1 /** 2 * eCryptfs: Linux filesystem encryption layer 3 * 4 * Copyright (C) 1997-2004 Erez Zadok 5 * Copyright (C) 2001-2004 Stony Brook University 6 * Copyright (C) 2004-2007 International Business Machines Corp. 7 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> 8 * Michael C. Thompsion <mcthomps@us.ibm.com> 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License as 12 * published by the Free Software Foundation; either version 2 of the 13 * License, or (at your option) any later version. 14 * 15 * This program is distributed in the hope that it will be useful, but 16 * WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 * General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program; if not, write to the Free Software 22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 23 * 02111-1307, USA. 24 */ 25 26 #include <linux/file.h> 27 #include <linux/vmalloc.h> 28 #include <linux/pagemap.h> 29 #include <linux/dcache.h> 30 #include <linux/namei.h> 31 #include <linux/mount.h> 32 #include <linux/crypto.h> 33 #include <linux/fs_stack.h> 34 #include "ecryptfs_kernel.h" 35 36 static struct dentry *lock_parent(struct dentry *dentry) 37 { 38 struct dentry *dir; 39 40 dir = dget(dentry->d_parent); 41 mutex_lock(&(dir->d_inode->i_mutex)); 42 return dir; 43 } 44 45 static void unlock_parent(struct dentry *dentry) 46 { 47 mutex_unlock(&(dentry->d_parent->d_inode->i_mutex)); 48 dput(dentry->d_parent); 49 } 50 51 static void unlock_dir(struct dentry *dir) 52 { 53 mutex_unlock(&dir->d_inode->i_mutex); 54 dput(dir); 55 } 56 57 /** 58 * ecryptfs_create_underlying_file 59 * @lower_dir_inode: inode of the parent in the lower fs of the new file 60 * @lower_dentry: New file's dentry in the lower fs 61 * @ecryptfs_dentry: New file's dentry in ecryptfs 62 * @mode: The mode of the new file 63 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount 64 * 65 * Creates the file in the lower file system. 66 * 67 * Returns zero on success; non-zero on error condition 68 */ 69 static int 70 ecryptfs_create_underlying_file(struct inode *lower_dir_inode, 71 struct dentry *dentry, int mode, 72 struct nameidata *nd) 73 { 74 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry); 75 struct vfsmount *lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); 76 struct dentry *dentry_save; 77 struct vfsmount *vfsmount_save; 78 int rc; 79 80 dentry_save = nd->dentry; 81 vfsmount_save = nd->mnt; 82 nd->dentry = lower_dentry; 83 nd->mnt = lower_mnt; 84 rc = vfs_create(lower_dir_inode, lower_dentry, mode, nd); 85 nd->dentry = dentry_save; 86 nd->mnt = vfsmount_save; 87 return rc; 88 } 89 90 /** 91 * ecryptfs_do_create 92 * @directory_inode: inode of the new file's dentry's parent in ecryptfs 93 * @ecryptfs_dentry: New file's dentry in ecryptfs 94 * @mode: The mode of the new file 95 * @nd: nameidata of ecryptfs' parent's dentry & vfsmount 96 * 97 * Creates the underlying file and the eCryptfs inode which will link to 98 * it. It will also update the eCryptfs directory inode to mimic the 99 * stat of the lower directory inode. 100 * 101 * Returns zero on success; non-zero on error condition 102 */ 103 static int 104 ecryptfs_do_create(struct inode *directory_inode, 105 struct dentry *ecryptfs_dentry, int mode, 106 struct nameidata *nd) 107 { 108 int rc; 109 struct dentry *lower_dentry; 110 struct dentry *lower_dir_dentry; 111 112 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); 113 lower_dir_dentry = lock_parent(lower_dentry); 114 if (unlikely(IS_ERR(lower_dir_dentry))) { 115 ecryptfs_printk(KERN_ERR, "Error locking directory of " 116 "dentry\n"); 117 rc = PTR_ERR(lower_dir_dentry); 118 goto out; 119 } 120 rc = ecryptfs_create_underlying_file(lower_dir_dentry->d_inode, 121 ecryptfs_dentry, mode, nd); 122 if (unlikely(rc)) { 123 ecryptfs_printk(KERN_ERR, 124 "Failure to create underlying file\n"); 125 goto out_lock; 126 } 127 rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry, 128 directory_inode->i_sb, 0); 129 if (rc) { 130 ecryptfs_printk(KERN_ERR, "Failure in ecryptfs_interpose\n"); 131 goto out_lock; 132 } 133 fsstack_copy_attr_times(directory_inode, lower_dir_dentry->d_inode); 134 fsstack_copy_inode_size(directory_inode, lower_dir_dentry->d_inode); 135 out_lock: 136 unlock_dir(lower_dir_dentry); 137 out: 138 return rc; 139 } 140 141 /** 142 * grow_file 143 * @ecryptfs_dentry: the ecryptfs dentry 144 * @lower_file: The lower file 145 * @inode: The ecryptfs inode 146 * @lower_inode: The lower inode 147 * 148 * This is the code which will grow the file to its correct size. 149 */ 150 static int grow_file(struct dentry *ecryptfs_dentry, struct file *lower_file, 151 struct inode *inode, struct inode *lower_inode) 152 { 153 int rc = 0; 154 struct file fake_file; 155 struct ecryptfs_file_info tmp_file_info; 156 157 memset(&fake_file, 0, sizeof(fake_file)); 158 fake_file.f_path.dentry = ecryptfs_dentry; 159 memset(&tmp_file_info, 0, sizeof(tmp_file_info)); 160 ecryptfs_set_file_private(&fake_file, &tmp_file_info); 161 ecryptfs_set_file_lower(&fake_file, lower_file); 162 rc = ecryptfs_fill_zeros(&fake_file, 1); 163 if (rc) { 164 ecryptfs_inode_to_private(inode)->crypt_stat.flags |= 165 ECRYPTFS_SECURITY_WARNING; 166 ecryptfs_printk(KERN_WARNING, "Error attempting to fill zeros " 167 "in file; rc = [%d]\n", rc); 168 goto out; 169 } 170 i_size_write(inode, 0); 171 ecryptfs_write_inode_size_to_metadata(lower_file, lower_inode, inode, 172 ecryptfs_dentry, 173 ECRYPTFS_LOWER_I_MUTEX_NOT_HELD); 174 ecryptfs_inode_to_private(inode)->crypt_stat.flags |= ECRYPTFS_NEW_FILE; 175 out: 176 return rc; 177 } 178 179 /** 180 * ecryptfs_initialize_file 181 * 182 * Cause the file to be changed from a basic empty file to an ecryptfs 183 * file with a header and first data page. 184 * 185 * Returns zero on success 186 */ 187 static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry) 188 { 189 int rc = 0; 190 int lower_flags; 191 struct ecryptfs_crypt_stat *crypt_stat; 192 struct dentry *lower_dentry; 193 struct file *lower_file; 194 struct inode *inode, *lower_inode; 195 struct vfsmount *lower_mnt; 196 197 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); 198 ecryptfs_printk(KERN_DEBUG, "lower_dentry->d_name.name = [%s]\n", 199 lower_dentry->d_name.name); 200 inode = ecryptfs_dentry->d_inode; 201 crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; 202 lower_flags = ((O_CREAT | O_TRUNC) & O_ACCMODE) | O_RDWR; 203 #if BITS_PER_LONG != 32 204 lower_flags |= O_LARGEFILE; 205 #endif 206 lower_mnt = ecryptfs_dentry_to_lower_mnt(ecryptfs_dentry); 207 /* Corresponding fput() at end of this function */ 208 if ((rc = ecryptfs_open_lower_file(&lower_file, lower_dentry, lower_mnt, 209 lower_flags))) { 210 ecryptfs_printk(KERN_ERR, 211 "Error opening dentry; rc = [%i]\n", rc); 212 goto out; 213 } 214 lower_inode = lower_dentry->d_inode; 215 if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) { 216 ecryptfs_printk(KERN_DEBUG, "This is a directory\n"); 217 crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED); 218 goto out_fput; 219 } 220 crypt_stat->flags |= ECRYPTFS_NEW_FILE; 221 ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n"); 222 rc = ecryptfs_new_file_context(ecryptfs_dentry); 223 if (rc) { 224 ecryptfs_printk(KERN_DEBUG, "Error creating new file " 225 "context\n"); 226 goto out_fput; 227 } 228 rc = ecryptfs_write_metadata(ecryptfs_dentry, lower_file); 229 if (rc) { 230 ecryptfs_printk(KERN_DEBUG, "Error writing headers\n"); 231 goto out_fput; 232 } 233 rc = grow_file(ecryptfs_dentry, lower_file, inode, lower_inode); 234 out_fput: 235 if ((rc = ecryptfs_close_lower_file(lower_file))) 236 printk(KERN_ERR "Error closing lower_file\n"); 237 out: 238 return rc; 239 } 240 241 /** 242 * ecryptfs_create 243 * @dir: The inode of the directory in which to create the file. 244 * @dentry: The eCryptfs dentry 245 * @mode: The mode of the new file. 246 * @nd: nameidata 247 * 248 * Creates a new file. 249 * 250 * Returns zero on success; non-zero on error condition 251 */ 252 static int 253 ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry, 254 int mode, struct nameidata *nd) 255 { 256 int rc; 257 258 rc = ecryptfs_do_create(directory_inode, ecryptfs_dentry, mode, nd); 259 if (unlikely(rc)) { 260 ecryptfs_printk(KERN_WARNING, "Failed to create file in" 261 "lower filesystem\n"); 262 goto out; 263 } 264 /* At this point, a file exists on "disk"; we need to make sure 265 * that this on disk file is prepared to be an ecryptfs file */ 266 rc = ecryptfs_initialize_file(ecryptfs_dentry); 267 out: 268 return rc; 269 } 270 271 /** 272 * ecryptfs_lookup 273 * @dir: inode 274 * @dentry: The dentry 275 * @nd: nameidata, may be NULL 276 * 277 * Find a file on disk. If the file does not exist, then we'll add it to the 278 * dentry cache and continue on to read it from the disk. 279 */ 280 static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry, 281 struct nameidata *nd) 282 { 283 int rc = 0; 284 struct dentry *lower_dir_dentry; 285 struct dentry *lower_dentry; 286 struct vfsmount *lower_mnt; 287 char *encoded_name; 288 unsigned int encoded_namelen; 289 struct ecryptfs_crypt_stat *crypt_stat = NULL; 290 struct ecryptfs_mount_crypt_stat *mount_crypt_stat; 291 char *page_virt = NULL; 292 struct inode *lower_inode; 293 u64 file_size; 294 295 lower_dir_dentry = ecryptfs_dentry_to_lower(dentry->d_parent); 296 dentry->d_op = &ecryptfs_dops; 297 if ((dentry->d_name.len == 1 && !strcmp(dentry->d_name.name, ".")) 298 || (dentry->d_name.len == 2 299 && !strcmp(dentry->d_name.name, ".."))) { 300 d_drop(dentry); 301 goto out; 302 } 303 encoded_namelen = ecryptfs_encode_filename(crypt_stat, 304 dentry->d_name.name, 305 dentry->d_name.len, 306 &encoded_name); 307 if (encoded_namelen < 0) { 308 rc = encoded_namelen; 309 d_drop(dentry); 310 goto out; 311 } 312 ecryptfs_printk(KERN_DEBUG, "encoded_name = [%s]; encoded_namelen " 313 "= [%d]\n", encoded_name, encoded_namelen); 314 lower_dentry = lookup_one_len(encoded_name, lower_dir_dentry, 315 encoded_namelen - 1); 316 kfree(encoded_name); 317 if (IS_ERR(lower_dentry)) { 318 ecryptfs_printk(KERN_ERR, "ERR from lower_dentry\n"); 319 rc = PTR_ERR(lower_dentry); 320 d_drop(dentry); 321 goto out; 322 } 323 lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent)); 324 ecryptfs_printk(KERN_DEBUG, "lower_dentry = [%p]; lower_dentry->" 325 "d_name.name = [%s]\n", lower_dentry, 326 lower_dentry->d_name.name); 327 lower_inode = lower_dentry->d_inode; 328 fsstack_copy_attr_atime(dir, lower_dir_dentry->d_inode); 329 BUG_ON(!atomic_read(&lower_dentry->d_count)); 330 ecryptfs_set_dentry_private(dentry, 331 kmem_cache_alloc(ecryptfs_dentry_info_cache, 332 GFP_KERNEL)); 333 if (!ecryptfs_dentry_to_private(dentry)) { 334 rc = -ENOMEM; 335 ecryptfs_printk(KERN_ERR, "Out of memory whilst attempting " 336 "to allocate ecryptfs_dentry_info struct\n"); 337 goto out_dput; 338 } 339 ecryptfs_set_dentry_lower(dentry, lower_dentry); 340 ecryptfs_set_dentry_lower_mnt(dentry, lower_mnt); 341 if (!lower_dentry->d_inode) { 342 /* We want to add because we couldn't find in lower */ 343 d_add(dentry, NULL); 344 goto out; 345 } 346 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 1); 347 if (rc) { 348 ecryptfs_printk(KERN_ERR, "Error interposing\n"); 349 goto out_dput; 350 } 351 if (S_ISDIR(lower_inode->i_mode)) { 352 ecryptfs_printk(KERN_DEBUG, "Is a directory; returning\n"); 353 goto out; 354 } 355 if (S_ISLNK(lower_inode->i_mode)) { 356 ecryptfs_printk(KERN_DEBUG, "Is a symlink; returning\n"); 357 goto out; 358 } 359 if (!nd) { 360 ecryptfs_printk(KERN_DEBUG, "We have a NULL nd, just leave" 361 "as we *think* we are about to unlink\n"); 362 goto out; 363 } 364 /* Released in this function */ 365 page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2, 366 GFP_USER); 367 if (!page_virt) { 368 rc = -ENOMEM; 369 ecryptfs_printk(KERN_ERR, 370 "Cannot ecryptfs_kmalloc a page\n"); 371 goto out_dput; 372 } 373 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; 374 if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) 375 ecryptfs_set_default_sizes(crypt_stat); 376 rc = ecryptfs_read_and_validate_header_region(page_virt, lower_dentry, 377 nd->mnt); 378 if (rc) { 379 rc = ecryptfs_read_and_validate_xattr_region(page_virt, dentry); 380 if (rc) { 381 printk(KERN_DEBUG "Valid metadata not found in header " 382 "region or xattr region; treating file as " 383 "unencrypted\n"); 384 rc = 0; 385 kmem_cache_free(ecryptfs_header_cache_2, page_virt); 386 goto out; 387 } 388 crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; 389 } 390 mount_crypt_stat = &ecryptfs_superblock_to_private( 391 dentry->d_sb)->mount_crypt_stat; 392 if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) { 393 if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) 394 file_size = (crypt_stat->header_extent_size 395 + i_size_read(lower_dentry->d_inode)); 396 else 397 file_size = i_size_read(lower_dentry->d_inode); 398 } else { 399 memcpy(&file_size, page_virt, sizeof(file_size)); 400 file_size = be64_to_cpu(file_size); 401 } 402 i_size_write(dentry->d_inode, (loff_t)file_size); 403 kmem_cache_free(ecryptfs_header_cache_2, page_virt); 404 goto out; 405 406 out_dput: 407 dput(lower_dentry); 408 d_drop(dentry); 409 out: 410 return ERR_PTR(rc); 411 } 412 413 static int ecryptfs_link(struct dentry *old_dentry, struct inode *dir, 414 struct dentry *new_dentry) 415 { 416 struct dentry *lower_old_dentry; 417 struct dentry *lower_new_dentry; 418 struct dentry *lower_dir_dentry; 419 u64 file_size_save; 420 int rc; 421 422 file_size_save = i_size_read(old_dentry->d_inode); 423 lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry); 424 lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry); 425 dget(lower_old_dentry); 426 dget(lower_new_dentry); 427 lower_dir_dentry = lock_parent(lower_new_dentry); 428 rc = vfs_link(lower_old_dentry, lower_dir_dentry->d_inode, 429 lower_new_dentry); 430 if (rc || !lower_new_dentry->d_inode) 431 goto out_lock; 432 rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb, 0); 433 if (rc) 434 goto out_lock; 435 fsstack_copy_attr_times(dir, lower_new_dentry->d_inode); 436 fsstack_copy_inode_size(dir, lower_new_dentry->d_inode); 437 old_dentry->d_inode->i_nlink = 438 ecryptfs_inode_to_lower(old_dentry->d_inode)->i_nlink; 439 i_size_write(new_dentry->d_inode, file_size_save); 440 out_lock: 441 unlock_dir(lower_dir_dentry); 442 dput(lower_new_dentry); 443 dput(lower_old_dentry); 444 d_drop(lower_old_dentry); 445 d_drop(new_dentry); 446 d_drop(old_dentry); 447 return rc; 448 } 449 450 static int ecryptfs_unlink(struct inode *dir, struct dentry *dentry) 451 { 452 int rc = 0; 453 struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry); 454 struct inode *lower_dir_inode = ecryptfs_inode_to_lower(dir); 455 456 lock_parent(lower_dentry); 457 rc = vfs_unlink(lower_dir_inode, lower_dentry); 458 if (rc) { 459 printk(KERN_ERR "Error in vfs_unlink; rc = [%d]\n", rc); 460 goto out_unlock; 461 } 462 fsstack_copy_attr_times(dir, lower_dir_inode); 463 dentry->d_inode->i_nlink = 464 ecryptfs_inode_to_lower(dentry->d_inode)->i_nlink; 465 dentry->d_inode->i_ctime = dir->i_ctime; 466 out_unlock: 467 unlock_parent(lower_dentry); 468 return rc; 469 } 470 471 static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry, 472 const char *symname) 473 { 474 int rc; 475 struct dentry *lower_dentry; 476 struct dentry *lower_dir_dentry; 477 umode_t mode; 478 char *encoded_symname; 479 unsigned int encoded_symlen; 480 struct ecryptfs_crypt_stat *crypt_stat = NULL; 481 482 lower_dentry = ecryptfs_dentry_to_lower(dentry); 483 dget(lower_dentry); 484 lower_dir_dentry = lock_parent(lower_dentry); 485 mode = S_IALLUGO; 486 encoded_symlen = ecryptfs_encode_filename(crypt_stat, symname, 487 strlen(symname), 488 &encoded_symname); 489 if (encoded_symlen < 0) { 490 rc = encoded_symlen; 491 goto out_lock; 492 } 493 rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry, 494 encoded_symname, mode); 495 kfree(encoded_symname); 496 if (rc || !lower_dentry->d_inode) 497 goto out_lock; 498 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0); 499 if (rc) 500 goto out_lock; 501 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode); 502 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode); 503 out_lock: 504 unlock_dir(lower_dir_dentry); 505 dput(lower_dentry); 506 if (!dentry->d_inode) 507 d_drop(dentry); 508 return rc; 509 } 510 511 static int ecryptfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) 512 { 513 int rc; 514 struct dentry *lower_dentry; 515 struct dentry *lower_dir_dentry; 516 517 lower_dentry = ecryptfs_dentry_to_lower(dentry); 518 lower_dir_dentry = lock_parent(lower_dentry); 519 rc = vfs_mkdir(lower_dir_dentry->d_inode, lower_dentry, mode); 520 if (rc || !lower_dentry->d_inode) 521 goto out; 522 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0); 523 if (rc) 524 goto out; 525 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode); 526 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode); 527 dir->i_nlink = lower_dir_dentry->d_inode->i_nlink; 528 out: 529 unlock_dir(lower_dir_dentry); 530 if (!dentry->d_inode) 531 d_drop(dentry); 532 return rc; 533 } 534 535 static int ecryptfs_rmdir(struct inode *dir, struct dentry *dentry) 536 { 537 struct dentry *lower_dentry; 538 struct dentry *lower_dir_dentry; 539 int rc; 540 541 lower_dentry = ecryptfs_dentry_to_lower(dentry); 542 dget(dentry); 543 lower_dir_dentry = lock_parent(lower_dentry); 544 dget(lower_dentry); 545 rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry); 546 dput(lower_dentry); 547 if (!rc) 548 d_delete(lower_dentry); 549 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode); 550 dir->i_nlink = lower_dir_dentry->d_inode->i_nlink; 551 unlock_dir(lower_dir_dentry); 552 if (!rc) 553 d_drop(dentry); 554 dput(dentry); 555 return rc; 556 } 557 558 static int 559 ecryptfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) 560 { 561 int rc; 562 struct dentry *lower_dentry; 563 struct dentry *lower_dir_dentry; 564 565 lower_dentry = ecryptfs_dentry_to_lower(dentry); 566 lower_dir_dentry = lock_parent(lower_dentry); 567 rc = vfs_mknod(lower_dir_dentry->d_inode, lower_dentry, mode, dev); 568 if (rc || !lower_dentry->d_inode) 569 goto out; 570 rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, 0); 571 if (rc) 572 goto out; 573 fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode); 574 fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode); 575 out: 576 unlock_dir(lower_dir_dentry); 577 if (!dentry->d_inode) 578 d_drop(dentry); 579 return rc; 580 } 581 582 static int 583 ecryptfs_rename(struct inode *old_dir, struct dentry *old_dentry, 584 struct inode *new_dir, struct dentry *new_dentry) 585 { 586 int rc; 587 struct dentry *lower_old_dentry; 588 struct dentry *lower_new_dentry; 589 struct dentry *lower_old_dir_dentry; 590 struct dentry *lower_new_dir_dentry; 591 592 lower_old_dentry = ecryptfs_dentry_to_lower(old_dentry); 593 lower_new_dentry = ecryptfs_dentry_to_lower(new_dentry); 594 dget(lower_old_dentry); 595 dget(lower_new_dentry); 596 lower_old_dir_dentry = dget_parent(lower_old_dentry); 597 lower_new_dir_dentry = dget_parent(lower_new_dentry); 598 lock_rename(lower_old_dir_dentry, lower_new_dir_dentry); 599 rc = vfs_rename(lower_old_dir_dentry->d_inode, lower_old_dentry, 600 lower_new_dir_dentry->d_inode, lower_new_dentry); 601 if (rc) 602 goto out_lock; 603 fsstack_copy_attr_all(new_dir, lower_new_dir_dentry->d_inode, NULL); 604 if (new_dir != old_dir) 605 fsstack_copy_attr_all(old_dir, lower_old_dir_dentry->d_inode, NULL); 606 out_lock: 607 unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry); 608 dput(lower_new_dentry->d_parent); 609 dput(lower_old_dentry->d_parent); 610 dput(lower_new_dentry); 611 dput(lower_old_dentry); 612 return rc; 613 } 614 615 static int 616 ecryptfs_readlink(struct dentry *dentry, char __user * buf, int bufsiz) 617 { 618 int rc; 619 struct dentry *lower_dentry; 620 char *decoded_name; 621 char *lower_buf; 622 mm_segment_t old_fs; 623 struct ecryptfs_crypt_stat *crypt_stat; 624 625 lower_dentry = ecryptfs_dentry_to_lower(dentry); 626 if (!lower_dentry->d_inode->i_op || 627 !lower_dentry->d_inode->i_op->readlink) { 628 rc = -EINVAL; 629 goto out; 630 } 631 /* Released in this function */ 632 lower_buf = kmalloc(bufsiz, GFP_KERNEL); 633 if (lower_buf == NULL) { 634 ecryptfs_printk(KERN_ERR, "Out of memory\n"); 635 rc = -ENOMEM; 636 goto out; 637 } 638 old_fs = get_fs(); 639 set_fs(get_ds()); 640 ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ " 641 "lower_dentry->d_name.name = [%s]\n", 642 lower_dentry->d_name.name); 643 rc = lower_dentry->d_inode->i_op->readlink(lower_dentry, 644 (char __user *)lower_buf, 645 bufsiz); 646 set_fs(old_fs); 647 if (rc >= 0) { 648 crypt_stat = NULL; 649 rc = ecryptfs_decode_filename(crypt_stat, lower_buf, rc, 650 &decoded_name); 651 if (rc == -ENOMEM) 652 goto out_free_lower_buf; 653 if (rc > 0) { 654 ecryptfs_printk(KERN_DEBUG, "Copying [%d] bytes " 655 "to userspace: [%*s]\n", rc, 656 decoded_name); 657 if (copy_to_user(buf, decoded_name, rc)) 658 rc = -EFAULT; 659 } 660 kfree(decoded_name); 661 fsstack_copy_attr_atime(dentry->d_inode, 662 lower_dentry->d_inode); 663 } 664 out_free_lower_buf: 665 kfree(lower_buf); 666 out: 667 return rc; 668 } 669 670 static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd) 671 { 672 char *buf; 673 int len = PAGE_SIZE, rc; 674 mm_segment_t old_fs; 675 676 /* Released in ecryptfs_put_link(); only release here on error */ 677 buf = kmalloc(len, GFP_KERNEL); 678 if (!buf) { 679 rc = -ENOMEM; 680 goto out; 681 } 682 old_fs = get_fs(); 683 set_fs(get_ds()); 684 ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ " 685 "dentry->d_name.name = [%s]\n", dentry->d_name.name); 686 rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len); 687 buf[rc] = '\0'; 688 set_fs(old_fs); 689 if (rc < 0) 690 goto out_free; 691 rc = 0; 692 nd_set_link(nd, buf); 693 goto out; 694 out_free: 695 kfree(buf); 696 out: 697 return ERR_PTR(rc); 698 } 699 700 static void 701 ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr) 702 { 703 /* Free the char* */ 704 kfree(nd_get_link(nd)); 705 } 706 707 /** 708 * upper_size_to_lower_size 709 * @crypt_stat: Crypt_stat associated with file 710 * @upper_size: Size of the upper file 711 * 712 * Calculate the requried size of the lower file based on the 713 * specified size of the upper file. This calculation is based on the 714 * number of headers in the underlying file and the extent size. 715 * 716 * Returns Calculated size of the lower file. 717 */ 718 static loff_t 719 upper_size_to_lower_size(struct ecryptfs_crypt_stat *crypt_stat, 720 loff_t upper_size) 721 { 722 loff_t lower_size; 723 724 lower_size = ( crypt_stat->header_extent_size 725 * crypt_stat->num_header_extents_at_front ); 726 if (upper_size != 0) { 727 loff_t num_extents; 728 729 num_extents = upper_size >> crypt_stat->extent_shift; 730 if (upper_size & ~crypt_stat->extent_mask) 731 num_extents++; 732 lower_size += (num_extents * crypt_stat->extent_size); 733 } 734 return lower_size; 735 } 736 737 /** 738 * ecryptfs_truncate 739 * @dentry: The ecryptfs layer dentry 740 * @new_length: The length to expand the file to 741 * 742 * Function to handle truncations modifying the size of the file. Note 743 * that the file sizes are interpolated. When expanding, we are simply 744 * writing strings of 0's out. When truncating, we need to modify the 745 * underlying file size according to the page index interpolations. 746 * 747 * Returns zero on success; non-zero otherwise 748 */ 749 int ecryptfs_truncate(struct dentry *dentry, loff_t new_length) 750 { 751 int rc = 0; 752 struct inode *inode = dentry->d_inode; 753 struct dentry *lower_dentry; 754 struct vfsmount *lower_mnt; 755 struct file fake_ecryptfs_file, *lower_file = NULL; 756 struct ecryptfs_crypt_stat *crypt_stat; 757 loff_t i_size = i_size_read(inode); 758 loff_t lower_size_before_truncate; 759 loff_t lower_size_after_truncate; 760 761 if (unlikely((new_length == i_size))) 762 goto out; 763 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; 764 /* Set up a fake ecryptfs file, this is used to interface with 765 * the file in the underlying filesystem so that the 766 * truncation has an effect there as well. */ 767 memset(&fake_ecryptfs_file, 0, sizeof(fake_ecryptfs_file)); 768 fake_ecryptfs_file.f_path.dentry = dentry; 769 /* Released at out_free: label */ 770 ecryptfs_set_file_private(&fake_ecryptfs_file, 771 kmem_cache_alloc(ecryptfs_file_info_cache, 772 GFP_KERNEL)); 773 if (unlikely(!ecryptfs_file_to_private(&fake_ecryptfs_file))) { 774 rc = -ENOMEM; 775 goto out; 776 } 777 lower_dentry = ecryptfs_dentry_to_lower(dentry); 778 /* This dget & mntget is released through fput at out_fput: */ 779 lower_mnt = ecryptfs_dentry_to_lower_mnt(dentry); 780 if ((rc = ecryptfs_open_lower_file(&lower_file, lower_dentry, lower_mnt, 781 O_RDWR))) { 782 ecryptfs_printk(KERN_ERR, 783 "Error opening dentry; rc = [%i]\n", rc); 784 goto out_free; 785 } 786 ecryptfs_set_file_lower(&fake_ecryptfs_file, lower_file); 787 /* Switch on growing or shrinking file */ 788 if (new_length > i_size) { 789 rc = ecryptfs_fill_zeros(&fake_ecryptfs_file, new_length); 790 if (rc) { 791 ecryptfs_printk(KERN_ERR, 792 "Problem with fill_zeros\n"); 793 goto out_fput; 794 } 795 i_size_write(inode, new_length); 796 rc = ecryptfs_write_inode_size_to_metadata( 797 lower_file, lower_dentry->d_inode, inode, dentry, 798 ECRYPTFS_LOWER_I_MUTEX_NOT_HELD); 799 if (rc) { 800 printk(KERN_ERR "Problem with " 801 "ecryptfs_write_inode_size_to_metadata; " 802 "rc = [%d]\n", rc); 803 goto out_fput; 804 } 805 } else { /* new_length < i_size_read(inode) */ 806 vmtruncate(inode, new_length); 807 rc = ecryptfs_write_inode_size_to_metadata( 808 lower_file, lower_dentry->d_inode, inode, dentry, 809 ECRYPTFS_LOWER_I_MUTEX_NOT_HELD); 810 if (rc) { 811 printk(KERN_ERR "Problem with " 812 "ecryptfs_write_inode_size_to_metadata; " 813 "rc = [%d]\n", rc); 814 goto out_fput; 815 } 816 /* We are reducing the size of the ecryptfs file, and need to 817 * know if we need to reduce the size of the lower file. */ 818 lower_size_before_truncate = 819 upper_size_to_lower_size(crypt_stat, i_size); 820 lower_size_after_truncate = 821 upper_size_to_lower_size(crypt_stat, new_length); 822 if (lower_size_after_truncate < lower_size_before_truncate) 823 vmtruncate(lower_dentry->d_inode, 824 lower_size_after_truncate); 825 } 826 /* Update the access times */ 827 lower_dentry->d_inode->i_mtime = lower_dentry->d_inode->i_ctime 828 = CURRENT_TIME; 829 mark_inode_dirty_sync(inode); 830 out_fput: 831 if ((rc = ecryptfs_close_lower_file(lower_file))) 832 printk(KERN_ERR "Error closing lower_file\n"); 833 out_free: 834 if (ecryptfs_file_to_private(&fake_ecryptfs_file)) 835 kmem_cache_free(ecryptfs_file_info_cache, 836 ecryptfs_file_to_private(&fake_ecryptfs_file)); 837 out: 838 return rc; 839 } 840 841 static int 842 ecryptfs_permission(struct inode *inode, int mask, struct nameidata *nd) 843 { 844 int rc; 845 846 if (nd) { 847 struct vfsmount *vfsmnt_save = nd->mnt; 848 struct dentry *dentry_save = nd->dentry; 849 850 nd->mnt = ecryptfs_dentry_to_lower_mnt(nd->dentry); 851 nd->dentry = ecryptfs_dentry_to_lower(nd->dentry); 852 rc = permission(ecryptfs_inode_to_lower(inode), mask, nd); 853 nd->mnt = vfsmnt_save; 854 nd->dentry = dentry_save; 855 } else 856 rc = permission(ecryptfs_inode_to_lower(inode), mask, NULL); 857 return rc; 858 } 859 860 /** 861 * ecryptfs_setattr 862 * @dentry: dentry handle to the inode to modify 863 * @ia: Structure with flags of what to change and values 864 * 865 * Updates the metadata of an inode. If the update is to the size 866 * i.e. truncation, then ecryptfs_truncate will handle the size modification 867 * of both the ecryptfs inode and the lower inode. 868 * 869 * All other metadata changes will be passed right to the lower filesystem, 870 * and we will just update our inode to look like the lower. 871 */ 872 static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia) 873 { 874 int rc = 0; 875 struct dentry *lower_dentry; 876 struct inode *inode; 877 struct inode *lower_inode; 878 struct ecryptfs_crypt_stat *crypt_stat; 879 880 crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; 881 lower_dentry = ecryptfs_dentry_to_lower(dentry); 882 inode = dentry->d_inode; 883 lower_inode = ecryptfs_inode_to_lower(inode); 884 if (ia->ia_valid & ATTR_SIZE) { 885 ecryptfs_printk(KERN_DEBUG, 886 "ia->ia_valid = [0x%x] ATTR_SIZE" " = [0x%x]\n", 887 ia->ia_valid, ATTR_SIZE); 888 rc = ecryptfs_truncate(dentry, ia->ia_size); 889 /* ecryptfs_truncate handles resizing of the lower file */ 890 ia->ia_valid &= ~ATTR_SIZE; 891 ecryptfs_printk(KERN_DEBUG, "ia->ia_valid = [%x]\n", 892 ia->ia_valid); 893 if (rc < 0) 894 goto out; 895 } 896 rc = notify_change(lower_dentry, ia); 897 out: 898 fsstack_copy_attr_all(inode, lower_inode, NULL); 899 return rc; 900 } 901 902 int 903 ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value, 904 size_t size, int flags) 905 { 906 int rc = 0; 907 struct dentry *lower_dentry; 908 909 lower_dentry = ecryptfs_dentry_to_lower(dentry); 910 if (!lower_dentry->d_inode->i_op->setxattr) { 911 rc = -ENOSYS; 912 goto out; 913 } 914 mutex_lock(&lower_dentry->d_inode->i_mutex); 915 rc = lower_dentry->d_inode->i_op->setxattr(lower_dentry, name, value, 916 size, flags); 917 mutex_unlock(&lower_dentry->d_inode->i_mutex); 918 out: 919 return rc; 920 } 921 922 ssize_t 923 ecryptfs_getxattr(struct dentry *dentry, const char *name, void *value, 924 size_t size) 925 { 926 int rc = 0; 927 struct dentry *lower_dentry; 928 929 lower_dentry = ecryptfs_dentry_to_lower(dentry); 930 if (!lower_dentry->d_inode->i_op->getxattr) { 931 rc = -ENOSYS; 932 goto out; 933 } 934 mutex_lock(&lower_dentry->d_inode->i_mutex); 935 rc = lower_dentry->d_inode->i_op->getxattr(lower_dentry, name, value, 936 size); 937 mutex_unlock(&lower_dentry->d_inode->i_mutex); 938 out: 939 return rc; 940 } 941 942 static ssize_t 943 ecryptfs_listxattr(struct dentry *dentry, char *list, size_t size) 944 { 945 int rc = 0; 946 struct dentry *lower_dentry; 947 948 lower_dentry = ecryptfs_dentry_to_lower(dentry); 949 if (!lower_dentry->d_inode->i_op->listxattr) { 950 rc = -ENOSYS; 951 goto out; 952 } 953 mutex_lock(&lower_dentry->d_inode->i_mutex); 954 rc = lower_dentry->d_inode->i_op->listxattr(lower_dentry, list, size); 955 mutex_unlock(&lower_dentry->d_inode->i_mutex); 956 out: 957 return rc; 958 } 959 960 static int ecryptfs_removexattr(struct dentry *dentry, const char *name) 961 { 962 int rc = 0; 963 struct dentry *lower_dentry; 964 965 lower_dentry = ecryptfs_dentry_to_lower(dentry); 966 if (!lower_dentry->d_inode->i_op->removexattr) { 967 rc = -ENOSYS; 968 goto out; 969 } 970 mutex_lock(&lower_dentry->d_inode->i_mutex); 971 rc = lower_dentry->d_inode->i_op->removexattr(lower_dentry, name); 972 mutex_unlock(&lower_dentry->d_inode->i_mutex); 973 out: 974 return rc; 975 } 976 977 int ecryptfs_inode_test(struct inode *inode, void *candidate_lower_inode) 978 { 979 if ((ecryptfs_inode_to_lower(inode) 980 == (struct inode *)candidate_lower_inode)) 981 return 1; 982 else 983 return 0; 984 } 985 986 int ecryptfs_inode_set(struct inode *inode, void *lower_inode) 987 { 988 ecryptfs_init_inode(inode, (struct inode *)lower_inode); 989 return 0; 990 } 991 992 const struct inode_operations ecryptfs_symlink_iops = { 993 .readlink = ecryptfs_readlink, 994 .follow_link = ecryptfs_follow_link, 995 .put_link = ecryptfs_put_link, 996 .permission = ecryptfs_permission, 997 .setattr = ecryptfs_setattr, 998 .setxattr = ecryptfs_setxattr, 999 .getxattr = ecryptfs_getxattr, 1000 .listxattr = ecryptfs_listxattr, 1001 .removexattr = ecryptfs_removexattr 1002 }; 1003 1004 const struct inode_operations ecryptfs_dir_iops = { 1005 .create = ecryptfs_create, 1006 .lookup = ecryptfs_lookup, 1007 .link = ecryptfs_link, 1008 .unlink = ecryptfs_unlink, 1009 .symlink = ecryptfs_symlink, 1010 .mkdir = ecryptfs_mkdir, 1011 .rmdir = ecryptfs_rmdir, 1012 .mknod = ecryptfs_mknod, 1013 .rename = ecryptfs_rename, 1014 .permission = ecryptfs_permission, 1015 .setattr = ecryptfs_setattr, 1016 .setxattr = ecryptfs_setxattr, 1017 .getxattr = ecryptfs_getxattr, 1018 .listxattr = ecryptfs_listxattr, 1019 .removexattr = ecryptfs_removexattr 1020 }; 1021 1022 const struct inode_operations ecryptfs_main_iops = { 1023 .permission = ecryptfs_permission, 1024 .setattr = ecryptfs_setattr, 1025 .setxattr = ecryptfs_setxattr, 1026 .getxattr = ecryptfs_getxattr, 1027 .listxattr = ecryptfs_listxattr, 1028 .removexattr = ecryptfs_removexattr 1029 }; 1030