 | * Must be called ceremoniously while in possession of |
154 | * ecryptfs_daemon_hash_mux and the daemon's own mux. |
155 | */ |
156 | int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon) |
157 | { |
158 | struct ecryptfs_msg_ctx *msg_ctx, *msg_ctx_tmp; |
159 | int rc = 0; |
160 | |
161 | mutex_lock(&daemon->mux); |
162 | if ((daemon->flags & ECRYPTFS_DAEMON_IN_READ) |
163 | || (daemon->flags & ECRYPTFS_DAEMON_IN_POLL)) { |
164 | rc = -EBUSY; |
165 | mutex_unlock(lock: &daemon->mux); |
166 | goto out; |
167 | } |
168 | list_for_each_entry_safe(msg_ctx, msg_ctx_tmp, |
169 | &daemon->msg_ctx_out_queue, daemon_out_list) { |
170 | list_del(entry: &msg_ctx->daemon_out_list); |
171 | daemon->num_queued_msg_ctx--; |
172 | printk(KERN_WARNING "%s: Warning: dropping message that is in " |
173 | "the out queue of a dying daemon\n" , __func__); |
174 | ecryptfs_msg_ctx_alloc_to_free(msg_ctx); |
175 | } |
176 | hlist_del(n: &daemon->euid_chain); |
177 | mutex_unlock(lock: &daemon->mux); |
178 | kfree_sensitive(objp: daemon); |
179 | out: |
180 | return rc; |
181 | } |
182 | |
183 | /** |
184 | * ecryptfs_process_response |
185 | * @daemon: eCryptfs daemon object |
186 | * @msg: The ecryptfs message received; the caller should sanity check |
187 | * msg->data_len and free the memory |
188 | * @seq: The sequence number of the message; must match the sequence |
189 | * number for the existing message context waiting for this |
190 | * response |
191 | * |
192 | * Processes a response message after sending an operation request to |
193 | * userspace. Some other process is awaiting this response. Before |
194 | * sending out its first communications, the other process allocated a |
195 | * msg_ctx from the ecryptfs_msg_ctx_arr at a particular index. The |
196 | * response message contains this index so that we can copy over the |
197 | * response message into the msg_ctx that the process holds a |
198 | * reference to. The other process is going to wake up, check to see |
199 | * that msg_ctx->state == ECRYPTFS_MSG_CTX_STATE_DONE, and then |
200 | * proceed to read off and process the response message. Returns zero |
201 | * upon delivery to desired context element; non-zero upon delivery |
202 | * failure or error. |
203 | * |
204 | * Returns zero on success; non-zero otherwise |
205 | */ |
206 | int ecryptfs_process_response(struct ecryptfs_daemon *daemon, |
207 | struct ecryptfs_message *msg, u32 seq) |
208 | { |
209 | struct ecryptfs_msg_ctx *msg_ctx; |
210 | size_t msg_size; |
211 | int rc; |
212 | |
213 | if (msg->index >= ecryptfs_message_buf_len) { |
214 | rc = -EINVAL; |
215 | printk(KERN_ERR "%s: Attempt to reference " |
216 | "context buffer at index [%d]; maximum " |
217 | "allowable is [%d]\n" , __func__, msg->index, |
218 | (ecryptfs_message_buf_len - 1)); |
219 | goto out; |
220 | } |
221 | msg_ctx = &ecryptfs_msg_ctx_arr[msg->index]; |
222 | mutex_lock(&msg_ctx->mux); |
223 | if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { |
224 | rc = -EINVAL; |
225 | printk(KERN_WARNING "%s: Desired context element is not " |
226 | "pending a response\n" , __func__); |
227 | goto unlock; |
228 | } else if (msg_ctx->counter != seq) { |
229 | rc = -EINVAL; |
230 | printk(KERN_WARNING "%s: Invalid message sequence; " |
231 | "expected [%d]; received [%d]\n" , __func__, |
232 | msg_ctx->counter, seq); |
233 | goto unlock; |
234 | } |
235 | msg_size = (sizeof(*msg) + msg->data_len); |
236 | msg_ctx->msg = kmemdup(p: msg, size: msg_size, GFP_KERNEL); |
237 | if (!msg_ctx->msg) { |
238 | rc = -ENOMEM; |
239 | goto unlock; |
240 | } |
241 | msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_DONE; |
242 | wake_up_process(tsk: msg_ctx->task); |
243 | rc = 0; |
244 | unlock: |
245 | mutex_unlock(lock: &msg_ctx->mux); |
246 | out: |
247 | return rc; |
248 | } |
249 | |
250 | /** |
251 | * ecryptfs_send_message_locked |
252 | * @data: The data to send |
253 | * @data_len: The length of data |
254 | * @msg_type: Type of message |
255 | * @msg_ctx: The message context allocated for the send |
256 | * |
257 | * Must be called with ecryptfs_daemon_hash_mux held. |
258 | * |
259 | * Returns zero on success; non-zero otherwise |
260 | */ |
261 | static int |
262 | ecryptfs_send_message_locked(char *data, int data_len, u8 msg_type, |
263 | struct ecryptfs_msg_ctx **msg_ctx) |
264 | { |
265 | struct ecryptfs_daemon *daemon; |
266 | int rc; |
267 | |
268 | rc = ecryptfs_find_daemon_by_euid(daemon: &daemon); |
269 | if (rc) { |
270 | rc = -ENOTCONN; |
271 | goto out; |
272 | } |
273 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); |
274 | rc = ecryptfs_acquire_free_msg_ctx(msg_ctx); |
275 | if (rc) { |
276 | mutex_unlock(lock: &ecryptfs_msg_ctx_lists_mux); |
277 | printk(KERN_WARNING "%s: Could not claim a free " |
278 | "context element\n" , __func__); |
279 | goto out; |
280 | } |
281 | ecryptfs_msg_ctx_free_to_alloc(msg_ctx: *msg_ctx); |
282 | mutex_unlock(lock: &(*msg_ctx)->mux); |
283 | mutex_unlock(lock: &ecryptfs_msg_ctx_lists_mux); |
284 | rc = ecryptfs_send_miscdev(data, data_size: data_len, msg_ctx: *msg_ctx, msg_type, msg_flags: 0, |
285 | daemon); |
286 | if (rc) |
287 | printk(KERN_ERR "%s: Error attempting to send message to " |
288 | "userspace daemon; rc = [%d]\n" , __func__, rc); |
289 | out: |
290 | return rc; |
291 | } |
292 | |
293 | /** |
294 | * ecryptfs_send_message |
295 | * @data: The data to send |
296 | * @data_len: The length of data |
297 | * @msg_ctx: The message context allocated for the send |
298 | * |
299 | * Grabs ecryptfs_daemon_hash_mux. |
300 | * |
301 | * Returns zero on success; non-zero otherwise |
302 | */ |
303 | int ecryptfs_send_message(char *data, int data_len, |
304 | struct ecryptfs_msg_ctx **msg_ctx) |
305 | { |
306 | int rc; |
307 | |
308 | mutex_lock(&ecryptfs_daemon_hash_mux); |
309 | rc = ecryptfs_send_message_locked(data, data_len, ECRYPTFS_MSG_REQUEST, |
310 | msg_ctx); |
311 | mutex_unlock(lock: &ecryptfs_daemon_hash_mux); |
312 | return rc; |
313 | } |
314 | |
315 | /** |
316 | * ecryptfs_wait_for_response |
317 | * @msg_ctx: The context that was assigned when sending a message |
318 | * @msg: The incoming message from userspace; not set if rc != 0 |
319 | * |
320 | * Sleeps until awaken by ecryptfs_receive_message or until the amount |
321 | * of time exceeds ecryptfs_message_wait_timeout. If zero is |
322 | * returned, msg will point to a valid message from userspace; a |
323 | * non-zero value is returned upon failure to receive a message or an |
324 | * error occurs. Callee must free @msg on success. |
325 | */ |
326 | int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx, |
327 | struct ecryptfs_message **msg) |
328 | { |
329 | signed long timeout = ecryptfs_message_wait_timeout * HZ; |
330 | int rc = 0; |
331 | |
332 | sleep: |
333 | timeout = schedule_timeout_interruptible(timeout); |
334 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); |
335 | mutex_lock(&msg_ctx->mux); |
336 | if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_DONE) { |
337 | if (timeout) { |
338 | mutex_unlock(lock: &msg_ctx->mux); |
339 | mutex_unlock(lock: &ecryptfs_msg_ctx_lists_mux); |
340 | goto sleep; |
341 | } |
342 | rc = -ENOMSG; |
343 | } else { |
344 | *msg = msg_ctx->msg; |
345 | msg_ctx->msg = NULL; |
346 | } |
347 | ecryptfs_msg_ctx_alloc_to_free(msg_ctx); |
348 | mutex_unlock(lock: &msg_ctx->mux); |
349 | mutex_unlock(lock: &ecryptfs_msg_ctx_lists_mux); |
350 | return rc; |
351 | } |
352 | |
353 | int __init ecryptfs_init_messaging(void) |
354 | { |
355 | int i; |
356 | int rc = 0; |
357 | |
358 | if (ecryptfs_number_of_users > ECRYPTFS_MAX_NUM_USERS) { |
359 | ecryptfs_number_of_users = ECRYPTFS_MAX_NUM_USERS; |
360 | printk(KERN_WARNING "%s: Specified number of users is " |
361 | "too large, defaulting to [%d] users\n" , __func__, |
362 | ecryptfs_number_of_users); |
363 | } |
364 | mutex_lock(&ecryptfs_daemon_hash_mux); |
365 | ecryptfs_hash_bits = 1; |
366 | while (ecryptfs_number_of_users >> ecryptfs_hash_bits) |
367 | ecryptfs_hash_bits++; |
368 | ecryptfs_daemon_hash = kmalloc(size: (sizeof(struct hlist_head) |
369 | * (1 << ecryptfs_hash_bits)), |
370 | GFP_KERNEL); |
371 | if (!ecryptfs_daemon_hash) { |
372 | rc = -ENOMEM; |
373 | mutex_unlock(lock: &ecryptfs_daemon_hash_mux); |
374 | goto out; |
375 | } |
376 | for (i = 0; i < (1 << ecryptfs_hash_bits); i++) |
377 | INIT_HLIST_HEAD(&ecryptfs_daemon_hash[i]); |
378 | mutex_unlock(lock: &ecryptfs_daemon_hash_mux); |
379 | ecryptfs_msg_ctx_arr = kmalloc(size: (sizeof(struct ecryptfs_msg_ctx) |
380 | * ecryptfs_message_buf_len), |
381 | GFP_KERNEL); |
382 | if (!ecryptfs_msg_ctx_arr) { |
383 | kfree(objp: ecryptfs_daemon_hash); |
384 | rc = -ENOMEM; |
385 | goto out; |
386 | } |
387 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); |
388 | ecryptfs_msg_counter = 0; |
389 | for (i = 0; i < ecryptfs_message_buf_len; i++) { |
390 | INIT_LIST_HEAD(list: &ecryptfs_msg_ctx_arr[i].node); |
391 | INIT_LIST_HEAD(list: &ecryptfs_msg_ctx_arr[i].daemon_out_list); |
392 | mutex_init(&ecryptfs_msg_ctx_arr[i].mux); |
393 | mutex_lock(&ecryptfs_msg_ctx_arr[i].mux); |
394 | ecryptfs_msg_ctx_arr[i].index = i; |
395 | ecryptfs_msg_ctx_arr[i].state = ECRYPTFS_MSG_CTX_STATE_FREE; |
396 | ecryptfs_msg_ctx_arr[i].counter = 0; |
397 | ecryptfs_msg_ctx_arr[i].task = NULL; |
398 | ecryptfs_msg_ctx_arr[i].msg = NULL; |
399 | list_add_tail(new: &ecryptfs_msg_ctx_arr[i].node, |
400 | head: &ecryptfs_msg_ctx_free_list); |
401 | mutex_unlock(lock: &ecryptfs_msg_ctx_arr[i].mux); |
402 | } |
403 | mutex_unlock(lock: &ecryptfs_msg_ctx_lists_mux); |
404 | rc = ecryptfs_init_ecryptfs_miscdev(); |
405 | if (rc) |
406 | ecryptfs_release_messaging(); |
407 | out: |
408 | return rc; |
409 | } |
410 | |
411 | void ecryptfs_release_messaging(void) |
412 | { |
413 | if (ecryptfs_msg_ctx_arr) { |
414 | int i; |
415 | |
416 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); |
417 | for (i = 0; i < ecryptfs_message_buf_len; i++) { |
418 | mutex_lock(&ecryptfs_msg_ctx_arr[i].mux); |
419 | kfree(objp: ecryptfs_msg_ctx_arr[i].msg); |
420 | mutex_unlock(lock: &ecryptfs_msg_ctx_arr[i].mux); |
421 | } |
422 | kfree(objp: ecryptfs_msg_ctx_arr); |
423 | mutex_unlock(lock: &ecryptfs_msg_ctx_lists_mux); |
424 | } |
425 | if (ecryptfs_daemon_hash) { |
426 | struct ecryptfs_daemon *daemon; |
427 | struct hlist_node *n; |
428 | int i; |
429 | |
430 | mutex_lock(&ecryptfs_daemon_hash_mux); |
431 | for (i = 0; i < (1 << ecryptfs_hash_bits); i++) { |
432 | int rc; |
433 | |
434 | hlist_for_each_entry_safe(daemon, n, |
435 | &ecryptfs_daemon_hash[i], |
436 | euid_chain) { |
437 | rc = ecryptfs_exorcise_daemon(daemon); |
438 | if (rc) |
439 | printk(KERN_ERR "%s: Error whilst " |
440 | "attempting to destroy daemon; " |
441 | "rc = [%d]. Dazed and confused, " |
442 | "but trying to continue.\n" , |
443 | __func__, rc); |
444 | } |
445 | } |
446 | kfree(objp: ecryptfs_daemon_hash); |
447 | mutex_unlock(lock: &ecryptfs_daemon_hash_mux); |
448 | } |
449 | ecryptfs_destroy_ecryptfs_miscdev(); |
450 | return; |
451 | } |
452 | |