1 /** 2 * eCryptfs: Linux filesystem encryption layer 3 * 4 * Copyright (C) 2004-2008 International Business Machines Corp. 5 * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> 6 * Tyler Hicks <tyhicks@ou.edu> 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License version 10 * 2 as published by the Free Software Foundation. 11 * 12 * This program is distributed in the hope that it will be useful, but 13 * WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 20 * 02111-1307, USA. 21 */ 22 #include <linux/sched.h> 23 #include <linux/slab.h> 24 #include <linux/user_namespace.h> 25 #include <linux/nsproxy.h> 26 #include "ecryptfs_kernel.h" 27 28 static LIST_HEAD(ecryptfs_msg_ctx_free_list); 29 static LIST_HEAD(ecryptfs_msg_ctx_alloc_list); 30 static struct mutex ecryptfs_msg_ctx_lists_mux; 31 32 static struct hlist_head *ecryptfs_daemon_hash; 33 struct mutex ecryptfs_daemon_hash_mux; 34 static int ecryptfs_hash_buckets; 35 #define ecryptfs_uid_hash(uid) \ 36 hash_long((unsigned long)uid, ecryptfs_hash_buckets) 37 38 static u32 ecryptfs_msg_counter; 39 static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr; 40 41 /** 42 * ecryptfs_acquire_free_msg_ctx 43 * @msg_ctx: The context that was acquired from the free list 44 * 45 * Acquires a context element from the free list and locks the mutex 46 * on the context. Sets the msg_ctx task to current. Returns zero on 47 * success; non-zero on error or upon failure to acquire a free 48 * context element. Must be called with ecryptfs_msg_ctx_lists_mux 49 * held. 50 */ 51 static int ecryptfs_acquire_free_msg_ctx(struct ecryptfs_msg_ctx **msg_ctx) 52 { 53 struct list_head *p; 54 int rc; 55 56 if (list_empty(&ecryptfs_msg_ctx_free_list)) { 57 printk(KERN_WARNING "%s: The eCryptfs free " 58 "context list is empty. It may be helpful to " 59 "specify the ecryptfs_message_buf_len " 60 "parameter to be greater than the current " 61 "value of [%d]\n", __func__, ecryptfs_message_buf_len); 62 rc = -ENOMEM; 63 goto out; 64 } 65 list_for_each(p, &ecryptfs_msg_ctx_free_list) { 66 *msg_ctx = list_entry(p, struct ecryptfs_msg_ctx, node); 67 if (mutex_trylock(&(*msg_ctx)->mux)) { 68 (*msg_ctx)->task = current; 69 rc = 0; 70 goto out; 71 } 72 } 73 rc = -ENOMEM; 74 out: 75 return rc; 76 } 77 78 /** 79 * ecryptfs_msg_ctx_free_to_alloc 80 * @msg_ctx: The context to move from the free list to the alloc list 81 * 82 * Must be called with ecryptfs_msg_ctx_lists_mux held. 83 */ 84 static void ecryptfs_msg_ctx_free_to_alloc(struct ecryptfs_msg_ctx *msg_ctx) 85 { 86 list_move(&msg_ctx->node, &ecryptfs_msg_ctx_alloc_list); 87 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_PENDING; 88 msg_ctx->counter = ++ecryptfs_msg_counter; 89 } 90 91 /** 92 * ecryptfs_msg_ctx_alloc_to_free 93 * @msg_ctx: The context to move from the alloc list to the free list 94 * 95 * Must be called with ecryptfs_msg_ctx_lists_mux held. 96 */ 97 void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx) 98 { 99 list_move(&(msg_ctx->node), &ecryptfs_msg_ctx_free_list); 100 if (msg_ctx->msg) 101 kfree(msg_ctx->msg); 102 msg_ctx->msg = NULL; 103 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_FREE; 104 } 105 106 /** 107 * ecryptfs_find_daemon_by_euid 108 * @euid: The effective user id which maps to the desired daemon id 109 * @user_ns: The namespace in which @euid applies 110 * @daemon: If return value is zero, points to the desired daemon pointer 111 * 112 * Must be called with ecryptfs_daemon_hash_mux held. 113 * 114 * Search the hash list for the given user id. 115 * 116 * Returns zero if the user id exists in the list; non-zero otherwise. 117 */ 118 int ecryptfs_find_daemon_by_euid(struct ecryptfs_daemon **daemon, uid_t euid, 119 struct user_namespace *user_ns) 120 { 121 struct hlist_node *elem; 122 int rc; 123 124 hlist_for_each_entry(*daemon, elem, 125 &ecryptfs_daemon_hash[ecryptfs_uid_hash(euid)], 126 euid_chain) { 127 if ((*daemon)->euid == euid && (*daemon)->user_ns == user_ns) { 128 rc = 0; 129 goto out; 130 } 131 } 132 rc = -EINVAL; 133 out: 134 return rc; 135 } 136 137 /** 138 * ecryptfs_spawn_daemon - Create and initialize a new daemon struct 139 * @daemon: Pointer to set to newly allocated daemon struct 140 * @euid: Effective user id for the daemon 141 * @user_ns: The namespace in which @euid applies 142 * @pid: Process id for the daemon 143 * 144 * Must be called ceremoniously while in possession of 145 * ecryptfs_sacred_daemon_hash_mux 146 * 147 * Returns zero on success; non-zero otherwise 148 */ 149 int 150 ecryptfs_spawn_daemon(struct ecryptfs_daemon **daemon, uid_t euid, 151 struct user_namespace *user_ns, struct pid *pid) 152 { 153 int rc = 0; 154 155 (*daemon) = kzalloc(sizeof(**daemon), GFP_KERNEL); 156 if (!(*daemon)) { 157 rc = -ENOMEM; 158 printk(KERN_ERR "%s: Failed to allocate [%zd] bytes of " 159 "GFP_KERNEL memory\n", __func__, sizeof(**daemon)); 160 goto out; 161 } 162 (*daemon)->euid = euid; 163 (*daemon)->user_ns = get_user_ns(user_ns); 164 (*daemon)->pid = get_pid(pid); 165 (*daemon)->task = current; 166 mutex_init(&(*daemon)->mux); 167 INIT_LIST_HEAD(&(*daemon)->msg_ctx_out_queue); 168 init_waitqueue_head(&(*daemon)->wait); 169 (*daemon)->num_queued_msg_ctx = 0; 170 hlist_add_head(&(*daemon)->euid_chain, 171 &ecryptfs_daemon_hash[ecryptfs_uid_hash(euid)]); 172 out: 173 return rc; 174 } 175 176 /** 177 * ecryptfs_exorcise_daemon - Destroy the daemon struct 178 * 179 * Must be called ceremoniously while in possession of 180 * ecryptfs_daemon_hash_mux and the daemon's own mux. 181 */ 182 int ecryptfs_exorcise_daemon(struct ecryptfs_daemon *daemon) 183 { 184 struct ecryptfs_msg_ctx *msg_ctx, *msg_ctx_tmp; 185 int rc = 0; 186 187 mutex_lock(&daemon->mux); 188 if ((daemon->flags & ECRYPTFS_DAEMON_IN_READ) 189 || (daemon->flags & ECRYPTFS_DAEMON_IN_POLL)) { 190 rc = -EBUSY; 191 printk(KERN_WARNING "%s: Attempt to destroy daemon with pid " 192 "[0x%p], but it is in the midst of a read or a poll\n", 193 __func__, daemon->pid); 194 mutex_unlock(&daemon->mux); 195 goto out; 196 } 197 list_for_each_entry_safe(msg_ctx, msg_ctx_tmp, 198 &daemon->msg_ctx_out_queue, daemon_out_list) { 199 list_del(&msg_ctx->daemon_out_list); 200 daemon->num_queued_msg_ctx--; 201 printk(KERN_WARNING "%s: Warning: dropping message that is in " 202 "the out queue of a dying daemon\n", __func__); 203 ecryptfs_msg_ctx_alloc_to_free(msg_ctx); 204 } 205 hlist_del(&daemon->euid_chain); 206 if (daemon->task) 207 wake_up_process(daemon->task); 208 if (daemon->pid) 209 put_pid(daemon->pid); 210 if (daemon->user_ns) 211 put_user_ns(daemon->user_ns); 212 mutex_unlock(&daemon->mux); 213 kzfree(daemon); 214 out: 215 return rc; 216 } 217 218 /** 219 * ecryptfs_process_quit 220 * @euid: The user ID owner of the message 221 * @user_ns: The namespace in which @euid applies 222 * @pid: The process ID for the userspace program that sent the 223 * message 224 * 225 * Deletes the corresponding daemon for the given euid and pid, if 226 * it is the registered that is requesting the deletion. Returns zero 227 * after deleting the desired daemon; non-zero otherwise. 228 */ 229 int ecryptfs_process_quit(uid_t euid, struct user_namespace *user_ns, 230 struct pid *pid) 231 { 232 struct ecryptfs_daemon *daemon; 233 int rc; 234 235 mutex_lock(&ecryptfs_daemon_hash_mux); 236 rc = ecryptfs_find_daemon_by_euid(&daemon, euid, user_ns); 237 if (rc || !daemon) { 238 rc = -EINVAL; 239 printk(KERN_ERR "Received request from user [%d] to " 240 "unregister unrecognized daemon [0x%p]\n", euid, pid); 241 goto out_unlock; 242 } 243 rc = ecryptfs_exorcise_daemon(daemon); 244 out_unlock: 245 mutex_unlock(&ecryptfs_daemon_hash_mux); 246 return rc; 247 } 248 249 /** 250 * ecryptfs_process_reponse 251 * @msg: The ecryptfs message received; the caller should sanity check 252 * msg->data_len and free the memory 253 * @pid: The process ID of the userspace application that sent the 254 * message 255 * @seq: The sequence number of the message; must match the sequence 256 * number for the existing message context waiting for this 257 * response 258 * 259 * Processes a response message after sending an operation request to 260 * userspace. Some other process is awaiting this response. Before 261 * sending out its first communications, the other process allocated a 262 * msg_ctx from the ecryptfs_msg_ctx_arr at a particular index. The 263 * response message contains this index so that we can copy over the 264 * response message into the msg_ctx that the process holds a 265 * reference to. The other process is going to wake up, check to see 266 * that msg_ctx->state == ECRYPTFS_MSG_CTX_STATE_DONE, and then 267 * proceed to read off and process the response message. Returns zero 268 * upon delivery to desired context element; non-zero upon delivery 269 * failure or error. 270 * 271 * Returns zero on success; non-zero otherwise 272 */ 273 int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, 274 struct user_namespace *user_ns, struct pid *pid, 275 u32 seq) 276 { 277 struct ecryptfs_daemon *daemon; 278 struct ecryptfs_msg_ctx *msg_ctx; 279 size_t msg_size; 280 struct nsproxy *nsproxy; 281 struct user_namespace *tsk_user_ns; 282 uid_t ctx_euid; 283 int rc; 284 285 if (msg->index >= ecryptfs_message_buf_len) { 286 rc = -EINVAL; 287 printk(KERN_ERR "%s: Attempt to reference " 288 "context buffer at index [%d]; maximum " 289 "allowable is [%d]\n", __func__, msg->index, 290 (ecryptfs_message_buf_len - 1)); 291 goto out; 292 } 293 msg_ctx = &ecryptfs_msg_ctx_arr[msg->index]; 294 mutex_lock(&msg_ctx->mux); 295 mutex_lock(&ecryptfs_daemon_hash_mux); 296 rcu_read_lock(); 297 nsproxy = task_nsproxy(msg_ctx->task); 298 if (nsproxy == NULL) { 299 rc = -EBADMSG; 300 printk(KERN_ERR "%s: Receiving process is a zombie. Dropping " 301 "message.\n", __func__); 302 rcu_read_unlock(); 303 mutex_unlock(&ecryptfs_daemon_hash_mux); 304 goto wake_up; 305 } 306 tsk_user_ns = __task_cred(msg_ctx->task)->user->user_ns; 307 ctx_euid = task_euid(msg_ctx->task); 308 rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, tsk_user_ns); 309 rcu_read_unlock(); 310 mutex_unlock(&ecryptfs_daemon_hash_mux); 311 if (rc) { 312 rc = -EBADMSG; 313 printk(KERN_WARNING "%s: User [%d] received a " 314 "message response from process [0x%p] but does " 315 "not have a registered daemon\n", __func__, 316 ctx_euid, pid); 317 goto wake_up; 318 } 319 if (ctx_euid != euid) { 320 rc = -EBADMSG; 321 printk(KERN_WARNING "%s: Received message from user " 322 "[%d]; expected message from user [%d]\n", __func__, 323 euid, ctx_euid); 324 goto unlock; 325 } 326 if (tsk_user_ns != user_ns) { 327 rc = -EBADMSG; 328 printk(KERN_WARNING "%s: Received message from user_ns " 329 "[0x%p]; expected message from user_ns [0x%p]\n", 330 __func__, user_ns, tsk_user_ns); 331 goto unlock; 332 } 333 if (daemon->pid != pid) { 334 rc = -EBADMSG; 335 printk(KERN_ERR "%s: User [%d] sent a message response " 336 "from an unrecognized process [0x%p]\n", 337 __func__, ctx_euid, pid); 338 goto unlock; 339 } 340 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { 341 rc = -EINVAL; 342 printk(KERN_WARNING "%s: Desired context element is not " 343 "pending a response\n", __func__); 344 goto unlock; 345 } else if (msg_ctx->counter != seq) { 346 rc = -EINVAL; 347 printk(KERN_WARNING "%s: Invalid message sequence; " 348 "expected [%d]; received [%d]\n", __func__, 349 msg_ctx->counter, seq); 350 goto unlock; 351 } 352 msg_size = (sizeof(*msg) + msg->data_len); 353 msg_ctx->msg = kmalloc(msg_size, GFP_KERNEL); 354 if (!msg_ctx->msg) { 355 rc = -ENOMEM; 356 printk(KERN_ERR "%s: Failed to allocate [%zd] bytes of " 357 "GFP_KERNEL memory\n", __func__, msg_size); 358 goto unlock; 359 } 360 memcpy(msg_ctx->msg, msg, msg_size); 361 msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_DONE; 362 rc = 0; 363 wake_up: 364 wake_up_process(msg_ctx->task); 365 unlock: 366 mutex_unlock(&msg_ctx->mux); 367 out: 368 return rc; 369 } 370 371 /** 372 * ecryptfs_send_message_locked 373 * @data: The data to send 374 * @data_len: The length of data 375 * @msg_ctx: The message context allocated for the send 376 * 377 * Must be called with ecryptfs_daemon_hash_mux held. 378 * 379 * Returns zero on success; non-zero otherwise 380 */ 381 static int 382 ecryptfs_send_message_locked(char *data, int data_len, u8 msg_type, 383 struct ecryptfs_msg_ctx **msg_ctx) 384 { 385 struct ecryptfs_daemon *daemon; 386 uid_t euid = current_euid(); 387 int rc; 388 389 rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns()); 390 if (rc || !daemon) { 391 rc = -ENOTCONN; 392 printk(KERN_ERR "%s: User [%d] does not have a daemon " 393 "registered\n", __func__, euid); 394 goto out; 395 } 396 mutex_lock(&ecryptfs_msg_ctx_lists_mux); 397 rc = ecryptfs_acquire_free_msg_ctx(msg_ctx); 398 if (rc) { 399 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 400 printk(KERN_WARNING "%s: Could not claim a free " 401 "context element\n", __func__); 402 goto out; 403 } 404 ecryptfs_msg_ctx_free_to_alloc(*msg_ctx); 405 mutex_unlock(&(*msg_ctx)->mux); 406 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 407 rc = ecryptfs_send_miscdev(data, data_len, *msg_ctx, msg_type, 0, 408 daemon); 409 if (rc) 410 printk(KERN_ERR "%s: Error attempting to send message to " 411 "userspace daemon; rc = [%d]\n", __func__, rc); 412 out: 413 return rc; 414 } 415 416 /** 417 * ecryptfs_send_message 418 * @data: The data to send 419 * @data_len: The length of data 420 * @msg_ctx: The message context allocated for the send 421 * 422 * Grabs ecryptfs_daemon_hash_mux. 423 * 424 * Returns zero on success; non-zero otherwise 425 */ 426 int ecryptfs_send_message(char *data, int data_len, 427 struct ecryptfs_msg_ctx **msg_ctx) 428 { 429 int rc; 430 431 mutex_lock(&ecryptfs_daemon_hash_mux); 432 rc = ecryptfs_send_message_locked(data, data_len, ECRYPTFS_MSG_REQUEST, 433 msg_ctx); 434 mutex_unlock(&ecryptfs_daemon_hash_mux); 435 return rc; 436 } 437 438 /** 439 * ecryptfs_wait_for_response 440 * @msg_ctx: The context that was assigned when sending a message 441 * @msg: The incoming message from userspace; not set if rc != 0 442 * 443 * Sleeps until awaken by ecryptfs_receive_message or until the amount 444 * of time exceeds ecryptfs_message_wait_timeout. If zero is 445 * returned, msg will point to a valid message from userspace; a 446 * non-zero value is returned upon failure to receive a message or an 447 * error occurs. Callee must free @msg on success. 448 */ 449 int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx, 450 struct ecryptfs_message **msg) 451 { 452 signed long timeout = ecryptfs_message_wait_timeout * HZ; 453 int rc = 0; 454 455 sleep: 456 timeout = schedule_timeout_interruptible(timeout); 457 mutex_lock(&ecryptfs_msg_ctx_lists_mux); 458 mutex_lock(&msg_ctx->mux); 459 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_DONE) { 460 if (timeout) { 461 mutex_unlock(&msg_ctx->mux); 462 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 463 goto sleep; 464 } 465 rc = -ENOMSG; 466 } else { 467 *msg = msg_ctx->msg; 468 msg_ctx->msg = NULL; 469 } 470 ecryptfs_msg_ctx_alloc_to_free(msg_ctx); 471 mutex_unlock(&msg_ctx->mux); 472 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 473 return rc; 474 } 475 476 int ecryptfs_init_messaging(void) 477 { 478 int i; 479 int rc = 0; 480 481 if (ecryptfs_number_of_users > ECRYPTFS_MAX_NUM_USERS) { 482 ecryptfs_number_of_users = ECRYPTFS_MAX_NUM_USERS; 483 printk(KERN_WARNING "%s: Specified number of users is " 484 "too large, defaulting to [%d] users\n", __func__, 485 ecryptfs_number_of_users); 486 } 487 mutex_init(&ecryptfs_daemon_hash_mux); 488 mutex_lock(&ecryptfs_daemon_hash_mux); 489 ecryptfs_hash_buckets = 1; 490 while (ecryptfs_number_of_users >> ecryptfs_hash_buckets) 491 ecryptfs_hash_buckets++; 492 ecryptfs_daemon_hash = kmalloc((sizeof(struct hlist_head) 493 * ecryptfs_hash_buckets), GFP_KERNEL); 494 if (!ecryptfs_daemon_hash) { 495 rc = -ENOMEM; 496 printk(KERN_ERR "%s: Failed to allocate memory\n", __func__); 497 mutex_unlock(&ecryptfs_daemon_hash_mux); 498 goto out; 499 } 500 for (i = 0; i < ecryptfs_hash_buckets; i++) 501 INIT_HLIST_HEAD(&ecryptfs_daemon_hash[i]); 502 mutex_unlock(&ecryptfs_daemon_hash_mux); 503 ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx) 504 * ecryptfs_message_buf_len), 505 GFP_KERNEL); 506 if (!ecryptfs_msg_ctx_arr) { 507 rc = -ENOMEM; 508 printk(KERN_ERR "%s: Failed to allocate memory\n", __func__); 509 goto out; 510 } 511 mutex_init(&ecryptfs_msg_ctx_lists_mux); 512 mutex_lock(&ecryptfs_msg_ctx_lists_mux); 513 ecryptfs_msg_counter = 0; 514 for (i = 0; i < ecryptfs_message_buf_len; i++) { 515 INIT_LIST_HEAD(&ecryptfs_msg_ctx_arr[i].node); 516 INIT_LIST_HEAD(&ecryptfs_msg_ctx_arr[i].daemon_out_list); 517 mutex_init(&ecryptfs_msg_ctx_arr[i].mux); 518 mutex_lock(&ecryptfs_msg_ctx_arr[i].mux); 519 ecryptfs_msg_ctx_arr[i].index = i; 520 ecryptfs_msg_ctx_arr[i].state = ECRYPTFS_MSG_CTX_STATE_FREE; 521 ecryptfs_msg_ctx_arr[i].counter = 0; 522 ecryptfs_msg_ctx_arr[i].task = NULL; 523 ecryptfs_msg_ctx_arr[i].msg = NULL; 524 list_add_tail(&ecryptfs_msg_ctx_arr[i].node, 525 &ecryptfs_msg_ctx_free_list); 526 mutex_unlock(&ecryptfs_msg_ctx_arr[i].mux); 527 } 528 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 529 rc = ecryptfs_init_ecryptfs_miscdev(); 530 if (rc) 531 ecryptfs_release_messaging(); 532 out: 533 return rc; 534 } 535 536 void ecryptfs_release_messaging(void) 537 { 538 if (ecryptfs_msg_ctx_arr) { 539 int i; 540 541 mutex_lock(&ecryptfs_msg_ctx_lists_mux); 542 for (i = 0; i < ecryptfs_message_buf_len; i++) { 543 mutex_lock(&ecryptfs_msg_ctx_arr[i].mux); 544 if (ecryptfs_msg_ctx_arr[i].msg) 545 kfree(ecryptfs_msg_ctx_arr[i].msg); 546 mutex_unlock(&ecryptfs_msg_ctx_arr[i].mux); 547 } 548 kfree(ecryptfs_msg_ctx_arr); 549 mutex_unlock(&ecryptfs_msg_ctx_lists_mux); 550 } 551 if (ecryptfs_daemon_hash) { 552 struct hlist_node *elem; 553 struct ecryptfs_daemon *daemon; 554 int i; 555 556 mutex_lock(&ecryptfs_daemon_hash_mux); 557 for (i = 0; i < ecryptfs_hash_buckets; i++) { 558 int rc; 559 560 hlist_for_each_entry(daemon, elem, 561 &ecryptfs_daemon_hash[i], 562 euid_chain) { 563 rc = ecryptfs_exorcise_daemon(daemon); 564 if (rc) 565 printk(KERN_ERR "%s: Error whilst " 566 "attempting to destroy daemon; " 567 "rc = [%d]. Dazed and confused, " 568 "but trying to continue.\n", 569 __func__, rc); 570 } 571 } 572 kfree(ecryptfs_daemon_hash); 573 mutex_unlock(&ecryptfs_daemon_hash_mux); 574 } 575 ecryptfs_destroy_ecryptfs_miscdev(); 576 return; 577 } 578