1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * eCryptfs: Linux filesystem encryption layer |
4 | * This is where eCryptfs coordinates the symmetric encryption and |
5 | * decryption of the file data as it passes between the lower |
6 | * encrypted file and the upper decrypted file. |
7 | * |
8 | * Copyright (C) 1997-2003 Erez Zadok |
9 | * Copyright (C) 2001-2003 Stony Brook University |
10 | * Copyright (C) 2004-2007 International Business Machines Corp. |
11 | * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> |
12 | */ |
13 | |
14 | #include <linux/pagemap.h> |
15 | #include <linux/writeback.h> |
16 | #include <linux/page-flags.h> |
17 | #include <linux/mount.h> |
18 | #include <linux/file.h> |
19 | #include <linux/scatterlist.h> |
20 | #include <linux/slab.h> |
21 | #include <linux/xattr.h> |
22 | #include <asm/unaligned.h> |
23 | #include "ecryptfs_kernel.h" |
24 | |
25 | /* |
26 | * ecryptfs_get_locked_page |
27 | * |
28 | * Get one page from cache or lower f/s, return error otherwise. |
29 | * |
30 | * Returns locked and up-to-date page (if ok), with increased |
31 | * refcnt. |
32 | */ |
33 | struct page *ecryptfs_get_locked_page(struct inode *inode, loff_t index) |
34 | { |
35 | struct page *page = read_mapping_page(mapping: inode->i_mapping, index, NULL); |
36 | if (!IS_ERR(ptr: page)) |
37 | lock_page(page); |
38 | return page; |
39 | } |
40 | |
41 | /** |
42 | * ecryptfs_writepage |
43 | * @page: Page that is locked before this call is made |
44 | * @wbc: Write-back control structure |
45 | * |
46 | * Returns zero on success; non-zero otherwise |
47 | * |
48 | * This is where we encrypt the data and pass the encrypted data to |
49 | * the lower filesystem. In OpenPGP-compatible mode, we operate on |
50 | * entire underlying packets. |
51 | */ |
52 | static int ecryptfs_writepage(struct page *page, struct writeback_control *wbc) |
53 | { |
54 | int rc; |
55 | |
56 | rc = ecryptfs_encrypt_page(page); |
57 | if (rc) { |
58 | ecryptfs_printk(KERN_WARNING, "Error encrypting " |
59 | "page (upper index [0x%.16lx])\n" , page->index); |
60 | ClearPageUptodate(page); |
61 | goto out; |
62 | } |
63 | SetPageUptodate(page); |
64 | out: |
65 | unlock_page(page); |
66 | return rc; |
67 | } |
68 | |
69 | static void strip_xattr_flag(char *page_virt, |
70 | struct ecryptfs_crypt_stat *crypt_stat) |
71 | { |
72 | if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) { |
73 | size_t written; |
74 | |
75 | crypt_stat->flags &= ~ECRYPTFS_METADATA_IN_XATTR; |
76 | ecryptfs_write_crypt_stat_flags(page_virt, crypt_stat, |
77 | written: &written); |
78 | crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; |
79 | } |
80 | } |
81 | |
82 | /* |
83 | * Header Extent: |
84 | * Octets 0-7: Unencrypted file size (big-endian) |
85 | * Octets 8-15: eCryptfs special marker |
86 | * Octets 16-19: Flags |
87 | * Octet 16: File format version number (between 0 and 255) |
88 | * Octets 17-18: Reserved |
89 | * Octet 19: Bit 1 (lsb): Reserved |
90 | * Bit 2: Encrypted? |
91 | * Bits 3-8: Reserved |
92 | * Octets 20-23: Header extent size (big-endian) |
93 | * Octets 24-25: Number of header extents at front of file |
94 | * (big-endian) |
95 | * Octet 26: Begin RFC 2440 authentication token packet set |
96 | */ |
97 | |
98 | /** |
99 | * ecryptfs_copy_up_encrypted_with_header |
100 | * @page: Sort of a ``virtual'' representation of the encrypted lower |
101 | * file. The actual lower file does not have the metadata in |
102 | * the header. This is locked. |
103 | * @crypt_stat: The eCryptfs inode's cryptographic context |
104 | * |
105 | * The ``view'' is the version of the file that userspace winds up |
106 | * seeing, with the header information inserted. |
107 | */ |
108 | static int |
109 | (struct page *page, |
110 | struct ecryptfs_crypt_stat *crypt_stat) |
111 | { |
112 | loff_t extent_num_in_page = 0; |
113 | loff_t num_extents_per_page = (PAGE_SIZE |
114 | / crypt_stat->extent_size); |
115 | int rc = 0; |
116 | |
117 | while (extent_num_in_page < num_extents_per_page) { |
118 | loff_t view_extent_num = ((((loff_t)page->index) |
119 | * num_extents_per_page) |
120 | + extent_num_in_page); |
121 | size_t = |
122 | (crypt_stat->metadata_size / crypt_stat->extent_size); |
123 | |
124 | if (view_extent_num < num_header_extents_at_front) { |
125 | /* This is a header extent */ |
126 | char *page_virt; |
127 | |
128 | page_virt = kmap_local_page(page); |
129 | memset(page_virt, 0, PAGE_SIZE); |
130 | /* TODO: Support more than one header extent */ |
131 | if (view_extent_num == 0) { |
132 | size_t written; |
133 | |
134 | rc = ecryptfs_read_xattr_region( |
135 | page_virt, ecryptfs_inode: page->mapping->host); |
136 | strip_xattr_flag(page_virt: page_virt + 16, crypt_stat); |
137 | ecryptfs_write_header_metadata(virt: page_virt + 20, |
138 | crypt_stat, |
139 | written: &written); |
140 | } |
141 | kunmap_local(page_virt); |
142 | flush_dcache_page(page); |
143 | if (rc) { |
144 | printk(KERN_ERR "%s: Error reading xattr " |
145 | "region; rc = [%d]\n" , __func__, rc); |
146 | goto out; |
147 | } |
148 | } else { |
149 | /* This is an encrypted data extent */ |
150 | loff_t lower_offset = |
151 | ((view_extent_num * crypt_stat->extent_size) |
152 | - crypt_stat->metadata_size); |
153 | |
154 | rc = ecryptfs_read_lower_page_segment( |
155 | page_for_ecryptfs: page, page_index: (lower_offset >> PAGE_SHIFT), |
156 | offset_in_page: (lower_offset & ~PAGE_MASK), |
157 | size: crypt_stat->extent_size, ecryptfs_inode: page->mapping->host); |
158 | if (rc) { |
159 | printk(KERN_ERR "%s: Error attempting to read " |
160 | "extent at offset [%lld] in the lower " |
161 | "file; rc = [%d]\n" , __func__, |
162 | lower_offset, rc); |
163 | goto out; |
164 | } |
165 | } |
166 | extent_num_in_page++; |
167 | } |
168 | out: |
169 | return rc; |
170 | } |
171 | |
172 | /** |
173 | * ecryptfs_read_folio |
174 | * @file: An eCryptfs file |
175 | * @folio: Folio from eCryptfs inode mapping into which to stick the read data |
176 | * |
177 | * Read in a folio, decrypting if necessary. |
178 | * |
179 | * Returns zero on success; non-zero on error. |
180 | */ |
181 | static int ecryptfs_read_folio(struct file *file, struct folio *folio) |
182 | { |
183 | struct page *page = &folio->page; |
184 | struct ecryptfs_crypt_stat *crypt_stat = |
185 | &ecryptfs_inode_to_private(inode: page->mapping->host)->crypt_stat; |
186 | int rc = 0; |
187 | |
188 | if (!crypt_stat || !(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { |
189 | rc = ecryptfs_read_lower_page_segment(page_for_ecryptfs: page, page_index: page->index, offset_in_page: 0, |
190 | PAGE_SIZE, |
191 | ecryptfs_inode: page->mapping->host); |
192 | } else if (crypt_stat->flags & ECRYPTFS_VIEW_AS_ENCRYPTED) { |
193 | if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) { |
194 | rc = ecryptfs_copy_up_encrypted_with_header(page, |
195 | crypt_stat); |
196 | if (rc) { |
197 | printk(KERN_ERR "%s: Error attempting to copy " |
198 | "the encrypted content from the lower " |
199 | "file whilst inserting the metadata " |
200 | "from the xattr into the header; rc = " |
201 | "[%d]\n" , __func__, rc); |
202 | goto out; |
203 | } |
204 | |
205 | } else { |
206 | rc = ecryptfs_read_lower_page_segment( |
207 | page_for_ecryptfs: page, page_index: page->index, offset_in_page: 0, PAGE_SIZE, |
208 | ecryptfs_inode: page->mapping->host); |
209 | if (rc) { |
210 | printk(KERN_ERR "Error reading page; rc = " |
211 | "[%d]\n" , rc); |
212 | goto out; |
213 | } |
214 | } |
215 | } else { |
216 | rc = ecryptfs_decrypt_page(page); |
217 | if (rc) { |
218 | ecryptfs_printk(KERN_ERR, "Error decrypting page; " |
219 | "rc = [%d]\n" , rc); |
220 | goto out; |
221 | } |
222 | } |
223 | out: |
224 | if (rc) |
225 | ClearPageUptodate(page); |
226 | else |
227 | SetPageUptodate(page); |
228 | ecryptfs_printk(KERN_DEBUG, "Unlocking page with index = [0x%.16lx]\n" , |
229 | page->index); |
230 | unlock_page(page); |
231 | return rc; |
232 | } |
233 | |
234 | /* |
235 | * Called with lower inode mutex held. |
236 | */ |
237 | static int fill_zeros_to_end_of_page(struct page *page, unsigned int to) |
238 | { |
239 | struct inode *inode = page->mapping->host; |
240 | int end_byte_in_page; |
241 | |
242 | if ((i_size_read(inode) / PAGE_SIZE) != page->index) |
243 | goto out; |
244 | end_byte_in_page = i_size_read(inode) % PAGE_SIZE; |
245 | if (to > end_byte_in_page) |
246 | end_byte_in_page = to; |
247 | zero_user_segment(page, start: end_byte_in_page, PAGE_SIZE); |
248 | out: |
249 | return 0; |
250 | } |
251 | |
252 | /** |
253 | * ecryptfs_write_begin |
254 | * @file: The eCryptfs file |
255 | * @mapping: The eCryptfs object |
256 | * @pos: The file offset at which to start writing |
257 | * @len: Length of the write |
258 | * @pagep: Pointer to return the page |
259 | * @fsdata: Pointer to return fs data (unused) |
260 | * |
261 | * This function must zero any hole we create |
262 | * |
263 | * Returns zero on success; non-zero otherwise |
264 | */ |
265 | static int ecryptfs_write_begin(struct file *file, |
266 | struct address_space *mapping, |
267 | loff_t pos, unsigned len, |
268 | struct page **pagep, void **fsdata) |
269 | { |
270 | pgoff_t index = pos >> PAGE_SHIFT; |
271 | struct page *page; |
272 | loff_t prev_page_end_size; |
273 | int rc = 0; |
274 | |
275 | page = grab_cache_page_write_begin(mapping, index); |
276 | if (!page) |
277 | return -ENOMEM; |
278 | *pagep = page; |
279 | |
280 | prev_page_end_size = ((loff_t)index << PAGE_SHIFT); |
281 | if (!PageUptodate(page)) { |
282 | struct ecryptfs_crypt_stat *crypt_stat = |
283 | &ecryptfs_inode_to_private(inode: mapping->host)->crypt_stat; |
284 | |
285 | if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { |
286 | rc = ecryptfs_read_lower_page_segment( |
287 | page_for_ecryptfs: page, page_index: index, offset_in_page: 0, PAGE_SIZE, ecryptfs_inode: mapping->host); |
288 | if (rc) { |
289 | printk(KERN_ERR "%s: Error attempting to read " |
290 | "lower page segment; rc = [%d]\n" , |
291 | __func__, rc); |
292 | ClearPageUptodate(page); |
293 | goto out; |
294 | } else |
295 | SetPageUptodate(page); |
296 | } else if (crypt_stat->flags & ECRYPTFS_VIEW_AS_ENCRYPTED) { |
297 | if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) { |
298 | rc = ecryptfs_copy_up_encrypted_with_header( |
299 | page, crypt_stat); |
300 | if (rc) { |
301 | printk(KERN_ERR "%s: Error attempting " |
302 | "to copy the encrypted content " |
303 | "from the lower file whilst " |
304 | "inserting the metadata from " |
305 | "the xattr into the header; rc " |
306 | "= [%d]\n" , __func__, rc); |
307 | ClearPageUptodate(page); |
308 | goto out; |
309 | } |
310 | SetPageUptodate(page); |
311 | } else { |
312 | rc = ecryptfs_read_lower_page_segment( |
313 | page_for_ecryptfs: page, page_index: index, offset_in_page: 0, PAGE_SIZE, |
314 | ecryptfs_inode: mapping->host); |
315 | if (rc) { |
316 | printk(KERN_ERR "%s: Error reading " |
317 | "page; rc = [%d]\n" , |
318 | __func__, rc); |
319 | ClearPageUptodate(page); |
320 | goto out; |
321 | } |
322 | SetPageUptodate(page); |
323 | } |
324 | } else { |
325 | if (prev_page_end_size |
326 | >= i_size_read(inode: page->mapping->host)) { |
327 | zero_user(page, start: 0, PAGE_SIZE); |
328 | SetPageUptodate(page); |
329 | } else if (len < PAGE_SIZE) { |
330 | rc = ecryptfs_decrypt_page(page); |
331 | if (rc) { |
332 | printk(KERN_ERR "%s: Error decrypting " |
333 | "page at index [%ld]; " |
334 | "rc = [%d]\n" , |
335 | __func__, page->index, rc); |
336 | ClearPageUptodate(page); |
337 | goto out; |
338 | } |
339 | SetPageUptodate(page); |
340 | } |
341 | } |
342 | } |
343 | /* If creating a page or more of holes, zero them out via truncate. |
344 | * Note, this will increase i_size. */ |
345 | if (index != 0) { |
346 | if (prev_page_end_size > i_size_read(inode: page->mapping->host)) { |
347 | rc = ecryptfs_truncate(dentry: file->f_path.dentry, |
348 | new_length: prev_page_end_size); |
349 | if (rc) { |
350 | printk(KERN_ERR "%s: Error on attempt to " |
351 | "truncate to (higher) offset [%lld];" |
352 | " rc = [%d]\n" , __func__, |
353 | prev_page_end_size, rc); |
354 | goto out; |
355 | } |
356 | } |
357 | } |
358 | /* Writing to a new page, and creating a small hole from start |
359 | * of page? Zero it out. */ |
360 | if ((i_size_read(inode: mapping->host) == prev_page_end_size) |
361 | && (pos != 0)) |
362 | zero_user(page, start: 0, PAGE_SIZE); |
363 | out: |
364 | if (unlikely(rc)) { |
365 | unlock_page(page); |
366 | put_page(page); |
367 | *pagep = NULL; |
368 | } |
369 | return rc; |
370 | } |
371 | |
372 | /* |
373 | * ecryptfs_write_inode_size_to_header |
374 | * |
375 | * Writes the lower file size to the first 8 bytes of the header. |
376 | * |
377 | * Returns zero on success; non-zero on error. |
378 | */ |
379 | static int (struct inode *ecryptfs_inode) |
380 | { |
381 | char *file_size_virt; |
382 | int rc; |
383 | |
384 | file_size_virt = kmalloc(size: sizeof(u64), GFP_KERNEL); |
385 | if (!file_size_virt) { |
386 | rc = -ENOMEM; |
387 | goto out; |
388 | } |
389 | put_unaligned_be64(val: i_size_read(inode: ecryptfs_inode), p: file_size_virt); |
390 | rc = ecryptfs_write_lower(ecryptfs_inode, data: file_size_virt, offset: 0, |
391 | size: sizeof(u64)); |
392 | kfree(objp: file_size_virt); |
393 | if (rc < 0) |
394 | printk(KERN_ERR "%s: Error writing file size to header; " |
395 | "rc = [%d]\n" , __func__, rc); |
396 | else |
397 | rc = 0; |
398 | out: |
399 | return rc; |
400 | } |
401 | |
402 | struct kmem_cache *ecryptfs_xattr_cache; |
403 | |
404 | static int ecryptfs_write_inode_size_to_xattr(struct inode *ecryptfs_inode) |
405 | { |
406 | ssize_t size; |
407 | void *xattr_virt; |
408 | struct dentry *lower_dentry = |
409 | ecryptfs_inode_to_private(inode: ecryptfs_inode)->lower_file->f_path.dentry; |
410 | struct inode *lower_inode = d_inode(dentry: lower_dentry); |
411 | int rc; |
412 | |
413 | if (!(lower_inode->i_opflags & IOP_XATTR)) { |
414 | printk(KERN_WARNING |
415 | "No support for setting xattr in lower filesystem\n" ); |
416 | rc = -ENOSYS; |
417 | goto out; |
418 | } |
419 | xattr_virt = kmem_cache_alloc(cachep: ecryptfs_xattr_cache, GFP_KERNEL); |
420 | if (!xattr_virt) { |
421 | rc = -ENOMEM; |
422 | goto out; |
423 | } |
424 | inode_lock(inode: lower_inode); |
425 | size = __vfs_getxattr(lower_dentry, lower_inode, ECRYPTFS_XATTR_NAME, |
426 | xattr_virt, PAGE_SIZE); |
427 | if (size < 0) |
428 | size = 8; |
429 | put_unaligned_be64(val: i_size_read(inode: ecryptfs_inode), p: xattr_virt); |
430 | rc = __vfs_setxattr(&nop_mnt_idmap, lower_dentry, lower_inode, |
431 | ECRYPTFS_XATTR_NAME, xattr_virt, size, 0); |
432 | inode_unlock(inode: lower_inode); |
433 | if (rc) |
434 | printk(KERN_ERR "Error whilst attempting to write inode size " |
435 | "to lower file xattr; rc = [%d]\n" , rc); |
436 | kmem_cache_free(s: ecryptfs_xattr_cache, objp: xattr_virt); |
437 | out: |
438 | return rc; |
439 | } |
440 | |
441 | int ecryptfs_write_inode_size_to_metadata(struct inode *ecryptfs_inode) |
442 | { |
443 | struct ecryptfs_crypt_stat *crypt_stat; |
444 | |
445 | crypt_stat = &ecryptfs_inode_to_private(inode: ecryptfs_inode)->crypt_stat; |
446 | BUG_ON(!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)); |
447 | if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) |
448 | return ecryptfs_write_inode_size_to_xattr(ecryptfs_inode); |
449 | else |
450 | return ecryptfs_write_inode_size_to_header(ecryptfs_inode); |
451 | } |
452 | |
453 | /** |
454 | * ecryptfs_write_end |
455 | * @file: The eCryptfs file object |
456 | * @mapping: The eCryptfs object |
457 | * @pos: The file position |
458 | * @len: The length of the data (unused) |
459 | * @copied: The amount of data copied |
460 | * @page: The eCryptfs page |
461 | * @fsdata: The fsdata (unused) |
462 | */ |
463 | static int ecryptfs_write_end(struct file *file, |
464 | struct address_space *mapping, |
465 | loff_t pos, unsigned len, unsigned copied, |
466 | struct page *page, void *fsdata) |
467 | { |
468 | pgoff_t index = pos >> PAGE_SHIFT; |
469 | unsigned from = pos & (PAGE_SIZE - 1); |
470 | unsigned to = from + copied; |
471 | struct inode *ecryptfs_inode = mapping->host; |
472 | struct ecryptfs_crypt_stat *crypt_stat = |
473 | &ecryptfs_inode_to_private(inode: ecryptfs_inode)->crypt_stat; |
474 | int rc; |
475 | |
476 | ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page" |
477 | "(page w/ index = [0x%.16lx], to = [%d])\n" , index, to); |
478 | if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { |
479 | rc = ecryptfs_write_lower_page_segment(ecryptfs_inode, page_for_lower: page, offset_in_page: 0, |
480 | size: to); |
481 | if (!rc) { |
482 | rc = copied; |
483 | fsstack_copy_inode_size(dst: ecryptfs_inode, |
484 | src: ecryptfs_inode_to_lower(inode: ecryptfs_inode)); |
485 | } |
486 | goto out; |
487 | } |
488 | if (!PageUptodate(page)) { |
489 | if (copied < PAGE_SIZE) { |
490 | rc = 0; |
491 | goto out; |
492 | } |
493 | SetPageUptodate(page); |
494 | } |
495 | /* Fills in zeros if 'to' goes beyond inode size */ |
496 | rc = fill_zeros_to_end_of_page(page, to); |
497 | if (rc) { |
498 | ecryptfs_printk(KERN_WARNING, "Error attempting to fill " |
499 | "zeros in page with index = [0x%.16lx]\n" , index); |
500 | goto out; |
501 | } |
502 | rc = ecryptfs_encrypt_page(page); |
503 | if (rc) { |
504 | ecryptfs_printk(KERN_WARNING, "Error encrypting page (upper " |
505 | "index [0x%.16lx])\n" , index); |
506 | goto out; |
507 | } |
508 | if (pos + copied > i_size_read(inode: ecryptfs_inode)) { |
509 | i_size_write(inode: ecryptfs_inode, i_size: pos + copied); |
510 | ecryptfs_printk(KERN_DEBUG, "Expanded file size to " |
511 | "[0x%.16llx]\n" , |
512 | (unsigned long long)i_size_read(ecryptfs_inode)); |
513 | } |
514 | rc = ecryptfs_write_inode_size_to_metadata(ecryptfs_inode); |
515 | if (rc) |
516 | printk(KERN_ERR "Error writing inode size to metadata; " |
517 | "rc = [%d]\n" , rc); |
518 | else |
519 | rc = copied; |
520 | out: |
521 | unlock_page(page); |
522 | put_page(page); |
523 | return rc; |
524 | } |
525 | |
526 | static sector_t ecryptfs_bmap(struct address_space *mapping, sector_t block) |
527 | { |
528 | struct inode *lower_inode = ecryptfs_inode_to_lower(inode: mapping->host); |
529 | int ret = bmap(inode: lower_inode, block: &block); |
530 | |
531 | if (ret) |
532 | return 0; |
533 | return block; |
534 | } |
535 | |
536 | #include <linux/buffer_head.h> |
537 | |
538 | const struct address_space_operations ecryptfs_aops = { |
539 | /* |
540 | * XXX: This is pretty broken for multiple reasons: ecryptfs does not |
541 | * actually use buffer_heads, and ecryptfs will crash without |
542 | * CONFIG_BLOCK. But it matches the behavior before the default for |
543 | * address_space_operations without the ->dirty_folio method was |
544 | * cleaned up, so this is the best we can do without maintainer |
545 | * feedback. |
546 | */ |
547 | #ifdef CONFIG_BLOCK |
548 | .dirty_folio = block_dirty_folio, |
549 | .invalidate_folio = block_invalidate_folio, |
550 | #endif |
551 | .writepage = ecryptfs_writepage, |
552 | .read_folio = ecryptfs_read_folio, |
553 | .write_begin = ecryptfs_write_begin, |
554 | .write_end = ecryptfs_write_end, |
555 | .bmap = ecryptfs_bmap, |
556 | }; |
557 | |