1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * eCryptfs: Linux filesystem encryption layer 4 * 5 * Copyright (C) 2004-2008 International Business Machines Corp. 6 * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> 7 * Tyler Hicks <code@tyhicks.com> 8 */ 9 #include <linux/overflow.h> 10 #include <linux/sched.h> 11 #include <linux/slab.h> 12 #include <linux/user_namespace.h> 13 #include <linux/nsproxy.h> 14 #include "ecryptfs_kernel.h" 15 16 static LIST_HEAD(ecryptfs_msg_ctx_free_list); 17 static LIST_HEAD(ecryptfs_msg_ctx_alloc_list); 18 static DEFINE_MUTEX(ecryptfs_msg_ctx_lists_mux); 19 20 static struct hlist_head *ecryptfs_daemon_hash; 21 DEFINE_MUTEX(ecryptfs_daemon_hash_mux); 22 static int ecryptfs_hash_bits; 23 #define ecryptfs_current_euid_hash(uid) \ 24 hash_long((unsigned long)from_kuid(&init_user_ns, current_euid()), ecryptfs_hash_bits) 25 26 static u32 ecryptfs_msg_counter; 27 static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr; 28 29 /** 30 * ecryptfs_acquire_free_msg_ctx 31 * @msg_ctx: The context that was acquired from the free list 32 * 33 * Acquires a context element from the free list and locks the mutex 34 * on the context. Sets the msg_ctx task to current. Returns zero on 35 * success; non-zero on error or upon failure to acquire a free 36 * context element. Must be called with ecryptfs_msg_ctx_lists_mux 37 * held. 38 */ 39 static int ecryptfs_acquire_free_msg_ctx(struct ecryptfs_msg_ctx **msg_ctx) 40 { 41 struct list_head *p; 42 int rc; 43 44 if (list_empty(&ecryptfs_msg_ctx_free_list)) { 45 printk(KERN_WARNING "%s: The eCryptfs free " 46 "context list is empty. It may be helpful to " 47 "specify the ecryptfs_message_buf_len " 48 "parameter to be greater than the current " 49 "value of [%d]\n", __func__, ecryptfs_message_buf_len); 50 rc = -ENOMEM; 51 goto out; 52 } 53 list_for_each(p, &ecryptfs_msg_ctx_free_list) { 54 *msg_ctx = list_entry(p, struct ecryptfs_msg_ctx, node); 55 if (mutex_trylock(&(*msg_ctx)->mux)) { 56 (*msg_ctx)->task = current; 57 rc = 0; 58 goto out; 59 } 60 } 61 rc = -ENOMEM; 62 out: 63 return rc; 64 } 65 66 /** 67 * ecryptfs_msg_ctx_free_to_alloc 68 * @msg_ctx: The context to move from the free list to the alloc list 69 * 70 * Must be called with ecryptfs_msg_ctx_lists_mux held. 71 */ 72 static void ecryptfs_msg_ctx_free_to_alloc(struct ecryptfs_msg_ctx *msg_ctx) 73 { 74 list_move(&msg_ctx->node, &ecryptfs_msg_ctx_alloc_list); 75 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_PENDING; 76 msg_ctx->counter = ++ecryptfs_msg_counter; 77 } 78 79 /** 80 * ecryptfs_msg_ctx_alloc_to_free 81 * @msg_ctx: The context to move from the alloc list to the free list 82 * 83 * Must be called with ecryptfs_msg_ctx_lists_mux held. 84 */ 85 void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx) 86 { 87 list_move(&(msg_ctx->node), &ecryptfs_msg_ctx_free_list); 88 kfree(msg_ctx->msg); 89 msg_ctx->msg = NULL; 90 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_FREE; 91 } 92 93 /** 94 * ecryptfs_find_daemon_by_euid 95 * @daemon: If return value is zero, points to the desired daemon pointer 96 * 97 * Must be called with ecryptfs_daemon_hash_mux held. 98 * 99 * Search the hash list for the current effective user id. 100 * 101 * Returns zero if the user id exists in the list; non-zero otherwise. 102 */ 103 int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon) 104 { 105 int rc; 106 107 hlist_for_each_entry(*daemon, 108 &ecryptfs_daemon_hash[ecryptfs_current_euid_hash()], 109 euid_chain) { 110 if (uid_eq((*daemon)->file->f_cred->euid, current_euid())) { 111 rc = 0; 112 goto out; 113 } 114 } 115 rc = -EINVAL; 116 out: 117 return rc; 118 } 119 120 /** 121 * ecryptfs_spawn_daemon - Create and initialize a new daemon struct 122 * @daemon: Pointer to set to newly allocated daemon struct 123 * @file: File used when opening /dev/ecryptfs 124 * 125 * Must be called ceremoniously while in possession of 126 * ecryptfs_sacred_daemon_hash_mux 127 * 128 * Returns zero on success; non-zero otherwise 129 */ 130 int 131 ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, struct file *file) 132 { 133 int rc = 0; 134 135 (*daemon) = kzalloc_obj(**daemon); 136 if (!(*daemon)) { 137 rc = -ENOMEM; 138 goto out; 139 } 140 (*daemon)->file = file; 141 mutex_init(&(*daemon)->mux); 142 INIT_LIST_HEAD(&(*daemon)->msg_ctx_out_queue); 143 init_waitqueue_head(&(*daemon)->wait); 144 (*daemon)->num_queued_msg_ctx = 0; 145 hlist_add_head(&(*daemon)->euid_chain, 146 &ecryptfs_daemon_hash[ecryptfs_current_euid_hash()]); 147 out: 148 return rc; 149 } 150 151 /* 152 * ecryptfs_exorcise_daemon - Destroy the daemon struct 153 * 154 * Must be called ceremoniously while in possession of 155 * ecryptfs_daemon_hash_mux and the daemon's own mux. 156 */ 157 int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon) 158 { 159 struct ecryptfs_msg_ctx *msg_ctx, *msg_ctx_tmp; 160 int rc = 0; 161 162 mutex_lock(&daemon->mux); 163 if ((daemon->flags & ECRYPTFS_DAEMON_IN_READ) 164 || (daemon->flags & ECRYPTFS_DAEMON_IN_POLL)) { 165 rc = -EBUSY; 166 mutex_unlock(&daemon->mux); 167 goto out; 168 } 169 list_for_each_entry_safe(msg_ctx, msg_ctx_tmp, 170 &daemon->msg_ctx_out_queue, daemon_out_list) { 171 list_del(&msg_ctx->daemon_out_list); 172 daemon->num_queued_msg_ctx--; 173 printk(KERN_WARNING "%s: Warning: dropping message that is in " 174 "the out queue of a dying daemon\n", __func__); 175 ecryptfs_msg_ctx_alloc_to_free(msg_ctx); 176 } 177 hlist_del(&daemon->euid_chain); 178 mutex_unlock(&daemon->mux); 179 kfree_sensitive(daemon); 180 out: 181 return rc; 182 } 183 184 /** 185 * ecryptfs_process_response 186 * @daemon: eCryptfs daemon object 187 * @msg: The ecryptfs message received; the caller should sanity check 188 * msg->data_len and free the memory 189 * @seq: The sequence number of the message; must match the sequence 190 * number for the existing message context waiting for this 191 * response 192 * 193 * Processes a response message after sending an operation request to 194 * userspace. Some other process is awaiting this response. Before 195 * sending out its first communications, the other process allocated a 196 * msg_ctx from the ecryptfs_msg_ctx_arr at a particular index. The 197 * response message contains this index so that we can copy over the 198 * response message into the msg_ctx that the process holds a 199 * reference to. The other process is going to wake up, check to see 200 * that msg_ctx->state == ECRYPTFS_MSG_CTX_STATE_DONE, and then 201 * proceed to read off and process the response message. Returns zero 202 * upon delivery to desired context element; non-zero upon delivery 203 * failure or error. 204 * 205 * Returns zero on success; non-zero otherwise 206 */ 207 int ecryptfs_process_response(struct ecryptfs_daemon *daemon, 208 struct ecryptfs_message *msg, u32 seq) 209 { 210 struct ecryptfs_msg_ctx *msg_ctx; 211 size_t msg_size; 212 int rc; 213 214 if (msg->index >= ecryptfs_message_buf_len) { 215 rc = -EINVAL; 216 printk(KERN_ERR "%s: Attempt to reference " 217 "context buffer at index [%d]; maximum " 218 "allowable is [%d]\n", __func__, msg->index, 219 (ecryptfs_message_buf_len - 1)); 220 goto out; 221 } 222 msg_ctx = &ecryptfs_msg_ctx_arr[msg->index]; 223 mutex_lock(&msg_ctx->mux); 224 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { 225 rc = -EINVAL; 226 printk(KERN_WARNING "%s: Desired context element is not " 227 "pending a response\n", __func__); 228 goto unlock; 229 } else if (msg_ctx->counter != seq) { 230 rc = -EINVAL; 231 printk(KERN_WARNING "%s: Invalid message sequence; " 232 "expected [%d]; received [%d]\n", __func__, 233 msg_ctx->counter, seq); 234 goto unlock; 235 } 236 msg_size = struct_size(msg, data, msg->data_len); 237 msg_ctx->msg = kmemdup(msg, msg_size, GFP_KERNEL); 238 if (!msg_ctx->msg) { 239 rc = -ENOMEM; 240 goto unlock; 241 } 242 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_DONE; 243 wake_up_process(msg_ctx->task); 244 rc = 0; 245 unlock: 246 mutex_unlock(&msg_ctx->mux); 247 out: 248 return rc; 249 } 250 251 /** 252 * ecryptfs_send_message_locked 253 * @data: The data to send 254 * @data_len: The length of data 255 * @msg_type: Type of message 256 * @msg_ctx: The message context allocated for the send 257 * 258 * Must be called with ecryptfs_daemon_hash_mux held. 259 * 260 * Returns zero on success; non-zero otherwise 261 */ 262 static int 263 ecryptfs_send_message_locked(char *data, int data_len, u8 msg_type, 264 struct ecryptfs_msg_ctx **msg_ctx) 265 { 266 struct ecryptfs_daemon *daemon; 267 int rc; 268 269 rc = ecryptfs_find_daemon_by_euid(&daemon); 270 if (rc) { 271 rc = -ENOTCONN; 272 goto out; 273 } 274 mutex_lock(&ecryptfs_msg_ctx_lists_mux); 275 rc = ecryptfs_acquire_free_msg_ctx(msg_ctx); 276 if (rc) { 277 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 278 printk(KERN_WARNING "%s: Could not claim a free " 279 "context element\n", __func__); 280 goto out; 281 } 282 ecryptfs_msg_ctx_free_to_alloc(*msg_ctx); 283 mutex_unlock(&(*msg_ctx)->mux); 284 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 285 rc = ecryptfs_send_miscdev(data, data_len, *msg_ctx, msg_type, 0, 286 daemon); 287 if (rc) 288 printk(KERN_ERR "%s: Error attempting to send message to " 289 "userspace daemon; rc = [%d]\n", __func__, rc); 290 out: 291 return rc; 292 } 293 294 /** 295 * ecryptfs_send_message 296 * @data: The data to send 297 * @data_len: The length of data 298 * @msg_ctx: The message context allocated for the send 299 * 300 * Grabs ecryptfs_daemon_hash_mux. 301 * 302 * Returns zero on success; non-zero otherwise 303 */ 304 int ecryptfs_send_message(char *data, int data_len, 305 struct ecryptfs_msg_ctx **msg_ctx) 306 { 307 int rc; 308 309 mutex_lock(&ecryptfs_daemon_hash_mux); 310 rc = ecryptfs_send_message_locked(data, data_len, ECRYPTFS_MSG_REQUEST, 311 msg_ctx); 312 mutex_unlock(&ecryptfs_daemon_hash_mux); 313 return rc; 314 } 315 316 /** 317 * ecryptfs_wait_for_response 318 * @msg_ctx: The context that was assigned when sending a message 319 * @msg: The incoming message from userspace; not set if rc != 0 320 * 321 * Sleeps until awaken by ecryptfs_receive_message or until the amount 322 * of time exceeds ecryptfs_message_wait_timeout. If zero is 323 * returned, msg will point to a valid message from userspace; a 324 * non-zero value is returned upon failure to receive a message or an 325 * error occurs. Callee must free @msg on success. 326 */ 327 int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx, 328 struct ecryptfs_message **msg) 329 { 330 signed long timeout = ecryptfs_message_wait_timeout * HZ; 331 int rc = 0; 332 333 sleep: 334 timeout = schedule_timeout_interruptible(timeout); 335 mutex_lock(&ecryptfs_msg_ctx_lists_mux); 336 mutex_lock(&msg_ctx->mux); 337 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_DONE) { 338 if (timeout) { 339 mutex_unlock(&msg_ctx->mux); 340 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 341 goto sleep; 342 } 343 rc = -ENOMSG; 344 } else { 345 *msg = msg_ctx->msg; 346 msg_ctx->msg = NULL; 347 } 348 ecryptfs_msg_ctx_alloc_to_free(msg_ctx); 349 mutex_unlock(&msg_ctx->mux); 350 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 351 return rc; 352 } 353 354 int __init ecryptfs_init_messaging(void) 355 { 356 int i; 357 int rc = 0; 358 359 if (ecryptfs_number_of_users > ECRYPTFS_MAX_NUM_USERS) { 360 ecryptfs_number_of_users = ECRYPTFS_MAX_NUM_USERS; 361 printk(KERN_WARNING "%s: Specified number of users is " 362 "too large, defaulting to [%d] users\n", __func__, 363 ecryptfs_number_of_users); 364 } 365 mutex_lock(&ecryptfs_daemon_hash_mux); 366 ecryptfs_hash_bits = 1; 367 while (ecryptfs_number_of_users >> ecryptfs_hash_bits) 368 ecryptfs_hash_bits++; 369 ecryptfs_daemon_hash = kmalloc((sizeof(struct hlist_head) 370 * (1 << ecryptfs_hash_bits)), 371 GFP_KERNEL); 372 if (!ecryptfs_daemon_hash) { 373 rc = -ENOMEM; 374 mutex_unlock(&ecryptfs_daemon_hash_mux); 375 goto out; 376 } 377 for (i = 0; i < (1 << ecryptfs_hash_bits); i++) 378 INIT_HLIST_HEAD(&ecryptfs_daemon_hash[i]); 379 mutex_unlock(&ecryptfs_daemon_hash_mux); 380 ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx) 381 * ecryptfs_message_buf_len), 382 GFP_KERNEL); 383 if (!ecryptfs_msg_ctx_arr) { 384 kfree(ecryptfs_daemon_hash); 385 rc = -ENOMEM; 386 goto out; 387 } 388 mutex_lock(&ecryptfs_msg_ctx_lists_mux); 389 ecryptfs_msg_counter = 0; 390 for (i = 0; i < ecryptfs_message_buf_len; i++) { 391 INIT_LIST_HEAD(&ecryptfs_msg_ctx_arr[i].node); 392 INIT_LIST_HEAD(&ecryptfs_msg_ctx_arr[i].daemon_out_list); 393 mutex_init(&ecryptfs_msg_ctx_arr[i].mux); 394 mutex_lock(&ecryptfs_msg_ctx_arr[i].mux); 395 ecryptfs_msg_ctx_arr[i].index = i; 396 ecryptfs_msg_ctx_arr[i].state = ECRYPTFS_MSG_CTX_STATE_FREE; 397 ecryptfs_msg_ctx_arr[i].counter = 0; 398 ecryptfs_msg_ctx_arr[i].task = NULL; 399 ecryptfs_msg_ctx_arr[i].msg = NULL; 400 list_add_tail(&ecryptfs_msg_ctx_arr[i].node, 401 &ecryptfs_msg_ctx_free_list); 402 mutex_unlock(&ecryptfs_msg_ctx_arr[i].mux); 403 } 404 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 405 rc = ecryptfs_init_ecryptfs_miscdev(); 406 if (rc) 407 ecryptfs_release_messaging(); 408 out: 409 return rc; 410 } 411 412 void ecryptfs_release_messaging(void) 413 { 414 if (ecryptfs_msg_ctx_arr) { 415 int i; 416 417 mutex_lock(&ecryptfs_msg_ctx_lists_mux); 418 for (i = 0; i < ecryptfs_message_buf_len; i++) { 419 mutex_lock(&ecryptfs_msg_ctx_arr[i].mux); 420 kfree(ecryptfs_msg_ctx_arr[i].msg); 421 mutex_unlock(&ecryptfs_msg_ctx_arr[i].mux); 422 } 423 kfree(ecryptfs_msg_ctx_arr); 424 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 425 } 426 if (ecryptfs_daemon_hash) { 427 struct ecryptfs_daemon *daemon; 428 struct hlist_node *n; 429 int i; 430 431 mutex_lock(&ecryptfs_daemon_hash_mux); 432 for (i = 0; i < (1 << ecryptfs_hash_bits); i++) { 433 int rc; 434 435 hlist_for_each_entry_safe(daemon, n, 436 &ecryptfs_daemon_hash[i], 437 euid_chain) { 438 rc = ecryptfs_exorcise_daemon(daemon); 439 if (rc) 440 printk(KERN_ERR "%s: Error whilst " 441 "attempting to destroy daemon; " 442 "rc = [%d]. Dazed and confused, " 443 "but trying to continue.\n", 444 __func__, rc); 445 } 446 } 447 kfree(ecryptfs_daemon_hash); 448 mutex_unlock(&ecryptfs_daemon_hash_mux); 449 } 450 ecryptfs_destroy_ecryptfs_miscdev(); 451 return; 452 } 453