1 /** 2 * eCryptfs: Linux filesystem encryption layer 3 * 4 * Copyright (C) 1997-2003 Erez Zadok 5 * Copyright (C) 2001-2003 Stony Brook University 6 * Copyright (C) 2004-2007 International Business Machines Corp. 7 * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> 8 * Michael C. Thompson <mcthomps@us.ibm.com> 9 * Tyler Hicks <tyhicks@ou.edu> 10 * 11 * This program is free software; you can redistribute it and/or 12 * modify it under the terms of the GNU General Public License as 13 * published by the Free Software Foundation; either version 2 of the 14 * License, or (at your option) any later version. 15 * 16 * This program is distributed in the hope that it will be useful, but 17 * WITHOUT ANY WARRANTY; without even the implied warranty of 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 * General Public License for more details. 20 * 21 * You should have received a copy of the GNU General Public License 22 * along with this program; if not, write to the Free Software 23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 24 * 02111-1307, USA. 25 */ 26 27 #include <linux/dcache.h> 28 #include <linux/file.h> 29 #include <linux/module.h> 30 #include <linux/namei.h> 31 #include <linux/skbuff.h> 32 #include <linux/crypto.h> 33 #include <linux/mount.h> 34 #include <linux/pagemap.h> 35 #include <linux/key.h> 36 #include <linux/parser.h> 37 #include <linux/fs_stack.h> 38 #include "ecryptfs_kernel.h" 39 40 /** 41 * Module parameter that defines the ecryptfs_verbosity level. 42 */ 43 int ecryptfs_verbosity = 0; 44 45 module_param(ecryptfs_verbosity, int, 0); 46 MODULE_PARM_DESC(ecryptfs_verbosity, 47 "Initial verbosity level (0 or 1; defaults to " 48 "0, which is Quiet)"); 49 50 /** 51 * Module parameter that defines the number of message buffer elements 52 */ 53 unsigned int ecryptfs_message_buf_len = ECRYPTFS_DEFAULT_MSG_CTX_ELEMS; 54 55 module_param(ecryptfs_message_buf_len, uint, 0); 56 MODULE_PARM_DESC(ecryptfs_message_buf_len, 57 "Number of message buffer elements"); 58 59 /** 60 * Module parameter that defines the maximum guaranteed amount of time to wait 61 * for a response from ecryptfsd. The actual sleep time will be, more than 62 * likely, a small amount greater than this specified value, but only less if 63 * the message successfully arrives. 64 */ 65 signed long ecryptfs_message_wait_timeout = ECRYPTFS_MAX_MSG_CTX_TTL / HZ; 66 67 module_param(ecryptfs_message_wait_timeout, long, 0); 68 MODULE_PARM_DESC(ecryptfs_message_wait_timeout, 69 "Maximum number of seconds that an operation will " 70 "sleep while waiting for a message response from " 71 "userspace"); 72 73 /** 74 * Module parameter that is an estimate of the maximum number of users 75 * that will be concurrently using eCryptfs. Set this to the right 76 * value to balance performance and memory use. 77 */ 78 unsigned int ecryptfs_number_of_users = ECRYPTFS_DEFAULT_NUM_USERS; 79 80 module_param(ecryptfs_number_of_users, uint, 0); 81 MODULE_PARM_DESC(ecryptfs_number_of_users, "An estimate of the number of " 82 "concurrent users of eCryptfs"); 83 84 void __ecryptfs_printk(const char *fmt, ...) 85 { 86 va_list args; 87 va_start(args, fmt); 88 if (fmt[1] == '7') { /* KERN_DEBUG */ 89 if (ecryptfs_verbosity >= 1) 90 vprintk(fmt, args); 91 } else 92 vprintk(fmt, args); 93 va_end(args); 94 } 95 96 /** 97 * ecryptfs_init_persistent_file 98 * @ecryptfs_dentry: Fully initialized eCryptfs dentry object, with 99 * the lower dentry and the lower mount set 100 * 101 * eCryptfs only ever keeps a single open file for every lower 102 * inode. All I/O operations to the lower inode occur through that 103 * file. When the first eCryptfs dentry that interposes with the first 104 * lower dentry for that inode is created, this function creates the 105 * persistent file struct and associates it with the eCryptfs 106 * inode. When the eCryptfs inode is destroyed, the file is closed. 107 * 108 * The persistent file will be opened with read/write permissions, if 109 * possible. Otherwise, it is opened read-only. 110 * 111 * This function does nothing if a lower persistent file is already 112 * associated with the eCryptfs inode. 113 * 114 * Returns zero on success; non-zero otherwise 115 */ 116 int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) 117 { 118 const struct cred *cred = current_cred(); 119 struct ecryptfs_inode_info *inode_info = 120 ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); 121 int rc = 0; 122 123 mutex_lock(&inode_info->lower_file_mutex); 124 if (!inode_info->lower_file) { 125 struct dentry *lower_dentry; 126 struct vfsmount *lower_mnt = 127 ecryptfs_dentry_to_lower_mnt(ecryptfs_dentry); 128 129 lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); 130 rc = ecryptfs_privileged_open(&inode_info->lower_file, 131 lower_dentry, lower_mnt, cred); 132 if (rc || IS_ERR(inode_info->lower_file)) { 133 printk(KERN_ERR "Error opening lower persistent file " 134 "for lower_dentry [0x%p] and lower_mnt [0x%p]; " 135 "rc = [%d]\n", lower_dentry, lower_mnt, rc); 136 rc = PTR_ERR(inode_info->lower_file); 137 inode_info->lower_file = NULL; 138 } 139 } 140 mutex_unlock(&inode_info->lower_file_mutex); 141 return rc; 142 } 143 144 /** 145 * ecryptfs_interpose 146 * @lower_dentry: Existing dentry in the lower filesystem 147 * @dentry: ecryptfs' dentry 148 * @sb: ecryptfs's super_block 149 * @flags: flags to govern behavior of interpose procedure 150 * 151 * Interposes upper and lower dentries. 152 * 153 * Returns zero on success; non-zero otherwise 154 */ 155 int ecryptfs_interpose(struct dentry *lower_dentry, struct dentry *dentry, 156 struct super_block *sb, u32 flags) 157 { 158 struct inode *lower_inode; 159 struct inode *inode; 160 int rc = 0; 161 162 lower_inode = lower_dentry->d_inode; 163 if (lower_inode->i_sb != ecryptfs_superblock_to_lower(sb)) { 164 rc = -EXDEV; 165 goto out; 166 } 167 if (!igrab(lower_inode)) { 168 rc = -ESTALE; 169 goto out; 170 } 171 inode = iget5_locked(sb, (unsigned long)lower_inode, 172 ecryptfs_inode_test, ecryptfs_inode_set, 173 lower_inode); 174 if (!inode) { 175 rc = -EACCES; 176 iput(lower_inode); 177 goto out; 178 } 179 if (inode->i_state & I_NEW) 180 unlock_new_inode(inode); 181 else 182 iput(lower_inode); 183 if (S_ISLNK(lower_inode->i_mode)) 184 inode->i_op = &ecryptfs_symlink_iops; 185 else if (S_ISDIR(lower_inode->i_mode)) 186 inode->i_op = &ecryptfs_dir_iops; 187 if (S_ISDIR(lower_inode->i_mode)) 188 inode->i_fop = &ecryptfs_dir_fops; 189 if (special_file(lower_inode->i_mode)) 190 init_special_inode(inode, lower_inode->i_mode, 191 lower_inode->i_rdev); 192 dentry->d_op = &ecryptfs_dops; 193 if (flags & ECRYPTFS_INTERPOSE_FLAG_D_ADD) 194 d_add(dentry, inode); 195 else 196 d_instantiate(dentry, inode); 197 fsstack_copy_attr_all(inode, lower_inode, NULL); 198 /* This size will be overwritten for real files w/ headers and 199 * other metadata */ 200 fsstack_copy_inode_size(inode, lower_inode); 201 out: 202 return rc; 203 } 204 205 enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig, 206 ecryptfs_opt_cipher, ecryptfs_opt_ecryptfs_cipher, 207 ecryptfs_opt_ecryptfs_key_bytes, 208 ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata, 209 ecryptfs_opt_encrypted_view, ecryptfs_opt_err }; 210 211 static const match_table_t tokens = { 212 {ecryptfs_opt_sig, "sig=%s"}, 213 {ecryptfs_opt_ecryptfs_sig, "ecryptfs_sig=%s"}, 214 {ecryptfs_opt_cipher, "cipher=%s"}, 215 {ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"}, 216 {ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"}, 217 {ecryptfs_opt_passthrough, "ecryptfs_passthrough"}, 218 {ecryptfs_opt_xattr_metadata, "ecryptfs_xattr_metadata"}, 219 {ecryptfs_opt_encrypted_view, "ecryptfs_encrypted_view"}, 220 {ecryptfs_opt_err, NULL} 221 }; 222 223 static int ecryptfs_init_global_auth_toks( 224 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 225 { 226 struct ecryptfs_global_auth_tok *global_auth_tok; 227 int rc = 0; 228 229 list_for_each_entry(global_auth_tok, 230 &mount_crypt_stat->global_auth_tok_list, 231 mount_crypt_stat_list) { 232 rc = ecryptfs_keyring_auth_tok_for_sig( 233 &global_auth_tok->global_auth_tok_key, 234 &global_auth_tok->global_auth_tok, 235 global_auth_tok->sig); 236 if (rc) { 237 printk(KERN_ERR "Could not find valid key in user " 238 "session keyring for sig specified in mount " 239 "option: [%s]\n", global_auth_tok->sig); 240 global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID; 241 goto out; 242 } else 243 global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID; 244 } 245 out: 246 return rc; 247 } 248 249 static void ecryptfs_init_mount_crypt_stat( 250 struct ecryptfs_mount_crypt_stat *mount_crypt_stat) 251 { 252 memset((void *)mount_crypt_stat, 0, 253 sizeof(struct ecryptfs_mount_crypt_stat)); 254 INIT_LIST_HEAD(&mount_crypt_stat->global_auth_tok_list); 255 mutex_init(&mount_crypt_stat->global_auth_tok_list_mutex); 256 mount_crypt_stat->flags |= ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED; 257 } 258 259 /** 260 * ecryptfs_parse_options 261 * @sb: The ecryptfs super block 262 * @options: The options pased to the kernel 263 * 264 * Parse mount options: 265 * debug=N - ecryptfs_verbosity level for debug output 266 * sig=XXX - description(signature) of the key to use 267 * 268 * Returns the dentry object of the lower-level (lower/interposed) 269 * directory; We want to mount our stackable file system on top of 270 * that lower directory. 271 * 272 * The signature of the key to use must be the description of a key 273 * already in the keyring. Mounting will fail if the key can not be 274 * found. 275 * 276 * Returns zero on success; non-zero on error 277 */ 278 static int ecryptfs_parse_options(struct super_block *sb, char *options) 279 { 280 char *p; 281 int rc = 0; 282 int sig_set = 0; 283 int cipher_name_set = 0; 284 int cipher_key_bytes; 285 int cipher_key_bytes_set = 0; 286 struct ecryptfs_mount_crypt_stat *mount_crypt_stat = 287 &ecryptfs_superblock_to_private(sb)->mount_crypt_stat; 288 substring_t args[MAX_OPT_ARGS]; 289 int token; 290 char *sig_src; 291 char *cipher_name_dst; 292 char *cipher_name_src; 293 char *cipher_key_bytes_src; 294 295 if (!options) { 296 rc = -EINVAL; 297 goto out; 298 } 299 ecryptfs_init_mount_crypt_stat(mount_crypt_stat); 300 while ((p = strsep(&options, ",")) != NULL) { 301 if (!*p) 302 continue; 303 token = match_token(p, tokens, args); 304 switch (token) { 305 case ecryptfs_opt_sig: 306 case ecryptfs_opt_ecryptfs_sig: 307 sig_src = args[0].from; 308 rc = ecryptfs_add_global_auth_tok(mount_crypt_stat, 309 sig_src); 310 if (rc) { 311 printk(KERN_ERR "Error attempting to register " 312 "global sig; rc = [%d]\n", rc); 313 goto out; 314 } 315 sig_set = 1; 316 break; 317 case ecryptfs_opt_cipher: 318 case ecryptfs_opt_ecryptfs_cipher: 319 cipher_name_src = args[0].from; 320 cipher_name_dst = 321 mount_crypt_stat-> 322 global_default_cipher_name; 323 strncpy(cipher_name_dst, cipher_name_src, 324 ECRYPTFS_MAX_CIPHER_NAME_SIZE); 325 ecryptfs_printk(KERN_DEBUG, 326 "The mount_crypt_stat " 327 "global_default_cipher_name set to: " 328 "[%s]\n", cipher_name_dst); 329 cipher_name_set = 1; 330 break; 331 case ecryptfs_opt_ecryptfs_key_bytes: 332 cipher_key_bytes_src = args[0].from; 333 cipher_key_bytes = 334 (int)simple_strtol(cipher_key_bytes_src, 335 &cipher_key_bytes_src, 0); 336 mount_crypt_stat->global_default_cipher_key_size = 337 cipher_key_bytes; 338 ecryptfs_printk(KERN_DEBUG, 339 "The mount_crypt_stat " 340 "global_default_cipher_key_size " 341 "set to: [%d]\n", mount_crypt_stat-> 342 global_default_cipher_key_size); 343 cipher_key_bytes_set = 1; 344 break; 345 case ecryptfs_opt_passthrough: 346 mount_crypt_stat->flags |= 347 ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED; 348 break; 349 case ecryptfs_opt_xattr_metadata: 350 mount_crypt_stat->flags |= 351 ECRYPTFS_XATTR_METADATA_ENABLED; 352 break; 353 case ecryptfs_opt_encrypted_view: 354 mount_crypt_stat->flags |= 355 ECRYPTFS_XATTR_METADATA_ENABLED; 356 mount_crypt_stat->flags |= 357 ECRYPTFS_ENCRYPTED_VIEW_ENABLED; 358 break; 359 case ecryptfs_opt_err: 360 default: 361 ecryptfs_printk(KERN_WARNING, 362 "eCryptfs: unrecognized option '%s'\n", 363 p); 364 } 365 } 366 if (!sig_set) { 367 rc = -EINVAL; 368 ecryptfs_printk(KERN_ERR, "You must supply at least one valid " 369 "auth tok signature as a mount " 370 "parameter; see the eCryptfs README\n"); 371 goto out; 372 } 373 if (!cipher_name_set) { 374 int cipher_name_len = strlen(ECRYPTFS_DEFAULT_CIPHER); 375 376 BUG_ON(cipher_name_len >= ECRYPTFS_MAX_CIPHER_NAME_SIZE); 377 378 strcpy(mount_crypt_stat->global_default_cipher_name, 379 ECRYPTFS_DEFAULT_CIPHER); 380 } 381 if (!cipher_key_bytes_set) { 382 mount_crypt_stat->global_default_cipher_key_size = 0; 383 } 384 mutex_lock(&key_tfm_list_mutex); 385 if (!ecryptfs_tfm_exists(mount_crypt_stat->global_default_cipher_name, 386 NULL)) 387 rc = ecryptfs_add_new_key_tfm( 388 NULL, mount_crypt_stat->global_default_cipher_name, 389 mount_crypt_stat->global_default_cipher_key_size); 390 mutex_unlock(&key_tfm_list_mutex); 391 if (rc) { 392 printk(KERN_ERR "Error attempting to initialize cipher with " 393 "name = [%s] and key size = [%td]; rc = [%d]\n", 394 mount_crypt_stat->global_default_cipher_name, 395 mount_crypt_stat->global_default_cipher_key_size, rc); 396 rc = -EINVAL; 397 goto out; 398 } 399 rc = ecryptfs_init_global_auth_toks(mount_crypt_stat); 400 if (rc) { 401 printk(KERN_WARNING "One or more global auth toks could not " 402 "properly register; rc = [%d]\n", rc); 403 } 404 out: 405 return rc; 406 } 407 408 struct kmem_cache *ecryptfs_sb_info_cache; 409 410 /** 411 * ecryptfs_fill_super 412 * @sb: The ecryptfs super block 413 * @raw_data: The options passed to mount 414 * @silent: Not used but required by function prototype 415 * 416 * Sets up what we can of the sb, rest is done in ecryptfs_read_super 417 * 418 * Returns zero on success; non-zero otherwise 419 */ 420 static int 421 ecryptfs_fill_super(struct super_block *sb, void *raw_data, int silent) 422 { 423 int rc = 0; 424 425 /* Released in ecryptfs_put_super() */ 426 ecryptfs_set_superblock_private(sb, 427 kmem_cache_zalloc(ecryptfs_sb_info_cache, 428 GFP_KERNEL)); 429 if (!ecryptfs_superblock_to_private(sb)) { 430 ecryptfs_printk(KERN_WARNING, "Out of memory\n"); 431 rc = -ENOMEM; 432 goto out; 433 } 434 sb->s_op = &ecryptfs_sops; 435 /* Released through deactivate_super(sb) from get_sb_nodev */ 436 sb->s_root = d_alloc(NULL, &(const struct qstr) { 437 .hash = 0,.name = "/",.len = 1}); 438 if (!sb->s_root) { 439 ecryptfs_printk(KERN_ERR, "d_alloc failed\n"); 440 rc = -ENOMEM; 441 goto out; 442 } 443 sb->s_root->d_op = &ecryptfs_dops; 444 sb->s_root->d_sb = sb; 445 sb->s_root->d_parent = sb->s_root; 446 /* Released in d_release when dput(sb->s_root) is called */ 447 /* through deactivate_super(sb) from get_sb_nodev() */ 448 ecryptfs_set_dentry_private(sb->s_root, 449 kmem_cache_zalloc(ecryptfs_dentry_info_cache, 450 GFP_KERNEL)); 451 if (!ecryptfs_dentry_to_private(sb->s_root)) { 452 ecryptfs_printk(KERN_ERR, 453 "dentry_info_cache alloc failed\n"); 454 rc = -ENOMEM; 455 goto out; 456 } 457 rc = 0; 458 out: 459 /* Should be able to rely on deactivate_super called from 460 * get_sb_nodev */ 461 return rc; 462 } 463 464 /** 465 * ecryptfs_read_super 466 * @sb: The ecryptfs super block 467 * @dev_name: The path to mount over 468 * 469 * Read the super block of the lower filesystem, and use 470 * ecryptfs_interpose to create our initial inode and super block 471 * struct. 472 */ 473 static int ecryptfs_read_super(struct super_block *sb, const char *dev_name) 474 { 475 struct path path; 476 int rc; 477 478 rc = kern_path(dev_name, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path); 479 if (rc) { 480 ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n"); 481 goto out; 482 } 483 ecryptfs_set_superblock_lower(sb, path.dentry->d_sb); 484 sb->s_maxbytes = path.dentry->d_sb->s_maxbytes; 485 sb->s_blocksize = path.dentry->d_sb->s_blocksize; 486 ecryptfs_set_dentry_lower(sb->s_root, path.dentry); 487 ecryptfs_set_dentry_lower_mnt(sb->s_root, path.mnt); 488 rc = ecryptfs_interpose(path.dentry, sb->s_root, sb, 0); 489 if (rc) 490 goto out_free; 491 rc = 0; 492 goto out; 493 out_free: 494 path_put(&path); 495 out: 496 return rc; 497 } 498 499 /** 500 * ecryptfs_get_sb 501 * @fs_type 502 * @flags 503 * @dev_name: The path to mount over 504 * @raw_data: The options passed into the kernel 505 * 506 * The whole ecryptfs_get_sb process is broken into 4 functions: 507 * ecryptfs_parse_options(): handle options passed to ecryptfs, if any 508 * ecryptfs_fill_super(): used by get_sb_nodev, fills out the super_block 509 * with as much information as it can before needing 510 * the lower filesystem. 511 * ecryptfs_read_super(): this accesses the lower filesystem and uses 512 * ecryptfs_interpolate to perform most of the linking 513 * ecryptfs_interpolate(): links the lower filesystem into ecryptfs 514 */ 515 static int ecryptfs_get_sb(struct file_system_type *fs_type, int flags, 516 const char *dev_name, void *raw_data, 517 struct vfsmount *mnt) 518 { 519 int rc; 520 struct super_block *sb; 521 522 rc = get_sb_nodev(fs_type, flags, raw_data, ecryptfs_fill_super, mnt); 523 if (rc < 0) { 524 printk(KERN_ERR "Getting sb failed; rc = [%d]\n", rc); 525 goto out; 526 } 527 sb = mnt->mnt_sb; 528 rc = ecryptfs_parse_options(sb, raw_data); 529 if (rc) { 530 printk(KERN_ERR "Error parsing options; rc = [%d]\n", rc); 531 goto out_abort; 532 } 533 rc = ecryptfs_read_super(sb, dev_name); 534 if (rc) { 535 printk(KERN_ERR "Reading sb failed; rc = [%d]\n", rc); 536 goto out_abort; 537 } 538 goto out; 539 out_abort: 540 dput(sb->s_root); 541 up_write(&sb->s_umount); 542 deactivate_super(sb); 543 out: 544 return rc; 545 } 546 547 /** 548 * ecryptfs_kill_block_super 549 * @sb: The ecryptfs super block 550 * 551 * Used to bring the superblock down and free the private data. 552 * Private data is free'd in ecryptfs_put_super() 553 */ 554 static void ecryptfs_kill_block_super(struct super_block *sb) 555 { 556 generic_shutdown_super(sb); 557 } 558 559 static struct file_system_type ecryptfs_fs_type = { 560 .owner = THIS_MODULE, 561 .name = "ecryptfs", 562 .get_sb = ecryptfs_get_sb, 563 .kill_sb = ecryptfs_kill_block_super, 564 .fs_flags = 0 565 }; 566 567 /** 568 * inode_info_init_once 569 * 570 * Initializes the ecryptfs_inode_info_cache when it is created 571 */ 572 static void 573 inode_info_init_once(void *vptr) 574 { 575 struct ecryptfs_inode_info *ei = (struct ecryptfs_inode_info *)vptr; 576 577 inode_init_once(&ei->vfs_inode); 578 } 579 580 static struct ecryptfs_cache_info { 581 struct kmem_cache **cache; 582 const char *name; 583 size_t size; 584 void (*ctor)(void *obj); 585 } ecryptfs_cache_infos[] = { 586 { 587 .cache = &ecryptfs_auth_tok_list_item_cache, 588 .name = "ecryptfs_auth_tok_list_item", 589 .size = sizeof(struct ecryptfs_auth_tok_list_item), 590 }, 591 { 592 .cache = &ecryptfs_file_info_cache, 593 .name = "ecryptfs_file_cache", 594 .size = sizeof(struct ecryptfs_file_info), 595 }, 596 { 597 .cache = &ecryptfs_dentry_info_cache, 598 .name = "ecryptfs_dentry_info_cache", 599 .size = sizeof(struct ecryptfs_dentry_info), 600 }, 601 { 602 .cache = &ecryptfs_inode_info_cache, 603 .name = "ecryptfs_inode_cache", 604 .size = sizeof(struct ecryptfs_inode_info), 605 .ctor = inode_info_init_once, 606 }, 607 { 608 .cache = &ecryptfs_sb_info_cache, 609 .name = "ecryptfs_sb_cache", 610 .size = sizeof(struct ecryptfs_sb_info), 611 }, 612 { 613 .cache = &ecryptfs_header_cache_1, 614 .name = "ecryptfs_headers_1", 615 .size = PAGE_CACHE_SIZE, 616 }, 617 { 618 .cache = &ecryptfs_header_cache_2, 619 .name = "ecryptfs_headers_2", 620 .size = PAGE_CACHE_SIZE, 621 }, 622 { 623 .cache = &ecryptfs_xattr_cache, 624 .name = "ecryptfs_xattr_cache", 625 .size = PAGE_CACHE_SIZE, 626 }, 627 { 628 .cache = &ecryptfs_key_record_cache, 629 .name = "ecryptfs_key_record_cache", 630 .size = sizeof(struct ecryptfs_key_record), 631 }, 632 { 633 .cache = &ecryptfs_key_sig_cache, 634 .name = "ecryptfs_key_sig_cache", 635 .size = sizeof(struct ecryptfs_key_sig), 636 }, 637 { 638 .cache = &ecryptfs_global_auth_tok_cache, 639 .name = "ecryptfs_global_auth_tok_cache", 640 .size = sizeof(struct ecryptfs_global_auth_tok), 641 }, 642 { 643 .cache = &ecryptfs_key_tfm_cache, 644 .name = "ecryptfs_key_tfm_cache", 645 .size = sizeof(struct ecryptfs_key_tfm), 646 }, 647 { 648 .cache = &ecryptfs_open_req_cache, 649 .name = "ecryptfs_open_req_cache", 650 .size = sizeof(struct ecryptfs_open_req), 651 }, 652 }; 653 654 static void ecryptfs_free_kmem_caches(void) 655 { 656 int i; 657 658 for (i = 0; i < ARRAY_SIZE(ecryptfs_cache_infos); i++) { 659 struct ecryptfs_cache_info *info; 660 661 info = &ecryptfs_cache_infos[i]; 662 if (*(info->cache)) 663 kmem_cache_destroy(*(info->cache)); 664 } 665 } 666 667 /** 668 * ecryptfs_init_kmem_caches 669 * 670 * Returns zero on success; non-zero otherwise 671 */ 672 static int ecryptfs_init_kmem_caches(void) 673 { 674 int i; 675 676 for (i = 0; i < ARRAY_SIZE(ecryptfs_cache_infos); i++) { 677 struct ecryptfs_cache_info *info; 678 679 info = &ecryptfs_cache_infos[i]; 680 *(info->cache) = kmem_cache_create(info->name, info->size, 681 0, SLAB_HWCACHE_ALIGN, info->ctor); 682 if (!*(info->cache)) { 683 ecryptfs_free_kmem_caches(); 684 ecryptfs_printk(KERN_WARNING, "%s: " 685 "kmem_cache_create failed\n", 686 info->name); 687 return -ENOMEM; 688 } 689 } 690 return 0; 691 } 692 693 static struct kobject *ecryptfs_kobj; 694 695 static ssize_t version_show(struct kobject *kobj, 696 struct kobj_attribute *attr, char *buff) 697 { 698 return snprintf(buff, PAGE_SIZE, "%d\n", ECRYPTFS_VERSIONING_MASK); 699 } 700 701 static struct kobj_attribute version_attr = __ATTR_RO(version); 702 703 static struct attribute *attributes[] = { 704 &version_attr.attr, 705 NULL, 706 }; 707 708 static struct attribute_group attr_group = { 709 .attrs = attributes, 710 }; 711 712 static int do_sysfs_registration(void) 713 { 714 int rc; 715 716 ecryptfs_kobj = kobject_create_and_add("ecryptfs", fs_kobj); 717 if (!ecryptfs_kobj) { 718 printk(KERN_ERR "Unable to create ecryptfs kset\n"); 719 rc = -ENOMEM; 720 goto out; 721 } 722 rc = sysfs_create_group(ecryptfs_kobj, &attr_group); 723 if (rc) { 724 printk(KERN_ERR 725 "Unable to create ecryptfs version attributes\n"); 726 kobject_put(ecryptfs_kobj); 727 } 728 out: 729 return rc; 730 } 731 732 static void do_sysfs_unregistration(void) 733 { 734 sysfs_remove_group(ecryptfs_kobj, &attr_group); 735 kobject_put(ecryptfs_kobj); 736 } 737 738 static int __init ecryptfs_init(void) 739 { 740 int rc; 741 742 if (ECRYPTFS_DEFAULT_EXTENT_SIZE > PAGE_CACHE_SIZE) { 743 rc = -EINVAL; 744 ecryptfs_printk(KERN_ERR, "The eCryptfs extent size is " 745 "larger than the host's page size, and so " 746 "eCryptfs cannot run on this system. The " 747 "default eCryptfs extent size is [%d] bytes; " 748 "the page size is [%d] bytes.\n", 749 ECRYPTFS_DEFAULT_EXTENT_SIZE, PAGE_CACHE_SIZE); 750 goto out; 751 } 752 rc = ecryptfs_init_kmem_caches(); 753 if (rc) { 754 printk(KERN_ERR 755 "Failed to allocate one or more kmem_cache objects\n"); 756 goto out; 757 } 758 rc = register_filesystem(&ecryptfs_fs_type); 759 if (rc) { 760 printk(KERN_ERR "Failed to register filesystem\n"); 761 goto out_free_kmem_caches; 762 } 763 rc = do_sysfs_registration(); 764 if (rc) { 765 printk(KERN_ERR "sysfs registration failed\n"); 766 goto out_unregister_filesystem; 767 } 768 rc = ecryptfs_init_kthread(); 769 if (rc) { 770 printk(KERN_ERR "%s: kthread initialization failed; " 771 "rc = [%d]\n", __func__, rc); 772 goto out_do_sysfs_unregistration; 773 } 774 rc = ecryptfs_init_messaging(); 775 if (rc) { 776 printk(KERN_ERR "Failure occured while attempting to " 777 "initialize the communications channel to " 778 "ecryptfsd\n"); 779 goto out_destroy_kthread; 780 } 781 rc = ecryptfs_init_crypto(); 782 if (rc) { 783 printk(KERN_ERR "Failure whilst attempting to init crypto; " 784 "rc = [%d]\n", rc); 785 goto out_release_messaging; 786 } 787 if (ecryptfs_verbosity > 0) 788 printk(KERN_CRIT "eCryptfs verbosity set to %d. Secret values " 789 "will be written to the syslog!\n", ecryptfs_verbosity); 790 791 goto out; 792 out_release_messaging: 793 ecryptfs_release_messaging(); 794 out_destroy_kthread: 795 ecryptfs_destroy_kthread(); 796 out_do_sysfs_unregistration: 797 do_sysfs_unregistration(); 798 out_unregister_filesystem: 799 unregister_filesystem(&ecryptfs_fs_type); 800 out_free_kmem_caches: 801 ecryptfs_free_kmem_caches(); 802 out: 803 return rc; 804 } 805 806 static void __exit ecryptfs_exit(void) 807 { 808 int rc; 809 810 rc = ecryptfs_destroy_crypto(); 811 if (rc) 812 printk(KERN_ERR "Failure whilst attempting to destroy crypto; " 813 "rc = [%d]\n", rc); 814 ecryptfs_release_messaging(); 815 ecryptfs_destroy_kthread(); 816 do_sysfs_unregistration(); 817 unregister_filesystem(&ecryptfs_fs_type); 818 ecryptfs_free_kmem_caches(); 819 } 820 821 MODULE_AUTHOR("Michael A. Halcrow <mhalcrow@us.ibm.com>"); 822 MODULE_DESCRIPTION("eCryptfs"); 823 824 MODULE_LICENSE("GPL"); 825 826 module_init(ecryptfs_init) 827 module_exit(ecryptfs_exit) 828