1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3 * fscrypt.h: declarations for per-file encryption
4 *
5 * Filesystems that implement per-file encryption must include this header
6 * file.
7 *
8 * Copyright (C) 2015, Google, Inc.
9 *
10 * Written by Michael Halcrow, 2015.
11 * Modified by Jaegeuk Kim, 2015.
12 */
13 #ifndef _LINUX_FSCRYPT_H
14 #define _LINUX_FSCRYPT_H
15
16 #include <linux/fs.h>
17 #include <linux/mm.h>
18 #include <linux/slab.h>
19 #include <uapi/linux/fscrypt.h>
20
21 /*
22 * The lengths of all file contents blocks must be divisible by this value.
23 * This is needed to ensure that all contents encryption modes will work, as
24 * some of the supported modes don't support arbitrarily byte-aligned messages.
25 *
26 * Since the needed alignment is 16 bytes, most filesystems will meet this
27 * requirement naturally, as typical block sizes are powers of 2. However, if a
28 * filesystem can generate arbitrarily byte-aligned block lengths (e.g., via
29 * compression), then it will need to pad to this alignment before encryption.
30 */
31 #define FSCRYPT_CONTENTS_ALIGNMENT 16
32
33 union fscrypt_policy;
34 struct fscrypt_inode_info;
35 struct fs_parameter;
36 struct seq_file;
37
38 struct fscrypt_str {
39 unsigned char *name;
40 u32 len;
41 };
42
43 struct fscrypt_name {
44 const struct qstr *usr_fname;
45 struct fscrypt_str disk_name;
46 u32 hash;
47 u32 minor_hash;
48 struct fscrypt_str crypto_buf;
49 bool is_nokey_name;
50 };
51
52 #define FSTR_INIT(n, l) { .name = n, .len = l }
53 #define FSTR_TO_QSTR(f) QSTR_INIT((f)->name, (f)->len)
54 #define fname_name(p) ((p)->disk_name.name)
55 #define fname_len(p) ((p)->disk_name.len)
56
57 /* Maximum value for the third parameter of fscrypt_operations.set_context(). */
58 #define FSCRYPT_SET_CONTEXT_MAX_SIZE 40
59
60 #ifdef CONFIG_FS_ENCRYPTION
61
62 /* Crypto operations for filesystems */
63 struct fscrypt_operations {
64 /*
65 * The offset of the pointer to struct fscrypt_inode_info in the
66 * filesystem-specific part of the inode, relative to the beginning of
67 * the common part of the inode (the 'struct inode').
68 */
69 ptrdiff_t inode_info_offs;
70
71 /*
72 * If set, then fs/crypto/ will allocate a global bounce page pool the
73 * first time an encryption key is set up for a file. The bounce page
74 * pool is required by the following functions:
75 *
76 * - fscrypt_encrypt_pagecache_blocks()
77 * - fscrypt_zeroout_range() for files not using inline crypto
78 *
79 * If the filesystem doesn't use those, it doesn't need to set this.
80 */
81 unsigned int needs_bounce_pages : 1;
82
83 /*
84 * If set, then fs/crypto/ will allow the use of encryption settings
85 * that assume inode numbers fit in 32 bits (i.e.
86 * FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64}), provided that the other
87 * prerequisites for these settings are also met. This is only useful
88 * if the filesystem wants to support inline encryption hardware that is
89 * limited to 32-bit or 64-bit data unit numbers and where programming
90 * keyslots is very slow.
91 */
92 unsigned int has_32bit_inodes : 1;
93
94 /*
95 * If set, then fs/crypto/ will allow users to select a crypto data unit
96 * size that is less than the filesystem block size. This is done via
97 * the log2_data_unit_size field of the fscrypt policy. This flag is
98 * not compatible with filesystems that encrypt variable-length blocks
99 * (i.e. blocks that aren't all equal to filesystem's block size), for
100 * example as a result of compression. It's also not compatible with
101 * the fscrypt_encrypt_block_inplace() and
102 * fscrypt_decrypt_block_inplace() functions.
103 */
104 unsigned int supports_subblock_data_units : 1;
105
106 /*
107 * This field exists only for backwards compatibility reasons and should
108 * only be set by the filesystems that are setting it already. It
109 * contains the filesystem-specific key description prefix that is
110 * accepted for "logon" keys for v1 fscrypt policies. This
111 * functionality is deprecated in favor of the generic prefix
112 * "fscrypt:", which itself is deprecated in favor of the filesystem
113 * keyring ioctls such as FS_IOC_ADD_ENCRYPTION_KEY. Filesystems that
114 * are newly adding fscrypt support should not set this field.
115 */
116 const char *legacy_key_prefix;
117
118 /*
119 * Get the fscrypt context of the given inode.
120 *
121 * @inode: the inode whose context to get
122 * @ctx: the buffer into which to get the context
123 * @len: length of the @ctx buffer in bytes
124 *
125 * Return: On success, returns the length of the context in bytes; this
126 * may be less than @len. On failure, returns -ENODATA if the
127 * inode doesn't have a context, -ERANGE if the context is
128 * longer than @len, or another -errno code.
129 */
130 int (*get_context)(struct inode *inode, void *ctx, size_t len);
131
132 /*
133 * Set an fscrypt context on the given inode.
134 *
135 * @inode: the inode whose context to set. The inode won't already have
136 * an fscrypt context.
137 * @ctx: the context to set
138 * @len: length of @ctx in bytes (at most FSCRYPT_SET_CONTEXT_MAX_SIZE)
139 * @fs_data: If called from fscrypt_set_context(), this will be the
140 * value the filesystem passed to fscrypt_set_context().
141 * Otherwise (i.e. when called from
142 * FS_IOC_SET_ENCRYPTION_POLICY) this will be NULL.
143 *
144 * i_rwsem will be held for write.
145 *
146 * Return: 0 on success, -errno on failure.
147 */
148 int (*set_context)(struct inode *inode, const void *ctx, size_t len,
149 void *fs_data);
150
151 /*
152 * Get the dummy fscrypt policy in use on the filesystem (if any).
153 *
154 * Filesystems only need to implement this function if they support the
155 * test_dummy_encryption mount option.
156 *
157 * Return: A pointer to the dummy fscrypt policy, if the filesystem is
158 * mounted with test_dummy_encryption; otherwise NULL.
159 */
160 const union fscrypt_policy *(*get_dummy_policy)(struct super_block *sb);
161
162 /*
163 * Check whether a directory is empty. i_rwsem will be held for write.
164 */
165 bool (*empty_dir)(struct inode *inode);
166
167 /*
168 * Check whether the filesystem's inode numbers and UUID are stable,
169 * meaning that they will never be changed even by offline operations
170 * such as filesystem shrinking and therefore can be used in the
171 * encryption without the possibility of files becoming unreadable.
172 *
173 * Filesystems only need to implement this function if they want to
174 * support the FSCRYPT_POLICY_FLAG_IV_INO_LBLK_{32,64} flags. These
175 * flags are designed to work around the limitations of UFS and eMMC
176 * inline crypto hardware, and they shouldn't be used in scenarios where
177 * such hardware isn't being used.
178 *
179 * Leaving this NULL is equivalent to always returning false.
180 */
181 bool (*has_stable_inodes)(struct super_block *sb);
182
183 /*
184 * Return an array of pointers to the block devices to which the
185 * filesystem may write encrypted file contents, NULL if the filesystem
186 * only has a single such block device, or an ERR_PTR() on error.
187 *
188 * On successful non-NULL return, *num_devs is set to the number of
189 * devices in the returned array. The caller must free the returned
190 * array using kfree().
191 *
192 * If the filesystem can use multiple block devices (other than block
193 * devices that aren't used for encrypted file contents, such as
194 * external journal devices), and wants to support inline encryption,
195 * then it must implement this function. Otherwise it's not needed.
196 */
197 struct block_device **(*get_devices)(struct super_block *sb,
198 unsigned int *num_devs);
199 };
200
201 int fscrypt_d_revalidate(struct inode *dir, const struct qstr *name,
202 struct dentry *dentry, unsigned int flags);
203
204 /*
205 * Returns the address of the fscrypt info pointer within the
206 * filesystem-specific part of the inode. (To save memory on filesystems that
207 * don't support fscrypt, a field in 'struct inode' itself is no longer used.)
208 */
209 static inline struct fscrypt_inode_info **
fscrypt_inode_info_addr(const struct inode * inode)210 fscrypt_inode_info_addr(const struct inode *inode)
211 {
212 VFS_WARN_ON_ONCE(inode->i_sb->s_cop->inode_info_offs == 0);
213 return (void *)inode + inode->i_sb->s_cop->inode_info_offs;
214 }
215
216 /*
217 * Load the inode's fscrypt info pointer, using a raw dereference. Since this
218 * uses a raw dereference with no memory barrier, it is appropriate to use only
219 * when the caller knows the inode's key setup already happened, resulting in
220 * non-NULL fscrypt info. E.g., the file contents en/decryption functions use
221 * this, since fscrypt_file_open() set up the key.
222 */
223 static inline struct fscrypt_inode_info *
fscrypt_get_inode_info_raw(const struct inode * inode)224 fscrypt_get_inode_info_raw(const struct inode *inode)
225 {
226 struct fscrypt_inode_info *ci = *fscrypt_inode_info_addr(inode);
227
228 VFS_WARN_ON_ONCE(ci == NULL);
229 return ci;
230 }
231
232 static inline struct fscrypt_inode_info *
fscrypt_get_inode_info(const struct inode * inode)233 fscrypt_get_inode_info(const struct inode *inode)
234 {
235 /*
236 * Pairs with the cmpxchg_release() in fscrypt_setup_encryption_info().
237 * I.e., another task may publish the fscrypt info concurrently,
238 * executing a RELEASE barrier. Use smp_load_acquire() here to safely
239 * ACQUIRE the memory the other task published.
240 */
241 return smp_load_acquire(fscrypt_inode_info_addr(inode));
242 }
243
244 /**
245 * fscrypt_needs_contents_encryption() - check whether an inode needs
246 * contents encryption
247 * @inode: the inode to check
248 *
249 * Return: %true iff the inode is an encrypted regular file and the kernel was
250 * built with fscrypt support.
251 *
252 * If you need to know whether the encrypt bit is set even when the kernel was
253 * built without fscrypt support, you must use IS_ENCRYPTED() directly instead.
254 */
fscrypt_needs_contents_encryption(const struct inode * inode)255 static inline bool fscrypt_needs_contents_encryption(const struct inode *inode)
256 {
257 return IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode);
258 }
259
260 /*
261 * When d_splice_alias() moves a directory's no-key alias to its
262 * plaintext alias as a result of the encryption key being added,
263 * DCACHE_NOKEY_NAME must be cleared and there might be an opportunity
264 * to disable d_revalidate. Note that we don't have to support the
265 * inverse operation because fscrypt doesn't allow no-key names to be
266 * the source or target of a rename().
267 */
fscrypt_handle_d_move(struct dentry * dentry)268 static inline void fscrypt_handle_d_move(struct dentry *dentry)
269 {
270 /*
271 * VFS calls fscrypt_handle_d_move even for non-fscrypt
272 * filesystems.
273 */
274 if (dentry->d_flags & DCACHE_NOKEY_NAME) {
275 dentry->d_flags &= ~DCACHE_NOKEY_NAME;
276
277 /*
278 * Other filesystem features might be handling dentry
279 * revalidation, in which case it cannot be disabled.
280 */
281 if (dentry->d_op->d_revalidate == fscrypt_d_revalidate)
282 dentry->d_flags &= ~DCACHE_OP_REVALIDATE;
283 }
284 }
285
286 /**
287 * fscrypt_is_nokey_name() - test whether a dentry is a no-key name
288 * @dentry: the dentry to check
289 *
290 * This returns true if the dentry is a no-key dentry. A no-key dentry is a
291 * dentry that was created in an encrypted directory that hasn't had its
292 * encryption key added yet. Such dentries may be either positive or negative.
293 *
294 * When a filesystem is asked to create a new filename in an encrypted directory
295 * and the new filename's dentry is a no-key dentry, it must fail the operation
296 * with ENOKEY. This includes ->create(), ->mkdir(), ->mknod(), ->symlink(),
297 * ->rename(), and ->link(). (However, ->rename() and ->link() are already
298 * handled by fscrypt_prepare_rename() and fscrypt_prepare_link().)
299 *
300 * This is necessary because creating a filename requires the directory's
301 * encryption key, but just checking for the key on the directory inode during
302 * the final filesystem operation doesn't guarantee that the key was available
303 * during the preceding dentry lookup. And the key must have already been
304 * available during the dentry lookup in order for it to have been checked
305 * whether the filename already exists in the directory and for the new file's
306 * dentry not to be invalidated due to it incorrectly having the no-key flag.
307 *
308 * Return: %true if the dentry is a no-key name
309 */
fscrypt_is_nokey_name(const struct dentry * dentry)310 static inline bool fscrypt_is_nokey_name(const struct dentry *dentry)
311 {
312 return dentry->d_flags & DCACHE_NOKEY_NAME;
313 }
314
fscrypt_prepare_dentry(struct dentry * dentry,bool is_nokey_name)315 static inline void fscrypt_prepare_dentry(struct dentry *dentry,
316 bool is_nokey_name)
317 {
318 /*
319 * This code tries to only take ->d_lock when necessary to write
320 * to ->d_flags. We shouldn't be peeking on d_flags for
321 * DCACHE_OP_REVALIDATE unlocked, but in the unlikely case
322 * there is a race, the worst it can happen is that we fail to
323 * unset DCACHE_OP_REVALIDATE and pay the cost of an extra
324 * d_revalidate.
325 */
326 if (is_nokey_name) {
327 spin_lock(&dentry->d_lock);
328 dentry->d_flags |= DCACHE_NOKEY_NAME;
329 spin_unlock(&dentry->d_lock);
330 } else if (dentry->d_flags & DCACHE_OP_REVALIDATE &&
331 dentry->d_op->d_revalidate == fscrypt_d_revalidate) {
332 /*
333 * Unencrypted dentries and encrypted dentries where the
334 * key is available are always valid from fscrypt
335 * perspective. Avoid the cost of calling
336 * fscrypt_d_revalidate unnecessarily.
337 */
338 spin_lock(&dentry->d_lock);
339 dentry->d_flags &= ~DCACHE_OP_REVALIDATE;
340 spin_unlock(&dentry->d_lock);
341 }
342 }
343
344 /* crypto.c */
345 void fscrypt_enqueue_decrypt_work(struct work_struct *);
346
347 struct page *fscrypt_encrypt_pagecache_blocks(struct folio *folio,
348 size_t len, size_t offs, gfp_t gfp_flags);
349 int fscrypt_encrypt_block_inplace(const struct inode *inode, struct page *page,
350 unsigned int len, unsigned int offs,
351 u64 lblk_num);
352
353 int fscrypt_decrypt_pagecache_blocks(struct folio *folio, size_t len,
354 size_t offs);
355 int fscrypt_decrypt_block_inplace(const struct inode *inode, struct page *page,
356 unsigned int len, unsigned int offs,
357 u64 lblk_num);
358
fscrypt_is_bounce_page(struct page * page)359 static inline bool fscrypt_is_bounce_page(struct page *page)
360 {
361 return page->mapping == NULL;
362 }
363
fscrypt_pagecache_page(struct page * bounce_page)364 static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
365 {
366 return (struct page *)page_private(bounce_page);
367 }
368
fscrypt_is_bounce_folio(const struct folio * folio)369 static inline bool fscrypt_is_bounce_folio(const struct folio *folio)
370 {
371 return folio->mapping == NULL;
372 }
373
374 static inline
fscrypt_pagecache_folio(const struct folio * bounce_folio)375 struct folio *fscrypt_pagecache_folio(const struct folio *bounce_folio)
376 {
377 return bounce_folio->private;
378 }
379
380 void fscrypt_free_bounce_page(struct page *bounce_page);
381
382 /* policy.c */
383 int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg);
384 int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg);
385 int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *arg);
386 int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg);
387 int fscrypt_has_permitted_context(struct inode *parent, struct inode *child);
388 int fscrypt_context_for_new_inode(void *ctx, struct inode *inode);
389 int fscrypt_set_context(struct inode *inode, void *fs_data);
390
391 struct fscrypt_dummy_policy {
392 const union fscrypt_policy *policy;
393 };
394
395 int fscrypt_parse_test_dummy_encryption(const struct fs_parameter *param,
396 struct fscrypt_dummy_policy *dummy_policy);
397 bool fscrypt_dummy_policies_equal(const struct fscrypt_dummy_policy *p1,
398 const struct fscrypt_dummy_policy *p2);
399 void fscrypt_show_test_dummy_encryption(struct seq_file *seq, char sep,
400 struct super_block *sb);
401 static inline bool
fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy * dummy_policy)402 fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy *dummy_policy)
403 {
404 return dummy_policy->policy != NULL;
405 }
406 static inline void
fscrypt_free_dummy_policy(struct fscrypt_dummy_policy * dummy_policy)407 fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy)
408 {
409 kfree(dummy_policy->policy);
410 dummy_policy->policy = NULL;
411 }
412
413 /* keyring.c */
414 void fscrypt_destroy_keyring(struct super_block *sb);
415 int fscrypt_ioctl_add_key(struct file *filp, void __user *arg);
416 int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg);
417 int fscrypt_ioctl_remove_key_all_users(struct file *filp, void __user *arg);
418 int fscrypt_ioctl_get_key_status(struct file *filp, void __user *arg);
419
420 /* keysetup.c */
421 int fscrypt_prepare_new_inode(struct inode *dir, struct inode *inode,
422 bool *encrypt_ret);
423 void fscrypt_put_encryption_info(struct inode *inode);
424 void fscrypt_free_inode(struct inode *inode);
425 int fscrypt_drop_inode(struct inode *inode);
426
427 /* fname.c */
428 int fscrypt_fname_encrypt(const struct inode *inode, const struct qstr *iname,
429 u8 *out, unsigned int olen);
430 bool fscrypt_fname_encrypted_size(const struct inode *inode, u32 orig_len,
431 u32 max_len, u32 *encrypted_len_ret);
432 int fscrypt_setup_filename(struct inode *inode, const struct qstr *iname,
433 int lookup, struct fscrypt_name *fname);
434
fscrypt_free_filename(struct fscrypt_name * fname)435 static inline void fscrypt_free_filename(struct fscrypt_name *fname)
436 {
437 kfree(fname->crypto_buf.name);
438 }
439
440 int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,
441 struct fscrypt_str *crypto_str);
442 void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str);
443 int fscrypt_fname_disk_to_usr(const struct inode *inode,
444 u32 hash, u32 minor_hash,
445 const struct fscrypt_str *iname,
446 struct fscrypt_str *oname);
447 bool fscrypt_match_name(const struct fscrypt_name *fname,
448 const u8 *de_name, u32 de_name_len);
449 u64 fscrypt_fname_siphash(const struct inode *dir, const struct qstr *name);
450
451 /* bio.c */
452 bool fscrypt_decrypt_bio(struct bio *bio);
453 int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
454 sector_t pblk, unsigned int len);
455
456 /* hooks.c */
457 int fscrypt_file_open(struct inode *inode, struct file *filp);
458 int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
459 struct dentry *dentry);
460 int __fscrypt_prepare_rename(struct inode *old_dir, struct dentry *old_dentry,
461 struct inode *new_dir, struct dentry *new_dentry,
462 unsigned int flags);
463 int __fscrypt_prepare_lookup(struct inode *dir, struct dentry *dentry,
464 struct fscrypt_name *fname);
465 int fscrypt_prepare_lookup_partial(struct inode *dir, struct dentry *dentry);
466 int __fscrypt_prepare_readdir(struct inode *dir);
467 int __fscrypt_prepare_setattr(struct dentry *dentry, struct iattr *attr);
468 int fscrypt_prepare_setflags(struct inode *inode,
469 unsigned int oldflags, unsigned int flags);
470 int fscrypt_prepare_symlink(struct inode *dir, const char *target,
471 unsigned int len, unsigned int max_len,
472 struct fscrypt_str *disk_link);
473 int __fscrypt_encrypt_symlink(struct inode *inode, const char *target,
474 unsigned int len, struct fscrypt_str *disk_link);
475 const char *fscrypt_get_symlink(struct inode *inode, const void *caddr,
476 unsigned int max_size,
477 struct delayed_call *done);
478 int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat);
fscrypt_set_ops(struct super_block * sb,const struct fscrypt_operations * s_cop)479 static inline void fscrypt_set_ops(struct super_block *sb,
480 const struct fscrypt_operations *s_cop)
481 {
482 sb->s_cop = s_cop;
483 }
484 #else /* !CONFIG_FS_ENCRYPTION */
485
486 static inline struct fscrypt_inode_info *
fscrypt_get_inode_info(const struct inode * inode)487 fscrypt_get_inode_info(const struct inode *inode)
488 {
489 return NULL;
490 }
491
fscrypt_needs_contents_encryption(const struct inode * inode)492 static inline bool fscrypt_needs_contents_encryption(const struct inode *inode)
493 {
494 return false;
495 }
496
fscrypt_handle_d_move(struct dentry * dentry)497 static inline void fscrypt_handle_d_move(struct dentry *dentry)
498 {
499 }
500
fscrypt_is_nokey_name(const struct dentry * dentry)501 static inline bool fscrypt_is_nokey_name(const struct dentry *dentry)
502 {
503 return false;
504 }
505
fscrypt_prepare_dentry(struct dentry * dentry,bool is_nokey_name)506 static inline void fscrypt_prepare_dentry(struct dentry *dentry,
507 bool is_nokey_name)
508 {
509 }
510
511 /* crypto.c */
fscrypt_enqueue_decrypt_work(struct work_struct * work)512 static inline void fscrypt_enqueue_decrypt_work(struct work_struct *work)
513 {
514 }
515
fscrypt_encrypt_pagecache_blocks(struct folio * folio,size_t len,size_t offs,gfp_t gfp_flags)516 static inline struct page *fscrypt_encrypt_pagecache_blocks(struct folio *folio,
517 size_t len, size_t offs, gfp_t gfp_flags)
518 {
519 return ERR_PTR(-EOPNOTSUPP);
520 }
521
fscrypt_encrypt_block_inplace(const struct inode * inode,struct page * page,unsigned int len,unsigned int offs,u64 lblk_num)522 static inline int fscrypt_encrypt_block_inplace(const struct inode *inode,
523 struct page *page,
524 unsigned int len,
525 unsigned int offs, u64 lblk_num)
526 {
527 return -EOPNOTSUPP;
528 }
529
fscrypt_decrypt_pagecache_blocks(struct folio * folio,size_t len,size_t offs)530 static inline int fscrypt_decrypt_pagecache_blocks(struct folio *folio,
531 size_t len, size_t offs)
532 {
533 return -EOPNOTSUPP;
534 }
535
fscrypt_decrypt_block_inplace(const struct inode * inode,struct page * page,unsigned int len,unsigned int offs,u64 lblk_num)536 static inline int fscrypt_decrypt_block_inplace(const struct inode *inode,
537 struct page *page,
538 unsigned int len,
539 unsigned int offs, u64 lblk_num)
540 {
541 return -EOPNOTSUPP;
542 }
543
fscrypt_is_bounce_page(struct page * page)544 static inline bool fscrypt_is_bounce_page(struct page *page)
545 {
546 return false;
547 }
548
fscrypt_pagecache_page(struct page * bounce_page)549 static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
550 {
551 WARN_ON_ONCE(1);
552 return ERR_PTR(-EINVAL);
553 }
554
fscrypt_is_bounce_folio(const struct folio * folio)555 static inline bool fscrypt_is_bounce_folio(const struct folio *folio)
556 {
557 return false;
558 }
559
560 static inline
fscrypt_pagecache_folio(const struct folio * bounce_folio)561 struct folio *fscrypt_pagecache_folio(const struct folio *bounce_folio)
562 {
563 WARN_ON_ONCE(1);
564 return ERR_PTR(-EINVAL);
565 }
566
fscrypt_free_bounce_page(struct page * bounce_page)567 static inline void fscrypt_free_bounce_page(struct page *bounce_page)
568 {
569 }
570
571 /* policy.c */
fscrypt_ioctl_set_policy(struct file * filp,const void __user * arg)572 static inline int fscrypt_ioctl_set_policy(struct file *filp,
573 const void __user *arg)
574 {
575 return -EOPNOTSUPP;
576 }
577
fscrypt_ioctl_get_policy(struct file * filp,void __user * arg)578 static inline int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg)
579 {
580 return -EOPNOTSUPP;
581 }
582
fscrypt_ioctl_get_policy_ex(struct file * filp,void __user * arg)583 static inline int fscrypt_ioctl_get_policy_ex(struct file *filp,
584 void __user *arg)
585 {
586 return -EOPNOTSUPP;
587 }
588
fscrypt_ioctl_get_nonce(struct file * filp,void __user * arg)589 static inline int fscrypt_ioctl_get_nonce(struct file *filp, void __user *arg)
590 {
591 return -EOPNOTSUPP;
592 }
593
fscrypt_has_permitted_context(struct inode * parent,struct inode * child)594 static inline int fscrypt_has_permitted_context(struct inode *parent,
595 struct inode *child)
596 {
597 return 0;
598 }
599
fscrypt_set_context(struct inode * inode,void * fs_data)600 static inline int fscrypt_set_context(struct inode *inode, void *fs_data)
601 {
602 return -EOPNOTSUPP;
603 }
604
605 struct fscrypt_dummy_policy {
606 };
607
608 static inline int
fscrypt_parse_test_dummy_encryption(const struct fs_parameter * param,struct fscrypt_dummy_policy * dummy_policy)609 fscrypt_parse_test_dummy_encryption(const struct fs_parameter *param,
610 struct fscrypt_dummy_policy *dummy_policy)
611 {
612 return -EINVAL;
613 }
614
615 static inline bool
fscrypt_dummy_policies_equal(const struct fscrypt_dummy_policy * p1,const struct fscrypt_dummy_policy * p2)616 fscrypt_dummy_policies_equal(const struct fscrypt_dummy_policy *p1,
617 const struct fscrypt_dummy_policy *p2)
618 {
619 return true;
620 }
621
fscrypt_show_test_dummy_encryption(struct seq_file * seq,char sep,struct super_block * sb)622 static inline void fscrypt_show_test_dummy_encryption(struct seq_file *seq,
623 char sep,
624 struct super_block *sb)
625 {
626 }
627
628 static inline bool
fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy * dummy_policy)629 fscrypt_is_dummy_policy_set(const struct fscrypt_dummy_policy *dummy_policy)
630 {
631 return false;
632 }
633
634 static inline void
fscrypt_free_dummy_policy(struct fscrypt_dummy_policy * dummy_policy)635 fscrypt_free_dummy_policy(struct fscrypt_dummy_policy *dummy_policy)
636 {
637 }
638
639 /* keyring.c */
fscrypt_destroy_keyring(struct super_block * sb)640 static inline void fscrypt_destroy_keyring(struct super_block *sb)
641 {
642 }
643
fscrypt_ioctl_add_key(struct file * filp,void __user * arg)644 static inline int fscrypt_ioctl_add_key(struct file *filp, void __user *arg)
645 {
646 return -EOPNOTSUPP;
647 }
648
fscrypt_ioctl_remove_key(struct file * filp,void __user * arg)649 static inline int fscrypt_ioctl_remove_key(struct file *filp, void __user *arg)
650 {
651 return -EOPNOTSUPP;
652 }
653
fscrypt_ioctl_remove_key_all_users(struct file * filp,void __user * arg)654 static inline int fscrypt_ioctl_remove_key_all_users(struct file *filp,
655 void __user *arg)
656 {
657 return -EOPNOTSUPP;
658 }
659
fscrypt_ioctl_get_key_status(struct file * filp,void __user * arg)660 static inline int fscrypt_ioctl_get_key_status(struct file *filp,
661 void __user *arg)
662 {
663 return -EOPNOTSUPP;
664 }
665
666 /* keysetup.c */
667
fscrypt_prepare_new_inode(struct inode * dir,struct inode * inode,bool * encrypt_ret)668 static inline int fscrypt_prepare_new_inode(struct inode *dir,
669 struct inode *inode,
670 bool *encrypt_ret)
671 {
672 if (IS_ENCRYPTED(dir))
673 return -EOPNOTSUPP;
674 return 0;
675 }
676
fscrypt_put_encryption_info(struct inode * inode)677 static inline void fscrypt_put_encryption_info(struct inode *inode)
678 {
679 return;
680 }
681
fscrypt_free_inode(struct inode * inode)682 static inline void fscrypt_free_inode(struct inode *inode)
683 {
684 }
685
fscrypt_drop_inode(struct inode * inode)686 static inline int fscrypt_drop_inode(struct inode *inode)
687 {
688 return 0;
689 }
690
691 /* fname.c */
fscrypt_setup_filename(struct inode * dir,const struct qstr * iname,int lookup,struct fscrypt_name * fname)692 static inline int fscrypt_setup_filename(struct inode *dir,
693 const struct qstr *iname,
694 int lookup, struct fscrypt_name *fname)
695 {
696 if (IS_ENCRYPTED(dir))
697 return -EOPNOTSUPP;
698
699 memset(fname, 0, sizeof(*fname));
700 fname->usr_fname = iname;
701 fname->disk_name.name = (unsigned char *)iname->name;
702 fname->disk_name.len = iname->len;
703 return 0;
704 }
705
fscrypt_free_filename(struct fscrypt_name * fname)706 static inline void fscrypt_free_filename(struct fscrypt_name *fname)
707 {
708 return;
709 }
710
fscrypt_fname_alloc_buffer(u32 max_encrypted_len,struct fscrypt_str * crypto_str)711 static inline int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,
712 struct fscrypt_str *crypto_str)
713 {
714 return -EOPNOTSUPP;
715 }
716
fscrypt_fname_free_buffer(struct fscrypt_str * crypto_str)717 static inline void fscrypt_fname_free_buffer(struct fscrypt_str *crypto_str)
718 {
719 return;
720 }
721
fscrypt_fname_disk_to_usr(const struct inode * inode,u32 hash,u32 minor_hash,const struct fscrypt_str * iname,struct fscrypt_str * oname)722 static inline int fscrypt_fname_disk_to_usr(const struct inode *inode,
723 u32 hash, u32 minor_hash,
724 const struct fscrypt_str *iname,
725 struct fscrypt_str *oname)
726 {
727 return -EOPNOTSUPP;
728 }
729
fscrypt_match_name(const struct fscrypt_name * fname,const u8 * de_name,u32 de_name_len)730 static inline bool fscrypt_match_name(const struct fscrypt_name *fname,
731 const u8 *de_name, u32 de_name_len)
732 {
733 /* Encryption support disabled; use standard comparison */
734 if (de_name_len != fname->disk_name.len)
735 return false;
736 return !memcmp(de_name, fname->disk_name.name, fname->disk_name.len);
737 }
738
fscrypt_fname_siphash(const struct inode * dir,const struct qstr * name)739 static inline u64 fscrypt_fname_siphash(const struct inode *dir,
740 const struct qstr *name)
741 {
742 WARN_ON_ONCE(1);
743 return 0;
744 }
745
fscrypt_d_revalidate(struct inode * dir,const struct qstr * name,struct dentry * dentry,unsigned int flags)746 static inline int fscrypt_d_revalidate(struct inode *dir, const struct qstr *name,
747 struct dentry *dentry, unsigned int flags)
748 {
749 return 1;
750 }
751
752 /* bio.c */
fscrypt_decrypt_bio(struct bio * bio)753 static inline bool fscrypt_decrypt_bio(struct bio *bio)
754 {
755 return true;
756 }
757
fscrypt_zeroout_range(const struct inode * inode,pgoff_t lblk,sector_t pblk,unsigned int len)758 static inline int fscrypt_zeroout_range(const struct inode *inode, pgoff_t lblk,
759 sector_t pblk, unsigned int len)
760 {
761 return -EOPNOTSUPP;
762 }
763
764 /* hooks.c */
765
fscrypt_file_open(struct inode * inode,struct file * filp)766 static inline int fscrypt_file_open(struct inode *inode, struct file *filp)
767 {
768 if (IS_ENCRYPTED(inode))
769 return -EOPNOTSUPP;
770 return 0;
771 }
772
__fscrypt_prepare_link(struct inode * inode,struct inode * dir,struct dentry * dentry)773 static inline int __fscrypt_prepare_link(struct inode *inode, struct inode *dir,
774 struct dentry *dentry)
775 {
776 return -EOPNOTSUPP;
777 }
778
__fscrypt_prepare_rename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry,unsigned int flags)779 static inline int __fscrypt_prepare_rename(struct inode *old_dir,
780 struct dentry *old_dentry,
781 struct inode *new_dir,
782 struct dentry *new_dentry,
783 unsigned int flags)
784 {
785 return -EOPNOTSUPP;
786 }
787
__fscrypt_prepare_lookup(struct inode * dir,struct dentry * dentry,struct fscrypt_name * fname)788 static inline int __fscrypt_prepare_lookup(struct inode *dir,
789 struct dentry *dentry,
790 struct fscrypt_name *fname)
791 {
792 return -EOPNOTSUPP;
793 }
794
fscrypt_prepare_lookup_partial(struct inode * dir,struct dentry * dentry)795 static inline int fscrypt_prepare_lookup_partial(struct inode *dir,
796 struct dentry *dentry)
797 {
798 return -EOPNOTSUPP;
799 }
800
__fscrypt_prepare_readdir(struct inode * dir)801 static inline int __fscrypt_prepare_readdir(struct inode *dir)
802 {
803 return -EOPNOTSUPP;
804 }
805
__fscrypt_prepare_setattr(struct dentry * dentry,struct iattr * attr)806 static inline int __fscrypt_prepare_setattr(struct dentry *dentry,
807 struct iattr *attr)
808 {
809 return -EOPNOTSUPP;
810 }
811
fscrypt_prepare_setflags(struct inode * inode,unsigned int oldflags,unsigned int flags)812 static inline int fscrypt_prepare_setflags(struct inode *inode,
813 unsigned int oldflags,
814 unsigned int flags)
815 {
816 return 0;
817 }
818
fscrypt_prepare_symlink(struct inode * dir,const char * target,unsigned int len,unsigned int max_len,struct fscrypt_str * disk_link)819 static inline int fscrypt_prepare_symlink(struct inode *dir,
820 const char *target,
821 unsigned int len,
822 unsigned int max_len,
823 struct fscrypt_str *disk_link)
824 {
825 if (IS_ENCRYPTED(dir))
826 return -EOPNOTSUPP;
827 disk_link->name = (unsigned char *)target;
828 disk_link->len = len + 1;
829 if (disk_link->len > max_len)
830 return -ENAMETOOLONG;
831 return 0;
832 }
833
__fscrypt_encrypt_symlink(struct inode * inode,const char * target,unsigned int len,struct fscrypt_str * disk_link)834 static inline int __fscrypt_encrypt_symlink(struct inode *inode,
835 const char *target,
836 unsigned int len,
837 struct fscrypt_str *disk_link)
838 {
839 return -EOPNOTSUPP;
840 }
841
fscrypt_get_symlink(struct inode * inode,const void * caddr,unsigned int max_size,struct delayed_call * done)842 static inline const char *fscrypt_get_symlink(struct inode *inode,
843 const void *caddr,
844 unsigned int max_size,
845 struct delayed_call *done)
846 {
847 return ERR_PTR(-EOPNOTSUPP);
848 }
849
fscrypt_symlink_getattr(const struct path * path,struct kstat * stat)850 static inline int fscrypt_symlink_getattr(const struct path *path,
851 struct kstat *stat)
852 {
853 return -EOPNOTSUPP;
854 }
855
fscrypt_set_ops(struct super_block * sb,const struct fscrypt_operations * s_cop)856 static inline void fscrypt_set_ops(struct super_block *sb,
857 const struct fscrypt_operations *s_cop)
858 {
859 }
860
861 #endif /* !CONFIG_FS_ENCRYPTION */
862
863 /* inline_crypt.c */
864 #ifdef CONFIG_FS_ENCRYPTION_INLINE_CRYPT
865
866 bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode);
867
868 void fscrypt_set_bio_crypt_ctx(struct bio *bio,
869 const struct inode *inode, u64 first_lblk,
870 gfp_t gfp_mask);
871
872 void fscrypt_set_bio_crypt_ctx_bh(struct bio *bio,
873 const struct buffer_head *first_bh,
874 gfp_t gfp_mask);
875
876 bool fscrypt_mergeable_bio(struct bio *bio, const struct inode *inode,
877 u64 next_lblk);
878
879 bool fscrypt_mergeable_bio_bh(struct bio *bio,
880 const struct buffer_head *next_bh);
881
882 bool fscrypt_dio_supported(struct inode *inode);
883
884 u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk, u64 nr_blocks);
885
886 #else /* CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
887
__fscrypt_inode_uses_inline_crypto(const struct inode * inode)888 static inline bool __fscrypt_inode_uses_inline_crypto(const struct inode *inode)
889 {
890 return false;
891 }
892
fscrypt_set_bio_crypt_ctx(struct bio * bio,const struct inode * inode,u64 first_lblk,gfp_t gfp_mask)893 static inline void fscrypt_set_bio_crypt_ctx(struct bio *bio,
894 const struct inode *inode,
895 u64 first_lblk, gfp_t gfp_mask) { }
896
fscrypt_set_bio_crypt_ctx_bh(struct bio * bio,const struct buffer_head * first_bh,gfp_t gfp_mask)897 static inline void fscrypt_set_bio_crypt_ctx_bh(
898 struct bio *bio,
899 const struct buffer_head *first_bh,
900 gfp_t gfp_mask) { }
901
fscrypt_mergeable_bio(struct bio * bio,const struct inode * inode,u64 next_lblk)902 static inline bool fscrypt_mergeable_bio(struct bio *bio,
903 const struct inode *inode,
904 u64 next_lblk)
905 {
906 return true;
907 }
908
fscrypt_mergeable_bio_bh(struct bio * bio,const struct buffer_head * next_bh)909 static inline bool fscrypt_mergeable_bio_bh(struct bio *bio,
910 const struct buffer_head *next_bh)
911 {
912 return true;
913 }
914
fscrypt_dio_supported(struct inode * inode)915 static inline bool fscrypt_dio_supported(struct inode *inode)
916 {
917 return !fscrypt_needs_contents_encryption(inode);
918 }
919
fscrypt_limit_io_blocks(const struct inode * inode,u64 lblk,u64 nr_blocks)920 static inline u64 fscrypt_limit_io_blocks(const struct inode *inode, u64 lblk,
921 u64 nr_blocks)
922 {
923 return nr_blocks;
924 }
925 #endif /* !CONFIG_FS_ENCRYPTION_INLINE_CRYPT */
926
927 /**
928 * fscrypt_inode_uses_inline_crypto() - test whether an inode uses inline
929 * encryption
930 * @inode: an inode. If encrypted, its key must be set up.
931 *
932 * Return: true if the inode requires file contents encryption and if the
933 * encryption should be done in the block layer via blk-crypto rather
934 * than in the filesystem layer.
935 */
fscrypt_inode_uses_inline_crypto(const struct inode * inode)936 static inline bool fscrypt_inode_uses_inline_crypto(const struct inode *inode)
937 {
938 return fscrypt_needs_contents_encryption(inode) &&
939 __fscrypt_inode_uses_inline_crypto(inode);
940 }
941
942 /**
943 * fscrypt_inode_uses_fs_layer_crypto() - test whether an inode uses fs-layer
944 * encryption
945 * @inode: an inode. If encrypted, its key must be set up.
946 *
947 * Return: true if the inode requires file contents encryption and if the
948 * encryption should be done in the filesystem layer rather than in the
949 * block layer via blk-crypto.
950 */
fscrypt_inode_uses_fs_layer_crypto(const struct inode * inode)951 static inline bool fscrypt_inode_uses_fs_layer_crypto(const struct inode *inode)
952 {
953 return fscrypt_needs_contents_encryption(inode) &&
954 !__fscrypt_inode_uses_inline_crypto(inode);
955 }
956
957 /**
958 * fscrypt_has_encryption_key() - check whether an inode has had its key set up
959 * @inode: the inode to check
960 *
961 * Return: %true if the inode has had its encryption key set up, else %false.
962 *
963 * Usually this should be preceded by fscrypt_get_encryption_info() to try to
964 * set up the key first.
965 */
fscrypt_has_encryption_key(const struct inode * inode)966 static inline bool fscrypt_has_encryption_key(const struct inode *inode)
967 {
968 return fscrypt_get_inode_info(inode) != NULL;
969 }
970
971 /**
972 * fscrypt_prepare_link() - prepare to link an inode into a possibly-encrypted
973 * directory
974 * @old_dentry: an existing dentry for the inode being linked
975 * @dir: the target directory
976 * @dentry: negative dentry for the target filename
977 *
978 * A new link can only be added to an encrypted directory if the directory's
979 * encryption key is available --- since otherwise we'd have no way to encrypt
980 * the filename.
981 *
982 * We also verify that the link will not violate the constraint that all files
983 * in an encrypted directory tree use the same encryption policy.
984 *
985 * Return: 0 on success, -ENOKEY if the directory's encryption key is missing,
986 * -EXDEV if the link would result in an inconsistent encryption policy, or
987 * another -errno code.
988 */
fscrypt_prepare_link(struct dentry * old_dentry,struct inode * dir,struct dentry * dentry)989 static inline int fscrypt_prepare_link(struct dentry *old_dentry,
990 struct inode *dir,
991 struct dentry *dentry)
992 {
993 if (IS_ENCRYPTED(dir))
994 return __fscrypt_prepare_link(d_inode(old_dentry), dir, dentry);
995 return 0;
996 }
997
998 /**
999 * fscrypt_prepare_rename() - prepare for a rename between possibly-encrypted
1000 * directories
1001 * @old_dir: source directory
1002 * @old_dentry: dentry for source file
1003 * @new_dir: target directory
1004 * @new_dentry: dentry for target location (may be negative unless exchanging)
1005 * @flags: rename flags (we care at least about %RENAME_EXCHANGE)
1006 *
1007 * Prepare for ->rename() where the source and/or target directories may be
1008 * encrypted. A new link can only be added to an encrypted directory if the
1009 * directory's encryption key is available --- since otherwise we'd have no way
1010 * to encrypt the filename. A rename to an existing name, on the other hand,
1011 * *is* cryptographically possible without the key. However, we take the more
1012 * conservative approach and just forbid all no-key renames.
1013 *
1014 * We also verify that the rename will not violate the constraint that all files
1015 * in an encrypted directory tree use the same encryption policy.
1016 *
1017 * Return: 0 on success, -ENOKEY if an encryption key is missing, -EXDEV if the
1018 * rename would cause inconsistent encryption policies, or another -errno code.
1019 */
fscrypt_prepare_rename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry,unsigned int flags)1020 static inline int fscrypt_prepare_rename(struct inode *old_dir,
1021 struct dentry *old_dentry,
1022 struct inode *new_dir,
1023 struct dentry *new_dentry,
1024 unsigned int flags)
1025 {
1026 if (IS_ENCRYPTED(old_dir) || IS_ENCRYPTED(new_dir))
1027 return __fscrypt_prepare_rename(old_dir, old_dentry,
1028 new_dir, new_dentry, flags);
1029 return 0;
1030 }
1031
1032 /**
1033 * fscrypt_prepare_lookup() - prepare to lookup a name in a possibly-encrypted
1034 * directory
1035 * @dir: directory being searched
1036 * @dentry: filename being looked up
1037 * @fname: (output) the name to use to search the on-disk directory
1038 *
1039 * Prepare for ->lookup() in a directory which may be encrypted by determining
1040 * the name that will actually be used to search the directory on-disk. If the
1041 * directory's encryption policy is supported by this kernel and its encryption
1042 * key is available, then the lookup is assumed to be by plaintext name;
1043 * otherwise, it is assumed to be by no-key name.
1044 *
1045 * This will set DCACHE_NOKEY_NAME on the dentry if the lookup is by no-key
1046 * name. In this case the filesystem must assign the dentry a dentry_operations
1047 * which contains fscrypt_d_revalidate (or contains a d_revalidate method that
1048 * calls fscrypt_d_revalidate), so that the dentry will be invalidated if the
1049 * directory's encryption key is later added.
1050 *
1051 * Return: 0 on success; -ENOENT if the directory's key is unavailable but the
1052 * filename isn't a valid no-key name, so a negative dentry should be created;
1053 * or another -errno code.
1054 */
fscrypt_prepare_lookup(struct inode * dir,struct dentry * dentry,struct fscrypt_name * fname)1055 static inline int fscrypt_prepare_lookup(struct inode *dir,
1056 struct dentry *dentry,
1057 struct fscrypt_name *fname)
1058 {
1059 if (IS_ENCRYPTED(dir))
1060 return __fscrypt_prepare_lookup(dir, dentry, fname);
1061
1062 memset(fname, 0, sizeof(*fname));
1063 fname->usr_fname = &dentry->d_name;
1064 fname->disk_name.name = (unsigned char *)dentry->d_name.name;
1065 fname->disk_name.len = dentry->d_name.len;
1066
1067 fscrypt_prepare_dentry(dentry, false);
1068
1069 return 0;
1070 }
1071
1072 /**
1073 * fscrypt_prepare_readdir() - prepare to read a possibly-encrypted directory
1074 * @dir: the directory inode
1075 *
1076 * If the directory is encrypted and it doesn't already have its encryption key
1077 * set up, try to set it up so that the filenames will be listed in plaintext
1078 * form rather than in no-key form.
1079 *
1080 * Return: 0 on success; -errno on error. Note that the encryption key being
1081 * unavailable is not considered an error. It is also not an error if
1082 * the encryption policy is unsupported by this kernel; that is treated
1083 * like the key being unavailable, so that files can still be deleted.
1084 */
fscrypt_prepare_readdir(struct inode * dir)1085 static inline int fscrypt_prepare_readdir(struct inode *dir)
1086 {
1087 if (IS_ENCRYPTED(dir))
1088 return __fscrypt_prepare_readdir(dir);
1089 return 0;
1090 }
1091
1092 /**
1093 * fscrypt_prepare_setattr() - prepare to change a possibly-encrypted inode's
1094 * attributes
1095 * @dentry: dentry through which the inode is being changed
1096 * @attr: attributes to change
1097 *
1098 * Prepare for ->setattr() on a possibly-encrypted inode. On an encrypted file,
1099 * most attribute changes are allowed even without the encryption key. However,
1100 * without the encryption key we do have to forbid truncates. This is needed
1101 * because the size being truncated to may not be a multiple of the filesystem
1102 * block size, and in that case we'd have to decrypt the final block, zero the
1103 * portion past i_size, and re-encrypt it. (We *could* allow truncating to a
1104 * filesystem block boundary, but it's simpler to just forbid all truncates ---
1105 * and we already forbid all other contents modifications without the key.)
1106 *
1107 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
1108 * if a problem occurred while setting up the encryption key.
1109 */
fscrypt_prepare_setattr(struct dentry * dentry,struct iattr * attr)1110 static inline int fscrypt_prepare_setattr(struct dentry *dentry,
1111 struct iattr *attr)
1112 {
1113 if (IS_ENCRYPTED(d_inode(dentry)))
1114 return __fscrypt_prepare_setattr(dentry, attr);
1115 return 0;
1116 }
1117
1118 /**
1119 * fscrypt_encrypt_symlink() - encrypt the symlink target if needed
1120 * @inode: symlink inode
1121 * @target: plaintext symlink target
1122 * @len: length of @target excluding null terminator
1123 * @disk_link: (in/out) the on-disk symlink target being prepared
1124 *
1125 * If the symlink target needs to be encrypted, then this function encrypts it
1126 * into @disk_link->name. fscrypt_prepare_symlink() must have been called
1127 * previously to compute @disk_link->len. If the filesystem did not allocate a
1128 * buffer for @disk_link->name after calling fscrypt_prepare_link(), then one
1129 * will be kmalloc()'ed and the filesystem will be responsible for freeing it.
1130 *
1131 * Return: 0 on success, -errno on failure
1132 */
fscrypt_encrypt_symlink(struct inode * inode,const char * target,unsigned int len,struct fscrypt_str * disk_link)1133 static inline int fscrypt_encrypt_symlink(struct inode *inode,
1134 const char *target,
1135 unsigned int len,
1136 struct fscrypt_str *disk_link)
1137 {
1138 if (IS_ENCRYPTED(inode))
1139 return __fscrypt_encrypt_symlink(inode, target, len, disk_link);
1140 return 0;
1141 }
1142
1143 /* If *pagep is a bounce page, free it and set *pagep to the pagecache page */
fscrypt_finalize_bounce_page(struct page ** pagep)1144 static inline void fscrypt_finalize_bounce_page(struct page **pagep)
1145 {
1146 struct page *page = *pagep;
1147
1148 if (fscrypt_is_bounce_page(page)) {
1149 *pagep = fscrypt_pagecache_page(page);
1150 fscrypt_free_bounce_page(page);
1151 }
1152 }
1153
1154 #endif /* _LINUX_FSCRYPT_H */
1155