1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* |
3 | * eCryptfs: Linux filesystem encryption layer |
4 | * |
5 | * Copyright (C) 2008 International Business Machines Corp. |
6 | * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> |
7 | */ |
8 | |
9 | #include <linux/fs.h> |
10 | #include <linux/hash.h> |
11 | #include <linux/random.h> |
12 | #include <linux/miscdevice.h> |
13 | #include <linux/poll.h> |
14 | #include <linux/slab.h> |
15 | #include <linux/wait.h> |
16 | #include <linux/module.h> |
17 | #include "ecryptfs_kernel.h" |
18 | |
19 | static atomic_t ecryptfs_num_miscdev_opens; |
20 | |
21 | /** |
22 | * ecryptfs_miscdev_poll |
23 | * @file: dev file |
24 | * @pt: dev poll table (ignored) |
25 | * |
26 | * Returns the poll mask |
27 | */ |
28 | static __poll_t |
29 | ecryptfs_miscdev_poll(struct file *file, poll_table *pt) |
30 | { |
31 | struct ecryptfs_daemon *daemon = file->private_data; |
32 | __poll_t mask = 0; |
33 | |
34 | mutex_lock(&daemon->mux); |
35 | if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { |
36 | printk(KERN_WARNING "%s: Attempt to poll on zombified " |
37 | "daemon\n" , __func__); |
38 | goto out_unlock_daemon; |
39 | } |
40 | if (daemon->flags & ECRYPTFS_DAEMON_IN_READ) |
41 | goto out_unlock_daemon; |
42 | if (daemon->flags & ECRYPTFS_DAEMON_IN_POLL) |
43 | goto out_unlock_daemon; |
44 | daemon->flags |= ECRYPTFS_DAEMON_IN_POLL; |
45 | mutex_unlock(lock: &daemon->mux); |
46 | poll_wait(filp: file, wait_address: &daemon->wait, p: pt); |
47 | mutex_lock(&daemon->mux); |
48 | if (!list_empty(head: &daemon->msg_ctx_out_queue)) |
49 | mask |= EPOLLIN | EPOLLRDNORM; |
50 | out_unlock_daemon: |
51 | daemon->flags &= ~ECRYPTFS_DAEMON_IN_POLL; |
52 | mutex_unlock(lock: &daemon->mux); |
53 | return mask; |
54 | } |
55 | |
56 | /** |
57 | * ecryptfs_miscdev_open |
58 | * @inode: inode of miscdev handle (ignored) |
59 | * @file: file for miscdev handle |
60 | * |
61 | * Returns zero on success; non-zero otherwise |
62 | */ |
63 | static int |
64 | ecryptfs_miscdev_open(struct inode *inode, struct file *file) |
65 | { |
66 | struct ecryptfs_daemon *daemon = NULL; |
67 | int rc; |
68 | |
69 | mutex_lock(&ecryptfs_daemon_hash_mux); |
70 | rc = ecryptfs_find_daemon_by_euid(daemon: &daemon); |
71 | if (!rc) { |
72 | rc = -EINVAL; |
73 | goto out_unlock_daemon_list; |
74 | } |
75 | rc = ecryptfs_spawn_daemon(daemon: &daemon, file); |
76 | if (rc) { |
77 | printk(KERN_ERR "%s: Error attempting to spawn daemon; " |
78 | "rc = [%d]\n" , __func__, rc); |
79 | goto out_unlock_daemon_list; |
80 | } |
81 | mutex_lock(&daemon->mux); |
82 | if (daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN) { |
83 | rc = -EBUSY; |
84 | goto out_unlock_daemon; |
85 | } |
86 | daemon->flags |= ECRYPTFS_DAEMON_MISCDEV_OPEN; |
87 | file->private_data = daemon; |
88 | atomic_inc(v: &ecryptfs_num_miscdev_opens); |
89 | out_unlock_daemon: |
90 | mutex_unlock(lock: &daemon->mux); |
91 | out_unlock_daemon_list: |
92 | mutex_unlock(lock: &ecryptfs_daemon_hash_mux); |
93 | return rc; |
94 | } |
95 | |
96 | /** |
97 | * ecryptfs_miscdev_release |
98 | * @inode: inode of fs/ecryptfs/euid handle (ignored) |
99 | * @file: file for fs/ecryptfs/euid handle |
100 | * |
101 | * This keeps the daemon registered until the daemon sends another |
102 | * ioctl to fs/ecryptfs/ctl or until the kernel module unregisters. |
103 | * |
104 | * Returns zero on success; non-zero otherwise |
105 | */ |
106 | static int |
107 | ecryptfs_miscdev_release(struct inode *inode, struct file *file) |
108 | { |
109 | struct ecryptfs_daemon *daemon = file->private_data; |
110 | int rc; |
111 | |
112 | mutex_lock(&daemon->mux); |
113 | BUG_ON(!(daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN)); |
114 | daemon->flags &= ~ECRYPTFS_DAEMON_MISCDEV_OPEN; |
115 | atomic_dec(v: &ecryptfs_num_miscdev_opens); |
116 | mutex_unlock(lock: &daemon->mux); |
117 | |
118 | mutex_lock(&ecryptfs_daemon_hash_mux); |
119 | rc = ecryptfs_exorcise_daemon(daemon); |
120 | mutex_unlock(lock: &ecryptfs_daemon_hash_mux); |
121 | if (rc) { |
122 | printk(KERN_CRIT "%s: Fatal error whilst attempting to " |
123 | "shut down daemon; rc = [%d]. Please report this " |
124 | "bug.\n" , __func__, rc); |
125 | BUG(); |
126 | } |
127 | return rc; |
128 | } |
129 | |
130 | /** |
131 | * ecryptfs_send_miscdev |
132 | * @data: Data to send to daemon; may be NULL |
133 | * @data_size: Amount of data to send to daemon |
134 | * @msg_ctx: Message context, which is used to handle the reply. If |
135 | * this is NULL, then we do not expect a reply. |
136 | * @msg_type: Type of message |
137 | * @msg_flags: Flags for message |
138 | * @daemon: eCryptfs daemon object |
139 | * |
140 | * Add msg_ctx to queue and then, if it exists, notify the blocked |
141 | * miscdevess about the data being available. Must be called with |
142 | * ecryptfs_daemon_hash_mux held. |
143 | * |
144 | * Returns zero on success; non-zero otherwise |
145 | */ |
146 | int ecryptfs_send_miscdev(char *data, size_t data_size, |
147 | struct ecryptfs_msg_ctx *msg_ctx, u8 msg_type, |
148 | u16 msg_flags, struct ecryptfs_daemon *daemon) |
149 | { |
150 | struct ecryptfs_message *msg; |
151 | |
152 | msg = kmalloc(size: (sizeof(*msg) + data_size), GFP_KERNEL); |
153 | if (!msg) |
154 | return -ENOMEM; |
155 | |
156 | mutex_lock(&msg_ctx->mux); |
157 | msg_ctx->msg = msg; |
158 | msg_ctx->msg->index = msg_ctx->index; |
159 | msg_ctx->msg->data_len = data_size; |
160 | msg_ctx->type = msg_type; |
161 | memcpy(msg_ctx->msg->data, data, data_size); |
162 | msg_ctx->msg_size = (sizeof(*msg_ctx->msg) + data_size); |
163 | list_add_tail(new: &msg_ctx->daemon_out_list, head: &daemon->msg_ctx_out_queue); |
164 | mutex_unlock(lock: &msg_ctx->mux); |
165 | |
166 | mutex_lock(&daemon->mux); |
167 | daemon->num_queued_msg_ctx++; |
168 | wake_up_interruptible(&daemon->wait); |
169 | mutex_unlock(lock: &daemon->mux); |
170 | |
171 | return 0; |
172 | } |
173 | |
174 | /* |
175 | * miscdevfs packet format: |
176 | * Octet 0: Type |
177 | * Octets 1-4: network byte order msg_ctx->counter |
178 | * Octets 5-N0: Size of struct ecryptfs_message to follow |
179 | * Octets N0-N1: struct ecryptfs_message (including data) |
180 | * |
181 | * Octets 5-N1 not written if the packet type does not include a message |
182 | */ |
183 | #define PKT_TYPE_SIZE 1 |
184 | #define PKT_CTR_SIZE 4 |
185 | #define MIN_NON_MSG_PKT_SIZE (PKT_TYPE_SIZE + PKT_CTR_SIZE) |
186 | #define MIN_MSG_PKT_SIZE (PKT_TYPE_SIZE + PKT_CTR_SIZE \ |
187 | + ECRYPTFS_MIN_PKT_LEN_SIZE) |
188 | /* 4 + ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES comes from tag 65 packet format */ |
189 | #define MAX_MSG_PKT_SIZE (PKT_TYPE_SIZE + PKT_CTR_SIZE \ |
190 | + ECRYPTFS_MAX_PKT_LEN_SIZE \ |
191 | + sizeof(struct ecryptfs_message) \ |
192 | + 4 + ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) |
193 | #define PKT_TYPE_OFFSET 0 |
194 | #define PKT_CTR_OFFSET PKT_TYPE_SIZE |
195 | #define PKT_LEN_OFFSET (PKT_TYPE_SIZE + PKT_CTR_SIZE) |
196 | |
197 | /** |
198 | * ecryptfs_miscdev_read - format and send message from queue |
199 | * @file: miscdevfs handle |
200 | * @buf: User buffer into which to copy the next message on the daemon queue |
201 | * @count: Amount of space available in @buf |
202 | * @ppos: Offset in file (ignored) |
203 | * |
204 | * Pulls the most recent message from the daemon queue, formats it for |
205 | * being sent via a miscdevfs handle, and copies it into @buf |
206 | * |
207 | * Returns the number of bytes copied into the user buffer |
208 | */ |
209 | static ssize_t |
210 | ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count, |
211 | loff_t *ppos) |
212 | { |
213 | struct ecryptfs_daemon *daemon = file->private_data; |
214 | struct ecryptfs_msg_ctx *msg_ctx; |
215 | size_t packet_length_size; |
216 | char packet_length[ECRYPTFS_MAX_PKT_LEN_SIZE]; |
217 | size_t i; |
218 | size_t total_length; |
219 | int rc; |
220 | |
221 | mutex_lock(&daemon->mux); |
222 | if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { |
223 | rc = 0; |
224 | printk(KERN_WARNING "%s: Attempt to read from zombified " |
225 | "daemon\n" , __func__); |
226 | goto out_unlock_daemon; |
227 | } |
228 | if (daemon->flags & ECRYPTFS_DAEMON_IN_READ) { |
229 | rc = 0; |
230 | goto out_unlock_daemon; |
231 | } |
232 | /* This daemon will not go away so long as this flag is set */ |
233 | daemon->flags |= ECRYPTFS_DAEMON_IN_READ; |
234 | check_list: |
235 | if (list_empty(head: &daemon->msg_ctx_out_queue)) { |
236 | mutex_unlock(lock: &daemon->mux); |
237 | rc = wait_event_interruptible( |
238 | daemon->wait, !list_empty(&daemon->msg_ctx_out_queue)); |
239 | mutex_lock(&daemon->mux); |
240 | if (rc < 0) { |
241 | rc = 0; |
242 | goto out_unlock_daemon; |
243 | } |
244 | } |
245 | if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) { |
246 | rc = 0; |
247 | goto out_unlock_daemon; |
248 | } |
249 | if (list_empty(head: &daemon->msg_ctx_out_queue)) { |
250 | /* Something else jumped in since the |
251 | * wait_event_interruptable() and removed the |
252 | * message from the queue; try again */ |
253 | goto check_list; |
254 | } |
255 | msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue, |
256 | struct ecryptfs_msg_ctx, daemon_out_list); |
257 | BUG_ON(!msg_ctx); |
258 | mutex_lock(&msg_ctx->mux); |
259 | if (msg_ctx->msg) { |
260 | rc = ecryptfs_write_packet_length(dest: packet_length, |
261 | size: msg_ctx->msg_size, |
262 | packet_size_length: &packet_length_size); |
263 | if (rc) { |
264 | rc = 0; |
265 | printk(KERN_WARNING "%s: Error writing packet length; " |
266 | "rc = [%d]\n" , __func__, rc); |
267 | goto out_unlock_msg_ctx; |
268 | } |
269 | } else { |
270 | packet_length_size = 0; |
271 | msg_ctx->msg_size = 0; |
272 | } |
273 | total_length = (PKT_TYPE_SIZE + PKT_CTR_SIZE + packet_length_size |
274 | + msg_ctx->msg_size); |
275 | if (count < total_length) { |
276 | rc = 0; |
277 | printk(KERN_WARNING "%s: Only given user buffer of " |
278 | "size [%zd], but we need [%zd] to read the " |
279 | "pending message\n" , __func__, count, total_length); |
280 | goto out_unlock_msg_ctx; |
281 | } |
282 | rc = -EFAULT; |
283 | if (put_user(msg_ctx->type, buf)) |
284 | goto out_unlock_msg_ctx; |
285 | if (put_user(cpu_to_be32(msg_ctx->counter), |
286 | (__be32 __user *)(&buf[PKT_CTR_OFFSET]))) |
287 | goto out_unlock_msg_ctx; |
288 | i = PKT_TYPE_SIZE + PKT_CTR_SIZE; |
289 | if (msg_ctx->msg) { |
290 | if (copy_to_user(to: &buf[i], from: packet_length, n: packet_length_size)) |
291 | goto out_unlock_msg_ctx; |
292 | i += packet_length_size; |
293 | if (copy_to_user(to: &buf[i], from: msg_ctx->msg, n: msg_ctx->msg_size)) |
294 | goto out_unlock_msg_ctx; |
295 | i += msg_ctx->msg_size; |
296 | } |
297 | rc = i; |
298 | list_del(entry: &msg_ctx->daemon_out_list); |
299 | kfree(objp: msg_ctx->msg); |
300 | msg_ctx->msg = NULL; |
301 | /* We do not expect a reply from the userspace daemon for any |
302 | * message type other than ECRYPTFS_MSG_REQUEST */ |
303 | if (msg_ctx->type != ECRYPTFS_MSG_REQUEST) |
304 | ecryptfs_msg_ctx_alloc_to_free(msg_ctx); |
305 | out_unlock_msg_ctx: |
306 | mutex_unlock(lock: &msg_ctx->mux); |
307 | out_unlock_daemon: |
308 | daemon->flags &= ~ECRYPTFS_DAEMON_IN_READ; |
309 | mutex_unlock(lock: &daemon->mux); |
310 | return rc; |
311 | } |
312 | |
313 | /** |
314 | * ecryptfs_miscdev_response - miscdevess response to message previously sent to daemon |
315 | * @daemon: eCryptfs daemon object |
316 | * @data: Bytes comprising struct ecryptfs_message |
317 | * @data_size: sizeof(struct ecryptfs_message) + data len |
318 | * @seq: Sequence number for miscdev response packet |
319 | * |
320 | * Returns zero on success; non-zero otherwise |
321 | */ |
322 | static int ecryptfs_miscdev_response(struct ecryptfs_daemon *daemon, char *data, |
323 | size_t data_size, u32 seq) |
324 | { |
325 | struct ecryptfs_message *msg = (struct ecryptfs_message *)data; |
326 | int rc; |
327 | |
328 | if ((sizeof(*msg) + msg->data_len) != data_size) { |
329 | printk(KERN_WARNING "%s: (sizeof(*msg) + msg->data_len) = " |
330 | "[%zd]; data_size = [%zd]. Invalid packet.\n" , __func__, |
331 | (sizeof(*msg) + msg->data_len), data_size); |
332 | rc = -EINVAL; |
333 | goto out; |
334 | } |
335 | rc = ecryptfs_process_response(daemon, msg, seq); |
336 | if (rc) |
337 | printk(KERN_ERR |
338 | "Error processing response message; rc = [%d]\n" , rc); |
339 | out: |
340 | return rc; |
341 | } |
342 | |
343 | /** |
344 | * ecryptfs_miscdev_write - handle write to daemon miscdev handle |
345 | * @file: File for misc dev handle |
346 | * @buf: Buffer containing user data |
347 | * @count: Amount of data in @buf |
348 | * @ppos: Pointer to offset in file (ignored) |
349 | * |
350 | * Returns the number of bytes read from @buf |
351 | */ |
352 | static ssize_t |
353 | ecryptfs_miscdev_write(struct file *file, const char __user *buf, |
354 | size_t count, loff_t *ppos) |
355 | { |
356 | __be32 counter_nbo; |
357 | u32 seq; |
358 | size_t packet_size, packet_size_length; |
359 | char *data; |
360 | unsigned char packet_size_peek[ECRYPTFS_MAX_PKT_LEN_SIZE]; |
361 | ssize_t rc; |
362 | |
363 | if (count == 0) { |
364 | return 0; |
365 | } else if (count == MIN_NON_MSG_PKT_SIZE) { |
366 | /* Likely a harmless MSG_HELO or MSG_QUIT - no packet length */ |
367 | goto memdup; |
368 | } else if (count < MIN_MSG_PKT_SIZE || count > MAX_MSG_PKT_SIZE) { |
369 | printk(KERN_WARNING "%s: Acceptable packet size range is " |
370 | "[%d-%zu], but amount of data written is [%zu].\n" , |
371 | __func__, MIN_MSG_PKT_SIZE, MAX_MSG_PKT_SIZE, count); |
372 | return -EINVAL; |
373 | } |
374 | |
375 | if (copy_from_user(to: packet_size_peek, from: &buf[PKT_LEN_OFFSET], |
376 | n: sizeof(packet_size_peek))) { |
377 | printk(KERN_WARNING "%s: Error while inspecting packet size\n" , |
378 | __func__); |
379 | return -EFAULT; |
380 | } |
381 | |
382 | rc = ecryptfs_parse_packet_length(data: packet_size_peek, size: &packet_size, |
383 | length_size: &packet_size_length); |
384 | if (rc) { |
385 | printk(KERN_WARNING "%s: Error parsing packet length; " |
386 | "rc = [%zd]\n" , __func__, rc); |
387 | return rc; |
388 | } |
389 | |
390 | if ((PKT_TYPE_SIZE + PKT_CTR_SIZE + packet_size_length + packet_size) |
391 | != count) { |
392 | printk(KERN_WARNING "%s: Invalid packet size [%zu]\n" , __func__, |
393 | packet_size); |
394 | return -EINVAL; |
395 | } |
396 | |
397 | memdup: |
398 | data = memdup_user(buf, count); |
399 | if (IS_ERR(ptr: data)) { |
400 | printk(KERN_ERR "%s: memdup_user returned error [%ld]\n" , |
401 | __func__, PTR_ERR(data)); |
402 | return PTR_ERR(ptr: data); |
403 | } |
404 | switch (data[PKT_TYPE_OFFSET]) { |
405 | case ECRYPTFS_MSG_RESPONSE: |
406 | if (count < (MIN_MSG_PKT_SIZE |
407 | + sizeof(struct ecryptfs_message))) { |
408 | printk(KERN_WARNING "%s: Minimum acceptable packet " |
409 | "size is [%zd], but amount of data written is " |
410 | "only [%zd]. Discarding response packet.\n" , |
411 | __func__, |
412 | (MIN_MSG_PKT_SIZE |
413 | + sizeof(struct ecryptfs_message)), count); |
414 | rc = -EINVAL; |
415 | goto out_free; |
416 | } |
417 | memcpy(&counter_nbo, &data[PKT_CTR_OFFSET], PKT_CTR_SIZE); |
418 | seq = be32_to_cpu(counter_nbo); |
419 | rc = ecryptfs_miscdev_response(daemon: file->private_data, |
420 | data: &data[PKT_LEN_OFFSET + packet_size_length], |
421 | data_size: packet_size, seq); |
422 | if (rc) { |
423 | printk(KERN_WARNING "%s: Failed to deliver miscdev " |
424 | "response to requesting operation; rc = [%zd]\n" , |
425 | __func__, rc); |
426 | goto out_free; |
427 | } |
428 | break; |
429 | case ECRYPTFS_MSG_HELO: |
430 | case ECRYPTFS_MSG_QUIT: |
431 | break; |
432 | default: |
433 | ecryptfs_printk(KERN_WARNING, "Dropping miscdev " |
434 | "message of unrecognized type [%d]\n" , |
435 | data[0]); |
436 | rc = -EINVAL; |
437 | goto out_free; |
438 | } |
439 | rc = count; |
440 | out_free: |
441 | kfree(objp: data); |
442 | return rc; |
443 | } |
444 | |
445 | |
446 | static const struct file_operations ecryptfs_miscdev_fops = { |
447 | .owner = THIS_MODULE, |
448 | .open = ecryptfs_miscdev_open, |
449 | .poll = ecryptfs_miscdev_poll, |
450 | .read = ecryptfs_miscdev_read, |
451 | .write = ecryptfs_miscdev_write, |
452 | .release = ecryptfs_miscdev_release, |
453 | .llseek = noop_llseek, |
454 | }; |
455 | |
456 | static struct miscdevice ecryptfs_miscdev = { |
457 | .minor = MISC_DYNAMIC_MINOR, |
458 | .name = "ecryptfs" , |
459 | .fops = &ecryptfs_miscdev_fops |
460 | }; |
461 | |
462 | /** |
463 | * ecryptfs_init_ecryptfs_miscdev |
464 | * |
465 | * Messages sent to the userspace daemon from the kernel are placed on |
466 | * a queue associated with the daemon. The next read against the |
467 | * miscdev handle by that daemon will return the oldest message placed |
468 | * on the message queue for the daemon. |
469 | * |
470 | * Returns zero on success; non-zero otherwise |
471 | */ |
472 | int __init ecryptfs_init_ecryptfs_miscdev(void) |
473 | { |
474 | int rc; |
475 | |
476 | atomic_set(v: &ecryptfs_num_miscdev_opens, i: 0); |
477 | rc = misc_register(misc: &ecryptfs_miscdev); |
478 | if (rc) |
479 | printk(KERN_ERR "%s: Failed to register miscellaneous device " |
480 | "for communications with userspace daemons; rc = [%d]\n" , |
481 | __func__, rc); |
482 | return rc; |
483 | } |
484 | |
485 | /** |
486 | * ecryptfs_destroy_ecryptfs_miscdev |
487 | * |
488 | * All of the daemons must be exorcised prior to calling this |
489 | * function. |
490 | */ |
491 | void ecryptfs_destroy_ecryptfs_miscdev(void) |
492 | { |
493 | BUG_ON(atomic_read(&ecryptfs_num_miscdev_opens) != 0); |
494 | misc_deregister(misc: &ecryptfs_miscdev); |
495 | } |
496 | |